Notes/src/app.js

const log = require('./services/log');
const express = require('express');
const path = require('path');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const helmet = require('helmet');
const session = require('express-session');
const compression = require('compression');
const FileStore = require('session-file-store')(session);
const sessionSecret = require('./services/session_secret');
const dataDir = require('./services/data_dir');
const utils = require('./services/utils');
const assetPath = require('./services/asset_path');
const env = require('./services/env');
require('./services/handlers');
require('./becca/becca_loader');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

if (!utils.isElectron()) {
    app.use(compression()); // HTTP compression
}

app.use(helmet({
    hidePoweredBy: false, // errors out in electron
    contentSecurityPolicy: false,
    crossOriginEmbedderPolicy: false
}));

const persistentCacheStatic = (root, options) => {
    if (!env.isDev()) {
        options = {
            maxAge: '1y',
            ...options
        };
    }
    return express.static(root, options);
};

app.use(express.text({limit: '500mb'}));
app.use(express.json({limit: '500mb'}));
app.use(express.raw({limit: '500mb'}));
app.use(express.urlencoded({extended: false}));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public/root')));
app.use(`/${assetPath}/app`, persistentCacheStatic(path.join(__dirname, 'public/app')));
app.use(`/${assetPath}/app-dist`, persistentCacheStatic(path.join(__dirname, 'public/app-dist')));
app.use(`/${assetPath}/fonts`, persistentCacheStatic(path.join(__dirname, 'public/fonts')));
app.use(`/assets/vX/fonts`, express.static(path.join(__dirname, 'public/fonts')));
app.use(`/${assetPath}/stylesheets`, persistentCacheStatic(path.join(__dirname, 'public/stylesheets')));
app.use(`/assets/vX/stylesheets`, express.static(path.join(__dirname, 'public/stylesheets')));
app.use(`/${assetPath}/libraries`, persistentCacheStatic(path.join(__dirname, '..', 'libraries')));
app.use(`/assets/vX/libraries`, express.static(path.join(__dirname, '..', 'libraries')));
// excalidraw-view mode in shared notes
app.use(`/${assetPath}/node_modules/react/umd/react.production.min.js`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/react/umd/react.production.min.js')));
app.use(`/${assetPath}/node_modules/react-dom/umd/react-dom.production.min.js`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/react-dom/umd/react-dom.production.min.js')));
// expose whole dist folder since complete assets are needed in edit and share
app.use(`/node_modules/@excalidraw/excalidraw/dist/`, express.static(path.join(__dirname, '..', 'node_modules/@excalidraw/excalidraw/dist/')));
app.use(`/${assetPath}/node_modules/@excalidraw/excalidraw/dist/`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/@excalidraw/excalidraw/dist/')));
app.use(`/${assetPath}/images`, persistentCacheStatic(path.join(__dirname, '..', 'images')));
app.use(`/assets/vX/images`, express.static(path.join(__dirname, '..', 'images')));
app.use(`/manifest.webmanifest`, express.static(path.join(__dirname, 'public/manifest.webmanifest')));
app.use(`/robots.txt`, express.static(path.join(__dirname, 'public/robots.txt')));
const sessionParser = session({
    secret: sessionSecret,
    resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
    saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
    cookie: {
        //    path: "/",
        httpOnly: true,
        maxAge: 24 * 60 * 60 * 1000 // in milliseconds
    },
    name: 'trilium.sid',
    store: new FileStore({
        ttl: 30 * 24 * 3600,
        path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
    })
});
app.use(sessionParser);

app.use(favicon(`${__dirname}/../images/app-icons/win/icon.ico`));

require('./routes/routes').register(app);

require('./routes/custom').register(app);

app.use((err, req, res, next) => {
    if (err.code !== 'EBADCSRFTOKEN') {
        return next(err);
    }

    log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

    err = new Error('Invalid CSRF token');
    err.status = 403;
    next(err);
});

// catch 404 and forward to error handler
app.use((req, res, next) => {
    const err = new Error(`Router not found for request ${req.url}`);
    err.status = 404;
    next(err);
});

// error handler
app.use((err, req, res, next) => {
    if (err && err.message && (
        (err.message.includes("Router not found for request") && err.message.includes(".js.map"))
        || (err.message.includes("Router not found for request") && err.message.includes(".css.map"))
    )) {
        // ignore
    }
    else {
        log.info(err);
    }

    res.status(err.status || 500);
    res.send({
        message: err.message
    });
});

// triggers sync timer
require('./services/sync');

// triggers backup timer
require('./services/backup');

// trigger consistency checks timer
require('./services/consistency_checks');

require('./services/scheduler');

if (utils.isElectron()) {
    require('@electron/remote/main').initialize();
}

module.exports = {
    app,
    sessionParser
};
sync fix and more logging 2017-11-06 19:23:35 -05:00			`const log = require('./services/log');`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`const express = require('express');`
			`const path = require('path');`
			`const favicon = require('serve-favicon');`
			`const cookieParser = require('cookie-parser');`
node authentication 2017-10-15 16:32:49 -04:00			`const helmet = require('helmet');`
			`const session = require('express-session');`
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			`const compression = require('compression');`
filestore for sessions 2017-10-15 17:07:34 -04:00			`const FileStore = require('session-file-store')(session);`
store session secret in file 2017-10-23 23:38:52 -04:00			`const sessionSecret = require('./services/session_secret');`
put session directory into data dir to avoid conflict of multiple instances on a single server, fixes #1033 2020-05-24 00:21:20 +02:00			`const dataDir = require('./services/data_dir');`
better-sqlite3 binaries 2021-11-18 21:35:23 +01:00			`const utils = require('./services/utils');`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`const assetPath = require('./services/asset_path');`
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			`const env = require('./services/env');`
added new label "sorted" which will keep children notes alphabetically sorted, fixes #82 2018-08-01 09:26:02 +02:00			`require('./services/handlers');`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`require('./becca/becca_loader');`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00
			`const app = express();`

			`// view engine setup`
			`app.set('views', path.join(__dirname, 'views'));`
			`app.set('view engine', 'ejs');`

disable compression for electron / desktop builds 2022-08-22 19:29:58 +02:00			`if (!utils.isElectron()) {`
			`app.use(compression()); // HTTP compression`
			`}`
Add compression 2022-08-20 17:30:35 -04:00
electron 4.0.0-beta.3 2018-10-14 11:31:23 +02:00			`app.use(helmet({`
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`hidePoweredBy: false, // errors out in electron`
disable COEP, fixes #2858 2022-05-18 22:56:29 +02:00			`contentSecurityPolicy: false,`
			`crossOriginEmbedderPolicy: false`
electron 4.0.0-beta.3 2018-10-14 11:31:23 +02:00			`}));`
logging stuff to rotated files through simple-node-logger 2017-10-24 22:04:52 -04:00
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			`const persistentCacheStatic = (root, options) => {`
			`if (!env.isDev()) {`
			`options = {`
			`maxAge: '1y',`
			`...options`
			`};`
			`}`
			`return express.static(root, options);`
			`};`

etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`app.use(express.text({limit: '500mb'}));`
			`app.use(express.json({limit: '500mb'}));`
fix uploading binary data through ETAPI, closes #2667 2022-02-18 22:34:46 +01:00			`app.use(express.raw({limit: '500mb'}));`
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`app.use(express.urlencoded({extended: false}));`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`app.use(cookieParser());`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			`app.use(express.static(path.join(__dirname, 'public/root')));`
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			app.use(`/${assetPath}/app`, persistentCacheStatic(path.join(__dirname, 'public/app')));
			app.use(`/${assetPath}/app-dist`, persistentCacheStatic(path.join(__dirname, 'public/app-dist')));
			app.use(`/${assetPath}/fonts`, persistentCacheStatic(path.join(__dirname, 'public/fonts')));
use trilium version number in asset paths to avoid caching issues 2022-10-27 20:34:53 +02:00			app.use(`/assets/vX/fonts`, express.static(path.join(__dirname, 'public/fonts')));
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			app.use(`/${assetPath}/stylesheets`, persistentCacheStatic(path.join(__dirname, 'public/stylesheets')));
use trilium version number in asset paths to avoid caching issues 2022-10-27 20:34:53 +02:00			app.use(`/assets/vX/stylesheets`, express.static(path.join(__dirname, 'public/stylesheets')));
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			app.use(`/${assetPath}/libraries`, persistentCacheStatic(path.join(__dirname, '..', 'libraries')));
use trilium version number in asset paths to avoid caching issues 2022-10-27 20:34:53 +02:00			app.use(`/assets/vX/libraries`, express.static(path.join(__dirname, '..', 'libraries')));
ensure external assets in excalidraw are avoided 2022-05-09 16:08:56 +02:00			`// excalidraw-view mode in shared notes`
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			app.use(`/${assetPath}/node_modules/react/umd/react.production.min.js`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/react/umd/react.production.min.js')));
			app.use(`/${assetPath}/node_modules/react-dom/umd/react-dom.production.min.js`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/react-dom/umd/react-dom.production.min.js')));
ensure external assets in excalidraw are avoided 2022-05-09 16:08:56 +02:00			`// expose whole dist folder since complete assets are needed in edit and share`
use trilium version number in asset paths to avoid caching issues WIP 2022-10-26 23:50:54 +02:00			app.use(`/node_modules/@excalidraw/excalidraw/dist/`, express.static(path.join(__dirname, '..', 'node_modules/@excalidraw/excalidraw/dist/')));
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			app.use(`/${assetPath}/node_modules/@excalidraw/excalidraw/dist/`, persistentCacheStatic(path.join(__dirname, '..', 'node_modules/@excalidraw/excalidraw/dist/')));
			app.use(`/${assetPath}/images`, persistentCacheStatic(path.join(__dirname, '..', 'images')));
use trilium version number in asset paths to avoid caching issues 2022-10-27 20:34:53 +02:00			app.use(`/assets/vX/images`, express.static(path.join(__dirname, '..', 'images')));
fix webmanifest and robots.txt 2022-12-02 22:06:18 +01:00			app.use(`/manifest.webmanifest`, express.static(path.join(__dirname, 'public/manifest.webmanifest')));
			app.use(`/robots.txt`, express.static(path.join(__dirname, 'public/robots.txt')));
websocket requires logged in session in upgrade request 2017-11-30 23:50:42 -05:00			`const sessionParser = session({`
store session secret in file 2017-10-23 23:38:52 -04:00			`secret: sessionSecret,`
node authentication 2017-10-15 16:32:49 -04:00			`resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.`
			`saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.`
			`cookie: {`
websocket requires logged in session in upgrade request 2017-11-30 23:50:42 -05:00			`// path: "/",`
node authentication 2017-10-15 16:32:49 -04:00			`httpOnly: true,`
perf: add persistent http cache in prod 2023-04-07 19:51:34 +08:00			`maxAge: 24 * 60 * 60 * 1000 // in milliseconds`
filestore for sessions 2017-10-15 17:07:34 -04:00			`},`
use trilium.sid as a session ID to avoid session ID conflicts 2020-12-20 22:20:21 +01:00			`name: 'trilium.sid',`
filestore for sessions 2017-10-15 17:07:34 -04:00			`store: new FileStore({`
remember me reimplemented 2017-10-16 19:14:15 -04:00			`ttl: 30 * 24 * 3600,`
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
filestore for sessions 2017-10-15 17:07:34 -04:00			`})`
websocket requires logged in session in upgrade request 2017-11-30 23:50:42 -05:00			`});`
			`app.use(sessionParser);`
favicon 2017-10-21 00:19:13 -04:00
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			app.use(favicon(`${__dirname}/../images/app-icons/win/icon.ico`));
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00
added event log dialog 2017-11-03 23:00:35 -04:00			`require('./routes/routes').register(app);`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00			`require('./routes/custom').register(app);`

added extra logging for debugging CSRF issues 2019-05-29 23:13:15 +02:00			`app.use((err, req, res, next) => {`
			`if (err.code !== 'EBADCSRFTOKEN') {`
			`return next(err);`
			`}`

			log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

			`err = new Error('Invalid CSRF token');`
			`err.status = 403;`
			`next(err);`
			`});`

backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`// catch 404 and forward to error handler`
logging stuff to rotated files through simple-node-logger 2017-10-24 22:04:52 -04:00			`app.use((req, res, next) => {`
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			const err = new Error(`Router not found for request ${req.url}`);
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`err.status = 404;`
			`next(err);`
			`});`

			`// error handler`
logging stuff to rotated files through simple-node-logger 2017-10-24 22:04:52 -04:00			`app.use((err, req, res, next) => {`
spell check support + small options tabs reorganization 2019-10-06 21:35:26 +02:00			`if (err && err.message && (`
improve request logging 2020-07-02 23:15:37 +02:00			`(err.message.includes("Router not found for request") && err.message.includes(".js.map"))`
fix non disappearing persistent toast 2019-10-28 20:26:40 +01:00			`\|\| (err.message.includes("Router not found for request") && err.message.includes(".css.map"))`
spell check support + small options tabs reorganization 2019-10-06 21:35:26 +02:00			`)) {`
improve request logging 2020-07-02 23:15:37 +02:00			`// ignore`
ignore electron error 2019-06-12 21:44:33 +02:00			`}`
fix reload 2019-06-16 09:15:37 +02:00			`else {`
			`log.info(err);`
			`}`
added document_id for sync identification 2017-10-28 13:19:12 -04:00
			`res.status(err.status \|\| 500);`
			`res.send({`
			`message: err.message`
			`});`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`});`

backup is now triggered after start of the app and with timer 2017-10-28 12:23:11 -04:00			`// triggers sync timer`
use strict in all JS files 2017-10-21 21:10:33 -04:00			`require('./services/sync');`

backup is now triggered after start of the app and with timer 2017-10-28 12:23:11 -04:00			`// triggers backup timer`
			`require('./services/backup');`

implemented consistency checks 2017-12-14 22:16:26 -05:00			`// trigger consistency checks timer`
			`require('./services/consistency_checks');`

basic scheduling of backend scripts using attributes 2018-03-02 20:56:58 -05:00			`require('./services/scheduler');`

better-sqlite3 binaries 2021-11-18 21:35:23 +01:00			`if (utils.isElectron()) {`
			`require('@electron/remote/main').initialize();`
			`}`
upgrade to electron v16 and node v16 2021-11-16 22:43:08 +01:00
websocket requires logged in session in upgrade request 2017-11-30 23:50:42 -05:00			`module.exports = {`
			`app,`
			`sessionParser`
refactoring to allow unit tests of the whole search subsystem 2020-05-21 14:05:56 +02:00			`};`