update CI

feat: enhance session store security and configuration
- Add 30-day max age for session cookies - Enable HttpOnly flag - Set SameSite to strict mode
2025-02-11 17:44:54 +08:00 · 2025-02-11 17:06:51 +08:00 · 2025-02-11 15:53:15 +08:00 · 2025-02-11 15:45:24 +08:00 · 2025-02-11 12:21:06 +07:00 · 2025-02-11 13:14:38 +08:00
6 changed files with 27 additions and 18 deletions
@@ -13,7 +13,7 @@ on:
 jobs:
  push_to_registries:
    name: Push Docker image to multiple registries
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
@@ -51,7 +51,6 @@ jobs:
          images: |
            calciumion/new-api
            ghcr.io/${{ github.repository }}
-
      - name: Build and push Docker images
        uses: docker/build-push-action@v3
        with:
@@ -58,17 +58,17 @@ func testChannel(channel *model.Channel, testModel string) (err error, openAIErr
 				testModel = "gpt-3.5-turbo"
 			}
 		}
-	} else {
-		modelMapping := *channel.ModelMapping
-		if modelMapping != "" && modelMapping != "{}" {
-			modelMap := make(map[string]string)
-			err := json.Unmarshal([]byte(modelMapping), &modelMap)
-			if err != nil {
-				return err, service.OpenAIErrorWrapperLocal(err, "unmarshal_model_mapping_failed", http.StatusInternalServerError)
-			}
-			if modelMap[testModel] != "" {
-				testModel = modelMap[testModel]
-			}
+	}
+
+	modelMapping := *channel.ModelMapping
+	if modelMapping != "" && modelMapping != "{}" {
+		modelMap := make(map[string]string)
+		err := json.Unmarshal([]byte(modelMapping), &modelMap)
+		if err != nil {
+			return err, service.OpenAIErrorWrapperLocal(err, "unmarshal_model_mapping_failed", http.StatusInternalServerError)
+		}
+		if modelMap[testModel] != "" {
+			testModel = modelMap[testModel]
 		}
 	}

@@ -846,9 +846,10 @@ func EmailBind(c *gin.Context) {
 		})
 		return
 	}
-	id := c.GetInt("id")
+	session := sessions.Default(c)
+	id := session.Get("id")
 	user := model.User{
-		Id: id,
+		Id: id.(int),
 	}
 	err := user.FillUserById()
 	if err != nil {
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"net/http"
 	"one-api/common"
@@ -142,9 +143,10 @@ func WeChatBind(c *gin.Context) {
 		})
 		return
 	}
-	id := c.GetInt("id")
+	session := sessions.Default(c)
+	id := session.Get("id")
 	user := model.User{
-		Id: id,
+		Id: id.(int),
 	}
 	err = user.FillUserById()
 	if err != nil {
@@ -29,6 +29,7 @@ require (
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	golang.org/x/crypto v0.27.0
 	golang.org/x/image v0.23.0
+	golang.org/x/net v0.28.0
 	gorm.io/driver/mysql v1.4.3
 	gorm.io/driver/postgres v1.5.2
 	gorm.io/driver/sqlite v1.4.3
@@ -81,7 +82,6 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	golang.org/x/arch v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
-	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.27.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
@@ -145,6 +145,13 @@ func main() {
 	middleware.SetUpLogger(server)
 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))
+	store.Options(sessions.Options{
+		Path:     "/",
+		MaxAge:   2592000, // 30 days
+		HttpOnly: true,
+		Secure:   false,
+		SameSite: http.SameSiteStrictMode,
+	})
 	server.Use(sessions.Sessions("session", store))

 	router.SetRouter(server, buildFS, indexPage)
Author	SHA1	Message	Date
1808837298@qq.com	0486041952	update CI	2025-02-11 17:44:54 +08:00
1808837298@qq.com	8f3752c423	feat: enhance session store security and configuration - Add 30-day max age for session cookies - Enable HttpOnly flag - Set SameSite to strict mode	2025-02-11 17:06:51 +08:00
1808837298@qq.com	94c10d8def	fix: update session store configuration - Change session cookie path from "/api" to "/" - Remove HttpOnly flag	2025-02-11 15:53:15 +08:00
1808837298@qq.com	6a9c0fd2c0	feat: configure session store options for API routes - Set session cookie path to "/api" - Disable secure flag for local development - Enable HttpOnly flag for improved security	2025-02-11 15:45:24 +08:00
Calcium-Ion	14399d6176	Merge pull request #746 from zjjxwhh/main fix: always use modelMapping in channel test	2025-02-11 12:21:06 +07:00
1808837298@qq.com	d4855da092	chore: update CI	2025-02-11 13:14:38 +08:00
zjjxwhh	5bebd3760a	fix: always use modelMapping in channel test	2025-02-10 22:39:56 +08:00
1808837298@qq.com	147d0f211b	chore: update CI	2025-02-10 21:59:41 +08:00
1808837298@qq.com	6d021b20b7	fix: replace context-based user ID with session-based retrieval #741 - Update user and wechat controllers to use sessions for user ID - Modify ID retrieval to use `session.Get("id")` instead of `c.GetInt("id")` - Cast session ID to int when creating user object	2025-02-10 20:52:33 +08:00