From 75dbaa4b778c1fbc9d9974b6ccccf68fb544fc57 Mon Sep 17 00:00:00 2001 From: zadam Date: Sun, 31 Mar 2019 12:49:42 +0200 Subject: [PATCH] fix csrf protection on electron build --- package-lock.json | 132 ++++++++---------- package.json | 5 +- .../services/protected_session_holder.js | 5 - src/public/javascripts/services/server.js | 13 +- src/routes/electron.js | 45 +++--- src/services/notes.js | 19 ++- src/services/protected_session.js | 3 +- 7 files changed, 97 insertions(+), 125 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9151eea3c..e5dc748f8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -62,12 +62,19 @@ } }, "@babel/polyfill": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@babel/polyfill/-/polyfill-7.0.0.tgz", - "integrity": "sha512-dnrMRkyyr74CRelJwvgnnSUDh2ge2NCTyHVwpOdvRMHtJUyxLtMAfhBN3s64pY41zdw0kgiLPh6S20eb1NcX6Q==", + "version": "7.4.0", + "resolved": "https://registry.npmjs.org/@babel/polyfill/-/polyfill-7.4.0.tgz", + "integrity": "sha512-bVsjsrtsDflIHp5I6caaAa2V25Kzn50HKPL6g3X0P0ni1ks+58cPB8Mz6AOKVuRPgaVdq/OwEUc/1vKqX+Mo4A==", "requires": { - "core-js": "2.5.7", - "regenerator-runtime": "0.11.1" + "core-js": "2.6.5", + "regenerator-runtime": "0.13.2" + }, + "dependencies": { + "core-js": { + "version": "2.6.5", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.5.tgz", + "integrity": "sha512-klh/kDpwX8hryYL14M9w/xei6vrv6sE8gTHDG7/T/+SEovB/G4ejwcfE/CBzO6Edsu+OETZMZ3wcX/EjUkrl5A==" + } } }, "@jimp/bmp": { @@ -186,18 +193,18 @@ } }, "@jimp/plugin-cover": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@jimp/plugin-cover/-/plugin-cover-0.6.0.tgz", - "integrity": "sha512-iv9lA2v3qv+x3eaTThtyzFg+hO8/pSnM8NBymC5OlpSJnR54aWi7BVFXLJAF27T4EZyXko432PVul2IdY3BEPw==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/@jimp/plugin-cover/-/plugin-cover-0.6.1.tgz", + "integrity": "sha512-mYDchAeP9gcBCgi7vX2cYBNygY1s/YaEKEUvSh2H5+DJfxtp/eynW+bInypCfbQJArZZX+26F5GufWnkB8BOnw==", "requires": { "@jimp/utils": "0.6.0", "core-js": "2.5.7" } }, "@jimp/plugin-crop": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@jimp/plugin-crop/-/plugin-crop-0.6.0.tgz", - "integrity": "sha512-YftdmFZ2YnZDYyBulkStCt2MZbKKfbjytkE+6i3Djk2b/Rfryg5xjgzVnAumCRQJhVPukexrnc2V7KKbEgx7mQ==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/@jimp/plugin-crop/-/plugin-crop-0.6.1.tgz", + "integrity": "sha512-rnxkgLvm1oC7yCg8mOIUqLNjAzzRC0eVTD3hfYq3LzDMe2LfpU208WhtVw0IjSJ2N7OSrRztJcw+jkVF8nUJJg==", "requires": { "@jimp/utils": "0.6.0", "core-js": "2.5.7" @@ -267,9 +274,9 @@ } }, "@jimp/plugin-print": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@jimp/plugin-print/-/plugin-print-0.6.0.tgz", - "integrity": "sha512-kXNHYo7bGQiMZkUqhCvm6OomjJtZnLGs7cgXp9qsCfPcDBLLW+X3oxnoLaePQMlpQt6hX/lzFnNaWKv/KB1jlA==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/@jimp/plugin-print/-/plugin-print-0.6.1.tgz", + "integrity": "sha512-gZOrYEOFtohRYsGJNh9fQkBgpiKjDfNXpiXmwdolqBF39pPxRvo9ivTIJ7sHCLpDL+SnQRdR0EHiJ08BFt5Yow==", "requires": { "@jimp/utils": "0.6.0", "core-js": "2.5.7", @@ -286,9 +293,9 @@ } }, "@jimp/plugin-rotate": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@jimp/plugin-rotate/-/plugin-rotate-0.6.0.tgz", - "integrity": "sha512-1QGlIisyxs2HNLuynq/ETc4h7E6At3yR+IYAhG9U4KONG4RqlIy0giyDhnfEZaiqOE+O7f+0Z7zN6GoSHmQjzg==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/@jimp/plugin-rotate/-/plugin-rotate-0.6.1.tgz", + "integrity": "sha512-+YYjO4Y664k0IfsPJVz4Er3pX+C8vYDWD9L2am01Jls4LT7GtUZbgIKuqwl8qXX0ENc/aF9UssuWIYVVzEoapw==", "requires": { "@jimp/utils": "0.6.0", "core-js": "2.5.7" @@ -304,16 +311,16 @@ } }, "@jimp/plugins": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@jimp/plugins/-/plugins-0.6.0.tgz", - "integrity": "sha512-9+znfBJM1B31kvw+IcQFnAuDntQhwca/SONFnKOSZ8BNiQdiuTNbXHFxOo3tvdv1ngtB+LkkiTgK+QoF358b8g==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/@jimp/plugins/-/plugins-0.6.1.tgz", + "integrity": "sha512-gCgYxsQn3z5qifM8G4RfP6vQFKfwK/waVIE3I/mUY9QHZrf94sLuhcws+72hTLQ3It3m3QKaA1kSXrD9nkRdUw==", "requires": { "@jimp/plugin-blit": "0.6.0", "@jimp/plugin-blur": "0.6.0", "@jimp/plugin-color": "0.6.0", "@jimp/plugin-contain": "0.6.0", - "@jimp/plugin-cover": "0.6.0", - "@jimp/plugin-crop": "0.6.0", + "@jimp/plugin-cover": "0.6.1", + "@jimp/plugin-crop": "0.6.1", "@jimp/plugin-displace": "0.6.0", "@jimp/plugin-dither": "0.6.0", "@jimp/plugin-flip": "0.6.0", @@ -321,9 +328,9 @@ "@jimp/plugin-invert": "0.6.0", "@jimp/plugin-mask": "0.6.0", "@jimp/plugin-normalize": "0.6.0", - "@jimp/plugin-print": "0.6.0", + "@jimp/plugin-print": "0.6.1", "@jimp/plugin-resize": "0.6.0", - "@jimp/plugin-rotate": "0.6.0", + "@jimp/plugin-rotate": "0.6.1", "@jimp/plugin-scale": "0.6.0", "core-js": "2.5.7", "timm": "1.6.1" @@ -336,7 +343,7 @@ "requires": { "@jimp/utils": "0.6.0", "core-js": "2.5.7", - "pngjs": "3.3.3" + "pngjs": "3.4.0" } }, "@jimp/tiff": { @@ -2413,7 +2420,6 @@ "version": "1.1.3", "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", - "dev": true, "requires": { "object-keys": "1.1.0" }, @@ -2421,8 +2427,7 @@ "object-keys": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.0.tgz", - "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==", - "dev": true + "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==" } } }, @@ -3591,7 +3596,6 @@ "version": "1.13.0", "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.13.0.tgz", "integrity": "sha512-vDZfg/ykNxQVwup/8E1BZhVzFfBxs9NqMzGcvIJrqg5k2/5Za2bWo40dK2J1pgLngZ7c+Shh8lwYtLGyrwPutg==", - "dev": true, "requires": { "es-to-primitive": "1.2.0", "function-bind": "1.1.1", @@ -3604,8 +3608,7 @@ "object-keys": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.0.tgz", - "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==", - "dev": true + "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==" } } }, @@ -3613,7 +3616,6 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.0.tgz", "integrity": "sha512-qZryBOJjV//LaxLTV6UC//WewneB3LcXOL9NP++ozKVXsIIIpm/2c13UDiD9Jp2eThsecw9m3jPqDwTyobcdbg==", - "dev": true, "requires": { "is-callable": "1.1.4", "is-date-object": "1.0.1", @@ -5169,8 +5171,7 @@ "function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", - "dev": true + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" }, "functional-red-black-tree": { "version": "1.0.1", @@ -5792,7 +5793,6 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "dev": true, "requires": { "function-bind": "1.1.1" } @@ -5827,8 +5827,7 @@ "has-symbols": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.0.tgz", - "integrity": "sha1-uhqPGvKg/DllD1yFA2dwQSIGO0Q=", - "dev": true + "integrity": "sha1-uhqPGvKg/DllD1yFA2dwQSIGO0Q=" }, "has-to-string-tag-x": { "version": "1.4.1", @@ -6513,8 +6512,7 @@ "is-date-object": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.1.tgz", - "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=", - "dev": true + "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=" }, "is-descriptor": { "version": "0.1.6", @@ -6746,7 +6744,6 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.4.tgz", "integrity": "sha1-VRdIm1RwkbCTDglWVM7SXul+lJE=", - "dev": true, "requires": { "has": "1.0.3" } @@ -6770,7 +6767,6 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.2.tgz", "integrity": "sha512-HS8bZ9ox60yCJLH9snBpIwv9pYUAkcuLhSA1oero1UB5y9aiQpRA8y2ex945AOtCZL1lJDeIk3G5LthswI46Lw==", - "dev": true, "requires": { "has-symbols": "1.0.0" } @@ -6851,13 +6847,13 @@ } }, "jimp": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/jimp/-/jimp-0.6.0.tgz", - "integrity": "sha512-RYpN+AAlTEMf8Bnkhq2eeTNyr70rDK/2UUfUqzBJmwmZwdR6fxRJvgbCGWT1BDVRxaAqo+4CWm8ePBxOIsr4jg==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/jimp/-/jimp-0.6.1.tgz", + "integrity": "sha512-R46NBV0mbdC+1DwP/xbTmXULfxxAok5KA+XtZTPVku1S0mXvsaxZ65cQz1MhiPjxcIIQYidI3ZFIf2F+th3wMQ==", "requires": { - "@babel/polyfill": "7.0.0", + "@babel/polyfill": "7.4.0", "@jimp/custom": "0.6.0", - "@jimp/plugins": "0.6.0", + "@jimp/plugins": "0.6.1", "@jimp/types": "0.6.0", "core-js": "2.5.7" } @@ -7363,9 +7359,9 @@ "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc=" }, "lorem-ipsum": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/lorem-ipsum/-/lorem-ipsum-2.0.0.tgz", - "integrity": "sha512-MgsNPLB49Zwk2ah8kSG5T3X75JQsEC3tsI7QsWORuiIe2DTUq4b9QXSG7dkjHoO1lKKaxVM69MNiVssTfp+zGQ==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/lorem-ipsum/-/lorem-ipsum-2.0.1.tgz", + "integrity": "sha512-FjqfVmw4pEYOWCgzJf+ei2ohRTeuxhnPW/b+nQO+JK4z/QE9OEslnf+SeBVJJCTNRPKIupTW91evd7ezTX2xGA==", "dev": true, "requires": { "commander": "2.19.0" @@ -8977,9 +8973,9 @@ } }, "pako": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.7.tgz", - "integrity": "sha512-3HNK5tW4x8o5mO8RuHZp3Ydw9icZXx0RANAOMzlMzx7LVXhMJ4mo3MOBpzyd7r/+RUu8BmndP47LXT+vzjtWcQ==" + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.10.tgz", + "integrity": "sha512-0DTvPVU3ed8+HNXOu5Bs+o//Mbdj9VNQMUOe9oKCwh8l0GNwpTDMKCWbRjgtD291AWnkAgkqA/LOnQS8AmS1tw==" }, "parent-module": { "version": "1.0.0", @@ -9062,12 +9058,12 @@ } }, "parse-headers": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/parse-headers/-/parse-headers-2.0.1.tgz", - "integrity": "sha1-aug6eqJanZtwCswoaYzR8e1+lTY=", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/parse-headers/-/parse-headers-2.0.2.tgz", + "integrity": "sha512-/LypJhzFmyBIDYP9aDVgeyEb5sQfbfY5mnDq4hVhlQ69js87wXfmEI5V3xI6vvXasqebp0oCytYFLxsBVfCzSg==", "requires": { "for-each": "0.3.3", - "trim": "0.0.1" + "string.prototype.trim": "1.1.2" } }, "parse-json": { @@ -9176,7 +9172,7 @@ "resolved": "https://registry.npmjs.org/pixelmatch/-/pixelmatch-4.0.2.tgz", "integrity": "sha1-j0fc7FARtHe2fbA8JDvB8wheiFQ=", "requires": { - "pngjs": "3.3.3" + "pngjs": "3.4.0" } }, "pkg-conf": { @@ -9312,9 +9308,9 @@ "integrity": "sha512-2qHaIQr2VLRFoxe2nASzsV6ef4yOOH+Fi9FBOVH6cqeSgUnoyySPZkxzLuzd+RYOQTRpROA0ztTMqxROKSb/nA==" }, "pngjs": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-3.3.3.tgz", - "integrity": "sha512-1n3Z4p3IOxArEs1VRXnZ/RXdfEniAUS9jb68g58FIXMNkPJeZd+Qh4Uq7/e0LVxAQGos1eIUrqrt4FpjdnEd+Q==" + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-3.4.0.tgz", + "integrity": "sha512-NCrCHhWmnQklfH4MtJMRjZ2a8c80qXeMlQMv2uVp9ISJMTt562SbGd6n2oq0PaPgKm7Z6pL9E2UlLIhC+SHL3w==" }, "pngquant-bin": { "version": "5.0.1", @@ -10276,9 +10272,9 @@ "integrity": "sha1-NXdOtzW/UPtsB46DM0tHI1AgfXk=" }, "regenerator-runtime": { - "version": "0.11.1", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", - "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg==" + "version": "0.13.2", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.2.tgz", + "integrity": "sha512-S/TQAZJO+D3m9xeN1WTI8dLKBBiRgXBlTJvbWjCThHWZj9EvHK70Ff50/tYj2J/fvBY6JtFVwRuazHN2E7M9BA==" }, "regex-cache": { "version": "0.4.4", @@ -11322,7 +11318,6 @@ "version": "1.1.2", "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.1.2.tgz", "integrity": "sha1-0E3iyJ4Tf019IG8Ia17S+ua+jOo=", - "dev": true, "requires": { "define-properties": "1.1.3", "es-abstract": "1.13.0", @@ -11873,11 +11868,6 @@ } } }, - "trim": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/trim/-/trim-0.0.1.tgz", - "integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0=" - }, "trim-newlines": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz", @@ -12202,7 +12192,7 @@ "resolved": "https://registry.npmjs.org/utif/-/utif-2.0.1.tgz", "integrity": "sha512-Z/S1fNKCicQTf375lIP9G8Sa1H/phcysstNrrSdZKj1f9g58J4NMgb5IgiEZN9/nLMPDwF0W7hdOe9Qq2IYoLg==", "requires": { - "pako": "1.0.7" + "pako": "1.0.10" } }, "util-deprecate": { @@ -12591,7 +12581,7 @@ "requires": { "global": "4.3.2", "is-function": "1.0.1", - "parse-headers": "2.0.1", + "parse-headers": "2.0.2", "xtend": "4.0.1" } }, diff --git a/package.json b/package.json index 7d03fc370..01223f21a 100644 --- a/package.json +++ b/package.json @@ -49,12 +49,13 @@ "imagemin-mozjpeg": "8.0.0", "imagemin-pngquant": "7.0.0", "ini": "1.3.5", - "jimp": "0.6.0", + "jimp": "0.6.1", "mime-types": "2.1.22", "moment": "2.24.0", "multer": "1.4.1", "node-abi": "2.7.1", "open": "6.0.0", + "pngjs": "3.4.0", "rand-token": "0.4.0", "rcedit": "1.1.1", "rimraf": "2.6.3", @@ -79,7 +80,7 @@ "electron-installer-debian": "1.1.1", "electron-packager": "13.1.1", "electron-rebuild": "1.8.4", - "lorem-ipsum": "2.0.0", + "lorem-ipsum": "2.0.1", "tape": "4.10.1", "xo": "0.24.0" }, diff --git a/src/public/javascripts/services/protected_session_holder.js b/src/public/javascripts/services/protected_session_holder.js index 0a958dd9e..89a6f4324 100644 --- a/src/public/javascripts/services/protected_session_holder.js +++ b/src/public/javascripts/services/protected_session_holder.js @@ -18,10 +18,6 @@ function setProtectedSessionTimeout(encSessTimeout) { protectedSessionTimeout = encSessTimeout; } -function getProtectedSessionId() { - return utils.getCookie(PROTECTED_SESSION_ID_KEY); -} - function setProtectedSessionId(id) { // using session cookie so that it disappears after browser/tab is closed utils.setSessionCookie(PROTECTED_SESSION_ID_KEY, id); @@ -46,7 +42,6 @@ function touchProtectedSession() { } export default { - getProtectedSessionId, setProtectedSessionId, resetProtectedSession, isProtectedSessionAvailable, diff --git a/src/public/javascripts/services/server.js b/src/public/javascripts/services/server.js index c0e50f1c3..eaf29256b 100644 --- a/src/public/javascripts/services/server.js +++ b/src/public/javascripts/services/server.js @@ -1,22 +1,13 @@ -import protectedSessionHolder from './protected_session_holder.js'; import utils from './utils.js'; import infoService from "./info.js"; function getHeaders() { - let protectedSessionId = null; - - try { // this is because protected session might not be declared in some cases - protectedSessionId = protectedSessionHolder.getProtectedSessionId(); - } - catch(e) {} - // headers need to be lowercase because node.js automatically converts them to lower case // so hypothetical protectedSessionId becomes protectedsessionid on the backend // also avoiding using underscores instead of dashes since nginx filters them out by default return { - // protectedSessionId is normally carried in cookie, but for electron AJAX requests we bypass - // HTTP so no cookies and we need to pass it here explicitly - 'trilium-protected-session-id': protectedSessionId, + // passing it explicitely here because of the electron HTTP bypass + 'cookie': document.cookie, 'trilium-source-id': glob.sourceId, 'x-csrf-token': glob.csrfToken }; diff --git a/src/routes/electron.js b/src/routes/electron.js index 104963005..3f1894be7 100644 --- a/src/routes/electron.js +++ b/src/routes/electron.js @@ -2,32 +2,31 @@ const ipcMain = require('electron').ipcMain; function init(app) { ipcMain.on('server-request', (event, arg) => { - const req = {}; - req.url = arg.url; - req.method = arg.method; - req.body = arg.data; - req.headers = arg.headers; - req.session = { - loggedIn: true + const req = { + url: arg.url, + method: arg.method, + body: arg.data, + headers: arg.headers, + session: { + loggedIn: true + } }; const res = { - statusCode: 200 - }; - - res.setHeader = function() {}; - - res.status = function(statusCode) { - res.statusCode = statusCode; - return res; - }; - - res.send = function(obj) { - event.sender.send('server-response', { - requestId: arg.requestId, - statusCode: res.statusCode, - body: obj - }); + statusCode: 200, + getHeader: () => {}, + setHeader: () => {}, + status: statusCode => { + res.statusCode = statusCode; + return res; + }, + send: obj => { + event.sender.send('server-response', { + requestId: arg.requestId, + statusCode: res.statusCode, + body: obj + }); + } }; return app._router.handle(req, res, () => {}); diff --git a/src/services/notes.js b/src/services/notes.js index e8601c7c2..f299461da 100644 --- a/src/services/notes.js +++ b/src/services/notes.js @@ -307,12 +307,12 @@ async function saveNoteRevision(note) { const now = new Date(); const noteRevisionSnapshotTimeInterval = parseInt(await optionService.getOption('noteRevisionSnapshotTimeInterval')); - const revisionCutoff = dateUtils.dateStr(new Date(now.getTime() - noteRevisionSnapshotTimeInterval * 1000)); + const revisionCutoff = dateUtils.utcDateStr(new Date(now.getTime() - noteRevisionSnapshotTimeInterval * 1000)); const existingNoteRevisionId = await sql.getValue( - "SELECT noteRevisionId FROM note_revisions WHERE noteId = ? AND dateModifiedTo >= ?", [note.noteId, revisionCutoff]); + "SELECT noteRevisionId FROM note_revisions WHERE noteId = ? AND utcDateModifiedTo >= ?", [note.noteId, revisionCutoff]); - const msSinceDateCreated = now.getTime() - dateUtils.parseDateTime(note.dateCreated).getTime(); + const msSinceDateCreated = now.getTime() - dateUtils.parseDateTime(note.utcDateCreated).getTime(); if (!existingNoteRevisionId && msSinceDateCreated >= noteRevisionSnapshotTimeInterval * 1000) { await new NoteRevision({ @@ -323,8 +323,10 @@ async function saveNoteRevision(note) { type: note.type, mime: note.mime, isProtected: false, // will be fixed in the protectNoteRevisions() call + utcDateModifiedFrom: note.utcDateModified, + utcDateModifiedTo: dateUtils.utcNowDateTime(), dateModifiedFrom: note.dateModified, - dateModifiedTo: dateUtils.nowDate() + dateModifiedTo: dateUtils.localNowDateTime() }).save(); } } @@ -344,17 +346,12 @@ async function updateNote(noteId, noteUpdates) { note.isProtected = noteUpdates.isProtected; await note.save(); - const noteContent = await note.getNoteContent(); - if (!['file', 'image'].includes(note.type)) { - noteUpdates.noteContent.content = await saveLinks(note, noteUpdates.noteContent.content); + noteUpdates.content = await saveLinks(note, noteUpdates.content); - noteContent.content = noteUpdates.noteContent.content; + await note.setContent(noteUpdates.content); } - noteContent.isProtected = noteUpdates.isProtected; - await noteContent.save(); - if (noteTitleChanged) { await triggerNoteTitleChanged(note); } diff --git a/src/services/protected_session.js b/src/services/protected_session.js index 5daae46fc..fac369796 100644 --- a/src/services/protected_session.js +++ b/src/services/protected_session.js @@ -15,8 +15,7 @@ function setDataKey(decryptedDataKey) { } function setProtectedSessionId(req) { - // cookies is the main storage but for electron header is used when bypassing HTTP - cls.namespace.set('protectedSessionId', req.headers['trilium-protected-session-id'] || req.cookies.protectedSessionId); + cls.namespace.set('protectedSessionId', req.cookies.protectedSessionId); } function getProtectedSessionId() {