chore: update CI

update CI
feat: enhance session store security and configuration
2026-04-05 10:23:15 +00:00 · 2025-02-11 18:23:20 +08:00 · 2025-02-11 17:44:54 +08:00 · 2025-02-11 17:06:51 +08:00 · 2025-02-11 15:53:15 +08:00 · 2025-02-11 15:45:24 +08:00
7 changed files with 38 additions and 19 deletions
--- a/.github/workflows/docker-image-arm64.yml
+++ b/.github/workflows/docker-image-arm64.yml
@@ -13,7 +13,7 @@ on:
 jobs:
  push_to_registries:
    name: Push Docker image to multiple registries
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
--- a/13
+++ b/13
@@ -7,18 +7,27 @@ COPY ./web .
 COPY ./VERSION .
 RUN DISABLE_ESLINT_PLUGIN='true' VITE_REACT_APP_VERSION=$(cat VERSION) bun run build

-FROM golang AS builder2
+FROM golang:alpine AS builder2
+
+RUN apk add --no-cache \
+    gcc \
+    musl-dev \
+    sqlite-dev \
+    build-base

 ENV GO111MODULE=on \
    CGO_ENABLED=1 \
    GOOS=linux

 WORKDIR /build
+
 ADD go.mod go.sum ./
 RUN go mod download
+
 COPY . .
 COPY --from=builder /build/dist ./web/dist
-RUN go build -ldflags "-s -w -X 'one-api/common.Version=$(cat VERSION)' -extldflags '-static'" -o one-api
+RUN go build -trimpath -ldflags "-s -w -X 'one-api/common.Version=$(cat VERSION)' -linkmode external -extldflags '-static'" -o one-api
+

 FROM alpine

--- a/controller/channel-test.go
+++ b/controller/channel-test.go
@@ -58,17 +58,17 @@ func testChannel(channel *model.Channel, testModel string) (err error, openAIErr
 				testModel = "gpt-3.5-turbo"
 			}
 		}
-	} else {
-		modelMapping := *channel.ModelMapping
-		if modelMapping != "" && modelMapping != "{}" {
-			modelMap := make(map[string]string)
-			err := json.Unmarshal([]byte(modelMapping), &modelMap)
-			if err != nil {
-				return err, service.OpenAIErrorWrapperLocal(err, "unmarshal_model_mapping_failed", http.StatusInternalServerError)
-			}
-			if modelMap[testModel] != "" {
-				testModel = modelMap[testModel]
-			}
+	}
+
+	modelMapping := *channel.ModelMapping
+	if modelMapping != "" && modelMapping != "{}" {
+		modelMap := make(map[string]string)
+		err := json.Unmarshal([]byte(modelMapping), &modelMap)
+		if err != nil {
+			return err, service.OpenAIErrorWrapperLocal(err, "unmarshal_model_mapping_failed", http.StatusInternalServerError)
+		}
+		if modelMap[testModel] != "" {
+			testModel = modelMap[testModel]
 		}
 	}

--- a/controller/user.go
+++ b/controller/user.go
@@ -846,9 +846,10 @@ func EmailBind(c *gin.Context) {
 		})
 		return
 	}
-	id := c.GetInt("id")
+	session := sessions.Default(c)
+	id := session.Get("id")
 	user := model.User{
-		Id: id,
+		Id: id.(int),
 	}
 	err := user.FillUserById()
 	if err != nil {
--- a/controller/wechat.go
+++ b/controller/wechat.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"net/http"
 	"one-api/common"
@@ -142,9 +143,10 @@ func WeChatBind(c *gin.Context) {
 		})
 		return
 	}
-	id := c.GetInt("id")
+	session := sessions.Default(c)
+	id := session.Get("id")
 	user := model.User{
-		Id: id,
+		Id: id.(int),
 	}
 	err = user.FillUserById()
 	if err != nil {
--- a/go.mod
+++ b/go.mod
@@ -29,6 +29,7 @@ require (
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	golang.org/x/crypto v0.27.0
 	golang.org/x/image v0.23.0
+	golang.org/x/net v0.28.0
 	gorm.io/driver/mysql v1.4.3
 	gorm.io/driver/postgres v1.5.2
 	gorm.io/driver/sqlite v1.4.3
@@ -81,7 +82,6 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	golang.org/x/arch v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
-	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.27.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
--- a/main.go
+++ b/main.go
@@ -145,6 +145,13 @@ func main() {
 	middleware.SetUpLogger(server)
 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))
+	store.Options(sessions.Options{
+		Path:     "/",
+		MaxAge:   2592000, // 30 days
+		HttpOnly: true,
+		Secure:   false,
+		SameSite: http.SameSiteStrictMode,
+	})
 	server.Use(sessions.Sessions("session", store))

 	router.SetRouter(server, buildFS, indexPage)
Author	SHA1	Message	Date
1808837298@qq.com	13d1b8203c	chore: update CI	2025-02-11 18:23:20 +08:00
1808837298@qq.com	7fce084aa5	update CI	2025-02-11 17:44:54 +08:00
1808837298@qq.com	cb4d40c3c8	feat: enhance session store security and configuration - Add 30-day max age for session cookies - Enable HttpOnly flag - Set SameSite to strict mode	2025-02-11 17:06:51 +08:00
1808837298@qq.com	bbc1550a9e	fix: update session store configuration - Change session cookie path from "/api" to "/" - Remove HttpOnly flag	2025-02-11 15:53:15 +08:00
1808837298@qq.com	6acc37cf27	feat: configure session store options for API routes - Set session cookie path to "/api" - Disable secure flag for local development - Enable HttpOnly flag for improved security	2025-02-11 15:45:24 +08:00
Calcium-Ion	0e89939a12	Merge pull request #746 from zjjxwhh/main fix: always use modelMapping in channel test	2025-02-11 12:21:06 +07:00
1808837298@qq.com	1b4fe8600e	chore: update CI	2025-02-11 13:14:38 +08:00
zjjxwhh	882c5970d9	fix: always use modelMapping in channel test	2025-02-10 22:39:56 +08:00
1808837298@qq.com	d10b47005c	chore: update CI	2025-02-10 21:59:41 +08:00
1808837298@qq.com	8418dbe7c4	fix: replace context-based user ID with session-based retrieval #741 - Update user and wechat controllers to use sessions for user ID - Modify ID retrieval to use `session.Get("id")` instead of `c.GetInt("id")` - Cast session ID to int when creating user object	2025-02-10 20:52:33 +08:00