token auth to /login

src/routes/api/login.js

@@ -11,6 +11,8 @@ const eventService = require('../../services/events');
 const cls = require('../../services/cls');
 const sqlInit = require('../../services/sql_init');
 const sql = require('../../services/sql');
+const optionService = require('../../services/options');
+const ApiToken = require('../../entities/api_token');
 
 async function loginSync(req) {
     if (!await sqlInit.schemaExists()) {
@@ -76,7 +78,28 @@ async function loginToProtectedSession(req) {
     };
 }
 
+async function token(req) {
+    const username = req.body.username;
+    const password = req.body.password;
+
+    const isUsernameValid = username === await optionService.getOption('username');
+    const isPasswordValid = await passwordEncryptionService.verifyPassword(password);
+
+    if (!isUsernameValid || !isPasswordValid) {
+        return [401, "Incorrect username/password"];
+    }
+
+    const apiToken = await new ApiToken({
+        token: utils.randomSecureToken()
+    }).save();
+
+    return {
+        token: apiToken.token
+    };
+}
+
 module.exports = {
     loginSync,
-    loginToProtectedSession
+    loginToProtectedSession,
+    token
 };

src/routes/api/sender.js

@@ -1,33 +1,8 @@
 "use strict";
 
 const imageService = require('../../services/image');
-const utils = require('../../services/utils');
 const dateNoteService = require('../../services/date_notes');
-const sql = require('../../services/sql');
 const noteService = require('../../services/notes');
-const passwordEncryptionService = require('../../services/password_encryption');
-const optionService = require('../../services/options');
-const ApiToken = require('../../entities/api_token');
-
-async function login(req) {
-    const username = req.body.username;
-    const password = req.body.password;
-
-    const isUsernameValid = username === await optionService.getOption('username');
-    const isPasswordValid = await passwordEncryptionService.verifyPassword(password);
-
-    if (!isUsernameValid || !isPasswordValid) {
-        return [401, "Incorrect username/password"];
-    }
-
-    const apiToken = await new ApiToken({
-        token: utils.randomSecureToken()
-    }).save();
-
-    return {
-        token: apiToken.token
-    };
-}
 
 async function uploadImage(req) {
     const file = req.file;
@@ -64,7 +39,6 @@ async function saveNote(req) {
 }
 
 module.exports = {
-    login,
     uploadImage,
     saveNote
 };

src/routes/routes.js

@@ -213,7 +213,7 @@ function register(app) {
     apiRoute(GET, '/api/script/relation/:noteId/:relationName', scriptRoute.getRelationBundles);
 
     // no CSRF since this is called from android app
-    route(POST, '/api/sender/login', [], senderRoute.login, apiResultHandler);
+    route(POST, '/api/sender/login', [], loginApiRoute.token, apiResultHandler);
     route(POST, '/api/sender/image', [auth.checkSenderToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler);
     route(POST, '/api/sender/note', [auth.checkSenderToken], senderRoute.saveNote, apiResultHandler);
 
@@ -223,6 +223,7 @@ function register(app) {
     route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler);
     // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
     apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
+    route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
 
     route(POST, '/api/clipper/notes', [], clipperRoute.createNote, apiResultHandler);
     route(POST, '/api/clipper/image', [], clipperRoute.createImage, apiResultHandler);

src/services/app_info.js

@@ -6,6 +6,7 @@ const {TRILIUM_DATA_DIR} = require('./data_dir');
 
 const APP_DB_VERSION = 136;
 const SYNC_VERSION = 9;
+const CLIPPER_VERSION = 1;
 
 module.exports = {
     appVersion: packageJson.version,