Fix recovery middleware to render gitea style page. (#13857)

* Some changes to fix recovery

* Move Recovery to middlewares

* Remove trace code

* Fix lint

* add session middleware and remove dependent on macaron for sso

* Fix panic 500 page rendering

* Fix bugs

* Fix fmt

* Fix vendor

* recover unnecessary change

* Fix lint and addd some comments about the copied codes.

* Use util.StatDir instead of com.StatDir

Co-authored-by: 6543 <6543@obermui.de>

vendor/github.com/go-chi/chi/middleware/basic_auth.go

@@ -1,6 +1,7 @@
 package middleware
 
 import (
+	"crypto/subtle"
 	"fmt"
 	"net/http"
 )
@@ -16,7 +17,7 @@ func BasicAuth(realm string, creds map[string]string) func(next http.Handler) ht
 			}
 
 			credPass, credUserOk := creds[user]
-			if !credUserOk || pass != credPass {
+			if !credUserOk || subtle.ConstantTimeCompare([]byte(pass), []byte(credPass)) != 1 {
 				basicAuthFailed(w, realm)
 				return
 			}

vendor/github.com/go-chi/chi/middleware/clean_path.go

@@ -0,0 +1,28 @@
+package middleware
+
+import (
+	"net/http"
+	"path"
+
+	"github.com/go-chi/chi"
+)
+
+// CleanPath middleware will clean out double slash mistakes from a user's request path.
+// For example, if a user requests /users//1 or //users////1 will both be treated as: /users/1
+func CleanPath(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rctx := chi.RouteContext(r.Context())
+
+		routePath := rctx.RoutePath
+		if routePath == "" {
+			if r.URL.RawPath != "" {
+				routePath = r.URL.RawPath
+			} else {
+				routePath = r.URL.Path
+			}
+			rctx.RoutePath = path.Clean(routePath)
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}

vendor/github.com/go-chi/chi/middleware/content_type.go

@@ -19,9 +19,9 @@ func SetHeader(key, value string) func(next http.Handler) http.Handler {
 // AllowContentType enforces a whitelist of request Content-Types otherwise responds
 // with a 415 Unsupported Media Type status.
 func AllowContentType(contentTypes ...string) func(next http.Handler) http.Handler {
-	cT := []string{}
-	for _, t := range contentTypes {
-		cT = append(cT, strings.ToLower(t))
+	allowedContentTypes := make(map[string]struct{}, len(contentTypes))
+	for _, ctype := range contentTypes {
+		allowedContentTypes[strings.TrimSpace(strings.ToLower(ctype))] = struct{}{}
 	}
 
 	return func(next http.Handler) http.Handler {
@@ -37,11 +37,9 @@ func AllowContentType(contentTypes ...string) func(next http.Handler) http.Handl
 				s = s[0:i]
 			}
 
-			for _, t := range cT {
-				if t == s {
-					next.ServeHTTP(w, r)
-					return
-				}
+			if _, ok := allowedContentTypes[s]; ok {
+				next.ServeHTTP(w, r)
+				return
 			}
 
 			w.WriteHeader(http.StatusUnsupportedMediaType)

vendor/github.com/go-chi/chi/middleware/logger.go

@@ -6,6 +6,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"runtime"
 	"time"
 )
 
@@ -16,7 +17,7 @@ var (
 	// DefaultLogger is called by the Logger middleware handler to log each request.
 	// Its made a package-level variable so that it can be reconfigured for custom
 	// logging configurations.
-	DefaultLogger = RequestLogger(&DefaultLogFormatter{Logger: log.New(os.Stdout, "", log.LstdFlags), NoColor: false})
+	DefaultLogger func(next http.Handler) http.Handler
 )
 
 // Logger is a middleware that logs the start and end of each request, along
@@ -27,6 +28,16 @@ var (
 //
 // Alternatively, look at https://github.com/goware/httplog for a more in-depth
 // http logger with structured logging support.
+//
+// IMPORTANT NOTE: Logger should go before any other middleware that may change
+// the response, such as `middleware.Recoverer`. Example:
+//
+// ```go
+// r := chi.NewRouter()
+// r.Use(middleware.Logger)        // <--<< Logger should come before Recoverer
+// r.Use(middleware.Recoverer)
+// r.Get("/", handler)
+// ```
 func Logger(next http.Handler) http.Handler {
 	return DefaultLogger(next)
 }
@@ -153,3 +164,11 @@ func (l *defaultLogEntry) Write(status, bytes int, header http.Header, elapsed t
 func (l *defaultLogEntry) Panic(v interface{}, stack []byte) {
 	PrintPrettyStack(v)
 }
+
+func init() {
+	color := true
+	if runtime.GOOS == "windows" {
+		color = false
+	}
+	DefaultLogger = RequestLogger(&DefaultLogFormatter{Logger: log.New(os.Stdout, "", log.LstdFlags), NoColor: !color})
+}

vendor/github.com/go-chi/chi/middleware/strip.go

@@ -14,13 +14,18 @@ func StripSlashes(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		var path string
 		rctx := chi.RouteContext(r.Context())
-		if rctx.RoutePath != "" {
+		if rctx != nil && rctx.RoutePath != "" {
 			path = rctx.RoutePath
 		} else {
 			path = r.URL.Path
 		}
 		if len(path) > 1 && path[len(path)-1] == '/' {
-			rctx.RoutePath = path[:len(path)-1]
+			newPath := path[:len(path)-1]
+			if rctx == nil {
+				r.URL.Path = newPath
+			} else {
+				rctx.RoutePath = newPath
+			}
 		}
 		next.ServeHTTP(w, r)
 	}
@@ -36,7 +41,7 @@ func RedirectSlashes(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		var path string
 		rctx := chi.RouteContext(r.Context())
-		if rctx.RoutePath != "" {
+		if rctx != nil && rctx.RoutePath != "" {
 			path = rctx.RoutePath
 		} else {
 			path = r.URL.Path
@@ -47,7 +52,8 @@ func RedirectSlashes(next http.Handler) http.Handler {
 			} else {
 				path = path[:len(path)-1]
 			}
-			http.Redirect(w, r, path, 301)
+			redirectUrl := fmt.Sprintf("//%s%s", r.Host, path)
+			http.Redirect(w, r, redirectUrl, 301)
 			return
 		}
 		next.ServeHTTP(w, r)

vendor/github.com/go-chi/chi/middleware/url_format.go

@@ -53,7 +53,7 @@ func URLFormat(next http.Handler) http.Handler {
 
 		if strings.Index(path, ".") > 0 {
 			base := strings.LastIndex(path, "/")
-			idx := strings.Index(path[base:], ".")
+			idx := strings.LastIndex(path[base:], ".")
 
 			if idx > 0 {
 				idx += base