fix loading of protected session in electron, #469

2025-10-31 10:26:08 +01:00 · 2019-03-30 18:00:08 +01:00
parent c2e3a3fe04
commit b51ac112a2
4 changed files with 2386 additions and 2370 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/src/public/javascripts/services/protected_session_holder.js
+++ b/src/public/javascripts/services/protected_session_holder.js
@@ -18,6 +18,10 @@ function setProtectedSessionTimeout(encSessTimeout) {
    protectedSessionTimeout = encSessTimeout;
 }

+function getProtectedSessionId() {
+    return utils.getCookie(PROTECTED_SESSION_ID_KEY);
+}
+
 function setProtectedSessionId(id) {
    // using session cookie so that it disappears after browser/tab is closed
    utils.setSessionCookie(PROTECTED_SESSION_ID_KEY, id);
@@ -42,6 +46,7 @@ function touchProtectedSession() {
 }

 export default {
+    getProtectedSessionId,
    setProtectedSessionId,
    resetProtectedSession,
    isProtectedSessionAvailable,
--- a/src/public/javascripts/services/server.js
+++ b/src/public/javascripts/services/server.js
@@ -3,10 +3,20 @@ import utils from './utils.js';
 import infoService from "./info.js";

 function getHeaders() {
+    let protectedSessionId = null;
+
+    try { // this is because protected session might not be declared in some cases
+        protectedSessionId = protectedSessionHolder.getProtectedSessionId();
+    }
+    catch(e) {}
+
    // headers need to be lowercase because node.js automatically converts them to lower case
    // so hypothetical protectedSessionId becomes protectedsessionid on the backend
    // also avoiding using underscores instead of dashes since nginx filters them out by default
    return {
+        // protectedSessionId is normally carried in cookie, but for electron AJAX requests we bypass
+        // HTTP so no cookies and we need to pass it here explicitly
+        'trilium-protected-session-id': protectedSessionId,
        'trilium-source-id': glob.sourceId
    };
 }
--- a/src/services/protected_session.js
+++ b/src/services/protected_session.js
@@ -15,7 +15,8 @@ function setDataKey(decryptedDataKey) {
 }

 function setProtectedSessionId(req) {
-    cls.namespace.set('protectedSessionId', req.cookies.protectedSessionId);
+    // cookies is the main storage but for electron header is used when bypassing HTTP
+    cls.namespace.set('protectedSessionId', req.headers['trilium-protected-session-id'] || req.cookies.protectedSessionId);
 }

 function getProtectedSessionId() {