socketio: Reuse the `express-session` middleware
Richard Hansen
John McLear
parent
f7953ece85
commit
821c06cc3a
|
|
@ -6,10 +6,6 @@ var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
|
|||
|
||||
var padMessageHandler = require("../../handler/PadMessageHandler");
|
||||
|
||||
var cookieParser = require('cookie-parser');
|
||||
var sessionModule = require('express-session');
|
||||
const util = require('util');
|
||||
|
||||
exports.expressCreateServer = function (hook_name, args, cb) {
|
||||
//init socket.io and redirect all requests to the MessageHandler
|
||||
// there shouldn't be a browser that isn't compatible to all
|
||||
|
|
@ -40,24 +36,15 @@ exports.expressCreateServer = function (hook_name, args, cb) {
|
|||
cookie: false,
|
||||
});
|
||||
|
||||
const cookieParserFn = util.promisify(cookieParser(settings.sessionKey, {}));
|
||||
const getSession = util.promisify(webaccess.sessionStore.get).bind(webaccess.sessionStore);
|
||||
io.use(async (socket, next) => {
|
||||
io.use((socket, next) => {
|
||||
const req = socket.request;
|
||||
if (!req.headers.cookie) {
|
||||
// socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the
|
||||
// token and express_sid cookies have to be passed via a query parameter for unit tests.
|
||||
req.headers.cookie = socket.handshake.query.cookie;
|
||||
}
|
||||
await cookieParserFn(req, {});
|
||||
const expressSid = req.signedCookies.express_sid;
|
||||
if (expressSid) {
|
||||
const session = await getSession(expressSid);
|
||||
if (session) req.session = new sessionModule.Session(req, session);
|
||||
}
|
||||
// Note: PadMessageHandler.handleMessage calls SecurityMananger.checkAccess which will perform
|
||||
// authentication and authorization checks.
|
||||
return next(null, true);
|
||||
// See: https://socket.io/docs/faq/#Usage-with-express-session
|
||||
webaccess.sessionMiddleware(req, {}, next);
|
||||
});
|
||||
|
||||
// var socketIOLogger = log4js.getLogger("socket.io");
|
||||
|
|
|
|||
|
|
@ -219,13 +219,9 @@ exports.expressConfigure = (hook_name, args, cb) => {
|
|||
}));
|
||||
}
|
||||
|
||||
// Do not let express create the session, so that we can retain a reference to it for socket.io to
|
||||
// use.
|
||||
exports.sessionStore = new ueberStore();
|
||||
|
||||
args.app.use(sessionModule({
|
||||
exports.sessionMiddleware = sessionModule({
|
||||
secret: settings.sessionKey,
|
||||
store: exports.sessionStore,
|
||||
store: new ueberStore(),
|
||||
resave: false,
|
||||
saveUninitialized: true,
|
||||
// Set the cookie name to a javascript identifier compatible string. Makes code handling it
|
||||
|
|
@ -256,7 +252,8 @@ exports.expressConfigure = (hook_name, args, cb) => {
|
|||
*/
|
||||
secure: 'auto',
|
||||
}
|
||||
}));
|
||||
});
|
||||
args.app.use(exports.sessionMiddleware);
|
||||
|
||||
args.app.use(cookieParser(settings.sessionKey, {}));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue