chore: use express session upstream

2026-01-23 02:35:34 +00:00 · 2025-08-01 22:27:55 +02:00 · 2025-08-01 22:27:55 +02:00 · ed3976afaa
commit ed3976afaa
parent c180f55261
4 changed files with 32 additions and 8 deletions
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -288,9 +288,15 @@ importers:
      '@types/async':
        specifier: ^3.2.24
        version: 3.2.24
+      '@types/cookie-parser':
+        specifier: ^1.4.9
+        version: 1.4.9(@types/express@4.17.21)
      '@types/express':
        specifier: ^4.17.21
        version: 4.17.21
+      '@types/express-session':
+        specifier: ^1.18.2
+        version: 1.18.2
      '@types/formidable':
        specifier: ^3.4.5
        version: 3.4.5
@ -1751,6 +1757,11 @@ packages:
  '@types/content-disposition@0.5.9':
    resolution: {integrity: sha512-8uYXI3Gw35MhiVYhG3s295oihrxRyytcRHjSjqnqZVDDy/xcGBRny7+Xj1Wgfhv5QzRtN2hB2dVRBUX9XW3UcQ==}

+  '@types/cookie-parser@1.4.9':
+    resolution: {integrity: sha512-tGZiZ2Gtc4m3wIdLkZ8mkj1T6CEHb35+VApbL2T14Dew8HA7c+04dmKqsKRNC+8RJPm16JEK0tFSwdZqubfc4g==}
+    peerDependencies:
+      '@types/express': '*'
+
  '@types/cookiejar@2.1.5':
    resolution: {integrity: sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==}

@ -1775,6 +1786,9 @@ packages:
  '@types/express-serve-static-core@4.19.6':
    resolution: {integrity: sha512-N4LZ2xG7DatVqhCZzOGb1Yi5lMbXSZcmdLDe9EzSndPV2HpWYWzRbaerl2n27irrm94EPpprqa8KpskPT085+A==}

+  '@types/express-session@1.18.2':
+    resolution: {integrity: sha512-k+I0BxwVXsnEU2hV77cCobC08kIsn4y44C3gC0b46uxZVMaXA04lSPgRLR/bSL2w0t0ShJiG8o4jPzRG/nscFg==}
+
  '@types/express@4.17.21':
    resolution: {integrity: sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==}

@ -6414,6 +6428,10 @@ snapshots:

  '@types/content-disposition@0.5.9': {}

+  '@types/cookie-parser@1.4.9(@types/express@4.17.21)':
+    dependencies:
+      '@types/express': 4.17.21
+
  '@types/cookiejar@2.1.5': {}

  '@types/cookies@0.9.1':
@ -6444,6 +6462,10 @@ snapshots:
      '@types/range-parser': 1.2.7
      '@types/send': 0.17.4

+  '@types/express-session@1.18.2':
+    dependencies:
+      '@types/express': 4.17.21
+
  '@types/express@4.17.21':
    dependencies:
      '@types/body-parser': 1.19.5
--- a/src/node/db/SessionStore.ts
+++ b/src/node/db/SessionStore.ts
@ -1,4 +1,5 @@
-'use strict';
+// @ts-nocheck
+

 const DB = require('./DB');
 import expressSession from 'express-session'
@ -20,7 +21,7 @@ class SessionStore extends expressSession.Store {
   *     Etherpad is restarted. Use `null` to prevent `touch()` from ever updating the record.
   *     Ignored if the cookie does not expire.
   */
-  constructor(refresh = null) {
+  constructor(refresh: number | null = null) {
    super();
    this._refresh = refresh;
    // Maps session ID to an object with the following properties:
--- a/src/node/hooks/express.ts
+++ b/src/node/hooks/express.ts
@ -4,11 +4,10 @@ import {Socket} from "node:net";
 import type {MapArrayType} from "../types/MapType";

 import _ from 'underscore';
-// @ts-ignore
 import cookieParser from 'cookie-parser';
 import events from 'events';
 import express from 'express';
-import expressSession from 'express-session';
+import expressSession, {Store} from 'express-session';
 import fs from 'fs';
 const hooks = require('../../static/js/pluginfw/hooks');
 import log4js from 'log4js';
@ -23,7 +22,7 @@ import SecretRotator from '../security/SecretRotator';
 let secretRotator: SecretRotator|null = null;
 const logger = log4js.getLogger('http');
 let serverName:string;
-let sessionStore: { shutdown: () => void; } | null;
+let sessionStore: Store | null;
 const sockets:Set<Socket> = new Set();
 const socketsEvents = new events.EventEmitter();
 const startTime = stats.settableGauge('httpStartTime');
@ -58,6 +57,7 @@ const closeServer = async () => {
    startTime.setValue(0);
    logger.info('HTTP server closed');
  }
+  // @ts-ignore
  if (sessionStore) sessionStore.shutdown();
  sessionStore = null;
  if (secretRotator) secretRotator.stop();
@ -197,10 +197,9 @@ exports.restartServer = async () => {

  sessionStore = new SessionStore(settings.cookie.sessionRefreshInterval);
  exports.sessionMiddleware = expressSession({
-    propagateTouch: true,
    rolling: true,
    secret,
-    store: sessionStore,
+    store: sessionStore ?? undefined,
    resave: false,
    saveUninitialized: false,
    // Set the cookie name to a javascript identifier compatible string. Makes code handling it
--- a/src/package.json
+++ b/src/package.json
@ -30,7 +30,6 @@
    }
  ],
  "dependencies": {
-    "express-session": "^1.18.2",
    "async": "^3.2.6",
    "axios": "^1.10.0",
    "cookie-parser": "^1.4.7",
@ -40,6 +39,7 @@
    "esbuild": "^0.25.8",
    "express": "4.21.2",
    "express-rate-limit": "^8.0.0",
+    "express-session": "^1.18.2",
    "fast-deep-equal": "^3.1.3",
    "find-root": "1.1.0",
    "formidable": "^3.5.4",
@ -85,7 +85,9 @@
  "devDependencies": {
    "@playwright/test": "^1.54.1",
    "@types/async": "^3.2.24",
+    "@types/cookie-parser": "^1.4.9",
    "@types/express": "^4.17.21",
+    "@types/express-session": "^1.18.2",
    "@types/formidable": "^3.4.5",
    "@types/http-errors": "^2.0.5",
    "@types/jquery": "^3.5.32",