From 8ecef7b891cc26c2d021639b412a5e4b4f47a71e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 8 Oct 2020 13:56:50 -0400
Subject: [PATCH] refactor: middleware.assert.*

---
 src/middleware/assert.js   | 114 ++++++++++++++++++-------------------
 src/middleware/index.js    |   2 +-
 src/routes/write/files.js  |   4 +-
 src/routes/write/groups.js |   6 +-
 src/routes/write/posts.js  |  14 ++---
 src/routes/write/topics.js |  28 ++++-----
 src/routes/write/users.js  |  18 +++---
 7 files changed, 93 insertions(+), 93 deletions(-)

diff --git a/src/middleware/assert.js b/src/middleware/assert.js
index abb22cfd93..6ad369b4a3 100644
--- a/src/middleware/assert.js
+++ b/src/middleware/assert.js
@@ -19,60 +19,60 @@ const posts = require('../posts');
 const helpers = require('./helpers');
 const controllerHelpers = require('../controllers/helpers');
 
-module.exports = function (middleware) {
-	middleware.assertUser = helpers.try(async (req, res, next) => {
-		if (!await user.exists(req.params.uid)) {
-			return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-user]]'));
-		}
-
-		next();
-	});
-
-	middleware.assertGroup = helpers.try(async (req, res, next) => {
-		const name = await groups.getGroupNameByGroupSlug(req.params.slug);
-		if (!name || !await groups.exists(name)) {
-			return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-group]]'));
-		}
-
-		next();
-	});
-
-	middleware.assertTopic = helpers.try(async (req, res, next) => {
-		if (!await topics.exists(req.params.tid)) {
-			return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
-		}
-
-		next();
-	});
-
-	middleware.assertPost = helpers.try(async (req, res, next) => {
-		if (!await posts.exists(req.params.pid)) {
-			return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
-		}
-
-		next();
-	});
-
-	middleware.assertPath = helpers.try(async (req, res, next) => {
-		// file: URL support
-		if (req.body.path.startsWith('file:///')) {
-			req.body.path = new URL(req.body.path).pathname;
-		}
-
-		// Checks file exists and is within bounds of upload_path
-		const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
-		res.locals.cleanedPath = pathToFile;
-
-		if (!pathToFile.startsWith(nconf.get('upload_path'))) {
-			return controllerHelpers.formatApiResponse(403, res, new Error('[[error:invalid-path]]'));
-		}
-
-		try {
-			await fsPromises.access(pathToFile, fs.constants.F_OK);
-		} catch (e) {
-			return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-path]]'));
-		}
-
-		next();
-	});
-};
+const Assert = module.exports;
+
+Assert.user = helpers.try(async (req, res, next) => {
+	if (!await user.exists(req.params.uid)) {
+		return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-user]]'));
+	}
+
+	next();
+});
+
+Assert.group = helpers.try(async (req, res, next) => {
+	const name = await groups.getGroupNameByGroupSlug(req.params.slug);
+	if (!name || !await groups.exists(name)) {
+		return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-group]]'));
+	}
+
+	next();
+});
+
+Assert.topic = helpers.try(async (req, res, next) => {
+	if (!await topics.exists(req.params.tid)) {
+		return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
+	}
+
+	next();
+});
+
+Assert.post = helpers.try(async (req, res, next) => {
+	if (!await posts.exists(req.params.pid)) {
+		return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
+	}
+
+	next();
+});
+
+Assert.path = helpers.try(async (req, res, next) => {
+	// file: URL support
+	if (req.body.path.startsWith('file:///')) {
+		req.body.path = new URL(req.body.path).pathname;
+	}
+
+	// Checks file exists and is within bounds of upload_path
+	const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
+	res.locals.cleanedPath = pathToFile;
+
+	if (!pathToFile.startsWith(nconf.get('upload_path'))) {
+		return controllerHelpers.formatApiResponse(403, res, new Error('[[error:invalid-path]]'));
+	}
+
+	try {
+		await fsPromises.access(pathToFile, fs.constants.F_OK);
+	} catch (e) {
+		return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-path]]'));
+	}
+
+	next();
+});
diff --git a/src/middleware/index.js b/src/middleware/index.js
index 25eddd0fc5..ee01b0b30c 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -60,7 +60,7 @@ require('./maintenance')(middleware);
 require('./user')(middleware);
 require('./headers')(middleware);
 require('./expose')(middleware);
-require('./assert')(middleware);
+middleware.assert = require('./assert');
 
 middleware.stripLeadingSlashes = function stripLeadingSlashes(req, res, next) {
 	var target = req.originalUrl.replace(nconf.get('relative_path'), '');
diff --git a/src/routes/write/files.js b/src/routes/write/files.js
index ce40cab5f1..38b00da366 100644
--- a/src/routes/write/files.js
+++ b/src/routes/write/files.js
@@ -10,8 +10,8 @@ const setupApiRoute = routeHelpers.setupApiRoute;
 module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
-	// setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['path']), middleware.assertFolder], 'put', controllers.write.files.upload);
-	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['path']), middleware.assertPath], 'delete', controllers.write.files.delete);
+	// setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['path']), middleware.assert.folder], 'put', controllers.write.files.upload);
+	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['path']), middleware.assert.path], 'delete', controllers.write.files.delete);
 
 	return router;
 };
diff --git a/src/routes/write/groups.js b/src/routes/write/groups.js
index 275e0ec302..57cd56e539 100644
--- a/src/routes/write/groups.js
+++ b/src/routes/write/groups.js
@@ -11,9 +11,9 @@ module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
 	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['name']), middleware.exposePrivilegeSet], 'post', controllers.write.groups.create);
-	setupApiRoute(router, '/:slug', middleware, [...middlewares, middleware.assertGroup, middleware.exposePrivileges], 'delete', controllers.write.groups.delete);
-	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assertGroup, middleware.exposePrivileges], 'put', controllers.write.groups.join);
-	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assertGroup, middleware.exposePrivileges], 'delete', controllers.write.groups.leave);
+	setupApiRoute(router, '/:slug', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'delete', controllers.write.groups.delete);
+	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'put', controllers.write.groups.join);
+	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'delete', controllers.write.groups.leave);
 
 	return router;
 };
diff --git a/src/routes/write/posts.js b/src/routes/write/posts.js
index 668e11f6dd..cdb64d2499 100644
--- a/src/routes/write/posts.js
+++ b/src/routes/write/posts.js
@@ -11,16 +11,16 @@ module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
 	setupApiRoute(router, '/:pid', middleware, [...middlewares, middleware.checkRequired.bind(null, ['content'])], 'put', controllers.write.posts.edit);
-	setupApiRoute(router, '/:pid', middleware, [...middlewares, middleware.assertPost], 'delete', controllers.write.posts.purge);
+	setupApiRoute(router, '/:pid', middleware, [...middlewares, middleware.assert.post], 'delete', controllers.write.posts.purge);
 
-	setupApiRoute(router, '/:pid/state', middleware, [...middlewares, middleware.assertPost], 'put', controllers.write.posts.restore);
-	setupApiRoute(router, '/:pid/state', middleware, [...middlewares, middleware.assertPost], 'delete', controllers.write.posts.delete);
+	setupApiRoute(router, '/:pid/state', middleware, [...middlewares, middleware.assert.post], 'put', controllers.write.posts.restore);
+	setupApiRoute(router, '/:pid/state', middleware, [...middlewares, middleware.assert.post], 'delete', controllers.write.posts.delete);
 
-	setupApiRoute(router, '/:pid/vote', middleware, [...middlewares, middleware.checkRequired.bind(null, ['delta']), middleware.assertPost], 'put', controllers.write.posts.vote);
-	setupApiRoute(router, '/:pid/vote', middleware, [...middlewares, middleware.assertPost], 'delete', controllers.write.posts.unvote);
+	setupApiRoute(router, '/:pid/vote', middleware, [...middlewares, middleware.checkRequired.bind(null, ['delta']), middleware.assert.post], 'put', controllers.write.posts.vote);
+	setupApiRoute(router, '/:pid/vote', middleware, [...middlewares, middleware.assert.post], 'delete', controllers.write.posts.unvote);
 
-	setupApiRoute(router, '/:pid/bookmark', middleware, [...middlewares, middleware.assertPost], 'put', controllers.write.posts.bookmark);
-	setupApiRoute(router, '/:pid/bookmark', middleware, [...middlewares, middleware.assertPost], 'delete', controllers.write.posts.unbookmark);
+	setupApiRoute(router, '/:pid/bookmark', middleware, [...middlewares, middleware.assert.post], 'put', controllers.write.posts.bookmark);
+	setupApiRoute(router, '/:pid/bookmark', middleware, [...middlewares, middleware.assert.post], 'delete', controllers.write.posts.unbookmark);
 
 	return router;
 };
diff --git a/src/routes/write/topics.js b/src/routes/write/topics.js
index 5c25b4acd2..1cf39c3a1c 100644
--- a/src/routes/write/topics.js
+++ b/src/routes/write/topics.js
@@ -11,25 +11,25 @@ module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
 	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['cid', 'title', 'content'])], 'post', controllers.write.topics.create);
-	setupApiRoute(router, '/:tid', middleware, [...middlewares, middleware.checkRequired.bind(null, ['content']), middleware.assertTopic], 'post', controllers.write.topics.reply);
-	setupApiRoute(router, '/:tid', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.purge);
+	setupApiRoute(router, '/:tid', middleware, [...middlewares, middleware.checkRequired.bind(null, ['content']), middleware.assert.topic], 'post', controllers.write.topics.reply);
+	setupApiRoute(router, '/:tid', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.purge);
 
-	setupApiRoute(router, '/:tid/state', middleware, [...middlewares, middleware.assertTopic], 'put', controllers.write.topics.restore);
-	setupApiRoute(router, '/:tid/state', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.delete);
+	setupApiRoute(router, '/:tid/state', middleware, [...middlewares, middleware.assert.topic], 'put', controllers.write.topics.restore);
+	setupApiRoute(router, '/:tid/state', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.delete);
 
-	setupApiRoute(router, '/:tid/pin', middleware, [...middlewares, middleware.assertTopic], 'put', controllers.write.topics.pin);
-	setupApiRoute(router, '/:tid/pin', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.unpin);
+	setupApiRoute(router, '/:tid/pin', middleware, [...middlewares, middleware.assert.topic], 'put', controllers.write.topics.pin);
+	setupApiRoute(router, '/:tid/pin', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.unpin);
 
-	setupApiRoute(router, '/:tid/lock', middleware, [...middlewares, middleware.assertTopic], 'put', controllers.write.topics.lock);
-	setupApiRoute(router, '/:tid/lock', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.unlock);
+	setupApiRoute(router, '/:tid/lock', middleware, [...middlewares, middleware.assert.topic], 'put', controllers.write.topics.lock);
+	setupApiRoute(router, '/:tid/lock', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.unlock);
 
-	setupApiRoute(router, '/:tid/follow', middleware, [...middlewares, middleware.assertTopic], 'put', controllers.write.topics.follow);
-	setupApiRoute(router, '/:tid/follow', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.unfollow);
-	setupApiRoute(router, '/:tid/ignore', middleware, [...middlewares, middleware.assertTopic], 'put', controllers.write.topics.ignore);
-	setupApiRoute(router, '/:tid/ignore', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.unfollow);	// intentional, unignore == unfollow
+	setupApiRoute(router, '/:tid/follow', middleware, [...middlewares, middleware.assert.topic], 'put', controllers.write.topics.follow);
+	setupApiRoute(router, '/:tid/follow', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.unfollow);
+	setupApiRoute(router, '/:tid/ignore', middleware, [...middlewares, middleware.assert.topic], 'put', controllers.write.topics.ignore);
+	setupApiRoute(router, '/:tid/ignore', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.unfollow);	// intentional, unignore == unfollow
 
-	setupApiRoute(router, '/:tid/tags', middleware, [...middlewares, middleware.checkRequired.bind(null, ['tags']), middleware.assertTopic], 'put', controllers.write.topics.addTags);
-	setupApiRoute(router, '/:tid/tags', middleware, [...middlewares, middleware.assertTopic], 'delete', controllers.write.topics.deleteTags);
+	setupApiRoute(router, '/:tid/tags', middleware, [...middlewares, middleware.checkRequired.bind(null, ['tags']), middleware.assert.topic], 'put', controllers.write.topics.addTags);
+	setupApiRoute(router, '/:tid/tags', middleware, [...middlewares, middleware.assert.topic], 'delete', controllers.write.topics.deleteTags);
 
 	return router;
 };
diff --git a/src/routes/write/users.js b/src/routes/write/users.js
index 0c25de2986..dec5b5f593 100644
--- a/src/routes/write/users.js
+++ b/src/routes/write/users.js
@@ -18,19 +18,19 @@ function authenticatedRoutes() {
 	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['username']), middleware.isAdmin], 'post', controllers.write.users.create);
 	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['uids']), middleware.isAdmin, middleware.exposePrivileges], 'delete', controllers.write.users.deleteMany);
 
-	setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assertUser], 'put', controllers.write.users.update);
-	setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'delete', controllers.write.users.delete);
+	setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assert.user], 'put', controllers.write.users.update);
+	setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assert.user, middleware.exposePrivileges], 'delete', controllers.write.users.delete);
 
-	setupApiRoute(router, '/:uid/password', middleware, [...middlewares, middleware.checkRequired.bind(null, ['newPassword']), middleware.assertUser], 'put', controllers.write.users.changePassword);
+	setupApiRoute(router, '/:uid/password', middleware, [...middlewares, middleware.checkRequired.bind(null, ['newPassword']), middleware.assert.user], 'put', controllers.write.users.changePassword);
 
-	setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assertUser], 'put', controllers.write.users.follow);
-	setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assertUser], 'delete', controllers.write.users.unfollow);
+	setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assert.user], 'put', controllers.write.users.follow);
+	setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assert.user], 'delete', controllers.write.users.unfollow);
 
-	setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'put', controllers.write.users.ban);
-	setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'delete', controllers.write.users.unban);
+	setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assert.user, middleware.exposePrivileges], 'put', controllers.write.users.ban);
+	setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assert.user, middleware.exposePrivileges], 'delete', controllers.write.users.unban);
 
-	setupApiRoute(router, '/:uid/tokens', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivilegeSet], 'post', controllers.write.users.generateToken);
-	setupApiRoute(router, '/:uid/tokens/:token', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivilegeSet], 'delete', controllers.write.users.deleteToken);
+	setupApiRoute(router, '/:uid/tokens', middleware, [...middlewares, middleware.assert.user, middleware.exposePrivilegeSet], 'post', controllers.write.users.generateToken);
+	setupApiRoute(router, '/:uid/tokens/:token', middleware, [...middlewares, middleware.assert.user, middleware.exposePrivilegeSet], 'delete', controllers.write.users.deleteToken);
 
 	/**
 	 * Implement this later...