1 files changed, 32 insertions, 32 deletions

diff --git a/server.js b/server.js
index bbf3c59..5ce38b0 100644
--- a/server.js
+++ b/server.js
@@ -494,7 +494,7 @@ app.use(function (req, res, next) {
 		let user_id = login_sql_select.get(sid)
 		if (user_id) {
 			login_touch(res, sid)
-			req.user = SQL_SELECT_USER_DYNAMIC.get(user_id)
+			req.user = res.locals.user = SQL_SELECT_USER_DYNAMIC.get(user_id)
 			SQL_UPDATE_USER_LAST_SEEN.run(user_id, ip)
 			if (req.user.is_banned)
 				return res.status(403).send("")
@@ -523,15 +523,15 @@ function must_be_administrator(req, res, next) {
 }
 
 app.get("/", function (req, res) {
-	res.render("index.pug", { user: req.user })
+	res.render("index.pug")
 })
 
 app.get("/create", function (req, res) {
-	res.render("create-index.pug", { user: req.user })
+	res.render("create-index.pug")
 })
 
 app.get("/about", function (req, res) {
-	res.render("about.pug", { user: req.user })
+	res.render("about.pug")
 })
 
 app.post("/logout", function (req, res) {
@@ -609,7 +609,7 @@ app.get("/account/mail/verify", must_be_logged_in, function (req, res) {
 		return res.redirect("/profile")
 	if (!token)
 		create_and_mail_verification_token(req.user)
-	res.render("verify_mail.pug", { user: req.user, token })
+	res.render("verify_mail.pug", { token })
 })
 
 app.post("/account/mail/verify", must_be_logged_in, function (req, res) {
@@ -618,7 +618,7 @@ app.post("/account/mail/verify", must_be_logged_in, function (req, res) {
 		res.redirect("/profile")
 	} else {
 		create_and_mail_verification_token(req.user)
-		res.render("verify_mail.pug", { user: req.user, flash: "Invalid or expired token!" })
+		res.render("verify_mail.pug", { flash: "Invalid or expired token!" })
 	}
 })
 
@@ -675,7 +675,7 @@ app.post("/account/reset-password", must_pass_altcha, function (req, res) {
 })
 
 app.get("/account/change-password", must_be_logged_in, function (req, res) {
-	res.render("change_password.pug", { user: req.user })
+	res.render("change_password.pug")
 })
 
 app.post("/account/change-password", must_be_logged_in, function (req, res) {
@@ -684,12 +684,12 @@ app.post("/account/change-password", must_be_logged_in, function (req, res) {
 	// Get full user record including password and salt
 	let user = SQL_SELECT_LOGIN.get(req.user.user_id)
 	if (newpass.length < 4)
-		return res.render("change_password.pug", { user: req.user, flash: "Password is too short!" })
+		return res.render("change_password.pug", { flash: "Password is too short!" })
 	if (newpass.length > 100)
-		return res.render("change_password.pug", { user: req.user, flash: "Password is too long!" })
+		return res.render("change_password.pug", { flash: "Password is too long!" })
 	let oldhash = hash_password(oldpass, user.salt)
 	if (oldhash !== user.password)
-		return res.render("change_password.pug", { user: req.user, flash: "Wrong password!" })
+		return res.render("change_password.pug", { flash: "Wrong password!" })
 	let salt = crypto.randomBytes(32).toString("hex")
 	let hash = hash_password(newpass, salt)
 	SQL_UPDATE_USER_PASSWORD.run(user.user_id, hash, salt)
@@ -711,7 +711,7 @@ function may_delete_account(user_id) {
 app.get("/account/delete", must_be_logged_in, function (req, res) {
 	if (!may_delete_account(req.user.user_id))
 		return res.status(401).send("You may not delete your account while you have unfinished games.")
-	res.render("delete_account.pug", { user: req.user })
+	res.render("delete_account.pug")
 })
 
 const SQL_SELECT_GAME_ROLE_FOR_DELETED_USER = SQL(`
@@ -727,7 +727,7 @@ app.post("/account/delete", must_be_logged_in, function (req, res) {
 	let user = SQL_SELECT_LOGIN.get(req.user.user_id)
 	let hash = hash_password(password, user.salt)
 	if (hash !== user.password)
-		return res.render("delete_account.pug", { user: req.user, flash: "Wrong password!" })
+		return res.render("delete_account.pug", { flash: "Wrong password!" })
 
 	let list = SQL_SELECT_GAME_ROLE_FOR_DELETED_USER.all(req.user.user_id)
 	for (let item of list)
@@ -765,7 +765,7 @@ app.get("/account/mail/unsubscribe", must_be_logged_in, function (req, res) {
 
 app.get("/account/webhook", must_be_logged_in, function (req, res) {
 	let webhook = SQL_SELECT_WEBHOOK.get(req.user.user_id)
-	res.render("webhook.pug", { user: req.user, webhook: webhook })
+	res.render("webhook.pug", { webhook: webhook })
 })
 
 app.post("/account/webhook/delete", must_be_logged_in, function (req, res) {
@@ -786,29 +786,29 @@ app.post("/account/webhook/update", must_be_logged_in, function (req, res) {
 })
 
 app.get("/account/change-name", must_be_logged_in, function (req, res) {
-	res.render("change_name.pug", { user: req.user })
+	res.render("change_name.pug")
 })
 
 app.post("/account/change-name", must_be_logged_in, function (req, res) {
 	let newname = clean_user_name(req.body.newname)
 	if (!is_valid_user_name(newname))
-		return res.render("change_name.pug", { user: req.user, flash: "Invalid user name!" })
+		return res.render("change_name.pug", { flash: "Invalid user name!" })
 	if (SQL_EXISTS_USER_NAME.get(newname))
-		return res.render("change_name.pug", { user: req.user, flash: "That name is already taken!" })
+		return res.render("change_name.pug", { flash: "That name is already taken!" })
 	SQL_UPDATE_USER_NAME.run(newname, req.user.user_id)
 	return res.redirect("/profile")
 })
 
 app.get("/account/change-mail", must_be_logged_in, function (req, res) {
-	res.render("change_mail.pug", { user: req.user })
+	res.render("change_mail.pug")
 })
 
 app.post("/account/change-mail", must_be_logged_in, function (req, res) {
 	let newmail = req.body.newmail
 	if (!is_valid_email(newmail) || is_forbidden_mail(newmail))
-		return res.render("change_mail.pug", { user: req.user, flash: "Invalid mail address!" })
+		return res.render("change_mail.pug", { flash: "Invalid mail address!" })
 	if (SQL_EXISTS_USER_MAIL.get(newmail))
-		return res.render("change_mail.pug", { user: req.user, flash: "That mail address is already taken!" })
+		return res.render("change_mail.pug", { flash: "That mail address is already taken!" })
 	SQL_UPDATE_USER_MAIL.run(newmail, req.user.user_id)
 	SQL_UPDATE_USER_VERIFIED.run(0, req.user.user_id)
 	return res.redirect("/profile")
@@ -816,7 +816,7 @@ app.post("/account/change-mail", must_be_logged_in, function (req, res) {
 
 app.get("/account/change-about", must_be_logged_in, function (req, res) {
 	let about = SQL_SELECT_USER_ABOUT.get(req.user.user_id)
-	res.render("change_about.pug", { user: req.user, about: about || "" })
+	res.render("change_about.pug", { about })
 })
 
 app.post("/account/change-about", must_be_logged_in, function (req, res) {
@@ -1237,7 +1237,7 @@ app.get("/forum/search", must_be_logged_in, function (req, res) {
 			results = FORUM_SEARCH.all('"' + search.replaceAll('"', '""') + '"')
 		}
 	}
-	res.render("forum_search.pug", { user: req.user, search, results })
+	res.render("forum_search.pug", { search, results })
 })
 
 /*
@@ -1709,7 +1709,7 @@ app.get("/games/active", must_be_logged_in, function (req, res) {
 	let active_pools = TM_POOL_LIST_USER_ACTIVE.all(user_id)
 	let finished_pools = TM_POOL_LIST_USER_RECENT_FINISHED.all(user_id)
 
-	res.render("games_active.pug", { user: req.user, who: req.user, games, seeds, active_pools, finished_pools })
+	res.render("games_active.pug", { who: req.user, games, seeds, active_pools, finished_pools })
 })
 
 app.get("/tm/active", must_be_logged_in, function (req, res) {
@@ -1717,7 +1717,7 @@ app.get("/tm/active", must_be_logged_in, function (req, res) {
 	let seeds = TM_SEED_LIST_USER.all(user_id)
 	let active_pools = TM_POOL_LIST_USER_ACTIVE.all(user_id)
 	let finished_pools = TM_POOL_LIST_USER_RECENT_FINISHED.all(user_id)
-	res.render("tm_active.pug", { user: req.user, who: req.user, seeds, active_pools, finished_pools })
+	res.render("tm_active.pug", { who: req.user, seeds, active_pools, finished_pools })
 })
 
 app.get("/games/finished", must_be_logged_in, function (req, res) {
@@ -1725,12 +1725,12 @@ app.get("/games/finished", must_be_logged_in, function (req, res) {
 	let unread = SQL_SELECT_UNREAD_CHAT_GAMES.all(req.user.user_id)
 	let unseen = SQL_SELECT_UNSEEN_GAME_LIST.all(req.user.user_id)
 	annotate_games(games, req.user.user_id, unread, unseen)
-	res.render("games_finished.pug", { user: req.user, who: req.user, games })
+	res.render("games_finished.pug", { who: req.user, games })
 })
 
 app.get("/tm/finished", must_be_logged_in, function (req, res) {
 	let pools = TM_POOL_LIST_USER_ALL_FINISHED.all(req.user.user_id)
-	res.render("tm_finished.pug", { user: req.user, who: req.user, pools })
+	res.render("tm_finished.pug", { who: req.user, pools })
 })
 
 app.get("/games/finished/:who_name", function (req, res) {
@@ -1738,7 +1738,7 @@ app.get("/games/finished/:who_name", function (req, res) {
 	if (who) {
 		let games = QUERY_LIST_FINISHED_GAMES_OF_USER.all({ user_id: who.user_id })
 		annotate_games(games, 0, null, null)
-		res.render("games_finished.pug", { user: req.user, who, games })
+		res.render("games_finished.pug", { who, games })
 	} else {
 		return res.status(404).send("Invalid user name.")
 	}
@@ -1748,7 +1748,7 @@ app.get("/tm/finished/:who_name", function (req, res) {
 	let who = SQL_SELECT_USER_BY_NAME.get(req.params.who_name)
 	if (who) {
 		let pools = TM_POOL_LIST_USER_ALL_FINISHED.all(who.user_id)
-		res.render("tm_finished.pug", { user: req.user, who, pools })
+		res.render("tm_finished.pug", { who, pools })
 	} else {
 		return res.status(404).send("Invalid user name.")
 	}
@@ -3143,7 +3143,7 @@ const TM_SELECT_SEED_READY_MINI_CUP = SQL(`
 
 app.get("/tm/list", function (req, res) {
 	let seeds = TM_SEED_LIST_ALL.all(req.user ? req.user.user_id : 0)
-	res.render("tm_list.pug", { user: req.user, seeds })
+	res.render("tm_list.pug", { seeds })
 })
 
 app.get("/tm/seed/:seed_name", function (req, res) {
@@ -3172,7 +3172,7 @@ app.get("/tm/seed/:seed_name", function (req, res) {
 			may_register = true
 	}
 
-	res.render("tm_seed.pug", { user: req.user, error, may_register, seed, queues, active_pools, finished_pools })
+	res.render("tm_seed.pug", { error, may_register, seed, queues, active_pools, finished_pools })
 })
 
 app.get("/tm/pool/:pool_name", function (req, res) {
@@ -3190,7 +3190,7 @@ app.get("/tm/pool/:pool_name", function (req, res) {
 		players = TM_SELECT_PLAYERS_MP.all(pool_id)
 	let games = TM_SELECT_GAMES.all(pool_id)
 	let games_by_round = object_group_by(games, "round")
-	res.render("tm_pool.pug", { user: req.user, seed, pool, roles, players, games, games_by_round })
+	res.render("tm_pool.pug", { seed, pool, roles, players, games, games_by_round })
 })
 
 app.post("/api/tm/register/:seed_id/:level", must_be_logged_in, function (req, res) {
@@ -4229,7 +4229,7 @@ app.get("/user-stats/:who_name", must_be_administrator, function (req, res) {
 	if (who) {
 		let stats = SQL_USER_STATS.all(who.user_id, who.user_id)
 		let ratings = SQL_USER_RATINGS.all(who.user_id)
-		res.render("user_stats.pug", { user: req.user, who, stats, ratings })
+		res.render("user_stats.pug", { who, stats, ratings })
 	} else {
 		return res.status(404).send("Invalid user name.")
 	}
@@ -4240,7 +4240,7 @@ app.get("/game-stats/:title_id", must_be_administrator, function (req, res) {
 	if (title_id in TITLE_TABLE) {
 		let title_name = TITLE_NAME[title_id]
 		let ratings = SQL_GAME_RATINGS.all(title_id)
-		res.render("game_stats.pug", { user: req.user, title_name, ratings })
+		res.render("game_stats.pug", { title_name, ratings })
 	} else {
 		return res.status(404).send("Invalid title.")
 	}