Rebase against expressjs/session #1
Conversation
Co-authored-by: Ulises Gascón <[email protected]>
PR-URL: expressjs#998
|
This is straightforward to review, LGTM! 🎉 Here is how I reviewed the diff: $ git clone https://github.com/gristlabs/session
$ cd session/
$ git remote add upstream https://github.com/expressjs/session
$ git fetch upstream
$ gh repo set-default
$
This command sets the default remote repository to use when querying the
GitHub API for the locally cloned repository.
gh uses the default repository for things like:
- viewing and creating pull requests
- viewing and creating issues
- viewing and creating releases
- working with GitHub Actions
- adding repository and environment secrets
? Which repository should be the default? gristlabs/session
✓ Set gristlabs/session as the default repository for the current directory
$ gh pr checkout 1 # This is the number of the current PR.
$ git diff v1.18.1 # This is the tag of the release on which @hexaltation is based onYou get this diff: diff --git a/index.js b/index.js
index d41b237..e981623 100644
--- a/index.js
+++ b/index.js
@@ -99,6 +99,9 @@ function session(options) {
// get the session store
var store = opts.store || new MemoryStore()
+ // get the request-aware domain
+ var requestDomain = opts.requestDomain
+
// get the trust proxy setting
var trustProxy = opts.proxy
@@ -160,6 +163,10 @@ function session(options) {
req.session = new Session(req);
req.session.cookie = new Cookie(cookieOptions);
+ if (requestDomain) {
+ req.session.cookie.domain = requestDomain(req);
+ }
+
if (cookieOptions.secure === 'auto') {
req.session.cookie.secure = issecure(req, trustProxy);
}
diff --git a/package.json b/package.json
index e332243..cff0783 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
{
- "name": "express-session",
+ "name": "@gristlabs/express-session",
"version": "1.18.1",
"description": "Simple session middleware for Express",
"author": "TJ Holowaychuk <[email protected]> (http://tjholowaychuk.com)",
@@ -7,7 +7,7 @@
"Douglas Christopher Wilson <[email protected]>",
"Joe Wagner <[email protected]>"
],
- "repository": "expressjs/session",
+ "repository": "gristlabs/session",
"license": "MIT",
"dependencies": {
"cookie": "0.7.2",The above diff corresponds exactly to the 2 commits made by @paulfitz on this branch : |
|
Thanks for this @hexaltation, and thanks for looking at it @fflorent. Do either of you know why an unresolved conflict is showing on package.json? |
|
hello @paulfitz , It seems it still persisting here while the package.json has modified in my commit is the on we want. P.S. the way I resolved the conflict is dirty as I kept |
|
@hexaltation are you willing to resolve the conflict listed at https://github.com/gristlabs/session/pull/1/conflicts to make your work mergeable? Or do you have a different process in mind for landing it, such as simply replacing the content of the target branch with yours?
|
|
@paulfitz It's done :) |
|
Thanks @hexaltation ! Have you tried running this against Grist to confirm that Grist tests are still passing with it? I imagine the upstream code is pretty stable so I'd expect so. |
|
@paulfitz |
|
BTW, would it make sense to add a In case in the future we need to fix something in this fork without having to update the upstream version. |
It seems a pretty good idea. |
hexaltation
force-pushed
the
multi_domain
branch
from
739e442 to
bc8775b
Compare
In fact Corrected in c515e37 |
|
Hello @paulfitz, I've tested it locally in grist-core. If you agree that the errors aren't related so please merge and release a npm package. Steps to reproducebuild package $ npm pack --pack-destination ~Change target in Install and build $ yarn install
$ yarn startrun the tests yarn test:server
yarns test:gen-serverand I got the following errors that seems not related to this package:
***
(1) CoreAuditLogger "before each" hook for "streams installation events to a single destination"
TypeError: (0 , AuditLoggerUtils_1.ignoreConfigEvents) is not a function
at Context.<anonymous> (test/server/lib/CoreAuditLogger.ts:49:23)
at processImmediate (node:internal/timers:491:21)
***
(2) GristAuditLogger logEventAsync logs audit events
TypeError: auditLogger.logEventAsync is not a function
at Context.<anonymous> (test/server/lib/GristAuditLogger.ts:67:21)
at processImmediate (node:internal/timers:491:21)
***
(3) GristAuditLogger logEventAsync throws on failure to log
TypeError: auditLogger.logEventAsync is not a function
at Context.<anonymous> (test/server/lib/GristAuditLogger.ts:83:21)
at processImmediate (node:internal/timers:491:21)
***
(4) GristAuditLogger logEventAsync throws if max pending requests exceeded
TypeError: auditLogger.logEventAsync is not a function
at Context.<anonymous> (test/server/lib/GristAuditLogger.ts:109:21)
at processImmediate (node:internal/timers:491:21)
***
(1) HealthCheck home "before all" hook for "has a working simple /status endpoint"
Error: TEST_REDIS_URL is expected
at Context.<anonymous> (test/gen-server/lib/HealthCheck.ts:22:17)
at processImmediate (node:internal/timers:491:21)
***
(2) HealthCheck home "after all" hook for "reports error when redis is unhealthy"
TypeError: Cannot read properties of undefined (reading 'stop')
at Context.<anonymous> (test/gen-server/lib/HealthCheck.ts:36:22)
at processImmediate (node:internal/timers:491:21)
***
(3) HealthCheck docs "before all" hook for "has a working simple /status endpoint"
Error: TEST_REDIS_URL is expected
at Context.<anonymous> (test/gen-server/lib/HealthCheck.ts:22:17)
at processImmediate (node:internal/timers:491:21)
***
(4) HealthCheck docs "after all" hook for "reports error when redis is unhealthy"
TypeError: Cannot read properties of undefined (reading 'stop')
at Context.<anonymous> (test/gen-server/lib/HealthCheck.ts:36:22)
at processImmediate (node:internal/timers:491:21) |
|
@hexaltation @gristlabs/[email protected] has been published. |
## Context Follow up of dependencies upgrade chore. #1368 gristlabs/session#1 has been merge and a new npm package @gristlabs/express-session:1.18.1-grist1 has been released. @gristlabs/express-session is a fork of [expressjs/express-session](https://github.com/expressjs/session) adding multi worker support. ## Proposed solution Bumps [@gristlabs/express-session](https://github.com/gristlabs/session/tree/multi_domain) from 1.17.0 to 1.18.1-grist1 - [Release notes](https://github.com/gristlabs/session/tree/multi_domain](https://github.com/expressjs/session/releases)) - [Commits](gristlabs/session@b22384b...68fdded) ## Has this been tested? - [x] 👍 yes, `yarn install && yarn start` locally
Context
While upgrading dependencies in gristlabs/grist-core#1368
yarn auditsignals a vulnerability in @gristlabs/session.The purpose of current PR is to fix that vulnerability by Upgrading this fork
which is the origin of https://www.npmjs.com/package/@gristlabs/express-session