Permalink
Browse files

Issue #19299 Conditionally load session packages so REST calls do not…

… get sessions.
  • Loading branch information...
1 parent ce7eded commit a8aa82aaf0c78aa3f89af8f81beb835f9d8568d0 @bendiy bendiy committed Mar 15, 2013
Showing with 53 additions and 11 deletions.
  1. +53 −11 node-datasource/main.js
@@ -237,6 +237,50 @@ var app = express(),
Cookie = require('express/node_modules/connect/lib/middleware/session/cookie'),
cookie = require('express/node_modules/cookie');
+// Conditionally load express.session(). REST API endpoints using OAuth tokens do not get sessions.
+var conditionalExpressSession = function (req, res, next) {
+ // REST API endpoints start with "/api" in their path.
+ if ((/^\/api/i).test(req.path)) {
+ next();
+ } else {
+ // Instead of doing app.use(express.session()) we call the package directly
+ // which returns a function(req, res, next) we can call to do the same thing.
+ var init_session = express.session({
+ store: sessionStore,
+ secret: '.T#T@r5EkPM*N@C%9K-iPW!+T',
+ // See cookie stomp above for more details on how this session cookie works.
+ cookie: { path: '/', httpOnly: true, secure: true, maxAge: 1800000 }
+ });
+
+ init_session(req, res, next);
+ }
+}
+
+// Conditionally load passport.session(). REST API endpoints using OAuth tokens do not get sessions.
+var conditionalPassportSession = function (req, res, next) {
+ // REST API endpoints start with "/api" in their path.
+ if ((/^\/api/i).test(req.path)) {
+ next();
+ } else {
+ // Instead of doing app.use(passport.session())
+ var init_passportSessions = passport.session();
+
+ init_passportSessions(req, res, next);
+ }
+}
+
+// flash() requires sessions, so it has to be loaded conditionally.
+var conditionalFlash = function (req, res, next) {
+ // REST API endpoints start with "/api" in their path.
+ if ((/^\/api/i).test(req.path)) {
+ next();
+ } else {
+ // Instead of doing app.use(flash())
+ var init_flash = flash();
+
+ init_flash(req, res, next);
+ }
+}
app.configure(function () {
"use strict";
@@ -245,25 +289,23 @@ app.configure(function () {
app.use(express.compress());
// Add a basic view engine that will render files from "views" directory.
app.set('view engine', 'ejs');
+
// TODO - This outputs access logs like apache2 and some other user things.
//http://stackoverflow.com/questions/13516898/disable-csrf-validation-for-some-requests-on-express
//http://stackoverflow.com/questions/9348505/avoiding-image-logging-in-express-js/9351428#9351428
//app.use(express.logger());
+
app.use(express.cookieParser());
app.use(express.bodyParser());
-// TODO - Need to conditionally load session here. REST API using OAuth tokens, not sessions.
-// so not all route endpoints should require sessions.
-// Something like this:
-//http://stackoverflow.com/questions/9348505/avoiding-image-logging-in-express-js/9351428#9351428
-//http://stackoverflow.com/questions/13516898/disable-csrf-validation-for-some-requests-on-express
-
- // See cookie stopm above for more details.
- app.use(express.session({ store: sessionStore, secret: '.T#T@r5EkPM*N@C%9K-iPW!+T', cookie: { path: '/', httpOnly: true, secure: true, maxAge: 1800000 } }));
-
+ // Conditionally load session packages. Based off these examples:
+ // http://stackoverflow.com/questions/9348505/avoiding-image-logging-in-express-js/9351428#9351428
+ // http://stackoverflow.com/questions/13516898/disable-csrf-validation-for-some-requests-on-express
+ app.use(conditionalExpressSession);
app.use(passport.initialize());
- app.use(passport.session());
- app.use(flash());
+ app.use(conditionalPassportSession);
+ app.use(conditionalFlash);
+
app.use(app.router);
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

0 comments on commit a8aa82a

Please sign in to comment.