src/share/routes.js

const express = require('express');
const path = require('path');
const safeCompare = require('safe-compare');

const shaca = require("./shaca/shaca");
const shacaLoader = require("./shaca/shaca_loader");
const shareRoot = require("./share_root");
const contentRenderer = require("./content_renderer");
const assetPath = require("../services/asset_path");
const appPath = require("../services/app_path");

function getSharedSubTreeRoot(note) {
    if (note.noteId === shareRoot.SHARE_ROOT_NOTE_ID) {
        // share root itself is not shared
        return null;
    }

    // every path leads to share root, but which one to choose?
    // for the sake of simplicity, URLs are not note paths
    const parentNote = note.getParentNotes()[0];

    if (parentNote.noteId === shareRoot.SHARE_ROOT_NOTE_ID) {
        return note;
    }

    return getSharedSubTreeRoot(parentNote);
}

function addNoIndexHeader(note, res) {
    if (note.isLabelTruthy('shareDisallowRobotIndexing')) {
        res.setHeader('X-Robots-Tag', 'noindex');
    }
}

function requestCredentials(res) {
    res.setHeader('WWW-Authenticate', 'Basic realm="User Visible Realm", charset="UTF-8"')
        .sendStatus(401);
}

/** @returns {SAttachment|boolean} */
function checkAttachmentAccess(attachmentId, req, res) {
    const attachment = shaca.getAttachment(attachmentId);

    if (!attachment) {
        res.status(404)
            .json({ message: `Attachment '${attachmentId}' not found.` });

        return false;
    }

    const note = checkNoteAccess(attachment.parentId, req, res);

    // truthy note means the user has access, and we can return the attachment
    return note ? attachment : false;
}

/** @returns {SNote|boolean} */
function checkNoteAccess(noteId, req, res) {
    const note = shaca.getNote(noteId);

    if (!note) {
        res.status(404)
            .json({ message: `Note '${noteId}' not found.` });

        return false;
    }

    if (noteId === '_share' && !shaca.shareIndexEnabled) {
        res.status(403)
            .json({ message: `Accessing share index is forbidden.` });

        return false;
    }

    const credentials = note.getCredentials();

    if (credentials.length === 0) {
        return note;
    }

    const header = req.header("Authorization");

    if (!header?.startsWith("Basic ")) {
        requestCredentials(res);
        return false;
    }

    const base64Str = header.substring("Basic ".length);
    const buffer = Buffer.from(base64Str, 'base64');
    const authString = buffer.toString('utf-8');

    for (const credentialLabel of credentials) {
        if (safeCompare(authString, credentialLabel.value)) {
            return note; // success;
        }
    }

    return false;
}

function register(router) {
    function renderNote(note, req, res) {
        if (!note) {
            res.status(404).render("share/404");
            return;
        }

        if (!checkNoteAccess(note.noteId, req, res)) {
            requestCredentials(res);

            return;
        }

        addNoIndexHeader(note, res);

        if (note.isLabelTruthy('shareRaw')) {
            res.setHeader('Content-Type', note.mime)
                .send(note.getContent());

            return;
        }

        const {header, content, isEmpty} = contentRenderer.getContent(note);

        const subRoot = getSharedSubTreeRoot(note);

        res.render("share/page", {
            note,
            header,
            content,
            isEmpty,
            subRoot,
            assetPath,
            appPath
        });
    }

    router.use('/share/canvas_share.js', express.static(path.join(__dirname, 'canvas_share.js')));

    router.get('/share/', (req, res, next) => {
        if (req.path.substr(-1) !== '/') {
            res.redirect('../share/');
            return;
        }

        shacaLoader.ensureLoad();

        renderNote(shaca.shareRootNote, req, res);
    });

    router.get('/share/:shareId', (req, res, next) => {
        shacaLoader.ensureLoad();

        const {shareId} = req.params;

        const note = shaca.aliasToNote[shareId] || shaca.notes[shareId];

        renderNote(note, req, res);
    });

    router.get('/share/api/notes/:noteId', (req, res, next) => {
        shacaLoader.ensureLoad();
        let note;

        if (!(note = checkNoteAccess(req.params.noteId, req, res))) {
            return;
        }

        addNoIndexHeader(note, res);

        res.json(note.getPojo());
    });

    router.get('/share/api/notes/:noteId/download', (req, res, next) => {
        shacaLoader.ensureLoad();

        let note;

        if (!(note = checkNoteAccess(req.params.noteId, req, res))) {
            return;
        }

        addNoIndexHeader(note, res);

        const utils = require("../services/utils");

        const filename = utils.formatDownloadTitle(note.title, note.type, note.mime);

        res.setHeader('Content-Disposition', utils.getContentDisposition(filename));

        res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
        res.setHeader('Content-Type', note.mime);

        res.send(note.getContent());
    });

    // :filename is not used by trilium, but instead used for "save as" to assign a human-readable filename
    router.get('/share/api/images/:noteId/:filename', (req, res, next) => {
        shacaLoader.ensureLoad();

        let image;

        if (!(image = checkNoteAccess(req.params.noteId, req, res))) {
            return;
        }

        if (!["image", "canvas"].includes(image.type)) {
            return res.status(400)
                .json({ message: "Requested note is not a shareable image" });
        } else if (image.type === "canvas") {
            /**
             * special "image" type. the canvas is actually type application/json
             * to avoid bitrot and enable usage as referenced image the svg is included.
             */
            const content = image.getContent();
            try {
                const data = JSON.parse(content);

                const svg = data.svg || '<svg />';
                addNoIndexHeader(image, res);
                res.set('Content-Type', "image/svg+xml");
                res.set("Cache-Control", "no-cache, no-store, must-revalidate");
                res.send(svg);
            } catch (err) {
                res.status(500)
                    .json({ message: "There was an error parsing excalidraw to svg." });
            }
        } else {
            // normal image
            res.set('Content-Type', image.mime);
            addNoIndexHeader(image, res);
            res.send(image.getContent());
        }
    });

    // :filename is not used by trilium, but instead used for "save as" to assign a human-readable filename
    router.get('/share/api/attachments/:attachmentId/image/:filename', (req, res, next) => {
        shacaLoader.ensureLoad();

        let attachment;

        if (!(attachment = checkAttachmentAccess(req.params.attachmentId, req, res))) {
            return;
        }

        if (attachment.role === "image") {
            res.set('Content-Type', attachment.mime);
            addNoIndexHeader(attachment.note, res);
            res.send(attachment.getContent());
        } else {
            return res.status(400)
                .json({ message: "Requested attachment is not a shareable image" });
        }
    });

    router.get('/share/api/attachments/:attachmentId/download', (req, res, next) => {
        shacaLoader.ensureLoad();

        let attachment;

        if (!(attachment = checkAttachmentAccess(req.params.attachmentId, req, res))) {
            return;
        }

        addNoIndexHeader(attachment.note, res);

        const utils = require("../services/utils");

        const filename = utils.formatDownloadTitle(attachment.title, null, attachment.mime);

        res.setHeader('Content-Disposition', utils.getContentDisposition(filename));

        res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
        res.setHeader('Content-Type', attachment.mime);

        res.send(attachment.getContent());
    });

    // used for PDF viewing
    router.get('/share/api/notes/:noteId/view', (req, res, next) => {
        shacaLoader.ensureLoad();

        let note;

        if (!(note = checkNoteAccess(req.params.noteId, req, res))) {
            return;
        }

        addNoIndexHeader(note, res);

        res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
        res.setHeader('Content-Type', note.mime);

        res.send(note.getContent());
    });
}

module.exports = {
    register
}
moving canvas_note_share to src/share and add routes 2022-05-09 16:38:23 +02:00			`const express = require('express');`
			`const path = require('path');`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`const safeCompare = require('safe-compare');`
moving canvas_note_share to src/share and add routes 2022-05-09 16:38:23 +02:00
sharing WIP 2021-10-17 14:44:59 +02:00			`const shaca = require("./shaca/shaca");`
			`const shacaLoader = require("./shaca/shaca_loader");`
sharing WIP 2021-10-19 22:48:38 +02:00			`const shareRoot = require("./share_root");`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const contentRenderer = require("./content_renderer");`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`const assetPath = require("../services/asset_path");`
fix missing doc resources for launchers, closes #3455 2022-12-25 11:58:24 +01:00			`const appPath = require("../services/app_path");`
sharing WIP 2021-10-19 22:48:38 +02:00
sharing improvements 2021-12-23 20:54:48 +01:00			`function getSharedSubTreeRoot(note) {`
sharing WIP 2021-10-19 22:48:38 +02:00			`if (note.noteId === shareRoot.SHARE_ROOT_NOTE_ID) {`
sharing improvements 2021-12-23 20:54:48 +01:00			`// share root itself is not shared`
sharing WIP 2021-10-19 22:48:38 +02:00			`return null;`
			`}`

sharing improvements 2021-12-23 20:54:48 +01:00			`// every path leads to share root, but which one to choose?`
typos 2023-06-30 11:18:34 +02:00			`// for the sake of simplicity, URLs are not note paths`
sharing WIP 2021-10-19 22:48:38 +02:00			`const parentNote = note.getParentNotes()[0];`

			`if (parentNote.noteId === shareRoot.SHARE_ROOT_NOTE_ID) {`
			`return note;`
			`}`

sharing improvements 2021-12-23 20:54:48 +01:00			`return getSharedSubTreeRoot(parentNote);`
sharing WIP 2021-10-19 22:48:38 +02:00			`}`
sharing WIP 2021-10-17 14:44:59 +02:00
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`function addNoIndexHeader(note, res) {`
use isLabelTruthy() for most binary labels 2023-06-29 00:14:12 +02:00			`if (note.isLabelTruthy('shareDisallowRobotIndexing')) {`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`res.setHeader('X-Robots-Tag', 'noindex');`
			`}`
			`}`

fix password protected notes rejection 2022-08-01 19:56:09 +02:00			`function requestCredentials(res) {`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`res.setHeader('WWW-Authenticate', 'Basic realm="User Visible Realm", charset="UTF-8"')`
			`.sendStatus(401);`
			`}`

share support for attachment images 2023-06-05 23:05:05 +02:00			`/** @returns {SAttachment\|boolean} */`
			`function checkAttachmentAccess(attachmentId, req, res) {`
			`const attachment = shaca.getAttachment(attachmentId);`

			`if (!attachment) {`
			`res.status(404)`
			.json({ message: `Attachment '${attachmentId}' not found.` });

			`return false;`
			`}`

			`const note = checkNoteAccess(attachment.parentId, req, res);`

typos 2023-06-30 11:18:34 +02:00			`// truthy note means the user has access, and we can return the attachment`
share support for attachment images 2023-06-05 23:05:05 +02:00			`return note ? attachment : false;`
			`}`

attachments have a position 2023-04-11 22:55:50 +02:00			`/** @returns {SNote\|boolean} */`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`function checkNoteAccess(noteId, req, res) {`
			`const note = shaca.getNote(noteId);`

			`if (!note) {`
allow access to share api root note only if there's share index, #3434 2022-12-19 21:39:12 +01:00			`res.status(404)`
share support for attachment images 2023-06-05 23:05:05 +02:00			.json({ message: `Note '${noteId}' not found.` });
allow access to share api root note only if there's share index, #3434 2022-12-19 21:39:12 +01:00
			`return false;`
			`}`

add prefix "_" to "named" IDs 2022-12-21 16:11:00 +01:00			`if (noteId === '_share' && !shaca.shareIndexEnabled) {`
allow access to share api root note only if there's share index, #3434 2022-12-19 21:39:12 +01:00			`res.status(403)`
			.json({ message: `Accessing share index is forbidden.` });
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00
			`return false;`
			`}`

			`const credentials = note.getCredentials();`

			`if (credentials.length === 0) {`
			`return note;`
			`}`

			`const header = req.header("Authorization");`

			`if (!header?.startsWith("Basic ")) {`
fix password protected notes rejection 2022-08-01 19:56:09 +02:00			`requestCredentials(res);`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`return false;`
			`}`

			`const base64Str = header.substring("Basic ".length);`
			`const buffer = Buffer.from(base64Str, 'base64');`
			`const authString = buffer.toString('utf-8');`

			`for (const credentialLabel of credentials) {`
			`if (safeCompare(authString, credentialLabel.value)) {`
			`return note; // success;`
			`}`
			`}`

			`return false;`
			`}`

sharing WIP 2021-10-17 14:44:59 +02:00			`function register(router) {`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`function renderNote(note, req, res) {`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`if (!note) {`
added 404 error page 2021-12-22 09:10:38 +01:00			`res.status(404).render("share/404");`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`return;`
			`}`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`if (!checkNoteAccess(note.noteId, req, res)) {`
fix password protected notes rejection 2022-08-01 19:56:09 +02:00			`requestCredentials(res);`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`return;`
			`}`

added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`addNoIndexHeader(note, res);`

use isLabelTruthy() for most binary labels 2023-06-29 00:14:12 +02:00			`if (note.isLabelTruthy('shareRaw')) {`
set correct content type for error messages 2022-07-01 00:01:29 +02:00			`res.setHeader('Content-Type', note.mime)`
			`.send(note.getContent());`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00
			`return;`
sharing WIP 2021-10-17 14:44:59 +02:00			`}`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00
			`const {header, content, isEmpty} = contentRenderer.getContent(note);`

			`const subRoot = getSharedSubTreeRoot(note);`

			`res.render("share/page", {`
			`note,`
			`header,`
			`content,`
			`isEmpty,`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`subRoot,`
fix missing doc resources for launchers, closes #3455 2022-12-25 11:58:24 +01:00			`assetPath,`
			`appPath`
added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`});`
add #shareRoot label to define an "index" note, closes #2567 2022-01-17 23:13:56 +01:00			`}`

rename canvas_note_share to canvas_share to align witih refactor 2022-05-11 09:06:30 +02:00			`router.use('/share/canvas_share.js', express.static(path.join(__dirname, 'canvas_share.js')));`
moving canvas_note_share to src/share and add routes 2022-05-09 16:38:23 +02:00
redirect /share to /share/, closes #3264 2022-10-30 09:05:12 +01:00			`router.get('/share/', (req, res, next) => {`
			`if (req.path.substr(-1) !== '/') {`
			`res.redirect('../share/');`
			`return;`
			`}`

add #shareRoot label to define an "index" note, closes #2567 2022-01-17 23:13:56 +01:00			`shacaLoader.ensureLoad();`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`renderNote(shaca.shareRootNote, req, res);`
add #shareRoot label to define an "index" note, closes #2567 2022-01-17 23:13:56 +01:00			`});`

			`router.get('/share/:shareId', (req, res, next) => {`
			`shacaLoader.ensureLoad();`

make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00			`const {shareId} = req.params;`

add #shareRoot label to define an "index" note, closes #2567 2022-01-17 23:13:56 +01:00			`const note = shaca.aliasToNote[shareId] \|\| shaca.notes[shareId];`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`renderNote(note, req, res);`
sharing WIP 2021-10-17 14:44:59 +02:00			`});`
sharing WIP 2021-10-19 22:48:38 +02:00
shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00			`router.get('/share/api/notes/:noteId', (req, res, next) => {`
make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00			`shacaLoader.ensureLoad();`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`let note;`
make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`if (!(note = checkNoteAccess(req.params.noteId, req, res))) {`
			`return;`
sharing WIP 2021-10-19 22:48:38 +02:00			`}`

added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`addNoIndexHeader(note, res);`

share support for attachment images 2023-06-05 23:05:05 +02:00			`res.json(note.getPojo());`
sharing WIP 2021-10-19 22:48:38 +02:00			`});`
share functionality WIP 2021-12-06 22:53:17 +01:00
added shareCss relation and shareHiddenFromTree label 2021-12-22 09:36:38 +01:00			`router.get('/share/api/notes/:noteId/download', (req, res, next) => {`
make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00			`shacaLoader.ensureLoad();`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`let note;`
share functionality WIP 2021-12-06 22:53:17 +01:00
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`if (!(note = checkNoteAccess(req.params.noteId, req, res))) {`
			`return;`
share functionality WIP 2021-12-06 22:53:17 +01:00			`}`

added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`addNoIndexHeader(note, res);`

share functionality WIP 2021-12-06 22:53:17 +01:00			`const utils = require("../services/utils");`

			`const filename = utils.formatDownloadTitle(note.title, note.type, note.mime);`

			`res.setHeader('Content-Disposition', utils.getContentDisposition(filename));`

			`res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");`
			`res.setHeader('Content-Type', note.mime);`

			`res.send(note.getContent());`
			`});`
various tweaks to shared notes 2021-12-27 20:48:14 +01:00
many small fixes from Intellij analysis 2023-05-05 23:17:23 +02:00			`// :filename is not used by trilium, but instead used for "save as" to assign a human-readable filename`
shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00			`router.get('/share/api/images/:noteId/:filename', (req, res, next) => {`
make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00			`shacaLoader.ensureLoad();`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`let image;`
shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`if (!(image = checkNoteAccess(req.params.noteId, req, res))) {`
			`return;`
shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00			`}`
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00
			`if (!["image", "canvas"].includes(image.type)) {`
allow access to share api root note only if there's share index, #3434 2022-12-19 21:39:12 +01:00			`return res.status(400)`
			`.json({ message: "Requested note is not a shareable image" });`
refactor canvas-note to canvas 2022-05-10 13:43:05 +02:00			`} else if (image.type === "canvas") {`
add support for sharing canvas-note 2022-04-11 21:38:05 +02:00			`/**`
set correct content type for error messages 2022-07-01 00:01:29 +02:00			`* special "image" type. the canvas is actually type application/json`
clean up code 2022-05-03 22:06:24 +02:00			`* to avoid bitrot and enable usage as referenced image the svg is included.`
add support for sharing canvas-note 2022-04-11 21:38:05 +02:00			`*/`
			`const content = image.getContent();`
			`try {`
clean up code 2022-05-03 22:06:24 +02:00			`const data = JSON.parse(content);`

			`const svg = data.svg \|\| '<svg />';`
Merge remote-tracking branch 'upstream/master' into excalidraw conflict in - package-lock (accept incoming), - routes (remove the option to have image without filename, since it is not really necessary for canvas_note) - note_detail 2022-05-03 21:56:52 +02:00			`addNoIndexHeader(image, res);`
missing path2d support for freedawings, remove node-side rendering, allow async getContent() * ## Excalidraw and SVG * 2022-04-16 - @thfrei * * Known issues: * - excalidraw-to-svg (node.js) does not render any hand drawn (freedraw) paths. There is an issue with * Path2D object not present in node-canvas library used by jsdom. (See Trilium PR for samples and other issues * in respective library. Link will be added later). Related links: * - https://github.com/Automattic/node-canvas/pull/2013 * - https://github.com/google/canvas-5-polyfill * - https://github.com/Automattic/node-canvas/issues/1116 * - https://www.npmjs.com/package/path2d-polyfill * - excalidraw-to-svg (node.js) takes quite some time to load an image (1-2s) * - excalidraw-utils (browser) does render freedraw, however NOT freedraw with background * * Due to this issues, we opt to use only excalidraw in the frontend. Upon saving, we will also get the SVG * output from the live excalidraw instance. We will save this *SVG side by side the native excalidraw format in the trilium note*. * Pro: we will combat bit-rot. Showing the SVG will be very fast, since it is already rendered. * Con: The note will get bigger (maybe +30%?), we will generate more bandwith. * (However, using trilium desktop instance, does not care too much about bandwidth. Size increase is probably * acceptable, as a trade off.) 2022-04-19 00:21:20 +02:00			`res.set('Content-Type', "image/svg+xml");`
			`res.set("Cache-Control", "no-cache, no-store, must-revalidate");`
			`res.send(svg);`
allow access to share api root note only if there's share index, #3434 2022-12-19 21:39:12 +01:00			`} catch (err) {`
			`res.status(500)`
			`.json({ message: "There was an error parsing excalidraw to svg." });`
add support for sharing canvas-note 2022-04-11 21:38:05 +02:00			`}`
			`} else {`
			`// normal image`
			`res.set('Content-Type', image.mime);`
Merge remote-tracking branch 'upstream/master' into excalidraw conflict in - package-lock (accept incoming), - routes (remove the option to have image without filename, since it is not really necessary for canvas_note) - note_detail 2022-05-03 21:56:52 +02:00			`addNoIndexHeader(image, res);`
add support for sharing canvas-note 2022-04-11 21:38:05 +02:00			`res.send(image.getContent());`
shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00			`}`
			`});`

share support for attachment images 2023-06-05 23:05:05 +02:00			`// :filename is not used by trilium, but instead used for "save as" to assign a human-readable filename`
			`router.get('/share/api/attachments/:attachmentId/image/:filename', (req, res, next) => {`
			`shacaLoader.ensureLoad();`

			`let attachment;`

			`if (!(attachment = checkAttachmentAccess(req.params.attachmentId, req, res))) {`
			`return;`
			`}`

			`if (attachment.role === "image") {`
			`res.set('Content-Type', attachment.mime);`
			`addNoIndexHeader(attachment.note, res);`
			`res.send(attachment.getContent());`
			`} else {`
			`return res.status(400)`
			`.json({ message: "Requested attachment is not a shareable image" });`
			`}`
			`});`

share support for attachment file download 2023-06-06 00:16:32 +02:00			`router.get('/share/api/attachments/:attachmentId/download', (req, res, next) => {`
			`shacaLoader.ensureLoad();`

			`let attachment;`

			`if (!(attachment = checkAttachmentAccess(req.params.attachmentId, req, res))) {`
			`return;`
			`}`

			`addNoIndexHeader(attachment.note, res);`

			`const utils = require("../services/utils");`

			`const filename = utils.formatDownloadTitle(attachment.title, null, attachment.mime);`

			`res.setHeader('Content-Disposition', utils.getContentDisposition(filename));`

			`res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");`
			`res.setHeader('Content-Type', attachment.mime);`

			`res.send(attachment.getContent());`
			`});`

shaca now loads attributes, added favicon and `shareJs` 2022-01-01 13:23:09 +01:00			`// used for PDF viewing`
Display PDF in shared notes (#2466) * Add PDF rendering * Cleanup 2021-12-24 21:36:31 +00:00			`router.get('/share/api/notes/:noteId/view', (req, res, next) => {`
make sure shaca is loaded before any request 2022-05-01 23:16:47 +02:00			`shacaLoader.ensureLoad();`

optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`let note;`
Display PDF in shared notes (#2466) * Add PDF rendering * Cleanup 2021-12-24 21:36:31 +00:00
optional basic auth for shared notes, closes #2781 2022-07-31 21:45:32 +02:00			`if (!(note = checkNoteAccess(req.params.noteId, req, res))) {`
			`return;`
Display PDF in shared notes (#2466) * Add PDF rendering * Cleanup 2021-12-24 21:36:31 +00:00			`}`

added #shareDisallowRobotIndexing label and reworked how the child-image exclusion works 2022-03-22 23:17:47 +01:00			`addNoIndexHeader(note, res);`

Display PDF in shared notes (#2466) * Add PDF rendering * Cleanup 2021-12-24 21:36:31 +00:00			`res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");`
			`res.setHeader('Content-Type', note.mime);`

			`res.send(note.getContent());`
			`});`
sharing WIP 2021-10-17 14:44:59 +02:00			`}`

			`module.exports = {`
			`register`
			`}`