Notes/src/services/etapi_tokens.ts

import becca from "../becca/becca.js";
import utils from "./utils.js";
import BEtapiToken from "../becca/entities/betapi_token.js";
import crypto from "crypto";

function getTokens() {
    return becca.getEtapiTokens();
}

function getTokenHash(token: crypto.BinaryLike) {
    return crypto.createHash('sha256').update(token).digest('base64');
}

function createToken(tokenName: string) {
    const token = utils.randomSecureToken(32);
    const tokenHash = getTokenHash(token);

    const etapiToken = new BEtapiToken({
        name: tokenName,
        tokenHash
    }).save();

    return {
        authToken: `${etapiToken.etapiTokenId}_${token}`
    };
}

function parseAuthToken(auth: string | undefined) {
    if (!auth) {
        return null;
    }

    if (auth.startsWith("Basic ")) {
        // allow also basic auth format for systems which allow this type of authentication
        // expect ETAPI token in the password field, require "etapi" username
        // https://github.com/zadam/trilium/issues/3181
        const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("utf-8");
        const basicAuthChunks = basicAuthStr.split(":");

        if (basicAuthChunks.length !== 2) {
            return null;
        }

        if (basicAuthChunks[0] !== "etapi") {
            return null;
        }

        auth = basicAuthChunks[1];
    }

    const chunks = auth.split("_");

    if (chunks.length === 1) {
        return { token: auth }; // legacy format without etapiTokenId
    }
    else if (chunks.length === 2) {
        return {
            etapiTokenId: chunks[0],
            token: chunks[1]
        }
    }
    else {
        return null; // wrong format
    }
}

function isValidAuthHeader(auth: string | undefined) {
    const parsed = parseAuthToken(auth);

    if (!parsed) {
        return false;
    }

    const authTokenHash = getTokenHash(parsed.token);

    if (parsed.etapiTokenId) {
        const etapiToken = becca.getEtapiToken(parsed.etapiTokenId);

        if (!etapiToken) {
            return false;
        }

        return etapiToken.tokenHash === authTokenHash;
    }
    else {
        for (const etapiToken of becca.getEtapiTokens()) {
            if (etapiToken.tokenHash === authTokenHash) {
                return true;
            }
        }

        return false;
    }
}

function renameToken(etapiTokenId: string, newName: string) {
    const etapiToken = becca.getEtapiToken(etapiTokenId);

    if (!etapiToken) {
        throw new Error(`Token '${etapiTokenId}' does not exist`);
    }

    etapiToken.name = newName;
    etapiToken.save();
}

function deleteToken(etapiTokenId: string) {
    const etapiToken = becca.getEtapiToken(etapiTokenId);

    if (!etapiToken) {
        return; // ok, already deleted
    }

    etapiToken.markAsDeletedSimple();
}

export default {
    getTokens,
    createToken,
    renameToken,
    deleteToken,
    parseAuthToken,
    isValidAuthHeader
};
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import becca from "../becca/becca.js";`
			`import utils from "./utils.js";`
			`import BEtapiToken from "../becca/entities/betapi_token.js";`
server-esm: Change simple library import statements 2024-07-18 21:37:45 +03:00			`import crypto from "crypto";`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00
			`function getTokens() {`
			`return becca.getEtapiTokens();`
			`}`

server-ts: Port etapi_tokens service 2024-02-17 19:55:40 +02:00			`function getTokenHash(token: crypto.BinaryLike) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`return crypto.createHash('sha256').update(token).digest('base64');`
			`}`

server-ts: Port etapi_tokens service 2024-02-17 19:55:40 +02:00			`function createToken(tokenName: string) {`
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`const token = utils.randomSecureToken(32);`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const tokenHash = getTokenHash(token);`

rename becca entities to have B-prefix, #3476 2023-01-03 13:52:37 +01:00			`const etapiToken = new BEtapiToken({`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`name: tokenName,`
			`tokenHash`
			`}).save();`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`return {`
			authToken: `${etapiToken.etapiTokenId}_${token}`
			`};`
			`}`

server-ts: Address review 2024-04-03 19:22:49 +03:00			`function parseAuthToken(auth: string \| undefined) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (!auth) {`
			`return null;`
			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
support basic auth in ETAPI 2022-10-08 20:59:11 +02:00			`if (auth.startsWith("Basic ")) {`
			`// allow also basic auth format for systems which allow this type of authentication`
fix comment 2022-10-09 21:34:01 +02:00			`// expect ETAPI token in the password field, require "etapi" username`
support basic auth in ETAPI 2022-10-08 20:59:11 +02:00			`// https://github.com/zadam/trilium/issues/3181`
fixes for zip export/import in regard to attachments 2023-05-06 22:50:28 +02:00			`const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("utf-8");`
support basic auth in ETAPI 2022-10-08 20:59:11 +02:00			`const basicAuthChunks = basicAuthStr.split(":");`

basic auth etapi should require "etapi" username 2022-10-09 21:33:32 +02:00			`if (basicAuthChunks.length !== 2) {`
support basic auth in ETAPI 2022-10-08 20:59:11 +02:00			`return null;`
			`}`
basic auth etapi should require "etapi" username 2022-10-09 21:33:32 +02:00
			`if (basicAuthChunks[0] !== "etapi") {`
			`return null;`
			`}`

			`auth = basicAuthChunks[1];`
support basic auth in ETAPI 2022-10-08 20:59:11 +02:00			`}`

ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const chunks = auth.split("_");`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (chunks.length === 1) {`
			`return { token: auth }; // legacy format without etapiTokenId`
			`}`
			`else if (chunks.length === 2) {`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00			`return {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`etapiTokenId: chunks[0],`
			`token: chunks[1]`
			`}`
			`}`
			`else {`
			`return null; // wrong format`
			`}`
			`}`

server-ts: Address review 2024-04-03 19:22:49 +03:00			`function isValidAuthHeader(auth: string \| undefined) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const parsed = parseAuthToken(auth);`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (!parsed) {`
			`return false;`
			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
			`const authTokenHash = getTokenHash(parsed.token);`

ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (parsed.etapiTokenId) {`
			`const etapiToken = becca.getEtapiToken(parsed.etapiTokenId);`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (!etapiToken) {`
			`return false;`
			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`return etapiToken.tokenHash === authTokenHash;`
			`}`
			`else {`
			`for (const etapiToken of becca.getEtapiTokens()) {`
			`if (etapiToken.tokenHash === authTokenHash) {`
			`return true;`
			`}`
			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`return false;`
			`}`
			`}`

server-ts: Port etapi_tokens service 2024-02-17 19:55:40 +02:00			`function renameToken(etapiTokenId: string, newName: string) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const etapiToken = becca.getEtapiToken(etapiTokenId);`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (!etapiToken) {`
small refactorings 2023-05-04 22:16:18 +02:00			throw new Error(`Token '${etapiTokenId}' does not exist`);
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`etapiToken.name = newName;`
			`etapiToken.save();`
			`}`

server-ts: Port etapi_tokens service 2024-02-17 19:55:40 +02:00			`function deleteToken(etapiTokenId: string) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const etapiToken = becca.getEtapiToken(etapiTokenId);`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (!etapiToken) {`
			`return; // ok, already deleted`
			`}`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00
			`etapiToken.markAsDeletedSimple();`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`}`

server-esm: Change some more export object to export default object 2024-07-18 21:47:30 +03:00			`export default {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`getTokens,`
			`createToken,`
			`renameToken,`
			`deleteToken,`
			`parseAuthToken,`
			`isValidAuthHeader`
fix multiple UI bugs, closes #2616 2022-02-07 22:50:28 +01:00			`};`