Set up initial pass at sails.config.session.routesDisabled.

lib/hooks/http/get-configured-http-middleware-fns.js

@@ -5,6 +5,7 @@
 var Path = require('path');
 var util = require('util');
 var _ = require('lodash');
+var pathToRegexp = require('path-to-regexp');
 
 
 
@@ -75,6 +76,29 @@ module.exports = function getBuiltInHttpMiddleware (expressRouterMiddleware, sai
           return undefined;
         }
         return function (req, res, next){
+
+          // If configured to do so (i.e. there is at least one entry in the `sails.hooks.session.routesDisabled` blacklist)
+          // then check this request against each entry in the blacklist and skip running session middleware if this is a match.
+          var isSessionDisabled = _.any(sails.hooks.session.routesDisabled, function (disabledRouteInfo){
+
+            // Figure out if the request's method matches.
+            var isMethodExactMatch = req.method === disabledRouteInfo.method;
+            var isMethodImplicitMatch = disabledRouteInfo.method === '' && _.contains(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], req.method);
+            // If not, then skip this disabled route- it's not a match.
+            if (!isMethodExactMatch && !isMethodImplicitMatch && disabledRouteInfo.method === '*') {
+              return;
+            }
+
+            // Then figure out if the request's url path matches.
+            var isUrlPathMatch = req.path.match(disabledRouteInfo.urlPatternRegExp);
+            return isUrlPathMatch;
+          });//</_.any()>
+
+          // If the session is disabled, then skip running the middleware.
+          if (isSessionDisabled) {
+            return next();
+          }
+
           configuredSessionMiddleware(req,res,function (err) {
             if (!err) {
               return next();

lib/hooks/session/index.js

@@ -25,7 +25,7 @@ module.exports = function(app) {
 
   var getSession = function(sessionId, errorMessage, cb) {
     app.config.session.store.get(sessionId, function (err, session) {
-      if (err) return cb(err);
+      if (err) { return cb(err); }
       if (!session) {
         return cb((function _createError(){
           var e = new Error(errorMessage);
@@ -43,7 +43,8 @@ module.exports = function(app) {
     defaults: {
       session: {
         adapter: 'memory',
-        key: 'sails.sid'
+        key: 'sails.sid',
+        routesDisabled: []
       }
     },
 
@@ -94,6 +95,15 @@ module.exports = function(app) {
         throw new Error('If provided, sails.config.session.secret should be a string.');
       }
 
+
+      // Validate `routesDisabled`, if specified.
+      if (app.config.session.routesDisabled && !_.isArray(app.config.session.routesDisabled)) {
+        throw new Error('Invalid `sails.config.session.routesDisabled` configuration!\n' +
+          '(must be an array of route address strings)'
+        );
+      }
+
+
       // Backwards-compatibility / shorthand notation
       // (allow mongo or redis session stores to be specified directly)
       if (app.config.session.adapter === 'redis') {
@@ -105,14 +115,61 @@ module.exports = function(app) {
     },
 
     /**
-     * Create a connection to the configured session store
-     * and keep it around
+     * initialize() is run when the session hook is loaded.
+     *
+     * (Its primary responsibility is to create a session store instance
+     *  and keep it around.)
      *
      * @api private
      */
     initialize: function(cb) {
       var sessionConfig = app.config.session;
 
+      // Build `sails.hooks.session.routesDisabled`.
+      // (only salient if `sails.config.session.routesDisabled` was specified)
+      try {
+
+        app.hooks.session.routesDisabled = _.reduce(sessionConfig.routesDisabled || [], function (memo, routeAddressStr){
+
+          // Validate and parse route address.
+          if (!_.isString(routeAddressStr)){
+            throw new Error('Cannot parse route address (`'+routeAddressStr+'`). Must be a string.');
+          }
+          var addrPieces = routeAddressStr.split(/\s/);
+
+          var method;
+          var urlPattern;
+          if (addrPieces.length === 1) {
+            method = '';
+            urlPattern = addrPieces[0];
+          }
+          else if (addrPieces.length === 2) {
+            method = addrPieces[0];
+            urlPattern = addrPieces[1];
+          }
+          else {
+            throw new Error('Cannot parse route address (`'+routeAddressStr+'`). When split on whitespace, there are either too many or too few pieces (`'+addrPieces.length+'`).');
+          }
+
+          // Generate a regular expression from the URL pattern string.
+          var urlPatternRegExp = pathToRegexp(urlPattern, []);
+
+          memo.push({
+            method: method,
+            urlPatternRegExp: urlPatternRegExp
+          });
+          return memo;
+        }, []);//</_.reduce()>
+
+      } catch (e) {
+        return cb(
+          new Error('Failed to parse one of the route addresses provided in `sails.config.session.routesDisabled`.\n'+
+          'If specified, this config must be an array of normal route address strings.\n'+
+          'Error details:'+e.stack)
+        );
+      }
+
+
       // Intepret session adapter config and "new up" a session store
       if (_.isObject(sessionConfig) && !_.isObject(sessionConfig.store)) {
 

package.json

@@ -77,7 +77,7 @@
     "mock-req": "0.2.0",
     "mock-res": "0.3.0",
     "parseurl": "1.3.1",
-    "path-to-regexp": "1.2.1",
+    "path-to-regexp": "1.5.3",
     "pluralize": "1.2.1",
     "prompt": "0.2.14",
     "rc": "1.0.1",