trilium/src/public/javascripts/protected_session.js

"use strict";

const protected_session = (function() {
    const $dialog = $("#protected-session-password-dialog");
    const $passwordForm = $("#protected-session-password-form");
    const $password = $("#protected-session-password");
    const $noteDetailWrapper = $("#note-detail-wrapper");
    const $protectButton = $("#protect-button");
    const $unprotectButton = $("#unprotect-button");

    let protectedSessionDeferred = null;
    let lastProtectedSessionOperationDate = null;
    let protectedSessionTimeout = null;
    let protectedSessionId = null;

    $(document).ready(() => {
        server.get('settings/all').then(settings => protectedSessionTimeout = settings.protected_session_timeout);
    });

    function setProtectedSessionTimeout(encSessTimeout) {
        protectedSessionTimeout = encSessTimeout;
    }

    function ensureProtectedSession(requireProtectedSession, modal) {
        const dfd = $.Deferred();

        if (requireProtectedSession && !isProtectedSessionAvailable()) {
            protectedSessionDeferred = dfd;

            if (treeService.getCurrentNode().data.isProtected) {
                $noteDetailWrapper.hide();
            }

            $dialog.dialog({
                modal: modal,
                width: 400,
                open: () => {
                    if (!modal) {
                        // dialog steals focus for itself, which is not what we want for non-modal (viewing)
                        treeService.getCurrentNode().setFocus();
                    }
                }
            });
        }
        else {
            dfd.resolve();
        }

        return dfd.promise();
    }

    async function setupProtectedSession() {
        const password = $password.val();
        $password.val("");

        const response = await enterProtectedSession(password);

        if (!response.success) {
            utils.showError("Wrong password.");
            return;
        }

        protectedSessionId = response.protectedSessionId;

        $dialog.dialog("close");

        noteEditor.reload();
        treeService.reload();

        if (protectedSessionDeferred !== null) {
            ensureDialogIsClosed($dialog, $password);

            $noteDetailWrapper.show();

            protectedSessionDeferred.resolve();

            protectedSessionDeferred = null;
        }
    }

    function ensureDialogIsClosed() {
        // this may fal if the dialog has not been previously opened
        try {
            $dialog.dialog('close');
        }
        catch (e) {}

        $password.val('');
    }

    async function enterProtectedSession(password) {
        return await server.post('login/protected', {
            password: password
        });
    }

    function getProtectedSessionId() {
        return protectedSessionId;
    }

    function resetProtectedSession() {
        protectedSessionId = null;

        // most secure solution - guarantees nothing remained in memory
        // since this expires because user doesn't use the app, it shouldn't be disruptive
        utils.reloadApp();
    }

    function isProtectedSessionAvailable() {
        return protectedSessionId !== null;
    }

    async function protectNoteAndSendToServer() {
        await ensureProtectedSession(true, true);

        const note = noteEditor.getCurrentNote();

        noteEditor.updateNoteFromInputs(note);

        note.detail.isProtected = true;

        await noteEditor.saveNoteToServer(note);

        treeService.setProtected(note.detail.noteId, note.detail.isProtected);

        noteEditor.setNoteBackgroundIfProtected(note);
    }

    async function unprotectNoteAndSendToServer() {
        await ensureProtectedSession(true, true);

        const note = noteEditor.getCurrentNote();

        noteEditor.updateNoteFromInputs(note);

        note.detail.isProtected = false;

        await noteEditor.saveNoteToServer(note);

        treeService.setProtected(note.detail.noteId, note.detail.isProtected);

        noteEditor.setNoteBackgroundIfProtected(note);
    }

    function touchProtectedSession() {
        if (isProtectedSessionAvailable()) {
            lastProtectedSessionOperationDate = new Date();
        }
    }

    async function protectSubTree(noteId, protect) {
        await ensureProtectedSession(true, true);

        await server.put('notes/' + noteId + "/protect-sub-tree/" + (protect ? 1 : 0));

        utils.showMessage("Request to un/protect sub tree has finished successfully");

        treeService.reload();
        noteEditor.reload();
    }

    $passwordForm.submit(() => {
        setupProtectedSession();

        return false;
    });

    setInterval(() => {
        if (lastProtectedSessionOperationDate !== null && new Date().getTime() - lastProtectedSessionOperationDate.getTime() > protectedSessionTimeout * 1000) {
            resetProtectedSession();
        }
    }, 5000);

    $protectButton.click(protectNoteAndSendToServer);
    $unprotectButton.click(unprotectNoteAndSendToServer);

    return {
        setProtectedSessionTimeout,
        ensureProtectedSession,
        resetProtectedSession,
        isProtectedSessionAvailable,
        protectNoteAndSendToServer,
        unprotectNoteAndSendToServer,
        getProtectedSessionId,
        touchProtectedSession,
        protectSubTree,
        ensureDialogIsClosed
    };
})();
"use strict" for all frontend files (backend was done earlier) 2017-11-05 07:38:50 +08:00			`"use strict";`

renamed encryption module to protected_session 2017-11-15 11:36:36 +08:00			`const protected_session = (function() {`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`const $dialog = $("#protected-session-password-dialog");`
			`const $passwordForm = $("#protected-session-password-form");`
			`const $password = $("#protected-session-password");`
			`const $noteDetailWrapper = $("#note-detail-wrapper");`
removed all onclick handlers from index template 2018-03-24 12:54:50 +08:00			`const $protectButton = $("#protect-button");`
			`const $unprotectButton = $("#unprotect-button");`
encryption converted to module 2017-11-05 06:18:55 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`let protectedSessionDeferred = null;`
			`let lastProtectedSessionOperationDate = null;`
renamed encryption session timeout to protected session timeout 2017-11-15 11:44:45 +08:00			`let protectedSessionTimeout = null;`
server side encryption WIP 2017-11-11 11:55:19 +08:00			`let protectedSessionId = null;`
encryption converted to module 2017-11-05 06:18:55 +08:00
more complete support for network-less electron frontend-backend communication including protected session 2017-11-30 12:30:35 +08:00			`$(document).ready(() => {`
			`server.get('settings/all').then(settings => protectedSessionTimeout = settings.protected_session_timeout);`
encryption settings loading moved from tree to encryption module 2017-11-05 07:57:40 +08:00			`});`

renamed encryption session timeout to protected session timeout 2017-11-15 11:44:45 +08:00			`function setProtectedSessionTimeout(encSessTimeout) {`
			`protectedSessionTimeout = encSessTimeout;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00			`}`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`function ensureProtectedSession(requireProtectedSession, modal) {`
encryption converted to module 2017-11-05 06:18:55 +08:00			`const dfd = $.Deferred();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`if (requireProtectedSession && !isProtectedSessionAvailable()) {`
			`protectedSessionDeferred = dfd;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`if (treeService.getCurrentNode().data.isProtected) {`
small changes to linting and protected session 2018-02-24 09:10:29 +08:00			`$noteDetailWrapper.hide();`
			`}`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$dialog.dialog({`
encryption converted to module 2017-11-05 06:18:55 +08:00			`modal: modal,`
			`width: 400,`
			`open: () => {`
			`if (!modal) {`
			`// dialog steals focus for itself, which is not what we want for non-modal (viewing)`
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`treeService.getCurrentNode().setFocus();`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
			`}`
			`});`
			`}`
			`else {`
			`dfd.resolve();`
			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`return dfd.promise();`
			`}`
frontend now generates two scrypt hashes with different salts - one for verification and one for encryption. Lowered complexity to half to not affect frontend performance. 2017-09-09 08:55:24 +08:00
note history decryption now works, more cleanup 2017-11-15 11:21:56 +08:00			`async function setupProtectedSession() {`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`const password = $password.val();`
			`$password.val("");`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
server side encryption WIP 2017-11-11 11:55:19 +08:00			`const response = await enterProtectedSession(password);`

			`if (!response.success) {`
refactoring utils into module 2018-03-25 11:37:55 +08:00			`utils.showError("Wrong password.");`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00			`return;`
			`}`
fixed changing password 2017-09-17 12:18:03 +08:00
server side encryption WIP 2017-11-11 11:55:19 +08:00			`protectedSessionId = response.protectedSessionId;`
note titles are now encrypted as well - plus auto-decryption of note tree and unloading 2017-09-07 11:13:39 +08:00
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$dialog.dialog("close");`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
server side encryption WIP 2017-11-13 10:40:26 +08:00			`noteEditor.reload();`
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`treeService.reload();`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`if (protectedSessionDeferred !== null) {`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`ensureDialogIsClosed($dialog, $password);`
more cleanup 2017-11-15 12:01:23 +08:00
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$noteDetailWrapper.show();`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`protectedSessionDeferred.resolve();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`protectedSessionDeferred = null;`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00			`}`
			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`function ensureDialogIsClosed() {`
			`// this may fal if the dialog has not been previously opened`
			`try {`
file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$dialog.dialog('close');`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`}`
			`catch (e) {}`

file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$password.val('');`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`}`

server side encryption WIP 2017-11-11 11:55:19 +08:00			`async function enterProtectedSession(password) {`
using server.method() instead of direct call to $.ajax - preparation for electron without network requests 2017-11-29 09:52:38 +08:00			`return await server.post('login/protected', {`
			`password: password`
server side encryption WIP 2017-11-11 11:55:19 +08:00			`});`
			`}`

			`function getProtectedSessionId() {`
			`return protectedSessionId;`
			`}`

more cleanups 2017-11-15 11:34:33 +08:00			`function resetProtectedSession() {`
server side encryption WIP 2017-11-11 11:55:19 +08:00			`protectedSessionId = null;`

refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`// most secure solution - guarantees nothing remained in memory`
			`// since this expires because user doesn't use the app, it shouldn't be disruptive`
refactoring utils into module 2018-03-25 11:37:55 +08:00			`utils.reloadApp();`
using global one setInterval instead of scheduling setTimeout after each encryption operation (there can be many of them) 2017-09-07 11:16:54 +08:00			`}`
after changing password, encryption key changed so current encryption session is invalid and needs to be cleared 2017-09-13 11:07:08 +08:00
more cleanups 2017-11-15 11:34:33 +08:00			`function isProtectedSessionAvailable() {`
server side encryption WIP 2017-11-13 10:40:26 +08:00			`return protectedSessionId !== null;`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
if parent note is encrypted, then child note will be created as encrypted as well 2017-09-09 10:43:02 +08:00
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`async function protectNoteAndSendToServer() {`
			`await ensureProtectedSession(true, true);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`const note = noteEditor.getCurrentNote();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`noteEditor.updateNoteFromInputs(note);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`note.detail.isProtected = true;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`await noteEditor.saveNoteToServer(note);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`treeService.setProtected(note.detail.noteId, note.detail.isProtected);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
note history decryption now works, more cleanup 2017-11-15 11:21:56 +08:00			`noteEditor.setNoteBackgroundIfProtected(note);`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
encryption of note history if the note is encrypted 2017-11-03 11:36:58 +08:00
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`async function unprotectNoteAndSendToServer() {`
			`await ensureProtectedSession(true, true);`
also de-encryption of note history plus bug fixes 2017-11-03 11:55:22 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`const note = noteEditor.getCurrentNote();`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`noteEditor.updateNoteFromInputs(note);`
encryption of note history if the note is encrypted 2017-11-03 11:36:58 +08:00
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`note.detail.isProtected = false;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
encryption converted to module 2017-11-05 06:18:55 +08:00			`await noteEditor.saveNoteToServer(note);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`treeService.setProtected(note.detail.noteId, note.detail.isProtected);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
note history decryption now works, more cleanup 2017-11-15 11:21:56 +08:00			`noteEditor.setNoteBackgroundIfProtected(note);`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
refreshing protected session when loading and saving protected notes 2017-11-15 11:50:56 +08:00			`function touchProtectedSession() {`
			`if (isProtectedSessionAvailable()) {`
			`lastProtectedSessionOperationDate = new Date();`
			`}`
			`}`

protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`async function protectSubTree(noteId, protect) {`
fixing encrypt / decrypt subtree 2017-11-23 09:46:42 +08:00			`await ensureProtectedSession(true, true);`

refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`await server.put('notes/' + noteId + "/protect-sub-tree/" + (protect ? 1 : 0));`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
refactoring utils into module 2018-03-25 11:37:55 +08:00			`utils.showMessage("Request to un/protect sub tree has finished successfully");`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
renaming note_tree to branch 2018-03-25 09:39:15 +08:00			`treeService.reload();`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`noteEditor.reload();`
			`}`

file/attachment upload, wiP 2018-02-15 12:31:20 +08:00			`$passwordForm.submit(() => {`
note history decryption now works, more cleanup 2017-11-15 11:21:56 +08:00			`setupProtectedSession();`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00
			`return false;`
			`});`

			`setInterval(() => {`
renamed encryption session timeout to protected session timeout 2017-11-15 11:44:45 +08:00			`if (lastProtectedSessionOperationDate !== null && new Date().getTime() - lastProtectedSessionOperationDate.getTime() > protectedSessionTimeout * 1000) {`
more cleanups 2017-11-15 11:34:33 +08:00			`resetProtectedSession();`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00			`}`
			`}, 5000);`

removed all onclick handlers from index template 2018-03-24 12:54:50 +08:00			`$protectButton.click(protectNoteAndSendToServer);`
			`$unprotectButton.click(unprotectNoteAndSendToServer);`

encryption converted to module 2017-11-05 06:18:55 +08:00			`return {`
renamed encryption session timeout to protected session timeout 2017-11-15 11:44:45 +08:00			`setProtectedSessionTimeout,`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`ensureProtectedSession,`
more cleanups 2017-11-15 11:34:33 +08:00			`resetProtectedSession,`
			`isProtectedSessionAvailable,`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`protectNoteAndSendToServer,`
			`unprotectNoteAndSendToServer,`
refreshing protected session when loading and saving protected notes 2017-11-15 11:50:56 +08:00			`getProtectedSessionId,`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`touchProtectedSession,`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`protectSubTree,`
			`ensureDialogIsClosed`
encryption converted to module 2017-11-05 06:18:55 +08:00			`};`
			`})();`