express: Move general Express setup from `webaccess.js`
The `express-session`, `cookie-parser`, etc. middleware is not specific to access checks.pull/4383/head
Richard Hansen
John McLear
parent
821c06cc3a
commit
377560eb51
|
|
@ -1,12 +1,18 @@
|
|||
const _ = require('underscore');
|
||||
const cookieParser = require('cookie-parser');
|
||||
const express = require('express');
|
||||
const expressSession = require('express-session');
|
||||
const fs = require('fs');
|
||||
const hooks = require('../../static/js/pluginfw/hooks');
|
||||
const log4js = require('log4js');
|
||||
const npm = require('npm/lib/npm');
|
||||
const path = require('path');
|
||||
const sessionStore = require('../db/SessionStore');
|
||||
const settings = require('../utils/Settings');
|
||||
const stats = require('../stats');
|
||||
const util = require('util');
|
||||
|
||||
const logger = log4js.getLogger('http');
|
||||
let serverName;
|
||||
|
||||
exports.server = null;
|
||||
|
|
@ -111,6 +117,60 @@ exports.restartServer = async () => {
|
|||
app.enable('trust proxy');
|
||||
}
|
||||
|
||||
// Measure response time
|
||||
app.use((req, res, next) => {
|
||||
const stopWatch = stats.timer('httpRequests').start();
|
||||
const sendFn = res.send.bind(res);
|
||||
res.send = (...args) => { stopWatch.end(); sendFn(...args); };
|
||||
next();
|
||||
});
|
||||
|
||||
// If the log level specified in the config file is WARN or ERROR the application server never
|
||||
// starts listening to requests as reported in issue #158. Not installing the log4js connect
|
||||
// logger when the log level has a higher severity than INFO since it would not log at that level
|
||||
// anyway.
|
||||
if (!(settings.loglevel === 'WARN' && settings.loglevel === 'ERROR')) {
|
||||
app.use(log4js.connectLogger(logger, {
|
||||
level: log4js.levels.DEBUG,
|
||||
format: ':status, :method :url',
|
||||
}));
|
||||
}
|
||||
|
||||
exports.sessionMiddleware = expressSession({
|
||||
secret: settings.sessionKey,
|
||||
store: new sessionStore(),
|
||||
resave: false,
|
||||
saveUninitialized: true,
|
||||
// Set the cookie name to a javascript identifier compatible string. Makes code handling it
|
||||
// cleaner :)
|
||||
name: 'express_sid',
|
||||
proxy: true,
|
||||
cookie: {
|
||||
sameSite: settings.cookie.sameSite,
|
||||
|
||||
// The automatic express-session mechanism for determining if the application is being served
|
||||
// over ssl is similar to the one used for setting the language cookie, which check if one of
|
||||
// these conditions is true:
|
||||
//
|
||||
// 1. we are directly serving the nodejs application over SSL, using the "ssl" options in
|
||||
// settings.json
|
||||
//
|
||||
// 2. we are serving the nodejs application in plaintext, but we are using a reverse proxy
|
||||
// that terminates SSL for us. In this case, the user has to set trustProxy = true in
|
||||
// settings.json, and the information wheter the application is over SSL or not will be
|
||||
// extracted from the X-Forwarded-Proto HTTP header
|
||||
//
|
||||
// Please note that this will not be compatible with applications being served over http and
|
||||
// https at the same time.
|
||||
//
|
||||
// reference: https://github.com/expressjs/session/blob/v1.17.0/README.md#cookiesecure
|
||||
secure: 'auto',
|
||||
}
|
||||
});
|
||||
app.use(exports.sessionMiddleware);
|
||||
|
||||
app.use(cookieParser(settings.sessionKey, {}));
|
||||
|
||||
hooks.callAll("expressConfigure", {"app": app});
|
||||
hooks.callAll('expressCreateServer', {app, server: exports.server});
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
const express = require("../express");
|
||||
var settings = require('../../utils/Settings');
|
||||
var socketio = require('socket.io');
|
||||
var socketIORouter = require("../../handler/SocketIORouter");
|
||||
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
|
||||
var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
|
||||
|
||||
var padMessageHandler = require("../../handler/PadMessageHandler");
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ exports.expressCreateServer = function (hook_name, args, cb) {
|
|||
req.headers.cookie = socket.handshake.query.cookie;
|
||||
}
|
||||
// See: https://socket.io/docs/faq/#Usage-with-express-session
|
||||
webaccess.sessionMiddleware(req, {}, next);
|
||||
express.sessionMiddleware(req, {}, next);
|
||||
});
|
||||
|
||||
// var socketIOLogger = log4js.getLogger("socket.io");
|
||||
|
|
|
|||
|
|
@ -1,13 +1,8 @@
|
|||
const assert = require('assert').strict;
|
||||
const express = require('express');
|
||||
const log4js = require('log4js');
|
||||
const httpLogger = log4js.getLogger('http');
|
||||
const settings = require('../../utils/Settings');
|
||||
const hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
|
||||
const ueberStore = require('../../db/SessionStore');
|
||||
const stats = require('ep_etherpad-lite/node/stats');
|
||||
const sessionModule = require('express-session');
|
||||
const cookieParser = require('cookie-parser');
|
||||
|
||||
hooks.deprecationNotices.authFailure = 'use the authnFailure and authzFailure hooks instead';
|
||||
|
||||
|
|
@ -200,62 +195,5 @@ exports.checkAccess = (req, res, next) => {
|
|||
};
|
||||
|
||||
exports.expressConfigure = (hook_name, args, cb) => {
|
||||
// Measure response time
|
||||
args.app.use((req, res, next) => {
|
||||
const stopWatch = stats.timer('httpRequests').start();
|
||||
const sendFn = res.send.bind(res);
|
||||
res.send = (...args) => { stopWatch.end(); sendFn(...args); };
|
||||
next();
|
||||
});
|
||||
|
||||
// If the log level specified in the config file is WARN or ERROR the application server never
|
||||
// starts listening to requests as reported in issue #158. Not installing the log4js connect
|
||||
// logger when the log level has a higher severity than INFO since it would not log at that level
|
||||
// anyway.
|
||||
if (!(settings.loglevel === 'WARN' && settings.loglevel === 'ERROR')) {
|
||||
args.app.use(log4js.connectLogger(httpLogger, {
|
||||
level: log4js.levels.DEBUG,
|
||||
format: ':status, :method :url',
|
||||
}));
|
||||
}
|
||||
|
||||
exports.sessionMiddleware = sessionModule({
|
||||
secret: settings.sessionKey,
|
||||
store: new ueberStore(),
|
||||
resave: false,
|
||||
saveUninitialized: true,
|
||||
// Set the cookie name to a javascript identifier compatible string. Makes code handling it
|
||||
// cleaner :)
|
||||
name: 'express_sid',
|
||||
proxy: true,
|
||||
cookie: {
|
||||
sameSite: settings.cookie.sameSite,
|
||||
/*
|
||||
* The automatic express-session mechanism for determining if the
|
||||
* application is being served over ssl is similar to the one used for
|
||||
* setting the language cookie, which check if one of these conditions is
|
||||
* true:
|
||||
*
|
||||
* 1. we are directly serving the nodejs application over SSL, using the
|
||||
* "ssl" options in settings.json
|
||||
*
|
||||
* 2. we are serving the nodejs application in plaintext, but we are using
|
||||
* a reverse proxy that terminates SSL for us. In this case, the user
|
||||
* has to set trustProxy = true in settings.json, and the information
|
||||
* wheter the application is over SSL or not will be extracted from the
|
||||
* X-Forwarded-Proto HTTP header
|
||||
*
|
||||
* Please note that this will not be compatible with applications being
|
||||
* served over http and https at the same time.
|
||||
*
|
||||
* reference: https://github.com/expressjs/session/blob/v1.17.0/README.md#cookiesecure
|
||||
*/
|
||||
secure: 'auto',
|
||||
}
|
||||
});
|
||||
args.app.use(exports.sessionMiddleware);
|
||||
|
||||
args.app.use(cookieParser(settings.sessionKey, {}));
|
||||
|
||||
args.app.use(exports.checkAccess);
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue