From 3c2e609bae556cbd3bbff02577cb2bc1c4489250 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Sun, 31 Oct 2021 17:09:49 +0000 Subject: [PATCH 1/5] Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton --- cmd/web.go | 15 +- cmd/web_letsencrypt.go | 3 +- contrib/pr/checkout.go | 3 +- go.mod | 4 +- go.sum | 9 - models/db/store.go | 18 -- services/auth/source/oauth2/init.go | 24 +- services/auth/source/oauth2/store.go | 80 ++++++ vendor/github.com/gorilla/context/.travis.yml | 19 -- vendor/github.com/gorilla/context/LICENSE | 27 -- vendor/github.com/gorilla/context/README.md | 10 - vendor/github.com/gorilla/context/context.go | 143 ---------- vendor/github.com/gorilla/context/doc.go | 88 ------ .../github.com/lafriks/xormstore/.gitignore | 3 - .../github.com/lafriks/xormstore/.travis.yml | 23 -- vendor/github.com/lafriks/xormstore/LICENSE | 19 -- vendor/github.com/lafriks/xormstore/README.md | 48 ---- vendor/github.com/lafriks/xormstore/go.mod | 19 -- vendor/github.com/lafriks/xormstore/go.sum | 85 ------ vendor/github.com/lafriks/xormstore/test | 70 ----- .../lafriks/xormstore/util/time_stamp.go | 60 ----- .../github.com/lafriks/xormstore/xormstore.go | 251 ------------------ vendor/modules.txt | 7 - 23 files changed, 95 insertions(+), 933 deletions(-) delete mode 100644 models/db/store.go create mode 100644 services/auth/source/oauth2/store.go delete mode 100644 vendor/github.com/gorilla/context/.travis.yml delete mode 100644 vendor/github.com/gorilla/context/LICENSE delete mode 100644 vendor/github.com/gorilla/context/README.md delete mode 100644 vendor/github.com/gorilla/context/context.go delete mode 100644 vendor/github.com/gorilla/context/doc.go delete mode 100644 vendor/github.com/lafriks/xormstore/.gitignore delete mode 100644 vendor/github.com/lafriks/xormstore/.travis.yml delete mode 100644 vendor/github.com/lafriks/xormstore/LICENSE delete mode 100644 vendor/github.com/lafriks/xormstore/README.md delete mode 100644 vendor/github.com/lafriks/xormstore/go.mod delete mode 100644 vendor/github.com/lafriks/xormstore/go.sum delete mode 100644 vendor/github.com/lafriks/xormstore/test delete mode 100644 vendor/github.com/lafriks/xormstore/util/time_stamp.go delete mode 100644 vendor/github.com/lafriks/xormstore/xormstore.go diff --git a/cmd/web.go b/cmd/web.go index 963c816207475..eaae66e1dd9ac 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -19,7 +19,6 @@ import ( "code.gitea.io/gitea/routers" "code.gitea.io/gitea/routers/install" - context2 "github.com/gorilla/context" "github.com/urfave/cli" ini "gopkg.in/ini.v1" ) @@ -71,7 +70,7 @@ func runHTTPRedirector() { http.Redirect(w, r, target, http.StatusTemporaryRedirect) }) - var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler)) + var err = runHTTP("tcp", source, "HTTP Redirector", handler) if err != nil { log.Fatal("Failed to start port redirection: %v", err) @@ -205,10 +204,10 @@ func listen(m http.Handler, handleRedirector bool) error { if handleRedirector { NoHTTPRedirector() } - err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m)) + err = runHTTP("tcp", listenAddr, "Web", m) case setting.HTTPS: if setting.EnableLetsEncrypt { - err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m)) + err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, m) break } if handleRedirector { @@ -218,22 +217,22 @@ func listen(m http.Handler, handleRedirector bool) error { NoHTTPRedirector() } } - err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m)) + err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m) case setting.FCGI: if handleRedirector { NoHTTPRedirector() } - err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m)) + err = runFCGI("tcp", listenAddr, "FCGI Web", m) case setting.UnixSocket: if handleRedirector { NoHTTPRedirector() } - err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m)) + err = runHTTP("unix", listenAddr, "Web", m) case setting.FCGIUnix: if handleRedirector { NoHTTPRedirector() } - err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m)) + err = runFCGI("unix", listenAddr, "Web", m) default: log.Fatal("Invalid protocol: %s", setting.Protocol) } diff --git a/cmd/web_letsencrypt.go b/cmd/web_letsencrypt.go index a68399979035e..096db36b24923 100644 --- a/cmd/web_letsencrypt.go +++ b/cmd/web_letsencrypt.go @@ -13,7 +13,6 @@ import ( "code.gitea.io/gitea/modules/setting" "github.com/caddyserver/certmagic" - context2 "github.com/gorilla/context" ) func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error { @@ -67,7 +66,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) }() } - return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m)) + return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m) } func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) { diff --git a/contrib/pr/checkout.go b/contrib/pr/checkout.go index 348ae75d964e8..89d92c8526128 100644 --- a/contrib/pr/checkout.go +++ b/contrib/pr/checkout.go @@ -36,7 +36,6 @@ import ( "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" - context2 "github.com/gorilla/context" "xorm.io/xorm" ) @@ -138,7 +137,7 @@ func runPR() { */ //Start the server - http.ListenAndServe(":8080", context2.ClearHandler(c)) + http.ListenAndServe(":8080", c) log.Printf("[PR] Cleaning up ...\n") /* diff --git a/go.mod b/go.mod index b8f84c62c1f13..ae37a8240b87a 100644 --- a/go.mod +++ b/go.mod @@ -55,10 +55,9 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/go-github/v39 v39.2.0 github.com/google/uuid v1.2.0 - github.com/gorilla/context v1.1.1 github.com/gorilla/feeds v1.1.1 github.com/gorilla/mux v1.8.0 // indirect - github.com/gorilla/sessions v1.2.1 // indirect + github.com/gorilla/sessions v1.2.1 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.0 // indirect github.com/hashicorp/go-version v1.3.1 @@ -73,7 +72,6 @@ require ( github.com/klauspost/compress v1.13.1 github.com/klauspost/cpuid/v2 v2.0.9 // indirect github.com/klauspost/pgzip v1.2.5 // indirect - github.com/lafriks/xormstore v1.4.0 github.com/lib/pq v1.10.2 github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96 github.com/markbates/goth v1.68.0 diff --git a/go.sum b/go.sum index 321007050b6f9..58b21910cb57c 100644 --- a/go.sum +++ b/go.sum @@ -73,7 +73,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/ProtonMail/go-crypto v0.0.0-20210705153151-cc34b1f6908b h1:BF5p87XWvmgdrTPPzcRMwC0TMQbviwQ+uBKfNfWJy50= github.com/ProtonMail/go-crypto v0.0.0-20210705153151-cc34b1f6908b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= github.com/PuerkitoBio/goquery v1.7.0 h1:O5SP3b9JWqMSVMG69zMfj577zwkSNpxrFf7ybS74eiw= github.com/PuerkitoBio/goquery v1.7.0/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -256,7 +255,6 @@ github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.10.0 h1:QykgLZBorFE95+gO3u9esLd0BmbvpWp0/waNNZfHBM8= github.com/denisenkom/go-mssqldb v0.10.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -801,14 +799,11 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lafriks/xormstore v1.4.0 h1:DX1yS9WUhVY+MTHGaOJ2tDVpwL1w/247iro5KR0BQEQ= -github.com/lafriks/xormstore v1.4.0/go.mod h1:5a3wJ6Ro0TFJmJcH1ywtHO/fBEIWYfSfO4WTYmM7qEk= github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= @@ -858,7 +853,6 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= -github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.8 h1:gDp86IdQsN/xWjIEmr9MF6o9mpksUgh0fu+9ByFxzIU= @@ -1260,7 +1254,6 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1761,9 +1754,7 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251 h1:mUcz5b3FJbP5Cvdq7Khzn6J9OCUQJaBwgBkCR+MOwSs= strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:FJGmPh3vz9jSos1L/F91iAgnC/aejc0wIIrF2ZwJxdY= -xorm.io/builder v0.3.7/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE= xorm.io/builder v0.3.9 h1:Sd65/LdWyO7LR8+Cbd+e7mm3sK/7U9k0jS3999IDHMc= xorm.io/builder v0.3.9/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE= -xorm.io/xorm v1.0.6/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4= xorm.io/xorm v1.2.5 h1:tqN7OhN8P9xi52qBb76I8m5maAJMz/SSbgK2RGPCPbo= xorm.io/xorm v1.2.5/go.mod h1:fTG8tSjk6O1BYxwuohZUK+S1glnRycsCF05L1qQyEU0= diff --git a/models/db/store.go b/models/db/store.go deleted file mode 100644 index d5931e9521dd7..0000000000000 --- a/models/db/store.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2021 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package db - -import ( - "github.com/lafriks/xormstore" -) - -// CreateStore creates a xormstore for the provided table and key -func CreateStore(table, key string) (*xormstore.Store, error) { - store, err := xormstore.NewOptions(x, xormstore.Options{ - TableName: table, - }, []byte(key)) - - return store, err -} diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go index 343b24cf6f587..a0bc2faeff97f 100644 --- a/services/auth/source/oauth2/init.go +++ b/services/auth/source/oauth2/init.go @@ -5,23 +5,20 @@ package oauth2 import ( + "encoding/gob" "net/http" "sync" - "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/login" "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/setting" "github.com/google/uuid" + "github.com/gorilla/sessions" "github.com/markbates/goth/gothic" ) var gothRWMutex = sync.RWMutex{} -// SessionTableName is the table name that OAuth2 will use to store things -const SessionTableName = "oauth2_session" - // UsersStoreKey is the key for the store const UsersStoreKey = "gitea-oauth2-sessions" @@ -34,23 +31,12 @@ func Init() error { return err } - store, err := db.CreateStore(SessionTableName, UsersStoreKey) - if err != nil { - return err - } - - // according to the Goth lib: - // set the maxLength of the cookies stored on the disk to a larger number to prevent issues with: - // securecookie: the value is too long - // when using OpenID Connect , since this can contain a large amount of extra information in the id_token - - // Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk - store.MaxLength(setting.OAuth2.MaxTokenLength) - // Lock our mutex gothRWMutex.Lock() - gothic.Store = store + gob.Register(&sessions.Session{}) + + gothic.Store = &SessionsStore{} gothic.SetState = func(req *http.Request) string { return uuid.New().String() diff --git a/services/auth/source/oauth2/store.go b/services/auth/source/oauth2/store.go new file mode 100644 index 0000000000000..3552d39da4bca --- /dev/null +++ b/services/auth/source/oauth2/store.go @@ -0,0 +1,80 @@ +// Copyright 2021 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package oauth2 + +import ( + "fmt" + "net/http" + + chiSession "gitea.com/go-chi/session" + "github.com/gorilla/sessions" +) + +// SessionsStore creates a gothic store from our session +type SessionsStore struct { +} + +// Get should return a cached session. +func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, error) { + chiStore := chiSession.GetSession(r) + + rawData := chiStore.Get(name) + if rawData == nil { + return st.New(r, name) + } + + oldSession, ok := rawData.(*sessions.Session) + if !ok { + return nil, fmt.Errorf("unexpected object in session: %v at name: %s", rawData, name) + } + + // Copy over the old data into the session + session := sessions.NewSession(st, name) + session.ID = oldSession.ID + session.IsNew = oldSession.IsNew + session.Options = oldSession.Options + session.Values = oldSession.Values + + return session, nil +} + +// New should create and return a new session. +// +// Note that New should never return a nil session, even in the case of +// an error if using the Registry infrastructure to cache the session. +func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, error) { + chiStore := chiSession.GetSession(r) + + session := sessions.NewSession(st, name) + session.ID = chiStore.ID() + + rawData := chiStore.Get(name) + if rawData != nil { + oldSession, ok := rawData.(*sessions.Session) + if ok { + session.ID = oldSession.ID + session.IsNew = oldSession.IsNew + session.Options = oldSession.Options + session.Values = oldSession.Values + + return session, nil + } + } + + return session, chiStore.Set(name, session) +} + +// Save should persist session to the underlying store implementation. +func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error { + chiStore := chiSession.GetSession(r) + + if err := chiStore.Set(session.Name(), session); err != nil { + return err + } + + return chiStore.Release() +} + +var _ (sessions.Store) = &SessionsStore{} diff --git a/vendor/github.com/gorilla/context/.travis.yml b/vendor/github.com/gorilla/context/.travis.yml deleted file mode 100644 index 6f440f1e42d3f..0000000000000 --- a/vendor/github.com/gorilla/context/.travis.yml +++ /dev/null @@ -1,19 +0,0 @@ -language: go -sudo: false - -matrix: - include: - - go: 1.3 - - go: 1.4 - - go: 1.5 - - go: 1.6 - - go: 1.7 - - go: tip - allow_failures: - - go: tip - -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d .) - - go vet $(go list ./... | grep -v /vendor/) - - go test -v -race ./... diff --git a/vendor/github.com/gorilla/context/LICENSE b/vendor/github.com/gorilla/context/LICENSE deleted file mode 100644 index 0e5fb872800da..0000000000000 --- a/vendor/github.com/gorilla/context/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 Rodrigo Moraes. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/gorilla/context/README.md b/vendor/github.com/gorilla/context/README.md deleted file mode 100644 index 08f86693bcd88..0000000000000 --- a/vendor/github.com/gorilla/context/README.md +++ /dev/null @@ -1,10 +0,0 @@ -context -======= -[![Build Status](https://travis-ci.org/gorilla/context.png?branch=master)](https://travis-ci.org/gorilla/context) - -gorilla/context is a general purpose registry for global request variables. - -> Note: gorilla/context, having been born well before `context.Context` existed, does not play well -> with the shallow copying of the request that [`http.Request.WithContext`](https://golang.org/pkg/net/http/#Request.WithContext) (added to net/http Go 1.7 onwards) performs. You should either use *just* gorilla/context, or moving forward, the new `http.Request.Context()`. - -Read the full documentation here: http://www.gorillatoolkit.org/pkg/context diff --git a/vendor/github.com/gorilla/context/context.go b/vendor/github.com/gorilla/context/context.go deleted file mode 100644 index 81cb128b19cad..0000000000000 --- a/vendor/github.com/gorilla/context/context.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package context - -import ( - "net/http" - "sync" - "time" -) - -var ( - mutex sync.RWMutex - data = make(map[*http.Request]map[interface{}]interface{}) - datat = make(map[*http.Request]int64) -) - -// Set stores a value for a given key in a given request. -func Set(r *http.Request, key, val interface{}) { - mutex.Lock() - if data[r] == nil { - data[r] = make(map[interface{}]interface{}) - datat[r] = time.Now().Unix() - } - data[r][key] = val - mutex.Unlock() -} - -// Get returns a value stored for a given key in a given request. -func Get(r *http.Request, key interface{}) interface{} { - mutex.RLock() - if ctx := data[r]; ctx != nil { - value := ctx[key] - mutex.RUnlock() - return value - } - mutex.RUnlock() - return nil -} - -// GetOk returns stored value and presence state like multi-value return of map access. -func GetOk(r *http.Request, key interface{}) (interface{}, bool) { - mutex.RLock() - if _, ok := data[r]; ok { - value, ok := data[r][key] - mutex.RUnlock() - return value, ok - } - mutex.RUnlock() - return nil, false -} - -// GetAll returns all stored values for the request as a map. Nil is returned for invalid requests. -func GetAll(r *http.Request) map[interface{}]interface{} { - mutex.RLock() - if context, ok := data[r]; ok { - result := make(map[interface{}]interface{}, len(context)) - for k, v := range context { - result[k] = v - } - mutex.RUnlock() - return result - } - mutex.RUnlock() - return nil -} - -// GetAllOk returns all stored values for the request as a map and a boolean value that indicates if -// the request was registered. -func GetAllOk(r *http.Request) (map[interface{}]interface{}, bool) { - mutex.RLock() - context, ok := data[r] - result := make(map[interface{}]interface{}, len(context)) - for k, v := range context { - result[k] = v - } - mutex.RUnlock() - return result, ok -} - -// Delete removes a value stored for a given key in a given request. -func Delete(r *http.Request, key interface{}) { - mutex.Lock() - if data[r] != nil { - delete(data[r], key) - } - mutex.Unlock() -} - -// Clear removes all values stored for a given request. -// -// This is usually called by a handler wrapper to clean up request -// variables at the end of a request lifetime. See ClearHandler(). -func Clear(r *http.Request) { - mutex.Lock() - clear(r) - mutex.Unlock() -} - -// clear is Clear without the lock. -func clear(r *http.Request) { - delete(data, r) - delete(datat, r) -} - -// Purge removes request data stored for longer than maxAge, in seconds. -// It returns the amount of requests removed. -// -// If maxAge <= 0, all request data is removed. -// -// This is only used for sanity check: in case context cleaning was not -// properly set some request data can be kept forever, consuming an increasing -// amount of memory. In case this is detected, Purge() must be called -// periodically until the problem is fixed. -func Purge(maxAge int) int { - mutex.Lock() - count := 0 - if maxAge <= 0 { - count = len(data) - data = make(map[*http.Request]map[interface{}]interface{}) - datat = make(map[*http.Request]int64) - } else { - min := time.Now().Unix() - int64(maxAge) - for r := range data { - if datat[r] < min { - clear(r) - count++ - } - } - } - mutex.Unlock() - return count -} - -// ClearHandler wraps an http.Handler and clears request values at the end -// of a request lifetime. -func ClearHandler(h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - defer Clear(r) - h.ServeHTTP(w, r) - }) -} diff --git a/vendor/github.com/gorilla/context/doc.go b/vendor/github.com/gorilla/context/doc.go deleted file mode 100644 index 448d1bfcac6e1..0000000000000 --- a/vendor/github.com/gorilla/context/doc.go +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -/* -Package context stores values shared during a request lifetime. - -Note: gorilla/context, having been born well before `context.Context` existed, -does not play well > with the shallow copying of the request that -[`http.Request.WithContext`](https://golang.org/pkg/net/http/#Request.WithContext) -(added to net/http Go 1.7 onwards) performs. You should either use *just* -gorilla/context, or moving forward, the new `http.Request.Context()`. - -For example, a router can set variables extracted from the URL and later -application handlers can access those values, or it can be used to store -sessions values to be saved at the end of a request. There are several -others common uses. - -The idea was posted by Brad Fitzpatrick to the go-nuts mailing list: - - http://groups.google.com/group/golang-nuts/msg/e2d679d303aa5d53 - -Here's the basic usage: first define the keys that you will need. The key -type is interface{} so a key can be of any type that supports equality. -Here we define a key using a custom int type to avoid name collisions: - - package foo - - import ( - "github.com/gorilla/context" - ) - - type key int - - const MyKey key = 0 - -Then set a variable. Variables are bound to an http.Request object, so you -need a request instance to set a value: - - context.Set(r, MyKey, "bar") - -The application can later access the variable using the same key you provided: - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // val is "bar". - val := context.Get(r, foo.MyKey) - - // returns ("bar", true) - val, ok := context.GetOk(r, foo.MyKey) - // ... - } - -And that's all about the basic usage. We discuss some other ideas below. - -Any type can be stored in the context. To enforce a given type, make the key -private and wrap Get() and Set() to accept and return values of a specific -type: - - type key int - - const mykey key = 0 - - // GetMyKey returns a value for this package from the request values. - func GetMyKey(r *http.Request) SomeType { - if rv := context.Get(r, mykey); rv != nil { - return rv.(SomeType) - } - return nil - } - - // SetMyKey sets a value for this package in the request values. - func SetMyKey(r *http.Request, val SomeType) { - context.Set(r, mykey, val) - } - -Variables must be cleared at the end of a request, to remove all values -that were stored. This can be done in an http.Handler, after a request was -served. Just call Clear() passing the request: - - context.Clear(r) - -...or use ClearHandler(), which conveniently wraps an http.Handler to clear -variables at the end of a request lifetime. - -The Routers from the packages gorilla/mux and gorilla/pat call Clear() -so if you are using either of them you don't need to clear the context manually. -*/ -package context diff --git a/vendor/github.com/lafriks/xormstore/.gitignore b/vendor/github.com/lafriks/xormstore/.gitignore deleted file mode 100644 index 862a81f5f9feb..0000000000000 --- a/vendor/github.com/lafriks/xormstore/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -vendor/ -debug.test -coverage.txt \ No newline at end of file diff --git a/vendor/github.com/lafriks/xormstore/.travis.yml b/vendor/github.com/lafriks/xormstore/.travis.yml deleted file mode 100644 index 5b7efc169a443..0000000000000 --- a/vendor/github.com/lafriks/xormstore/.travis.yml +++ /dev/null @@ -1,23 +0,0 @@ -sudo: required -services: - - docker - -branches: - only: - - master - -language: go -go: - - "tip" - - "1.11" - - "1.12" - - "1.x" - -env: - global: - - GO111MODULE=on - -script: ./test - -after_success: - - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/vendor/github.com/lafriks/xormstore/LICENSE b/vendor/github.com/lafriks/xormstore/LICENSE deleted file mode 100644 index 7a2dab6c17504..0000000000000 --- a/vendor/github.com/lafriks/xormstore/LICENSE +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) 2018 Lauris Bukšis-Haberkorns, Mattias Wadman - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/lafriks/xormstore/README.md b/vendor/github.com/lafriks/xormstore/README.md deleted file mode 100644 index 361c5871fc229..0000000000000 --- a/vendor/github.com/lafriks/xormstore/README.md +++ /dev/null @@ -1,48 +0,0 @@ -[![GoDoc](https://godoc.org/github.com/lafriks/xormstore?status.svg)](https://godoc.org/github.com/lafriks/xormstore) -[![Build Status](https://travis-ci.org/lafriks/xormstore.svg?branch=master)](https://travis-ci.org/lafriks/xormstore) -[![codecov](https://codecov.io/gh/lafriks/xormstore/branch/master/graph/badge.svg)](https://codecov.io/gh/lafriks/xormstore) - -#### XORM backend for gorilla sessions - - go get github.com/lafriks/xormstore - -#### Example - -```go -// initialize and setup cleanup -store := xormstore.New(engine, []byte("secret")) -// db cleanup every hour -// close quit channel to stop cleanup -quit := make(chan struct{}) -go store.PeriodicCleanup(1*time.Hour, quit) -``` - -```go -// in HTTP handler -func handlerFunc(w http.ResponseWriter, r *http.Request) { - session, err := store.Get(r, "session") - session.Values["user_id"] = 123 - store.Save(r, w, session) - http.Error(w, "", http.StatusOK) -} -``` - -For more details see [xormstore godoc documentation](https://godoc.org/github.com/lafriks/xormstore). - -#### Testing - -Just sqlite3 tests: - - go test - -All databases using docker: - - ./test - -If docker is not local (docker-machine etc): - - DOCKER_IP=$(docker-machine ip dev) ./test - -#### License - -xormstore is licensed under the MIT license. See [LICENSE](LICENSE) for the full license text. diff --git a/vendor/github.com/lafriks/xormstore/go.mod b/vendor/github.com/lafriks/xormstore/go.mod deleted file mode 100644 index dfd180e92532f..0000000000000 --- a/vendor/github.com/lafriks/xormstore/go.mod +++ /dev/null @@ -1,19 +0,0 @@ -module github.com/lafriks/xormstore - -go 1.13 - -require ( - github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc - github.com/go-sql-driver/mysql v1.5.0 - github.com/golang/protobuf v1.3.1 // indirect - github.com/gorilla/context v1.1.1 - github.com/gorilla/securecookie v1.1.1 - github.com/gorilla/sessions v1.2.0 - github.com/kr/pretty v0.2.1 // indirect - github.com/lib/pq v1.7.0 - github.com/mattn/go-sqlite3 v1.14.0 - golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad // indirect - golang.org/x/text v0.3.2 // indirect - gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect - xorm.io/xorm v1.0.6 -) diff --git a/vendor/github.com/lafriks/xormstore/go.sum b/vendor/github.com/lafriks/xormstore/go.sum deleted file mode 100644 index e8586fed667d9..0000000000000 --- a/vendor/github.com/lafriks/xormstore/go.sum +++ /dev/null @@ -1,85 +0,0 @@ -gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s= -gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU= -github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= -github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzqk8QCaRC4os14xoKDdbHqqlJtJA0oc1ZAjg= -github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= -github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= -github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ= -github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/lib/pq v1.7.0 h1:h93mCPfUSkaul3Ka/VG8uZdmW1uMHDGxzu0NWHuJmHY= -github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/mattn/go-sqlite3 v1.14.0 h1:mLyGNKR8+Vv9CAU7PphKa2hkEqxxhn8i32J6FPj1/QA= -github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE= -github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= -github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs= -github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad h1:5E5raQxcv+6CZ11RrBYQe5WRbUIWpScjh0kvHZkZIrQ= -golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -xorm.io/builder v0.3.7 h1:2pETdKRK+2QG4mLX4oODHEhn5Z8j1m8sXa7jfu+/SZI= -xorm.io/builder v0.3.7/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE= -xorm.io/xorm v1.0.6 h1:7eco1c8QUpGz+3dztpLDj9gU1bTiQdFC/KtmPaLxUJk= -xorm.io/xorm v1.0.6/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4= diff --git a/vendor/github.com/lafriks/xormstore/test b/vendor/github.com/lafriks/xormstore/test deleted file mode 100644 index 4b06eae4e7d9d..0000000000000 --- a/vendor/github.com/lafriks/xormstore/test +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -DOCKER_IP=${DOCKER_IP:-127.0.0.1} - -sqlite3() { - DATABASE_URI="sqlite3://file:dummy?mode=memory&cache=shared" go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic - return $? -} - -postgres10() { - ID=$(docker run -p 5432 -d postgres:10-alpine) - PORT=$(docker port "$ID" 5432 | cut -d : -f 2) - DATABASE_URI="postgres://user=postgres password=postgres dbname=postgres host=$DOCKER_IP port=$PORT sslmode=disable" go test -v -race -cover - S=$? - docker rm -vf "$ID" > /dev/null - return $S -} - -postgres96() { - ID=$(docker run -p 5432 -d postgres:9.6-alpine) - PORT=$(docker port "$ID" 5432 | cut -d : -f 2) - DATABASE_URI="postgres://user=postgres password=postgres dbname=postgres host=$DOCKER_IP port=$PORT sslmode=disable" go test -v -race -cover - S=$? - docker rm -vf "$ID" > /dev/null - return $S -} - -postgres94() { - ID=$(docker run -p 5432 -d postgres:9.4-alpine) - PORT=$(docker port "$ID" 5432 | cut -d : -f 2) - DATABASE_URI="postgres://user=postgres password=postgres dbname=postgres host=$DOCKER_IP port=$PORT sslmode=disable" go test -v -race -cover - S=$? - docker rm -vf "$ID" > /dev/null - return $S -} - -mysql57() { - ID=$(docker run \ - -e MYSQL_ROOT_PASSWORD=root \ - -e MYSQL_USER=mysql \ - -e MYSQL_PASSWORD=mysql \ - -e MYSQL_DATABASE=mysql \ - -p 3306 -d mysql:5.7) - PORT=$(docker port "$ID" 3306 | cut -d : -f 2) - DATABASE_URI="mysql://mysql:mysql@tcp($DOCKER_IP:$PORT)/mysql?charset=utf8&parseTime=True" go test -v -race -cover - S=$? - docker rm -vf "$ID" > /dev/null - return $S -} - -mariadb10() { - ID=$(docker run \ - -e MYSQL_ROOT_PASSWORD=root \ - -e MYSQL_USER=mysql \ - -e MYSQL_PASSWORD=mysql \ - -e MYSQL_DATABASE=mysql \ - -p 3306 -d mariadb:10) - PORT=$(docker port "$ID" 3306 | cut -d : -f 2) - DATABASE_URI="mysql://mysql:mysql@tcp($DOCKER_IP:$PORT)/mysql?charset=utf8&parseTime=True" go test -v -race -cover - S=$? - docker rm -vf "$ID" > /dev/null - return $S -} - -sqlite3 || exit 1 -postgres94 || exit 1 -postgres96 || exit 1 -postgres10 || exit 1 -mysql57 || exit 1 -mariadb10 || exit 1 diff --git a/vendor/github.com/lafriks/xormstore/util/time_stamp.go b/vendor/github.com/lafriks/xormstore/util/time_stamp.go deleted file mode 100644 index 2036fdf2f1d4d..0000000000000 --- a/vendor/github.com/lafriks/xormstore/util/time_stamp.go +++ /dev/null @@ -1,60 +0,0 @@ -package util - -import ( - "time" -) - -// TimeStamp defines a timestamp -type TimeStamp int64 - -// TimeStampNow returns now int64 -func TimeStampNow() TimeStamp { - return TimeStamp(time.Now().Unix()) -} - -// Add adds seconds and return sum -func (ts TimeStamp) Add(seconds int64) TimeStamp { - return ts + TimeStamp(seconds) -} - -// AddDuration adds time.Duration and return sum -func (ts TimeStamp) AddDuration(interval time.Duration) TimeStamp { - return ts + TimeStamp(interval/time.Second) -} - -// Year returns the time's year -func (ts TimeStamp) Year() int { - return ts.AsTime().Year() -} - -// AsTime convert timestamp as time.Time in Local locale -func (ts TimeStamp) AsTime() (tm time.Time) { - tm = time.Unix(int64(ts), 0).Local() - return -} - -// AsTimePtr convert timestamp as *time.Time in Local locale -func (ts TimeStamp) AsTimePtr() *time.Time { - tm := time.Unix(int64(ts), 0).Local() - return &tm -} - -// Format formats timestamp as -func (ts TimeStamp) Format(f string) string { - return ts.AsTime().Format(f) -} - -// FormatLong formats as RFC1123Z -func (ts TimeStamp) FormatLong() string { - return ts.Format(time.RFC1123Z) -} - -// FormatShort formats as short -func (ts TimeStamp) FormatShort() string { - return ts.Format("Jan 02, 2006") -} - -// IsZero is zero time -func (ts TimeStamp) IsZero() bool { - return ts.AsTime().IsZero() -} diff --git a/vendor/github.com/lafriks/xormstore/xormstore.go b/vendor/github.com/lafriks/xormstore/xormstore.go deleted file mode 100644 index e095508243cc8..0000000000000 --- a/vendor/github.com/lafriks/xormstore/xormstore.go +++ /dev/null @@ -1,251 +0,0 @@ -/* -Package xormstore is a XORM backend for gorilla sessions - -Simplest form: - - store, err := xormstore.New(engine, []byte("secret-hash-key")) - -All options: - - store, err := xormstore.NewOptions( - engine, // *xorm.Engine - xormstore.Options{ - TableName: "sessions", // "sessions" is default - SkipCreateTable: false, // false is default - }, - []byte("secret-hash-key"), // 32 or 64 bytes recommended, required - []byte("secret-encyption-key")) // nil, 16, 24 or 32 bytes, optional - - if err != nil { - // xormstore can not be initialized - } - - // some more settings, see sessions.Options - store.SessionOpts.Secure = true - store.SessionOpts.HttpOnly = true - store.SessionOpts.MaxAge = 60 * 60 * 24 * 60 - -If you want periodic cleanup of expired sessions: - - quit := make(chan struct{}) - go store.PeriodicCleanup(1*time.Hour, quit) - -For more information about the keys see https://github.com/gorilla/securecookie - -For API to use in HTTP handlers see https://github.com/gorilla/sessions -*/ -package xormstore - -import ( - "encoding/base32" - "net/http" - "strings" - "time" - - "github.com/lafriks/xormstore/util" - - "xorm.io/xorm" - "github.com/gorilla/context" - "github.com/gorilla/securecookie" - "github.com/gorilla/sessions" -) - -const sessionIDLen = 32 -const defaultTableName = "sessions" -const defaultMaxAge = 60 * 60 * 24 * 30 // 30 days -const defaultPath = "/" - -// Options for xormstore -type Options struct { - TableName string - SkipCreateTable bool -} - -// Store represent a xormstore -type Store struct { - e *xorm.Engine - opts Options - Codecs []securecookie.Codec - SessionOpts *sessions.Options -} - -type xormSession struct { - ID string `xorm:"VARCHAR(100) PK NAME 'id'"` - Data string `xorm:"TEXT"` - CreatedUnix util.TimeStamp `xorm:"created"` - UpdatedUnix util.TimeStamp `xorm:"updated"` - ExpiresUnix util.TimeStamp `xorm:"INDEX"` - - tableName string `xorm:"-"` // just to store table name for easier access -} - -// Define a type for context keys so that they can't clash with anything else stored in context -type contextKey string - -func (xs *xormSession) TableName() string { - return xs.tableName -} - -// New creates a new xormstore session -func New(e *xorm.Engine, keyPairs ...[]byte) (*Store, error) { - return NewOptions(e, Options{}, keyPairs...) -} - -// NewOptions creates a new xormstore session with options -func NewOptions(e *xorm.Engine, opts Options, keyPairs ...[]byte) (*Store, error) { - st := &Store{ - e: e, - opts: opts, - Codecs: securecookie.CodecsFromPairs(keyPairs...), - SessionOpts: &sessions.Options{ - Path: defaultPath, - MaxAge: defaultMaxAge, - }, - } - if st.opts.TableName == "" { - st.opts.TableName = defaultTableName - } - - if !st.opts.SkipCreateTable { - if err := st.e.Sync2(&xormSession{tableName: st.opts.TableName}); err != nil { - return nil, err - } - } - - return st, nil -} - -// Get returns a session for the given name after adding it to the registry. -func (st *Store) Get(r *http.Request, name string) (*sessions.Session, error) { - return sessions.GetRegistry(r).Get(st, name) -} - -// New creates a session with name without adding it to the registry. -func (st *Store) New(r *http.Request, name string) (*sessions.Session, error) { - session := sessions.NewSession(st, name) - opts := *st.SessionOpts - session.Options = &opts - - st.MaxAge(st.SessionOpts.MaxAge) - - // try fetch from db if there is a cookie - if cookie, err := r.Cookie(name); err == nil { - if err := securecookie.DecodeMulti(name, cookie.Value, &session.ID, st.Codecs...); err != nil { - return session, nil - } - s := &xormSession{tableName: st.opts.TableName} - if has, err := st.e.Where("id = ? AND expires_unix >= ?", session.ID, util.TimeStampNow()).Get(s); !has || err != nil { - return session, nil - } - if err := securecookie.DecodeMulti(session.Name(), s.Data, &session.Values, st.Codecs...); err != nil { - return session, nil - } - - context.Set(r, contextKey(name), s) - } - - return session, nil -} - -// Save session and set cookie header -func (st *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error { - s, _ := context.Get(r, contextKey(session.Name())).(*xormSession) - - // delete if max age is < 0 - if session.Options.MaxAge < 0 { - if s != nil { - if _, err := st.e.Delete(&xormSession{ - ID: session.ID, - tableName: st.opts.TableName, - }); err != nil { - return err - } - } - http.SetCookie(w, sessions.NewCookie(session.Name(), "", session.Options)) - return nil - } - - data, err := securecookie.EncodeMulti(session.Name(), session.Values, st.Codecs...) - if err != nil { - return err - } - now := util.TimeStampNow() - expire := now.AddDuration(time.Second * time.Duration(session.Options.MaxAge)) - - if s == nil { - // generate random session ID key suitable for storage in the db - session.ID = strings.TrimRight( - base32.StdEncoding.EncodeToString( - securecookie.GenerateRandomKey(sessionIDLen)), "=") - s = &xormSession{ - ID: session.ID, - Data: data, - CreatedUnix: now, - UpdatedUnix: now, - ExpiresUnix: expire, - tableName: st.opts.TableName, - } - if _, err := st.e.Insert(s); err != nil { - return err - } - context.Set(r, contextKey(session.Name()), s) - } else { - s.Data = data - s.UpdatedUnix = now - s.ExpiresUnix = expire - if _, err := st.e.ID(s.ID).Cols("data", "updated_unix", "expires_unix").Update(s); err != nil { - return err - } - } - - // set session id cookie - id, err := securecookie.EncodeMulti(session.Name(), session.ID, st.Codecs...) - if err != nil { - return err - } - http.SetCookie(w, sessions.NewCookie(session.Name(), id, session.Options)) - - return nil -} - -// MaxAge sets the maximum age for the store and the underlying cookie -// implementation. Individual sessions can be deleted by setting -// Options.MaxAge = -1 for that session. -func (st *Store) MaxAge(age int) { - st.SessionOpts.MaxAge = age - for _, codec := range st.Codecs { - if sc, ok := codec.(*securecookie.SecureCookie); ok { - sc.MaxAge(age) - } - } -} - -// MaxLength restricts the maximum length of new sessions to l. -// If l is 0 there is no limit to the size of a session, use with caution. -// The default is 4096 (default for securecookie) -func (st *Store) MaxLength(l int) { - for _, c := range st.Codecs { - if codec, ok := c.(*securecookie.SecureCookie); ok { - codec.MaxLength(l) - } - } -} - -// Cleanup deletes expired sessions -func (st *Store) Cleanup() { - st.e.Where("expires_unix < ?", util.TimeStampNow()).Delete(&xormSession{tableName: st.opts.TableName}) -} - -// PeriodicCleanup runs Cleanup every interval. Close quit channel to stop. -func (st *Store) PeriodicCleanup(interval time.Duration, quit <-chan struct{}) { - t := time.NewTicker(interval) - defer t.Stop() - for { - select { - case <-t.C: - st.Cleanup() - case <-quit: - return - } - } -} diff --git a/vendor/modules.txt b/vendor/modules.txt index b8967eae2ff0d..b34531f2596f8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -463,9 +463,6 @@ github.com/google/go-querystring/query # github.com/google/uuid v1.2.0 ## explicit github.com/google/uuid -# github.com/gorilla/context v1.1.1 -## explicit -github.com/gorilla/context # github.com/gorilla/css v1.0.0 github.com/gorilla/css/scanner # github.com/gorilla/feeds v1.1.1 @@ -564,10 +561,6 @@ github.com/klauspost/pgzip github.com/kr/pretty # github.com/kr/text v0.2.0 github.com/kr/text -# github.com/lafriks/xormstore v1.4.0 -## explicit -github.com/lafriks/xormstore -github.com/lafriks/xormstore/util # github.com/lib/pq v1.10.2 ## explicit github.com/lib/pq From ae63560c3002567fab3bba5396562dfe441ceffc Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Sun, 31 Oct 2021 18:54:43 +0000 Subject: [PATCH 2/5] as per review Signed-off-by: Andrew Thornton --- services/auth/source/oauth2/store.go | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/services/auth/source/oauth2/store.go b/services/auth/source/oauth2/store.go index 3552d39da4bca..4201d6c4c7ae4 100644 --- a/services/auth/source/oauth2/store.go +++ b/services/auth/source/oauth2/store.go @@ -18,26 +18,7 @@ type SessionsStore struct { // Get should return a cached session. func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, error) { - chiStore := chiSession.GetSession(r) - - rawData := chiStore.Get(name) - if rawData == nil { - return st.New(r, name) - } - - oldSession, ok := rawData.(*sessions.Session) - if !ok { - return nil, fmt.Errorf("unexpected object in session: %v at name: %s", rawData, name) - } - - // Copy over the old data into the session - session := sessions.NewSession(st, name) - session.ID = oldSession.ID - session.IsNew = oldSession.IsNew - session.Options = oldSession.Options - session.Values = oldSession.Values - - return session, nil + return st.getOrNew(r, name, false) } // New should create and return a new session. @@ -45,6 +26,11 @@ func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, e // Note that New should never return a nil session, even in the case of // an error if using the Registry infrastructure to cache the session. func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, error) { + return st.getOrNew(r, name, true) +} + +// getOrNew gets the session from the chi-session if it exists. Override permits the overriding of an unexpected object. +func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) (*sessions.Session, error) { chiStore := chiSession.GetSession(r) session := sessions.NewSession(st, name) @@ -60,6 +46,8 @@ func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, e session.Values = oldSession.Values return session, nil + } else if !override { + return nil, fmt.Errorf("unexpected object in session: %v at name: %s", rawData, name) } } From d377426a50e93739b60a7cba371f9ccc49d3856f Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Sun, 31 Oct 2021 19:13:02 +0000 Subject: [PATCH 3/5] as per review Signed-off-by: Andrew Thornton --- services/auth/source/oauth2/store.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services/auth/source/oauth2/store.go b/services/auth/source/oauth2/store.go index 4201d6c4c7ae4..50b499b85611c 100644 --- a/services/auth/source/oauth2/store.go +++ b/services/auth/source/oauth2/store.go @@ -8,6 +8,7 @@ import ( "fmt" "net/http" + "code.gitea.io/gitea/modules/log" chiSession "gitea.com/go-chi/session" "github.com/gorilla/sessions" ) @@ -47,7 +48,8 @@ func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) ( return session, nil } else if !override { - return nil, fmt.Errorf("unexpected object in session: %v at name: %s", rawData, name) + log.Error("Unexpected object in session at name: %s: %v", name, rawData) + return nil, fmt.Errorf("unexpected object in session at name: %s", name) } } From eae317864d46f474d0813f6eb09a3aa56495407e Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Mon, 1 Nov 2021 10:57:32 +0000 Subject: [PATCH 4/5] Handle MaxTokenLength Signed-off-by: Andrew Thornton --- models/login/session.go | 2 +- routers/web/user/auth.go | 2 +- services/auth/source/oauth2/init.go | 5 ++++- services/auth/source/oauth2/store.go | 23 ++++++++++++++++++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/models/login/session.go b/models/login/session.go index 1ddba5cd3ba44..da3745016acad 100644 --- a/models/login/session.go +++ b/models/login/session.go @@ -14,7 +14,7 @@ import ( // Session represents a session compatible for go-chi session type Session struct { Key string `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session - Data []byte `xorm:"BLOB"` + Data []byte `xorm:"BLOB"` // on MySQL this has a maximum size of 64Kb - this may need to be increased Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session } diff --git a/routers/web/user/auth.go b/routers/web/user/auth.go index 99885e5ce3dba..4e0424e0fe46a 100644 --- a/routers/web/user/auth.go +++ b/routers/web/user/auth.go @@ -789,7 +789,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, response http.ResponseWriter) (*models.User, goth.User, error) { gothUser, err := loginSource.Cfg.(*oauth2.Source).Callback(request, response) if err != nil { - if err.Error() == "securecookie: the value is too long" { + if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long" { log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", loginSource.Name, setting.OAuth2.MaxTokenLength) err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", loginSource.Name, setting.OAuth2.MaxTokenLength) } diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go index a0bc2faeff97f..edbbb8969ec0a 100644 --- a/services/auth/source/oauth2/init.go +++ b/services/auth/source/oauth2/init.go @@ -11,6 +11,7 @@ import ( "code.gitea.io/gitea/models/login" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" "github.com/google/uuid" "github.com/gorilla/sessions" @@ -36,7 +37,9 @@ func Init() error { gob.Register(&sessions.Session{}) - gothic.Store = &SessionsStore{} + gothic.Store = &SessionsStore{ + maxLength: int64(setting.OAuth2.MaxTokenLength), + } gothic.SetState = func(req *http.Request) string { return uuid.New().String() diff --git a/services/auth/source/oauth2/store.go b/services/auth/source/oauth2/store.go index 50b499b85611c..fc29056c24a46 100644 --- a/services/auth/source/oauth2/store.go +++ b/services/auth/source/oauth2/store.go @@ -5,6 +5,7 @@ package oauth2 import ( + "encoding/gob" "fmt" "net/http" @@ -15,6 +16,7 @@ import ( // SessionsStore creates a gothic store from our session type SessionsStore struct { + maxLength int64 } // Get should return a cached session. @@ -35,7 +37,6 @@ func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) ( chiStore := chiSession.GetSession(r) session := sessions.NewSession(st, name) - session.ID = chiStore.ID() rawData := chiStore.Get(name) if rawData != nil { @@ -53,6 +54,8 @@ func (st *SessionsStore) getOrNew(r *http.Request, name string, override bool) ( } } + session.ID = chiStore.ID() // Simply copy the session id from the chi store + return session, chiStore.Set(name, session) } @@ -64,7 +67,25 @@ func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *s return err } + if st.maxLength > 0 { + sizeWriter := &sizeWriter{} + + _ = gob.NewEncoder(sizeWriter).Encode(session) + if sizeWriter.size > st.maxLength { + return fmt.Errorf("encode session: Data too long: %d > %d", sizeWriter.size, st.maxLength) + } + } + return chiStore.Release() } +type sizeWriter struct { + size int64 +} + +func (s *sizeWriter) Write(data []byte) (int, error) { + s.size += int64(len(data)) + return len(data), nil +} + var _ (sessions.Store) = &SessionsStore{} From 433fe804361ab3d14f3e6a9dbacf1729f5613ce2 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Mon, 1 Nov 2021 11:04:58 +0000 Subject: [PATCH 5/5] oops Signed-off-by: Andrew Thornton --- routers/web/user/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/user/auth.go b/routers/web/user/auth.go index 4e0424e0fe46a..21d48e98341a8 100644 --- a/routers/web/user/auth.go +++ b/routers/web/user/auth.go @@ -789,7 +789,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, response http.ResponseWriter) (*models.User, goth.User, error) { gothUser, err := loginSource.Cfg.(*oauth2.Source).Callback(request, response) if err != nil { - if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long" { + if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long") { log.Error("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", loginSource.Name, setting.OAuth2.MaxTokenLength) err = fmt.Errorf("OAuth2 Provider %s returned too long a token. Current max: %d. Either increase the [OAuth2] MAX_TOKEN_LENGTH or reduce the information returned from the OAuth2 provider", loginSource.Name, setting.OAuth2.MaxTokenLength) }