mirror of
https://github.com/zadam/trilium.git
synced 2025-11-06 13:26:01 +01:00
fixed backup and anonymization with better-sqlite3
This commit is contained in:
zadam
@@ -10,6 +10,7 @@ const syncMutexService = require('./sync_mutex');
|
||||
const attributeService = require('./attributes');
|
||||
const cls = require('./cls');
|
||||
const utils = require('./utils');
|
||||
const Database = require('better-sqlite3');
|
||||
|
||||
function regularBackup() {
|
||||
periodBackup('lastDailyBackupDate', 'daily', 24 * 3600);
|
||||
@@ -32,7 +33,7 @@ function periodBackup(optionName, fileName, periodInSeconds) {
|
||||
|
||||
const COPY_ATTEMPT_COUNT = 50;
|
||||
|
||||
function copyFile(backupFile) {
|
||||
async function copyFile(backupFile) {
|
||||
const sql = require('./sql');
|
||||
|
||||
try {
|
||||
@@ -40,79 +41,54 @@ function copyFile(backupFile) {
|
||||
} catch (e) {
|
||||
} // unlink throws exception if the file did not exist
|
||||
|
||||
let success = false;
|
||||
let attemptCount = 0
|
||||
|
||||
for (; attemptCount < COPY_ATTEMPT_COUNT && !success; attemptCount++) {
|
||||
try {
|
||||
sql.executeWithoutTransaction(`VACUUM INTO '${backupFile}'`);
|
||||
|
||||
success = true;
|
||||
} catch (e) {
|
||||
log.info(`Copy DB attempt ${attemptCount + 1} failed with "${e.message}", retrying...`);
|
||||
}
|
||||
// we re-try since VACUUM is very picky and it can't run if there's any other query currently running
|
||||
// which is difficult to guarantee so we just re-try
|
||||
}
|
||||
|
||||
return attemptCount !== COPY_ATTEMPT_COUNT;
|
||||
await sql.dbConnection.backup(backupFile);
|
||||
}
|
||||
|
||||
async function backupNow(name) {
|
||||
// we don't want to backup DB in the middle of sync with potentially inconsistent DB state
|
||||
return await syncMutexService.doExclusively(() => {
|
||||
return await syncMutexService.doExclusively(async () => {
|
||||
const backupFile = `${dataDir.BACKUP_DIR}/backup-${name}.db`;
|
||||
|
||||
const success = copyFile(backupFile);
|
||||
await copyFile(backupFile);
|
||||
|
||||
if (success) {
|
||||
log.info("Created backup at " + backupFile);
|
||||
}
|
||||
else {
|
||||
log.error(`Creating backup ${backupFile} failed`);
|
||||
}
|
||||
log.info("Created backup at " + backupFile);
|
||||
|
||||
return backupFile;
|
||||
});
|
||||
}
|
||||
|
||||
function anonymize() {
|
||||
async function anonymize() {
|
||||
if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {
|
||||
fs.mkdirSync(dataDir.ANONYMIZED_DB_DIR, 0o700);
|
||||
}
|
||||
|
||||
const anonymizedFile = dataDir.ANONYMIZED_DB_DIR + "/" + "anonymized-" + dateUtils.getDateTimeForFile() + ".db";
|
||||
|
||||
const success = copyFile(anonymizedFile);
|
||||
await copyFile(anonymizedFile);
|
||||
|
||||
if (!success) {
|
||||
return { success: false };
|
||||
}
|
||||
const db = new Database(anonymizedFile);
|
||||
|
||||
const db = sqlite.open({
|
||||
filename: anonymizedFile,
|
||||
driver: sqlite3.Database
|
||||
});
|
||||
|
||||
db.run("UPDATE api_tokens SET token = 'API token value'");
|
||||
db.run("UPDATE notes SET title = 'title'");
|
||||
db.run("UPDATE note_contents SET content = 'text' WHERE content IS NOT NULL");
|
||||
db.run("UPDATE note_revisions SET title = 'title'");
|
||||
db.run("UPDATE note_revision_contents SET content = 'text' WHERE content IS NOT NULL");
|
||||
db.prepare("UPDATE api_tokens SET token = 'API token value'").run();
|
||||
db.prepare("UPDATE notes SET title = 'title'").run();
|
||||
db.prepare("UPDATE note_contents SET content = 'text' WHERE content IS NOT NULL").run();
|
||||
db.prepare("UPDATE note_revisions SET title = 'title'").run();
|
||||
db.prepare("UPDATE note_revision_contents SET content = 'text' WHERE content IS NOT NULL").run();
|
||||
|
||||
// we want to delete all non-builtin attributes because they can contain sensitive names and values
|
||||
// on the other hand builtin/system attrs should not contain any sensitive info
|
||||
const builtinAttrs = attributeService.getBuiltinAttributeNames().map(name => "'" + utils.sanitizeSql(name) + "'").join(', ');
|
||||
const builtinAttrs = attributeService
|
||||
.getBuiltinAttributeNames()
|
||||
.map(name => "'" + utils.sanitizeSql(name) + "'").join(', ');
|
||||
|
||||
db.run(`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrs})`);
|
||||
db.run(`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrs})`);
|
||||
db.run("UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL");
|
||||
db.run(`UPDATE options SET value = 'anonymized' WHERE name IN
|
||||
db.prepare(`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrs})`).run();
|
||||
db.prepare(`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrs})`).run();
|
||||
db.prepare("UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL").run();
|
||||
db.prepare(`UPDATE options SET value = 'anonymized' WHERE name IN
|
||||
('documentId', 'documentSecret', 'encryptedDataKey',
|
||||
'passwordVerificationHash', 'passwordVerificationSalt',
|
||||
'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')
|
||||
AND value != ''`);
|
||||
db.run("VACUUM");
|
||||
AND value != ''`).run();
|
||||
db.prepare("VACUUM").run();
|
||||
|
||||
db.close();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user