trilium/routes/api/script.js

"use strict";

const express = require('express');
const router = express.Router();
const auth = require('../../services/auth');
const wrap = require('express-promise-wrap').wrap;
const log = require('../../services/log');
const sql = require('../../services/sql');
const protected_session = require('../../services/protected_session');
const data_encryption = require('../../services/data_encryption');

router.post('/exec', auth.checkApiAuth, wrap(async (req, res, next) => {
    log.info('Executing script: ' + req.body.script);

    const ret = await eval("(" + req.body.script + ")()");

    log.info('Execution result: ' + ret);

    res.send(ret);
}));

router.get('/subtree/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;

    const dataKey = protected_session.getDataKey(req);

    res.send(await getSubTreeScripts(noteId, [noteId], dataKey));
}));

async function getSubTreeScripts(parentId, includedNoteIds, dataKey) {
    const childs = await sql.getAll(`SELECT notes.note_id, notes.note_title, notes.note_text, notes.is_protected 
                                     FROM notes JOIN notes_tree USING(note_id)
                                     WHERE notes_tree.is_deleted = 0 AND notes.is_deleted = 0
                                           AND notes_tree.parent_note_id = ? AND notes.type = 'code'
                                           AND notes.mime = 'application/javascript'`, [parentId]);

    let script = "\r\n";

    for (const child of childs) {
        if (includedNoteIds.includes(child.note_id)) {
            return;
        }

        includedNoteIds.push(child.note_id);

        script += await getSubTreeScripts(child.note_id, includedNoteIds, dataKey);

        if (child.is_protected) {
            if (!dataKey) {
                throw new Error("Protected note is included, but script isn't running in protected session.");
            }

            child.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(child.note_id), child.note_title);
            child.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(child.note_id), child.note_text);
        }

        script += '// start of script ' + child.note_title + '\r\n';
        script += child.note_text + "\r\n";
        script += '// end of script ' + child.note_title + '\r\n\r\n';
    }

    return script;
}

module.exports = router;
support for execution of async functions + integration with backend through server.exec() 2018-01-24 10:59:30 +08:00			`"use strict";`

			`const express = require('express');`
			`const router = express.Router();`
			`const auth = require('../../services/auth');`
			`const wrap = require('express-promise-wrap').wrap;`
			`const log = require('../../services/log');`
support of including JS subnotes when executing 2018-01-24 11:53:27 +08:00			`const sql = require('../../services/sql');`
			`const protected_session = require('../../services/protected_session');`
			`const data_encryption = require('../../services/data_encryption');`
support for execution of async functions + integration with backend through server.exec() 2018-01-24 10:59:30 +08:00
			`router.post('/exec', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`log.info('Executing script: ' + req.body.script);`

			`const ret = await eval("(" + req.body.script + ")()");`

			`log.info('Execution result: ' + ret);`

			`res.send(ret);`
			`}));`

support of including JS subnotes when executing 2018-01-24 11:53:27 +08:00			`router.get('/subtree/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params.noteId;`

			`const dataKey = protected_session.getDataKey(req);`

			`res.send(await getSubTreeScripts(noteId, [noteId], dataKey));`
			`}));`

			`async function getSubTreeScripts(parentId, includedNoteIds, dataKey) {`
			const childs = await sql.getAll(`SELECT notes.note_id, notes.note_title, notes.note_text, notes.is_protected
			`FROM notes JOIN notes_tree USING(note_id)`
			`WHERE notes_tree.is_deleted = 0 AND notes.is_deleted = 0`
			`AND notes_tree.parent_note_id = ? AND notes.type = 'code'`
			AND notes.mime = 'application/javascript'`, [parentId]);

			`let script = "\r\n";`

			`for (const child of childs) {`
			`if (includedNoteIds.includes(child.note_id)) {`
			`return;`
			`}`

			`includedNoteIds.push(child.note_id);`

			`script += await getSubTreeScripts(child.note_id, includedNoteIds, dataKey);`

			`if (child.is_protected) {`
			`if (!dataKey) {`
			`throw new Error("Protected note is included, but script isn't running in protected session.");`
			`}`

			`child.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(child.note_id), child.note_title);`
			`child.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(child.note_id), child.note_text);`
			`}`

			`script += '// start of script ' + child.note_title + '\r\n';`
			`script += child.note_text + "\r\n";`
			`script += '// end of script ' + child.note_title + '\r\n\r\n';`
			`}`

			`return script;`
			`}`

support for execution of async functions + integration with backend through server.exec() 2018-01-24 10:59:30 +08:00			`module.exports = router;`