gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-04 13:39:01 +01:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

auth changes

Browse Source
This commit is contained in:
azivner 2017-12-23 09:57:20 -05:00
parent 215c3a414f
commit c07c18f08a
9 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
routes/api/anonymization.js
View File

@ -3,8 +3,9 @@
const express = require('express');
const router = express.Router();
const anonymization = require('../../services/anonymization');
const auth = require('../../services/auth');
router.post('/anonymize', async (req, res, next) => {
router.post('/anonymize', auth.checkApiAuth, async (req, res, next) => {
await anonymization.anonymize();
res.send({});

3
routes/api/app_info.js
View File

@ -3,8 +3,9 @@
const express = require('express');
const router = express.Router();
const app_info = require('../../services/app_info');
const auth = require('../../services/auth');
router.get('', async (req, res, next) => {
router.get('', auth.checkApiAuth, async (req, res, next) => {
res.send(app_info);
});

5
routes/api/cleanup.js
View File

@ -5,8 +5,9 @@ const router = express.Router();
const sql = require('../../services/sql');
const utils = require('../../services/utils');
const sync_table = require('../../services/sync_table');
const auth = require('../../services/auth');
router.post('/cleanup-soft-deleted-items', async (req, res, next) => {
router.post('/cleanup-soft-deleted-items', auth.checkApiAuth, async (req, res, next) => {
await sql.doInTransaction(async () => {
const noteIdsToDelete = await sql.getFlattenedResults("SELECT note_id FROM notes WHERE is_deleted = 1");
const noteIdsSql = noteIdsToDelete
@ -34,7 +35,7 @@ router.post('/cleanup-soft-deleted-items', async (req, res, next) => {
res.send({});
});
router.post('/vacuum-database', async (req, res, next) => {
router.post('/vacuum-database', auth.checkApiAuth, async (req, res, next) => {
await sql.execute("VACUUM");
res.send({});

3
routes/api/event_log.js
View File

@ -3,8 +3,9 @@
const express = require('express');
const router = express.Router();
const sql = require('../../services/sql');
const auth = require('../../services/auth');
router.get('', async (req, res, next) => {
router.get('', auth.checkApiAuth, async (req, res, next) => {
await deleteOld();
const result = await sql.getResults("SELECT * FROM event_log ORDER BY date_added DESC");

3
routes/api/export.js
View File

@ -7,8 +7,9 @@ const fs = require('fs');
const sql = require('../../services/sql');
const data_dir = require('../../services/data_dir');
const html = require('html');
const auth = require('../../services/auth');
router.get('/:noteId/to/:directory', async (req, res, next) => {
router.get('/:noteId/to/:directory', auth.checkApiAuth, async (req, res, next) => {
const noteId = req.params.noteId;
const directory = req.params.directory.replace(/[^0-9a-zA-Z_-]/gi, '');

3
routes/api/import.js
View File

@ -7,8 +7,9 @@ const sql = require('../../services/sql');
const data_dir = require('../../services/data_dir');
const utils = require('../../services/utils');
const sync_table = require('../../services/sync_table');
const auth = require('../../services/auth');
router.get('/:directory/to/:parentNoteId', async (req, res, next) => {
router.get('/:directory/to/:parentNoteId', auth.checkApiAuth, async (req, res, next) => {
const directory = req.params.directory.replace(/[^0-9a-zA-Z_-]/gi, '');
const parentNoteId = req.params.parentNoteId;

8
routes/api/notes.js
View File

@ -32,7 +32,7 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
});
});
router.post('/:parentNoteId/children', async (req, res, next) => {
router.post('/:parentNoteId/children', auth.checkApiAuth, async (req, res, next) => {
const sourceId = req.headers.source_id;
const parentNoteId = req.params.parentNoteId;
const note = req.body;
@ -45,7 +45,7 @@ router.post('/:parentNoteId/children', async (req, res, next) => {
});
});
router.put('/:noteId', async (req, res, next) => {
router.put('/:noteId', auth.checkApiAuth, async (req, res, next) => {
const note = req.body;
const noteId = req.params.noteId;
const sourceId = req.headers.source_id;
@ -56,7 +56,7 @@ router.put('/:noteId', async (req, res, next) => {
res.send({});
});
router.delete('/:noteTreeId', async (req, res, next) => {
router.delete('/:noteTreeId', auth.checkApiAuth, async (req, res, next) => {
await sql.doInTransaction(async () => {
await notes.deleteNote(req.params.noteTreeId, req.headers.source_id);
});
@ -64,7 +64,7 @@ router.delete('/:noteTreeId', async (req, res, next) => {
res.send({});
});
router.get('/', async (req, res, next) => {
router.get('/', auth.checkApiAuth, async (req, res, next) => {
const search = '%' + req.query.search + '%';
const result = await sql.getResults("SELECT note_id FROM notes WHERE note_title liKE ? OR note_text LIKE ?", [search, search]);

8
routes/api/notes_move.js
View File

@ -27,7 +27,7 @@ router.put('/:noteTreeId/move-to/:parentNoteId', auth.checkApiAuth, async (req,
res.send({});
});
router.put('/:noteTreeId/move-before/:beforeNoteTreeId', async (req, res, next) => {
router.put('/:noteTreeId/move-before/:beforeNoteTreeId', auth.checkApiAuth, async (req, res, next) => {
const noteTreeId = req.params.noteTreeId;
const beforeNoteTreeId = req.params.beforeNoteTreeId;
const sourceId = req.headers.source_id;
@ -58,7 +58,7 @@ router.put('/:noteTreeId/move-before/:beforeNoteTreeId', async (req, res, next)
}
});
router.put('/:noteTreeId/move-after/:afterNoteTreeId', async (req, res, next) => {
router.put('/:noteTreeId/move-after/:afterNoteTreeId', auth.checkApiAuth, async (req, res, next) => {
const noteTreeId = req.params.noteTreeId;
const afterNoteTreeId = req.params.afterNoteTreeId;
const sourceId = req.headers.source_id;
@ -136,7 +136,7 @@ router.put('/:childNoteId/clone-to/:parentNoteId', auth.checkApiAuth, async (req
});
});
router.put('/:noteId/clone-after/:afterNoteTreeId', async (req, res, next) => {
router.put('/:noteId/clone-after/:afterNoteTreeId', auth.checkApiAuth, async (req, res, next) => {
const noteId = req.params.noteId;
const afterNoteTreeId = req.params.afterNoteTreeId;
const sourceId = req.headers.source_id;
@ -211,7 +211,7 @@ async function checkCycle(parentNoteId, childNoteId) {
return true;
}
router.put('/:noteTreeId/expanded/:expanded', async (req, res, next) => {
router.put('/:noteTreeId/expanded/:expanded', auth.checkApiAuth, async (req, res, next) => {
const noteTreeId = req.params.noteTreeId;
const expanded = req.params.expanded;

3
routes/api/settings.js
View File

@ -5,7 +5,6 @@ const router = express.Router();
const sql = require('../../services/sql');
const options = require('../../services/options');
const auth = require('../../services/auth');
const utils = require('../../services/utils');
// options allowed to be updated directly in settings dialog
const ALLOWED_OPTIONS = ['protected_session_timeout', 'history_snapshot_time_interval'];
@ -23,7 +22,7 @@ router.get('/', auth.checkApiAuth, async (req, res, next) => {
res.send(settings);
});
router.post('/', async (req, res, next) => {
router.post('/', auth.checkApiAuth, async (req, res, next) => {
const body = req.body;
const sourceId = req.headers.source_id;