From 9d8f33014ac8f69f315ac4b801380c76e80efdbd Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 3 Dec 2021 10:30:57 +0100
Subject: [PATCH 1/2] Exclude /status, /metrics from session middleware

Because of seemingly undocumented changes in passport 0.5.0,
passport now crashes on requests to paths without session data.

This removes the session middleware from /status and /metrics, which are
 excluded from sessions since 90c5ab08332cf57bc43022c90b0d93bd9c1a9cc7.

 Fixes https://github.com/hedgedoc/container/issues/270

Signed-off-by: David Mehren <git@herrmehren.de>
---
 app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.js b/app.js
index 878c85729..b4451f951 100644
--- a/app.js
+++ b/app.js
@@ -175,7 +175,7 @@ app.use(flash())
 
 // passport
 app.use(passport.initialize())
-app.use(passport.session())
+app.use(useUnless(['/status', '/metrics'], passport.session()))
 
 // check uri is valid before going further
 app.use(require('./lib/web/middleware/checkURIValid'))

From 1baf7db9146b99029bc1f736a601ef8b02eaafda Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 3 Dec 2021 10:35:01 +0100
Subject: [PATCH 2/2] Add changelog entry

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/docs/release-notes.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index f410b32bf..ed7ac20a2 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -1,5 +1,11 @@
 # Release Notes
 
+## <i class="fa fa-tag"></i> Unreleased
+
+### Bugfixes
+
+- Fix error in the session handler when requesting `/metrics` or `/status`
+
 ## <i class="fa fa-tag"></i> 1.9.1 <i class="fa fa-calendar-o"></i> 2021-12-02
 
 This release increases the minimum required Node versions to `12.20.0`, `14.13.1` and `16`.