diff options
| author |  Frédéric Guillot <fred@miniflux.net>
| 2018-11-11 11:28:29 -0800 |
|---|---|---|
| committer | Frédéric Guillot <fred@miniflux.net>
| 2018-11-11 11:29:12 -0800 |
| commit | 5a69a61d4841a35d7ddcb761a688db8c688314d6 (patch) | |
| tree | b807ee1da5b0705e7649f70742d8198f351c1224 /middleware/app_session.go | |
| parent | 0925899cee9362cf09e982487bd480e2b09041f4 (diff) | |
| download | v2-5a69a61d4841a35d7ddcb761a688db8c688314d6.tar.gz v2-5a69a61d4841a35d7ddcb761a688db8c688314d6.tar.zst v2-5a69a61d4841a35d7ddcb761a688db8c688314d6.zip | |
Move UI middlewares and routes to ui package
Diffstat (limited to 'middleware/app_session.go')
| -rw-r--r-- | middleware/app_session.go | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/middleware/app_session.go b/middleware/app_session.go deleted file mode 100644 index 1134e399..00000000 --- a/middleware/app_session.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2018 Frédéric Guillot. All rights reserved. -// Use of this source code is governed by the Apache 2.0 -// license that can be found in the LICENSE file. - -package middleware // import "miniflux.app/middleware" - -import ( - "context" - "errors" - "net/http" - - "miniflux.app/http/cookie" - "miniflux.app/http/request" - "miniflux.app/http/response/html" - "miniflux.app/logger" - "miniflux.app/model" -) - -// AppSession handles application session middleware. -func (m *Middleware) AppSession(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - var err error - session := m.getAppSessionValueFromCookie(r) - - if session == nil { - logger.Debug("[Middleware:AppSession] Session not found") - - session, err = m.store.CreateSession() - if err != nil { - html.ServerError(w, r, err) - return - } - - http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, m.cfg.IsHTTPS, m.cfg.BasePath())) - } else { - logger.Debug("[Middleware:AppSession] %s", session) - } - - if r.Method == "POST" { - formValue := r.FormValue("csrf") - headerValue := r.Header.Get("X-Csrf-Token") - - if session.Data.CSRF != formValue && session.Data.CSRF != headerValue { - logger.Error(`[Middleware:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue) - html.BadRequest(w, r, errors.New("Invalid or missing CSRF")) - return - } - } - - ctx := r.Context() - ctx = context.WithValue(ctx, request.SessionIDContextKey, session.ID) - ctx = context.WithValue(ctx, request.CSRFContextKey, session.Data.CSRF) - ctx = context.WithValue(ctx, request.OAuth2StateContextKey, session.Data.OAuth2State) - ctx = context.WithValue(ctx, request.FlashMessageContextKey, session.Data.FlashMessage) - ctx = context.WithValue(ctx, request.FlashErrorMessageContextKey, session.Data.FlashErrorMessage) - ctx = context.WithValue(ctx, request.UserLanguageContextKey, session.Data.Language) - ctx = context.WithValue(ctx, request.UserThemeContextKey, session.Data.Theme) - ctx = context.WithValue(ctx, request.PocketRequestTokenContextKey, session.Data.PocketRequestToken) - next.ServeHTTP(w, r.WithContext(ctx)) - }) -} - -func (m *Middleware) getAppSessionValueFromCookie(r *http.Request) *model.Session { - cookieValue := request.CookieValue(r, cookie.CookieSessionID) - if cookieValue == "" { - return nil - } - - session, err := m.store.Session(cookieValue) - if err != nil { - logger.Error("[Middleware:AppSession] %v", err) - return nil - } - - return session -} |