fastify/help

setNotFoundHandler does not include session variable in request object

Opened this issue · 7 comments

💬 Question here

Normally all request objects include the session variables if a user is logged in. However setNotFoundHandler does not making my display, which normally shows the user's avatar if logged in or a login button if not, always show the login button. How do I get the session variables when using setNotFoundHandler or is there an alternative approach to catch all invalid routes that will return session variables?

app.setNotFoundHandler(async (request, reply) => {
	const pageInfo = {
		title: 'Page Not Found',
		role: 'guest'
	}
	console.log({ pageInfoUser: request.user })
	if (request.user) {
		pageInfo.role = request.user.role
		pageInfo.user = request.user.email
	}
	pageInfo.errorImage = '/img/errors/404-error.svg'
	pageInfo.errorMessage = 'This is not the page you\'re looking for.'
	reply.code(404)
	reply.header('Content-Type', 'text/html; charset=utf-8')
	reply.type('text/html')
	reply.send(await generatePage(pageInfo, 'error.html'))
})

In this case console.log({ pageInfoUser: request.user }) returns undefined even when logged in whereas every other route displays the user session variable when logged in.

Your Environment

  • node version: 22.3.0
  • fastify version: 4.28.1
  • @fastify/secure-session version: 7.5.1
  • os: Windows

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.

@mcollina I'm using Fastify Secure Session with Google OAuth, can you tell me how to include it in a demo without Google OAuth handling the logins? If there's no quick demo of that I will look at Secure Session docs and try to come up with a limited use of it to replicate the conditions.

If it's not related to google, use another provider. The likely outcome is that there is an issue in how you encapsulated your plugins.

No, I was able to reproduce it with just a regular old login:

https://github.com/clubside/fastify-setnotfoundhandler

You are using @fastify/static which registered a for handle all URL by default.

Your repro shows that the @fastify/static is out of the scope of your @fastify/secure-session. So, it does not handle any session for you.

The fix would be as simple as place it inside your other plugin.
or
Use wildcard: false which gives the handle to your 404 handler directly.

I appreciate the extra information @climba03003 I was told to place static outside to prevent the session being read for every static file which I don't want. I tried setting wildcard to false and the app will not run Error: Method 'GET' already declared for route '/' with constraints '{}'. Is there a glob pattern that would work just for routes (as in things with no file extension)?

You should provide more context on how you structure your application.
In the repro you provided, setting wildcard: false should be fine.