trilium/src/app.js

const log = require('./services/log');
const express = require('express');
const path = require('path');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const helmet = require('helmet');
const session = require('express-session');
const FileStore = require('session-file-store')(session);
const os = require('os');
const sessionSecret = require('./services/session_secret');
const cls = require('./services/cls');
require('./entities/entity_constructor');
require('./services/handlers');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.use(helmet({
    hidePoweredBy: false // deactivated because electron 4.0 crashes on this right after startup
}));

app.use((req, res, next) => {
    log.request(req);
    next();
});

app.use((req, res, next) => {
    cls.namespace.bindEmitter(req);
    cls.namespace.bindEmitter(res);

    cls.init(() => {
        cls.namespace.set("Hi");

        next();
    });
});

app.use(bodyParser.json({limit: '500mb'}));
app.use(bodyParser.urlencoded({extended: false}));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/libraries', express.static(path.join(__dirname, '..', 'libraries')));
app.use('/images', express.static(path.join(__dirname, '..', 'images')));
const sessionParser = session({
    secret: sessionSecret,
    resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
    saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
    cookie: {
        //    path: "/",
        httpOnly: true,
        maxAge:  24 * 60 * 60 * 1000 // in milliseconds
    },
    store: new FileStore({
        ttl: 30 * 24 * 3600,
        path: os.tmpdir() + '/trilium-sessions'
    })
});
app.use(sessionParser);

app.use(favicon(__dirname + '/../images/app-icons/win/icon.ico'));

require('./routes/routes').register(app);

require('./routes/custom').register(app);

app.use((err, req, res, next) => {
    if (err.code !== 'EBADCSRFTOKEN') {
        return next(err);
    }

    log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

    err = new Error('Invalid CSRF token');
    err.status = 403;
    next(err);
});

// catch 404 and forward to error handler
app.use((req, res, next) => {
    const err = new Error('Router not found for request ' + req.url);
    err.status = 404;
    next(err);
});

// error handler
app.use((err, req, res, next) => {
    if (err && err.message && (
        err.message.includes("Invalid package")
        || (err.message.includes("Router not found for request") && err.message.includes("node_modules"))
    )) {
        // electron 6 outputs a lot of such errors which do not seem important
    }
    else {
        log.info(err);
    }

    res.status(err.status || 500);
    res.send({
        message: err.message
    });
});

// triggers sync timer
require('./services/sync');

// triggers backup timer
require('./services/backup');

// trigger consistency checks timer
require('./services/consistency_checks');

require('./services/scheduler');

module.exports = {
    app,
    sessionParser
};
sync fix and more logging 2017-11-07 08:23:35 +08:00			`const log = require('./services/log');`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`const express = require('express');`
			`const path = require('path');`
			`const favicon = require('serve-favicon');`
			`const cookieParser = require('cookie-parser');`
			`const bodyParser = require('body-parser');`
node authentication 2017-10-16 04:32:49 +08:00			`const helmet = require('helmet');`
			`const session = require('express-session');`
filestore for sessions 2017-10-16 05:07:34 +08:00			`const FileStore = require('session-file-store')(session);`
store trilium sessions in default OS temp directory 2017-10-24 10:36:18 +08:00			`const os = require('os');`
store session secret in file 2017-10-24 11:38:52 +08:00			`const sessionSecret = require('./services/session_secret');`
added basic CLS support with re-entrant transactions 2018-03-29 11:41:22 +08:00			`const cls = require('./services/cls');`
converted note revision protection to repository/entities 2018-03-31 22:51:37 +08:00			`require('./entities/entity_constructor');`
added new label "sorted" which will keep children notes alphabetically sorted, fixes #82 2018-08-01 15:26:02 +08:00			`require('./services/handlers');`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
			`const app = express();`

			`// view engine setup`
			`app.set('views', path.join(__dirname, 'views'));`
			`app.set('view engine', 'ejs');`

electron 4.0.0-beta.3 2018-10-14 17:31:23 +08:00			`app.use(helmet({`
			`hidePoweredBy: false // deactivated because electron 4.0 crashes on this right after startup`
			`}));`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00
			`app.use((req, res, next) => {`
			`log.request(req);`
			`next();`
			`});`

added basic CLS support with re-entrant transactions 2018-03-29 11:41:22 +08:00			`app.use((req, res, next) => {`
			`cls.namespace.bindEmitter(req);`
			`cls.namespace.bindEmitter(res);`

			`cls.init(() => {`
			`cls.namespace.set("Hi");`

			`next();`
			`});`
			`});`

raise payload size limit to 500 MB #395 2019-01-30 04:19:08 +08:00			`app.use(bodyParser.json({limit: '500mb'}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`app.use(bodyParser.urlencoded({extended: false}));`
			`app.use(cookieParser());`
reorganization of source code 2017-10-16 07:47:05 +08:00			`app.use(express.static(path.join(__dirname, 'public')));`
moved libraries and images out of src folder 2019-03-30 16:39:58 +08:00			`app.use('/libraries', express.static(path.join(__dirname, '..', 'libraries')));`
			`app.use('/images', express.static(path.join(__dirname, '..', 'images')));`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`const sessionParser = session({`
store session secret in file 2017-10-24 11:38:52 +08:00			`secret: sessionSecret,`
node authentication 2017-10-16 04:32:49 +08:00			`resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.`
			`saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.`
			`cookie: {`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`// path: "/",`
node authentication 2017-10-16 04:32:49 +08:00			`httpOnly: true,`
#98, new option "initialized" which indicates if setup has been finished 2018-07-24 14:12:36 +08:00			`maxAge: 24 * 60 * 60 * 1000 // in milliseconds`
filestore for sessions 2017-10-16 05:07:34 +08:00			`},`
			`store: new FileStore({`
remember me reimplemented 2017-10-17 07:14:15 +08:00			`ttl: 30 * 24 * 3600,`
store trilium sessions in default OS temp directory 2017-10-24 10:36:18 +08:00			`path: os.tmpdir() + '/trilium-sessions'`
filestore for sessions 2017-10-16 05:07:34 +08:00			`})`
websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`});`
			`app.use(sessionParser);`
favicon 2017-10-21 12:19:13 +08:00
moved libraries and images out of src folder 2019-03-30 16:39:58 +08:00			`app.use(favicon(__dirname + '/../images/app-icons/win/icon.ico'));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added event log dialog 2017-11-04 11:00:35 +08:00			`require('./routes/routes').register(app);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
custom HTTP handler which triggers associated script notes WIP, #356 2019-01-27 19:28:20 +08:00			`require('./routes/custom').register(app);`

added extra logging for debugging CSRF issues 2019-05-30 05:13:15 +08:00			`app.use((err, req, res, next) => {`
			`if (err.code !== 'EBADCSRFTOKEN') {`
			`return next(err);`
			`}`

			log.error(`Invalid CSRF token: ${req.headers['x-csrf-token']}, secret: ${req.cookies['_csrf']}`);

			`err = new Error('Invalid CSRF token');`
			`err.status = 403;`
			`next(err);`
			`});`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`// catch 404 and forward to error handler`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00			`app.use((req, res, next) => {`
fixes for sync 2017-10-30 02:55:48 +08:00			`const err = new Error('Router not found for request ' + req.url);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`err.status = 404;`
			`next(err);`
			`});`

			`// error handler`
logging stuff to rotated files through simple-node-logger 2017-10-25 10:04:52 +08:00			`app.use((err, req, res, next) => {`
spell check support + small options tabs reorganization 2019-10-07 03:35:26 +08:00			`if (err && err.message && (`
			`err.message.includes("Invalid package")`
			`\|\| (err.message.includes("Router not found for request") && err.message.includes("node_modules"))`
			`)) {`
ignore electron error 2019-06-13 03:44:33 +08:00			`// electron 6 outputs a lot of such errors which do not seem important`
			`}`
fix reload 2019-06-16 15:15:37 +08:00			`else {`
			`log.info(err);`
			`}`
added document_id for sync identification 2017-10-29 01:19:12 +08:00
			`res.status(err.status \|\| 500);`
			`res.send({`
			`message: err.message`
			`});`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`});`

backup is now triggered after start of the app and with timer 2017-10-29 00:23:11 +08:00			`// triggers sync timer`
use strict in all JS files 2017-10-22 09:10:33 +08:00			`require('./services/sync');`

backup is now triggered after start of the app and with timer 2017-10-29 00:23:11 +08:00			`// triggers backup timer`
			`require('./services/backup');`

implemented consistency checks 2017-12-15 11:16:26 +08:00			`// trigger consistency checks timer`
			`require('./services/consistency_checks');`

basic scheduling of backend scripts using attributes 2018-03-03 09:56:58 +08:00			`require('./services/scheduler');`

websocket requires logged in session in upgrade request 2017-12-01 12:50:42 +08:00			`module.exports = {`
			`app,`
			`sessionParser`
			`};`