public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

socketio: Reuse the `express-session` middleware

pull/4383/head
Richard Hansen 2020-10-03 18:00:04 -04:00 committed by John McLear
parent f7953ece85
commit 821c06cc3a
2 changed files with 7 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/node/hooks/express/socketio.js
View File

@ -6,10 +6,6 @@ var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
var padMessageHandler = require("../../handler/PadMessageHandler"); var padMessageHandler = require("../../handler/PadMessageHandler");
var cookieParser = require('cookie-parser');
var sessionModule = require('express-session');
const util = require('util');
exports.expressCreateServer = function (hook_name, args, cb) { exports.expressCreateServer = function (hook_name, args, cb) {
//init socket.io and redirect all requests to the MessageHandler //init socket.io and redirect all requests to the MessageHandler
// there shouldn't be a browser that isn't compatible to all // there shouldn't be a browser that isn't compatible to all
@ -40,24 +36,15 @@ exports.expressCreateServer = function (hook_name, args, cb) {
cookie: false, cookie: false,
}); });
const cookieParserFn = util.promisify(cookieParser(settings.sessionKey, {})); io.use((socket, next) => {
const getSession = util.promisify(webaccess.sessionStore.get).bind(webaccess.sessionStore);
io.use(async (socket, next) => {
const req = socket.request; const req = socket.request;
if (!req.headers.cookie) { if (!req.headers.cookie) {
// socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the // socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the
// token and express_sid cookies have to be passed via a query parameter for unit tests. // token and express_sid cookies have to be passed via a query parameter for unit tests.
req.headers.cookie = socket.handshake.query.cookie; req.headers.cookie = socket.handshake.query.cookie;
} }
await cookieParserFn(req, {}); // See: https://socket.io/docs/faq/#Usage-with-express-session
const expressSid = req.signedCookies.express_sid; webaccess.sessionMiddleware(req, {}, next);
if (expressSid) {
const session = await getSession(expressSid);
if (session) req.session = new sessionModule.Session(req, session);
}
// Note: PadMessageHandler.handleMessage calls SecurityMananger.checkAccess which will perform
// authentication and authorization checks.
return next(null, true);
}); });
// var socketIOLogger = log4js.getLogger("socket.io"); // var socketIOLogger = log4js.getLogger("socket.io");

11
src/node/hooks/express/webaccess.js
View File

@ -219,13 +219,9 @@ exports.expressConfigure = (hook_name, args, cb) => {
})); }));
} }
// Do not let express create the session, so that we can retain a reference to it for socket.io to exports.sessionMiddleware = sessionModule({
// use.
exports.sessionStore = new ueberStore();
args.app.use(sessionModule({
secret: settings.sessionKey, secret: settings.sessionKey,
store: exports.sessionStore, store: new ueberStore(),
resave: false, resave: false,
saveUninitialized: true, saveUninitialized: true,
// Set the cookie name to a javascript identifier compatible string. Makes code handling it // Set the cookie name to a javascript identifier compatible string. Makes code handling it
@ -256,7 +252,8 @@ exports.expressConfigure = (hook_name, args, cb) => {
*/ */
secure: 'auto', secure: 'auto',
} }
})); });
args.app.use(exports.sessionMiddleware);
args.app.use(cookieParser(settings.sessionKey, {})); args.app.use(cookieParser(settings.sessionKey, {}));