mirror of
https://github.com/zadam/trilium.git
synced 2025-03-01 14:22:32 +01:00
106 lines
3.2 KiB
JavaScript
106 lines
3.2 KiB
JavaScript
"use strict";
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const image = require('../../services/image');
|
|
const utils = require('../../services/utils');
|
|
const date_notes = require('../../services/date_notes');
|
|
const sql = require('../../services/sql');
|
|
const wrap = require('express-promise-wrap').wrap;
|
|
const notes = require('../../services/notes');
|
|
const multer = require('multer')();
|
|
const password_encryption = require('../../services/password_encryption');
|
|
const options = require('../../services/options');
|
|
const sync_table = require('../../services/sync_table');
|
|
|
|
router.post('/login', wrap(async (req, res, next) => {
|
|
const username = req.body.username;
|
|
const password = req.body.password;
|
|
|
|
const isUsernameValid = username === await options.getOption('username');
|
|
const isPasswordValid = await password_encryption.verifyPassword(password);
|
|
|
|
if (!isUsernameValid || !isPasswordValid) {
|
|
res.status(401).send("Incorrect username/password");
|
|
}
|
|
else {
|
|
const token = utils.randomSecureToken();
|
|
|
|
await sql.doInTransaction(async () => {
|
|
const apiTokenId = utils.newApiTokenId();
|
|
|
|
await sql.insert("api_tokens", {
|
|
apiTokenId: apiTokenId,
|
|
token: token,
|
|
dateCreated: utils.nowDate(),
|
|
isDeleted: false
|
|
});
|
|
|
|
await sync_table.addApiTokenSync(apiTokenId);
|
|
});
|
|
|
|
res.send({
|
|
token: token
|
|
});
|
|
}
|
|
}));
|
|
|
|
async function checkSenderToken(req, res, next) {
|
|
const token = req.headers.authorization;
|
|
|
|
if (await sql.getValue("SELECT COUNT(*) FROM api_tokens WHERE isDeleted = 0 AND token = ?", [token]) === 0) {
|
|
res.status(401).send("Not authorized");
|
|
}
|
|
else if (await sql.isDbUpToDate()) {
|
|
next();
|
|
}
|
|
else {
|
|
res.status(409).send("Mismatched app versions"); // need better response than that
|
|
}
|
|
}
|
|
|
|
router.post('/image', checkSenderToken, multer.single('upload'), wrap(async (req, res, next) => {
|
|
const file = req.file;
|
|
|
|
if (!["image/png", "image/jpeg", "image/gif"].includes(file.mimetype)) {
|
|
return res.status(400).send("Unknown image type: " + file.mimetype);
|
|
}
|
|
|
|
const parentNoteId = await date_notes.getDateNoteId(req.headers['x-local-date']);
|
|
|
|
const noteId = (await notes.createNewNote(parentNoteId, {
|
|
title: "Sender image",
|
|
content: "",
|
|
target: 'into',
|
|
isProtected: false,
|
|
type: 'text',
|
|
mime: 'text/html'
|
|
})).noteId;
|
|
|
|
const {fileName, imageId} = await image.saveImage(file, null, noteId);
|
|
|
|
const url = `/api/images/${imageId}/${fileName}`;
|
|
|
|
const content = `<img src="${url}"/>`;
|
|
|
|
await sql.execute("UPDATE notes SET content = ? WHERE noteId = ?", [content, noteId]);
|
|
|
|
res.send({});
|
|
}));
|
|
|
|
router.post('/note', checkSenderToken, wrap(async (req, res, next) => {
|
|
const parentNoteId = await date_notes.getDateNoteId(req.headers['x-local-date']);
|
|
|
|
await notes.createNewNote(parentNoteId, {
|
|
title: req.body.title,
|
|
content: req.body.content,
|
|
target: 'into',
|
|
isProtected: false,
|
|
type: 'text',
|
|
mime: 'text/html'
|
|
});
|
|
|
|
res.send({});
|
|
}));
|
|
|
|
module.exports = router; |