chore: es6 upgrade check in

Complete package upgrades for node 7 compat

.jshintrc

@@ -1,5 +1,6 @@
 {
   "browser": true,
+  "version": "es6",
   "camelcase": true,
   "curly": true,
   "devel": true,

build/post-update.js

@@ -3,7 +3,6 @@ var fs = require('fs'),
     path = require('path'),
     version = require('../package').version,
     semver = require('semver'),
-    RSVP = require('rsvp'),
     script = process.argv[1];
 
 if (process.argv[2] && semver.valid(process.argv[2]) === process.argv[2]) {
@@ -28,7 +27,7 @@ function main(oldVersion) {
 }
 
 function getVersionUpdate(file) {
-  return new RSVP.Promise(function (resolve) {
+  return new Promise(function (resolve) {
     var dir = path.join(__dirname, 'upgrade', file);
     fs.stat(dir, function (err, stat) {
       if (stat.isDirectory()) {
@@ -54,7 +53,7 @@ function getVersions(oldVersion, version) {
       promises.push(getVersionUpdate(file));
     });
 
-    RSVP.all(promises).then(function (files) {
+    Promise.all(promises).then(function (files) {
       files.filter(function (file) {
         return file !== false;
       }).sort(function (a, b) {

lib/addons/memcached/index.js

@@ -1,11 +1,10 @@
 module.exports = function (app, connection) {
-  'use strict';
+  const onHeaders = require('on-headers');
   var memcached = require('./store')(connection);
   var UserModel = require('../../models').user;
   var undefsafe = require('undefsafe');
   var feature = require('../../features');
   var metrics = require('../../metrics');
-  var utils = require('../../utils.js');
 
   // add memcachedstore to app for other modules to use;
   app.sessionStore = memcached;
@@ -45,6 +44,7 @@ module.exports = function (app, connection) {
   }
 
   app.use(function (req, res, next) {
+    console.log('session middleware');
     // stick this all behind a feature flag
     if (!feature('serverSession', req)) {
       return next();
@@ -79,8 +79,9 @@ module.exports = function (app, connection) {
 
     // we're basically yaking the same idea that connects cookieSessions use
     // from here: http://www.senchalabs.org/connect/cookieSession.html
-    res.on('header', function () {
-      var sessionUser = undefsafe(req, '_sessionBeforeBlacklist.user');
+    onHeaders(res, function () {
+
+      var sessionUser = undefsafe(res, 'locals._sessionBeforeBlacklist.user');
       // if there's no user on the session, there's nothing to save
       if (!sessionUser) {
         return;
@@ -100,9 +101,11 @@ module.exports = function (app, connection) {
 
   app.use(function (req, res, next) {
     memcached.items().then(function (results) {
+      console.log('session.count: %s', results.length);
       metrics.gauge('sessions.count', results.length);
       next();
-    }, function () {
+    }, function (e) {
+      console.log('failed', e);
       next();
     });
   });

lib/app.js

@@ -1,8 +1,3 @@
-'use strict';
-
-// still using `promise` as it includes denodeify which we use
-global.Promise = require('promise'); // expose
-
 const cookieParser = require('cookie-parser');
 const bodyParser = require('body-parser');
 const expressSession = require('express-session');
@@ -27,9 +22,9 @@ var nodemailer  = require('nodemailer'),
     helpers     = require('./helpers'),
     metrics     = require('./metrics'),
     github      = require('./github')(options), // if used, contains github.id
-    _           = require('underscore'),
+    _           = require('lodash'),
     crypto      = require('crypto'),
-    filteredCookieSession = require('express-cookie-blacklist'),
+    filteredCookieSession = require('./blacklist-cookie'),
     sessionVersion = require('./session-version'),
     stripeRoutes  = require('./stripe')(options),
     flattened;
@@ -253,7 +248,6 @@ app.connect = function (callback) {
   app.emit('before:cookies', { app: app });
 
   app.use(cookieParser(app.get('session secret')));
-  app.use(filteredCookieSession(['user.settings', 'passport', 'user.email', 'user.github_id', 'user.github_token', 'user.dropbox_token', 'user.dropbox_id', 'user.flagged', 'user.bincount', 'user.api_key', 'user.key', 'user.id', 'user.embed']));
   app.use(cookieSession({
     keys: ['jsbin'],
     cookie: {
@@ -274,6 +268,10 @@ app.connect = function (callback) {
     require('./ping');
   }
 
+  // this needs to be last, because it hooks an onHeaders, which
+  // "fires in reverse order" so it needs to go first.
+  app.use(filteredCookieSession(['user.settings', 'passport', 'user.email', 'user.github_id', 'user.github_token', 'user.dropbox_token', 'user.dropbox_id', 'user.flagged', 'user.bincount', 'user.api_key', 'user.key', 'user.id', 'user.embed']));
+
   app.emit('after:session', {app: app});
 
   app.use(function (req, res, next) {

lib/blacklist-cookie.js

@@ -0,0 +1,28 @@
+const onHeaders = require('on-headers');
+const clone = require('lodash').cloneDeep;
+
+module.exports = function (blacklist) {
+  if (blacklist && !Array.isArray(blacklist)) {
+    blacklist = [blacklist];
+  }
+  return function (req, res, next) {
+    onHeaders(res, function () {
+      res.locals._sessionBeforeBlacklist = clone(req.session);
+      if (blacklist) {
+        blacklist.forEach(key => deleteItem(req.session, key));
+      }
+    });
+    next();
+  };
+};
+
+function deleteItem(object = {}, key) {
+  const keys = key.split('.');
+  const last = keys.length - 1;
+  return keys.reduce((obj, key, i) => {
+    if (i === last && obj[key] !== undefined) {
+      delete obj[key];
+    }
+    return obj[key] || {};
+  }, object);
+};

lib/handlers/admin.js

@@ -3,11 +3,10 @@ var mysql = require('../db/mysql');
 var config = require('../config');
 var store = new mysql(config.store.mysql);
 var models = require('../models');
-var memcached = require('memcached');
 var memcache = null;
 
 if (config.session.memcached && config.session.memcached.connection) {
-  memcache = new memcached(config.session.memcached.connection);
+  // memcache = new memcached(config.session.memcached.connection);
 }
 
 var admin = module.exports = {
@@ -20,7 +19,7 @@ admin.renderAdmin = function renderAdmin (req, res) {
 
   res.render('admin/index', {
     host: req.app.get('url host'),
-    token: req.session._csrf,
+    token: req.csrfToken(),
     title: 'Admin',
     layout: 'sub/layout.html',
     httproot: root.replace('https', 'http'),
@@ -69,7 +68,7 @@ admin.flagUser = function flagUser (req, res) {
         }
         // reset their memcache session
         if (memcache) {
-          memcache.set(username, false, 0, function () {});
+          // memcache.set(username, false, 0, function () {});
         }
         res.json(200, { all: 'ok'});
       });

lib/handlers/bin.js

@@ -10,8 +10,6 @@ var async      = require('asyncjs'),
     undefsafe  = require('undefsafe'),
     metrics    = require('../metrics'),
     features   = require('../features'),
-    RSVP       = require('rsvp'),
-    Promise    = RSVP.Promise,
     config     = require('../config'),
     welcomePanel = require('../welcome-panel'),
     binToFile  = require('bin-to-file'),
@@ -197,7 +195,7 @@ module.exports = Observable.extend({
     var options = {
       edit: !req.param('quiet'),
       silent: !!req.param('quiet'),
-      csrf: req.session._csrf
+      csrf: req.csrfToken()
     };
 
     this.protectVisibility(req.session.user, req.bin, function(err, bin) {
@@ -540,11 +538,11 @@ module.exports = Observable.extend({
     });
   },
   createRevision: function (req, res, next) {
-    var panel  = req.param('panel'),
-        params = {},
-        handler  = this,
-        models = this.models,
-        binSettings = {};
+    var panel  = req.body.panel;
+    var params = {};
+    var handler  = this;
+    var models = this.models;
+    var binSettings = {};
 
     try {
       binSettings = JSON.parse(req.param('settings'));
@@ -612,7 +610,7 @@ module.exports = Observable.extend({
             }
 
             // Notify interested parties (spike) that a new revision was created
-            var oldBin = req.bin;
+            // var oldBin = req.bin;
             handler.once('created', function (newBin) {
               handler.emit('new-revision', bin, newBin);
             });
@@ -790,7 +788,7 @@ module.exports = Observable.extend({
         if (req.url.indexOf('edit') > -1) {
           self.render(req, res, results);
         } else {
-          var options = {edit: true, silent: true, csrf: req.session._csrf};
+          var options = {edit: true, silent: true, csrf: req.csrfToken()};
           self.formatPreview(req, results, options, function (err, formatted) {
             if (err) {
               return next(err);
@@ -809,11 +807,11 @@ module.exports = Observable.extend({
   },
   loadBin: function (req, res, next) {
     var self = this;
-    var rev    = parseInt(req.params.rev, 10) || 'latest',
-        username = undefsafe(req, 'session.user.name'),
-        query  = {id: req.params.bin, revision: rev, username: username },
-        helpers = this.helpers,
-        models = this.models;
+    var rev = parseInt(req.params.rev, 10) || 'latest';
+    var username = undefsafe(req, 'session.user.name');
+    var query  = {id: req.params.bin, revision: rev, username: username };
+    var helpers = this.helpers;
+    var models = this.models;
 
     function complete(err, result) {
       if (err && err !== 401) {
@@ -954,7 +952,7 @@ module.exports = Observable.extend({
       }
 
       jsbin = this.jsbin(bin.url ? bin : {}, {
-        token: req.session._csrf,
+        token: req.csrfToken(),
         metadata: bin.metadata,
         name: undefsafe(customConfig, 'name') || 'JS Bin',
         settings: settings,
@@ -1196,7 +1194,7 @@ module.exports = Observable.extend({
       scripts: production ? false : scripts.app,
       static: statik,
       tips: '{}',
-      token: req.session._csrf,
+      token: req.csrfToken(),
       url: url,
       user: user || null,
       vanity: features('vanity', req) ? 'http://' + req.session.user.name + '.' + req.app.get('url host') : root,
@@ -1477,7 +1475,7 @@ module.exports = Observable.extend({
     }
 
     if (binSettings && binSettings.processors && Object.keys(binSettings.processors).length) {
-      return new RSVP.all(Object.keys(binSettings.processors).map(function (panel) {
+      return Promise.all(Object.keys(binSettings.processors).map(function (panel) {
         var processorName = binSettings.processors[panel],
             code = bin[panel];
         if (processors.support(processorName)) {
@@ -1501,13 +1499,13 @@ module.exports = Observable.extend({
             return bin;
           });
         } else {
-          return new RSVP.resolve(bin);
+          return Promise.resolve(bin);
         }
       }));
     }
 
     // otherwise default to being resolved
-    return RSVP.resolve([bin]);
+    return Promise.resolve([bin]);
   },
   formatPreview: function (req, bin, options, fn) {
     var _this = this;