From 821c06cc3a0f42426f02344955e8c1c976830b2e Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Sat, 3 Oct 2020 18:00:04 -0400 Subject: [PATCH] socketio: Reuse the `express-session` middleware --- src/node/hooks/express/socketio.js | 19 +++---------------- src/node/hooks/express/webaccess.js | 11 ++++------- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/src/node/hooks/express/socketio.js b/src/node/hooks/express/socketio.js index b1e07ba91..3ceae1ddc 100644 --- a/src/node/hooks/express/socketio.js +++ b/src/node/hooks/express/socketio.js @@ -6,10 +6,6 @@ var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess"); var padMessageHandler = require("../../handler/PadMessageHandler"); -var cookieParser = require('cookie-parser'); -var sessionModule = require('express-session'); -const util = require('util'); - exports.expressCreateServer = function (hook_name, args, cb) { //init socket.io and redirect all requests to the MessageHandler // there shouldn't be a browser that isn't compatible to all @@ -40,24 +36,15 @@ exports.expressCreateServer = function (hook_name, args, cb) { cookie: false, }); - const cookieParserFn = util.promisify(cookieParser(settings.sessionKey, {})); - const getSession = util.promisify(webaccess.sessionStore.get).bind(webaccess.sessionStore); - io.use(async (socket, next) => { + io.use((socket, next) => { const req = socket.request; if (!req.headers.cookie) { // socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the // token and express_sid cookies have to be passed via a query parameter for unit tests. req.headers.cookie = socket.handshake.query.cookie; } - await cookieParserFn(req, {}); - const expressSid = req.signedCookies.express_sid; - if (expressSid) { - const session = await getSession(expressSid); - if (session) req.session = new sessionModule.Session(req, session); - } - // Note: PadMessageHandler.handleMessage calls SecurityMananger.checkAccess which will perform - // authentication and authorization checks. - return next(null, true); + // See: https://socket.io/docs/faq/#Usage-with-express-session + webaccess.sessionMiddleware(req, {}, next); }); // var socketIOLogger = log4js.getLogger("socket.io"); diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 09e672791..843cf1478 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -219,13 +219,9 @@ exports.expressConfigure = (hook_name, args, cb) => { })); } - // Do not let express create the session, so that we can retain a reference to it for socket.io to - // use. - exports.sessionStore = new ueberStore(); - - args.app.use(sessionModule({ + exports.sessionMiddleware = sessionModule({ secret: settings.sessionKey, - store: exports.sessionStore, + store: new ueberStore(), resave: false, saveUninitialized: true, // Set the cookie name to a javascript identifier compatible string. Makes code handling it @@ -256,7 +252,8 @@ exports.expressConfigure = (hook_name, args, cb) => { */ secure: 'auto', } - })); + }); + args.app.use(exports.sessionMiddleware); args.app.use(cookieParser(settings.sessionKey, {}));