diff --git a/src/node/hooks/express/importexport.js b/src/node/hooks/express/importexport.js
index fe97aa2f9..ef10e0145 100644
--- a/src/node/hooks/express/importexport.js
+++ b/src/node/hooks/express/importexport.js
@@ -5,12 +5,11 @@ var importHandler = require('../../handler/ImportHandler');
 var padManager = require("../../db/PadManager");
 
 exports.expressCreateServer = function (hook_name, args, cb) {
-  args.app.get('/p/:pad/:rev?/export/:type', function(req, res, next) {
+  args.app.get('/p/:pad/:rev?/export/:type', async function(req, res, next) {
     var types = ["pdf", "doc", "txt", "html", "odt", "etherpad"];
     //send a 404 if we don't support this filetype
     if (types.indexOf(req.params.type) == -1) {
-      next();
-      return;
+      return next();
     }
 
     // if abiword is disabled, and this is a format we only support with abiword, output a message
@@ -22,28 +21,26 @@ exports.expressCreateServer = function (hook_name, args, cb) {
 
     res.header("Access-Control-Allow-Origin", "*");
 
-    hasPadAccess(req, res, function() {
+    if (await hasPadAccess(req, res)) {
       console.log('req.params.pad', req.params.pad);
-      padManager.doesPadExists(req.params.pad, function(err, exists) {
-        if (!exists) {
-          return next();
-        }
+      let exists = await padManager.doesPadExists(req.params.pad);
+      if (!exists) {
+        return next();
+      }
 
-        exportHandler.doExport(req, res, req.params.pad, req.params.type);
-      });
-    });
+      exportHandler.doExport(req, res, req.params.pad, req.params.type);
+    }
   });
 
   // handle import requests
-  args.app.post('/p/:pad/import', function(req, res, next) {
-    hasPadAccess(req, res, function() {
-      padManager.doesPadExists(req.params.pad, function(err, exists) {
-        if (!exists) {
-          return next();
-        }
+  args.app.post('/p/:pad/import', async function(req, res, next) {
+    if (await hasPadAccess(req, res)) {
+      let exists = await padManager.doesPadExists(req.params.pad);
+      if (!exists) {
+        return next();
+      }
 
-        importHandler.doImport(req, res, req.params.pad);
-      });
-    });
+      importHandler.doImport(req, res, req.params.pad);
+    }
   });
 }
diff --git a/src/node/hooks/express/padreadonly.js b/src/node/hooks/express/padreadonly.js
index 77b197c7c..f699e27e9 100644
--- a/src/node/hooks/express/padreadonly.js
+++ b/src/node/hooks/express/padreadonly.js
@@ -1,57 +1,26 @@
-var async = require('async');
-var ERR = require("async-stacktrace");
 var readOnlyManager = require("../../db/ReadOnlyManager");
 var hasPadAccess = require("../../padaccess");
 var exporthtml = require("../../utils/ExportHtml");
 
 exports.expressCreateServer = function (hook_name, args, cb) {
   // serve read only pad
-  args.app.get('/ro/:id', function(req, res) {
-    var html;
-    var padId;
+  args.app.get('/ro/:id', async function(req, res) {
 
-    async.series([
-      // translate the read only pad to a padId
-      function(callback) {
-        readOnlyManager.getPadId(req.params.id, function(err, _padId) {
-          if(ERR(err, callback)) return;
+    // translate the read only pad to a padId
+    let padId = await readOnlyManager.getPadId(req.params.id);
+    if (padId == null) {
+      res.status(404).send('404 - Not Found');
+      return;
+    }
 
-          padId = _padId;
+    // we need that to tell hasPadAcess about the pad
+    req.params.pad = padId;
 
-          // we need that to tell hasPadAcess about the pad
-          req.params.pad = padId;
-
-          callback();
-        });
-      },
+    if (await hasPadAccess(req, res)) {
       // render the html document
-      function(callback) {
-        // return if the there is no padId
-        if(padId == null) {
-          callback("notfound");
-          return;
-        }
-
-        hasPadAccess(req, res, function() {
-          // render the html document
-          exporthtml.getPadHTMLDocument(padId, null, function(err, _html) {
-            if(ERR(err, callback)) return;
-            html = _html;
-            callback();
-          });
-        });
-      }
-    ],
-    function(err) {
-      // throw any unexpected error
-      if(err && err != "notfound")
-        ERR(err);
-
-      if(err == "notfound")
-        res.status(404).send('404 - Not Found');
-      else
-        res.send(html);
-    });
+      html = await exporthtml.getPadHTMLDocument(padId, null);
+      res.send(html);
+    }
   });
 
 }
diff --git a/src/node/padaccess.js b/src/node/padaccess.js
index a25ad642c..3449f7d16 100644
--- a/src/node/padaccess.js
+++ b/src/node/padaccess.js
@@ -1,17 +1,20 @@
-var ERR = require("async-stacktrace");
 var securityManager = require('./db/SecurityManager');
 
 // checks for padAccess
-module.exports = function (req, res, callback) {
-  securityManager.checkAccess(req.params.pad, req.cookies.sessionID, req.cookies.token, req.cookies.password, function(err, accessObj) {
-    if (ERR(err, callback)) return;
+module.exports = async function (req, res) {
+  try {
+    let accessObj = await securityManager.checkAccess(req.params.pad, req.cookies.sessionID, req.cookies.token, req.cookies.password);
 
     if (accessObj.accessStatus === "grant") {
       // there is access, continue
-      callback();
+      return true;
     } else {
       // no access
       res.status(403).send("403 - Can't touch this");
+      return false;
     }
-  });
+  } catch (err) {
+    // @TODO - send internal server error here?
+    throw err;
+  }
 }