webaccess: Use `const` or `let` instead of `var`

2020-08-25 17:04:34 -04:00 · 2020-08-25 17:04:34 -04:00 · 0a8569d0ad
parent a7be5278a3
commit 0a8569d0ad
1 changed files with 20 additions and 24 deletions
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@ -1,22 +1,22 @@
-var express = require('express');
+const express = require('express');
-var log4js = require('log4js');
+const log4js = require('log4js');
-var httpLogger = log4js.getLogger('http');
+const httpLogger = log4js.getLogger('http');
-var settings = require('../../utils/Settings');
+const settings = require('../../utils/Settings');
-var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
+const hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
-var ueberStore = require('../../db/SessionStore');
+const ueberStore = require('../../db/SessionStore');
-var stats = require('ep_etherpad-lite/node/stats');
+const stats = require('ep_etherpad-lite/node/stats');
-var sessionModule = require('express-session');
+const sessionModule = require('express-session');
-var cookieParser = require('cookie-parser');
+const cookieParser = require('cookie-parser');
 // checks for basic http auth
 exports.basicAuth = (req, res, next) => {
-  var hookResultMangle = (cb) => {
+  const hookResultMangle = (cb) => {
    return (err, data) => {
      return cb(!err && data.length && data[0]);
    };
  };
-  var authorize = (cb) => {
+  const authorize = (cb) => {
    // Do not require auth for static paths and the API...this could be a bit brittle
    if (req.path.match(/^\/(static|javascripts|pluginfw|api)/)) return cb(true);
@ -30,13 +30,13 @@ exports.basicAuth = (req, res, next) => {
    hooks.aCallFirst('authorize', {req: req, res: res, next: next, resource: req.path}, hookResultMangle(cb));
  };
-  var authenticate = (cb) => {
+  const authenticate = (cb) => {
    // If auth headers are present use them to authenticate...
    if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
-      var userpass = Buffer.from(req.headers.authorization.split(' ')[1], 'base64').toString().split(':');
+      const userpass = Buffer.from(req.headers.authorization.split(' ')[1], 'base64').toString().split(':');
-      var username = userpass.shift();
+      const username = userpass.shift();
-      var password = userpass.join(':');
+      const password = userpass.join(':');
-      var fallback = (success) => {
+      const fallback = (success) => {
        if (success) return cb(true);
        if (!(username in settings.users)) {
          httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`);
@ -58,7 +58,7 @@ exports.basicAuth = (req, res, next) => {
  /* Authentication OR authorization failed. */
-  var failure = () => {
+  const failure = () => {
    return hooks.aCallFirst('authFailure', {req: req, res: res, next: next}, hookResultMangle((ok) => {
      if (ok) return;
      /* No plugin handler for invalid auth. Return Auth required
@ -104,8 +104,8 @@ exports.secret = null;
 exports.expressConfigure = (hook_name, args, cb) => {
  // Measure response time
  args.app.use((req, res, next) => {
-    var stopWatch = stats.timer('httpRequests').start();
+    const stopWatch = stats.timer('httpRequests').start();
-    var sendFn = res.send;
+    const sendFn = res.send;
    res.send = function() { // function, not arrow, due to use of 'arguments'
      stopWatch.end();
      sendFn.apply(res, arguments);
@ -128,11 +128,7 @@ exports.expressConfigure = (hook_name, args, cb) => {
    exports.secret = settings.sessionKey;
  }
-  if (settings.ssl) {
+  const sameSite = settings.ssl ? 'Strict' : 'Lax';
    var sameSite = 'Strict';
  } else {
    var sameSite = 'Lax';
  }
  args.app.sessionStore = exports.sessionStore;
  args.app.use(sessionModule({