From 07818d5fa5aef7dd7dca1d556f59c7a146a9b00c Mon Sep 17 00:00:00 2001 From: ᴜɴᴋɴᴡᴏɴ Date: Sun, 5 Apr 2020 06:36:08 +0800 Subject: route: no session for routes without UI (#6066) Not all routes need session, register session and CSRF middleware as global is a waste of resource, and creating a lot one-time off yet never used session records. --- internal/app/api.go | 8 +++----- internal/app/metrics.go | 12 ++++++++---- 2 files changed, 11 insertions(+), 9 deletions(-) (limited to 'internal/app') diff --git a/internal/app/api.go b/internal/app/api.go index c64e946e..94c2bbc0 100644 --- a/internal/app/api.go +++ b/internal/app/api.go @@ -9,8 +9,6 @@ import ( "github.com/microcosm-cc/bluemonday" "gopkg.in/macaron.v1" - - "gogs.io/gogs/internal/context" ) func ipynbSanitizer() *bluemonday.Policy { @@ -24,13 +22,13 @@ func ipynbSanitizer() *bluemonday.Policy { func SanitizeIpynb() macaron.Handler { p := ipynbSanitizer() - return func(c *context.Context) { + return func(c *macaron.Context) { html, err := c.Req.Body().String() if err != nil { - c.Error(err, "read body") + c.Error(http.StatusInternalServerError, "read body") return } - c.PlainText(http.StatusOK, p.Sanitize(html)) + c.PlainText(http.StatusOK, []byte(p.Sanitize(html))) } } diff --git a/internal/app/metrics.go b/internal/app/metrics.go index 80ff32f6..45a9b74e 100644 --- a/internal/app/metrics.go +++ b/internal/app/metrics.go @@ -9,14 +9,14 @@ import ( "gopkg.in/macaron.v1" + "gogs.io/gogs/internal/authutil" "gogs.io/gogs/internal/conf" - "gogs.io/gogs/internal/context" ) func MetricsFilter() macaron.Handler { - return func(c *context.Context) { + return func(w http.ResponseWriter, r *http.Request) { if !conf.Prometheus.Enabled { - c.Status(http.StatusNotFound) + w.WriteHeader(http.StatusNotFound) return } @@ -24,6 +24,10 @@ func MetricsFilter() macaron.Handler { return } - c.RequireBasicAuth(conf.Prometheus.BasicAuthUsername, conf.Prometheus.BasicAuthPassword) + username, password := authutil.DecodeBasic(r.Header) + if username != conf.Prometheus.BasicAuthUsername || password != conf.Prometheus.BasicAuthPassword { + w.WriteHeader(http.StatusForbidden) + return + } } } -- cgit v1.2.3