code.gitea.io/gitea@v1.22.3/modules/setting/session.go

code.gitea.io/gitea@v1.22.3/modules/setting/session.go (about)

     1  // Copyright 2019 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package setting
     5  
     6  import (
     7  	"net/http"
     8  	"path/filepath"
     9  	"strings"
    10  
    11  	"code.gitea.io/gitea/modules/json"
    12  	"code.gitea.io/gitea/modules/log"
    13  )
    14  
    15  // SessionConfig defines Session settings
    16  var SessionConfig = struct {
    17  	OriginalProvider string
    18  	Provider         string
    19  	// Provider configuration, it's corresponding to provider.
    20  	ProviderConfig string
    21  	// Cookie name to save session ID. Default is "MacaronSession".
    22  	CookieName string
    23  	// Cookie path to store. Default is "/".
    24  	CookiePath string
    25  	// GC interval time in seconds. Default is 3600.
    26  	Gclifetime int64
    27  	// Max life time in seconds. Default is whatever GC interval time is.
    28  	Maxlifetime int64
    29  	// Use HTTPS only. Default is false.
    30  	Secure bool
    31  	// Cookie domain name. Default is empty.
    32  	Domain string
    33  	// SameSite declares if your cookie should be restricted to a first-party or same-site context. Valid strings are "none", "lax", "strict". Default is "lax"
    34  	SameSite http.SameSite
    35  }{
    36  	CookieName:  "i_like_gitea",
    37  	Gclifetime:  86400,
    38  	Maxlifetime: 86400,
    39  	SameSite:    http.SameSiteLaxMode,
    40  }
    41  
    42  func loadSessionFrom(rootCfg ConfigProvider) {
    43  	sec := rootCfg.Section("session")
    44  	SessionConfig.Provider = sec.Key("PROVIDER").In("memory",
    45  		[]string{"memory", "file", "redis", "mysql", "postgres", "couchbase", "memcache", "db"})
    46  	SessionConfig.ProviderConfig = strings.Trim(sec.Key("PROVIDER_CONFIG").MustString(filepath.Join(AppDataPath, "sessions")), "\" ")
    47  	if SessionConfig.Provider == "file" && !filepath.IsAbs(SessionConfig.ProviderConfig) {
    48  		SessionConfig.ProviderConfig = filepath.Join(AppWorkPath, SessionConfig.ProviderConfig)
    49  		checkOverlappedPath("[session].PROVIDER_CONFIG", SessionConfig.ProviderConfig)
    50  	}
    51  	SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea")
    52  	SessionConfig.CookiePath = AppSubURL
    53  	if SessionConfig.CookiePath == "" {
    54  		SessionConfig.CookiePath = "/"
    55  	}
    56  	SessionConfig.Secure = sec.Key("COOKIE_SECURE").MustBool(strings.HasPrefix(strings.ToLower(AppURL), "https://"))
    57  	SessionConfig.Gclifetime = sec.Key("GC_INTERVAL_TIME").MustInt64(86400)
    58  	SessionConfig.Maxlifetime = sec.Key("SESSION_LIFE_TIME").MustInt64(86400)
    59  	SessionConfig.Domain = sec.Key("DOMAIN").String()
    60  	samesiteString := sec.Key("SAME_SITE").In("lax", []string{"none", "lax", "strict"})
    61  	switch strings.ToLower(samesiteString) {
    62  	case "none":
    63  		SessionConfig.SameSite = http.SameSiteNoneMode
    64  	case "strict":
    65  		SessionConfig.SameSite = http.SameSiteStrictMode
    66  	default:
    67  		SessionConfig.SameSite = http.SameSiteLaxMode
    68  	}
    69  	shadowConfig, err := json.Marshal(SessionConfig)
    70  	if err != nil {
    71  		log.Fatal("Can't shadow session config: %v", err)
    72  	}
    73  	SessionConfig.ProviderConfig = string(shadowConfig)
    74  	SessionConfig.OriginalProvider = SessionConfig.Provider
    75  	SessionConfig.Provider = "VirtualSession"
    76  
    77  	log.Info("Session Service Enabled")
    78  }