webui: Remove sessions & securecookie

2025-12-17 17:47:03 +00:00 · 2018-12-14 21:55:31 -08:00
parent d627da2038
commit 4894244d5c
9 changed files with 10 additions and 87 deletions
--- a/pkg/server/web/context.go
+++ b/pkg/server/web/context.go
@@ -5,7 +5,6 @@ import (
 	"strings"

 	"github.com/gorilla/mux"
-	"github.com/gorilla/sessions"
 	"github.com/jhillyerd/inbucket/pkg/config"
 	"github.com/jhillyerd/inbucket/pkg/message"
 	"github.com/jhillyerd/inbucket/pkg/msghub"
@@ -15,7 +14,6 @@ import (
 // TODO remove redundant web config
 type Context struct {
 	Vars       map[string]string
-	Session    *sessions.Session
 	MsgHub     *msghub.Hub
 	Manager    message.Manager
 	RootConfig *config.Root
@@ -48,24 +46,13 @@ func headerMatch(req *http.Request, name string, value string) bool {
 // NewContext returns a Context for the given HTTP Request
 func NewContext(req *http.Request) (*Context, error) {
 	vars := mux.Vars(req)
-	sess, err := sessionStore.Get(req, "inbucket")
-	if err != nil {
-		if sess == nil {
-			// No session, must fail
-			return nil, err
-		}
-		// The session cookie was probably signed by an old key, ignore it
-		// gorilla created an empty session for us
-		err = nil
-	}
 	ctx := &Context{
 		Vars:       vars,
-		Session:    sess,
 		MsgHub:     msgHub,
 		Manager:    manager,
 		RootConfig: rootConfig,
 		WebConfig:  rootConfig.Web,
 		IsJSON:     headerMatch(req, "Accept", "application/json"),
 	}
-	return ctx, err
+	return ctx, nil
 }
--- a/pkg/server/web/server.go
+++ b/pkg/server/web/server.go
@@ -11,8 +11,6 @@ import (
 	"time"

 	"github.com/gorilla/mux"
-	"github.com/gorilla/securecookie"
-	"github.com/gorilla/sessions"
 	"github.com/jhillyerd/inbucket/pkg/config"
 	"github.com/jhillyerd/inbucket/pkg/message"
 	"github.com/jhillyerd/inbucket/pkg/msghub"
@@ -36,7 +34,6 @@ var (
 	rootConfig     *config.Root
 	server         *http.Server
 	listener       net.Listener
-	sessionStore   sessions.Store
 	globalShutdown chan bool

 	// ExpWebSocketConnectsCurrent tracks the number of open WebSockets
@@ -94,17 +91,6 @@ func Initialize(
 		http.StatusNotFound, "No route matches URI path")
 	Router.MethodNotAllowedHandler = noMatchHandler(
 		http.StatusMethodNotAllowed, "Method not allowed for URI path")
-
-	// Session cookie setup.
-	if conf.Web.CookieAuthKey == "" {
-		log.Info().Str("module", "web").Str("phase", "startup").
-			Msg("Generating random cookie.auth.key")
-		sessionStore = sessions.NewCookieStore(securecookie.GenerateRandomKey(64))
-	} else {
-		log.Info().Str("module", "web").Str("phase", "startup").
-			Msg("Using configured cookie.auth.key")
-		sessionStore = sessions.NewCookieStore([]byte(conf.Web.CookieAuthKey))
-	}
 }

 // Start begins listening for HTTP requests