0

I was wondering if using res.locals like in this code example is bad practice or if there can occur any problems if you use it this way:

app.use((req, res, next) => {
    const session = req.cookies.session
    if (session) {
        db.admin.auth().verifySessionCookie(session, true)
            .then((decodedData) => {
                res.locals.userId= decodedData.uid
                next();
            })
            .catch(() => {
                res.locals.userId = false
                next();
            })
    } else {
        res.locals.userId = false
        next();
    }

app.get("/", async (req, res) => {
    console.log(res.locals.userId)
    res.render("home.hbs")
})

Basically I:

  1. I verify the session-cookie in app.use (Im using firebase auth)
  2. I set the res.locals.userId = userId
  3. And then use the local i just set in the app.get

(I need to do it this way because I need the userId in my view, otherwise I need to run the verifySessionCookie function 2 times to get the userId which I want to avoid)

eek
  • 57
  • 2
  • 7
  • What makes you think it would be bad practice? [It's documented](http://expressjs.com/en/api.html#res.locals) as being _"useful for exposing request-level information such as the request path name, authenticated user, user settings, and so on."_ – blex May 12 '21 at 22:26

1 Answers1

4

res.locals is explicitly designed as a place for you to put things that later parts of the request handling want/need to use and it is often used for template rendering. So, this is precisely what it is supposed to be used for.

I was wondering if using res.locals like in this code example is bad practice or if there can occur any problems if you use it this way

No bad things will happen. This is exactly what res.locals is for. See the doc reference for further confirmation.

jfriend00
  • 683,504
  • 96
  • 985
  • 979