Refactor web package and context package (#25298)

1. The "web" package shouldn't depends on "modules/context" package, instead, let each "web context" register themselves to the "web" package. 2. The old Init/Free doesn't make sense, so simplify it * The ctx in "Init(ctx)" is never used, and shouldn't be used that way * The "Free" is never called and shouldn't be called because the SSPI instance is shared --------- Co-authored-by: Giteabot <teabot@gitea.io>
2025-05-27 04:07:08 +00:00 · 2023-06-18 15:59:09 +08:00 · 2023-06-18 15:59:09 +08:00 · 4e2f1ee58d
commit 4e2f1ee58d
parent fc2115b494
45 changed files with 218 additions and 292 deletions
--- a/services/auth/sspi_windows.go
+++ b/services/auth/sspi_windows.go
@ -4,10 +4,10 @@
 package auth

 import (
-	"context"
 	"errors"
 	"net/http"
 	"strings"
+	"sync"

 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/avatars"
@ -32,13 +32,12 @@ var (
 	// sspiAuth is a global instance of the websspi authentication package,
 	// which is used to avoid acquiring the server credential handle on
 	// every request
-	sspiAuth *websspi.Authenticator
+	sspiAuth     *websspi.Authenticator
+	sspiAuthOnce sync.Once

 	// Ensure the struct implements the interface.
-	_ Method        = &SSPI{}
-	_ Named         = &SSPI{}
-	_ Initializable = &SSPI{}
-	_ Freeable      = &SSPI{}
+	_ Method = &SSPI{}
+	_ Named  = &SSPI{}
 )

 // SSPI implements the SingleSignOn interface and authenticates requests
@ -47,32 +46,25 @@ var (
 // Returns nil if authentication fails.
 type SSPI struct{}

-// Init creates a new global websspi.Authenticator object
-func (s *SSPI) Init(ctx context.Context) error {
-	config := websspi.NewConfig()
-	var err error
-	sspiAuth, err = websspi.New(config)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 // Name represents the name of auth method
 func (s *SSPI) Name() string {
 	return "sspi"
 }

-// Free releases resources used by the global websspi.Authenticator object
-func (s *SSPI) Free() error {
-	return sspiAuth.Free()
-}
-
 // Verify uses SSPI (Windows implementation of SPNEGO) to authenticate the request.
 // If authentication is successful, returns the corresponding user object.
 // If negotiation should continue or authentication fails, immediately returns a 401 HTTP
 // response code, as required by the SPNEGO protocol.
 func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+	var errInit error
+	sspiAuthOnce.Do(func() {
+		config := websspi.NewConfig()
+		sspiAuth, errInit = websspi.New(config)
+	})
+	if errInit != nil {
+		return nil, errInit
+	}
+
 	if !s.shouldAuthenticate(req) {
 		return nil, nil
 	}