Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-06 21:36:05 +01:00
Code Issues Packages Projects Releases Activity

Merge remote-tracking branch 'origin/develop' into feature/MFA

Browse Source
This commit is contained in:
Elian Doran
2024-12-24 13:26:02 +02:00
parent 120f1677e8 728695e016
commit 2eb4d4fb66
825 changed files with 36174 additions and 82006 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/services/auth.ts
View File

@@ -8,13 +8,12 @@ import passwordEncryptionService from "./encryption/password_encryption.js";
import config from "./config.js";
import passwordService from "./encryption/password.js";
import type { NextFunction, Request, Response } from 'express';
import { AppRequest } from '../routes/route-interface.js';
import openID from './open_id.js';
import open_id_encryption from './encryption/open_id_encryption.js';
const noAuthentication = config.General && config.General.noAuthentication === true;
function checkAuth(req: AppRequest, res: Response, next: NextFunction) {
function checkAuth(req: Request, res: Response, next: NextFunction) {
if (!sqlInit.isDbInitialized()) {
res.redirect('setup');
} else if (openID.checkOpenIDRequirements()) {
@@ -41,7 +40,7 @@ function checkAuth(req: AppRequest, res: Response, next: NextFunction) {
// for electron things which need network stuff
// currently, we're doing that for file upload because handling form data seems to be difficult
function checkApiAuthOrElectron(req: AppRequest, res: Response, next: NextFunction) {
function checkApiAuthOrElectron(req: Request, res: Response, next: NextFunction) {
if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
reject(req, res, "Logged in session not found");
}
@@ -50,7 +49,7 @@ function checkApiAuthOrElectron(req: AppRequest, res: Response, next: NextFuncti
}
}
function checkApiAuth(req: AppRequest, res: Response, next: NextFunction) {
function checkApiAuth(req: Request, res: Response, next: NextFunction) {
if (!req.session.loggedIn && !noAuthentication) {
reject(req, res, "Logged in session not found");
}
@@ -59,7 +58,7 @@ function checkApiAuth(req: AppRequest, res: Response, next: NextFunction) {
}
}
function checkAppInitialized(req: AppRequest, res: Response, next: NextFunction) {
function checkAppInitialized(req: Request, res: Response, next: NextFunction) {
if (!sqlInit.isDbInitialized()) {
res.redirect("setup");
}
@@ -68,7 +67,7 @@ function checkAppInitialized(req: AppRequest, res: Response, next: NextFunction)
}
}
function checkPasswordSet(req: AppRequest, res: Response, next: NextFunction) {
function checkPasswordSet(req: Request, res: Response, next: NextFunction) {
if (!utils.isElectron() && !passwordService.isPasswordSet()) {
res.redirect("set-password");
} else {
@@ -76,7 +75,7 @@ function checkPasswordSet(req: AppRequest, res: Response, next: NextFunction) {
}
}
function checkPasswordNotSet(req: AppRequest, res: Response, next: NextFunction) {
function checkPasswordNotSet(req: Request, res: Response, next: NextFunction) {
if (!utils.isElectron() && passwordService.isPasswordSet()) {
res.redirect("login");
} else {
@@ -84,7 +83,7 @@ function checkPasswordNotSet(req: AppRequest, res: Response, next: NextFunction)
}
}
function checkAppNotInitialized(req: AppRequest, res: Response, next: NextFunction) {
function checkAppNotInitialized(req: Request, res: Response, next: NextFunction) {
if (sqlInit.isDbInitialized()) {
reject(req, res, "App already initialized.");
}
@@ -93,7 +92,7 @@ function checkAppNotInitialized(req: AppRequest, res: Response, next: NextFuncti
}
}
function checkEtapiToken(req: AppRequest, res: Response, next: NextFunction) {
function checkEtapiToken(req: Request, res: Response, next: NextFunction) {
if (etapiTokenService.isValidAuthHeader(req.headers.authorization)) {
next();
}
@@ -102,7 +101,7 @@ function checkEtapiToken(req: AppRequest, res: Response, next: NextFunction) {
}
}
function reject(req: AppRequest, res: Response, message: string) {
function reject(req: Request, res: Response, message: string) {
log.info(`${req.method} ${req.path} rejected with 401 ${message}`);
res.setHeader("Content-Type", "text/plain")
@@ -110,7 +109,7 @@ function reject(req: AppRequest, res: Response, message: string) {
.send(message);
}
function checkCredentials(req: AppRequest, res: Response, next: NextFunction) {
function checkCredentials(req: Request, res: Response, next: NextFunction) {
if (!sqlInit.isDbInitialized()) {
res.setHeader("Content-Type", "text/plain")
.status(400)
@@ -126,6 +125,13 @@ function checkCredentials(req: AppRequest, res: Response, next: NextFunction) {
}
const header = req.headers['trilium-cred'] || '';
if (typeof header !== "string") {
res.setHeader("Content-Type", "text/plain")
.status(400)
.send('Invalid data type for trilium-cred.');
return;
}
const auth = Buffer.from(header, 'base64').toString();
const colonIndex = auth.indexOf(':');
const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1);