mirror of
https://github.com/zadam/trilium.git
synced 2025-11-12 08:15:52 +01:00
ETAPI auth, spec improvements etc.
This commit is contained in:
zadam
@@ -36,7 +36,7 @@ function getClipperInboxNote() {
|
||||
let clipperInbox = attributeService.getNoteWithLabel('clipperInbox');
|
||||
|
||||
if (!clipperInbox) {
|
||||
clipperInbox = dateNoteService.getDateNote(dateUtils.localNowDate());
|
||||
clipperInbox = dateNoteService.getDayNote(dateUtils.localNowDate());
|
||||
}
|
||||
|
||||
return clipperInbox;
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
const becca = require("../../becca/becca");
|
||||
const utils = require("../../services/utils");
|
||||
const noteService = require("../../services/notes");
|
||||
const attributeService = require("../../services/attributes");
|
||||
const Branch = require("../../becca/entities/branch");
|
||||
const specialNotesService = require("../../services/special_notes");
|
||||
const dateNotesService = require("../../services/date_notes");
|
||||
const entityChangesService = require("../../services/entity_changes.js");
|
||||
const TaskContext = require("../../services/task_context.js");
|
||||
|
||||
function register(router) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
register
|
||||
}
|
||||
30
src/routes/api/etapi_tokens.js
Normal file
30
src/routes/api/etapi_tokens.js
Normal file
@@ -0,0 +1,30 @@
|
||||
const etapiTokenService = require("../../services/etapi_tokens");
|
||||
|
||||
function getTokens() {
|
||||
const tokens = etapiTokenService.getTokens();
|
||||
|
||||
tokens.sort((a, b) => a.utcDateCreated < b.utcDateCreated ? -1 : 1);
|
||||
|
||||
return tokens;
|
||||
}
|
||||
|
||||
function createToken(req) {
|
||||
return {
|
||||
authToken: etapiTokenService.createToken(req.body.tokenName)
|
||||
};
|
||||
}
|
||||
|
||||
function patchToken(req) {
|
||||
etapiTokenService.renameToken(req.params.etapiTokenId, req.body.name);
|
||||
}
|
||||
|
||||
function deleteToken(req) {
|
||||
etapiTokenService.deleteToken(req.params.etapiTokenId);
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
getTokens,
|
||||
createToken,
|
||||
patchToken,
|
||||
deleteToken
|
||||
};
|
||||
@@ -10,8 +10,8 @@ const appInfo = require('../../services/app_info');
|
||||
const eventService = require('../../services/events');
|
||||
const sqlInit = require('../../services/sql_init');
|
||||
const sql = require('../../services/sql');
|
||||
const ApiToken = require('../../becca/entities/api_token');
|
||||
const ws = require("../../services/ws");
|
||||
const etapiTokenService = require("../../services/etapi_tokens");
|
||||
|
||||
function loginSync(req) {
|
||||
if (!sqlInit.schemaExists()) {
|
||||
@@ -90,15 +90,12 @@ function token(req) {
|
||||
return [401, "Incorrect password"];
|
||||
}
|
||||
|
||||
const apiToken = new ApiToken({
|
||||
// for backwards compatibility with Sender which does not send the name
|
||||
name: req.body.tokenName || "Trilium Sender",
|
||||
token: utils.randomSecureToken()
|
||||
}).save();
|
||||
// for backwards compatibility with Sender which does not send the name
|
||||
const tokenName = req.body.tokenName || "Trilium Sender / Web Clipper";
|
||||
|
||||
const {authToken} = etapiTokenService.createToken(tokenName);
|
||||
|
||||
return {
|
||||
token: apiToken.token
|
||||
};
|
||||
return { token: authToken };
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
"use strict";
|
||||
|
||||
const passwordService = require('../../services/password.js');
|
||||
const passwordService = require('../../services/password');
|
||||
|
||||
function changePassword(req) {
|
||||
if (passwordService.isPasswordSet()) {
|
||||
|
||||
@@ -15,7 +15,7 @@ function uploadImage(req) {
|
||||
|
||||
const originalName = "Sender image." + imageType(file.buffer).ext;
|
||||
|
||||
const parentNote = dateNoteService.getDateNote(req.headers['x-local-date']);
|
||||
const parentNote = dateNoteService.getDayNote(req.headers['x-local-date']);
|
||||
|
||||
const {note, noteId} = imageService.saveImage(parentNote.noteId, file.buffer, originalName, true);
|
||||
|
||||
@@ -35,7 +35,7 @@ function uploadImage(req) {
|
||||
}
|
||||
|
||||
function saveNote(req) {
|
||||
const parentNote = dateNoteService.getDateNote(req.headers['x-local-date']);
|
||||
const parentNote = dateNoteService.getDayNote(req.headers['x-local-date']);
|
||||
|
||||
const {note, branch} = noteService.createNewNote({
|
||||
parentNoteId: parentNote.noteId,
|
||||
|
||||
@@ -10,8 +10,8 @@ function getInboxNote(req) {
|
||||
return specialNotesService.getInboxNote(req.params.date);
|
||||
}
|
||||
|
||||
function getDateNote(req) {
|
||||
return dateNoteService.getDateNote(req.params.date);
|
||||
function getDayNote(req) {
|
||||
return dateNoteService.getDayNote(req.params.date);
|
||||
}
|
||||
|
||||
function getWeekNote(req) {
|
||||
@@ -26,7 +26,7 @@ function getYearNote(req) {
|
||||
return dateNoteService.getYearNote(req.params.year);
|
||||
}
|
||||
|
||||
function getDateNotesForMonth(req) {
|
||||
function getDayNotesForMonth(req) {
|
||||
const month = req.params.month;
|
||||
|
||||
return sql.getMap(`
|
||||
@@ -68,11 +68,11 @@ function getHoistedNote() {
|
||||
|
||||
module.exports = {
|
||||
getInboxNote,
|
||||
getDateNote,
|
||||
getDayNote,
|
||||
getWeekNote,
|
||||
getMonthNote,
|
||||
getYearNote,
|
||||
getDateNotesForMonth,
|
||||
getDayNotesForMonth,
|
||||
createSqlConsole,
|
||||
saveSqlConsole,
|
||||
createSearchNote,
|
||||
|
||||
@@ -4,7 +4,7 @@ const utils = require('../services/utils');
|
||||
const optionService = require('../services/options');
|
||||
const myScryptService = require('../services/my_scrypt');
|
||||
const log = require('../services/log');
|
||||
const passwordService = require("../services/password.js");
|
||||
const passwordService = require("../services/password");
|
||||
|
||||
function loginPage(req, res) {
|
||||
res.render('login', { failedAuth: false });
|
||||
|
||||
@@ -31,15 +31,17 @@ const scriptRoute = require('./api/script');
|
||||
const senderRoute = require('./api/sender');
|
||||
const filesRoute = require('./api/files');
|
||||
const searchRoute = require('./api/search');
|
||||
const specialNotesRoute = require('./api/special_notes.js');
|
||||
const noteMapRoute = require('./api/note_map.js');
|
||||
const specialNotesRoute = require('./api/special_notes');
|
||||
const noteMapRoute = require('./api/note_map');
|
||||
const clipperRoute = require('./api/clipper');
|
||||
const similarNotesRoute = require('./api/similar_notes');
|
||||
const keysRoute = require('./api/keys');
|
||||
const backendLogRoute = require('./api/backend_log');
|
||||
const statsRoute = require('./api/stats');
|
||||
const fontsRoute = require('./api/fonts');
|
||||
const etapiTokensApiRoutes = require('./api/etapi_tokens');
|
||||
const shareRoutes = require('../share/routes');
|
||||
const etapiAuthRoutes = require('../etapi/auth');
|
||||
const etapiAttributeRoutes = require('../etapi/attributes');
|
||||
const etapiBranchRoutes = require('../etapi/branches');
|
||||
const etapiNoteRoutes = require('../etapi/notes');
|
||||
@@ -56,7 +58,7 @@ const entityChangesService = require('../services/entity_changes');
|
||||
const csurf = require('csurf');
|
||||
const {createPartialContentHandler} = require("express-partial-content");
|
||||
const rateLimit = require("express-rate-limit");
|
||||
const AbstractEntity = require("../becca/entities/abstract_entity.js");
|
||||
const AbstractEntity = require("../becca/entities/abstract_entity");
|
||||
|
||||
const csrfMiddleware = csurf({
|
||||
cookie: true,
|
||||
@@ -182,7 +184,7 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio
|
||||
});
|
||||
}
|
||||
|
||||
const GET = 'get', POST = 'post', PUT = 'put', DELETE = 'delete';
|
||||
const GET = 'get', POST = 'post', PUT = 'put', PATCH = 'patch', DELETE = 'delete';
|
||||
const uploadMiddleware = multer.single('upload');
|
||||
|
||||
function register(app) {
|
||||
@@ -272,11 +274,11 @@ function register(app) {
|
||||
apiRoute(GET, '/api/note-map/:noteId/backlinks', noteMapRoute.getBacklinks);
|
||||
|
||||
apiRoute(GET, '/api/special-notes/inbox/:date', specialNotesRoute.getInboxNote);
|
||||
apiRoute(GET, '/api/special-notes/date/:date', specialNotesRoute.getDateNote);
|
||||
apiRoute(GET, '/api/special-notes/week/:date', specialNotesRoute.getWeekNote);
|
||||
apiRoute(GET, '/api/special-notes/month/:month', specialNotesRoute.getMonthNote);
|
||||
apiRoute(GET, '/api/special-notes/year/:year', specialNotesRoute.getYearNote);
|
||||
apiRoute(GET, '/api/special-notes/notes-for-month/:month', specialNotesRoute.getDateNotesForMonth);
|
||||
apiRoute(GET, '/api/special-notes/days/:date', specialNotesRoute.getDayNote);
|
||||
apiRoute(GET, '/api/special-notes/weeks/:date', specialNotesRoute.getWeekNote);
|
||||
apiRoute(GET, '/api/special-notes/months/:month', specialNotesRoute.getMonthNote);
|
||||
apiRoute(GET, '/api/special-notes/years/:year', specialNotesRoute.getYearNote);
|
||||
apiRoute(GET, '/api/special-notes/notes-for-month/:month', specialNotesRoute.getDayNotesForMonth);
|
||||
apiRoute(POST, '/api/special-notes/sql-console', specialNotesRoute.createSqlConsole);
|
||||
apiRoute(POST, '/api/special-notes/save-sql-console', specialNotesRoute.saveSqlConsole);
|
||||
apiRoute(POST, '/api/special-notes/search-note', specialNotesRoute.createSearchNote);
|
||||
@@ -341,8 +343,8 @@ function register(app) {
|
||||
|
||||
// no CSRF since this is called from android app
|
||||
route(POST, '/api/sender/login', [], loginApiRoute.token, apiResultHandler);
|
||||
route(POST, '/api/sender/image', [auth.checkToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler);
|
||||
route(POST, '/api/sender/note', [auth.checkToken], senderRoute.saveNote, apiResultHandler);
|
||||
route(POST, '/api/sender/image', [auth.checkEtapiToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler);
|
||||
route(POST, '/api/sender/note', [auth.checkEtapiToken], senderRoute.saveNote, apiResultHandler);
|
||||
|
||||
apiRoute(GET, '/api/quick-search/:searchString', searchRoute.quickSearch);
|
||||
apiRoute(GET, '/api/search-note/:noteId', searchRoute.searchFromNote);
|
||||
@@ -358,7 +360,7 @@ function register(app) {
|
||||
route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
|
||||
|
||||
// in case of local electron, local calls are allowed unauthenticated, for server they need auth
|
||||
const clipperMiddleware = utils.isElectron() ? [] : [auth.checkToken];
|
||||
const clipperMiddleware = utils.isElectron() ? [] : [auth.checkEtapiToken];
|
||||
|
||||
route(GET, '/api/clipper/handshake', clipperMiddleware, clipperRoute.handshake, apiResultHandler);
|
||||
route(POST, '/api/clipper/clippings', clipperMiddleware, clipperRoute.addClipping, apiResultHandler);
|
||||
@@ -379,7 +381,14 @@ function register(app) {
|
||||
|
||||
route(GET, '/api/fonts', [auth.checkApiAuthOrElectron], fontsRoute.getFontCss);
|
||||
|
||||
apiRoute(GET, '/api/etapi-tokens', etapiTokensApiRoutes.getTokens);
|
||||
apiRoute(POST, '/api/etapi-tokens', etapiTokensApiRoutes.createToken);
|
||||
apiRoute(PATCH, '/api/etapi-tokens/:etapiTokenId', etapiTokensApiRoutes.patchToken);
|
||||
apiRoute(DELETE, '/api/etapi-tokens/:etapiTokenId', etapiTokensApiRoutes.deleteToken);
|
||||
|
||||
shareRoutes.register(router);
|
||||
|
||||
etapiAuthRoutes.register(router);
|
||||
etapiAttributeRoutes.register(router);
|
||||
etapiBranchRoutes.register(router);
|
||||
etapiNoteRoutes.register(router);
|
||||
|
||||
Reference in New Issue
Block a user