2017-10-21 21:10:33 -04:00
|
|
|
"use strict";
|
|
|
|
|
|
2017-12-10 12:56:59 -05:00
|
|
|
const sql = require('./sql');
|
2019-07-25 21:05:16 +02:00
|
|
|
const log = require('./log');
|
2018-04-02 21:25:20 -04:00
|
|
|
const sqlInit = require('./sql_init');
|
2017-11-05 17:58:55 -05:00
|
|
|
const utils = require('./utils');
|
2018-07-22 19:56:20 +02:00
|
|
|
const passwordEncryptionService = require('./password_encryption');
|
2020-08-29 00:11:50 +02:00
|
|
|
const config = require('./config');
|
2021-12-30 22:54:08 +01:00
|
|
|
const passwordService = require("./password.js");
|
2020-08-29 00:11:50 +02:00
|
|
|
|
|
|
|
|
const noAuthentication = config.General && config.General.noAuthentication === true;
|
2017-10-25 22:39:21 -04:00
|
|
|
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkAuth(req, res, next) {
|
|
|
|
|
if (!sqlInit.isDbInitialized()) {
|
2017-12-03 22:29:23 -05:00
|
|
|
res.redirect("setup");
|
|
|
|
|
}
|
2020-08-29 00:11:50 +02:00
|
|
|
else if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
|
2021-12-30 22:54:08 +01:00
|
|
|
if (passwordService.isPasswordSet()) {
|
2021-12-29 23:19:05 +01:00
|
|
|
res.redirect("login");
|
|
|
|
|
} else {
|
2021-12-29 23:37:12 +01:00
|
|
|
res.redirect("set-password");
|
2021-12-29 23:19:05 +01:00
|
|
|
}
|
2017-10-25 22:39:21 -04:00
|
|
|
}
|
2017-10-26 20:31:31 -04:00
|
|
|
else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-07 09:59:05 -05:00
|
|
|
// for electron things which need network stuff
|
|
|
|
|
// currently we're doing that for file upload because handling form data seems to be difficult
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkApiAuthOrElectron(req, res, next) {
|
2020-08-29 00:11:50 +02:00
|
|
|
if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
|
2021-04-05 22:37:12 +02:00
|
|
|
reject(req, res, "Logged in session not found");
|
2018-01-07 09:59:05 -05:00
|
|
|
}
|
|
|
|
|
else {
|
2017-10-15 16:32:49 -04:00
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkApiAuth(req, res, next) {
|
2020-08-29 00:11:50 +02:00
|
|
|
if (!req.session.loggedIn && !noAuthentication) {
|
2021-04-05 22:37:12 +02:00
|
|
|
reject(req, res, "Logged in session not found");
|
2017-10-26 20:31:31 -04:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkAppInitialized(req, res, next) {
|
|
|
|
|
if (!sqlInit.isDbInitialized()) {
|
2018-07-24 20:35:03 +02:00
|
|
|
res.redirect("setup");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-29 23:19:05 +01:00
|
|
|
function checkPasswordSet(req, res, next) {
|
2021-12-30 22:54:08 +01:00
|
|
|
if (!utils.isElectron() && !passwordService.isPasswordSet()) {
|
2021-12-29 23:37:12 +01:00
|
|
|
res.redirect("set-password");
|
2021-12-29 23:19:05 +01:00
|
|
|
} else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkAppNotInitialized(req, res, next) {
|
|
|
|
|
if (sqlInit.isDbInitialized()) {
|
2019-07-25 21:05:16 +02:00
|
|
|
reject(req, res, "App already initialized.");
|
2017-12-03 22:29:23 -05:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-20 12:31:38 +02:00
|
|
|
function checkToken(req, res, next) {
|
2018-03-30 17:29:13 -04:00
|
|
|
const token = req.headers.authorization;
|
|
|
|
|
|
2021-05-02 21:34:57 +02:00
|
|
|
// TODO: put all tokens into becca memory to avoid these requests
|
2020-06-20 12:31:38 +02:00
|
|
|
if (sql.getValue("SELECT COUNT(*) FROM api_tokens WHERE isDeleted = 0 AND token = ?", [token]) === 0) {
|
2021-04-05 22:37:12 +02:00
|
|
|
reject(req, res, "Token not found");
|
2018-03-30 17:29:13 -04:00
|
|
|
}
|
|
|
|
|
else {
|
2018-06-10 15:49:22 -04:00
|
|
|
next();
|
2018-03-30 17:29:13 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-25 21:05:16 +02:00
|
|
|
function reject(req, res, message) {
|
|
|
|
|
log.info(`${req.method} ${req.path} rejected with 401 ${message}`);
|
|
|
|
|
|
|
|
|
|
res.status(401).send(message);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 21:59:56 +01:00
|
|
|
function checkCredentials(req, res, next) {
|
2021-11-10 21:12:53 +01:00
|
|
|
if (!sqlInit.isDbInitialized()) {
|
|
|
|
|
res.status(400).send('Database is not initialized yet.');
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 21:59:56 +01:00
|
|
|
const header = req.headers['trilium-cred'] || '';
|
2021-11-10 21:12:53 +01:00
|
|
|
const auth = new Buffer.from(header, 'base64').toString();
|
2018-07-22 19:56:20 +02:00
|
|
|
const [username, password] = auth.split(/:/);
|
|
|
|
|
|
2021-12-29 23:37:12 +01:00
|
|
|
// username is ignored
|
2018-07-22 19:56:20 +02:00
|
|
|
|
2021-12-29 23:37:12 +01:00
|
|
|
if (!passwordEncryptionService.verifyPassword(password)) {
|
|
|
|
|
res.status(401).send('Incorrect password');
|
2018-07-22 19:56:20 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-15 16:32:49 -04:00
|
|
|
module.exports = {
|
|
|
|
|
checkAuth,
|
2017-10-26 20:31:31 -04:00
|
|
|
checkApiAuth,
|
2018-07-24 20:35:03 +02:00
|
|
|
checkAppInitialized,
|
2021-12-29 23:19:05 +01:00
|
|
|
checkPasswordSet,
|
2018-01-07 09:59:05 -05:00
|
|
|
checkAppNotInitialized,
|
2018-03-30 17:29:13 -04:00
|
|
|
checkApiAuthOrElectron,
|
2019-07-07 13:12:40 +02:00
|
|
|
checkToken,
|
2021-02-05 21:59:56 +01:00
|
|
|
checkCredentials
|
2020-06-20 12:31:38 +02:00
|
|
|
};
|
