From b68969fbac0d8f02229af41a465e89d11a487d84 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Sat, 3 Oct 2020 15:21:50 -0400
Subject: [PATCH] webaccess: Simplify Express and express-session setup

---
 src/node/hooks/express/socketio.js  |  4 ++--
 src/node/hooks/express/webaccess.js | 28 +++++++++-------------------
 2 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/src/node/hooks/express/socketio.js b/src/node/hooks/express/socketio.js
index ffc280b5c..8ec3b25e3 100644
--- a/src/node/hooks/express/socketio.js
+++ b/src/node/hooks/express/socketio.js
@@ -49,8 +49,8 @@ exports.expressCreateServer = function (hook_name, args, cb) {
   // check whether the user has authenticated, then any random person on the Internet can read,
   // modify, or create any pad (unless the pad is password protected or an HTTP API session is
   // required).
-  const cookieParserFn = util.promisify(cookieParser(webaccess.secret, {}));
-  const getSession = util.promisify(args.app.sessionStore.get).bind(args.app.sessionStore);
+  const cookieParserFn = util.promisify(cookieParser(settings.sessionKey, {}));
+  const getSession = util.promisify(webaccess.sessionStore.get).bind(webaccess.sessionStore);
   io.use(async (socket, next) => {
     const req = socket.request;
     if (!req.headers.cookie) {
diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 1fc9c8f71..09e672791 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -199,17 +199,12 @@ exports.checkAccess = (req, res, next) => {
   step1PreAuthorize();
 };
 
-exports.secret = null;
-
 exports.expressConfigure = (hook_name, args, cb) => {
   // Measure response time
   args.app.use((req, res, next) => {
     const stopWatch = stats.timer('httpRequests').start();
-    const sendFn = res.send;
-    res.send = function() { // function, not arrow, due to use of 'arguments'
-      stopWatch.end();
-      sendFn.apply(res, arguments);
-    };
+    const sendFn = res.send.bind(res);
+    res.send = (...args) => { stopWatch.end(); sendFn(...args); };
     next();
   });
 
@@ -224,22 +219,17 @@ exports.expressConfigure = (hook_name, args, cb) => {
     }));
   }
 
-  /* Do not let express create the session, so that we can retain a
-   * reference to it for socket.io to use. Also, set the key (cookie
-   * name) to a javascript identifier compatible string. Makes code
-   * handling it cleaner :) */
+  // Do not let express create the session, so that we can retain a reference to it for socket.io to
+  // use.
+  exports.sessionStore = new ueberStore();
 
-  if (!exports.sessionStore) {
-    exports.sessionStore = new ueberStore();
-    exports.secret = settings.sessionKey;
-  }
-
-  args.app.sessionStore = exports.sessionStore;
   args.app.use(sessionModule({
-    secret: exports.secret,
-    store: args.app.sessionStore,
+    secret: settings.sessionKey,
+    store: exports.sessionStore,
     resave: false,
     saveUninitialized: true,
+    // Set the cookie name to a javascript identifier compatible string. Makes code handling it
+    // cleaner :)
     name: 'express_sid',
     proxy: true,
     cookie: {