search

Polymer / prpl-server

⚠️Maintenance mode⚠️ An HTTP server for Node designed to serve PRPL apps in production.
Other
425 stars 29 forks source link

Where should I place express-session in the chain? #66

Closed mercmobily closed 5 years ago

mercmobily commented 6 years ago

Hi,

I am starting a new project, and I am using express-session for the first time. At the moment, I am doing app.use() like so:

// PART ONE: SET THE SESSION

// Make up the session
app.use(session({
  key: 'proj',
  secret: '(deleted)',
  store: sessionStore,
  resave: false,
  saveUninitialized: false
}))

// PART 2: SET SOME API ENTRY POINTS

// This WILL set routes. Assume: /cargos
var cargos = require('./stores/Cargos.js')
cargos.protocolListenHTTP({app: app})

PART 3: PRPL-SERVER

app.get('/*', prpl.makeHandler('./public/build', {
  builds: [
    { name: 'es6-unbundled', browserCapabilities: ['es2015', 'push'] },
    { name: 'es6-bundled', browserCapabilities: ['es2015'] },
    { name: 'es5-bundled' }
  ]
}))

}

The problem with this approach is that the session is created for each served file. In a conventional server, I would put the middleware for the session after the serving of static files. However, here node-prpl-server is dealing with static files -- and is in fact always serving something, effectively.

Now:

A possible "solution" I worked out is this:

// PART 1: PRPL-SERVER *EXCEPT* /stores

app.get('/*', (req, res, done) => 
  if (req.url.startsWith('/stores/')) return next(null)
  prpl.makeHandler('./public/build', {
  builds: [
    { name: 'es6-unbundled', browserCapabilities: ['es2015', 'push'] },
    { name: 'es6-bundled', browserCapabilities: ['es2015'] },
    { name: 'es5-bundled' }
  ]
}))

// PART 2: SET THE SESSION

// Make up the session
app.use(session({
  key: 'proj',
  secret: '(deleted)',
  store: sessionStore,
  resave: false,
  saveUninitialized: false
}))

// PART 3: SET SOME API ENTRY POINTS

// This WILL set routes. Assume: /stores/cargos
var cargos = require('./stores/Cargos.js')
cargos.protocolListenHTTP({app: app})

Basically, I am leaving /stores/* out of the node-prpl equation.

Questions:

1) Is this a sane way to go about it? 1a) I could probably place the conditional around app.use(session({

2) Right now, every time a user logs in, the app greys out until an ajax call is completed and the user's config is retrieved. This is not ideal: it means that the user is greeted with a "loading" message (while the app retrieves the user config) plus all of the error management relating to this.

I was thinking of serialising the user's configuration within the served index page served by node-prpl. Is that advisable and indeed feasible? OR should index.html never change?

mercmobily commented 5 years ago

I asked this more than 1 year ago... I did end up doing this: if (req.url.startsWith('/stores/')) return next(null) but it feels terrible. Plus, /stores/ is not even the only one that gets filtered...

What's a sane way to deal with this?

mercmobily commented 5 years ago

I cannot reproduce this problem with the latest session. Closing for now.