Move "routesDisabled" check into private session middleware

This way both HTTP and non-HTTP requests can enjoy the benefits of `routesDisabled`.  So many benefits.

lib/hooks/http/get-configured-http-middleware-fns.js

@@ -79,29 +79,6 @@ module.exports = function getBuiltInHttpMiddleware (expressRouterMiddleware, sai
 
         return function (req, res, next){
 
-          // If configured to do so (i.e. there is at least one entry in the `sails.hooks.session.routesDisabled` blacklist)
-          // then check this request against each entry in the blacklist and skip running session middleware if this is a match.
-          var isSessionDisabled = _.any(sails.hooks.session.routesDisabled, function (disabledRouteInfo){
-
-            // Figure out if the request's method matches.
-            var isMethodExactMatch = req.method === disabledRouteInfo.method;
-            var isMethodImplicitMatch = disabledRouteInfo.method === 'ALL' || (disabledRouteInfo.method === '' && _.contains(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], req.method));
-            // If not, then skip this disabled route- it's not a match.
-            if (!isMethodExactMatch && !isMethodImplicitMatch) {
-              return;
-            }
-
-            // Then figure out if the request's url path matches.
-            var isUrlPathMatch = req.path.match(disabledRouteInfo.urlPatternRegExp);
-            return isUrlPathMatch;
-
-          });//</_.any()>
-
-          // If the session is disabled, then skip running the middleware.
-          if (isSessionDisabled) {
-            return next();
-          }
-
           // --•
           // Run the session middleware.
           configuredSessionMiddleware(req,res,function (err) {

lib/hooks/session/index.js

@@ -268,7 +268,36 @@ module.exports = function(app) {
         resave: true,
         saveUninitialized: true
       }, app.config.session);
-      app._privateSessionMiddleware = require('express-session')(opts);
+
+      app._privateSessionMiddleware = function(req, res, next) {
+
+        // If configured to do so (i.e. there is at least one entry in the `sails.hooks.session.routesDisabled` blacklist)
+        // then check this request against each entry in the blacklist and skip running session middleware if this is a match.
+        var isSessionDisabled = _.any(app.hooks.session.routesDisabled, function (disabledRouteInfo){
+
+          // Figure out if the request's method matches.
+          var isMethodExactMatch = req.method === disabledRouteInfo.method;
+          var isMethodImplicitMatch = disabledRouteInfo.method === 'ALL' || (disabledRouteInfo.method === '' && _.contains(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], req.method));
+          // If not, then skip this disabled route- it's not a match.
+          if (!isMethodExactMatch && !isMethodImplicitMatch) {
+            return;
+          }
+
+          // Then figure out if the request's url path matches.
+          var isUrlPathMatch = req.path.match(disabledRouteInfo.urlPatternRegExp);
+          return isUrlPathMatch;
+
+        });//</_.any()>
+
+        // If the session is disabled, then skip running the middleware.
+        if (isSessionDisabled) {
+          return next();
+        }
+
+        // Run the express session middleware that actually sets up the session.
+        return require('express-session')(opts)(req, res, next);
+
+      };
 
       return cb();
     },

test/unit/req.session.test.js

@@ -52,60 +52,90 @@ describe('req.session', function (){
         res.send();
       });
 
+      app.get('/sails.io.js', function (req, res){
+        doesSessionExist = !!req.session;
+        res.send();
+      });
+
     });
 
-    it('should exist', function (done) {
-      app.request({
-        url: '/sessionTest',
-        method: 'POST',
-        params: {},
-        headers: {}
-      }, function (err, res, body){
-        if (err) return done(err);
-        if (res.statusCode !== 200) return done(new Error('Expected 200 status code'));
-        if (!doesSessionExist) return done(new Error('req.session should exist.'));
-        if (!isSessionAnObject) return done(new Error('req.session should be an object.'));
-        return done();
+    describe('with routes in the routesDisabled list', function() {
+
+      it('should not exist', function (done) {
+        app.request({
+          url: '/sails.io.js',
+          method: 'GET',
+          params: {},
+          headers: {}
+        }, function (err, res, body){
+          if (err) return done(err);
+          if (res.statusCode !== 200) return done(new Error('Expected 200 status code'));
+          if (doesSessionExist) return done(new Error('req.session should not exist.'));
+          if (res.headers['set-cookie']) return done(new Error('Should not have a `set-cookie` header in the response.'));
+          return done();
+        });
       });
+
     });
 
+    describe('with routes NOT in the routesDisabled list', function() {
+
+      it('should exist', function (done) {
+        app.request({
+          url: '/sessionTest',
+          method: 'POST',
+          params: {},
+          headers: {}
+        }, function (err, res, body){
+          if (err) return done(err);
+          if (res.statusCode !== 200) return done(new Error('Expected 200 status code'));
+          if (!doesSessionExist) return done(new Error('req.session should exist.'));
+          if (!isSessionAnObject) return done(new Error('req.session should be an object.'));
+          return done();
+        });
+      });
 
-    //
-    // To test:
-    //
-    // DEBUG=express-session mocha test/unit/req.session.test.js -b -g 'should persist'
-    //
-
-    it('should persist data between requests', function (done){
-      app.request({
-        url: '/sessionTest',
-        method: 'POST',
-        params: {},
-        headers: {}
-      }, function (err, clientRes, body){
-        if (err) return done(err);
-        if (clientRes.statusCode !== 200) return done(new Error('Expected 200 status code'));
-        if (!doesSessionExist) return done(new Error('req.session should exist.'));
-        if (!isSessionAnObject) return done(new Error('req.session should be an object.'));
 
+      //
+      // To test:
+      //
+      // DEBUG=express-session mocha test/unit/req.session.test.js -b -g 'should persist'
+      //
+
+      it('should persist data between requests', function (done){
         app.request({
           url: '/sessionTest',
-          method: 'GET',
+          method: 'POST',
           params: {},
-          headers: {
-            cookie: clientRes.headers['set-cookie']
-          }
+          headers: {}
         }, function (err, clientRes, body){
           if (err) return done(err);
           if (clientRes.statusCode !== 200) return done(new Error('Expected 200 status code'));
           if (!doesSessionExist) return done(new Error('req.session should exist.'));
           if (!isSessionAnObject) return done(new Error('req.session should be an object.'));
-          if (!doesTestPropertyStillExist) return done(new Error('`req.session.something` should still exist for subsequent requests.'));
-          return done();
+
+          app.request({
+            url: '/sessionTest',
+            method: 'GET',
+            params: {},
+            headers: {
+              cookie: clientRes.headers['set-cookie']
+            }
+          }, function (err, clientRes, body){
+            if (err) return done(err);
+            if (clientRes.statusCode !== 200) return done(new Error('Expected 200 status code'));
+            if (!doesSessionExist) return done(new Error('req.session should exist.'));
+            if (!isSessionAnObject) return done(new Error('req.session should be an object.'));
+            if (!doesTestPropertyStillExist) return done(new Error('`req.session.something` should still exist for subsequent requests.'));
+            return done();
+          });
         });
       });
+
     });
 
+
+
   });
 
   after(function (done) {