Notes/src/services/protected_session.js

"use strict";

const log = require('./log');
const dataEncryptionService = require('./encryption/data_encryption');

let dataKey = null;

function setDataKey(decryptedDataKey) {
    dataKey = Array.from(decryptedDataKey);
}

function getDataKey() {
    return dataKey;
}

function resetDataKey() {
    dataKey = null;
}

function isProtectedSessionAvailable() {
    return !!dataKey;
}

function encrypt(plainText) {
    if (plainText === null) {
        return null;
    }

    return dataEncryptionService.encrypt(getDataKey(), plainText);
}

function decrypt(cipherText) {
    if (cipherText === null) {
        return null;
    }

    return dataEncryptionService.decrypt(getDataKey(), cipherText);
}

function decryptString(cipherText) {
    return dataEncryptionService.decryptString(getDataKey(), cipherText);
}

let lastProtectedSessionOperationDate = null;

function touchProtectedSession() {
    if (isProtectedSessionAvailable()) {
        lastProtectedSessionOperationDate = Date.now();
    }
}

function checkProtectedSessionExpiration() {
    const options = require("./options");
    const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');
    if (isProtectedSessionAvailable()
        && lastProtectedSessionOperationDate
        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {

        resetDataKey();

        log.info("Expiring protected session");

        require('./ws').reloadFrontend("leaving protected session");
    }
}

module.exports = {
    setDataKey,
    resetDataKey,
    isProtectedSessionAvailable,
    encrypt,
    decrypt,
    decryptString,
    touchProtectedSession,
    checkProtectedSessionExpiration
};
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`"use strict";`

change salts on password change + more robust handling of decryption failures 2020-09-25 20:55:45 +02:00			`const log = require('./log');`
small refactorings 2023-06-29 22:10:13 +02:00			`const dataEncryptionService = require('./encryption/data_encryption');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`let dataKey = null;`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00
autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function setDataKey(decryptedDataKey) {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`dataKey = Array.from(decryptedDataKey);`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function getDataKey() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`return dataKey;`
support encryption for files, closes #60 2018-02-23 22:58:24 -05:00			`}`

when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`function resetDataKey() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`dataKey = null;`
when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`}`

autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function isProtectedSessionAvailable() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`return !!dataKey;`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`}`

moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`function encrypt(plainText) {`
make encryption more robust in face of null values, #1483 2020-12-21 22:08:55 +01:00			`if (plainText === null) {`
			`return null;`
			`}`

moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`return dataEncryptionService.encrypt(getDataKey(), plainText);`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`function decrypt(cipherText) {`
make encryption more robust in face of null values, #1483 2020-12-21 22:08:55 +01:00			`if (cipherText === null) {`
			`return null;`
			`}`

fixes 2019-11-01 23:05:33 +01:00			`return dataEncryptionService.decrypt(getDataKey(), cipherText);`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`

use decryptString() 2019-11-02 07:50:23 +01:00			`function decryptString(cipherText) {`
			`return dataEncryptionService.decryptString(getDataKey(), cipherText);`
			`}`

protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00			`let lastProtectedSessionOperationDate = null;`

			`function touchProtectedSession() {`
			`if (isProtectedSessionAvailable()) {`
			`lastProtectedSessionOperationDate = Date.now();`
			`}`
			`}`

moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`function checkProtectedSessionExpiration() {`
fixes to note attachment handling 2023-01-23 23:37:58 +01:00			`const options = require("./options");`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');`
			`if (isProtectedSessionAvailable()`
			`&& lastProtectedSessionOperationDate`
			`&& Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`resetDataKey();`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`log.info("Expiring protected session");`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
logging reason for frontend reload 2023-09-28 23:47:19 +02:00			`require('./ws').reloadFrontend("leaving protected session");`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`}`
			`}`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`module.exports = {`
			`setDataKey,`
when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`resetDataKey,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`isProtectedSessionAvailable,`
moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`encrypt,`
			`decrypt,`
use decryptString() 2019-11-02 07:50:23 +01:00			`decryptString,`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`touchProtectedSession,`
			`checkProtectedSessionExpiration`
fixes and polish 2020-06-15 17:56:53 +02:00			`};`