use next and http-errors

packages/app/src/server/middlewares/inject-reset-order-by-token-middleware.js

@@ -7,14 +7,14 @@ module.exports = (crowi, app) => {
     const token = req.params.token || req.body.token;
 
     if (token == null) {
-      req.error = { key: 'token-not-found', message: 'Token not found' };
+      return next(createError(400, 'Token not found', { code: 'token-not-found' }));
     }
 
     const passwordResetOrder = await PasswordResetOrder.findOne({ token });
 
     // check if the token is valid
     if (passwordResetOrder == null || passwordResetOrder.isExpired() || passwordResetOrder.isRevoked) {
-      req.error = { key: 'password-reset-order-is-not-appropriate', message: 'passwordResetOrder is null or expired or revoked' };
+      return next(createError(400, 'passwordResetOrder is null or expired or revoked', { code: 'password-reset-order-is-not-appropriate' }));
     }
 
     req.passwordResetOrder = passwordResetOrder;

packages/app/src/server/routes/apiv3/forgot-password.js

@@ -1,4 +1,5 @@
 import rateLimit from 'express-rate-limit';
+import ErrorV3 from '~/server/models/vo/error-apiv3';
 import loggerFactory from '~/utils/logger';
 
 const logger = loggerFactory('growi:routes:apiv3:forgotPassword'); // eslint-disable-line no-unused-vars
@@ -79,12 +80,7 @@ module.exports = (crowi) => {
     }
   });
 
-  router.put('/', apiLimiter, csrf, injectResetOrderByTokenMiddleware, validator.password, apiV3FormValidator, async(req, res) => {
-
-    if (req.error != null) {
-      return res.apiv3Err(req.error.message);
-    }
-
+  router.put('/', injectResetOrderByTokenMiddleware, async(req, res) => {
     const { passwordResetOrder } = req;
     const { email } = passwordResetOrder;
     const grobalLang = configManager.getConfig('crowi', 'app:globalLang');
@@ -111,5 +107,13 @@ module.exports = (crowi) => {
     }
   });
 
+  // middleware to handle error
+  router.use((error, req, res, next) => {
+    if (error != null) {
+      return res.apiv3Err(new ErrorV3(error.message, error.code));
+    }
+    next();
+  });
+
   return router;
 };

packages/app/src/server/routes/forgot-password.js

@@ -8,13 +8,16 @@ module.exports = function(crowi, app) {
   };
 
   actions.resetPassword = async function(req, res) {
-    const { error, passwordResetOrder } = req;
+    const { passwordResetOrder } = req;
+    return res.render('reset-password', { email: passwordResetOrder.email });
+  };
 
+  // middleware to handle error
+  actions.handleHttpErrosMiddleware = (error, req, res, next) => {
     if (error != null) {
-      return res.render('forgot-password/error', { key: error.key });
+      return res.render('forgot-password/error', { key: error.code });
     }
-
-    return res.render('reset-password', { email: passwordResetOrder.email });
+    next();
   };
 
   return actions;

packages/app/src/server/routes/index.js

@@ -1,3 +1,5 @@
+import express from 'express';
+
 const multer = require('multer');
 const autoReap = require('multer-autoreap');
 const rateLimit = require('express-rate-limit');
@@ -185,8 +187,10 @@ module.exports = function(crowi, app) {
   app.post('/_api/hackmd.discard'        , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.discard);
   app.post('/_api/hackmd.saveOnHackmd'   , accessTokenParser , loginRequiredStrictly , csrf, hackmd.validateForApi, hackmd.saveOnHackmd);
 
-  app.get('/forgot-password', forgotPassword.forgotPassword);
-  app.get('/forgot-password/:token'      ,apiLimiter, injectResetOrderByTokenMiddleware, forgotPassword.resetPassword);
+  app.use('/forgot-password', express.Router()
+    .get('/', forgotPassword.forgotPassword)
+    .get('/:token', apiLimiter, injectResetOrderByTokenMiddleware, forgotPassword.resetPassword)
+    .use(forgotPassword.handleHttpErrosMiddleware));
 
   app.get('/share/:linkId', page.showSharedPage);