trilium/src/routes/api/notes.js

"use strict";

const express = require('express');
const router = express.Router();
const auth = require('../../services/auth');
const sql = require('../../services/sql');
const notes = require('../../services/notes');
const log = require('../../services/log');
const utils = require('../../services/utils');
const protected_session = require('../../services/protected_session');
const tree = require('../../services/tree');
const sync_table = require('../../services/sync_table');
const wrap = require('express-promise-wrap').wrap;

router.get('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;

    const detail = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [noteId]);

    if (!detail) {
        log.info("Note " + noteId + " has not been found.");

        return res.status(404).send({});
    }

    protected_session.decryptNote(req, detail);

    res.send({
        detail: detail
    });
}));

router.post('/:parentNoteId/children', auth.checkApiAuth, wrap(async (req, res, next) => {
    const sourceId = req.headers.source_id;
    const parentNoteId = req.params.parentNoteId;
    const newNote = req.body;

    await sql.doInTransaction(async () => {
        const { noteId, noteTreeId, note } = await notes.createNewNote(parentNoteId, newNote, req, sourceId);

        res.send({
            'noteId': noteId,
            'noteTreeId': noteTreeId,
            'note': note
        });
    });
}));

router.put('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {
    const note = req.body;
    const noteId = req.params.noteId;
    const sourceId = req.headers.source_id;
    const dataKey = protected_session.getDataKey(req);

    await notes.updateNote(noteId, note, dataKey, sourceId);

    res.send({});
}));

router.get('/', auth.checkApiAuth, wrap(async (req, res, next) => {
    let {attrFilters, searchText} = parseFilters(req.query.search);

    const {query, params} = getSearchQuery(attrFilters, searchText);

    const noteIds = await sql.getColumn(query, params);

    res.send(noteIds);
}));

function parseFilters(searchText) {
    const attrFilters = [];

    const attrRegex = /(\b(and|or)\s+)?@(!?)([\w_-]+|"[^"]+")((=|!=|<|<=|>|>=)([\w_-]+|"[^"]+"))?/i;

    let match = attrRegex.exec(searchText);

    function trimQuotes(str) { return str.startsWith('"') ? str.substr(1, str.length - 2) : str; }

    while (match != null) {
        const relation = match[2] !== undefined ? match[2].toLowerCase() : 'and';
        const operator = match[3] === '!' ? 'not-exists' : 'exists';

        attrFilters.push({
            relation: relation,
            name: trimQuotes(match[4]),
            operator: match[6] !== undefined ? match[6] : operator,
            value: match[7] !== undefined ? trimQuotes(match[7]) : null
        });

        // remove attributes from further fulltext search
        searchText = searchText.replace(new RegExp(match[0], 'g'), '');

        match = attrRegex.exec(searchText);
    }

    return {attrFilters, searchText};
}

function getSearchQuery(attrFilters, searchText) {
    const joins = [];
    const joinParams = [];
    let where = '1';
    const whereParams = [];

    let i = 1;

    for (const filter of attrFilters) {
        joins.push(`LEFT JOIN attributes AS attr${i} ON attr${i}.noteId = notes.noteId AND attr${i}.name = ?`);
        joinParams.push(filter.name);

        where += " " + filter.relation + " ";

        if (filter.operator === 'exists') {
            where += `attr${i}.attributeId IS NOT NULL`;
        }
        else if (filter.operator === 'not-exists') {
            where += `attr${i}.attributeId IS NULL`;
        }
        else if (filter.operator === '=' || filter.operator === '!=') {
            where += `attr${i}.value ${filter.operator} ?`;
            whereParams.push(filter.value);
        }
        else if ([">", ">=", "<", "<="].includes(filter.operator)) {
            const floatParam = parseFloat(filter.value);

            if (isNaN(floatParam)) {
                where += `attr${i}.value ${filter.operator} ?`;
                whereParams.push(filter.value);
            }
            else {
                where += `CAST(attr${i}.value AS DECIMAL) ${filter.operator} ?`;
                whereParams.push(floatParam);
            }
        }
        else {
            throw new Error("Unknown operator " + filter.operator);
        }

        i++;
    }

    let searchCondition = '';
    const searchParams = [];

    if (searchText.trim() !== '') {
        // searching in protected notes is pointless because of encryption
        searchCondition = ' AND (notes.isProtected = 0 AND (notes.title LIKE ? OR notes.content LIKE ?))';

        searchText = '%' + searchText.trim() + '%';

        searchParams.push(searchText);
        searchParams.push(searchText); // two occurences in searchCondition
    }

    const query = `SELECT notes.noteId FROM notes
            ${joins.join('\r\n')}
              WHERE 
                notes.isDeleted = 0
                AND (${where}) 
                ${searchCondition}`;

    const params = joinParams.concat(whereParams).concat(searchParams);

    return { query, params };
}

router.put('/:noteId/sort', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;
    const sourceId = req.headers.source_id;
    const dataKey = protected_session.getDataKey(req);

    await tree.sortNotesAlphabetically(noteId, dataKey, sourceId);

    res.send({});
}));

router.put('/:noteId/protect-sub-tree/:isProtected', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;
    const isProtected = !!parseInt(req.params.isProtected);
    const dataKey = protected_session.getDataKey(req);
    const sourceId = req.headers.source_id;

    await sql.doInTransaction(async () => {
        await notes.protectNoteRecursively(noteId, dataKey, isProtected, sourceId);
    });

    res.send({});
}));

router.put(/\/(.*)\/type\/(.*)\/mime\/(.*)/, auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params[0];
    const type = req.params[1];
    const mime = req.params[2];
    const sourceId = req.headers.source_id;

    await sql.doInTransaction(async () => {
       await sql.execute("UPDATE notes SET type = ?, mime = ?, dateModified = ? WHERE noteId = ?",
           [type, mime, utils.nowDate(), noteId]);

       await sync_table.addNoteSync(noteId, sourceId);
    });

    res.send({});
}));

module.exports = router;
use strict in all JS files 2017-10-22 09:10:33 +08:00			`"use strict";`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`const express = require('express');`
			`const router = express.Router();`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00			`const auth = require('../../services/auth');`
reorganization of source code 2017-10-16 07:47:05 +08:00			`const sql = require('../../services/sql');`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00			`const notes = require('../../services/notes');`
sync fix to prefix and some usability improvements 2017-11-27 12:10:23 +08:00			`const log = require('../../services/log');`
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`const utils = require('../../services/utils');`
server side encryption WIP 2017-11-13 10:40:26 +08:00			`const protected_session = require('../../services/protected_session');`
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`const tree = require('../../services/tree');`
first experiments with code mirror 2018-01-21 10:56:03 +08:00			`const sync_table = require('../../services/sync_table');`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`const wrap = require('express-promise-wrap').wrap;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.get('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`const noteId = req.params.noteId;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
renaming of sql methods to fit getRows/getEntities model 2018-01-30 06:41:59 +08:00			`const detail = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [noteId]);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
sync fix to prefix and some usability improvements 2017-11-27 12:10:23 +08:00			`if (!detail) {`
			`log.info("Note " + noteId + " has not been found.");`

			`return res.status(404).send({});`
			`}`

refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`protected_session.decryptNote(req, detail);`
server side encryption WIP 2017-11-13 10:40:26 +08:00
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`res.send({`
converted all timestamps to string representation 2017-12-11 01:56:59 +08:00			`detail: detail`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.post('/:parentNoteId/children', auth.checkApiAuth, wrap(async (req, res, next) => {`
fix problem with headers / source ids 2018-01-29 10:57:46 +08:00			`const sourceId = req.headers.source_id;`
cloning in context menu (copy & paste) and a lot of related refactoring and fixes 2017-11-23 12:16:54 +08:00			`const parentNoteId = req.params.parentNoteId;`
fix for icon change when creating note / changing type/mime 2018-01-28 23:37:43 +08:00			`const newNote = req.body;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
more changes for scripts - separate API etc. 2018-01-28 06:18:19 +08:00			`await sql.doInTransaction(async () => {`
fix for icon change when creating note / changing type/mime 2018-01-28 23:37:43 +08:00			`const { noteId, noteTreeId, note } = await notes.createNewNote(parentNoteId, newNote, req, sourceId);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
more changes for scripts - separate API etc. 2018-01-28 06:18:19 +08:00			`res.send({`
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`'noteId': noteId,`
			`'noteTreeId': noteTreeId,`
fix for icon change when creating note / changing type/mime 2018-01-28 23:37:43 +08:00			`'note': note`
more changes for scripts - separate API etc. 2018-01-28 06:18:19 +08:00			`});`
better transaction handling with rollback on exception 2017-10-30 06:50:28 +08:00			`});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.put('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`const note = req.body;`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`const noteId = req.params.noteId;`
fix problem with headers / source ids 2018-01-29 10:57:46 +08:00			`const sourceId = req.headers.source_id;`
got rid of request context and related refactorings 2017-12-17 10:23:35 +08:00			`const dataKey = protected_session.getDataKey(req);`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00
got rid of request context and related refactorings 2017-12-17 10:23:35 +08:00			`await notes.updateNote(noteId, note, dataKey, sourceId);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
			`res.send({});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.get('/', auth.checkApiAuth, wrap(async (req, res, next) => {`
implemented query language for attributes, closes #26 2018-02-05 11:44:15 +08:00			`let {attrFilters, searchText} = parseFilters(req.query.search);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
implemented query language for attributes, closes #26 2018-02-05 11:44:15 +08:00			`const {query, params} = getSearchQuery(attrFilters, searchText);`

			`const noteIds = await sql.getColumn(query, params);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`res.send(noteIds);`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
implemented query language for attributes, closes #26 2018-02-05 11:44:15 +08:00			`function parseFilters(searchText) {`
			`const attrFilters = [];`

			`const attrRegex = /(\b(and\|or)\s+)?@(!?)([\w_-]+\|"[^"]+")((=\|!=\|<\|<=\|>\|>=)([\w_-]+\|"[^"]+"))?/i;`

			`let match = attrRegex.exec(searchText);`

			`function trimQuotes(str) { return str.startsWith('"') ? str.substr(1, str.length - 2) : str; }`

			`while (match != null) {`
			`const relation = match[2] !== undefined ? match[2].toLowerCase() : 'and';`
			`const operator = match[3] === '!' ? 'not-exists' : 'exists';`

			`attrFilters.push({`
			`relation: relation,`
			`name: trimQuotes(match[4]),`
			`operator: match[6] !== undefined ? match[6] : operator,`
			`value: match[7] !== undefined ? trimQuotes(match[7]) : null`
			`});`

			`// remove attributes from further fulltext search`
			`searchText = searchText.replace(new RegExp(match[0], 'g'), '');`

			`match = attrRegex.exec(searchText);`
			`}`

			`return {attrFilters, searchText};`
			`}`

			`function getSearchQuery(attrFilters, searchText) {`
			`const joins = [];`
			`const joinParams = [];`
			`let where = '1';`
			`const whereParams = [];`

			`let i = 1;`

			`for (const filter of attrFilters) {`
			joins.push(`LEFT JOIN attributes AS attr${i} ON attr${i}.noteId = notes.noteId AND attr${i}.name = ?`);
			`joinParams.push(filter.name);`

			`where += " " + filter.relation + " ";`

			`if (filter.operator === 'exists') {`
			where += `attr${i}.attributeId IS NOT NULL`;
			`}`
			`else if (filter.operator === 'not-exists') {`
			where += `attr${i}.attributeId IS NULL`;
			`}`
			`else if (filter.operator === '=' \|\| filter.operator === '!=') {`
			where += `attr${i}.value ${filter.operator} ?`;
			`whereParams.push(filter.value);`
			`}`
			`else if ([">", ">=", "<", "<="].includes(filter.operator)) {`
			`const floatParam = parseFloat(filter.value);`

			`if (isNaN(floatParam)) {`
			where += `attr${i}.value ${filter.operator} ?`;
			`whereParams.push(filter.value);`
			`}`
			`else {`
			where += `CAST(attr${i}.value AS DECIMAL) ${filter.operator} ?`;
			`whereParams.push(floatParam);`
			`}`
			`}`
			`else {`
			`throw new Error("Unknown operator " + filter.operator);`
			`}`

			`i++;`
			`}`

			`let searchCondition = '';`
			`const searchParams = [];`

			`if (searchText.trim() !== '') {`
			`// searching in protected notes is pointless because of encryption`
			`searchCondition = ' AND (notes.isProtected = 0 AND (notes.title LIKE ? OR notes.content LIKE ?))';`

			`searchText = '%' + searchText.trim() + '%';`

			`searchParams.push(searchText);`
			`searchParams.push(searchText); // two occurences in searchCondition`
			`}`

			const query = `SELECT notes.noteId FROM notes
			`${joins.join('\r\n')}`
			`WHERE`
			`notes.isDeleted = 0`
			`AND (${where})`
			${searchCondition}`;

			`const params = joinParams.concat(whereParams).concat(searchParams);`

			`return { query, params };`
			`}`

added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00			`router.put('/:noteId/sort', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params.noteId;`
fix problem with headers / source ids 2018-01-29 10:57:46 +08:00			`const sourceId = req.headers.source_id;`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00			`const dataKey = protected_session.getDataKey(req);`

refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`await tree.sortNotesAlphabetically(noteId, dataKey, sourceId);`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`res.send({});`
			`}));`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`router.put('/:noteId/protect-sub-tree/:isProtected', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params.noteId;`
			`const isProtected = !!parseInt(req.params.isProtected);`
			`const dataKey = protected_session.getDataKey(req);`
fix problem with headers / source ids 2018-01-29 10:57:46 +08:00			`const sourceId = req.headers.source_id;`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`await sql.doInTransaction(async () => {`
			`await notes.protectNoteRecursively(noteId, dataKey, isProtected, sourceId);`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00			`});`

			`res.send({});`
			`}));`

new note type: render HTML note 2018-01-24 12:41:22 +08:00			`router.put(/\/(.)\/type\/(.)\/mime\/(.*)/, auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params[0];`
			`const type = req.params[1];`
			`const mime = req.params[2];`
fix problem with headers / source ids 2018-01-29 10:57:46 +08:00			`const sourceId = req.headers.source_id;`
first experiments with code mirror 2018-01-21 10:56:03 +08:00
			`await sql.doInTransaction(async () => {`
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`await sql.execute("UPDATE notes SET type = ?, mime = ?, dateModified = ? WHERE noteId = ?",`
support for loading and saving type and mime 2018-01-22 12:36:09 +08:00			`[type, mime, utils.nowDate(), noteId]);`
first experiments with code mirror 2018-01-21 10:56:03 +08:00
			`await sync_table.addNoteSync(noteId, sourceId);`
			`});`

			`res.send({});`
			`}));`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`module.exports = router;`