Removed express-sessions

2025-04-01 20:24:18 +02:00 · 2020-04-06 21:44:53 +02:00 · 2020-04-06 21:44:53 +02:00 · 81db237b48
commit 81db237b48
parent 4c2c617b96
3 changed files with 3 additions and 39 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -22,7 +22,6 @@ const express = require('express')
 const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const cookieParser = require('cookie-parser')
-const session = require('express-session')
 const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const fs = require('fs')
 const app = express()
@ -70,29 +69,8 @@ function CreateDB () {
 }
 CreateDB()

-// TODO: https and testing
-// var app = express()
-// var sess = {
-//   secret: 'keyboard cat',
-//   cookie: {}
-// }
-//
-// if (app.get('env') === 'production') {
-//   app.set('trust proxy', 1) // trust first proxy
-//   sess.cookie.secure = true // serve secure cookies
-// }
-//
-// app.use(session(sess))
-
 const cookieSecret = uuidv4()
-app.use(session({
-  secret: cookieSecret,
-  resave: false,
-  saveUninitialized: true
-}))
-app.use(cookieParser({
-  secret: cookieSecret
-}))
+app.use(cookieParser(cookieSecret))
 app.use(bodyParser.urlencoded({
  limit: '10mb',
  extended: true
@ -157,10 +135,6 @@ app.post('/login', (req, res) => {
  if (user) {
    const sessionID = uuidv4()

-    // Setting session
-    req.session.user = user
-    req.session.sessionID = sessionID
-
    // FIXME: Users now can only log in in one session, this might be too strict.
    const existingSessions = dbtools.Select(authDB, 'sessions', {
      userID: user.id
@ -207,12 +181,6 @@ app.post('/login', (req, res) => {
 app.post('/logout', (req, res) => {
  logger.LogReq(req)
  const sessionID = req.cookies.sessionID
-  const userID = req.session.user.id
-
-  // destroying session
-  req.session.destroy(function () {
-    logger.Log(`User ${userID} logout`, logger.GetColor('cyan'))
-  })

  // removing session from db
  dbtools.Delete(authDB, 'sessions', {
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@ -10,7 +10,7 @@ module.exports = function (options) {
  const { authDB } = options

  return function (req, res, next) {
-    const sessionID = req.cookies.sessionID || req.session.id
+    const sessionID = req.cookies.sessionID
    const isException = exceptions.some((exc) => {
      return req.url === exc
    })
@ -21,8 +21,7 @@ module.exports = function (options) {
      return
    }

-    const user = req.session.user || GetUserBySessionID(authDB, sessionID, req)
-    console.log(req.session)
+    const user = GetUserBySessionID(authDB, sessionID, req)

    // update 'sessiosn' table 'lastAccess' stuff
    if (sessionID) {
@ -70,8 +69,6 @@ function GetUserBySessionID (db, sessionID, req) {
  })[0]

  if (user) {
-    req.session.user = user
-    req.session.id = sessionID
    return user
  }
 }
--- a/package.json
+++ b/package.json
@ -9,7 +9,6 @@
    "ejs": "^1.0.0",
    "express": "^4.6.1",
    "express-ejs-layouts": "^1.1.0",
-    "express-session": "^1.17.0",
    "sqlite3": "^4.1.1",
    "uuid": "^7.0.3",
    "vhost": "^3.0.2"