From dcb85ee7a1536b5001ca85c1bc4256dac5fc8893 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Wed, 3 Jun 2020 20:18:42 -0400 Subject: [PATCH] #8344 (#8346) * feat: wip * feat: wrap middlewares * feat: middleware errors * feat: more middleware changes * fix: remove unused async * fix: prevent version errors from blocking acp render * feat: wrap more middlewares --- src/analytics.js | 26 +++--- src/middleware/admin.js | 36 ++++---- src/middleware/header.js | 39 +++----- src/middleware/headers.js | 32 +++---- src/middleware/helpers.js | 22 +++++ src/middleware/index.js | 169 +++++++++++++++------------------- src/middleware/maintenance.js | 11 ++- src/middleware/user.js | 96 ++++++++++--------- src/routes/authentication.js | 10 +- 9 files changed, 214 insertions(+), 227 deletions(-) create mode 100644 src/middleware/helpers.js diff --git a/src/analytics.js b/src/analytics.js index 914a579fa9..3db38cba27 100644 --- a/src/analytics.js +++ b/src/analytics.js @@ -52,7 +52,7 @@ Analytics.increment = function (keys, callback) { } }; -Analytics.pageView = function (payload) { +Analytics.pageView = async function (payload) { pageViews += 1; if (payload.uid > 0) { @@ -71,20 +71,16 @@ Analytics.pageView = function (payload) { ipCache.set(payload.ip + nconf.get('secret'), hash); } - db.sortedSetScore('ip:recent', hash, function (err, score) { - if (err) { - return; - } - if (!score) { - uniqueIPCount += 1; - } - var today = new Date(); - today.setHours(today.getHours(), 0, 0, 0); - if (!score || score < today.getTime()) { - uniquevisitors += 1; - db.sortedSetAdd('ip:recent', Date.now(), hash); - } - }); + const score = await db.sortedSetScore('ip:recent', hash); + if (!score) { + uniqueIPCount += 1; + } + const today = new Date(); + today.setHours(today.getHours(), 0, 0, 0); + if (!score || score < today.getTime()) { + uniquevisitors += 1; + await db.sortedSetAdd('ip:recent', Date.now(), hash); + } } }; diff --git a/src/middleware/admin.js b/src/middleware/admin.js index 30c04d6db4..33e8a45f49 100644 --- a/src/middleware/admin.js +++ b/src/middleware/admin.js @@ -1,6 +1,5 @@ 'use strict'; -var async = require('async'); var winston = require('winston'); var jsesc = require('jsesc'); var nconf = require('nconf'); @@ -11,6 +10,7 @@ var meta = require('../meta'); var plugins = require('../plugins'); var utils = require('../../public/src/utils'); var versions = require('../admin/versions'); +var helpers = require('./helpers'); var controllers = { api: require('../controllers/api'), @@ -19,24 +19,16 @@ var controllers = { module.exports = function (middleware) { middleware.admin = {}; - middleware.admin.isAdmin = function (req, res, next) { + middleware.admin.isAdmin = helpers.try(async function (req, res, next) { winston.warn('[middleware.admin.isAdmin] deprecation warning, no need to use this from plugins!'); - middleware.isAdmin(req, res, next); - }; + await middleware.isAdmin(req, res, next); + }); - middleware.admin.buildHeader = function (req, res, next) { + middleware.admin.buildHeader = helpers.try(async function (req, res, next) { res.locals.renderAdminHeader = true; - - async.waterfall([ - function (next) { - controllers.api.loadConfig(req, next); - }, - function (config, next) { - res.locals.config = config; - next(); - }, - ], next); - }; + res.locals.config = await controllers.api.loadConfig(req); + next(); + }); middleware.admin.renderHeader = async (req, res, data) => { var custom_header = { @@ -50,7 +42,7 @@ module.exports = function (middleware) { scripts: getAdminScripts(), custom_header: plugins.fireHook('filter:admin.header.build', custom_header), configs: meta.configs.list(), - latestVersion: versions.getLatestVersion(), + latestVersion: getLatestVersion(), }); var userData = results.userData; @@ -98,6 +90,16 @@ module.exports = function (middleware) { }); } + async function getLatestVersion() { + try { + const result = await versions.getLatestVersion(); + return result; + } catch (err) { + winston.error('[acp] Failed to fetch latest version' + err.stack); + } + return null; + } + middleware.admin.renderFooter = async function (req, res, data) { return await req.app.renderAsync('admin/footer', data); }; diff --git a/src/middleware/header.js b/src/middleware/header.js index 221b2bfa1e..101f7523fd 100644 --- a/src/middleware/header.js +++ b/src/middleware/header.js @@ -1,6 +1,5 @@ 'use strict'; -var async = require('async'); var nconf = require('nconf'); var jsesc = require('jsesc'); var _ = require('lodash'); @@ -16,6 +15,7 @@ var translator = require('../translator'); var privileges = require('../privileges'); var languages = require('../languages'); var utils = require('../utils'); +var helpers = require('./helpers'); var controllers = { api: require('../controllers/api'), @@ -23,34 +23,19 @@ var controllers = { }; module.exports = function (middleware) { - middleware.buildHeader = function buildHeader(req, res, next) { + middleware.buildHeader = helpers.try(async function buildHeader(req, res, next) { res.locals.renderHeader = true; res.locals.isAPI = false; - async.waterfall([ - function (next) { - if (req.uid >= 0) { - middleware.applyCSRF(req, res, next); - } else { - setImmediate(next); - } - }, - function (next) { - async.parallel({ - config: function (next) { - controllers.api.loadConfig(req, next); - }, - plugins: function (next) { - plugins.fireHook('filter:middleware.buildHeader', { req: req, locals: res.locals }, next); - }, - }, next); - }, - function (results, next) { - res.locals.config = results.config; - // Return no arguments - setImmediate(next); - }, - ], next); - }; + if (req.uid >= 0) { + await middleware.applyCSRFAsync(req, res); + } + const [config] = await Promise.all([ + controllers.api.loadConfig(req), + plugins.fireHook('filter:middleware.buildHeader', { req: req, locals: res.locals }), + ]); + res.locals.config = config; + next(); + }); async function generateHeader(req, res, data) { var registrationType = meta.config.registrationType || 'normal'; diff --git a/src/middleware/headers.js b/src/middleware/headers.js index 2bce51b9dc..9d3b20f127 100644 --- a/src/middleware/headers.js +++ b/src/middleware/headers.js @@ -6,9 +6,10 @@ var _ = require('lodash'); var meta = require('../meta'); var languages = require('../languages'); +var helpers = require('./helpers'); module.exports = function (middleware) { - middleware.addHeaders = function addHeaders(req, res, next) { + middleware.addHeaders = helpers.try(function addHeaders(req, res, next) { var headers = { 'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'), 'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN', @@ -61,31 +62,30 @@ module.exports = function (middleware) { } next(); - }; + }); - let langs = []; - middleware.autoLocale = function autoLocale(req, res, next) { + middleware.autoLocale = helpers.try(async function autoLocale(req, res, next) { if (parseInt(req.uid, 10) > 0 || !meta.config.autoDetectLang || req.query.lang) { return next(); } - + const langs = await listCodes(); const lang = req.acceptsLanguages(langs); if (!lang) { return next(); } req.query.lang = lang; next(); - }; + }); - languages.listCodes(function (err, codes) { - if (err) { - winston.error('[middleware/autoLocale] Could not retrieve languages codes list!'); - codes = []; + async function listCodes() { + const defaultLang = meta.config.defaultLang || 'en-GB'; + try { + const codes = await languages.listCodes(); + winston.verbose('[middleware/autoLocale] Retrieves languages list for middleware'); + return _.uniq([defaultLang, ...codes]); + } catch (err) { + winston.error('[middleware/autoLocale] Could not retrieve languages codes list! ' + err.stack); + return [defaultLang]; } - - winston.verbose('[middleware/autoLocale] Retrieves languages list for middleware'); - var defaultLang = meta.config.defaultLang || 'en-GB'; - - langs = _.uniq([defaultLang, ...codes]); - }); + } }; diff --git a/src/middleware/helpers.js b/src/middleware/helpers.js new file mode 100644 index 0000000000..cb67b454c5 --- /dev/null +++ b/src/middleware/helpers.js @@ -0,0 +1,22 @@ +'use strict'; + +const helpers = module.exports; + +helpers.try = function (middleware) { + if (middleware && middleware.constructor && middleware.constructor.name === 'AsyncFunction') { + return async function (req, res, next) { + try { + await middleware(req, res, next); + } catch (err) { + next(err); + } + }; + } + return function (req, res, next) { + try { + middleware(req, res, next); + } catch (err) { + next(err); + } + }; +}; diff --git a/src/middleware/index.js b/src/middleware/index.js index 9af5605885..fe4897a342 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -8,6 +8,7 @@ var nconf = require('nconf'); var ensureLoggedIn = require('connect-ensure-login'); var toobusy = require('toobusy-js'); var LRU = require('lru-cache'); +var util = require('util'); var plugins = require('../plugins'); var meta = require('../meta'); @@ -15,6 +16,7 @@ var user = require('../user'); var groups = require('../groups'); var analytics = require('../analytics'); var privileges = require('../privileges'); +var helpers = require('./helpers'); var controllers = { api: require('../controllers/api'), @@ -39,6 +41,8 @@ middleware.applyCSRF = csrf({ } : true, }); +middleware.applyCSRFAsync = util.promisify(middleware.applyCSRF); + middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login'); require('./admin')(middleware); @@ -51,56 +55,39 @@ require('./headers')(middleware); middleware.stripLeadingSlashes = function stripLeadingSlashes(req, res, next) { var target = req.originalUrl.replace(nconf.get('relative_path'), ''); if (target.startsWith('//')) { - res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/')); - } else { - setImmediate(next); + return res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/')); } + next(); }; -middleware.pageView = function pageView(req, res, next) { - analytics.pageView({ - ip: req.ip, - uid: req.uid, - }); - - plugins.fireHook('action:middleware.pageView', { req: req }); - +middleware.pageView = helpers.try(async function pageView(req, res, next) { + const promises = [ + analytics.pageView({ ip: req.ip, uid: req.uid }), + ]; if (req.loggedIn) { - if (req.path.startsWith('/api/users') || req.path.startsWith('/users')) { - async.parallel([ - async.apply(user.updateOnlineUsers, req.uid), - async.apply(user.updateLastOnlineTime, req.uid), - ], next); - } else { - user.updateOnlineUsers(req.uid); - user.updateLastOnlineTime(req.uid); - setImmediate(next); - } - } else { - setImmediate(next); + promises.push(user.updateOnlineUsers(req.uid)); + promises.push(user.updateLastOnlineTime(req.uid)); } -}; - + await Promise.all(promises); + plugins.fireHook('action:middleware.pageView', { req: req }); + next(); +}); -middleware.pluginHooks = async function pluginHooks(req, res, next) { +middleware.pluginHooks = helpers.try(async function pluginHooks(req, res, next) { // TODO: Deprecate in v2.0 - try { - await async.each(plugins.loadedHooks['filter:router.page'] || [], function (hookObj, next) { - hookObj.method(req, res, next); - }); + await async.each(plugins.loadedHooks['filter:router.page'] || [], function (hookObj, next) { + hookObj.method(req, res, next); + }); - await plugins.fireHook('response:router.page', { - req: req, - res: res, - }); - } catch (err) { - return next(err); - } + await plugins.fireHook('response:router.page', { + req: req, + res: res, + }); if (!res.headersSent) { next(); } -}; +}); middleware.validateFiles = function validateFiles(req, res, next) { if (!Array.isArray(req.files.files) || !req.files.files.length) { @@ -131,36 +118,28 @@ middleware.routeTouchIcon = function routeTouchIcon(req, res) { }); }; -middleware.privateTagListing = function privateTagListing(req, res, next) { - privileges.global.can('view:tags', req.uid, function (err, canView) { - if (err || canView) { - return next(err); - } - controllers.helpers.notAllowed(req, res); - }); -}; +middleware.privateTagListing = helpers.try(async function privateTagListing(req, res, next) { + const canView = await privileges.global.can('view:tags', req.uid); + if (!canView) { + return controllers.helpers.notAllowed(req, res); + } + next(); +}); -middleware.exposeGroupName = function exposeGroupName(req, res, next) { - expose('groupName', groups.getGroupNameByGroupSlug, 'slug', req, res, next); -}; +middleware.exposeGroupName = helpers.try(async function exposeGroupName(req, res, next) { + await expose('groupName', groups.getGroupNameByGroupSlug, 'slug', req, res, next); +}); -middleware.exposeUid = function exposeUid(req, res, next) { - expose('uid', user.getUidByUserslug, 'userslug', req, res, next); -}; +middleware.exposeUid = helpers.try(async function exposeUid(req, res, next) { + await expose('uid', user.getUidByUserslug, 'userslug', req, res, next); +}); -function expose(exposedField, method, field, req, res, next) { +async function expose(exposedField, method, field, req, res, next) { if (!req.params.hasOwnProperty(field)) { return next(); } - async.waterfall([ - function (next) { - method(req.params[field], next); - }, - function (id, next) { - res.locals[exposedField] = id; - next(); - }, - ], next); + res.locals[exposedField] = await method(req.params[field]); + next(); } middleware.privateUploads = function privateUploads(req, res, next) { @@ -188,10 +167,13 @@ middleware.busyCheck = function busyCheck(req, res, next) { } }; -middleware.applyBlacklist = function applyBlacklist(req, res, next) { - meta.blacklist.test(req.ip, function (err) { +middleware.applyBlacklist = async function applyBlacklist(req, res, next) { + try { + await meta.blacklist.test(req.ip); + next(); + } catch (err) { next(err); - }); + } }; middleware.delayLoading = function delayLoading(req, res, next) { @@ -207,25 +189,19 @@ middleware.delayLoading = function delayLoading(req, res, next) { setTimeout(next, 1000); }; -middleware.buildSkinAsset = function buildSkinAsset(req, res, next) { +middleware.buildSkinAsset = helpers.try(async function buildSkinAsset(req, res, next) { // If this middleware is reached, a skin was requested, so it is built on-demand - var target = path.basename(req.originalUrl).match(/(client-[a-z]+)/); - if (target) { - async.waterfall([ - async.apply(plugins.prepareForBuild, ['client side styles']), - async.apply(meta.css.buildBundle, target[0], true), - ], function (err, css) { - if (err) { - return next(); - } - - require('../meta/minifier').killAll(); - res.status(200).type('text/css').send(css); - }); - } else { - setImmediate(next); + const target = path.basename(req.originalUrl).match(/(client-[a-z]+)/); + if (!target) { + return next(); } -}; + + await plugins.prepareForBuild(['client side styles']); + const buildBundle = util.promisify(meta.css.buildBundle); + const css = await buildBundle(target[0], true); + require('../meta/minifier').killAll(); + res.status(200).type('text/css').send(css); +}); middleware.trimUploadTimestamps = function trimUploadTimestamps(req, res, next) { // Check match @@ -238,19 +214,18 @@ middleware.trimUploadTimestamps = function trimUploadTimestamps(req, res, next) next(); }; -middleware.validateAuth = function validateAuth(req, res, next) { - plugins.fireHook('static:auth.validate', { - user: res.locals.user, - strategy: res.locals.strategy, - }, function (err) { - if (err) { - return req.session.regenerate(function () { - req.uid = 0; - req.loggedIn = false; - next(err); - }); - } - +middleware.validateAuth = helpers.try(async function validateAuth(req, res, next) { + try { + await plugins.fireHook('static:auth.validate', { + user: res.locals.user, + strategy: res.locals.strategy, + }); next(); - }); -}; + } catch (err) { + const regenerateSession = util.promisify(cb => req.session.regenerate(cb)); + await regenerateSession(); + req.uid = 0; + req.loggedIn = false; + next(err); + } +}); diff --git a/src/middleware/maintenance.js b/src/middleware/maintenance.js index 35f28f4b57..089aa7549a 100644 --- a/src/middleware/maintenance.js +++ b/src/middleware/maintenance.js @@ -4,11 +4,12 @@ const util = require('util'); const nconf = require('nconf'); const meta = require('../meta'); const user = require('../user'); +const helpers = require('./helpers'); module.exports = function (middleware) { - middleware.maintenanceMode = async function maintenanceMode(req, res, next) { + middleware.maintenanceMode = helpers.try(async function maintenanceMode(req, res, next) { if (!meta.config.maintenanceMode) { - return setImmediate(next); + return next(); } const hooksAsync = util.promisify(middleware.pluginHooks); @@ -16,12 +17,12 @@ module.exports = function (middleware) { const url = req.url.replace(nconf.get('relative_path'), ''); if (url.startsWith('/login') || url.startsWith('/api/login')) { - return setImmediate(next); + return next(); } const isAdmin = await user.isAdministrator(req.uid); if (isAdmin) { - return setImmediate(next); + return next(); } res.status(meta.config.maintenanceModeStatus); @@ -37,5 +38,5 @@ module.exports = function (middleware) { const buildHeaderAsync = util.promisify(middleware.buildHeader); await buildHeaderAsync(req, res); res.render('503', data); - }; + }); }; diff --git a/src/middleware/user.js b/src/middleware/user.js index e2d88f84d7..e814458e8c 100644 --- a/src/middleware/user.js +++ b/src/middleware/user.js @@ -1,6 +1,5 @@ 'use strict'; -const util = require('util'); const nconf = require('nconf'); const winston = require('winston'); @@ -8,7 +7,7 @@ const meta = require('../meta'); const user = require('../user'); const privileges = require('../privileges'); const plugins = require('../plugins'); - +const helpers = require('./helpers'); const auth = require('../routes/authentication'); const controllers = { @@ -16,9 +15,9 @@ const controllers = { }; module.exports = function (middleware) { - async function authenticate(req, res, next, callback) { + async function authenticate(req, res) { if (req.loggedIn) { - return next(); + return true; } await plugins.fireHook('response:middleware.authenticate', { @@ -28,35 +27,35 @@ module.exports = function (middleware) { }); if (!res.headersSent) { - auth.setAuthVars(req, res, function () { - if (req.loggedIn && req.user && req.user.uid) { - return next(); - } - - callback(); - }); + auth.setAuthVars(req); } + return !res.headersSent; } - middleware.authenticate = function middlewareAuthenticate(req, res, next) { - authenticate(req, res, next, function () { - controllers.helpers.notAllowed(req, res, next); - }); - }; - - const authenticateAsync = util.promisify(middleware.authenticate); + middleware.authenticate = helpers.try(async function middlewareAuthenticate(req, res, next) { + if (!await authenticate(req, res)) { + return; + } + if (!req.loggedIn) { + return controllers.helpers.notAllowed(req, res); + } + next(); + }); - middleware.authenticateOrGuest = function authenticateOrGuest(req, res, next) { - authenticate(req, res, next, next); - }; + middleware.authenticateOrGuest = helpers.try(async function authenticateOrGuest(req, res, next) { + if (!await authenticate(req, res)) { + return; + } + next(); + }); - middleware.ensureSelfOrGlobalPrivilege = function ensureSelfOrGlobalPrivilege(req, res, next) { - ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next); - }; + middleware.ensureSelfOrGlobalPrivilege = helpers.try(async function ensureSelfOrGlobalPrivilege(req, res, next) { + await ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next); + }); - middleware.ensureSelfOrPrivileged = function ensureSelfOrPrivileged(req, res, next) { - ensureSelfOrMethod(user.isPrivileged, req, res, next); - }; + middleware.ensureSelfOrPrivileged = helpers.try(async function ensureSelfOrPrivileged(req, res, next) { + await ensureSelfOrMethod(user.isPrivileged, req, res, next); + }); async function ensureSelfOrMethod(method, req, res, next) { /* @@ -67,7 +66,7 @@ module.exports = function (middleware) { return controllers.helpers.notAllowed(req, res); } if (req.uid === parseInt(res.locals.uid, 10)) { - return setImmediate(next); + return next(); } const allowed = await method(req.uid); if (!allowed) { @@ -77,12 +76,12 @@ module.exports = function (middleware) { return next(); } - middleware.checkGlobalPrivacySettings = function checkGlobalPrivacySettings(req, res, next) { + middleware.checkGlobalPrivacySettings = helpers.try(async function checkGlobalPrivacySettings(req, res, next) { winston.warn('[middleware], checkGlobalPrivacySettings deprecated, use canViewUsers or canViewGroups'); - middleware.canViewUsers(req, res, next); - }; + await middleware.canViewUsers(req, res, next); + }); - middleware.canViewUsers = async function canViewUsers(req, res, next) { + middleware.canViewUsers = helpers.try(async function canViewUsers(req, res, next) { if (parseInt(res.locals.uid, 10) === req.uid) { return next(); } @@ -91,19 +90,24 @@ module.exports = function (middleware) { return next(); } controllers.helpers.notAllowed(req, res); - }; + }); - middleware.canViewGroups = async function canViewGroups(req, res, next) { + middleware.canViewGroups = helpers.try(async function canViewGroups(req, res, next) { const canView = await privileges.global.can('view:groups', req.uid); if (canView) { return next(); } controllers.helpers.notAllowed(req, res); - }; + }); - middleware.checkAccountPermissions = async function checkAccountPermissions(req, res, next) { + middleware.checkAccountPermissions = helpers.try(async function checkAccountPermissions(req, res, next) { // This middleware ensures that only the requested user and admins can pass - await authenticateAsync(req, res); + if (!await authenticate(req, res)) { + return; + } + if (!req.loggedIn) { + return controllers.helpers.notAllowed(req, res); + } const uid = await user.getUidByUserslug(req.params.userslug); let allowed = await privileges.users.canEdit(req.uid, uid); if (allowed) { @@ -117,17 +121,17 @@ module.exports = function (middleware) { return next(); } controllers.helpers.notAllowed(req, res); - }; + }); - middleware.redirectToAccountIfLoggedIn = async function redirectToAccountIfLoggedIn(req, res, next) { + middleware.redirectToAccountIfLoggedIn = helpers.try(async function redirectToAccountIfLoggedIn(req, res, next) { if (req.session.forceLogin || req.uid <= 0) { return next(); } const userslug = await user.getUserField(req.uid, 'userslug'); controllers.helpers.redirect(res, '/user/' + userslug); - }; + }); - middleware.redirectUidToUserslug = async function redirectUidToUserslug(req, res, next) { + middleware.redirectUidToUserslug = helpers.try(async function redirectUidToUserslug(req, res, next) { const uid = parseInt(req.params.uid, 10); if (uid <= 0) { return next(); @@ -140,18 +144,18 @@ module.exports = function (middleware) { .replace('uid', 'user') .replace(uid, function () { return userslug; }); controllers.helpers.redirect(res, path); - }; + }); - middleware.redirectMeToUserslug = async function redirectMeToUserslug(req, res) { + middleware.redirectMeToUserslug = helpers.try(async function redirectMeToUserslug(req, res) { const userslug = await user.getUserField(req.uid, 'userslug'); if (!userslug) { return controllers.helpers.notAllowed(req, res); } const path = req.path.replace(/^(\/api)?\/me/, '/user/' + userslug); controllers.helpers.redirect(res, path); - }; + }); - middleware.isAdmin = async function isAdmin(req, res, next) { + middleware.isAdmin = helpers.try(async function isAdmin(req, res, next) { const isAdmin = await user.isAdministrator(req.uid); if (!isAdmin) { return controllers.helpers.notAllowed(req, res); @@ -186,7 +190,7 @@ module.exports = function (middleware) { } else { res.redirect(nconf.get('relative_path') + '/login?local=1'); } - }; + }); middleware.requireUser = function (req, res, next) { if (req.loggedIn) { diff --git a/src/routes/authentication.js b/src/routes/authentication.js index 555c75d778..1f26c23980 100644 --- a/src/routes/authentication.js +++ b/src/routes/authentication.js @@ -23,14 +23,17 @@ Auth.initialize = function (app, middleware) { passportSessionMiddleware(req, res, next); }); - app.use(Auth.setAuthVars); + app.use(function (req, res, next) { + Auth.setAuthVars(req, res); + next(); + }); Auth.app = app; Auth.middleware = middleware; }; -Auth.setAuthVars = function setAuthVars(req, res, next) { - var isSpider = req.isSpider(); +Auth.setAuthVars = function setAuthVars(req) { + const isSpider = req.isSpider(); req.loggedIn = !isSpider && !!req.user; if (req.user) { req.uid = parseInt(req.user.uid, 10); @@ -39,7 +42,6 @@ Auth.setAuthVars = function setAuthVars(req, res, next) { } else { req.uid = 0; } - next(); }; Auth.getLoginStrategies = function () {