Merge pull request #3585 from overleaf/ho-session-auto-start-bot-clear

Added isReqIsBot function to SessionAutostartMiddleware middlewear GitOrigin-RevId: 652392f77a9a0cd55a8c1c3454ccec70d67a5c6e
2025-04-20 16:25:43 +00:00 · 2021-02-03 07:39:08 -05:00 · 2021-02-03 07:39:08 -05:00 · a9f75060a5
commit a9f75060a5
parent 309163d444
2 changed files with 65 additions and 3 deletions
--- a/services/web/app/src/infrastructure/SessionAutostartMiddleware.js
+++ b/services/web/app/src/infrastructure/SessionAutostartMiddleware.js
@ -1,6 +1,16 @@
 const Settings = require('settings-sharelatex')
 const OError = require('@overleaf/o-error')

+const botUserAgents = [
+  'kube-probe',
+  'GoogleStackdriverMonitoring',
+  'GoogleHC',
+  'Googlebot',
+  'bingbot',
+  'facebookexternal'
+].map(agent => {
+  return agent.toLowerCase()
+})
 // SessionAutostartMiddleware provides a mechanism to force certain routes not
 // to get an automatic session where they don't have one already. This allows us
 // to work around issues where we might overwrite a user's login cookie with one
@ -52,16 +62,35 @@ class SessionAutostartMiddleware {
    )
  }

-  middleware(req, res, next) {
+  reqIsBot(req) {
+    const agent = (req.headers['user-agent'] || '').toLowerCase()
+
+    const foundMatch = botUserAgents.find(botAgent => {
+      return agent.includes(botAgent)
+    })
+
+    if (foundMatch) {
+      return true
+    } else {
+      return false
+    }
+  }
+
+  middleware(req, _res, next) {
    if (!req.signedCookies[this._cookieName]) {
      const callback = this.autostartCallbackForRequest(req)
      if (callback) {
        req.session = {
          noSessionCallback: callback
        }
+      } else if (this.reqIsBot(req)) {
+        req.session = {
+          noSessionCallback: (_req, _res, next) => {
+            next()
+          }
+        }
      }
    }
-
    next()
  }

--- a/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js
+++ b/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js
@ -38,7 +38,12 @@ describe('SessionAutostartMiddleware', function() {
    let req, next

    beforeEach(function() {
-      req = { path: excludedRoute, method: excludedMethod, signedCookies: {} }
+      req = {
+        path: excludedRoute,
+        method: excludedMethod,
+        signedCookies: {},
+        headers: {}
+      }
      next = sinon.stub()
    })

@ -65,4 +70,32 @@ describe('SessionAutostartMiddleware', function() {
      expect(req.session).not.to.exist
    })
  })
+  describe('bot middlewear', function() {
+    let req, next
+
+    beforeEach(function() {
+      req = {
+        signedCookies: {},
+        headers: {}
+      }
+      next = sinon.stub()
+    })
+
+    it('GoogleHC user agent should have an empty session', function() {
+      req.headers['user-agent'] = 'GoogleHC'
+      middleware.middleware(req, {}, next)
+      expect(req.session.noSessionCallback).to.deep.exist
+    })
+
+    it('should not add empty session with a firefox useragent', function() {
+      req.headers['user-agent'] = 'firefox'
+      middleware.middleware(req, {}, next)
+      expect(req.session).not.to.exist
+    })
+
+    it('should not add empty session  with a empty useragent', function() {
+      middleware.middleware(req, {}, next)
+      expect(req.session).not.to.exist
+    })
+  })
 })