trilium/src/app.py

import os

import base64
from flask import Flask, request, send_from_directory
from flask import render_template, redirect
from flask_cors import CORS
from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user

from notes_api import notes_api
from sql import connect, getOption
from tree_api import tree_api
from notes_move_api import notes_move_api
from password_api import password_api
from settings_api import settings_api
from notes_history_api import notes_history_api
from audit_api import audit_api
import config_provider
import my_scrypt

config = config_provider.getConfig()

documentPath = config['Document']['documentPath']
connect(documentPath)

flask_secret_key = getOption("flask_secret_key")

if not flask_secret_key:
    print("Application has not been setup yet. Run 'python setup.py' to finish setup.")
    exit(1)

app = Flask(__name__)
app.secret_key = flask_secret_key
app.register_blueprint(tree_api)
app.register_blueprint(notes_api)
app.register_blueprint(notes_move_api)
app.register_blueprint(password_api)
app.register_blueprint(settings_api)
app.register_blueprint(notes_history_api)
app.register_blueprint(audit_api)

class User(UserMixin):
    pass

@app.route('/login', methods=['GET'])
def login_form():
    return render_template('login.html')

@app.route('/app', methods=['GET'])
@login_required
def show_app():
    return render_template('app.html')

@app.route('/logout', methods=['POST'])
@login_required
def logout():
    logout_user()
    return redirect('login')

user = User()
user.id = getOption('username')

port = config['Network']['port']
https = config['Network']['https']
certPath = config['Network']['certPath']
certKeyPath = config['Network']['certKeyPath']

def verify_password(guessed_password):
    hashed_password = base64.b64decode(getOption('password_verification_hash'))

    guess_hashed = my_scrypt.getVerificationHash(guessed_password)

    return guess_hashed == hashed_password

@app.route('/login', methods=['POST'])
def login_post():
    guessedPassword = request.form['password'].encode('utf-8')

    if request.form['username'] == user.id and verify_password(guessedPassword):
        rememberMe = True if 'remember-me' in request.form else False

        login_user(user, remember=rememberMe)

        return redirect('app')
    else:
        return render_template('login.html', failedAuth=True)

CORS(app)

@app.route('/stat/<path:path>')
def send_stc(path):
    return send_from_directory(os.path.join(os.getcwd(), 'static'), path)

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login_form'

@login_manager.user_loader
def load_user(user_id):
    if user_id == user.id:
        return user
    else:
        return None

@login_manager.unauthorized_handler
def unauthorized_handler():
    if request.path.startswith('/api'):
        return 'Unauthorized', 401
    else:
        return redirect('/login')

if __name__ == "__main__":
    ssl_context = None

    if https == "true":
        ssl_context = (certPath, certKeyPath)

    app.run(host='0.0.0.0', port=port, ssl_context = ssl_context)
path to document file is now configurable, flask secret is now also taken from configuration 2017-08-16 10:57:44 +08:00			`import os`

password now encrypts random "data key" which is then used for encryption of the actual data 2017-09-17 11:21:46 +08:00			`import base64`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00			`from flask import Flask, request, send_from_directory`
			`from flask import render_template, redirect`
			`from flask_cors import CORS`
			`from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user`
got rid of flask_restful and using plain flask to handle REST API calls 2017-08-31 11:07:45 +08:00
			`from notes_api import notes_api`
username, password and flask_secret_key are now persisted in database 2017-09-13 09:06:09 +08:00			`from sql import connect, getOption`
got rid of flask_restful and using plain flask to handle REST API calls 2017-08-31 11:07:45 +08:00			`from tree_api import tree_api`
			`from notes_move_api import notes_move_api`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-06 09:22:16 +08:00			`from password_api import password_api`
encryption timeout is now configurable in the db 2017-09-13 11:04:17 +08:00			`from settings_api import settings_api`
api for history 2017-09-21 10:30:11 +08:00			`from notes_history_api import notes_history_api`
basic conflict detection based on the audit log 2017-09-29 12:17:28 +08:00			`from audit_api import audit_api`
password change (reencryption) 2017-09-10 01:53:58 +08:00			`import config_provider`
login uses my_scrypt to reuse the same scrypt code 2017-09-10 01:57:01 +08:00			`import my_scrypt`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00
password change (reencryption) 2017-09-10 01:53:58 +08:00			`config = config_provider.getConfig()`
path to document file is now configurable, flask secret is now also taken from configuration 2017-08-16 10:57:44 +08:00
username, password and flask_secret_key are now persisted in database 2017-09-13 09:06:09 +08:00			`documentPath = config['Document']['documentPath']`
			`connect(documentPath)`

			`flask_secret_key = getOption("flask_secret_key")`

			`if not flask_secret_key:`
			`print("Application has not been setup yet. Run 'python setup.py' to finish setup.")`
			`exit(1)`

app broken up into individual files/modules 2017-08-14 07:43:33 +08:00			`app = Flask(__name__)`
username, password and flask_secret_key are now persisted in database 2017-09-13 09:06:09 +08:00			`app.secret_key = flask_secret_key`
got rid of flask_restful and using plain flask to handle REST API calls 2017-08-31 11:07:45 +08:00			`app.register_blueprint(tree_api)`
			`app.register_blueprint(notes_api)`
			`app.register_blueprint(notes_move_api)`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-06 09:22:16 +08:00			`app.register_blueprint(password_api)`
encryption timeout is now configurable in the db 2017-09-13 11:04:17 +08:00			`app.register_blueprint(settings_api)`
api for history 2017-09-21 10:30:11 +08:00			`app.register_blueprint(notes_history_api)`
basic conflict detection based on the audit log 2017-09-29 12:17:28 +08:00			`app.register_blueprint(audit_api)`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00
			`class User(UserMixin):`
			`pass`

			`@app.route('/login', methods=['GET'])`
			`def login_form():`
			`return render_template('login.html')`

			`@app.route('/app', methods=['GET'])`
			`@login_required`
			`def show_app():`
			`return render_template('app.html')`

			`@app.route('/logout', methods=['POST'])`
			`@login_required`
			`def logout():`
			`logout_user()`
			`return redirect('login')`

			`user = User()`
username, password and flask_secret_key are now persisted in database 2017-09-13 09:06:09 +08:00			`user.id = getOption('username')`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00
configurable port plus support for SSL 2017-08-15 09:05:01 +08:00			`port = config['Network']['port']`
https can be disabled 2017-08-17 08:48:40 +08:00			`https = config['Network']['https']`
configurable port plus support for SSL 2017-08-15 09:05:01 +08:00			`certPath = config['Network']['certPath']`
			`certKeyPath = config['Network']['certKeyPath']`

password is loaded on the fly so it's not necessary to restart app for the changes to take place (if no re-encryption is done) 2017-09-10 02:25:35 +08:00			`def verify_password(guessed_password):`
password now encrypts random "data key" which is then used for encryption of the actual data 2017-09-17 11:21:46 +08:00			`hashed_password = base64.b64decode(getOption('password_verification_hash'))`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-06 09:22:16 +08:00
password is moved out of config file into separate generated file 2017-09-10 02:21:57 +08:00			`guess_hashed = my_scrypt.getVerificationHash(guessed_password)`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-06 09:22:16 +08:00
password is moved out of config file into separate generated file 2017-09-10 02:21:57 +08:00			`return guess_hashed == hashed_password`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-06 09:22:16 +08:00
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00			`@app.route('/login', methods=['POST'])`
			`def login_post():`
password is moved out of config file into separate generated file 2017-09-10 02:21:57 +08:00			`guessedPassword = request.form['password'].encode('utf-8')`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00
password is loaded on the fly so it's not necessary to restart app for the changes to take place (if no re-encryption is done) 2017-09-10 02:25:35 +08:00			`if request.form['username'] == user.id and verify_password(guessedPassword):`
app broken up into individual files/modules 2017-08-14 07:43:33 +08:00			`rememberMe = True if 'remember-me' in request.form else False`

			`login_user(user, remember=rememberMe)`

			`return redirect('app')`
			`else:`
			`return render_template('login.html', failedAuth=True)`

			`CORS(app)`

			`@app.route('/stat/<path:path>')`
			`def send_stc(path):`
			`return send_from_directory(os.path.join(os.getcwd(), 'static'), path)`

			`login_manager = LoginManager()`
			`login_manager.init_app(app)`
			`login_manager.login_view = 'login_form'`

			`@login_manager.user_loader`
			`def load_user(user_id):`
			`if user_id == user.id:`
			`return user`
			`else:`
			`return None`

returning 401 for unauthorized API calls while redirecting to /login for unauthorized page access 2017-10-01 06:38:22 +08:00			`@login_manager.unauthorized_handler`
			`def unauthorized_handler():`
			`if request.path.startswith('/api'):`
			`return 'Unauthorized', 401`
			`else:`
			`return redirect('/login')`

configurable port plus support for SSL 2017-08-15 09:05:01 +08:00			`if __name__ == "__main__":`
https can be disabled 2017-08-17 08:48:40 +08:00			`ssl_context = None`

			`if https == "true":`
			`ssl_context = (certPath, certKeyPath)`

			`app.run(host='0.0.0.0', port=port, ssl_context = ssl_context)`