server side encryption WIP

public/javascripts/encryption.js

@@ -11,6 +11,7 @@ const encryption = (function() {
     let passwordDerivedKeySalt = null;
     let encryptedDataKey = null;
     let encryptionSessionTimeout = null;
+    let protectedSessionId = null;
 
     $.ajax({
         url: baseApiUrl + 'settings/all',
@@ -109,17 +110,19 @@ const encryption = (function() {
         const password = encryptionPasswordEl.val();
         encryptionPasswordEl.val("");
 
-        const key = await getDataKey(password);
-        if (key === false) {
-            showError("Wrong password!");
+        const response = await enterProtectedSession(password);
+
+        if (!response.success) {
+            showError("Wrong password.");
             return;
         }
 
+        protectedSessionId = response.protectedSessionId;
+        initAjax();
+
         dialogEl.dialog("close");
 
-        dataKey = key;
-
-        decryptTreeItems();
+        noteTree.reload();
 
         if (encryptionDeferred !== null) {
             encryptionDeferred.resolve();
@@ -128,8 +131,26 @@ const encryption = (function() {
         }
     }
 
+    async function enterProtectedSession(password) {
+        return await $.ajax({
+            url: baseApiUrl + 'login/protected',
+            type: 'POST',
+            contentType: 'application/json',
+            data: JSON.stringify({
+                password: password
+            }),
+            error: () => showError("Error entering protected session.")
+        });
+    }
+
+    function getProtectedSessionId() {
+        return protectedSessionId;
+    }
+
     function resetEncryptionSession() {
-        dataKey = null;
+        protectedSessionId = null;
+
+        initAjax();
 
         // most secure solution - guarantees nothing remained in memory
         // since this expires because user doesn't use the app, it shouldn't be disruptive
@@ -425,6 +446,7 @@ const encryption = (function() {
         decryptNoteAndSendToServer,
         decryptNoteIfNecessary,
         encryptSubTree,
-        decryptSubTree
+        decryptSubTree,
+        getProtectedSessionId
     };
 })();

public/javascripts/init.js

@@ -110,4 +110,15 @@ function showAppIfHidden() {
         // Kick off the CSS transition
         loaderDiv.style.opacity = 0.0;
     }
-}
+}
+
+function initAjax() {
+    $.ajaxSetup({
+        headers: {
+            'x-browser-id': browserId,
+            'x-protected-session-id': encryption ? encryption.getProtectedSessionId() : null
+        }
+    });
+}
+
+initAjax();

public/javascripts/note_tree.js

@@ -23,14 +23,12 @@ const noteTree = (function() {
         for (const note of notes) {
             glob.allNoteIds.push(note.note_id);
 
-            if (note.encryption > 0) {
-                note.title = "[encrypted]";
+            note.title = note.note_title;
 
+            if (note.encryption > 0) {
                 note.extraClasses = "encrypted";
             }
             else {
-                note.title = note.note_title;
-
                 if (note.is_clone) {
                     note.title += " (clone)";
                 }
@@ -202,11 +200,6 @@ const noteTree = (function() {
             startNoteId = resp.start_note_id;
             treeLoadTime = resp.tree_load_time;
 
-            // add browser ID header to all AJAX requests
-            $.ajaxSetup({
-                headers: { 'x-browser-id': resp.browser_id }
-            });
-
             if (document.location.hash) {
                 startNoteId = document.location.hash.substr(1); // strip initial #
             }

public/javascripts/tree_utils.js

@@ -51,12 +51,7 @@ const treeUtils = (function() {
         const path = [];
 
         while (note) {
-            if (note.data.encryption > 0 && !encryption.isEncryptionAvailable()) {
-                path.push("[encrypted]");
-            }
-            else {
-                path.push(note.title);
-            }
+            path.push(note.title);
 
             note = note.getParent();
         }