From b89ae69202da521f8dbe5d8491fbe28ea2884177 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Mon, 28 Feb 2022 04:15:53 -0500
Subject: [PATCH] SecurityManager: Don't prefetch values

Prefetching can cause unhandled Promise rejections, and it makes the
code less readable.
---
 src/node/db/SecurityManager.js | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 4851866d5..c37da0a69 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -95,18 +95,13 @@ exports.checkAccess = async (padID, sessionCookie, token, userSettings) => {
     return DENY;
   }
 
-  // start fetching the info we may need
-  const p_sessionAuthorID = sessionManager.findAuthorID(padID.split('$')[0], sessionCookie);
-  const p_tokenAuthorID = authorManager.getAuthor4Token(token);
-  const p_padExists = padManager.doesPadExist(padID);
-
-  const padExists = await p_padExists;
+  const padExists = await padManager.doesPadExist(padID);
   if (!padExists && !canCreate) {
     authLogger.debug('access denied: user attempted to create a pad, which is prohibited');
     return DENY;
   }
 
-  const sessionAuthorID = await p_sessionAuthorID;
+  const sessionAuthorID = await sessionManager.findAuthorID(padID.split('$')[0], sessionCookie);
   if (settings.requireSession && !sessionAuthorID) {
     authLogger.debug('access denied: HTTP API session is required');
     return DENY;
@@ -114,7 +109,7 @@ exports.checkAccess = async (padID, sessionCookie, token, userSettings) => {
 
   const grant = {
     accessStatus: 'grant',
-    authorID: (sessionAuthorID != null) ? sessionAuthorID : await p_tokenAuthorID,
+    authorID: sessionAuthorID || await authorManager.getAuthor4Token(token),
   };
 
   if (!padID.includes('$')) {