express: Skip express-session middleware if pre-authorized

2025-04-22 08:26:16 -04:00 · 2021-12-18 17:00:02 -05:00 · 2021-12-18 17:00:02 -05:00 · 30544b564e
commit 30544b564e
parent 649fbdccf5
2 changed files with 18 additions and 4 deletions
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@ -200,12 +200,22 @@ const checkAccess = async (req, res, next) => {
 * Express middleware that allows plugins to explicitly grant/deny access via the `preAuthorize`
 * hook before `checkAccess` is run. If access is explicitly granted:
 *   - `next('route')` will be called, which can be used to bypass later checks
+ *   - `nextRouteIfPreAuthorized` will simply call `next('route')`
 *   - `checkAccess` will simply call `next('route')`
 */
 exports.preAuthorize = (req, res, next) => {
  preAuthorize(req, res, next).catch((err) => next(err || new Error(err)));
 };

+/**
+ * Express middleware that simply calls `next('route')` if the request has been explicitly granted
+ * access by `preAuthorize` (otherwise it calls `next()`). This can be used to bypass later checks.
+ */
+exports.nextRouteIfPreAuthorized = (req, res, next) => {
+  if (res.locals._webaccess.skip) return next('route');
+  next();
+};
+
 /**
 * Express middleware to authenticate the user and check authorization. Must be installed after the
 * express-session middleware. If the request is pre-authorized, this middleware simply calls