Notes/apps/server/src/routes/custom.ts

import log from "../services/log.js";
import fileService from "./api/files.js";
import scriptService from "../services/script.js";
import cls from "../services/cls.js";
import sql from "../services/sql.js";
import becca from "../becca/becca.js";
import type { Request, Response, Router } from "express";
import { safeExtractMessageAndStackFromError, normalizeCustomHandlerPattern } from "../services/utils.js";

function handleRequest(req: Request, res: Response) {

    // handle path from "*path" route wildcard
    // in express v4, you could just add
    // req.params.path + req.params[0], but with v5
    // we get a split array that we have to join ourselves again

    // @TriliumNextTODO: remove typecasting once express types are fixed
    // they currently only treat req.params as string, while in reality
    // it can also be a string[], when using wildcards
    const splitPath = req.params.path as unknown as string[];

    //const path = splitPath.map(segment => encodeURIComponent(segment)).join("/")
    // naively join the "decoded" paths using a slash
    // this is to mimick handleRequest behaviour
    // as with the previous express v4.
    // @TriliumNextTODO: using something like =>
    // splitPath.map(segment => encodeURIComponent(segment)).join("/")
    // might be safer

    const path = splitPath.join("/")

    const attributeIds = sql.getColumn<string>("SELECT attributeId FROM attributes WHERE isDeleted = 0 AND type = 'label' AND name IN ('customRequestHandler', 'customResourceProvider')");

    const attrs = attributeIds.map((attrId) => becca.getAttribute(attrId));

    for (const attr of attrs) {
        if (!attr?.value.trim()) {
            continue;
        }

        // Get normalized patterns to handle both trailing slash cases
        const patterns = normalizeCustomHandlerPattern(attr.value);
        let match: RegExpMatchArray | null = null;

        try {
            // Try each pattern until we find a match
            for (const pattern of patterns) {
                const regex = new RegExp(`^${pattern}$`);
                match = path.match(regex);
                if (match) {
                    break; // Found a match, exit pattern loop
                }
            }
        } catch (e: unknown) {
            const [errMessage, errStack] = safeExtractMessageAndStackFromError(e);
            log.error(`Testing path for label '${attr.attributeId}', regex '${attr.value}' failed with error: ${errMessage}, stack: ${errStack}`);
            continue;
        }

        if (!match) {
            continue;
        }

        if (attr.name === "customRequestHandler") {
            const note = attr.getNote();

            log.info(`Handling custom request '${path}' with note '${note.noteId}'`);

            try {
                scriptService.executeNote(note, {
                    pathParams: match.slice(1),
                    req,
                    res
                });
            } catch (e: unknown) {
                const [errMessage, errStack] = safeExtractMessageAndStackFromError(e);
                log.error(`Custom handler '${note.noteId}' failed with: ${errMessage}, ${errStack}`);
                res.setHeader("Content-Type", "text/plain").status(500).send(errMessage);
            }
        } else if (attr.name === "customResourceProvider") {
            fileService.downloadNoteInt(attr.noteId, res);
        } else {
            throw new Error(`Unrecognized attribute name '${attr.name}'`);
        }

        return; // only the first handler is executed
    }

    const message = `No handler matched for custom '${path}' request.`;

    log.info(message);
    res.setHeader("Content-Type", "text/plain").status(404).send(message);
}

function register(router: Router) {
    // explicitly no CSRF middleware since it's meant to allow integration from external services

    router.all("/custom/*path", (req: Request, res: Response, _next) => {
        cls.namespace.bindEmitter(req);
        cls.namespace.bindEmitter(res);

        cls.init(() => handleRequest(req, res));
    });
}

export default {
    register
};
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import log from "../services/log.js";`
			`import fileService from "./api/files.js";`
			`import scriptService from "../services/script.js";`
			`import cls from "../services/cls.js";`
			`import sql from "../services/sql.js";`
			`import becca from "../becca/becca.js";`
refactor(ts): enable verbatim module syntax 2025-01-09 18:36:24 +02:00			`import type { Request, Response, Router } from "express";`
feat(server): lint for trailing slashes in sync URL and extra slashes in customRequestHandler 2025-06-17 19:37:40 +00:00			`import { safeExtractMessageAndStackFromError, normalizeCustomHandlerPattern } from "../services/utils.js";`
server-ts: Convert routes/custom 2024-04-07 14:05:50 +03:00
			`function handleRequest(req: Request, res: Response) {`
added CSRF protection using csurf express middleware, fixes #455 2019-03-24 22:41:53 +01:00
refactor(routes/custom): update path "/custom/*path" for express v5 2025-04-09 00:17:30 +02:00			`// handle path from "*path" route wildcard`
			`// in express v4, you could just add`
			`// req.params.path + req.params[0], but with v5`
			`// we get a split array that we have to join ourselves again`

			`// @TriliumNextTODO: remove typecasting once express types are fixed`
			`// they currently only treat req.params as string, while in reality`
			`// it can also be a string[], when using wildcards`
			`const splitPath = req.params.path as unknown as string[];`

			`//const path = splitPath.map(segment => encodeURIComponent(segment)).join("/")`
			`// naively join the "decoded" paths using a slash`
			`// this is to mimick handleRequest behaviour`
			`// as with the previous express v4.`
			`// @TriliumNextTODO: using something like =>`
			`// splitPath.map(segment => encodeURIComponent(segment)).join("/")`
			`// might be safer`

			`const path = splitPath.join("/")`
added CSRF protection using csurf express middleware, fixes #455 2019-03-24 22:41:53 +01:00
server-ts: Convert routes/custom 2024-04-07 14:05:50 +03:00			`const attributeIds = sql.getColumn<string>("SELECT attributeId FROM attributes WHERE isDeleted = 0 AND type = 'label' AND name IN ('customRequestHandler', 'customResourceProvider')");`
becca conversion WIP 2021-05-02 19:59:16 +02:00
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`const attrs = attributeIds.map((attrId) => becca.getAttribute(attrId));`
bug fixes for custom handlers 2019-01-27 15:47:40 +01:00
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`for (const attr of attrs) {`
server-ts: Convert routes/custom 2024-04-07 14:05:50 +03:00			`if (!attr?.value.trim()) {`
fix wrong behavior when customResourceProvider has empty value, fixes #1393 2020-11-06 21:52:57 +01:00			`continue;`
			`}`

feat(server): lint for trailing slashes in sync URL and extra slashes in customRequestHandler 2025-06-17 19:37:40 +00:00			`// Get normalized patterns to handle both trailing slash cases`
			`const patterns = normalizeCustomHandlerPattern(attr.value);`
feat(server): fix lint type errors for normalizing server URLs 2025-06-18 20:46:11 +00:00			`let match: RegExpMatchArray \| null = null;`
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00
feat(server): fix lint type errors for normalizing server URLs 2025-06-18 20:46:11 +00:00			`try {`
			`// Try each pattern until we find a match`
			`for (const pattern of patterns) {`
feat(server): lint for trailing slashes in sync URL and extra slashes in customRequestHandler 2025-06-17 19:37:40 +00:00			const regex = new RegExp(`^${pattern}$`);
			`match = path.match(regex);`
			`if (match) {`
			`break; // Found a match, exit pattern loop`
			`}`
			`}`
feat(server): fix lint type errors for normalizing server URLs 2025-06-18 20:46:11 +00:00			`} catch (e: unknown) {`
			`const [errMessage, errStack] = safeExtractMessageAndStackFromError(e);`
			log.error(`Testing path for label '${attr.attributeId}', regex '${attr.value}' failed with error: ${errMessage}, stack: ${errStack}`);
			`continue;`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`}`

			`if (!match) {`
			`continue;`
			`}`
bug fixes for custom handlers 2019-01-27 15:47:40 +01:00
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`if (attr.name === "customRequestHandler") {`
Merge remote-tracking branch 'origin/stable' into syncification # Conflicts: # package-lock.json # package.json # src/routes/custom.js # src/services/import/single.js 2020-06-24 22:08:31 +02:00			`const note = attr.getNote();`
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00
attachment actions 2023-05-03 10:23:20 +02:00			log.info(`Handling custom request '${path}' with note '${note.noteId}'`);
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00
			`try {`
Merge remote-tracking branch 'origin/stable' into syncification # Conflicts: # package-lock.json # package.json # src/routes/custom.js # src/services/import/single.js 2020-06-24 22:08:31 +02:00			`scriptService.executeNote(note, {`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`pathParams: match.slice(1),`
			`req,`
			`res`
			`});`
refactor(routes/custom): get rid of "any" type catch blocks 2025-03-08 00:22:12 +01:00			`} catch (e: unknown) {`
refactor(utils): add safeExtractMessageAndStackFromError util to remove code duplication 2025-03-08 17:07:25 +01:00			`const [errMessage, errStack] = safeExtractMessageAndStackFromError(e);`
refactor(routes/custom): get rid of "any" type catch blocks 2025-03-08 00:22:12 +01:00			log.error(`Custom handler '${note.noteId}' failed with: ${errMessage}, ${errStack}`);
			`res.setHeader("Content-Type", "text/plain").status(500).send(errMessage);`
custom handler refactoring 2019-01-27 16:37:18 +01:00			`}`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`} else if (attr.name === "customResourceProvider") {`
attachment actions 2023-05-03 10:23:20 +02:00			`fileService.downloadNoteInt(attr.noteId, res);`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`} else {`
attachment actions 2023-05-03 10:23:20 +02:00			throw new Error(`Unrecognized attribute name '${attr.name}'`);
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`}`
custom handler refactoring 2019-01-27 16:37:18 +01:00
grammar 2023-05-05 23:41:11 +02:00			`return; // only the first handler is executed`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`}`
custom handler refactoring 2019-01-27 16:37:18 +01:00
attachment actions 2023-05-03 10:23:20 +02:00			const message = `No handler matched for custom '${path}' request.`;
error handling in custom request handler 2019-02-03 11:15:32 +01:00
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`log.info(message);`
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00			`res.setHeader("Content-Type", "text/plain").status(404).send(message);`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`}`
custom handler refactoring 2019-01-27 16:37:18 +01:00
server-ts: Convert routes/custom 2024-04-07 14:05:50 +03:00			`function register(router: Router) {`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`// explicitly no CSRF middleware since it's meant to allow integration from external services`
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00
refactor(routes/custom): update path "/custom/*path" for express v5 2025-04-09 00:17:30 +02:00			`router.all("/custom/*path", (req: Request, res: Response, _next) => {`
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`cls.namespace.bindEmitter(req);`
			`cls.namespace.bindEmitter(res);`
bug fixes for custom handlers 2019-01-27 15:47:40 +01:00
fix custom resource handler, closes #1125 2020-06-22 23:13:53 +02:00			`cls.init(() => handleRequest(req, res));`
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00			`});`
			`}`

server-esm: Change export object to export default object 2024-07-18 21:42:44 +03:00			`export default {`
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 12:28:20 +01:00			`register`
syncification 2020-06-20 12:31:38 +02:00			`};`