trilium/routes/api/notes.js

"use strict";

const express = require('express');
const router = express.Router();
const auth = require('../../services/auth');
const sql = require('../../services/sql');
const notes = require('../../services/notes');
const log = require('../../services/log');
const utils = require('../../services/utils');
const protected_session = require('../../services/protected_session');
const data_encryption = require('../../services/data_encryption');
const tree = require('../../services/tree');
const sync_table = require('../../services/sync_table');
const wrap = require('express-promise-wrap').wrap;

router.get('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;

    const detail = await sql.getFirst("SELECT * FROM notes WHERE note_id = ?", [noteId]);

    if (!detail) {
        log.info("Note " + noteId + " has not been found.");

        return res.status(404).send({});
    }

    if (detail.is_protected) {
        const dataKey = protected_session.getDataKey(req);

        detail.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(detail.note_id), detail.note_title);
        detail.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(detail.note_id), detail.note_text);
    }

    res.send({
        detail: detail
    });
}));

router.post('/:parentNoteId/children', auth.checkApiAuth, wrap(async (req, res, next) => {
    const sourceId = req.headers.source_id;
    const parentNoteId = req.params.parentNoteId;
    const note = req.body;

    const { noteId, noteTreeId } = await notes.createNewNote(parentNoteId, note, sourceId);

    res.send({
        'note_id': noteId,
        'note_tree_id': noteTreeId
    });
}));

router.put('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {
    const note = req.body;
    const noteId = req.params.noteId;
    const sourceId = req.headers.source_id;
    const dataKey = protected_session.getDataKey(req);

    await notes.updateNote(noteId, note, dataKey, sourceId);

    res.send({});
}));

router.get('/', auth.checkApiAuth, wrap(async (req, res, next) => {
    const search = '%' + utils.sanitizeSql(req.query.search) + '%';

    // searching in protected notes is pointless because of encryption
    const noteIds = await sql.getFirstColumn(`SELECT note_id FROM notes 
              WHERE is_deleted = 0 AND is_protected = 0 AND (note_title LIKE ? OR note_text LIKE ?)`, [search, search]);

    res.send(noteIds);
}));

router.put('/:noteId/sort', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;
    const sourceId = req.headers.source_id;
    const dataKey = protected_session.getDataKey(req);

    await tree.sortNotesAlphabetically(noteId, dataKey, sourceId);

    res.send({});
}));

router.put('/:noteId/protect-sub-tree/:isProtected', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;
    const isProtected = !!parseInt(req.params.isProtected);
    const dataKey = protected_session.getDataKey(req);
    const sourceId = req.headers.source_id;

    await sql.doInTransaction(async () => {
        await notes.protectNoteRecursively(noteId, dataKey, isProtected, sourceId);
    });

    res.send({});
}));

router.put('/:noteId/type/:type/mime/:mime', auth.checkApiAuth, wrap(async (req, res, next) => {
    const noteId = req.params.noteId;
    const type = req.params.type;
    const mime = req.params.mime;
    const sourceId = req.headers.source_id;

    await sql.doInTransaction(async () => {
       await sql.execute("UPDATE notes SET type = ?, mime = ?, date_modified = ? WHERE note_id = ?",
           [type, mime, utils.nowDate(), noteId]);

       await sync_table.addNoteSync(noteId, sourceId);
    });

    res.send({});
}));

module.exports = router;
use strict in all JS files 2017-10-22 09:10:33 +08:00			`"use strict";`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`const express = require('express');`
			`const router = express.Router();`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00			`const auth = require('../../services/auth');`
reorganization of source code 2017-10-16 07:47:05 +08:00			`const sql = require('../../services/sql');`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00			`const notes = require('../../services/notes');`
sync fix to prefix and some usability improvements 2017-11-27 12:10:23 +08:00			`const log = require('../../services/log');`
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`const utils = require('../../services/utils');`
server side encryption WIP 2017-11-13 10:40:26 +08:00			`const protected_session = require('../../services/protected_session');`
			`const data_encryption = require('../../services/data_encryption');`
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`const tree = require('../../services/tree');`
first experiments with code mirror 2018-01-21 10:56:03 +08:00			`const sync_table = require('../../services/sync_table');`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`const wrap = require('express-promise-wrap').wrap;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.get('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`const noteId = req.params.noteId;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
change in naming of SQL methods added assert methods to note tree 2017-12-24 00:02:38 +08:00			`const detail = await sql.getFirst("SELECT * FROM notes WHERE note_id = ?", [noteId]);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
sync fix to prefix and some usability improvements 2017-11-27 12:10:23 +08:00			`if (!detail) {`
			`log.info("Note " + noteId + " has not been found.");`

			`return res.status(404).send({});`
			`}`

server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`if (detail.is_protected) {`
server side encryption WIP 2017-11-13 10:40:26 +08:00			`const dataKey = protected_session.getDataKey(req);`

notes_tree now has note_tree_id so we stricly distinguish between working on notes or note trees 2017-11-19 06:05:50 +08:00			`detail.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(detail.note_id), detail.note_title);`
			`detail.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(detail.note_id), detail.note_text);`
server side encryption WIP 2017-11-13 10:40:26 +08:00			`}`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`res.send({`
converted all timestamps to string representation 2017-12-11 01:56:59 +08:00			`detail: detail`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.post('/:parentNoteId/children', auth.checkApiAuth, wrap(async (req, res, next) => {`
per-browser source id so we support having notecase opened in multiple tabs/windows 2017-12-17 09:48:34 +08:00			`const sourceId = req.headers.source_id;`
cloning in context menu (copy & paste) and a lot of related refactoring and fixes 2017-11-23 12:16:54 +08:00			`const parentNoteId = req.params.parentNoteId;`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`const note = req.body;`

per-browser source id so we support having notecase opened in multiple tabs/windows 2017-12-17 09:48:34 +08:00			`const { noteId, noteTreeId } = await notes.createNewNote(parentNoteId, note, sourceId);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00			`res.send({`
notes_tree now has note_tree_id so we stricly distinguish between working on notes or note trees 2017-11-19 06:05:50 +08:00			`'note_id': noteId,`
			`'note_tree_id': noteTreeId`
better transaction handling with rollback on exception 2017-10-30 06:50:28 +08:00			`});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.put('/:noteId', auth.checkApiAuth, wrap(async (req, res, next) => {`
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-15 10:54:12 +08:00			`const note = req.body;`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00			`const noteId = req.params.noteId;`
got rid of request context and related refactorings 2017-12-17 10:23:35 +08:00			`const sourceId = req.headers.source_id;`
			`const dataKey = protected_session.getDataKey(req);`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 23:41:54 +08:00
got rid of request context and related refactorings 2017-12-17 10:23:35 +08:00			`await notes.updateNote(noteId, note, dataKey, sourceId);`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
			`res.send({});`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`router.get('/', auth.checkApiAuth, wrap(async (req, res, next) => {`
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`const search = '%' + utils.sanitizeSql(req.query.search) + '%';`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`// searching in protected notes is pointless because of encryption`
			const noteIds = await sql.getFirstColumn(`SELECT note_id FROM notes
			WHERE is_deleted = 0 AND is_protected = 0 AND (note_title LIKE ? OR note_text LIKE ?)`, [search, search]);
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
improvements to search, fixing issue #1 2018-01-16 09:54:22 +08:00			`res.send(noteIds);`
added express-promise-wrap to catch and respond to unhandled exceptions immediately, previously the requests just hanged 2018-01-07 22:35:44 +08:00			`}));`
backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00			`router.put('/:noteId/sort', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params.noteId;`
			`const sourceId = req.headers.source_id;`
			`const dataKey = protected_session.getDataKey(req);`

refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`await tree.sortNotesAlphabetically(noteId, dataKey, sourceId);`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`res.send({});`
			`}));`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`router.put('/:noteId/protect-sub-tree/:isProtected', auth.checkApiAuth, wrap(async (req, res, next) => {`
			`const noteId = req.params.noteId;`
			`const isProtected = !!parseInt(req.params.isProtected);`
			`const dataKey = protected_session.getDataKey(req);`
			`const sourceId = req.headers.source_id;`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00
refactoring of routes - noteId needs to go to /notes noteTreeId to /tree 2018-01-14 09:53:00 +08:00			`await sql.doInTransaction(async () => {`
			`await notes.protectNoteRecursively(noteId, dataKey, isProtected, sourceId);`
added note alphabetical sorting to context menu 2018-01-14 06:00:40 +08:00			`});`

			`res.send({});`
			`}));`

support for loading and saving type and mime 2018-01-22 12:36:09 +08:00			`router.put('/:noteId/type/:type/mime/:mime', auth.checkApiAuth, wrap(async (req, res, next) => {`
first experiments with code mirror 2018-01-21 10:56:03 +08:00			`const noteId = req.params.noteId;`
			`const type = req.params.type;`
support for loading and saving type and mime 2018-01-22 12:36:09 +08:00			`const mime = req.params.mime;`
first experiments with code mirror 2018-01-21 10:56:03 +08:00			`const sourceId = req.headers.source_id;`

			`await sql.doInTransaction(async () => {`
support for loading and saving type and mime 2018-01-22 12:36:09 +08:00			`await sql.execute("UPDATE notes SET type = ?, mime = ?, date_modified = ? WHERE note_id = ?",`
			`[type, mime, utils.nowDate(), noteId]);`
first experiments with code mirror 2018-01-21 10:56:03 +08:00
			`await sync_table.addNoteSync(noteId, sourceId);`
			`});`

			`res.send({});`
			`}));`

backend ported to node.js (work in progress) 2017-10-15 11:31:44 +08:00			`module.exports = router;`