From e87e065100cfa985ad830ef4c78f2dda292e74e0 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Fri, 13 May 2022 23:20:56 +0200
Subject: [PATCH] protected session expiration timer moved to backend, closes
 #2847

---
 .../app/services/protected_session_holder.js  | 16 ++----------
 src/public/app/services/utils.js              |  2 +-
 src/routes/api/login.js                       |  7 +++++-
 src/routes/routes.js                          |  1 +
 src/services/protected_session.js             | 25 ++++++++++++++++++-
 5 files changed, 34 insertions(+), 17 deletions(-)

diff --git a/src/public/app/services/protected_session_holder.js b/src/public/app/services/protected_session_holder.js
index 86ff20b2b..8fdae303c 100644
--- a/src/public/app/services/protected_session_holder.js
+++ b/src/public/app/services/protected_session_holder.js
@@ -1,17 +1,5 @@
-import options from './options.js';
 import server from "./server.js";
 
-let lastProtectedSessionOperationDate = 0;
-
-setInterval(() => {
-    const protectedSessionTimeout = options.getInt('protectedSessionTimeout');
-    if (lastProtectedSessionOperationDate
-        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {
-
-        resetProtectedSession();
-    }
-}, 10000);
-
 function enableProtectedSession() {
     glob.isProtectedSessionAvailable = true;
 
@@ -26,9 +14,9 @@ function isProtectedSessionAvailable() {
     return glob.isProtectedSessionAvailable;
 }
 
-function touchProtectedSession() {
+async function touchProtectedSession() {
     if (isProtectedSessionAvailable()) {
-        lastProtectedSessionOperationDate = Date.now();
+        await server.post("login/protected/touch");
     }
 }
 
diff --git a/src/public/app/services/utils.js b/src/public/app/services/utils.js
index 27db3e5a4..9facea6f8 100644
--- a/src/public/app/services/utils.js
+++ b/src/public/app/services/utils.js
@@ -363,7 +363,7 @@ function sleep(time_ms) {
     return new Promise((resolve) => {
         setTimeout(resolve, time_ms);
     });
-};
+}
 
 export default {
     reloadFrontendApp,
diff --git a/src/routes/api/login.js b/src/routes/api/login.js
index fa8685d8a..89d3ec4d7 100644
--- a/src/routes/api/login.js
+++ b/src/routes/api/login.js
@@ -83,6 +83,10 @@ function logoutFromProtectedSession() {
     ws.sendMessageToAllClients({ type: 'protectedSessionLogout' });
 }
 
+function touchProtectedSession() {
+    protectedSessionService.touchProtectedSession();
+}
+
 function token(req) {
     const password = req.body.password;
 
@@ -92,7 +96,7 @@ function token(req) {
 
     // for backwards compatibility with Sender which does not send the name
     const tokenName = req.body.tokenName || "Trilium Sender / Web Clipper";
-    
+
     const {authToken} = etapiTokenService.createToken(tokenName);
 
     return { token: authToken };
@@ -102,5 +106,6 @@ module.exports = {
     loginSync,
     loginToProtectedSession,
     logoutFromProtectedSession,
+    touchProtectedSession,
     token
 };
diff --git a/src/routes/routes.js b/src/routes/routes.js
index eb4308318..b51f1a521 100644
--- a/src/routes/routes.js
+++ b/src/routes/routes.js
@@ -359,6 +359,7 @@ function register(app) {
     route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler);
     // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
     apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
+    apiRoute(POST, '/api/login/protected/touch', loginApiRoute.touchProtectedSession);
     apiRoute(POST, '/api/logout/protected', loginApiRoute.logoutFromProtectedSession);
 
     route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
diff --git a/src/services/protected_session.js b/src/services/protected_session.js
index 7dfddc2df..ad125deca 100644
--- a/src/services/protected_session.js
+++ b/src/services/protected_session.js
@@ -2,6 +2,7 @@
 
 const log = require('./log');
 const dataEncryptionService = require('./data_encryption');
+const options = require("./options");
 
 let dataKey = null;
 
@@ -54,6 +55,27 @@ function decryptString(cipherText) {
     return dataEncryptionService.decryptString(getDataKey(), cipherText);
 }
 
+let lastProtectedSessionOperationDate = null;
+
+function touchProtectedSession() {
+    if (isProtectedSessionAvailable()) {
+        lastProtectedSessionOperationDate = Date.now();
+    }
+}
+
+setInterval(() => {
+    const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');
+    if (isProtectedSessionAvailable()
+        && lastProtectedSessionOperationDate
+        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {
+
+        resetDataKey();
+
+        require('./ws').reloadFrontend();
+    }
+}, 30000);
+
+
 module.exports = {
     setDataKey,
     resetDataKey,
@@ -61,5 +83,6 @@ module.exports = {
     encrypt,
     decrypt,
     decryptString,
-    decryptNotes
+    decryptNotes,
+    touchProtectedSession
 };