diff --git a/routes/api/anonymization.js b/routes/api/anonymization.js index 2e9dca995..7774665ef 100644 --- a/routes/api/anonymization.js +++ b/routes/api/anonymization.js @@ -3,8 +3,9 @@ const express = require('express'); const router = express.Router(); const anonymization = require('../../services/anonymization'); +const auth = require('../../services/auth'); -router.post('/anonymize', async (req, res, next) => { +router.post('/anonymize', auth.checkApiAuth, async (req, res, next) => { await anonymization.anonymize(); res.send({}); diff --git a/routes/api/app_info.js b/routes/api/app_info.js index 35a6e9842..41e7de07d 100644 --- a/routes/api/app_info.js +++ b/routes/api/app_info.js @@ -3,8 +3,9 @@ const express = require('express'); const router = express.Router(); const app_info = require('../../services/app_info'); +const auth = require('../../services/auth'); -router.get('', async (req, res, next) => { +router.get('', auth.checkApiAuth, async (req, res, next) => { res.send(app_info); }); diff --git a/routes/api/cleanup.js b/routes/api/cleanup.js index 7b2783fb2..236e80e5c 100644 --- a/routes/api/cleanup.js +++ b/routes/api/cleanup.js @@ -5,8 +5,9 @@ const router = express.Router(); const sql = require('../../services/sql'); const utils = require('../../services/utils'); const sync_table = require('../../services/sync_table'); +const auth = require('../../services/auth'); -router.post('/cleanup-soft-deleted-items', async (req, res, next) => { +router.post('/cleanup-soft-deleted-items', auth.checkApiAuth, async (req, res, next) => { await sql.doInTransaction(async () => { const noteIdsToDelete = await sql.getFlattenedResults("SELECT note_id FROM notes WHERE is_deleted = 1"); const noteIdsSql = noteIdsToDelete @@ -34,7 +35,7 @@ router.post('/cleanup-soft-deleted-items', async (req, res, next) => { res.send({}); }); -router.post('/vacuum-database', async (req, res, next) => { +router.post('/vacuum-database', auth.checkApiAuth, async (req, res, next) => { await sql.execute("VACUUM"); res.send({}); diff --git a/routes/api/event_log.js b/routes/api/event_log.js index 222000e87..a7560542b 100644 --- a/routes/api/event_log.js +++ b/routes/api/event_log.js @@ -3,8 +3,9 @@ const express = require('express'); const router = express.Router(); const sql = require('../../services/sql'); +const auth = require('../../services/auth'); -router.get('', async (req, res, next) => { +router.get('', auth.checkApiAuth, async (req, res, next) => { await deleteOld(); const result = await sql.getResults("SELECT * FROM event_log ORDER BY date_added DESC"); diff --git a/routes/api/export.js b/routes/api/export.js index 70545859d..28f453950 100644 --- a/routes/api/export.js +++ b/routes/api/export.js @@ -7,8 +7,9 @@ const fs = require('fs'); const sql = require('../../services/sql'); const data_dir = require('../../services/data_dir'); const html = require('html'); +const auth = require('../../services/auth'); -router.get('/:noteId/to/:directory', async (req, res, next) => { +router.get('/:noteId/to/:directory', auth.checkApiAuth, async (req, res, next) => { const noteId = req.params.noteId; const directory = req.params.directory.replace(/[^0-9a-zA-Z_-]/gi, ''); diff --git a/routes/api/import.js b/routes/api/import.js index 170d99e36..83dd81f5e 100644 --- a/routes/api/import.js +++ b/routes/api/import.js @@ -7,8 +7,9 @@ const sql = require('../../services/sql'); const data_dir = require('../../services/data_dir'); const utils = require('../../services/utils'); const sync_table = require('../../services/sync_table'); +const auth = require('../../services/auth'); -router.get('/:directory/to/:parentNoteId', async (req, res, next) => { +router.get('/:directory/to/:parentNoteId', auth.checkApiAuth, async (req, res, next) => { const directory = req.params.directory.replace(/[^0-9a-zA-Z_-]/gi, ''); const parentNoteId = req.params.parentNoteId; diff --git a/routes/api/notes.js b/routes/api/notes.js index ab6a9994c..836934410 100644 --- a/routes/api/notes.js +++ b/routes/api/notes.js @@ -32,7 +32,7 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => { }); }); -router.post('/:parentNoteId/children', async (req, res, next) => { +router.post('/:parentNoteId/children', auth.checkApiAuth, async (req, res, next) => { const sourceId = req.headers.source_id; const parentNoteId = req.params.parentNoteId; const note = req.body; @@ -45,7 +45,7 @@ router.post('/:parentNoteId/children', async (req, res, next) => { }); }); -router.put('/:noteId', async (req, res, next) => { +router.put('/:noteId', auth.checkApiAuth, async (req, res, next) => { const note = req.body; const noteId = req.params.noteId; const sourceId = req.headers.source_id; @@ -56,7 +56,7 @@ router.put('/:noteId', async (req, res, next) => { res.send({}); }); -router.delete('/:noteTreeId', async (req, res, next) => { +router.delete('/:noteTreeId', auth.checkApiAuth, async (req, res, next) => { await sql.doInTransaction(async () => { await notes.deleteNote(req.params.noteTreeId, req.headers.source_id); }); @@ -64,7 +64,7 @@ router.delete('/:noteTreeId', async (req, res, next) => { res.send({}); }); -router.get('/', async (req, res, next) => { +router.get('/', auth.checkApiAuth, async (req, res, next) => { const search = '%' + req.query.search + '%'; const result = await sql.getResults("SELECT note_id FROM notes WHERE note_title liKE ? OR note_text LIKE ?", [search, search]); diff --git a/routes/api/notes_move.js b/routes/api/notes_move.js index 4ec2fd44d..0c4e5ea23 100644 --- a/routes/api/notes_move.js +++ b/routes/api/notes_move.js @@ -27,7 +27,7 @@ router.put('/:noteTreeId/move-to/:parentNoteId', auth.checkApiAuth, async (req, res.send({}); }); -router.put('/:noteTreeId/move-before/:beforeNoteTreeId', async (req, res, next) => { +router.put('/:noteTreeId/move-before/:beforeNoteTreeId', auth.checkApiAuth, async (req, res, next) => { const noteTreeId = req.params.noteTreeId; const beforeNoteTreeId = req.params.beforeNoteTreeId; const sourceId = req.headers.source_id; @@ -58,7 +58,7 @@ router.put('/:noteTreeId/move-before/:beforeNoteTreeId', async (req, res, next) } }); -router.put('/:noteTreeId/move-after/:afterNoteTreeId', async (req, res, next) => { +router.put('/:noteTreeId/move-after/:afterNoteTreeId', auth.checkApiAuth, async (req, res, next) => { const noteTreeId = req.params.noteTreeId; const afterNoteTreeId = req.params.afterNoteTreeId; const sourceId = req.headers.source_id; @@ -136,7 +136,7 @@ router.put('/:childNoteId/clone-to/:parentNoteId', auth.checkApiAuth, async (req }); }); -router.put('/:noteId/clone-after/:afterNoteTreeId', async (req, res, next) => { +router.put('/:noteId/clone-after/:afterNoteTreeId', auth.checkApiAuth, async (req, res, next) => { const noteId = req.params.noteId; const afterNoteTreeId = req.params.afterNoteTreeId; const sourceId = req.headers.source_id; @@ -211,7 +211,7 @@ async function checkCycle(parentNoteId, childNoteId) { return true; } -router.put('/:noteTreeId/expanded/:expanded', async (req, res, next) => { +router.put('/:noteTreeId/expanded/:expanded', auth.checkApiAuth, async (req, res, next) => { const noteTreeId = req.params.noteTreeId; const expanded = req.params.expanded; diff --git a/routes/api/settings.js b/routes/api/settings.js index dd26ea7fb..a4bf421fe 100644 --- a/routes/api/settings.js +++ b/routes/api/settings.js @@ -5,7 +5,6 @@ const router = express.Router(); const sql = require('../../services/sql'); const options = require('../../services/options'); const auth = require('../../services/auth'); -const utils = require('../../services/utils'); // options allowed to be updated directly in settings dialog const ALLOWED_OPTIONS = ['protected_session_timeout', 'history_snapshot_time_interval']; @@ -23,7 +22,7 @@ router.get('/', auth.checkApiAuth, async (req, res, next) => { res.send(settings); }); -router.post('/', async (req, res, next) => { +router.post('/', auth.checkApiAuth, async (req, res, next) => { const body = req.body; const sourceId = req.headers.source_id;