trilium/src/app.js

const log = require('./services/log');
const express = require('express');
const path = require('path');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const helmet = require('helmet');
const session = require('express-session');
const FileStore = require('session-file-store')(session);
const sessionSecret = require('./services/session_secret');
const dataDir = require('./services/data_dir');
const utils = require('./services/utils');
require('./services/handlers');
require('./becca/becca_loader.js');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.use(helmet({
    hidePoweredBy: false, // deactivated because electron 4.0 crashes on this right after startup
    contentSecurityPolicy: false
}));

app.use(bodyParser.text({limit: '500mb'}));
app.use(bodyParser.json({limit: '500mb'}));
app.use(bodyParser.urlencoded({extended: false}));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/libraries', express.static(path.join(__dirname, '..', 'libraries')));
app.use('/images', express.static(path.join(__dirname, '..', 'images')));
const sessionParser = session({
    secret: sessionSecret,
    resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
    saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
    cookie: {
        //    path: "/",
        httpOnly: true,
        maxAge:  24 * 60 * 60 * 1000 // in milliseconds
    },
    name: 'trilium.sid',
    store: new FileStore({
        ttl: 30 * 24 * 3600,
        path: dataDir.TRILIUM_DATA_DIR + '/sessions'
    })
});
app.use(sessionParser);

app.use(favicon(__dirname + '/../images/app-icons/win/icon.ico'));

require('./routes/routes').register(app);

require('./routes/custom').register(app);

app.use((err, req, res, next) => {
    if (err.code !== 'EBADCSRFTOKEN') {
        return next(err);
    }

    log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

    err = new Error('Invalid CSRF token');
    err.status = 403;
    next(err);
});

// catch 404 and forward to error handler
app.use((req, res, next) => {
    const err = new Error('Router not found for request ' + req.url);
    err.status = 404;
    next(err);
});

// error handler
app.use((err, req, res, next) => {
    if (err && err.message && (
        (err.message.includes("Router not found for request") && err.message.includes(".js.map"))
        || (err.message.includes("Router not found for request") && err.message.includes(".css.map"))
    )) {
        // ignore
    }
    else {
        log.info(err);
    }

    res.status(err.status || 500);
    res.send({
        message: err.message
    });
});

// triggers sync timer
require('./services/sync');

// triggers backup timer
require('./services/backup');

// trigger consistency checks timer
require('./services/consistency_checks');

require('./services/scheduler');

if (utils.isElectron()) {
    require('@electron/remote/main').initialize();
}

module.exports = {
    app,
    sessionParser
};
sync fix and more logging 2017-11-07 08:23:35 +08:00			`const log = require('./services/log');`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`const express = require('express');`
			`const path = require('path');`
			`const favicon = require('serve-favicon');`
			`const cookieParser = require('cookie-parser');`
			`const bodyParser = require('body-parser');`
node authentication 2017-10-16 04:32:49 +08:00			`const helmet = require('helmet');`
			`const session = require('express-session');`
filestore for sessions 2017-10-16 05:07:34 +08:00			`const FileStore = require('session-file-store')(session);`
store session secret in file 2017-10-24 11:38:52 +08:00			`const sessionSecret = require('./services/session_secret');`
put session directory into data dir to avoid conflict of multiple instances on a single server, fixes #1033 2020-05-24 06:21:20 +08:00			`const dataDir = require('./services/data_dir');`
better-sqlite3 binaries 2021-11-19 04:35:23 +08:00			`const utils = require('./services/utils');`
added new label "sorted" which will keep children notes alphabetically sorted, fixes #82 2018-08-01 15:26:02 +08:00			`require('./services/handlers');`
moved becca to top level source dir 2021-05-18 04:09:49 +08:00			`require('./becca/becca_loader.js');`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
			`const app = express();`

			`// view engine setup`
			`app.set('views', path.join(__dirname, 'views'));`
			`app.set('view engine', 'ejs');`

electron 4.0.0-beta.3 2018-10-14 17:31:23 +08:00			`app.use(helmet({`
fixed CSP after upgrade to helmet 4 2020-08-03 04:26:02 +08:00			`hidePoweredBy: false, // deactivated because electron 4.0 crashes on this right after startup`
disable CSP completely, fixes #1282 (and other similar issues) 2020-10-03 05:33:28 +08:00			`contentSecurityPolicy: false`
electron 4.0.0-beta.3 2018-10-14 17:31:23 +08:00			`}));`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00
fix partial syncs 2021-01-15 06:22:13 +08:00			`app.use(bodyParser.text({limit: '500mb'}));`
raise payload size limit to 500 MB #395 2019-01-30 04:19:08 +08:00			`app.use(bodyParser.json({limit: '500mb'}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`app.use(bodyParser.urlencoded({extended: false}));`
			`app.use(cookieParser());`
reorganization of source code 2017-10-16 07:47:05 +08:00			`app.use(express.static(path.join(__dirname, 'public')));`
moved libraries and images out of src folder 2019-03-30 16:39:58 +08:00			`app.use('/libraries', express.static(path.join(__dirname, '..', 'libraries')));`
			`app.use('/images', express.static(path.join(__dirname, '..', 'images')));`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`const sessionParser = session({`
store session secret in file 2017-10-24 11:38:52 +08:00			`secret: sessionSecret,`
node authentication 2017-10-16 04:32:49 +08:00			`resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.`
			`saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.`
			`cookie: {`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`// path: "/",`
node authentication 2017-10-16 04:32:49 +08:00			`httpOnly: true,`
#98, new option "initialized" which indicates if setup has been finished 2018-07-24 14:12:36 +08:00			`maxAge: 24 * 60 * 60 * 1000 // in milliseconds`
filestore for sessions 2017-10-16 05:07:34 +08:00			`},`
use trilium.sid as a session ID to avoid session ID conflicts 2020-12-21 05:20:21 +08:00			`name: 'trilium.sid',`
filestore for sessions 2017-10-16 05:07:34 +08:00			`store: new FileStore({`
remember me reimplemented 2017-10-17 07:14:15 +08:00			`ttl: 30 * 24 * 3600,`
put session directory into data dir to avoid conflict of multiple instances on a single server, fixes #1033 2020-05-24 06:21:20 +08:00			`path: dataDir.TRILIUM_DATA_DIR + '/sessions'`
filestore for sessions 2017-10-16 05:07:34 +08:00			`})`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`});`
			`app.use(sessionParser);`
favicon 2017-10-21 12:19:13 +08:00
moved libraries and images out of src folder 2019-03-30 16:39:58 +08:00			`app.use(favicon(__dirname + '/../images/app-icons/win/icon.ico'));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added event log dialog 2017-11-04 11:00:35 +08:00			`require('./routes/routes').register(app);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 19:28:20 +08:00			`require('./routes/custom').register(app);`

added extra logging for debugging CSRF issues 2019-05-30 05:13:15 +08:00			`app.use((err, req, res, next) => {`
			`if (err.code !== 'EBADCSRFTOKEN') {`
			`return next(err);`
			`}`

			log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

			`err = new Error('Invalid CSRF token');`
			`err.status = 403;`
			`next(err);`
			`});`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`// catch 404 and forward to error handler`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00			`app.use((req, res, next) => {`
fixes for sync 2017-10-30 02:55:48 +08:00			`const err = new Error('Router not found for request ' + req.url);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`err.status = 404;`
			`next(err);`
			`});`

			`// error handler`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00			`app.use((err, req, res, next) => {`
spell check support + small options tabs reorganization 2019-10-07 03:35:26 +08:00			`if (err && err.message && (`
improve request logging 2020-07-03 05:15:37 +08:00			`(err.message.includes("Router not found for request") && err.message.includes(".js.map"))`
fix non disappearing persistent toast 2019-10-29 03:26:40 +08:00			`\|\| (err.message.includes("Router not found for request") && err.message.includes(".css.map"))`
spell check support + small options tabs reorganization 2019-10-07 03:35:26 +08:00			`)) {`
improve request logging 2020-07-03 05:15:37 +08:00			`// ignore`
ignore electron error 2019-06-13 03:44:33 +08:00			`}`
fix reload 2019-06-16 15:15:37 +08:00			`else {`
			`log.info(err);`
			`}`
added document_id for sync identification 2017-10-29 01:19:12 +08:00
			`res.status(err.status \|\| 500);`
			`res.send({`
			`message: err.message`
			`});`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`});`

backup is now triggered after start of the app and with timer 2017-10-29 00:23:11 +08:00			`// triggers sync timer`
use strict in all JS files 2017-10-22 09:10:33 +08:00			`require('./services/sync');`

backup is now triggered after start of the app and with timer 2017-10-29 00:23:11 +08:00			`// triggers backup timer`
			`require('./services/backup');`

implemented consistency checks 2017-12-15 11:16:26 +08:00			`// trigger consistency checks timer`
			`require('./services/consistency_checks');`

basic scheduling of backend scripts using attributes 2018-03-03 09:56:58 +08:00			`require('./services/scheduler');`

better-sqlite3 binaries 2021-11-19 04:35:23 +08:00			`if (utils.isElectron()) {`
			`require('@electron/remote/main').initialize();`
			`}`
upgrade to electron v16 and node v16 2021-11-17 05:43:08 +08:00
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`module.exports = {`
			`app,`
			`sessionParser`
refactoring to allow unit tests of the whole search subsystem 2020-05-21 20:05:56 +08:00			`};`