refactor(service): users/auth: remove unnecessary express session middleware; mage does not require a session cookie

Author: restjohn

service/src/express.js

@@ -29,9 +29,6 @@ app.use(function(req, res, next) {
   return next();
 });
 
-const secret = crypto.randomBytes(64).toString('hex');
-app.use(session({ secret }));
-
 app.set('config', config);
 app.enable('trust proxy');
 
@@ -44,7 +41,6 @@ app.use(
     express.urlencoded( { ...jsonOptions, extended: true }));
 
 app.use(passport.initialize());
-app.use(passport.session());
 app.get('/api/docs/openapi.yaml', async function(req, res) {
   const docPath = path.resolve(__dirname, 'docs', 'openapi.yaml');
   fs.readFile(docPath, (err, contents) => {

service/src/ingress/ingress.main.ts

@@ -68,20 +68,6 @@ export async function initializeIngress(
   provisioning: provision.ProvisionStatic,
   passport: passport.Authenticator,
 ): Promise<express.Router> {
-  // TODO: users-next: these serialization functions are probably no longer necessary
-  passport.serializeUser((user, done) => done(null, user.id))
-  passport.deserializeUser(async (id, done) => {
-    try {
-      const user = await userRepo.findById(String(id))
-      done(null, user)
-    }
-    catch (err) {
-      done(err)
-    }
-  })
-  const routes = express.Router()
-  registerAuthenticatedBearerTokenHandling(passport, sessionRepo, userRepo)
-  return routes
 }
 
 /**