From fb3d5f25ac722d8544068d2ff7718aae3e3f8abe Mon Sep 17 00:00:00 2001 From: zadam Date: Fri, 5 Feb 2021 21:38:32 +0100 Subject: [PATCH 1/2] release 0.45.9 --- package.json | 2 +- src/services/build.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 4503e20d3..95909b4d3 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "trilium", "productName": "Trilium Notes", "description": "Trilium Notes", - "version": "0.45.8", + "version": "0.45.9", "license": "AGPL-3.0-only", "main": "electron.js", "bin": { diff --git a/src/services/build.js b/src/services/build.js index fda1abf8a..c139cae9b 100644 --- a/src/services/build.js +++ b/src/services/build.js @@ -1 +1 @@ -module.exports = { buildDate:"2021-01-11T22:47:11+01:00", buildRevision: "6afc299efb616d47c72b5f58ab2827c0e3e121c2" }; +module.exports = { buildDate:"2021-02-05T21:38:32+01:00", buildRevision: "9d7d79ef94bc7734393ae7f89993e76bbc7d97e3" }; From 70708b36ef8e0e17c4147671f8c4452019d8e76a Mon Sep 17 00:00:00 2001 From: zadam Date: Fri, 5 Feb 2021 21:59:56 +0100 Subject: [PATCH 2/2] using custom header for sync authorization to avoid tripping security proxies --- src/routes/routes.js | 2 +- src/services/auth.js | 6 +++--- src/services/setup.js | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/routes/routes.js b/src/routes/routes.js index 248cc6fe0..62209124d 100644 --- a/src/routes/routes.js +++ b/src/routes/routes.js @@ -224,7 +224,7 @@ function register(app) { route(GET, '/api/setup/status', [], setupApiRoute.getStatus, apiResultHandler); route(POST, '/api/setup/new-document', [auth.checkAppNotInitialized], setupApiRoute.setupNewDocument, apiResultHandler); route(POST, '/api/setup/sync-from-server', [auth.checkAppNotInitialized], setupApiRoute.setupSyncFromServer, apiResultHandler, false); - route(GET, '/api/setup/sync-seed', [auth.checkBasicAuth], setupApiRoute.getSyncSeed, apiResultHandler); + route(GET, '/api/setup/sync-seed', [auth.checkCredentials], setupApiRoute.getSyncSeed, apiResultHandler); route(POST, '/api/setup/sync-seed', [auth.checkAppNotInitialized], setupApiRoute.saveSyncSeed, apiResultHandler, false); apiRoute(GET, '/api/sql/schema', sqlRoute.getSchema); diff --git a/src/services/auth.js b/src/services/auth.js index 08fd0457a..514ef46e1 100644 --- a/src/services/auth.js +++ b/src/services/auth.js @@ -77,8 +77,8 @@ function reject(req, res, message) { res.status(401).send(message); } -function checkBasicAuth(req, res, next) { - const header = req.headers.authorization || ''; +function checkCredentials(req, res, next) { + const header = req.headers['trilium-cred'] || ''; const token = header.split(/\s+/).pop() || ''; const auth = new Buffer.from(token, 'base64').toString(); const [username, password] = auth.split(/:/); @@ -100,5 +100,5 @@ module.exports = { checkAppNotInitialized, checkApiAuthOrElectron, checkToken, - checkBasicAuth + checkCredentials }; diff --git a/src/services/setup.js b/src/services/setup.js index 795b6a334..40f76c1b5 100644 --- a/src/services/setup.js +++ b/src/services/setup.js @@ -70,9 +70,9 @@ async function setupSyncFromSyncServer(syncServerHost, syncProxy, username, pass const resp = await request.exec({ method: 'get', url: syncServerHost + '/api/setup/sync-seed', - auth: { - 'user': username, - 'pass': password + headers: { + // not using Authorization header because some proxy servers will filter it out + 'trilium-cred': Buffer.from(username + ':' + password).toString('base64') }, proxy: syncProxy, timeout: 30000 // seed request should not take long