[IMPROVE] AvatarBlockUnauthenticatedAccess do not call user.find if you dont have to (#15355)

server/routes/avatar/utils.js

@@ -45,9 +45,9 @@ function isUserAuthenticated({ headers, query }) {
 		return false;
 	}
 
-	const userFound = Users.findOneByIdAndLoginToken(rc_uid, rc_token, { fields: { _id: 1 } });
+	const userFound = Users.findOneByIdAndLoginToken(rc_uid, rc_token, { fields: { _id: 1 } }); // TODO memoize find
 
-	return !!rc_uid && !!rc_token && !!userFound;
+	return !!userFound;
 }
 
 const warnUnauthenticatedAccess = throttle(() => {
@@ -55,17 +55,16 @@ const warnUnauthenticatedAccess = throttle(() => {
 }, 60000 * 30); // 30 minutes
 
 export function userCanAccessAvatar({ headers = {}, query = {} }) {
-	const isAuthenticated = isUserAuthenticated({ headers, query });
-
-	if (settings.get('Accounts_AvatarBlockUnauthenticatedAccess') === true) {
-		return isAuthenticated;
+	if (!settings.get('Accounts_AvatarBlockUnauthenticatedAccess')) {
+		return true;
 	}
 
+	const isAuthenticated = isUserAuthenticated({ headers, query });
 	if (!isAuthenticated) {
 		warnUnauthenticatedAccess();
 	}
 
-	return true;
+	return isAuthenticated;
 }
 
 const getFirstLetter = (name) => name.replace(/[^A-Za-z0-9]/g, '').substr(0, 1).toUpperCase();