aboutsummaryrefslogtreecommitdiff
path: root/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'middleware')
-rw-r--r--middleware/app_session.go76
-rw-r--r--middleware/user_session.go77
2 files changed, 0 insertions, 153 deletions
diff --git a/middleware/app_session.go b/middleware/app_session.go
deleted file mode 100644
index 1134e399..00000000
--- a/middleware/app_session.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Copyright 2018 Frédéric Guillot. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package middleware // import "miniflux.app/middleware"
-
-import (
- "context"
- "errors"
- "net/http"
-
- "miniflux.app/http/cookie"
- "miniflux.app/http/request"
- "miniflux.app/http/response/html"
- "miniflux.app/logger"
- "miniflux.app/model"
-)
-
-// AppSession handles application session middleware.
-func (m *Middleware) AppSession(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- var err error
- session := m.getAppSessionValueFromCookie(r)
-
- if session == nil {
- logger.Debug("[Middleware:AppSession] Session not found")
-
- session, err = m.store.CreateSession()
- if err != nil {
- html.ServerError(w, r, err)
- return
- }
-
- http.SetCookie(w, cookie.New(cookie.CookieSessionID, session.ID, m.cfg.IsHTTPS, m.cfg.BasePath()))
- } else {
- logger.Debug("[Middleware:AppSession] %s", session)
- }
-
- if r.Method == "POST" {
- formValue := r.FormValue("csrf")
- headerValue := r.Header.Get("X-Csrf-Token")
-
- if session.Data.CSRF != formValue && session.Data.CSRF != headerValue {
- logger.Error(`[Middleware:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue)
- html.BadRequest(w, r, errors.New("Invalid or missing CSRF"))
- return
- }
- }
-
- ctx := r.Context()
- ctx = context.WithValue(ctx, request.SessionIDContextKey, session.ID)
- ctx = context.WithValue(ctx, request.CSRFContextKey, session.Data.CSRF)
- ctx = context.WithValue(ctx, request.OAuth2StateContextKey, session.Data.OAuth2State)
- ctx = context.WithValue(ctx, request.FlashMessageContextKey, session.Data.FlashMessage)
- ctx = context.WithValue(ctx, request.FlashErrorMessageContextKey, session.Data.FlashErrorMessage)
- ctx = context.WithValue(ctx, request.UserLanguageContextKey, session.Data.Language)
- ctx = context.WithValue(ctx, request.UserThemeContextKey, session.Data.Theme)
- ctx = context.WithValue(ctx, request.PocketRequestTokenContextKey, session.Data.PocketRequestToken)
- next.ServeHTTP(w, r.WithContext(ctx))
- })
-}
-
-func (m *Middleware) getAppSessionValueFromCookie(r *http.Request) *model.Session {
- cookieValue := request.CookieValue(r, cookie.CookieSessionID)
- if cookieValue == "" {
- return nil
- }
-
- session, err := m.store.Session(cookieValue)
- if err != nil {
- logger.Error("[Middleware:AppSession] %v", err)
- return nil
- }
-
- return session
-}
diff --git a/middleware/user_session.go b/middleware/user_session.go
deleted file mode 100644
index 10eeca7d..00000000
--- a/middleware/user_session.go
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright 2017 Frédéric Guillot. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package middleware // import "miniflux.app/middleware"
-
-import (
- "context"
- "net/http"
-
- "miniflux.app/http/cookie"
- "miniflux.app/http/request"
- "miniflux.app/http/response/html"
- "miniflux.app/http/route"
- "miniflux.app/logger"
- "miniflux.app/model"
-
- "github.com/gorilla/mux"
-)
-
-// UserSession handles the user session middleware.
-func (m *Middleware) UserSession(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- session := m.getUserSessionFromCookie(r)
-
- if session == nil {
- logger.Debug("[Middleware:UserSession] Session not found")
- if m.isPublicRoute(r) {
- next.ServeHTTP(w, r)
- } else {
- html.Redirect(w, r, route.Path(m.router, "login"))
- }
- } else {
- logger.Debug("[Middleware:UserSession] %s", session)
-
- ctx := r.Context()
- ctx = context.WithValue(ctx, request.UserIDContextKey, session.UserID)
- ctx = context.WithValue(ctx, request.IsAuthenticatedContextKey, true)
- ctx = context.WithValue(ctx, request.UserSessionTokenContextKey, session.Token)
-
- next.ServeHTTP(w, r.WithContext(ctx))
- }
- })
-}
-
-func (m *Middleware) isPublicRoute(r *http.Request) bool {
- route := mux.CurrentRoute(r)
- switch route.GetName() {
- case "login",
- "checkLogin",
- "stylesheet",
- "javascript",
- "oauth2Redirect",
- "oauth2Callback",
- "appIcon",
- "favicon",
- "webManifest":
- return true
- default:
- return false
- }
-}
-
-func (m *Middleware) getUserSessionFromCookie(r *http.Request) *model.UserSession {
- cookieValue := request.CookieValue(r, cookie.CookieUserSessionID)
- if cookieValue == "" {
- return nil
- }
-
- session, err := m.store.UserSessionByToken(cookieValue)
- if err != nil {
- logger.Error("[Middleware:UserSession] %v", err)
- return nil
- }
-
- return session
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-08 13:10:41 +0000