Notes/src/services/protected_session.ts

"use strict";

import log = require('./log');
import dataEncryptionService = require('./encryption/data_encryption');

let dataKey: Buffer | null = null;

function setDataKey(decryptedDataKey: Buffer) {
    dataKey = Buffer.from(decryptedDataKey);
}

function getDataKey() {
    return dataKey;
}

function resetDataKey() {
    dataKey = null;
}

function isProtectedSessionAvailable() {
    return !!dataKey;
}

function encrypt(plainText: string | Buffer) {
    const dataKey = getDataKey();
    if (plainText === null || dataKey === null) {
        return null;
    }

    return dataEncryptionService.encrypt(dataKey, plainText);
}

function decrypt(cipherText: string | Buffer): Buffer | null {
    const dataKey = getDataKey();
    if (cipherText === null || dataKey === null) {
        return null;
    }

    return dataEncryptionService.decrypt(dataKey, cipherText) || null;
}

function decryptString(cipherText: string): string | null {
    const dataKey = getDataKey();
    if (dataKey === null) {
        return null;
    }
    return dataEncryptionService.decryptString(dataKey, cipherText);
}

let lastProtectedSessionOperationDate: number | null = null;

function touchProtectedSession() {
    if (isProtectedSessionAvailable()) {
        lastProtectedSessionOperationDate = Date.now();
    }
}

function checkProtectedSessionExpiration() {
    const options = require('./options.js');
    const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');
    if (isProtectedSessionAvailable()
        && lastProtectedSessionOperationDate
        && Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {

        resetDataKey();

        log.info("Expiring protected session");

        require('./ws.js').reloadFrontend("leaving protected session");
    }
}

export = {
    setDataKey,
    resetDataKey,
    isProtectedSessionAvailable,
    encrypt,
    decrypt,
    decryptString,
    touchProtectedSession,
    checkProtectedSessionExpiration
};
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`"use strict";`

server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`import log = require('./log');`
			`import dataEncryptionService = require('./encryption/data_encryption');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`let dataKey: Buffer \| null = null;`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00
server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`function setDataKey(decryptedDataKey: Buffer) {`
			`dataKey = Buffer.from(decryptedDataKey);`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 08:53:52 -04:00			`function getDataKey() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`return dataKey;`
support encryption for files, closes #60 2018-02-23 22:58:24 -05:00			`}`

when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`function resetDataKey() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`dataKey = null;`
when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`}`

autocomplete supports encrypted notes now as well 2018-04-20 00:12:01 -04:00			`function isProtectedSessionAvailable() {`
protected session is now global application state to avoid weird issues with multiple tabs/windows/reloads 2021-05-07 22:23:49 +02:00			`return !!dataKey;`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`}`

server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`function encrypt(plainText: string \| Buffer) {`
			`const dataKey = getDataKey();`
			`if (plainText === null \|\| dataKey === null) {`
make encryption more robust in face of null values, #1483 2020-12-21 22:08:55 +01:00			`return null;`
			`}`

server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`return dataEncryptionService.encrypt(dataKey, plainText);`
split out note's content into separate entity, WIP 2019-02-06 20:19:25 +01:00			`}`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00
server-ts: Convert more classes, including entity_changes.js 2024-02-16 23:56:32 +02:00			`function decrypt(cipherText: string \| Buffer): Buffer \| null {`
server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`const dataKey = getDataKey();`
			`if (cipherText === null \|\| dataKey === null) {`
make encryption more robust in face of null values, #1483 2020-12-21 22:08:55 +01:00			`return null;`
			`}`

server-ts: Convert more classes, including entity_changes.js 2024-02-16 23:56:32 +02:00			`return dataEncryptionService.decrypt(dataKey, cipherText) \|\| null;`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`}`

server-ts: Convert more classes, including entity_changes.js 2024-02-16 23:56:32 +02:00			`function decryptString(cipherText: string): string \| null {`
server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`const dataKey = getDataKey();`
			`if (dataKey === null) {`
			`return null;`
			`}`
			`return dataEncryptionService.decryptString(dataKey, cipherText);`
use decryptString() 2019-11-02 07:50:23 +01:00			`}`

server-ts: protected_session.js -> ts 2024-02-16 23:09:59 +02:00			`let lastProtectedSessionOperationDate: number \| null = null;`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
			`function touchProtectedSession() {`
			`if (isProtectedSessionAvailable()) {`
			`lastProtectedSessionOperationDate = Date.now();`
			`}`
			`}`

moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`function checkProtectedSessionExpiration() {`
use .js extension for require() as a preparation for future migration to ESM 2023-11-22 19:34:48 +01:00			`const options = require('./options.js');`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`const protectedSessionTimeout = options.getOptionInt('protectedSessionTimeout');`
			`if (isProtectedSessionAvailable()`
			`&& lastProtectedSessionOperationDate`
			`&& Date.now() - lastProtectedSessionOperationDate > protectedSessionTimeout * 1000) {`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`resetDataKey();`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`log.info("Expiring protected session");`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
use .js extension for require() as a preparation for future migration to ESM 2023-11-22 19:34:48 +01:00			`require('./ws.js').reloadFrontend("leaving protected session");`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`}`
			`}`
protected session expiration timer moved to backend, closes #2847 2022-05-13 23:20:56 +02:00
server-ts: Convert more classes, including entity_changes.js 2024-02-16 23:56:32 +02:00			`export = {`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`setDataKey,`
when leaving protected session don't forget to reset note cache (titles), #1810 2021-04-03 22:02:25 +02:00			`resetDataKey,`
refactoring / unification of note encryption / decryption 2018-01-24 22:13:41 -05:00			`isProtectedSessionAvailable,`
moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`encrypt,`
			`decrypt,`
use decryptString() 2019-11-02 07:50:23 +01:00			`decryptString,`
moved protected session expiration scheduling #2855 2022-05-17 20:39:21 +02:00			`touchProtectedSession,`
			`checkProtectedSessionExpiration`
fixes and polish 2020-06-15 17:56:53 +02:00			`};`