mirror of
https://github.com/zadam/trilium.git
synced 2025-03-01 14:22:32 +01:00
371 lines
11 KiB
JavaScript
371 lines
11 KiB
JavaScript
"use strict";
|
|
|
|
const encryption = (function() {
|
|
const dialogEl = $("#encryption-password-dialog");
|
|
const encryptionPasswordFormEl = $("#encryption-password-form");
|
|
const encryptionPasswordEl = $("#encryption-password");
|
|
|
|
let encryptionDeferred = null;
|
|
let dataKey = null;
|
|
let lastEncryptionOperationDate = null;
|
|
let passwordDerivedKeySalt = null;
|
|
let encryptedDataKey = null;
|
|
let encryptionSessionTimeout = null;
|
|
let protectedSessionId = null;
|
|
|
|
$.ajax({
|
|
url: baseApiUrl + 'settings/all',
|
|
type: 'GET',
|
|
error: () => showError("Error getting encryption settings.")
|
|
}).then(settings => {
|
|
passwordDerivedKeySalt = settings.password_derived_key_salt;
|
|
encryptionSessionTimeout = settings.encryption_session_timeout;
|
|
encryptedDataKey = settings.encrypted_data_key;
|
|
});
|
|
|
|
function setEncryptionSessionTimeout(encSessTimeout) {
|
|
encryptionSessionTimeout = encSessTimeout;
|
|
}
|
|
|
|
function ensureProtectedSession(requireEncryption, modal) {
|
|
const dfd = $.Deferred();
|
|
|
|
if (requireEncryption && !isEncryptionAvailable()) {
|
|
// if this is entry point then we need to show the app even before the note is loaded
|
|
showAppIfHidden();
|
|
|
|
encryptionDeferred = dfd;
|
|
|
|
dialogEl.dialog({
|
|
modal: modal,
|
|
width: 400,
|
|
open: () => {
|
|
if (!modal) {
|
|
// dialog steals focus for itself, which is not what we want for non-modal (viewing)
|
|
treeUtils.getNodeByKey(noteEditor.getCurrentNoteId()).setFocus();
|
|
}
|
|
}
|
|
});
|
|
}
|
|
else {
|
|
dfd.resolve();
|
|
}
|
|
|
|
return dfd.promise();
|
|
}
|
|
|
|
async function setupEncryptionSession() {
|
|
const password = encryptionPasswordEl.val();
|
|
encryptionPasswordEl.val("");
|
|
|
|
const response = await enterProtectedSession(password);
|
|
|
|
if (!response.success) {
|
|
showError("Wrong password.");
|
|
return;
|
|
}
|
|
|
|
protectedSessionId = response.protectedSessionId;
|
|
initAjax();
|
|
|
|
dialogEl.dialog("close");
|
|
|
|
noteEditor.reload();
|
|
noteTree.reload();
|
|
|
|
if (encryptionDeferred !== null) {
|
|
encryptionDeferred.resolve();
|
|
|
|
encryptionDeferred = null;
|
|
}
|
|
}
|
|
|
|
async function enterProtectedSession(password) {
|
|
return await $.ajax({
|
|
url: baseApiUrl + 'login/protected',
|
|
type: 'POST',
|
|
contentType: 'application/json',
|
|
data: JSON.stringify({
|
|
password: password
|
|
}),
|
|
error: () => showError("Error entering protected session.")
|
|
});
|
|
}
|
|
|
|
function getProtectedSessionId() {
|
|
return protectedSessionId;
|
|
}
|
|
|
|
function resetEncryptionSession() {
|
|
protectedSessionId = null;
|
|
|
|
initAjax();
|
|
|
|
// most secure solution - guarantees nothing remained in memory
|
|
// since this expires because user doesn't use the app, it shouldn't be disruptive
|
|
window.location.reload(true);
|
|
}
|
|
|
|
function isEncryptionAvailable() {
|
|
return protectedSessionId !== null;
|
|
}
|
|
|
|
function getDataAes() {
|
|
lastEncryptionOperationDate = new Date();
|
|
|
|
return new aesjs.ModeOfOperation.ctr(dataKey, new aesjs.Counter(5));
|
|
}
|
|
|
|
function encryptString(str) {
|
|
return encrypt(getDataAes(), str);
|
|
}
|
|
|
|
function encrypt(aes, str) {
|
|
const payload = Array.from(aesjs.utils.utf8.toBytes(str));
|
|
const digest = sha256Array(payload).slice(0, 4);
|
|
|
|
const digestWithPayload = digest.concat(payload);
|
|
|
|
const encryptedBytes = aes.encrypt(digestWithPayload);
|
|
|
|
return uint8ToBase64(encryptedBytes);
|
|
}
|
|
|
|
function decryptString(encryptedBase64) {
|
|
const decryptedBytes = decrypt(getDataAes(), encryptedBase64);
|
|
|
|
return aesjs.utils.utf8.fromBytes(decryptedBytes);
|
|
}
|
|
|
|
function decrypt(aes, encryptedBase64) {
|
|
const encryptedBytes = base64ToUint8Array(encryptedBase64);
|
|
|
|
const decryptedBytes = aes.decrypt(encryptedBytes);
|
|
|
|
const digest = decryptedBytes.slice(0, 4);
|
|
const payload = decryptedBytes.slice(4);
|
|
|
|
const hashArray = sha256Array(payload);
|
|
|
|
const computedDigest = hashArray.slice(0, 4);
|
|
|
|
if (!arraysIdentical(digest, computedDigest)) {
|
|
return false;
|
|
}
|
|
|
|
return payload;
|
|
}
|
|
|
|
function sha256Array(content) {
|
|
const hash = sha256.create();
|
|
hash.update(content);
|
|
return hash.array();
|
|
}
|
|
|
|
function arraysIdentical(a, b) {
|
|
let i = a.length;
|
|
if (i !== b.length) return false;
|
|
while (i--) {
|
|
if (a[i] !== b[i]) return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function encryptNote(note) {
|
|
note.detail.note_title = encryptString(note.detail.note_title);
|
|
note.detail.note_text = encryptString(note.detail.note_text);
|
|
|
|
note.detail.is_protected = true;
|
|
|
|
return note;
|
|
}
|
|
|
|
async function protectNoteAndSendToServer() {
|
|
await ensureProtectedSession(true, true);
|
|
|
|
const note = noteEditor.getCurrentNote();
|
|
|
|
noteEditor.updateNoteFromInputs(note);
|
|
|
|
note.detail.is_protected = true;
|
|
|
|
await noteEditor.saveNoteToServer(note);
|
|
|
|
noteEditor.setNoteBackgroundIfEncrypted(note);
|
|
}
|
|
|
|
async function changeEncryptionOnNoteHistory(noteId, protect) {
|
|
const result = await $.ajax({
|
|
url: baseApiUrl + 'notes-history/' + noteId + "?encryption=" + (protect ? 0 : 1),
|
|
type: 'GET',
|
|
error: () => showError("Error getting note history.")
|
|
});
|
|
|
|
for (const row of result) {
|
|
if (protect) {
|
|
row.note_title = encryptString(row.note_title);
|
|
row.note_text = encryptString(row.note_text);
|
|
}
|
|
else {
|
|
row.note_title = decryptString(row.note_title);
|
|
row.note_text = decryptString(row.note_text);
|
|
}
|
|
|
|
row.is_protected = protect;
|
|
|
|
await $.ajax({
|
|
url: baseApiUrl + 'notes-history',
|
|
type: 'PUT',
|
|
contentType: 'application/json',
|
|
data: JSON.stringify(row),
|
|
error: () => showError("Error de/encrypting note history.")
|
|
});
|
|
|
|
console.log('Note history ' + row.note_history_id + ' de/encrypted');
|
|
}
|
|
}
|
|
|
|
async function unprotectNoteAndSendToServer() {
|
|
await ensureProtectedSession(true, true);
|
|
|
|
const note = noteEditor.getCurrentNote();
|
|
|
|
noteEditor.updateNoteFromInputs(note);
|
|
|
|
note.detail.is_protected = false;
|
|
|
|
await noteEditor.saveNoteToServer(note);
|
|
|
|
await changeEncryptionOnNoteHistory(note.detail.note_id, false);
|
|
|
|
noteEditor.setNoteBackgroundIfEncrypted(note);
|
|
}
|
|
|
|
async function encryptSubTree(noteId) {
|
|
await ensureProtectedSession(true, true);
|
|
|
|
updateSubTreeRecursively(noteId, note => {
|
|
if (!note.detail.is_protected) {
|
|
encryptNote(note);
|
|
|
|
note.detail.is_protected = true;
|
|
|
|
return true;
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
},
|
|
note => {
|
|
if (note.detail.note_id === noteEditor.getCurrentNoteId()) {
|
|
noteEditor.loadNoteToEditor(note.detail.note_id);
|
|
}
|
|
else {
|
|
noteEditor.setTreeBasedOnEncryption(note);
|
|
}
|
|
});
|
|
|
|
showMessage("Encryption finished.");
|
|
}
|
|
|
|
async function decryptSubTree(noteId) {
|
|
await ensureProtectedSession(true, true);
|
|
|
|
updateSubTreeRecursively(noteId, note => {
|
|
if (note.detail.is_protected) {
|
|
decryptNote(note);
|
|
|
|
note.detail.is_protected = false;
|
|
|
|
return true;
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
},
|
|
note => {
|
|
if (note.detail.note_id === noteEditor.getCurrentNoteId()) {
|
|
noteEditor.loadNoteToEditor(note.detail.note_id);
|
|
}
|
|
else {
|
|
noteEditor.setTreeBasedOnEncryption(note);
|
|
}
|
|
});
|
|
|
|
showMessage("Decryption finished.");
|
|
}
|
|
|
|
function updateSubTreeRecursively(noteId, updateCallback, successCallback) {
|
|
updateNoteSynchronously(noteId, updateCallback, successCallback);
|
|
|
|
const node = treeUtils.getNodeByKey(noteId);
|
|
if (!node || !node.getChildren()) {
|
|
return;
|
|
}
|
|
|
|
for (const child of node.getChildren()) {
|
|
updateSubTreeRecursively(child.key, updateCallback, successCallback);
|
|
}
|
|
}
|
|
|
|
function updateNoteSynchronously(noteId, updateCallback, successCallback) {
|
|
$.ajax({
|
|
url: baseApiUrl + 'notes/' + noteId,
|
|
type: 'GET',
|
|
async: false,
|
|
success: note => {
|
|
const needSave = updateCallback(note);
|
|
|
|
if (!needSave) {
|
|
return;
|
|
}
|
|
|
|
for (const link of note.links) {
|
|
delete link.type;
|
|
}
|
|
|
|
$.ajax({
|
|
url: baseApiUrl + 'notes/' + noteId,
|
|
type: 'PUT',
|
|
data: JSON.stringify(note),
|
|
contentType: "application/json",
|
|
async: false,
|
|
success: () => {
|
|
if (successCallback) {
|
|
successCallback(note);
|
|
}
|
|
},
|
|
error: () => showError("Updating " + noteId + " failed.")
|
|
|
|
});
|
|
},
|
|
error: () => showError("Reading " + noteId + " failed.")
|
|
});
|
|
}
|
|
|
|
encryptionPasswordFormEl.submit(() => {
|
|
setupEncryptionSession();
|
|
|
|
return false;
|
|
});
|
|
|
|
setInterval(() => {
|
|
if (lastEncryptionOperationDate !== null && new Date().getTime() - lastEncryptionOperationDate.getTime() > encryptionSessionTimeout * 1000) {
|
|
resetEncryptionSession();
|
|
}
|
|
}, 5000);
|
|
|
|
return {
|
|
setEncryptionSessionTimeout,
|
|
ensureProtectedSession,
|
|
resetEncryptionSession,
|
|
isEncryptionAvailable,
|
|
encryptString,
|
|
decryptString,
|
|
protectNoteAndSendToServer,
|
|
unprotectNoteAndSendToServer,
|
|
encryptSubTree,
|
|
decryptSubTree,
|
|
getProtectedSessionId
|
|
};
|
|
})(); |