gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-04 05:28:59 +01:00
Code Issues Actions 17 Packages Projects Releases Wiki Activity

server-ts: Port services/auth

Browse Source
This commit is contained in:
Elian Doran 2024-02-17 21:08:56 +02:00
parent 45582ebaac
commit f31d788e2e
No known key found for this signature in database
4 changed files with 43 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/routes.js
View File

@ -5,7 +5,7 @@ const multer = require('multer');
const log = require('../services/log'); const log = require('../services/log');
const express = require('express'); const express = require('express');
const router = express.Router(); const router = express.Router();
const auth = require('../services/auth.js'); const auth = require('../services/auth');
const cls = require('../services/cls'); const cls = require('../services/cls');
const sql = require('../services/sql'); const sql = require('../services/sql');
const entityChangesService = require('../services/entity_changes'); const entityChangesService = require('../services/entity_changes');

58
src/services/auth.js → src/services/auth.ts
View File

@ -1,16 +1,36 @@
"use strict"; "use strict";
const etapiTokenService = require('./etapi_tokens'); import etapiTokenService = require('./etapi_tokens');
const log = require('./log'); import log = require('./log');
const sqlInit = require('./sql_init'); import sqlInit = require('./sql_init');
const utils = require('./utils'); import utils = require('./utils');
const passwordEncryptionService = require('./encryption/password_encryption'); import passwordEncryptionService = require('./encryption/password_encryption');
const config = require('./config'); import config = require('./config');
const passwordService = require('./encryption/password'); import passwordService = require('./encryption/password');
const noAuthentication = config.General && config.General.noAuthentication === true; const noAuthentication = config.General && config.General.noAuthentication === true;
function checkAuth(req, res, next) { // FIXME: We are using custom types for request & response because couldn't extract those pesky express types.
interface Request {
method: string;
path: string;
headers: {
authorization?: string;
"trilium-cred"?: string;
}
session: {
loggedIn: boolean;
}
}
interface Response {
redirect(url: string): void;
setHeader(key: string, value: string): any
}
type Callback = () => void;
function checkAuth(req: Request, res: Response, next: Callback) {
if (!sqlInit.isDbInitialized()) { if (!sqlInit.isDbInitialized()) {
res.redirect("setup"); res.redirect("setup");
} }
@ -24,7 +44,7 @@ function checkAuth(req, res, next) {
// for electron things which need network stuff // for electron things which need network stuff
// currently, we're doing that for file upload because handling form data seems to be difficult // currently, we're doing that for file upload because handling form data seems to be difficult
function checkApiAuthOrElectron(req, res, next) { function checkApiAuthOrElectron(req: Request, res: Response, next: Callback) {
if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) { if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
reject(req, res, "Logged in session not found"); reject(req, res, "Logged in session not found");
} }
@ -33,7 +53,7 @@ function checkApiAuthOrElectron(req, res, next) {
} }
} }
function checkApiAuth(req, res, next) { function checkApiAuth(req: Request, res: Response, next: Callback) {
if (!req.session.loggedIn && !noAuthentication) { if (!req.session.loggedIn && !noAuthentication) {
reject(req, res, "Logged in session not found"); reject(req, res, "Logged in session not found");
} }
@ -42,7 +62,7 @@ function checkApiAuth(req, res, next) {
} }
} }
function checkAppInitialized(req, res, next) { function checkAppInitialized(req: Request, res: Response, next: Callback) {
if (!sqlInit.isDbInitialized()) { if (!sqlInit.isDbInitialized()) {
res.redirect("setup"); res.redirect("setup");
} }
@ -51,7 +71,7 @@ function checkAppInitialized(req, res, next) {
} }
} }
function checkPasswordSet(req, res, next) { function checkPasswordSet(req: Request, res: Response, next: Callback) {
if (!utils.isElectron() && !passwordService.isPasswordSet()) { if (!utils.isElectron() && !passwordService.isPasswordSet()) {
res.redirect("set-password"); res.redirect("set-password");
} else { } else {
@ -59,7 +79,7 @@ function checkPasswordSet(req, res, next) {
} }
} }
function checkPasswordNotSet(req, res, next) { function checkPasswordNotSet(req: Request, res: Response, next: Callback) {
if (!utils.isElectron() && passwordService.isPasswordSet()) { if (!utils.isElectron() && passwordService.isPasswordSet()) {
res.redirect("login"); res.redirect("login");
} else { } else {
@ -67,7 +87,7 @@ function checkPasswordNotSet(req, res, next) {
} }
} }
function checkAppNotInitialized(req, res, next) { function checkAppNotInitialized(req: Request, res: Response, next: Callback) {
if (sqlInit.isDbInitialized()) { if (sqlInit.isDbInitialized()) {
reject(req, res, "App already initialized."); reject(req, res, "App already initialized.");
} }
@ -76,7 +96,7 @@ function checkAppNotInitialized(req, res, next) {
} }
} }
function checkEtapiToken(req, res, next) { function checkEtapiToken(req: Request, res: Response, next: Callback) {
if (etapiTokenService.isValidAuthHeader(req.headers.authorization)) { if (etapiTokenService.isValidAuthHeader(req.headers.authorization)) {
next(); next();
} }
@ -85,7 +105,7 @@ function checkEtapiToken(req, res, next) {
} }
} }
function reject(req, res, message) { function reject(req: Request, res: Response, message: string) {
log.info(`${req.method} ${req.path} rejected with 401 ${message}`); log.info(`${req.method} ${req.path} rejected with 401 ${message}`);
res.setHeader("Content-Type", "text/plain") res.setHeader("Content-Type", "text/plain")
@ -93,7 +113,7 @@ function reject(req, res, message) {
.send(message); .send(message);
} }
function checkCredentials(req, res, next) { function checkCredentials(req: Request, res: Response, next: Callback) {
if (!sqlInit.isDbInitialized()) { if (!sqlInit.isDbInitialized()) {
res.setHeader("Content-Type", "text/plain") res.setHeader("Content-Type", "text/plain")
.status(400) .status(400)
@ -109,7 +129,7 @@ function checkCredentials(req, res, next) {
} }
const header = req.headers['trilium-cred'] || ''; const header = req.headers['trilium-cred'] || '';
const auth = new Buffer.from(header, 'base64').toString(); const auth = Buffer.from(header, 'base64').toString();
const colonIndex = auth.indexOf(':'); const colonIndex = auth.indexOf(':');
const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1); const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1);
// username is ignored // username is ignored
@ -124,7 +144,7 @@ function checkCredentials(req, res, next) {
} }
} }
module.exports = { export = {
checkAuth, checkAuth,
checkApiAuth, checkApiAuth,
checkAppInitialized, checkAppInitialized,

2
src/services/encryption/password.ts
View File

@ -78,7 +78,7 @@ function resetPassword() {
}; };
} }
module.exports = { export = {
isPasswordSet, isPasswordSet,
changePassword, changePassword,
setPassword, setPassword,

4
src/services/etapi_tokens.ts
View File

@ -25,7 +25,7 @@ function createToken(tokenName: string) {
}; };
} }
function parseAuthToken(auth: string) { function parseAuthToken(auth?: string | null) {
if (!auth) { if (!auth) {
return null; return null;
} }
@ -64,7 +64,7 @@ function parseAuthToken(auth: string) {
} }
} }
function isValidAuthHeader(auth: string) { function isValidAuthHeader(auth?: string | null) {
const parsed = parseAuthToken(auth); const parsed = parseAuthToken(auth);
if (!parsed) { if (!parsed) {