mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 23:46:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

express: Skip express-session middleware if pre-authorized

Browse source
This commit is contained in:
Richard Hansen 2021-12-18 17:00:02 -05:00
parent 649fbdccf5
commit 30544b564e
2 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/node/hooks/express.js
View file

@ -202,15 +202,19 @@ exports.restartServer = async () => {
},
});
// If webaccess.preAuthorize explicitly grants access, webaccess.checkAccess will skip all checks.
app.use(webaccess.preAuthorize);
// Give plugins an opportunity to install handlers/middleware after the preAuthorize middleware
// but before the express-session middleware. This allows plugins to avoid creating an
// express-session record in the database when it is not needed (e.g., public static content).
await hooks.aCallAll('expressPreSession', {app});
app.use(exports.sessionMiddleware);
app.use(cookieParser(settings.sessionKey, {}));
app.use(webaccess.checkAccess);
app.use([
// If webaccess.preAuthorize explicitly granted access, webaccess.nextRouteIfPreAuthorized will
// call `next('route')` which will skip the remaining middlewares in this list.
webaccess.nextRouteIfPreAuthorized,
exports.sessionMiddleware,
cookieParser(settings.sessionKey, {}),
webaccess.checkAccess,
]);
await Promise.all([
hooks.aCallAll('expressConfigure', {app}),