2019-02-10 09:37:37 +08:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-28 02:20:29 +08:00
// SPDX-License-Identifier: MIT
2019-02-10 09:37:37 +08:00
package setting
import (
2021-03-07 16:12:43 +08:00
"net/http"
2019-02-10 09:37:37 +08:00
"path/filepath"
"strings"
2021-07-25 00:03:58 +08:00
"code.gitea.io/gitea/modules/json"
2019-02-10 09:37:37 +08:00
"code.gitea.io/gitea/modules/log"
)
2022-01-21 01:46:10 +08:00
// SessionConfig defines Session settings
var SessionConfig = struct {
2023-02-20 00:12:01 +08:00
OriginalProvider string
Provider string
2022-01-21 01:46:10 +08:00
// Provider configuration, it's corresponding to provider.
ProviderConfig string
// Cookie name to save session ID. Default is "MacaronSession".
CookieName string
2023-04-14 03:45:33 +08:00
// Cookie path to store. Default is "/". HINT: there was a bug, the old value doesn't have trailing slash, and could be empty "".
2022-01-21 01:46:10 +08:00
CookiePath string
// GC interval time in seconds. Default is 3600.
Gclifetime int64
// Max life time in seconds. Default is whatever GC interval time is.
Maxlifetime int64
// Use HTTPS only. Default is false.
Secure bool
// Cookie domain name. Default is empty.
Domain string
// SameSite declares if your cookie should be restricted to a first-party or same-site context. Valid strings are "none", "lax", "strict". Default is "lax"
SameSite http . SameSite
} {
CookieName : "i_like_gitea" ,
Gclifetime : 86400 ,
Maxlifetime : 86400 ,
SameSite : http . SameSiteLaxMode ,
}
2019-02-10 09:37:37 +08:00
2023-02-20 00:12:01 +08:00
func loadSessionFrom ( rootCfg ConfigProvider ) {
sec := rootCfg . Section ( "session" )
2020-01-29 15:47:46 +08:00
SessionConfig . Provider = sec . Key ( "PROVIDER" ) . In ( "memory" ,
2021-02-15 13:33:31 +08:00
[ ] string { "memory" , "file" , "redis" , "mysql" , "postgres" , "couchbase" , "memcache" , "db" } )
2024-02-09 22:06:03 +08:00
SessionConfig . ProviderConfig = strings . Trim ( sec . Key ( "PROVIDER_CONFIG" ) . MustString ( filepath . Join ( AppDataPath , "sessions" ) ) , "\" " )
2019-02-10 09:37:37 +08:00
if SessionConfig . Provider == "file" && ! filepath . IsAbs ( SessionConfig . ProviderConfig ) {
2024-02-09 22:06:03 +08:00
SessionConfig . ProviderConfig = filepath . Join ( AppWorkPath , SessionConfig . ProviderConfig )
fatalDuplicatedPath ( "session" , SessionConfig . ProviderConfig )
2019-02-10 09:37:37 +08:00
}
2020-01-29 15:47:46 +08:00
SessionConfig . CookieName = sec . Key ( "COOKIE_NAME" ) . MustString ( "i_like_gitea" )
2023-04-14 03:45:33 +08:00
SessionConfig . CookiePath = AppSubURL + "/" // there was a bug, old code only set CookePath=AppSubURL, no trailing slash
2023-09-11 17:03:51 +08:00
SessionConfig . Secure = sec . Key ( "COOKIE_SECURE" ) . MustBool ( strings . HasPrefix ( strings . ToLower ( AppURL ) , "https://" ) )
2020-01-29 15:47:46 +08:00
SessionConfig . Gclifetime = sec . Key ( "GC_INTERVAL_TIME" ) . MustInt64 ( 86400 )
SessionConfig . Maxlifetime = sec . Key ( "SESSION_LIFE_TIME" ) . MustInt64 ( 86400 )
SessionConfig . Domain = sec . Key ( "DOMAIN" ) . String ( )
2021-03-07 16:12:43 +08:00
samesiteString := sec . Key ( "SAME_SITE" ) . In ( "lax" , [ ] string { "none" , "lax" , "strict" } )
switch strings . ToLower ( samesiteString ) {
case "none" :
SessionConfig . SameSite = http . SameSiteNoneMode
case "strict" :
SessionConfig . SameSite = http . SameSiteStrictMode
default :
SessionConfig . SameSite = http . SameSiteLaxMode
}
2019-04-20 14:44:50 +08:00
shadowConfig , err := json . Marshal ( SessionConfig )
if err != nil {
log . Fatal ( "Can't shadow session config: %v" , err )
}
SessionConfig . ProviderConfig = string ( shadowConfig )
2023-02-20 00:12:01 +08:00
SessionConfig . OriginalProvider = SessionConfig . Provider
2019-04-20 14:44:50 +08:00
SessionConfig . Provider = "VirtualSession"
2019-02-10 09:37:37 +08:00
log . Info ( "Session Service Enabled" )
}