Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-17 10:40:41 +01:00
Code Issues Packages Projects Releases Activity

fix csrf protection on electron build

Browse Source
This commit is contained in:
zadam
2019-03-31 12:49:42 +02:00
parent bec6576620
commit 75dbaa4b77
7 changed files with 97 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/services/notes.js
View File

@@ -307,12 +307,12 @@ async function saveNoteRevision(note) {
const now = new Date();
const noteRevisionSnapshotTimeInterval = parseInt(await optionService.getOption('noteRevisionSnapshotTimeInterval'));
const revisionCutoff = dateUtils.dateStr(new Date(now.getTime() - noteRevisionSnapshotTimeInterval * 1000));
const revisionCutoff = dateUtils.utcDateStr(new Date(now.getTime() - noteRevisionSnapshotTimeInterval * 1000));
const existingNoteRevisionId = await sql.getValue(
"SELECT noteRevisionId FROM note_revisions WHERE noteId = ? AND dateModifiedTo >= ?", [note.noteId, revisionCutoff]);
"SELECT noteRevisionId FROM note_revisions WHERE noteId = ? AND utcDateModifiedTo >= ?", [note.noteId, revisionCutoff]);
const msSinceDateCreated = now.getTime() - dateUtils.parseDateTime(note.dateCreated).getTime();
const msSinceDateCreated = now.getTime() - dateUtils.parseDateTime(note.utcDateCreated).getTime();
if (!existingNoteRevisionId && msSinceDateCreated >= noteRevisionSnapshotTimeInterval * 1000) {
await new NoteRevision({
@@ -323,8 +323,10 @@ async function saveNoteRevision(note) {
type: note.type,
mime: note.mime,
isProtected: false, // will be fixed in the protectNoteRevisions() call
utcDateModifiedFrom: note.utcDateModified,
utcDateModifiedTo: dateUtils.utcNowDateTime(),
dateModifiedFrom: note.dateModified,
dateModifiedTo: dateUtils.nowDate()
dateModifiedTo: dateUtils.localNowDateTime()
}).save();
}
}
@@ -344,17 +346,12 @@ async function updateNote(noteId, noteUpdates) {
note.isProtected = noteUpdates.isProtected;
await note.save();
const noteContent = await note.getNoteContent();
if (!['file', 'image'].includes(note.type)) {
noteUpdates.noteContent.content = await saveLinks(note, noteUpdates.noteContent.content);
noteUpdates.content = await saveLinks(note, noteUpdates.content);
noteContent.content = noteUpdates.noteContent.content;
await note.setContent(noteUpdates.content);
}
noteContent.isProtected = noteUpdates.isProtected;
await noteContent.save();
if (noteTitleChanged) {
await triggerNoteTitleChanged(note);
}

3
src/services/protected_session.js
View File

@@ -15,8 +15,7 @@ function setDataKey(decryptedDataKey) {
}
function setProtectedSessionId(req) {
// cookies is the main storage but for electron header is used when bypassing HTTP
cls.namespace.set('protectedSessionId', req.headers['trilium-protected-session-id'] || req.cookies.protectedSessionId);
cls.namespace.set('protectedSessionId', req.cookies.protectedSessionId);
}
function getProtectedSessionId() {