support basic auth in ETAPI

2025-03-01 14:22:32 +01:00 · 2022-10-08 20:59:11 +02:00 · 2022-10-08 20:59:11 +02:00 · 3e4a9f63fa
commit 3e4a9f63fa
parent 6d4ef4ee3d
4 changed files with 38 additions and 1 deletions
--- a/src/etapi/etapi.openapi.yaml
+++ b/src/etapi/etapi.openapi.yaml
@ -15,6 +15,7 @@ servers:
  - url: http://localhost:8080/etapi
 security:
  - EtapiTokenAuth: []
+  - EtapiBasicAuth: []
 paths:
  /create-note:
    post:
@ -677,6 +678,14 @@ components:
      type: apiKey
      in: header
      name: Authorization
+    EtapiBasicAuth:
+      type: http
+      scheme: basic
+      description: >
+        Basic Auth where username is arbitrary string (e.g. "trilium", not checked), 
+        username is the ETAPI token. 
+        To emphasize, do not use Trilium password here (won't work), only the generated
+        ETAPI token (from Options -> ETAPI)
  schemas:
    CreateNoteDef:
      type: object
--- a/src/services/etapi_tokens.js
+++ b/src/services/etapi_tokens.js
@ -30,6 +30,20 @@ function parseAuthToken(auth) {
        return null;
    }

+    if (auth.startsWith("Basic ")) {
+        // allow also basic auth format for systems which allow this type of authentication
+        // expect ETAPI token in the password field, ignore username
+        // https://github.com/zadam/trilium/issues/3181
+        const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("UTF-8");
+        const basicAuthChunks = basicAuthStr.split(":");
+
+        if (basicAuthChunks.length === 2) {
+            auth = basicAuthChunks[1];
+        } else {
+            return null;
+        }
+    }
+
    const chunks = auth.split("_");

    if (chunks.length === 1) {
--- a/test-etapi/app-info.http
+++ b/test-etapi/app-info.http
@ -3,5 +3,5 @@ Authorization: {{authToken}}

 > {%
    client.assert(response.status === 200);
-    client.assert(response.body == "Hi there!");
+    client.assert(response.body.clipperProtocolVersion === "1.0");
 %}
--- a/test-etapi/basic-auth.http
+++ b/test-etapi/basic-auth.http
@ -0,0 +1,14 @@
+GET {{triliumHost}}/etapi/app-info
+Authorization: Basic whatever {{authToken}}
+
+> {%
+    client.assert(response.status === 200);
+    client.assert(response.body.clipperProtocolVersion === "1.0");
+%}
+
+###
+
+GET {{triliumHost}}/etapi/app-info
+Authorization: Basic whatever wrong pass
+
+> {% client.assert(response.status === 401); %}