session: add SessionConfig interface and refactor usage in Yjs service

apps/app/src/interfaces/session-config.ts

@@ -0,0 +1,12 @@
+export interface SessionConfig {
+  rolling: boolean;
+  secret: string;
+  resave: boolean;
+  saveUninitialized: boolean;
+  cookie: {
+    maxAge: number;
+  };
+  genid: (req: { path: string }) => string;
+  name?: string;
+  store?: unknown;
+}

apps/app/src/server/crowi/index.ts

@@ -14,6 +14,7 @@ import { initializeOpenaiService } from '~/features/openai/server/services/opena
 import { checkPageBulkExportJobInProgressCronService } from '~/features/page-bulk-export/server/service/check-page-bulk-export-job-in-progress-cron';
 import instanciatePageBulkExportJobCleanUpCronService from '~/features/page-bulk-export/server/service/page-bulk-export-job-clean-up-cron';
 import instanciatePageBulkExportJobCronService from '~/features/page-bulk-export/server/service/page-bulk-export-job-cron';
+import type { SessionConfig } from '~/interfaces/session-config';
 import { startCron as startAccessTokenCron } from '~/server/service/access-token';
 import { projectRoot } from '~/server/util/project-dir-utils';
 import { getGrowiVersion } from '~/utils/growi-version';
@@ -84,19 +85,6 @@ type CommentServiceType = any;
 type SyncPageStatusServiceType = any;
 type CrowiDevType = any;
 
-interface SessionConfig {
-  rolling: boolean;
-  secret: string;
-  resave: boolean;
-  saveUninitialized: boolean;
-  cookie: {
-    maxAge: number;
-  };
-  genid: (req: { path: string }) => string;
-  name?: string;
-  store?: unknown;
-}
-
 interface CrowiEvents {
   user: UserEvent;
   page: PageEventType;

apps/app/src/server/service/yjs/upgrade-handler.ts

@@ -6,29 +6,21 @@ import mongoose from 'mongoose';
 import passport from 'passport';
 import type { Duplex } from 'stream';
 
+import type { SessionConfig } from '~/interfaces/session-config';
 import loggerFactory from '~/utils/logger';
 
 import type { PageModel } from '../../models/page';
 
 const logger = loggerFactory('growi:service:yjs:upgrade-handler');
 
-type SessionConfig = {
-  rolling: boolean;
-  secret: string;
-  resave: boolean;
-  saveUninitialized: boolean;
-  cookie: { maxAge: number };
-  genid: (req: { path: string }) => string;
-  name?: string;
-  store?: unknown;
-};
-
 type AuthenticatedRequest = IncomingMessage & {
   user?: IUserHasId;
 };
 
 /**
- * Run an Express-style middleware against a raw IncomingMessage
+ * Run an Express-style middleware against a raw IncomingMessage.
+ * Safe for express-session, passport.initialize(), and passport.session() which
+ * only read/write `req` properties and call `next()` — they never write to `res`.
  */
 const runMiddleware = (
   middleware: RequestHandler,

apps/app/src/server/service/yjs/yjs.ts

@@ -6,6 +6,7 @@ import { WebSocketServer } from 'ws';
 import type { WSSharedDoc } from 'y-websocket/bin/utils';
 import { docs, setPersistence, setupWSConnection } from 'y-websocket/bin/utils';
 
+import type { SessionConfig } from '~/interfaces/session-config';
 import type { SyncLatestRevisionBody } from '~/interfaces/yjs';
 import loggerFactory from '~/utils/logger';
 
@@ -32,17 +33,6 @@ export interface IYjsService {
   getCurrentYdoc(pageId: string): WSSharedDoc | undefined;
 }
 
-type SessionConfig = {
-  rolling: boolean;
-  secret: string;
-  resave: boolean;
-  saveUninitialized: boolean;
-  cookie: { maxAge: number };
-  genid: (req: { path: string }) => string;
-  name?: string;
-  store?: unknown;
-};
-
 class YjsService implements IYjsService {
   private mdb: MongodbPersistence;