Make session hook routesDisabled use Sails route address syntax

(this includes regex routes)

ROADMAP.md

@@ -71,7 +71,7 @@ This section is an early list of some of the features, enhancements, and other i
 <a name="upgrade-to-express-5"></a>
 + **Upgrade to Express 5**
   + Move implementation of `req.param()` from Express core into Sails core
-  + Improve error handling and simplify Sails' `res.view()` 
+  + Improve error handling and simplify Sails' `res.view()`
   + ✓ ~~For performance reasons, on-lift view stat-ing will still be used to build handlers for `{view: 'foo'}` route target syntax.~~
   + Use standalone Express router in virtual request interpreter, but continue using express core for handling HTTP requests
   + **Possibly:** Expose context-free view rendering API (replace experimental sails.renderView() and internally, use [`app.render()`](https://expressjs.com/en/4x/api.html#app.render) or better yet, standalone module)
@@ -145,7 +145,7 @@ This section is an early list of some of the features, enhancements, and other i
   + https://github.com/treelinehq/machine-as-script/commits/master
 <a name="normalize-usage-of-routes-disabled-config-keys"></a>
 + **Normalize usage of `routesDisabled` config keys**
-  + Set up all route-disabling config keys (such as in sails.config.csrf and sails.config.session) to use the same route syntax (rather than disparate regexps vs. csv, etc)
+  + Now applies only to sails.config.session: use Sails [route address syntax](http://sailsjs.org/documentation/concepts/routes/custom-routes#?route-address)
 <a name="strip-out-deprecated-sockets-methods"></a>
 + ✓ ~~**Strip Out Deprecated Sockets Methods**
   + Remove the implementation of deprecated `sails.sockets.*` methods from Sails core.

lib/hooks/http/get-configured-http-middleware-fns.js

@@ -83,15 +83,16 @@ module.exports = function getBuiltInHttpMiddleware (expressRouterMiddleware, sai
 
             // Figure out if the request's method matches.
             var isMethodExactMatch = req.method === disabledRouteInfo.method;
-            var isMethodImplicitMatch = disabledRouteInfo.method === '' && _.contains(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], req.method);
+            var isMethodImplicitMatch = disabledRouteInfo.method === 'ALL' || (disabledRouteInfo.method === '' && _.contains(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], req.method));
             // If not, then skip this disabled route- it's not a match.
-            if (!isMethodExactMatch && !isMethodImplicitMatch && disabledRouteInfo.method === '*') {
+            if (!isMethodExactMatch && !isMethodImplicitMatch) {
               return;
             }
 
             // Then figure out if the request's url path matches.
             var isUrlPathMatch = req.path.match(disabledRouteInfo.urlPatternRegExp);
             return isUrlPathMatch;
+
           });//</_.any()>
 
           // If the session is disabled, then skip running the middleware.

lib/hooks/session/index.js

@@ -128,6 +128,8 @@ module.exports = function(app) {
       // Build `sails.hooks.session.routesDisabled`.
       // (only salient if `sails.config.session.routesDisabled` was specified)
       try {
+        // Regex to check if the route is...a regex.
+        var regExRoute = /^r\|(.*)\|(.*)$/;
 
         app.hooks.session.routesDisabled = _.reduce(sessionConfig.routesDisabled || [], function (memo, routeAddressStr){
 
@@ -152,7 +154,19 @@ module.exports = function(app) {
           }
 
           // Generate a regular expression from the URL pattern string.
-          var urlPatternRegExp = pathToRegexp(urlPattern, []);
+          var urlPatternRegExp;
+
+
+          // Perform the check
+          var matches = urlPattern.match(regExRoute);
+
+          // If it *is* a regex, create a RegExp object that Express can bind,
+          // pull out the params, and wrap the handler in regexRouteWrapper
+          if (matches) {
+            urlPatternRegExp = new RegExp(matches[1]);
+          } else {
+            urlPatternRegExp = pathToRegexp(urlPattern, []);
+          }
 
           memo.push({
             method: method,

test/integration/middleware.session.test.js

@@ -133,30 +133,34 @@ describe('middleware :: ', function() {
             log: {level: 'silent'},
             session: {
               secret: 'abc123',
-              routesDisabled: ['/test', '/foo/:id/bar/']
+              routesDisabled: ['/test', '/foo/:id/bar/', 'POST /bar', 'ALL /baz', 'GET r|^[^?]*/[^?/]+\\.[^?/]+(\\?.*)?$|']
             },
             hooks: {grunt: false},
             routes: {
               '/test': function(req, res) {
-                if (_.isUndefined(req.session)) {
-                  return res.send(200);
-                }
-                res.send(500);
+                return res.status(200).send();
+              },
+              '/bar': function(req, res) {
+                return res.status(200).send();
+              },
+              '/baz': function(req, res) {
+                return res.status(200).send();
               },
               '/foo/123/bar': function(req, res) {
-                if (_.isUndefined(req.session)) {
-                  return res.send(200);
-                }
-                res.send(500);
+                return res.status(200).send();
+              },
+              '/sails.io.js': function(req, res) {
+                return res.status(200).send();
               }
 
+
             }
           }, done);
         });
 
-        describe('static path', function() {
+        describe('static path (blank verb)', function() {
 
-          it('there should be no `set-cookie` header in the response', function(done) {
+          it('there should be no `set-cookie` header in the response when requesting via GET', function(done) {
 
             request(
               {
@@ -171,6 +175,89 @@ describe('middleware :: ', function() {
             );
           });
 
+          it('there should be no `set-cookie` header in the response when requesting via HEAD', function(done) {
+
+            request(
+              {
+                method: 'HEAD',
+                uri: 'http://localhost:1535/test',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(response.headers['set-cookie']);
+                return done();
+              }
+            );
+          });
+
+        });
+
+
+        describe('static path (ALL verb)', function() {
+
+          it('there should be no `set-cookie` header in the response when requesting via GET', function(done) {
+
+            request(
+              {
+                method: 'GET',
+                uri: 'http://localhost:1535/baz',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(_.isUndefined(response.headers['set-cookie']));
+                return done();
+              }
+            );
+          });
+
+          it('there should be no `set-cookie` header in the response when requesting via HEAD', function(done) {
+
+            request(
+              {
+                method: 'HEAD',
+                uri: 'http://localhost:1535/baz',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(_.isUndefined(response.headers['set-cookie']));
+                return done();
+              }
+            );
+          });
+        });
+
+        describe('static path (POST only)', function() {
+
+          it('there should be no `set-cookie` header in the response when requesting via POST', function(done) {
+
+            request(
+              {
+                method: 'POST',
+                uri: 'http://localhost:1535/bar',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(_.isUndefined(response.headers['set-cookie']));
+                return done();
+              }
+            );
+          });
+
+          it('there SHOULD be a `set-cookie` header in the response when requesting via GET', function(done) {
+
+            request(
+              {
+                method: 'GET',
+                uri: 'http://localhost:1535/bar',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(response.headers['set-cookie']);
+                return done();
+              }
+            );
+          });
+
         });
 
         describe('dynamic path', function() {
@@ -192,6 +279,25 @@ describe('middleware :: ', function() {
 
         });
 
+        describe('regex path', function() {
+
+          it('there should be no `set-cookie` header in the response', function(done) {
+
+            request(
+              {
+                method: 'GET',
+                uri: 'http://localhost:1535/sails.io.js',
+              },
+              function(err, response, body) {
+                assert.equal(response.statusCode, 200);
+                assert(_.isUndefined(response.headers['set-cookie']));
+                return done();
+              }
+            );
+          });
+
+        });
+
         after(function(done) {
           return app.lower(done);
         });
@@ -287,9 +393,9 @@ describe('middleware :: ', function() {
             routes: {
               '/test': function(req, res) {
                 if (_.isUndefined(req.session)) {
-                  return res.send(200);
+                  return res.status(200).send();
                 }
-                res.send(500);
+                return res.status(500).send();
               }
             }
           }, done);