Notes/src/routes/login.ts

"use strict";

import utils from "../services/utils.js";
import optionService from "../services/options.js";
import myScryptService from "../services/encryption/my_scrypt.js";
import log from "../services/log.js";
import passwordService from "../services/encryption/password.js";
import assetPath from "../services/asset_path.js";
import appPath from "../services/app_path.js";
import ValidationError from "../errors/validation_error.js";
import type { Request, Response } from "express";

function loginPage(req: Request, res: Response) {
    res.render("login", {
        failedAuth: false,
        assetPath: assetPath,
        appPath: appPath
    });
}

function setPasswordPage(req: Request, res: Response) {
    res.render("set_password", {
        error: false,
        assetPath: assetPath,
        appPath: appPath
    });
}

function setPassword(req: Request, res: Response) {
    if (passwordService.isPasswordSet()) {
        throw new ValidationError("Password has been already set");
    }

    let { password1, password2 } = req.body;
    password1 = password1.trim();
    password2 = password2.trim();

    let error;

    if (password1 !== password2) {
        error = "Entered passwords don't match.";
    } else if (password1.length < 4) {
        error = "Password must be at least 4 characters long.";
    }

    if (error) {
        res.render("set_password", {
            error,
            assetPath: assetPath,
            appPath: appPath
        });
        return;
    }

    passwordService.setPassword(password1);

    res.redirect("login");
}

function login(req: Request, res: Response) {
    const { password, rememberMe } = req.body;

    if (!verifyPassword(password)) {
        // note that logged IP address is usually meaningless since the traffic should come from a reverse proxy
        log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);

        return res.status(401).render("login", {
            failedAuth: true,
            assetPath: assetPath,
            appPath: appPath
        });
    }

    req.session.regenerate(() => {
        if (!rememberMe) {
            // unset default maxAge set by sessionParser
            // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)
            req.session.cookie.maxAge = undefined;
        }

        req.session.loggedIn = true;

        res.redirect(".");
    });
}

function verifyPassword(guessedPassword: string) {
    const hashed_password = utils.fromBase64(optionService.getOption("passwordVerificationHash"));

    const guess_hashed = myScryptService.getVerificationHash(guessedPassword);

    return guess_hashed.equals(hashed_password);
}

function logout(req: Request, res: Response) {
    req.session.regenerate(() => {
        req.session.loggedIn = false;
        res.sendStatus(200);
    });
}

export default {
    loginPage,
    setPasswordPage,
    setPassword,
    login,
    logout
};
use strict in all JS files 2017-10-21 21:10:33 -04:00			`"use strict";`

server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import utils from "../services/utils.js";`
			`import optionService from "../services/options.js";`
			`import myScryptService from "../services/encryption/my_scrypt.js";`
			`import log from "../services/log.js";`
			`import passwordService from "../services/encryption/password.js";`
			`import assetPath from "../services/asset_path.js";`
			`import appPath from "../services/app_path.js";`
			`import ValidationError from "../errors/validation_error.js";`
refactor(ts): enable verbatim module syntax 2025-01-09 18:36:24 +02:00			`import type { Request, Response } from "express";`
server-ts: Convert routes/login 2024-04-07 14:22:01 +03:00
			`function loginPage(req: Request, res: Response) {`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`res.render("login", {`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`failedAuth: false,`
fix missing doc resources for launchers, closes #3455 2022-12-25 11:58:24 +01:00			`assetPath: assetPath,`
			`appPath: appPath`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`});`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00
server-ts: Convert routes/login 2024-04-07 14:22:01 +03:00			`function setPasswordPage(req: Request, res: Response) {`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`res.render("set_password", {`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`error: false,`
fix missing doc resources for launchers, closes #3455 2022-12-25 11:58:24 +01:00			`assetPath: assetPath,`
			`appPath: appPath`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`});`
set password WIP 2021-12-29 23:19:05 +01:00			`}`

server-ts: Convert routes/login 2024-04-07 14:22:01 +03:00			`function setPassword(req: Request, res: Response) {`
resetting/setting password from options 2021-12-30 22:54:08 +01:00			`if (passwordService.isPasswordSet()) {`
introduced new exception classes for structured error reporting 2022-12-09 16:04:13 +01:00			`throw new ValidationError("Password has been already set");`
set password from web trilium 2021-12-29 23:37:12 +01:00			`}`

chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`let { password1, password2 } = req.body;`
set password from web trilium 2021-12-29 23:37:12 +01:00			`password1 = password1.trim();`
			`password2 = password2.trim();`

			`let error;`

			`if (password1 !== password2) {`
			`error = "Entered passwords don't match.";`
			`} else if (password1.length < 4) {`
			`error = "Password must be at least 4 characters long.";`
			`}`
node authentication 2017-10-15 16:32:49 -04:00
set password from web trilium 2021-12-29 23:37:12 +01:00			`if (error) {`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`res.render("set_password", {`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`error,`
fix(routes/login): add missing "appPath" to ejs render 2025-02-26 08:45:35 +01:00			`assetPath: assetPath,`
			`appPath: appPath`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`});`
set password from web trilium 2021-12-29 23:37:12 +01:00			`return;`
			`}`

resetting/setting password from options 2021-12-30 22:54:08 +01:00			`passwordService.setPassword(password1);`
set password from web trilium 2021-12-29 23:37:12 +01:00
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`res.redirect("login");`
set password from web trilium 2021-12-29 23:37:12 +01:00			`}`

chore(types): adapt to new express type definitions 2024-12-10 22:35:23 +02:00			`function login(req: Request, res: Response) {`
refactor(routes/login): refactor login fn I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way 2025-02-11 07:55:18 +01:00			`const { password, rememberMe } = req.body;`
node authentication 2017-10-15 16:32:49 -04:00
refactor(routes/login): refactor login fn I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way 2025-02-11 07:55:18 +01:00			`if (!verifyPassword(password)) {`
log warning about unsucessful login 2021-04-19 21:41:29 +02:00			`// note that logged IP address is usually meaningless since the traffic should come from a reverse proxy`
set password from web trilium 2021-12-29 23:37:12 +01:00			log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
log warning about unsucessful login 2021-04-19 21:41:29 +02:00
refactor(routes/login): refactor login fn I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way 2025-02-11 07:55:18 +01:00			`return res.status(401).render("login", {`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`failedAuth: true,`
fix(routes/login): add missing "appPath" to ejs render 2025-02-26 08:45:35 +01:00			`assetPath: assetPath,`
			`appPath: appPath`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`});`
node authentication 2017-10-15 16:32:49 -04:00			`}`
refactor(routes/login): refactor login fn I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way 2025-02-11 07:55:18 +01:00
			`req.session.regenerate(() => {`
feat(login): make use of default maxAge by sessionParser cookie will use the default value set in sessionParser middleware, which is controlled by config.Session.cookieMaxAge if rememberMe is not set -> the value is unset and the cookie becomes a non-persistent cookie, which the browser delete after the current session (e.g. when you close the browser) 2025-02-13 09:04:34 +01:00			`if (!rememberMe) {`
			`// unset default maxAge set by sessionParser`
			`// Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)`
			`req.session.cookie.maxAge = undefined;`
			`}`
refactor(routes/login): refactor login fn I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way 2025-02-11 07:55:18 +01:00
			`req.session.loggedIn = true;`

			`res.redirect(".");`
			`});`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00
server-ts: Convert routes/login 2024-04-07 14:22:01 +03:00			`function verifyPassword(guessedPassword: string) {`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`const hashed_password = utils.fromBase64(optionService.getOption("passwordVerificationHash"));`
node authentication 2017-10-15 16:32:49 -04:00
syncification 2020-06-20 12:31:38 +02:00			`const guess_hashed = myScryptService.getVerificationHash(guessedPassword);`
node authentication 2017-10-15 16:32:49 -04:00
			`return guess_hashed.equals(hashed_password);`
			`}`

chore(types): adapt to new express type definitions 2024-12-10 22:35:23 +02:00			`function logout(req: Request, res: Response) {`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`req.session.regenerate(() => {`
			`req.session.loggedIn = false;`
refactor(routes/login): remove unused rendering of HTML 2025-01-12 13:13:59 +01:00			`res.sendStatus(200);`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`});`
			`}`

server-esm: Change some more export object to export default object 2024-07-18 21:47:30 +03:00			`export default {`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`loginPage,`
set password WIP 2021-12-29 23:19:05 +01:00			`setPasswordPage,`
set password from web trilium 2021-12-29 23:37:12 +01:00			`setPassword,`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`login,`
			`logout`
			`};`