I was wondering if using res.locals like in this code example is bad practice or if there can occur any problems if you use it this way:

app.use((req, res, next) => {
    const session = req.cookies.session
    if (session) {
        db.admin.auth().verifySessionCookie(session, true)
            .then((decodedData) => {
                res.locals.userId= decodedData.uid
                next();
            })
            .catch(() => {
                res.locals.userId = false
                next();
            })
    } else {
        res.locals.userId = false
        next();
    }

app.get("/", async (req, res) => {
    console.log(res.locals.userId)
    res.render("home.hbs")
})

Basically I:

1. I verify the session-cookie in app.use (Im using firebase auth)
2. I set the res.locals.userId = userId
3. And then use the local i just set in the app.get

(I need to do it this way because I need the userId in my view, otherwise I need to run the verifySessionCookie function 2 times to get the userId which I want to avoid)

I was wondering if using res.locals like in this code example is bad practice or if there can occur any problems if you use it this way:

app.use((req, res, next) => {
    const session = req.cookies.session
    if (session) {
        db.admin.auth().verifySessionCookie(session, true)
            .then((decodedData) => {
                res.locals.userId= decodedData.uid
                next();
            })
            .catch(() => {
                res.locals.userId = false
                next();
            })
    } else {
        res.locals.userId = false
        next();
    }

app.get("/", async (req, res) => {
    console.log(res.locals.userId)
    res.render("home.hbs")
})

Basically I:

1. I verify the session-cookie in app.use (Im using firebase auth)
2. I set the res.locals.userId = userId
3. And then use the local i just set in the app.get

(I need to do it this way because I need the userId in my view, otherwise I need to run the verifySessionCookie function 2 times to get the userId which I want to avoid)

• javascript
• node.js
• express

Share Improve this question Follow asked May 12, 2021 at 22:22 eekeek 5722 silver badges77 bronze badges 1

• What makes you think it would be bad practice? It's documented as being "useful for exposing request-level information such as the request path name, authenticated user, user settings, and so on." – blex Commented May 12, 2021 at 22:26

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 8

res.locals is explicitly designed as a place for you to put things that later parts of the request handling want/need to use and it is often used for template rendering. So, this is precisely what it is supposed to be used for.

I was wondering if using res.locals like in this code example is bad practice or if there can occur any problems if you use it this way

No bad things will happen. This is exactly what res.locals is for. See the doc reference for further confirmation.