trilium/src/services/auth.js

97 lines
2.4 KiB
JavaScript
Raw Normal View History

2017-10-22 09:10:33 +08:00
"use strict";
2017-10-26 10:39:21 +08:00
const migration = require('./migration');
const sql = require('./sql');
const utils = require('./utils');
2017-10-26 10:39:21 +08:00
async function checkAuth(req, res, next) {
if (!await sql.isUserInitialized()) {
2017-12-04 11:29:23 +08:00
res.redirect("setup");
}
else if (!req.session.loggedIn && !utils.isElectron()) {
2017-10-16 04:32:49 +08:00
res.redirect("login");
2017-10-26 10:39:21 +08:00
}
else if (!await sql.isDbUpToDate()) {
2017-12-04 11:29:23 +08:00
res.redirect("migration");
2017-10-16 04:32:49 +08:00
}
2017-10-26 10:39:21 +08:00
else {
2017-12-04 11:29:23 +08:00
next();
2017-10-26 10:39:21 +08:00
}
2017-10-16 04:32:49 +08:00
}
async function checkAuthForMigrationPage(req, res, next) {
if (!req.session.loggedIn && !utils.isElectron()) {
res.redirect("login");
}
else {
next();
}
}
2018-01-07 22:59:05 +08:00
// for electron things which need network stuff
// currently we're doing that for file upload because handling form data seems to be difficult
async function checkApiAuthOrElectron(req, res, next) {
if (!req.session.loggedIn && !utils.isElectron()) {
res.status(401).send("Not authorized");
}
else if (await sql.isDbUpToDate()) {
next();
}
else {
res.status(409).send("Mismatched app versions"); // need better response than that
}
}
2017-10-26 10:39:21 +08:00
async function checkApiAuth(req, res, next) {
if (!req.session.loggedIn) {
2017-11-01 08:09:07 +08:00
res.status(401).send("Not authorized");
2017-10-26 10:39:21 +08:00
}
else if (await sql.isDbUpToDate()) {
2017-10-16 04:32:49 +08:00
next();
}
2017-10-26 10:39:21 +08:00
else {
2017-11-01 08:09:07 +08:00
res.status(409).send("Mismatched app versions"); // need better response than that
2017-10-26 10:39:21 +08:00
}
2017-10-16 04:32:49 +08:00
}
async function checkApiAuthForMigrationPage(req, res, next) {
if (!req.session.loggedIn) {
2017-11-01 08:09:07 +08:00
res.status(401).send("Not authorized");
}
else {
next();
}
}
2017-12-04 11:29:23 +08:00
async function checkAppNotInitialized(req, res, next) {
if (await sql.isUserInitialized()) {
2017-12-04 11:29:23 +08:00
res.status(400).send("App already initialized.");
}
else {
next();
}
}
async function checkSenderToken(req, res, next) {
const token = req.headers.authorization;
if (await sql.getValue("SELECT COUNT(*) FROM api_tokens WHERE isDeleted = 0 AND token = ?", [token]) === 0) {
res.status(401).send("Not authorized");
}
else if (await sql.isDbUpToDate()) {
next();
}
else {
res.status(409).send("Mismatched app versions"); // need better response than that
}
}
2017-10-16 04:32:49 +08:00
module.exports = {
checkAuth,
checkAuthForMigrationPage,
checkApiAuth,
2017-12-04 11:29:23 +08:00
checkApiAuthForMigrationPage,
2018-01-07 22:59:05 +08:00
checkAppNotInitialized,
checkApiAuthOrElectron,
checkSenderToken
2017-10-16 04:32:49 +08:00
};