diff --git a/src/routes/api/login.js b/src/routes/api/login.js index d661b5b87..e3ed0c5e5 100644 --- a/src/routes/api/login.js +++ b/src/routes/api/login.js @@ -11,6 +11,8 @@ const eventService = require('../../services/events'); const cls = require('../../services/cls'); const sqlInit = require('../../services/sql_init'); const sql = require('../../services/sql'); +const optionService = require('../../services/options'); +const ApiToken = require('../../entities/api_token'); async function loginSync(req) { if (!await sqlInit.schemaExists()) { @@ -76,7 +78,28 @@ async function loginToProtectedSession(req) { }; } +async function token(req) { + const username = req.body.username; + const password = req.body.password; + + const isUsernameValid = username === await optionService.getOption('username'); + const isPasswordValid = await passwordEncryptionService.verifyPassword(password); + + if (!isUsernameValid || !isPasswordValid) { + return [401, "Incorrect username/password"]; + } + + const apiToken = await new ApiToken({ + token: utils.randomSecureToken() + }).save(); + + return { + token: apiToken.token + }; +} + module.exports = { loginSync, - loginToProtectedSession + loginToProtectedSession, + token }; \ No newline at end of file diff --git a/src/routes/api/sender.js b/src/routes/api/sender.js index 81a61b245..c1f59b5ee 100644 --- a/src/routes/api/sender.js +++ b/src/routes/api/sender.js @@ -1,33 +1,8 @@ "use strict"; const imageService = require('../../services/image'); -const utils = require('../../services/utils'); const dateNoteService = require('../../services/date_notes'); -const sql = require('../../services/sql'); const noteService = require('../../services/notes'); -const passwordEncryptionService = require('../../services/password_encryption'); -const optionService = require('../../services/options'); -const ApiToken = require('../../entities/api_token'); - -async function login(req) { - const username = req.body.username; - const password = req.body.password; - - const isUsernameValid = username === await optionService.getOption('username'); - const isPasswordValid = await passwordEncryptionService.verifyPassword(password); - - if (!isUsernameValid || !isPasswordValid) { - return [401, "Incorrect username/password"]; - } - - const apiToken = await new ApiToken({ - token: utils.randomSecureToken() - }).save(); - - return { - token: apiToken.token - }; -} async function uploadImage(req) { const file = req.file; @@ -64,7 +39,6 @@ async function saveNote(req) { } module.exports = { - login, uploadImage, saveNote }; \ No newline at end of file diff --git a/src/routes/routes.js b/src/routes/routes.js index b38f5357d..232687057 100644 --- a/src/routes/routes.js +++ b/src/routes/routes.js @@ -213,7 +213,7 @@ function register(app) { apiRoute(GET, '/api/script/relation/:noteId/:relationName', scriptRoute.getRelationBundles); // no CSRF since this is called from android app - route(POST, '/api/sender/login', [], senderRoute.login, apiResultHandler); + route(POST, '/api/sender/login', [], loginApiRoute.token, apiResultHandler); route(POST, '/api/sender/image', [auth.checkSenderToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler); route(POST, '/api/sender/note', [auth.checkSenderToken], senderRoute.saveNote, apiResultHandler); @@ -223,6 +223,7 @@ function register(app) { route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler); // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username) apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession); + route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler); route(POST, '/api/clipper/notes', [], clipperRoute.createNote, apiResultHandler); route(POST, '/api/clipper/image', [], clipperRoute.createImage, apiResultHandler); diff --git a/src/services/app_info.js b/src/services/app_info.js index 2787ba67c..6b59dc536 100644 --- a/src/services/app_info.js +++ b/src/services/app_info.js @@ -6,6 +6,7 @@ const {TRILIUM_DATA_DIR} = require('./data_dir'); const APP_DB_VERSION = 136; const SYNC_VERSION = 9; +const CLIPPER_VERSION = 1; module.exports = { appVersion: packageJson.version,