All operations with the REST API have to be authenticated using a token.
+ You can get this token either from Options -> ETAPI or programmatically
+ using the /auth/login REST call (see the spec).
All operations have to be authenticated using a token. You can get this
- token either from Options -> ETAPI or programmatically using the /auth/login REST
- call (see the spec):
GET https://myserver.com/etapi/app-info
+Via the Authorization header
GET https://myserver.com/etapi/app-info
Authorization: ETAPITOKEN
-Alternatively, since 0.56 you can also use basic auth format:
GET https://myserver.com/etapi/app-info
+where ETAPITOKEN is the token obtained in the previous step.
+For compatibility with various tools, it's also possible to specify the
+ value of the Authorization header in the format Bearer ETAPITOKEN (since
+ 0.93.0).
+Basic authentication
+Since v0.56 you can also use basic auth format:
GET https://myserver.com/etapi/app-info
Authorization: Basic BATOKEN
- Where
BATOKEN = BASE64(username + ':' + password) - this is
diff --git a/src/public/app/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html b/src/public/app/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html
index 72b77aef3..26e837d8b 100644
--- a/src/public/app/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html
+++ b/src/public/app/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html
@@ -36,8 +36,8 @@
Running the Docker Container
Local Access Only
Run the container to make it accessible only from the localhost. This
- setup is suitable for testing or when using a prox ay server like Nginx
- or Apache.
sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]
+ setup is suitable for testing or when using a proxy server like Nginx or
+ Apache.sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]
- Verify the container is running using
docker ps.
- Access Trilium via a web browser at
127.0.0.1:8080.
diff --git a/src/public/app/doc_notes/en/User Guide/User Guide/Scripting/Script API.html b/src/public/app/doc_notes/en/User Guide/User Guide/Scripting/Script API.html
index a2ea49ead..25b181b48 100644
--- a/src/public/app/doc_notes/en/User Guide/User Guide/Scripting/Script API.html
+++ b/src/public/app/doc_notes/en/User Guide/User Guide/Scripting/Script API.html
@@ -1,11 +1,10 @@
-For script code notes,
- Trilium offers an API that gives them access to various features of the
- application.
+For script code notes, Trilium offers
+ an API that gives them access to various features of the application.
There are two APIs:
- - One for the front-end scripts: Frontend API
+
- One for the front-end scripts: Frontend API
- - One for the back-end scripts: Backend API
+
- One for the back-end scripts: Backend API
In both cases, the API resides in a global variable, api,
diff --git a/src/services/etapi_tokens.ts b/src/services/etapi_tokens.ts
index 93d916a60..031856f2a 100644
--- a/src/services/etapi_tokens.ts
+++ b/src/services/etapi_tokens.ts
@@ -48,6 +48,11 @@ function parseAuthToken(auth: string | undefined) {
auth = basicAuthChunks[1];
}
+ if (auth.startsWith("Bearer ")) {
+ // allow also bearer auth format
+ auth = auth.substring(7);
+ }
+
const chunks = auth.split("_");
if (chunks.length === 1) {
diff --git a/src/services/sql.ts b/src/services/sql.ts
index d135b54da..f686b0876 100644
--- a/src/services/sql.ts
+++ b/src/services/sql.ts
@@ -112,12 +112,21 @@ function upsert(tableName: string, primaryKey: string, rec: T) {
execute(query, rec);
}
-function stmt(sql: string) {
- if (!(sql in statementCache)) {
- statementCache[sql] = dbConnection.prepare(sql);
+/**
+ * For the given SQL query, returns a prepared statement. For the same query (string comparison), the same statement is returned.
+ *
+ * @param sql the SQL query for which to return a prepared statement.
+ * @param isRaw indicates whether `.raw()` is going to be called on the prepared statement in order to return the raw rows (e.g. via {@link getRawRows()}). The reason is that the raw state is preserved in the saved statement and would break non-raw calls for the same query.
+ * @returns the corresponding {@link Statement}.
+ */
+function stmt(sql: string, isRaw?: boolean) {
+ const key = (isRaw ? "raw/" + sql : sql);
+
+ if (!(key in statementCache)) {
+ statementCache[key] = dbConnection.prepare(sql);
}
- return statementCache[sql];
+ return statementCache[key];
}
function getRow(query: string, params: Params = []): T {
@@ -172,7 +181,7 @@ function getRows(query: string, params: Params = []): T[] {
}
function getRawRows(query: string, params: Params = []): T[] {
- return (wrap(query, (s) => s.raw().all(params)) as T[]) || [];
+ return (wrap(query, (s) => s.raw().all(params), true) as T[]) || [];
}
function iterateRows(query: string, params: Params = []): IterableIterator {
@@ -234,7 +243,10 @@ function executeScript(query: string): DatabaseType {
return dbConnection.exec(query);
}
-function wrap(query: string, func: (statement: Statement) => unknown): unknown {
+/**
+ * @param isRaw indicates whether `.raw()` is going to be called on the prepared statement in order to return the raw rows (e.g. via {@link getRawRows()}). The reason is that the raw state is preserved in the saved statement and would break non-raw calls for the same query.
+ */
+function wrap(query: string, func: (statement: Statement) => unknown, isRaw?: boolean): unknown {
const startTimestamp = Date.now();
let result;
@@ -243,7 +255,7 @@ function wrap(query: string, func: (statement: Statement) => unknown): unknown {
}
try {
- result = func(stmt(query));
+ result = func(stmt(query, isRaw));
} catch (e: any) {
if (e.message.includes("The database connection is not open")) {
// this often happens on killing the app which puts these alerts in front of user