github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-18 21:30:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1468 from hedgedoc/session-cookie-status

Browse source 
[1.x] Exclude /metrics and /status routes from session initialization
This commit is contained in:
David Mehren 2021-08-01 18:22:14 +02:00 committed by GitHub
commit 64fd38b60c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app.js
View file

@ -27,6 +27,7 @@ const errors = require('./lib/errors')
const models = require('./lib/models')
const csp = require('./lib/csp')
const metrics = require('./lib/prometheus')
const { useUnless } = require('./lib/utils')
const supportedLocalesList = Object.keys(require('./locales/_supported.json'))
@ -147,7 +148,7 @@ app.use('/uploads', express.static(path.resolve(__dirname, config.uploadsPath),
app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime }))
// session
app.use(session({
app.use(useUnless(['/status', '/metrics'], session({
name: config.sessionName,
secret: config.sessionSecret,
resave: false, // don't save session if unmodified
@ -159,7 +160,7 @@ app.use(session({
secure: config.useSSL || config.protocolUseSSL || false
},
store: sessionStore
}))
})))
// session resumption
const tlsSessionStore = {}

9
lib/utils.js
View file

@ -25,3 +25,12 @@ exports.getImageMimeType = function getImageMimeType (imagePath) {
return undefined
}
}
exports.useUnless = function excludeRoute (paths, middleware) {
return function (req, res, next) {
if (paths.includes(req.path)) {
return next()
}
return middleware(req, res, next)
}
}