From 3e4a9f63fa1f6e6123c15dd0d4625d7fae269af1 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Sat, 8 Oct 2022 20:59:11 +0200
Subject: [PATCH] support basic auth in ETAPI

---
 src/etapi/etapi.openapi.yaml |  9 +++++++++
 src/services/etapi_tokens.js | 14 ++++++++++++++
 test-etapi/app-info.http     |  2 +-
 test-etapi/basic-auth.http   | 14 ++++++++++++++
 4 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 test-etapi/basic-auth.http

diff --git a/src/etapi/etapi.openapi.yaml b/src/etapi/etapi.openapi.yaml
index 82177d428..497b62c5a 100644
--- a/src/etapi/etapi.openapi.yaml
+++ b/src/etapi/etapi.openapi.yaml
@@ -15,6 +15,7 @@ servers:
   - url: http://localhost:8080/etapi
 security:
   - EtapiTokenAuth: []
+  - EtapiBasicAuth: []
 paths:
   /create-note:
     post:
@@ -677,6 +678,14 @@ components:
       type: apiKey
       in: header
       name: Authorization
+    EtapiBasicAuth:
+      type: http
+      scheme: basic
+      description: >
+        Basic Auth where username is arbitrary string (e.g. "trilium", not checked), 
+        username is the ETAPI token. 
+        To emphasize, do not use Trilium password here (won't work), only the generated
+        ETAPI token (from Options -> ETAPI)
   schemas:
     CreateNoteDef:
       type: object
diff --git a/src/services/etapi_tokens.js b/src/services/etapi_tokens.js
index 6b4ec6277..d56c31bd9 100644
--- a/src/services/etapi_tokens.js
+++ b/src/services/etapi_tokens.js
@@ -30,6 +30,20 @@ function parseAuthToken(auth) {
         return null;
     }
 
+    if (auth.startsWith("Basic ")) {
+        // allow also basic auth format for systems which allow this type of authentication
+        // expect ETAPI token in the password field, ignore username
+        // https://github.com/zadam/trilium/issues/3181
+        const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("UTF-8");
+        const basicAuthChunks = basicAuthStr.split(":");
+
+        if (basicAuthChunks.length === 2) {
+            auth = basicAuthChunks[1];
+        } else {
+            return null;
+        }
+    }
+
     const chunks = auth.split("_");
 
     if (chunks.length === 1) {
diff --git a/test-etapi/app-info.http b/test-etapi/app-info.http
index 5945a07b1..a851005c2 100644
--- a/test-etapi/app-info.http
+++ b/test-etapi/app-info.http
@@ -3,5 +3,5 @@ Authorization: {{authToken}}
 
 > {%
     client.assert(response.status === 200);
-    client.assert(response.body == "Hi there!");
+    client.assert(response.body.clipperProtocolVersion === "1.0");
 %}
diff --git a/test-etapi/basic-auth.http b/test-etapi/basic-auth.http
new file mode 100644
index 000000000..88c76b7c2
--- /dev/null
+++ b/test-etapi/basic-auth.http
@@ -0,0 +1,14 @@
+GET {{triliumHost}}/etapi/app-info
+Authorization: Basic whatever {{authToken}}
+
+> {%
+    client.assert(response.status === 200);
+    client.assert(response.body.clipperProtocolVersion === "1.0");
+%}
+
+###
+
+GET {{triliumHost}}/etapi/app-info
+Authorization: Basic whatever wrong pass
+
+> {% client.assert(response.status === 401); %}