Refactor cookie (#24107)

Close #24062 At the beginning, I just wanted to fix the warning mentioned by #24062 But, the cookie code really doesn't look good to me, so clean up them. Complete the TODO on `SetCookie`: > TODO: Copied from gitea.com/macaron/macaron and should be improved after macaron removed.
2023-04-14 03:45:33 +08:00 · 2023-04-14 03:45:33 +08:00 · 5b9557aef5
commit 5b9557aef5
parent b7221bec34
18 changed files with 141 additions and 328 deletions
--- a/routers/install/install.go
+++ b/routers/install/install.go
@ -559,7 +559,7 @@ func SubmitInstall(ctx *context.Context) {
 		}

 		days := 86400 * setting.LogInRememberDays
-		ctx.SetCookie(setting.CookieUserName, u.Name, days)
+		ctx.SetSiteCookie(setting.CookieUserName, u.Name, days)

 		ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),
 			setting.CookieRememberName, u.Name, days)
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@ -49,7 +49,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 		return false, nil
 	}

-	uname := ctx.GetCookie(setting.CookieUserName)
+	uname := ctx.GetSiteCookie(setting.CookieUserName)
 	if len(uname) == 0 {
 		return false, nil
 	}
@ -58,8 +58,8 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 	defer func() {
 		if !isSucceed {
 			log.Trace("auto-login cookie cleared: %s", uname)
-			ctx.DeleteCookie(setting.CookieUserName)
-			ctx.DeleteCookie(setting.CookieRememberName)
+			ctx.DeleteSiteCookie(setting.CookieUserName)
+			ctx.DeleteSiteCookie(setting.CookieRememberName)
 		}
 	}()

@ -90,7 +90,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 		return false, err
 	}

-	middleware.DeleteCSRFCookie(ctx.Resp)
+	ctx.Csrf.DeleteCookie(ctx)
 	return true, nil
 }

@ -125,7 +125,7 @@ func checkAutoLogin(ctx *context.Context) bool {
 	if len(redirectTo) > 0 {
 		middleware.SetRedirectToCookie(ctx.Resp, redirectTo)
 	} else {
-		redirectTo = ctx.GetCookie("redirect_to")
+		redirectTo = ctx.GetSiteCookie("redirect_to")
 	}

 	if isSucceed {
@ -291,7 +291,7 @@ func handleSignIn(ctx *context.Context, u *user_model.User, remember bool) {
 func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRedirect bool) string {
 	if remember {
 		days := 86400 * setting.LogInRememberDays
-		ctx.SetCookie(setting.CookieUserName, u.Name, days)
+		ctx.SetSiteCookie(setting.CookieUserName, u.Name, days)
 		ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),
 			setting.CookieRememberName, u.Name, days)
 	}
@ -330,7 +330,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
 	}

 	// Clear whatever CSRF cookie has right now, force to generate a new one
-	middleware.DeleteCSRFCookie(ctx.Resp)
+	ctx.Csrf.DeleteCookie(ctx)

 	// Register last login
 	u.SetLastLogin()
@ -339,7 +339,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
 		return setting.AppSubURL + "/"
 	}

-	if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
+	if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
 		middleware.DeleteRedirectToCookie(ctx.Resp)
 		if obeyRedirect {
 			ctx.RedirectToFirst(redirectTo)
@ -368,10 +368,9 @@ func getUserName(gothUser *goth.User) string {
 func HandleSignOut(ctx *context.Context) {
 	_ = ctx.Session.Flush()
 	_ = ctx.Session.Destroy(ctx.Resp, ctx.Req)
-	ctx.DeleteCookie(setting.CookieUserName)
-	ctx.DeleteCookie(setting.CookieRememberName)
-	middleware.DeleteCSRFCookie(ctx.Resp)
-	middleware.DeleteLocaleCookie(ctx.Resp)
+	ctx.DeleteSiteCookie(setting.CookieUserName)
+	ctx.DeleteSiteCookie(setting.CookieRememberName)
+	ctx.Csrf.DeleteCookie(ctx)
 	middleware.DeleteRedirectToCookie(ctx.Resp)
 }

--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -1112,7 +1112,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
 		}

 		// Clear whatever CSRF cookie has right now, force to generate a new one
-		middleware.DeleteCSRFCookie(ctx.Resp)
+		ctx.Csrf.DeleteCookie(ctx)

 		// Register last login
 		u.SetLastLogin()
@ -1148,7 +1148,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
 			return
 		}

-		if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 {
+		if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 {
 			middleware.DeleteRedirectToCookie(ctx.Resp)
 			ctx.RedirectToFirst(redirectTo)
 			return
--- a/routers/web/auth/openid.go
+++ b/routers/web/auth/openid.go
@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) {
 	if len(redirectTo) > 0 {
 		middleware.SetRedirectToCookie(ctx.Resp, redirectTo)
 	} else {
-		redirectTo = ctx.GetCookie("redirect_to")
+		redirectTo = ctx.GetSiteCookie("redirect_to")
 	}

 	if isSucceed {
--- a/routers/web/auth/password.go
+++ b/routers/web/auth/password.go
@ -336,7 +336,7 @@ func MustChangePasswordPost(ctx *context.Context) {

 	log.Trace("User updated password: %s", u.Name)

-	if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
+	if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
 		middleware.DeleteRedirectToCookie(ctx.Resp)
 		ctx.RedirectToFirst(redirectTo)
 		return
--- a/routers/web/home.go
+++ b/routers/web/home.go
@ -54,7 +54,7 @@ func Home(ctx *context.Context) {
 	}

 	// Check auto-login.
-	uname := ctx.GetCookie(setting.CookieUserName)
+	uname := ctx.GetSiteCookie(setting.CookieUserName)
 	if len(uname) != 0 {
 		ctx.Redirect(setting.AppSubURL + "/user/login")
 		return