trilium/src/public/javascripts/services/protected_session.js

"use strict";

import treeService from './tree_service.js';
import noteDetail from './note_detail.js';
import utils from './utils.js';
import server from './server.js';

const $dialog = $("#protected-session-password-dialog");
const $passwordForm = $("#protected-session-password-form");
const $password = $("#protected-session-password");
const $noteDetailWrapper = $("#note-detail-wrapper");
const $protectButton = $("#protect-button");
const $unprotectButton = $("#unprotect-button");

let protectedSessionDeferred = null;
let lastProtectedSessionOperationDate = null;
let protectedSessionTimeout = null;
let protectedSessionId = null;

$(document).ready(() => {
    server.get('settings/all').then(settings => protectedSessionTimeout = settings.protected_session_timeout);
});

function setProtectedSessionTimeout(encSessTimeout) {
    protectedSessionTimeout = encSessTimeout;
}

function ensureProtectedSession(requireProtectedSession, modal) {
    const dfd = $.Deferred();

    if (requireProtectedSession && !isProtectedSessionAvailable()) {
        protectedSessionDeferred = dfd;

        if (treeService.getCurrentNode().data.isProtected) {
            $noteDetailWrapper.hide();
        }

        $dialog.dialog({
            modal: modal,
            width: 400,
            open: () => {
                if (!modal) {
                    // dialog steals focus for itself, which is not what we want for non-modal (viewing)
                    treeService.getCurrentNode().setFocus();
                }
            }
        });
    }
    else {
        dfd.resolve();
    }

    return dfd.promise();
}

async function setupProtectedSession() {
    const password = $password.val();
    $password.val("");

    const response = await enterProtectedSession(password);

    if (!response.success) {
        utils.showError("Wrong password.");
        return;
    }

    protectedSessionId = response.protectedSessionId;

    $dialog.dialog("close");

    noteDetail.reload();
    treeService.reload();

    if (protectedSessionDeferred !== null) {
        ensureDialogIsClosed($dialog, $password);

        $noteDetailWrapper.show();

        protectedSessionDeferred.resolve();

        protectedSessionDeferred = null;
    }
}

function ensureDialogIsClosed() {
    // this may fal if the dialog has not been previously opened
    try {
        $dialog.dialog('close');
    }
    catch (e) {}

    $password.val('');
}

async function enterProtectedSession(password) {
    return await server.post('login/protected', {
        password: password
    });
}

function getProtectedSessionId() {
    return protectedSessionId;
}

function resetProtectedSession() {
    protectedSessionId = null;

    // most secure solution - guarantees nothing remained in memory
    // since this expires because user doesn't use the app, it shouldn't be disruptive
    utils.reloadApp();
}

function isProtectedSessionAvailable() {
    return protectedSessionId !== null;
}

async function protectNoteAndSendToServer() {
    await ensureProtectedSession(true, true);

    const note = noteDetail.getCurrentNote();

    noteDetail.updateNoteFromInputs(note);

    note.detail.isProtected = true;

    await noteDetail.saveNoteToServer(note);

    treeService.setProtected(note.detail.noteId, note.detail.isProtected);

    noteDetail.setNoteBackgroundIfProtected(note);
}

async function unprotectNoteAndSendToServer() {
    await ensureProtectedSession(true, true);

    const note = noteDetail.getCurrentNote();

    noteDetail.updateNoteFromInputs(note);

    note.detail.isProtected = false;

    await noteDetail.saveNoteToServer(note);

    treeService.setProtected(note.detail.noteId, note.detail.isProtected);

    noteDetail.setNoteBackgroundIfProtected(note);
}

function touchProtectedSession() {
    if (isProtectedSessionAvailable()) {
        lastProtectedSessionOperationDate = new Date();
    }
}

async function protectSubTree(noteId, protect) {
    await ensureProtectedSession(true, true);

    await server.put('notes/' + noteId + "/protect-sub-tree/" + (protect ? 1 : 0));

    utils.showMessage("Request to un/protect sub tree has finished successfully");

    treeService.reload();
    noteDetail.reload();
}

$passwordForm.submit(() => {
    setupProtectedSession();

    return false;
});

setInterval(() => {
    if (lastProtectedSessionOperationDate !== null && new Date().getTime() - lastProtectedSessionOperationDate.getTime() > protectedSessionTimeout * 1000) {
        resetProtectedSession();
    }
}, 5000);

$protectButton.click(protectNoteAndSendToServer);
$unprotectButton.click(unprotectNoteAndSendToServer);

export default {
    setProtectedSessionTimeout,
    ensureProtectedSession,
    resetProtectedSession,
    isProtectedSessionAvailable,
    protectNoteAndSendToServer,
    unprotectNoteAndSendToServer,
    getProtectedSessionId,
    touchProtectedSession,
    protectSubTree,
    ensureDialogIsClosed
};
"use strict" for all frontend files (backend was done earlier) 2017-11-05 07:38:50 +08:00			`"use strict";`

moved services into the service directory 2018-03-26 01:02:39 +08:00			`import treeService from './tree_service.js';`
			`import noteDetail from './note_detail.js';`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`import utils from './utils.js';`
			`import server from './server.js';`

			`const $dialog = $("#protected-session-password-dialog");`
			`const $passwordForm = $("#protected-session-password-form");`
			`const $password = $("#protected-session-password");`
			`const $noteDetailWrapper = $("#note-detail-wrapper");`
			`const $protectButton = $("#protect-button");`
			`const $unprotectButton = $("#unprotect-button");`

			`let protectedSessionDeferred = null;`
			`let lastProtectedSessionOperationDate = null;`
			`let protectedSessionTimeout = null;`
			`let protectedSessionId = null;`

			`$(document).ready(() => {`
			`server.get('settings/all').then(settings => protectedSessionTimeout = settings.protected_session_timeout);`
			`});`

			`function setProtectedSessionTimeout(encSessTimeout) {`
			`protectedSessionTimeout = encSessTimeout;`
			`}`

			`function ensureProtectedSession(requireProtectedSession, modal) {`
			`const dfd = $.Deferred();`

			`if (requireProtectedSession && !isProtectedSessionAvailable()) {`
			`protectedSessionDeferred = dfd;`

			`if (treeService.getCurrentNode().data.isProtected) {`
			`$noteDetailWrapper.hide();`
			`}`
encryption settings loading moved from tree to encryption module 2017-11-05 07:57:40 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$dialog.dialog({`
			`modal: modal,`
			`width: 400,`
			`open: () => {`
			`if (!modal) {`
			`// dialog steals focus for itself, which is not what we want for non-modal (viewing)`
			`treeService.getCurrentNode().setFocus();`
			`}`
			`}`
			`});`
			`}`
			`else {`
			`dfd.resolve();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00			`}`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`return dfd.promise();`
			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function setupProtectedSession() {`
			`const password = $password.val();`
			`$password.val("");`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`const response = await enterProtectedSession(password);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`if (!response.success) {`
			`utils.showError("Wrong password.");`
			`return;`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
frontend now generates two scrypt hashes with different salts - one for verification and one for encryption. Lowered complexity to half to not affect frontend performance. 2017-09-09 08:55:24 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`protectedSessionId = response.protectedSessionId;`
server side encryption WIP 2017-11-11 11:55:19 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$dialog.dialog("close");`
note titles are now encrypted as well - plus auto-decryption of note tree and unloading 2017-09-07 11:13:39 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.reload();`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`treeService.reload();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`if (protectedSessionDeferred !== null) {`
			`ensureDialogIsClosed($dialog, $password);`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$noteDetailWrapper.show();`
more cleanup 2017-11-15 12:01:23 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`protectedSessionDeferred.resolve();`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`protectedSessionDeferred = null;`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00			`}`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function ensureDialogIsClosed() {`
			`// this may fal if the dialog has not been previously opened`
			`try {`
			`$dialog.dialog('close');`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`}`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`catch (e) {}`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$password.val('');`
			`}`
server side encryption WIP 2017-11-11 11:55:19 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function enterProtectedSession(password) {`
			`return await server.post('login/protected', {`
			`password: password`
			`});`
			`}`
server side encryption WIP 2017-11-11 11:55:19 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function getProtectedSessionId() {`
			`return protectedSessionId;`
			`}`
server side encryption WIP 2017-11-11 11:55:19 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function resetProtectedSession() {`
			`protectedSessionId = null;`
after changing password, encryption key changed so current encryption session is invalid and needs to be cleared 2017-09-13 11:07:08 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`// most secure solution - guarantees nothing remained in memory`
			`// since this expires because user doesn't use the app, it shouldn't be disruptive`
			`utils.reloadApp();`
			`}`
if parent note is encrypted, then child note will be created as encrypted as well 2017-09-09 10:43:02 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function isProtectedSessionAvailable() {`
			`return protectedSessionId !== null;`
			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function protectNoteAndSendToServer() {`
			`await ensureProtectedSession(true, true);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`const note = noteDetail.getCurrentNote();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.updateNoteFromInputs(note);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`note.detail.isProtected = true;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`await noteDetail.saveNoteToServer(note);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`treeService.setProtected(note.detail.noteId, note.detail.isProtected);`
encryption of note history if the note is encrypted 2017-11-03 11:36:58 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.setNoteBackgroundIfProtected(note);`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
also de-encryption of note history plus bug fixes 2017-11-03 11:55:22 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function unprotectNoteAndSendToServer() {`
			`await ensureProtectedSession(true, true);`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`const note = noteDetail.getCurrentNote();`
encryption of note history if the note is encrypted 2017-11-03 11:36:58 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.updateNoteFromInputs(note);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`note.detail.isProtected = false;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`await noteDetail.saveNoteToServer(note);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`treeService.setProtected(note.detail.noteId, note.detail.isProtected);`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.setNoteBackgroundIfProtected(note);`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`

			`function touchProtectedSession() {`
			`if (isProtectedSessionAvailable()) {`
			`lastProtectedSessionOperationDate = new Date();`
refreshing protected session when loading and saving protected notes 2017-11-15 11:50:56 +08:00			`}`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
refreshing protected session when loading and saving protected notes 2017-11-15 11:50:56 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function protectSubTree(noteId, protect) {`
			`await ensureProtectedSession(true, true);`
fixing encrypt / decrypt subtree 2017-11-23 09:46:42 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`await server.put('notes/' + noteId + "/protect-sub-tree/" + (protect ? 1 : 0));`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`utils.showMessage("Request to un/protect sub tree has finished successfully");`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`treeService.reload();`
moved services into the service directory 2018-03-26 01:02:39 +08:00			`noteDetail.reload();`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$passwordForm.submit(() => {`
			`setupProtectedSession();`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`return false;`
			`});`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`setInterval(() => {`
			`if (lastProtectedSessionOperationDate !== null && new Date().getTime() - lastProtectedSessionOperationDate.getTime() > protectedSessionTimeout * 1000) {`
			`resetProtectedSession();`
			`}`
			`}, 5000);`

			`$protectButton.click(protectNoteAndSendToServer);`
			`$unprotectButton.click(unprotectNoteAndSendToServer);`

			`export default {`
			`setProtectedSessionTimeout,`
			`ensureProtectedSession,`
			`resetProtectedSession,`
			`isProtectedSessionAvailable,`
			`protectNoteAndSendToServer,`
			`unprotectNoteAndSendToServer,`
			`getProtectedSessionId,`
			`touchProtectedSession,`
			`protectSubTree,`
			`ensureDialogIsClosed`
			`};`