trilium/routes/api/login.js

"use strict";

const express = require('express');
const router = express.Router();
const options = require('../../services/options');
const utils = require('../../services/utils');
const migration = require('../../services/migration');
const SOURCE_ID = require('../../services/source_id');

router.post('', async (req, res, next) => {
    const timestamp = req.body.timestamp;

    const now = utils.nowTimestamp();

    if (Math.abs(timestamp - now) > 5) {
        res.status(400);
        res.send({ message: 'Auth request time is out of sync' });
    }

    const dbVersion = req.body.dbVersion;

    if (dbVersion !== migration.APP_DB_VERSION) {
        res.status(400);
        res.send({ message: 'Non-matching db versions, local is version ' + migration.APP_DB_VERSION });
    }

    const documentSecret = await options.getOption('document_secret');
    const expectedHash = utils.hmac(documentSecret, timestamp);

    const givenHash = req.body.hash;

    if (expectedHash !== givenHash) {
        res.status(400);
        res.send({ message: "Hash doesn't match" });
    }

    req.session.loggedIn = true;

    res.send({
        sourceId: SOURCE_ID
    });
});

module.exports = router;
added document_secret as basis for API authentication 2017-10-29 07:55:55 +08:00			`"use strict";`

			`const express = require('express');`
			`const router = express.Router();`
sync of options 2017-11-03 08:48:02 +08:00			`const options = require('../../services/options');`
API auth (untested) 2017-10-29 10:17:00 +08:00			`const utils = require('../../services/utils');`
fixes for sync 2017-10-30 02:55:48 +08:00			`const migration = require('../../services/migration');`
don't push changes to server which have been pulled from it 2017-11-02 11:16:21 +08:00			`const SOURCE_ID = require('../../services/source_id');`
added document_secret as basis for API authentication 2017-10-29 07:55:55 +08:00
			`router.post('', async (req, res, next) => {`
API auth (untested) 2017-10-29 10:17:00 +08:00			`const timestamp = req.body.timestamp;`
added document_secret as basis for API authentication 2017-10-29 07:55:55 +08:00
API auth (untested) 2017-10-29 10:17:00 +08:00			`const now = utils.nowTimestamp();`
added document_secret as basis for API authentication 2017-10-29 07:55:55 +08:00
API auth (untested) 2017-10-29 10:17:00 +08:00			`if (Math.abs(timestamp - now) > 5) {`
			`res.status(400);`
			`res.send({ message: 'Auth request time is out of sync' });`
			`}`

fixes for sync 2017-10-30 02:55:48 +08:00			`const dbVersion = req.body.dbVersion;`
API auth (untested) 2017-10-29 10:17:00 +08:00
			`if (dbVersion !== migration.APP_DB_VERSION) {`
			`res.status(400);`
			`res.send({ message: 'Non-matching db versions, local is version ' + migration.APP_DB_VERSION });`
			`}`

sync of options 2017-11-03 08:48:02 +08:00			`const documentSecret = await options.getOption('document_secret');`
fixes for sync 2017-10-30 02:55:48 +08:00			`const expectedHash = utils.hmac(documentSecret, timestamp);`
API auth (untested) 2017-10-29 10:17:00 +08:00
			`const givenHash = req.body.hash;`

			`if (expectedHash !== givenHash) {`
			`res.status(400);`
			`res.send({ message: "Hash doesn't match" });`
			`}`

			`req.session.loggedIn = true;`

don't push changes to server which have been pulled from it 2017-11-02 11:16:21 +08:00			`res.send({`
			`sourceId: SOURCE_ID`
			`});`
added document_secret as basis for API authentication 2017-10-29 07:55:55 +08:00			`});`

			`module.exports = router;`