Exclude /metrics and /status routes from session initialization

This commit adds a `useUnless` helper method which can be used as a middleware for express.
It receives an express-middleware and an array of paths.
When a request matches one of the given paths, this middleware does nothing.
Otherwise the given middleware is called.

For the express-session middleware this helper middleware is used to avoid session creation on purely status routes.
See #1446

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2021-07-20 23:56:54 +02:00
parent c9c170e6a7
commit 90c5ab0833
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
2 changed files with 12 additions and 2 deletions

5
app.js
View file

@ -27,6 +27,7 @@ const errors = require('./lib/errors')
const models = require('./lib/models') const models = require('./lib/models')
const csp = require('./lib/csp') const csp = require('./lib/csp')
const metrics = require('./lib/prometheus') const metrics = require('./lib/prometheus')
const { useUnless } = require('./lib/utils')
const supportedLocalesList = Object.keys(require('./locales/_supported.json')) const supportedLocalesList = Object.keys(require('./locales/_supported.json'))
@ -147,7 +148,7 @@ app.use('/uploads', express.static(path.resolve(__dirname, config.uploadsPath),
app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime })) app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime }))
// session // session
app.use(session({ app.use(useUnless(['/status', '/metrics'], session({
name: config.sessionName, name: config.sessionName,
secret: config.sessionSecret, secret: config.sessionSecret,
resave: false, // don't save session if unmodified resave: false, // don't save session if unmodified
@ -159,7 +160,7 @@ app.use(session({
secure: config.useSSL || config.protocolUseSSL || false secure: config.useSSL || config.protocolUseSSL || false
}, },
store: sessionStore store: sessionStore
})) })))
// session resumption // session resumption
const tlsSessionStore = {} const tlsSessionStore = {}

View file

@ -25,3 +25,12 @@ exports.getImageMimeType = function getImageMimeType (imagePath) {
return undefined return undefined
} }
} }
exports.useUnless = function excludeRoute (paths, middleware) {
return function (req, res, next) {
if (paths.includes(req.path)) {
return next()
}
return middleware(req, res, next)
}
}