trilium/src/routes/api/file_upload.js

"use strict";

const sql = require('../../services/sql');
const notes = require('../../services/notes');
const labels = require('../../services/labels');
const protected_session = require('../../services/protected_session');

async function uploadFile(req) {
    const parentNoteId = req.params.parentNoteId;
    const file = req.file;
    const originalName = file.originalname;
    const size = file.size;

    const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [parentNoteId]);

    if (!note) {
        return [404, `Note ${parentNoteId} doesn't exist.`];
    }

    const {noteId} = await notes.createNewNote(parentNoteId, {
        title: originalName,
        content: file.buffer,
        target: 'into',
        isProtected: false,
        type: 'file',
        mime: file.mimetype
    }, req);

    await labels.createLabel(noteId, "original_file_name", originalName);
    await labels.createLabel(noteId, "file_size", size);

    return {
        noteId: noteId
    };
}

async function downloadFile(req, res) {
    const noteId = req.params.noteId;
    const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [noteId]);
    const protectedSessionId = req.query.protectedSessionId;

    if (!note) {
        return res.status(404).send(`Note ${noteId} doesn't exist.`);
    }

    if (note.isProtected) {
        const dataKey = protected_session.getDataKeyForProtectedSessionId(protectedSessionId);

        if (!dataKey) {
            res.status(401).send("Protected session not available");
            return;
        }

        protected_session.decryptNote(dataKey, note);
    }

    const labelMap = await labels.getNoteLabelMap(noteId);
    const fileName = labelMap.original_file_name ? labelMap.original_file_name : note.title;

    res.setHeader('Content-Disposition', 'file; filename=' + fileName);
    res.setHeader('Content-Type', note.mime);

    res.send(note.content);
}

module.exports = {
    uploadFile,
    downloadFile
};
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`"use strict";`

			`const sql = require('../../services/sql');`
			`const notes = require('../../services/notes');`
renaming attributes to labels, fixes #79 2018-03-25 10:02:26 +08:00			`const labels = require('../../services/labels');`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`const protected_session = require('../../services/protected_session');`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00			`async function uploadFile(req) {`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`const parentNoteId = req.params.parentNoteId;`
			`const file = req.file;`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00			`const originalName = file.originalname;`
			`const size = file.size;`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00
			`const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [parentNoteId]);`

			`if (!note) {`
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00			return [404, `Note ${parentNoteId} doesn't exist.`];
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`}`

converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00			`const {noteId} = await notes.createNewNote(parentNoteId, {`
			`title: originalName,`
			`content: file.buffer,`
			`target: 'into',`
			`isProtected: false,`
			`type: 'file',`
			`mime: file.mimetype`
removed sourceId where it's not necessary (stored in CLS instead) 2018-03-31 07:41:54 +08:00			`}, req);`
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00
removed sourceId where it's not necessary (stored in CLS instead) 2018-03-31 07:41:54 +08:00			`await labels.createLabel(noteId, "original_file_name", originalName);`
			`await labels.createLabel(noteId, "file_size", size);`
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00
			`return {`
			`noteId: noteId`
			`};`
			`}`

			`async function downloadFile(req, res) {`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00			`const noteId = req.params.noteId;`
			`const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [noteId]);`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`const protectedSessionId = req.query.protectedSessionId;`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00
			`if (!note) {`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			return res.status(404).send(`Note ${noteId} doesn't exist.`);
			`}`

			`if (note.isProtected) {`
			`const dataKey = protected_session.getDataKeyForProtectedSessionId(protectedSessionId);`

			`if (!dataKey) {`
			`res.status(401).send("Protected session not available");`
			`return;`
			`}`

			`protected_session.decryptNote(dataKey, note);`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00			`}`

renaming attributes to labels, fixes #79 2018-03-25 10:02:26 +08:00			`const labelMap = await labels.getNoteLabelMap(noteId);`
			`const fileName = labelMap.original_file_name ? labelMap.original_file_name : note.title;`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00
renamed "attachment" to "file" for consistency 2018-03-28 10:11:06 +08:00			`res.setHeader('Content-Disposition', 'file; filename=' + fileName);`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00			`res.setHeader('Content-Type', note.mime);`

			`res.send(note.content);`
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00			`}`
attachment upload and download now works for browser 2018-02-19 10:28:24 +08:00
converted file, script, search and sender routes 2018-03-31 05:29:13 +08:00			`module.exports = {`
			`uploadFile,`
			`downloadFile`
			`};`