Merge pull request #1468 from hedgedoc/session-cookie-status

[1.x] Exclude /metrics and /status routes from session initialization
2024-11-22 09:46:30 -05:00 · 2021-08-01 18:22:14 +02:00 · 2021-08-01 18:22:14 +02:00 · 64fd38b60c
commit 64fd38b60c
parent 4ca2600a27 90c5ab0833
2 changed files with 12 additions and 2 deletions
--- a/app.js
+++ b/app.js
@ -27,6 +27,7 @@ const errors = require('./lib/errors')
 const models = require('./lib/models')
 const csp = require('./lib/csp')
 const metrics = require('./lib/prometheus')
 const { useUnless } = require('./lib/utils')
 const supportedLocalesList = Object.keys(require('./locales/_supported.json'))
@ -147,7 +148,7 @@ app.use('/uploads', express.static(path.resolve(__dirname, config.uploadsPath),
 app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime }))
 // session
-app.use(session({
+app.use(useUnless(['/status', '/metrics'], session({
  name: config.sessionName,
  secret: config.sessionSecret,
  resave: false, // don't save session if unmodified
@ -159,7 +160,7 @@ app.use(session({
    secure: config.useSSL || config.protocolUseSSL || false
  },
  store: sessionStore
-}))
+})))
 // session resumption
 const tlsSessionStore = {}
--- a/lib/utils.js
+++ b/lib/utils.js
@ -25,3 +25,12 @@ exports.getImageMimeType = function getImageMimeType (imagePath) {
      return undefined
  }
 }
 exports.useUnless = function excludeRoute (paths, middleware) {
  return function (req, res, next) {
    if (paths.includes(req.path)) {
      return next()
    }
    return middleware(req, res, next)
  }
 }