protected session expiration timer moved to backend, closes #2847

src/public/app/services/protected_session_holder.js

@@ -1,17 +1,5 @@
-import options from './options.js';
 import server from "./server.js";
 
-let lastProtectedSessionOperationDate = 0;
-
-setInterval(() => {
-    const protectedSessionTimeout = options.getInt('protectedSessionTimeout');
-    if (lastProtectedSessionOperationDate
-        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {
-
-        resetProtectedSession();
-    }
-}, 10000);
-
 function enableProtectedSession() {
     glob.isProtectedSessionAvailable = true;
 
@@ -26,9 +14,9 @@ function isProtectedSessionAvailable() {
     return glob.isProtectedSessionAvailable;
 }
 
-function touchProtectedSession() {
+async function touchProtectedSession() {
     if (isProtectedSessionAvailable()) {
-        lastProtectedSessionOperationDate = Date.now();
+        await server.post("login/protected/touch");
     }
 }
 

src/public/app/services/utils.js

@@ -363,7 +363,7 @@ function sleep(time_ms) {
     return new Promise((resolve) => {
         setTimeout(resolve, time_ms);
     });
-};
+}
 
 export default {
     reloadFrontendApp,

src/routes/api/login.js

@@ -83,6 +83,10 @@ function logoutFromProtectedSession() {
     ws.sendMessageToAllClients({ type: 'protectedSessionLogout' });
 }
 
+function touchProtectedSession() {
+    protectedSessionService.touchProtectedSession();
+}
+
 function token(req) {
     const password = req.body.password;
 
@@ -92,7 +96,7 @@ function token(req) {
 
     // for backwards compatibility with Sender which does not send the name
     const tokenName = req.body.tokenName || "Trilium Sender / Web Clipper";
-    
+
     const {authToken} = etapiTokenService.createToken(tokenName);
 
     return { token: authToken };
@@ -102,5 +106,6 @@ module.exports = {
     loginSync,
     loginToProtectedSession,
     logoutFromProtectedSession,
+    touchProtectedSession,
     token
 };

src/routes/routes.js

@@ -359,6 +359,7 @@ function register(app) {
     route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler);
     // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
     apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
+    apiRoute(POST, '/api/login/protected/touch', loginApiRoute.touchProtectedSession);
     apiRoute(POST, '/api/logout/protected', loginApiRoute.logoutFromProtectedSession);
 
     route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);

src/services/protected_session.js

@@ -2,6 +2,7 @@
 
 const log = require('./log');
 const dataEncryptionService = require('./data_encryption');
+const options = require("./options");
 
 let dataKey = null;
 
@@ -54,6 +55,27 @@ function decryptString(cipherText) {
     return dataEncryptionService.decryptString(getDataKey(), cipherText);
 }
 
+let lastProtectedSessionOperationDate = null;
+
+function touchProtectedSession() {
+    if (isProtectedSessionAvailable()) {
+        lastProtectedSessionOperationDate = Date.now();
+    }
+}
+
+setInterval(() => {
+    const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');
+    if (isProtectedSessionAvailable()
+        && lastProtectedSessionOperationDate
+        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {
+
+        resetDataKey();
+
+        require('./ws').reloadFrontend();
+    }
+}, 30000);
+
+
 module.exports = {
     setDataKey,
     resetDataKey,
@@ -61,5 +83,6 @@ module.exports = {
     encrypt,
     decrypt,
     decryptString,
-    decryptNotes
+    decryptNotes,
+    touchProtectedSession
 };