Avoid importing modules/web/middleware in modules/session (#30584)

Related to #30375. It doesn't make sense to import `modules/web/middleware` and `modules/setting` in `modules/web/session` since the last one is more low-level. And it looks like a workaround to call `DeleteLegacySiteCookie` in `RegenerateSession`, so maybe we could reverse the importing by registering hook functions. (cherry picked from commit 61457cdf6b49225ae831fd9fb084deadd8bdb0fb)
2025-06-24 18:10:52 +00:00 · 2024-04-19 12:03:53 +08:00 · 2024-04-19 12:03:53 +08:00 · e7a484e401
commit e7a484e401
parent 1e06c1e392
2 changed files with 18 additions and 10 deletions
--- a/modules/session/store.go
+++ b/modules/session/store.go
@ -6,9 +6,6 @@ package session
 import (
 	"net/http"

-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/web/middleware"
-
 	"gitea.com/go-chi/session"
 )

@ -21,10 +18,12 @@ type Store interface {

 // RegenerateSession regenerates the underlying session and returns the new store
 func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
-	// Ensure that a cookie with a trailing slash does not take precedence over
-	// the cookie written by the middleware.
-	middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
-
+	for _, f := range BeforeRegenerateSession {
+		f(resp, req)
+	}
 	s, err := session.RegenerateSession(resp, req)
 	return s, err
 }
+
+// BeforeRegenerateSession is a list of functions that are called before a session is regenerated.
+var BeforeRegenerateSession []func(http.ResponseWriter, *http.Request)