diff --git a/src/core/mail.js b/src/core/mail.js
index 6079399..229cd28 100644
--- a/src/core/mail.js
+++ b/src/core/mail.js
@@ -202,6 +202,6 @@ class MailProvider {
   }
 }
 
-export const mailProvider = new MailProvider();
+const mailProvider = new MailProvider();
 
 export default mailProvider;
diff --git a/src/routes/api/auth/change_mail.js b/src/routes/api/auth/change_mail.js
index cd4a7d3..5cbf3c9 100644
--- a/src/routes/api/auth/change_mail.js
+++ b/src/routes/api/auth/change_mail.js
@@ -1,10 +1,10 @@
 /*
  * request password change
+ * @flow
  */
 
 
 import type { Request, Response } from 'express';
-import Sequelize from 'sequelize';
 import mailProvider from '../../../core/mail';
 
 import { validatePassword, validateEMail } from '../../../utils/validation';
@@ -41,8 +41,8 @@ export default async (req: Request, res: Response) => {
     return;
   }
 
-  const current_password = user.regUser.password;
-  if (!compareToHash(password, current_password)) {
+  const currentPassword = user.regUser.password;
+  if (!compareToHash(password, currentPassword)) {
     res.status(400);
     res.json({
       errors: ['Incorrect password!'],
diff --git a/src/routes/api/auth/change_name.js b/src/routes/api/auth/change_name.js
index 56f1f48..062d9a2 100644
--- a/src/routes/api/auth/change_name.js
+++ b/src/routes/api/auth/change_name.js
@@ -1,5 +1,6 @@
 /*
  * request password change
+ * @flow
  */
 
 
@@ -9,7 +10,7 @@ import { RegUser } from '../../../data/models';
 import { validateName } from '../../../utils/validation';
 
 async function validate(oldname, name) {
-  if (oldname == name) return 'You already have that name.';
+  if (oldname === name) return 'You already have that name.';
 
   const nameerror = validateName(name);
   if (nameerror) return nameerror;
diff --git a/src/routes/api/auth/change_passwd.js b/src/routes/api/auth/change_passwd.js
index 717da90..2d439a2 100644
--- a/src/routes/api/auth/change_passwd.js
+++ b/src/routes/api/auth/change_passwd.js
@@ -1,5 +1,6 @@
 /*
  * request password change
+ * @flow
  */
 
 
@@ -8,18 +9,18 @@ import type { Request, Response } from 'express';
 import { validatePassword } from '../../../utils/validation';
 import { compareToHash } from '../../../utils/hash';
 
-function validate(new_password, password) {
+function validate(newPassword) {
   const errors = [];
 
-  const newpassworderror = validatePassword(new_password);
+  const newpassworderror = validatePassword(newPassword);
   if (newpassworderror) errors.push(newpassworderror);
 
   return errors;
 }
 
 export default async (req: Request, res: Response) => {
-  const { new_password, password } = req.body;
-  const errors = validate(new_password, password);
+  const { new_password: newPassword, password } = req.body;
+  const errors = validate(newPassword);
   if (errors.length > 0) {
     res.status(400);
     res.json({
@@ -37,8 +38,8 @@ export default async (req: Request, res: Response) => {
     return;
   }
 
-  const current_password = user.regUser.password;
-  if (current_password && !compareToHash(password, current_password)) {
+  const currentPassword = user.regUser.password;
+  if (currentPassword && !compareToHash(password, currentPassword)) {
     res.status(400);
     res.json({
       errors: ['Incorrect password!'],
@@ -46,7 +47,7 @@ export default async (req: Request, res: Response) => {
     return;
   }
 
-  await user.regUser.update({ password: new_password });
+  await user.regUser.update({ password: newPassword });
 
   res.json({
     success: true,
diff --git a/src/routes/api/auth/delete_account.js b/src/routes/api/auth/delete_account.js
index 128c027..47d4673 100644
--- a/src/routes/api/auth/delete_account.js
+++ b/src/routes/api/auth/delete_account.js
@@ -1,5 +1,6 @@
 /*
  * request password change
+ * @flow
  */
 
 
@@ -19,7 +20,7 @@ function validate(password) {
 }
 
 export default async (req: Request, res: Response) => {
-  const { new_password, password } = req.body;
+  const { password } = req.body;
   const errors = await validate(password);
   if (errors.length > 0) {
     res.status(400);
@@ -39,8 +40,8 @@ export default async (req: Request, res: Response) => {
   }
   const { id } = user;
 
-  const current_password = user.regUser.password;
-  if (!current_password || !compareToHash(password, current_password)) {
+  const currentPassword = user.regUser.password;
+  if (!currentPassword || !compareToHash(password, currentPassword)) {
     res.status(400);
     res.json({
       errors: ['Incorrect password!'],
diff --git a/src/routes/api/auth/index.js b/src/routes/api/auth/index.js
index a503fea..4e5b82d 100644
--- a/src/routes/api/auth/index.js
+++ b/src/routes/api/auth/index.js
@@ -4,18 +4,23 @@
 
 
 import express from 'express';
-import bodyParser from 'body-parser';
 
 import logger from '../../../core/logger';
 
 import register from './register';
 import verify from './verify';
 import logout from './logout';
+// eslint-disable-next-line camelcase
 import resend_verify from './resend_verify';
+// eslint-disable-next-line camelcase
 import change_passwd from './change_passwd';
+// eslint-disable-next-line camelcase
 import delete_account from './delete_account';
+// eslint-disable-next-line camelcase
 import change_name from './change_name';
+// eslint-disable-next-line camelcase
 import change_mail from './change_mail';
+// eslint-disable-next-line camelcase
 import restore_password from './restore_password';
 import mclink from './mclink';
 
@@ -97,8 +102,8 @@ export default (passport) => {
       }
       logger.info(`User ${user.id} logged in with mail/password.`);
 
-      req.logIn(user, async (err) => {
-        if (err) { res.json({ success: false, errors: ['Failed to establish session. Please try again later :('] }); return; }
+      req.logIn(user, async (e) => {
+        if (e) { res.json({ success: false, errors: ['Failed to establish session. Please try again later :('] }); return; }
 
         user.ip = req.user.ip;
         const me = await getMe(user);
diff --git a/src/routes/api/auth/logout.js b/src/routes/api/auth/logout.js
index adc8e93..db564ab 100644
--- a/src/routes/api/auth/logout.js
+++ b/src/routes/api/auth/logout.js
@@ -1,5 +1,6 @@
 /*
  * logout
+ * @flow
  */
 import type { Request, Response } from 'express';
 
diff --git a/src/routes/api/auth/register.js b/src/routes/api/auth/register.js
index 01a7ff5..a7b7b90 100644
--- a/src/routes/api/auth/register.js
+++ b/src/routes/api/auth/register.js
@@ -10,7 +10,11 @@ import Sequelize from 'sequelize';
 import { RegUser } from '../../../data/models';
 import mailProvider from '../../../core/mail';
 import getMe from '../../../core/me';
-import { validateEMail, validateName, validatePassword } from '../../../utils/validation';
+import {
+  validateEMail,
+  validateName,
+  validatePassword,
+} from '../../../utils/validation';
 
 async function validate(email, name, password) {
   const errors = [];
@@ -56,8 +60,7 @@ export default async (req: Request, res: Response) => {
     return;
   }
 
-  const { noauthUser } = req;
-  const user = (noauthUser) || new User(id);
+  const user = req.noauthUser;
   user.id = newuser.id;
   user.regUser = newuser;
   const me = await getMe(user);
diff --git a/src/routes/api/auth/resend_verify.js b/src/routes/api/auth/resend_verify.js
index 3d7627b..35d4bad 100644
--- a/src/routes/api/auth/resend_verify.js
+++ b/src/routes/api/auth/resend_verify.js
@@ -1,5 +1,6 @@
 /*
  * request resend of verification mail
+ * @flow
  */
 
 
diff --git a/src/routes/api/auth/restore_password.js b/src/routes/api/auth/restore_password.js
index 8b8553b..7bf185d 100644
--- a/src/routes/api/auth/restore_password.js
+++ b/src/routes/api/auth/restore_password.js
@@ -1,5 +1,6 @@
 /*
  * request passowrd reset mail
+ * @flow
  */
 
 
diff --git a/src/routes/api/auth/verify.js b/src/routes/api/auth/verify.js
index 7592732..a5b68f8 100644
--- a/src/routes/api/auth/verify.js
+++ b/src/routes/api/auth/verify.js
@@ -15,6 +15,7 @@ export default async (req: Request, res: Response) => {
     const index = getHtml('Mail verification', 'You are now verified :)');
     res.status(200).send(index);
   } else {
+    // eslint-disable-next-line max-len
     const index = getHtml('Mail verification', 'Your mail verification code is invalid or already expired :(, please request a new one.');
     res.status(400).send(index);
   }
diff --git a/src/utils/ip.js b/src/utils/ip.js
index 0cf84ca..7878460 100644
--- a/src/utils/ip.js
+++ b/src/utils/ip.js
@@ -25,6 +25,7 @@ export async function getIPFromRequest(req): ?string {
   const conip = (connection ? connection.remoteAddress : socket.remoteAddress);
 
   if (!headers['x-forwarded-for'] || !isTrustedProxy(conip)) {
+    // eslint-disable-next-line max-len
     logger.warn(`Connection not going through nginx and cloudflare! IP: ${conip}`, headers);
     return conip;
   }
@@ -43,6 +44,7 @@ export async function getIPFromRequest(req): ?string {
 
 export function getIPv6Subnet(ip: string): string {
   if (ip.includes(':')) {
+    // eslint-disable-next-line max-len
     const ipv6sub = `${ip.split(':').slice(0, 4).join(':')}:0000:0000:0000:0000`;
     // logger.warn("IPv6 subnet: ", ipv6sub);
     return ipv6sub;