Notes/src/services/protected_session.js

"use strict";

const utils = require('./utils');
const dataEncryptionService = require('./data_encryption');
const cls = require('./cls');

const dataKeyMap = {};

function setDataKey(decryptedDataKey) {
    const protectedSessionId = utils.randomSecureToken(32);

    dataKeyMap[protectedSessionId] = Array.from(decryptedDataKey); // can't store buffer in session

    return protectedSessionId;
}

function setProtectedSessionId(req) {
    cls.namespace.set('protectedSessionId', req.cookies.protectedSessionId);
}

function getProtectedSessionId() {
    return cls.namespace.get('protectedSessionId');
}

function getDataKey() {
    const protectedSessionId = getProtectedSessionId();

    return dataKeyMap[protectedSessionId];
}

function isProtectedSessionAvailable() {
    const protectedSessionId = getProtectedSessionId();

    return !!dataKeyMap[protectedSessionId];
}

function decryptNoteTitle(noteId, encryptedTitle) {
    const dataKey = getDataKey();

    try {
        return dataEncryptionService.decryptString(dataKey, encryptedTitle);
    }
    catch (e) {
        e.message = `Cannot decrypt note title for noteId=${noteId}: ` + e.message;
        throw e;
    }
}

function decryptNote(note) {
    if (!note.isProtected) {
        return;
    }

    if (note.title) {
        note.title = decryptNoteTitle(note.noteId, note.title);
    }
}

function decryptNoteContent(note) {
    try {
        if (note.content != null) {
            note.content = dataEncryptionService.decrypt(getDataKey(), note.content);
        }
    }
    catch (e) {
        e.message = `Cannot decrypt content for noteId=${note.noteId}: ` + e.message;
        throw e;
    }
}

function decryptNotes(notes) {
    for (const note of notes) {
        decryptNote(note);
    }
}

function decryptNoteRevision(hist) {
    const dataKey = getDataKey();

    if (!hist.isProtected) {
        return;
    }

    try {
        if (hist.title) {
            hist.title = dataEncryptionService.decryptString(dataKey, hist.title.toString());
        }

        if (hist.content) {
            hist.content = dataEncryptionService.decryptString(dataKey, hist.content.toString());
        }
    }
    catch (e) {
        throw new Error(`Decryption failed for note ${hist.noteId}, revision ${hist.noteRevisionId}: ` + e.message + " " + e.stack);
    }
}

function encryptNote(note) {
    note.title = dataEncryptionService.encrypt(getDataKey(), note.title);
}

function encryptNoteContent(note) {
    note.content = dataEncryptionService.encrypt(getDataKey(), note.content);
}

function encryptNoteRevision(revision) {
    const dataKey = getDataKey();

    revision.title = dataEncryptionService.encrypt(dataKey, revision.title);
    revision.content = dataEncryptionService.encrypt(dataKey, revision.content);
}

module.exports = {
    setDataKey,
    getDataKey,
    isProtectedSessionAvailable,
    decryptNoteTitle,
    decryptNote,
    decryptNoteContent,
    decryptNotes,
    decryptNoteRevision,
    encryptNote,
    encryptNoteContent,
    encryptNoteRevision,
    setProtectedSessionId
};
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`"use strict";`

refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`const utils = require('./utils');`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const dataEncryptionService = require('./data_encryption');`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`const cls = require('./cls');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const dataKeyMap = {};`

autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function setDataKey(decryptedDataKey) {`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`const protectedSessionId = utils.randomSecureToken(32);`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`dataKeyMap[protectedSessionId] = Array.from(decryptedDataKey); // can't store buffer in session`

			`return protectedSessionId;`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function setProtectedSessionId(req) {`
fix csrf protection on electron build 2019-03-31 12:49:42 +02:00			`cls.namespace.set('protectedSessionId', req.cookies.protectedSessionId);`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function getProtectedSessionId() {`
			`return cls.namespace.get('protectedSessionId');`
			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function getDataKey() {`
			`const protectedSessionId = getProtectedSessionId();`
server side encryption WIP 2017-11-10 22:55:19 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`return dataKeyMap[protectedSessionId];`
support encryption for files, closes #60 2018-02-23 22:58:24 -05:00			`}`

autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function isProtectedSessionAvailable() {`
			`const protectedSessionId = getProtectedSessionId();`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`return !!dataKeyMap[protectedSessionId];`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`}`

autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function decryptNoteTitle(noteId, encryptedTitle) {`
			`const dataKey = getDataKey();`

exceptions on decryption 2018-08-27 21:58:02 +02:00			`try {`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`return dataEncryptionService.decryptString(dataKey, encryptedTitle);`
exceptions on decryption 2018-08-27 21:58:02 +02:00			`}`
			`catch (e) {`
			e.message = `Cannot decrypt note title for noteId=${noteId}: ` + e.message;
			`throw e;`
			`}`
autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function decryptNote(note) {`
renamed db columns to camelCase 2018-01-28 19:30:14 -05:00			`if (!note.isProtected) {`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`return;`
			`}`

split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`if (note.title) {`
note content refactoring, WIP 2019-02-07 22:16:40 +01:00			`note.title = decryptNoteTitle(note.noteId, note.title);`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`}`
			`}`

yet another refactoring of working with note's payload/content 2019-03-26 22:24:04 +01:00			`function decryptNoteContent(note) {`
exceptions on decryption 2018-08-27 21:58:02 +02:00			`try {`
yet another refactoring of working with note's payload/content 2019-03-26 22:24:04 +01:00			`if (note.content != null) {`
fix protecting files/images 2019-05-04 16:05:28 +02:00			`note.content = dataEncryptionService.decrypt(getDataKey(), note.content);`
fix export of protected notes to tar archive, fixes #432 2019-03-07 22:00:23 +01:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`
exceptions on decryption 2018-08-27 21:58:02 +02:00			`catch (e) {`
yet another refactoring of working with note's payload/content 2019-03-26 22:24:04 +01:00			e.message = `Cannot decrypt content for noteId=${note.noteId}: ` + e.message;
exceptions on decryption 2018-08-27 21:58:02 +02:00			`throw e;`
			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function decryptNotes(notes) {`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`for (const note of notes) {`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`decryptNote(note);`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`
			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function decryptNoteRevision(hist) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
renamed db columns to camelCase 2018-01-28 19:30:14 -05:00			`if (!hist.isProtected) {`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`return;`
			`}`

fix creating note directly as protected 2019-03-30 19:24:53 +01:00			`try {`
			`if (hist.title) {`
fix decryption of protected note revisions 2019-03-31 22:54:38 +02:00			`hist.title = dataEncryptionService.decryptString(dataKey, hist.title.toString());`
fix creating note directly as protected 2019-03-30 19:24:53 +01:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
fix creating note directly as protected 2019-03-30 19:24:53 +01:00			`if (hist.content) {`
fix decryption of protected note revisions 2019-03-31 22:54:38 +02:00			`hist.content = dataEncryptionService.decryptString(dataKey, hist.content.toString());`
fix creating note directly as protected 2019-03-30 19:24:53 +01:00			`}`
			`}`
			`catch (e) {`
allow searching with noteId & fix combining fulltext and other conditions with OR 2019-03-31 22:23:50 +02:00			throw new Error(`Decryption failed for note ${hist.noteId}, revision ${hist.noteRevisionId}: ` + e.message + " " + e.stack);
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`
			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function encryptNote(note) {`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`note.title = dataEncryptionService.encrypt(getDataKey(), note.title);`
			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
yet another refactoring of working with note's payload/content 2019-03-26 22:24:04 +01:00			`function encryptNoteContent(note) {`
			`note.content = dataEncryptionService.encrypt(getDataKey(), note.content);`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function encryptNoteRevision(revision) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`revision.title = dataEncryptionService.encrypt(dataKey, revision.title);`
			`revision.content = dataEncryptionService.encrypt(dataKey, revision.content);`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`

refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`module.exports = {`
			`setDataKey,`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`getDataKey,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`isProtectedSessionAvailable,`
autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`decryptNoteTitle,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`decryptNote,`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`decryptNoteContent,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`decryptNotes,`
refactored all mentions of "history" to "revision" 2018-03-25 20:52:38 -04:00			`decryptNoteRevision,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`encryptNote,`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`encryptNoteContent,`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`encryptNoteRevision,`
			`setProtectedSessionId`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`};`