Skip to content

Commit e2e7a5a

Browse files
wxiaoguangwxiaoguang
committed
fix
1 parent 688430e commit e2e7a5a

File tree

8 files changed

+25
-30
lines changed

8 files changed

+25
-30
lines changed

modules/auth/webauthn/webauthn.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ package webauthn
66
import (
77
"context"
88
"encoding/binary"
9-
"encoding/gob"
109

1110
"code.gitea.io/gitea/models/auth"
1211
user_model "code.gitea.io/gitea/models/user"
@@ -22,8 +21,6 @@ var WebAuthn *webauthn.WebAuthn
2221

2322
// Init initializes the WebAuthn instance from the config.
2423
func Init() {
25-
gob.Register(&webauthn.SessionData{})
26-
2724
appURL, _ := protocol.FullyQualifiedOrigin(setting.AppURL)
2825

2926
WebAuthn = &webauthn.WebAuthn{

routers/common/middleware.go

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,9 @@
44
package common
55

66
import (
7+
"encoding/gob"
78
"fmt"
9+
"log"
810
"net/http"
911
"strings"
1012

@@ -14,11 +16,14 @@ import (
1416
"code.gitea.io/gitea/modules/reqctx"
1517
"code.gitea.io/gitea/modules/setting"
1618
"code.gitea.io/gitea/modules/web/routing"
19+
"code.gitea.io/gitea/routers/web/auth"
1720
"code.gitea.io/gitea/services/context"
1821

1922
"gitea.com/go-chi/session"
2023
"github.com/chi-middleware/proxy"
2124
"github.com/go-chi/chi/v5"
25+
"github.com/go-webauthn/webauthn/webauthn"
26+
"github.com/gorilla/sessions"
2227
)
2328

2429
// ProtocolMiddlewares returns HTTP protocol related middlewares, and it provides a global panic recovery
@@ -107,7 +112,17 @@ func ForwardedHeadersHandler(limit int, trustedProxies []string) func(h http.Han
107112
return proxy.ForwardedHeaders(opt)
108113
}
109114

110-
func Sessioner() (func(next http.Handler) http.Handler, error) {
115+
func SessionGobRegister() {
116+
// TODO: chi-session has a design problem: it calls gob.Register for "Set"
117+
// But if the server restarts, then the first "Get" will fail to decode the previously stored session data because the structs are not registered yet.
118+
// So here we register all session structs ahead.
119+
gob.Register(auth.LinkAccountData{}) // used by oauth link account
120+
gob.Register(&webauthn.SessionData{}) // used by webauthn
121+
gob.Register(&sessions.Session{}) // used by oauth2's SessionsStore. FIXME: it seems to be an abuse, why the Session struct itself is stored in session store again?
122+
}
123+
124+
func MustInitSessioner() func(next http.Handler) http.Handler {
125+
SessionGobRegister()
111126
middleware, err := session.Sessioner(session.Options{
112127
Provider: setting.SessionConfig.Provider,
113128
ProviderConfig: setting.SessionConfig.ProviderConfig,
@@ -120,8 +135,7 @@ func Sessioner() (func(next http.Handler) http.Handler, error) {
120135
Domain: setting.SessionConfig.Domain,
121136
})
122137
if err != nil {
123-
return nil, fmt.Errorf("failed to create session middleware: %w", err)
138+
log.Fatalf("common.Sessioner failed: %v", err)
124139
}
125-
126-
return middleware, nil
140+
return middleware
127141
}

routers/install/install.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,8 +55,8 @@ func getSupportedDbTypeNames() (dbTypeNames []map[string]string) {
5555
return dbTypeNames
5656
}
5757

58-
// Contexter prepare for rendering installation page
59-
func Contexter() func(next http.Handler) http.Handler {
58+
// installContexter prepare for rendering installation page
59+
func installContexter() func(next http.Handler) http.Handler {
6060
rnd := templates.HTMLRenderer()
6161
dbTypeNames := getSupportedDbTypeNames()
6262
envConfigKeys := setting.CollectEnvConfigKeys()

routers/install/routes.go

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"html"
99
"net/http"
1010

11-
"code.gitea.io/gitea/modules/log"
1211
"code.gitea.io/gitea/modules/public"
1312
"code.gitea.io/gitea/modules/setting"
1413
"code.gitea.io/gitea/modules/web"
@@ -25,11 +24,8 @@ func Routes() *web.Router {
2524
base.Methods("GET, HEAD", "/assets/*", public.FileHandlerFunc())
2625

2726
r := web.NewRouter()
28-
if sessionMid, err := common.Sessioner(); err == nil && sessionMid != nil {
29-
r.Use(sessionMid, Contexter())
30-
} else {
31-
log.Fatal("common.Sessioner failed: %v", err)
32-
}
27+
r.Use(common.MustInitSessioner(), installContexter())
28+
3329
r.Get("/", Install) // it must be on the root, because the "install.js" use the window.location to replace the "localhost" AppURL
3430
r.Post("/", web.Bind(forms.InstallForm{}), SubmitInstall)
3531
r.Get("/post-install", InstallDone)

routers/web/auth/auth_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"code.gitea.io/gitea/modules/setting"
1414
"code.gitea.io/gitea/modules/test"
1515
"code.gitea.io/gitea/modules/util"
16+
routers_common "code.gitea.io/gitea/routers/common"
1617
"code.gitea.io/gitea/services/auth/source/oauth2"
1718
"code.gitea.io/gitea/services/contexttest"
1819

@@ -63,6 +64,7 @@ func TestUserLogin(t *testing.T) {
6364
func TestSignUpOAuth2Login(t *testing.T) {
6465
defer test.MockVariableValue(&setting.OAuth2Client.EnableAutoRegistration, true)()
6566

67+
routers_common.SessionGobRegister()
6668
_ = oauth2.Init(t.Context())
6769
addOAuth2Source(t, "dummy-auth-source", oauth2.Source{})
6870

routers/web/auth/oauth.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
package auth
55

66
import (
7-
"encoding/gob"
87
"errors"
98
"fmt"
109
"html"
@@ -278,7 +277,6 @@ type LinkAccountData struct {
278277
}
279278

280279
func oauth2GetLinkAccountData(ctx *context.Context) *LinkAccountData {
281-
gob.Register(LinkAccountData{})
282280
v, ok := ctx.Session.Get("linkAccountData").(LinkAccountData)
283281
if !ok {
284282
return nil
@@ -287,7 +285,6 @@ func oauth2GetLinkAccountData(ctx *context.Context) *LinkAccountData {
287285
}
288286

289287
func Oauth2SetLinkAccountData(ctx *context.Context, linkAccountData LinkAccountData) error {
290-
gob.Register(LinkAccountData{})
291288
return updateSession(ctx, nil, map[string]any{
292289
"linkAccountData": linkAccountData,
293290
})

routers/web/web.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -267,11 +267,7 @@ func Routes() *web.Router {
267267
routes.Get("/ssh_info", misc.SSHInfo)
268268
routes.Get("/api/healthz", healthcheck.Check)
269269

270-
if sessionMid, err := common.Sessioner(); err == nil && sessionMid != nil {
271-
mid = append(mid, sessionMid, context.Contexter())
272-
} else {
273-
log.Fatal("common.Sessioner failed: %v", err)
274-
}
270+
mid = append(mid, common.MustInitSessioner(), context.Contexter())
275271

276272
// Get user from session if logged in.
277273
mid = append(mid, webAuth(buildAuthGroup()))

services/auth/source/oauth2/init.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@ package oauth2
55

66
import (
77
"context"
8-
"encoding/gob"
98
"net/http"
109
"sync"
1110

@@ -16,15 +15,11 @@ import (
1615
"code.gitea.io/gitea/modules/setting"
1716

1817
"github.com/google/uuid"
19-
"github.com/gorilla/sessions"
2018
"github.com/markbates/goth/gothic"
2119
)
2220

2321
var gothRWMutex = sync.RWMutex{}
2422

25-
// UsersStoreKey is the key for the store
26-
const UsersStoreKey = "gitea-oauth2-sessions"
27-
2823
// ProviderHeaderKey is the HTTP header key
2924
const ProviderHeaderKey = "gitea-oauth2-provider"
3025

@@ -33,8 +28,6 @@ func Init(ctx context.Context) error {
3328
// Lock our mutex
3429
gothRWMutex.Lock()
3530

36-
gob.Register(&sessions.Session{})
37-
3831
gothic.Store = &SessionsStore{
3932
maxLength: int64(setting.OAuth2.MaxTokenLength),
4033
}

0 commit comments

Comments
 (0)