trilium/src/services/protected_session.js

"use strict";

const utils = require('./utils');
const data_encryption = require('./data_encryption');
const dataKeyMap = {};
const cls = require('./cls');

function setDataKey(req, decryptedDataKey) {
    const protectedSessionId = utils.randomSecureToken(32);

    dataKeyMap[protectedSessionId] = Array.from(decryptedDataKey); // can't store buffer in session

    return protectedSessionId;
}

function setProtectedSessionId(req) {
    cls.namespace.set('protectedSessionId', req.headers.protected_session_id);
}

function getProtectedSessionId() {
    return cls.namespace.get('protectedSessionId');
}

function getDataKey() {
    const protectedSessionId = getProtectedSessionId();

    return dataKeyMap[protectedSessionId];
}

function isProtectedSessionAvailable(req) {
    const protectedSessionId = getProtectedSessionId(req);

    return !!dataKeyMap[protectedSessionId];
}

function decryptNote(note) {
    const dataKey = getDataKey();

    if (!note.isProtected) {
        return;
    }

    if (note.title) {
        note.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);
    }

    if (note.content) {
        const contentIv = data_encryption.noteContentIv(note.noteId);

        if (note.type === 'file') {
            note.content = data_encryption.decrypt(dataKey, contentIv, note.content);
        }
        else {
            note.content = data_encryption.decryptString(dataKey, contentIv, note.content);
        }
    }
}

function decryptNotes(notes) {
    const dataKey = getDataKey();

    for (const note of notes) {
        decryptNote(note);
    }
}

function decryptNoteRevision(hist) {
    const dataKey = getDataKey();

    if (!hist.isProtected) {
        return;
    }

    if (hist.title) {
        hist.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.noteRevisionId), hist.title);
    }

    if (hist.content) {
        hist.content = data_encryption.decryptString(dataKey, data_encryption.noteContentIv(hist.noteRevisionId), hist.content);
    }
}

function encryptNote(note) {
    const dataKey = getDataKey();

    note.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);
    note.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(note.noteId), note.content);
}

function encryptNoteRevision(revision) {
    const dataKey = getDataKey();

    revision.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(revision.noteRevisionId), revision.title);
    revision.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(revision.noteRevisionId), revision.content);
}

module.exports = {
    setDataKey,
    getDataKey,
    isProtectedSessionAvailable,
    decryptNote,
    decryptNotes,
    decryptNoteRevision,
    encryptNote,
    encryptNoteRevision,
    setProtectedSessionId
};
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`"use strict";`

refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`const utils = require('./utils');`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`const data_encryption = require('./data_encryption');`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`const dataKeyMap = {};`
			`const cls = require('./cls');`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00
			`function setDataKey(req, decryptedDataKey) {`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`const protectedSessionId = utils.randomSecureToken(32);`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`dataKeyMap[protectedSessionId] = Array.from(decryptedDataKey); // can't store buffer in session`

			`return protectedSessionId;`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function setProtectedSessionId(req) {`
			`cls.namespace.set('protectedSessionId', req.headers.protected_session_id);`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function getProtectedSessionId() {`
			`return cls.namespace.get('protectedSessionId');`
			`}`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function getDataKey() {`
			`const protectedSessionId = getProtectedSessionId();`
server side encryption WIP 2017-11-11 11:55:19 +08:00
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`return dataKeyMap[protectedSessionId];`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`}`

server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`function isProtectedSessionAvailable(req) {`
			`const protectedSessionId = getProtectedSessionId(req);`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`return !!dataKeyMap[protectedSessionId];`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function decryptNote(note) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (!note.isProtected) {`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`return;`
			`}`

renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (note.title) {`
			`note.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`

renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (note.content) {`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`const contentIv = data_encryption.noteContentIv(note.noteId);`

			`if (note.type === 'file') {`
			`note.content = data_encryption.decrypt(dataKey, contentIv, note.content);`
			`}`
			`else {`
			`note.content = data_encryption.decryptString(dataKey, contentIv, note.content);`
			`}`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`
			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function decryptNotes(notes) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
			`for (const note of notes) {`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`decryptNote(note);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`
			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function decryptNoteRevision(hist) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (!hist.isProtected) {`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`return;`
			`}`

renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (hist.title) {`
small changes to table names (notes_image => note_images etc.) 2018-01-29 08:38:05 +08:00			`hist.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.noteRevisionId), hist.title);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`

renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`if (hist.content) {`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`hist.content = data_encryption.decryptString(dataKey, data_encryption.noteContentIv(hist.noteRevisionId), hist.content);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`
			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function encryptNote(note) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
renamed db columns to camelCase 2018-01-29 08:30:14 +08:00			`note.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);`
support encryption for files, closes #60 2018-02-24 11:58:24 +08:00			`note.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(note.noteId), note.content);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`

removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`function encryptNoteRevision(revision) {`
			`const dataKey = getDataKey();`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00
refactored all mentions of "history" to "revision" 2018-03-26 08:52:38 +08:00			`revision.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(revision.noteRevisionId), revision.title);`
			`revision.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(revision.noteRevisionId), revision.content);`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`}`

refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`module.exports = {`
			`setDataKey,`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`getDataKey,`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`isProtectedSessionAvailable,`
			`decryptNote,`
			`decryptNotes,`
refactored all mentions of "history" to "revision" 2018-03-26 08:52:38 +08:00			`decryptNoteRevision,`
refactoring / unification of note encryption / decryption 2018-01-25 11:13:41 +08:00			`encryptNote,`
removed dataKey where it's not necessary anymore (use of CLS instead) 2018-03-31 20:53:52 +08:00			`encryptNoteRevision,`
			`setProtectedSessionId`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`};`