grafana/pkg/middleware/middleware.go

package middleware

import (
	"net/http"
	"net/url"
	"strconv"
	"time"

	"github.com/grafana/grafana/pkg/bus"
	"github.com/grafana/grafana/pkg/components/apikeygen"
	"github.com/grafana/grafana/pkg/log"
	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/services/session"
	"github.com/grafana/grafana/pkg/setting"
	"github.com/grafana/grafana/pkg/util"
	macaron "gopkg.in/macaron.v1"
)

var (
	ReqGrafanaAdmin = Auth(&AuthOptions{ReqSignedIn: true, ReqGrafanaAdmin: true})
	ReqSignedIn     = Auth(&AuthOptions{ReqSignedIn: true})
	ReqEditorRole   = RoleAuth(m.ROLE_EDITOR, m.ROLE_ADMIN)
	ReqOrgAdmin     = RoleAuth(m.ROLE_ADMIN)
)

func GetContextHandler(ats m.UserTokenService) macaron.Handler {
	return func(c *macaron.Context) {
		ctx := &m.ReqContext{
			Context:        c,
			SignedInUser:   &m.SignedInUser{},
			Session:        session.GetSession(), // should only be used by auth_proxy
			IsSignedIn:     false,
			AllowAnonymous: false,
			SkipCache:      false,
			Logger:         log.New("context"),
		}

		orgId := int64(0)
		orgIdHeader := ctx.Req.Header.Get("X-Grafana-Org-Id")
		if orgIdHeader != "" {
			orgId, _ = strconv.ParseInt(orgIdHeader, 10, 64)
		}

		// the order in which these are tested are important
		// look for api key in Authorization header first
		// then init session and look for userId in session
		// then look for api key in session (special case for render calls via api)
		// then test if anonymous access is enabled
		switch {
		case initContextWithRenderAuth(ctx):
		case initContextWithApiKey(ctx):
		case initContextWithBasicAuth(ctx, orgId):
		case initContextWithAuthProxy(ctx, orgId):
		case initContextWithToken(ats, ctx, orgId):
		case initContextWithAnonymousUser(ctx):
		}

		ctx.Logger = log.New("context", "userId", ctx.UserId, "orgId", ctx.OrgId, "uname", ctx.Login)
		ctx.Data["ctx"] = ctx

		c.Map(ctx)

		// update last seen every 5min
		if ctx.ShouldUpdateLastSeenAt() {
			ctx.Logger.Debug("Updating last user_seen_at", "user_id", ctx.UserId)
			if err := bus.Dispatch(&m.UpdateUserLastSeenAtCommand{UserId: ctx.UserId}); err != nil {
				ctx.Logger.Error("Failed to update last_seen_at", "error", err)
			}
		}
	}
}

func initContextWithAnonymousUser(ctx *m.ReqContext) bool {
	if !setting.AnonymousEnabled {
		return false
	}

	orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}
	if err := bus.Dispatch(&orgQuery); err != nil {
		log.Error(3, "Anonymous access organization error: '%s': %s", setting.AnonymousOrgName, err)
		return false
	}

	ctx.IsSignedIn = false
	ctx.AllowAnonymous = true
	ctx.SignedInUser = &m.SignedInUser{IsAnonymous: true}
	ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)
	ctx.OrgId = orgQuery.Result.Id
	ctx.OrgName = orgQuery.Result.Name
	return true
}

func initContextWithApiKey(ctx *m.ReqContext) bool {
	var keyString string
	if keyString = getApiKey(ctx); keyString == "" {
		return false
	}

	// base64 decode key
	decoded, err := apikeygen.Decode(keyString)
	if err != nil {
		ctx.JsonApiErr(401, "Invalid API key", err)
		return true
	}

	// fetch key
	keyQuery := m.GetApiKeyByNameQuery{KeyName: decoded.Name, OrgId: decoded.OrgId}
	if err := bus.Dispatch(&keyQuery); err != nil {
		ctx.JsonApiErr(401, "Invalid API key", err)
		return true
	}

	apikey := keyQuery.Result

	// validate api key
	if !apikeygen.IsValid(decoded, apikey.Key) {
		ctx.JsonApiErr(401, "Invalid API key", err)
		return true
	}

	ctx.IsSignedIn = true
	ctx.SignedInUser = &m.SignedInUser{}
	ctx.OrgRole = apikey.Role
	ctx.ApiKeyId = apikey.Id
	ctx.OrgId = apikey.OrgId
	return true
}

func initContextWithBasicAuth(ctx *m.ReqContext, orgId int64) bool {

	if !setting.BasicAuthEnabled {
		return false
	}

	header := ctx.Req.Header.Get("Authorization")
	if header == "" {
		return false
	}

	username, password, err := util.DecodeBasicAuthHeader(header)
	if err != nil {
		ctx.JsonApiErr(401, "Invalid Basic Auth Header", err)
		return true
	}

	loginQuery := m.GetUserByLoginQuery{LoginOrEmail: username}
	if err := bus.Dispatch(&loginQuery); err != nil {
		ctx.JsonApiErr(401, "Basic auth failed", err)
		return true
	}

	user := loginQuery.Result

	loginUserQuery := m.LoginUserQuery{Username: username, Password: password, User: user}
	if err := bus.Dispatch(&loginUserQuery); err != nil {
		ctx.JsonApiErr(401, "Invalid username or password", err)
		return true
	}

	query := m.GetSignedInUserQuery{UserId: user.Id, OrgId: orgId}
	if err := bus.Dispatch(&query); err != nil {
		ctx.JsonApiErr(401, "Authentication error", err)
		return true
	}

	ctx.SignedInUser = query.Result
	ctx.IsSignedIn = true
	return true
}

func initContextWithToken(authTokenService m.UserTokenService, ctx *m.ReqContext, orgID int64) bool {
	rawToken := ctx.GetCookie(setting.LoginCookieName)
	if rawToken == "" {
		return false
	}

	token, err := authTokenService.LookupToken(rawToken)
	if err != nil {
		ctx.Logger.Error("failed to look up user based on cookie", "error", err)
		WriteSessionCookie(ctx, "", -1)
		return false
	}

	query := m.GetSignedInUserQuery{UserId: token.UserId, OrgId: orgID}
	if err := bus.Dispatch(&query); err != nil {
		ctx.Logger.Error("failed to get user with id", "userId", token.UserId, "error", err)
		return false
	}

	ctx.SignedInUser = query.Result
	ctx.IsSignedIn = true
	ctx.UserToken = token

	rotated, err := authTokenService.TryRotateToken(token, ctx.RemoteAddr(), ctx.Req.UserAgent())
	if err != nil {
		ctx.Logger.Error("failed to rotate token", "error", err)
		return true
	}

	if rotated {
		WriteSessionCookie(ctx, token.UnhashedToken, setting.LoginMaxLifetimeDays)
	}

	return true
}

func WriteSessionCookie(ctx *m.ReqContext, value string, maxLifetimeDays int) {
	if setting.Env == setting.DEV {
		ctx.Logger.Info("new token", "unhashed token", value)
	}

	var maxAge int
	if maxLifetimeDays <= 0 {
		maxAge = -1
	} else {
		maxAgeHours := (time.Duration(setting.LoginMaxLifetimeDays) * 24 * time.Hour) + time.Hour
		maxAge = int(maxAgeHours.Seconds())
	}

	ctx.Resp.Header().Del("Set-Cookie")
	cookie := http.Cookie{
		Name:     setting.LoginCookieName,
		Value:    url.QueryEscape(value),
		HttpOnly: true,
		Path:     setting.AppSubUrl + "/",
		Secure:   setting.CookieSecure,
		MaxAge:   maxAge,
		SameSite: setting.CookieSameSite,
	}

	http.SetCookie(ctx.Resp, &cookie)
}

func AddDefaultResponseHeaders() macaron.Handler {
	return func(ctx *m.ReqContext) {
		if ctx.IsApiRequest() && ctx.Req.Method == "GET" {
			ctx.Resp.Header().Add("Cache-Control", "no-cache")
			ctx.Resp.Header().Add("Pragma", "no-cache")
			ctx.Resp.Header().Add("Expires", "-1")
		}
	}
}
Macaron rewrite 2014-10-05 09:50:04 -05:00			`package middleware`

			`import (`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`"net/http"`
			`"net/url"`
OAuth remake 2014-10-07 16:56:37 -05:00			`"strconv"`
changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`"time"`
Macaron rewrite 2014-10-05 09:50:04 -05:00
Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/bus"`
New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 10:23:28 -06:00			`"github.com/grafana/grafana/pkg/components/apikeygen"`
Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/log"`
			`m "github.com/grafana/grafana/pkg/models"`
move Context and session out of middleware 2018-03-06 16:59:45 -06:00			`"github.com/grafana/grafana/pkg/services/session"`
Changed go package path 2015-02-05 03:37:13 -06:00			`"github.com/grafana/grafana/pkg/setting"`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 02:37:52 -05:00			`"github.com/grafana/grafana/pkg/util"`
inital code for rotate 2019-01-17 10:11:52 -06:00			`macaron "gopkg.in/macaron.v1"`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`)`

made it possible to have frontend code in symlinked folders that can add routes 2018-10-11 05:36:04 -05:00			`var (`
			`ReqGrafanaAdmin = Auth(&AuthOptions{ReqSignedIn: true, ReqGrafanaAdmin: true})`
			`ReqSignedIn = Auth(&AuthOptions{ReqSignedIn: true})`
			`ReqEditorRole = RoleAuth(m.ROLE_EDITOR, m.ROLE_ADMIN)`
			`ReqOrgAdmin = RoleAuth(m.ROLE_ADMIN)`
			`)`

move UserToken and UserTokenService to models package 2019-02-06 09:45:48 -06:00			`func GetContextHandler(ats m.UserTokenService) macaron.Handler {`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`return func(c *macaron.Context) {`
rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`ctx := &m.ReqContext{`
Fixed anonymous access mode, Closes #1586 2015-03-11 11:34:11 -05:00			`Context: c,`
			`SignedInUser: &m.SignedInUser{},`
restrict session usage to auth_proxy 2019-01-23 05:41:15 -06:00			`Session: session.GetSession(), // should only be used by auth_proxy`
Fixed anonymous access mode, Closes #1586 2015-03-11 11:34:11 -05:00			`IsSignedIn: false,`
			`AllowAnonymous: false,`
refactor datasource caching 2018-10-26 03:40:33 -05:00			`SkipCache: false,`
feat(logging): a lot of progress on moving to new logging lib, #4590 2016-06-06 16:06:44 -05:00			`Logger: log.New("context"),`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`}`

use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`orgId := int64(0)`
			`orgIdHeader := ctx.Req.Header.Get("X-Grafana-Org-Id")`
			`if orgIdHeader != "" {`
			`orgId, _ = strconv.ParseInt(orgIdHeader, 10, 64)`
			`}`

HTTP API: grafana /render calls nows with api keys, Fixes #1649 2015-04-08 01:59:12 -05:00			`// the order in which these are tested are important`
			`// look for api key in Authorization header first`
			`// then init session and look for userId in session`
			`// then look for api key in session (special case for render calls via api)`
			`// then test if anonymous access is enabled`
pkg/middleware/middleware.go: Fix empty branch warning. See, $ gometalinter --vendor --deadline 10m --disable-all --enable=megacheck ./... pkg/middleware/middleware.go:46:3:warning: empty branch (SA9003) (megacheck) 2018-10-15 14:13:03 -05:00			`switch {`
			`case initContextWithRenderAuth(ctx):`
			`case initContextWithApiKey(ctx):`
			`case initContextWithBasicAuth(ctx, orgId):`
			`case initContextWithAuthProxy(ctx, orgId):`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`case initContextWithToken(ats, ctx, orgId):`
pkg/middleware/middleware.go: Fix empty branch warning. See, $ gometalinter --vendor --deadline 10m --disable-all --enable=megacheck ./... pkg/middleware/middleware.go:46:3:warning: empty branch (SA9003) (megacheck) 2018-10-15 14:13:03 -05:00			`case initContextWithAnonymousUser(ctx):`
Refactoring of auth middleware, and starting work on account admin 2015-01-15 05:16:54 -06:00			`}`

feat(logging): added uname to context logger 2016-06-07 05:20:46 -05:00			`ctx.Logger = log.New("context", "userId", ctx.UserId, "orgId", ctx.OrgId, "uname", ctx.Login)`
feat(logging): progress on new logging #4590 2016-06-07 02:29:47 -05:00			`ctx.Data["ctx"] = ctx`
feat(logging): a lot of progress on moving to new logging lib, #4590 2016-06-06 16:06:44 -05:00
Macaron rewrite 2014-10-05 09:50:04 -05:00			`c.Map(ctx)`
feat: store last seen date for users and present in stats and user lists, closes #9007 2017-08-09 03:36:41 -05:00
			`// update last seen every 5min`
			`if ctx.ShouldUpdateLastSeenAt() {`
			`ctx.Logger.Debug("Updating last user_seen_at", "user_id", ctx.UserId)`
			`if err := bus.Dispatch(&m.UpdateUserLastSeenAtCommand{UserId: ctx.UserId}); err != nil {`
			`ctx.Logger.Error("Failed to update last_seen_at", "error", err)`
			`}`
			`}`
Macaron rewrite 2014-10-05 09:50:04 -05:00			`}`
			`}`

rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`func initContextWithAnonymousUser(ctx *m.ReqContext) bool {`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`if !setting.AnonymousEnabled {`
			`return false`
			`}`

			`orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}`
			`if err := bus.Dispatch(&orgQuery); err != nil {`
			`log.Error(3, "Anonymous access organization error: '%s': %s", setting.AnonymousOrgName, err)`
			`return false`
			`}`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00
			`ctx.IsSignedIn = false`
			`ctx.AllowAnonymous = true`
fix: viewers can edit now works correctly 2017-12-15 07:19:49 -06:00			`ctx.SignedInUser = &m.SignedInUser{IsAnonymous: true}`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)`
			`ctx.OrgId = orgQuery.Result.Id`
			`ctx.OrgName = orgQuery.Result.Name`
			`return true`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`}`

rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`func initContextWithApiKey(ctx *m.ReqContext) bool {`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`var keyString string`
			`if keyString = getApiKey(ctx); keyString == "" {`
			`return false`
			`}`

			`// base64 decode key`
			`decoded, err := apikeygen.Decode(keyString)`
			`if err != nil {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
			`return true`
			`}`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00			`// fetch key`
			`keyQuery := m.GetApiKeyByNameQuery{KeyName: decoded.Name, OrgId: decoded.OrgId}`
			`if err := bus.Dispatch(&keyQuery); err != nil {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
			`return true`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`}`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`apikey := keyQuery.Result`
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session 2015-04-07 12:21:14 -05:00
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`// validate api key`
			`if !apikeygen.IsValid(decoded, apikey.Key) {`
			`ctx.JsonApiErr(401, "Invalid API key", err)`
HTTP API: grafana /render calls nows with api keys, Fixes #1649 2015-04-08 01:59:12 -05:00			`return true`
			`}`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00
			`ctx.IsSignedIn = true`
			`ctx.SignedInUser = &m.SignedInUser{}`
			`ctx.OrgRole = apikey.Role`
			`ctx.ApiKeyId = apikey.Id`
			`ctx.OrgId = apikey.OrgId`
			`return true`
HTTP API: grafana /render calls nows with api keys, Fixes #1649 2015-04-08 01:59:12 -05:00			`}`

rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`func initContextWithBasicAuth(ctx *m.ReqContext, orgId int64) bool {`
Basic Auth now supports LDAP username and password (#6940) 2016-12-13 02:15:52 -06:00
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 02:37:52 -05:00			`if !setting.BasicAuthEnabled {`
			`return false`
			`}`

			`header := ctx.Req.Header.Get("Authorization")`
			`if header == "" {`
			`return false`
			`}`

			`username, password, err := util.DecodeBasicAuthHeader(header)`
			`if err != nil {`
			`ctx.JsonApiErr(401, "Invalid Basic Auth Header", err)`
			`return true`
			`}`

			`loginQuery := m.GetUserByLoginQuery{LoginOrEmail: username}`
			`if err := bus.Dispatch(&loginQuery); err != nil {`
			`ctx.JsonApiErr(401, "Basic auth failed", err)`
			`return true`
			`}`

			`user := loginQuery.Result`

shared library for managing external user accounts 2018-02-08 16:13:58 -06:00			`loginUserQuery := m.LoginUserQuery{Username: username, Password: password, User: user}`
Basic Auth now supports LDAP username and password (#6940) 2016-12-13 02:15:52 -06:00			`if err := bus.Dispatch(&loginUserQuery); err != nil {`
			`ctx.JsonApiErr(401, "Invalid username or password", err)`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 02:37:52 -05:00			`return true`
			`}`

use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00			`query := m.GetSignedInUserQuery{UserId: user.Id, OrgId: orgId}`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 02:37:52 -05:00			`if err := bus.Dispatch(&query); err != nil {`
			`ctx.JsonApiErr(401, "Authentication error", err)`
			`return true`
			`}`
use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 08:47:39 -05:00
			`ctx.SignedInUser = query.Result`
			`ctx.IsSignedIn = true`
			`return true`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 02:37:52 -05:00			`}`

move UserToken and UserTokenService to models package 2019-02-06 09:45:48 -06:00			`func initContextWithToken(authTokenService m.UserTokenService, ctx *m.ReqContext, orgID int64) bool {`
changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`rawToken := ctx.GetCookie(setting.LoginCookieName)`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`if rawToken == "" {`
			`return false`
			`}`

			`token, err := authTokenService.LookupToken(rawToken)`
			`if err != nil {`
			`ctx.Logger.Error("failed to look up user based on cookie", "error", err)`
middleware fix 2019-02-06 01:45:01 -06:00			`WriteSessionCookie(ctx, "", -1)`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`return false`
			`}`

change UserToken from interface to struct 2019-02-06 09:21:16 -06:00			`query := m.GetSignedInUserQuery{UserId: token.UserId, OrgId: orgID}`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`if err := bus.Dispatch(&query); err != nil {`
change UserToken from interface to struct 2019-02-06 09:21:16 -06:00			`ctx.Logger.Error("failed to get user with id", "userId", token.UserId, "error", err)`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`return false`
			`}`

			`ctx.SignedInUser = query.Result`
			`ctx.IsSignedIn = true`
			`ctx.UserToken = token`

			`rotated, err := authTokenService.TryRotateToken(token, ctx.RemoteAddr(), ctx.Req.UserAgent())`
			`if err != nil {`
			`ctx.Logger.Error("failed to rotate token", "error", err)`
			`return true`
			`}`

			`if rotated {`
change UserToken from interface to struct 2019-02-06 09:21:16 -06:00			`WriteSessionCookie(ctx, token.UnhashedToken, setting.LoginMaxLifetimeDays)`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`}`

			`return true`
			`}`

changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`func WriteSessionCookie(ctx *m.ReqContext, value string, maxLifetimeDays int) {`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`if setting.Env == setting.DEV {`
			`ctx.Logger.Info("new token", "unhashed token", value)`
			`}`

changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`var maxAge int`
			`if maxLifetimeDays <= 0 {`
			`maxAge = -1`
			`} else {`
			`maxAgeHours := (time.Duration(setting.LoginMaxLifetimeDays) * 24 * time.Hour) + time.Hour`
			`maxAge = int(maxAgeHours.Seconds())`
			`}`

move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`ctx.Resp.Header().Del("Set-Cookie")`
			`cookie := http.Cookie{`
changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`Name: setting.LoginCookieName,`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`Value: url.QueryEscape(value),`
			`HttpOnly: true,`
			`Path: setting.AppSubUrl + "/",`
changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`Secure: setting.CookieSecure,`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`MaxAge: maxAge,`
changes needed for api/middleware due to configuration settings 2019-02-05 14:14:23 -06:00			`SameSite: setting.CookieSameSite,`
move auth token middleware/hooks to middleware package fix/adds auth token middleware tests 2019-02-04 16:44:28 -06:00			`}`

			`http.SetCookie(ctx.Resp, &cookie)`
			`}`

api: adds no-cache header for GET requests Fixes #5356. Internet Explorer aggressively caches GET requests which means that all API calls fetching data are cached. This fix adds a Cache-Control header with the value no-cache to all GET requests to the API. 2017-07-04 09:33:37 -05:00			`func AddDefaultResponseHeaders() macaron.Handler {`
rename Context to ReqContext 2018-03-07 10:54:50 -06:00			`return func(ctx *m.ReqContext) {`
api: adds no-cache header for GET requests Fixes #5356. Internet Explorer aggressively caches GET requests which means that all API calls fetching data are cached. This fix adds a Cache-Control header with the value no-cache to all GET requests to the API. 2017-07-04 09:33:37 -05:00			`if ctx.IsApiRequest() && ctx.Req.Method == "GET" {`
			`ctx.Resp.Header().Add("Cache-Control", "no-cache")`
api: add no cache headers for IE11 Adds pragma and expires headers for API calls so that IE11 does not cache GET calls. Ref #5356 2017-07-06 11:56:22 -05:00			`ctx.Resp.Header().Add("Pragma", "no-cache")`
			`ctx.Resp.Header().Add("Expires", "-1")`
api: adds no-cache header for GET requests Fixes #5356. Internet Explorer aggressively caches GET requests which means that all API calls fetching data are cached. This fix adds a Cache-Control header with the value no-cache to all GET requests to the API. 2017-07-04 09:33:37 -05:00			`}`
			`}`
			`}`