Notes/src/routes/session_parser.ts

import session from "express-session";
import sessionFileStore from "session-file-store";
import sessionSecret from "../services/session_secret.js";
import dataDir from "../services/data_dir.js";
import config from "../services/config.js";
import totp from "../services/totp.js";
import open_id from "../services/open_id.js";
import type { Request, Response, NextFunction } from "express";

const FileStore = sessionFileStore(session);

const sessionParser = session({
    secret: sessionSecret,
    resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
    saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
    cookie: {
        path: config.Session.cookiePath,
        httpOnly: true,
        maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
    },
    name: "trilium.sid",
    store: new FileStore({
        ttl: config.Session.cookieMaxAge,
        path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
    })
});

const checkAuthState = (req: Request, res: Response, next: NextFunction) => {
    if (!req.session.loggedIn || req.path === '/login') {
        return next();
    }

    const currentTotpStatus = totp.isTotpEnabled();
    const currentSsoStatus = open_id.isOpenIDEnabled();

    const lastAuthState = req.session.lastAuthState || {
        totpEnabled: false,
        ssoEnabled: false
    };

    if (lastAuthState.totpEnabled !== currentTotpStatus ||
        lastAuthState.ssoEnabled !== currentSsoStatus) {
        req.session.destroy((err) => {
            if (err) {
                console.error('Error destroying session:', err);
            }
            res.redirect('/login');
        });
        return;
    }

    next();
};

export default function (req: Request, res: Response, next: NextFunction) {
    sessionParser(req, res, () => {
        checkAuthState(req, res, next);
    });
}
server-esm: Change simple library import statements 2024-07-18 21:37:45 +03:00			`import session from "express-session";`
server-esm: Fix import to session-file-store 2024-07-18 22:59:39 +03:00			`import sessionFileStore from "session-file-store";`
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import sessionSecret from "../services/session_secret.js";`
			`import dataDir from "../services/data_dir.js";`
feat(session_parser): use cookiePath from config 2025-02-10 08:35:01 +01:00			`import config from "../services/config.js";`
feat: 🎸 Ask user to login if any MFA configs are changed 2025-03-26 00:04:55 +01:00			`import totp from "../services/totp.js";`
			`import open_id from "../services/open_id.js";`
			`import type { Request, Response, NextFunction } from "express";`

server-esm: Fix import to session-file-store 2024-07-18 22:59:39 +03:00			`const FileStore = sessionFileStore(session);`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00
			`const sessionParser = session({`
			`secret: sessionSecret,`
			`resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.`
			`saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.`
			`cookie: {`
refactor(config): rename Cookies to Session as requested in PR #1155 2025-02-10 19:07:21 +01:00			`path: config.Session.cookiePath,`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`httpOnly: true,`
chore(prettier): fix prettier issues 2025-02-13 09:07:25 +01:00			`maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`},`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`name: "trilium.sid",`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			`store: new FileStore({`
feat(session_parser): use seconds for setting maxAge and update default value to 21 days 21 days was used in the login route previously, when "remember me" was set 2025-02-13 08:39:02 +01:00			`ttl: config.Session.cookieMaxAge,`
cleanup of app.js, wwww 2023-05-07 15:23:46 +02:00			path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
			`})`
			`});`

feat: 🎸 Ask user to login if any MFA configs are changed 2025-03-26 00:04:55 +01:00			`const checkAuthState = (req: Request, res: Response, next: NextFunction) => {`
			`if (!req.session.loggedIn \|\| req.path === '/login') {`
			`return next();`
			`}`

			`const currentTotpStatus = totp.isTotpEnabled();`
			`const currentSsoStatus = open_id.isOpenIDEnabled();`

			`const lastAuthState = req.session.lastAuthState \|\| {`
			`totpEnabled: false,`
			`ssoEnabled: false`
			`};`

			`if (lastAuthState.totpEnabled !== currentTotpStatus \|\|`
			`lastAuthState.ssoEnabled !== currentSsoStatus) {`
			`req.session.destroy((err) => {`
			`if (err) {`
			`console.error('Error destroying session:', err);`
			`}`
			`res.redirect('/login');`
			`});`
			`return;`
			`}`

			`next();`
			`};`

			`export default function (req: Request, res: Response, next: NextFunction) {`
			`sessionParser(req, res, () => {`
			`checkAuthState(req, res, next);`
			`});`
			`}`