trilium/src/public/javascripts/services/protected_session.js

import treeService from './tree.js';
import noteDetailService from './note_detail.js';
import utils from './utils.js';
import server from './server.js';
import protectedSessionHolder from './protected_session_holder.js';
import infoService from "./info.js";

const $dialog = $("#protected-session-password-dialog");
const $component = $("#protected-session-password-component");
const $passwordForms = $(".protected-session-password-form");
const $passwordInputs = $(".protected-session-password");
const $passwordInModal = $("#protected-session-password-in-modal");
const $noteDetailWrapper = $("#note-detail-wrapper");
const $protectButton = $("#protect-button");
const $unprotectButton = $("#unprotect-button");
const $enterProtectedSessionButton = $("#enter-protected-session-button");
const $leaveProtectedSessionButton = $("#leave-protected-session-button");
const $noteTitle = $("#note-title");

let protectedSessionDeferred = null;

async function enterProtectedSession() {
    if (!protectedSessionHolder.isProtectedSessionAvailable()) {
        await ensureProtectedSession(true, true);
    }
}

async function leaveProtectedSession() {
    if (protectedSessionHolder.isProtectedSessionAvailable()) {
        utils.reloadApp();
    }
}

/** returned promise resolves with true if new protected session was established, false if no action was necessary */
function ensureProtectedSession(requireProtectedSession, modal) {
    const dfd = $.Deferred();

    if (requireProtectedSession && !protectedSessionHolder.isProtectedSessionAvailable()) {
        // using deferred instead of promise because it allows resolving from outside
        protectedSessionDeferred = dfd;

        // user shouldn't be able to edit note title
        $noteTitle.prop("readonly", true);

        if (modal) {
            if (treeService.getCurrentNode().data.isProtected) {
                $noteDetailWrapper.hide();
            }

            $dialog.modal();
        }
        else {
            $component.show();
        }
    }
    else {
        dfd.resolve(false);
    }

    return dfd.promise();
}

async function setupProtectedSession(password) {
    $passwordInputs.val("");

    const response = await enterProtectedSessionOnServer(password);

    if (!response.success) {
        infoService.showError("Wrong password.", 3000);
        return;
    }

    protectedSessionHolder.setProtectedSessionId(response.protectedSessionId);

    $dialog.modal("hide");

    await treeService.reload();

    // it's important that tree has been already reloaded at this point
    // since detail also uses tree cache (for children overview)
    await noteDetailService.reload();

    if (protectedSessionDeferred !== null) {
        ensureDialogIsClosed();

        $noteDetailWrapper.show();

        protectedSessionDeferred.resolve(true);
        protectedSessionDeferred = null;

        $enterProtectedSessionButton.hide();
        $leaveProtectedSessionButton.show();
    }

    infoService.showMessage("Protected session has been started.");
}

function ensureDialogIsClosed() {
    // this may fal if the dialog has not been previously opened (not sure if still true with Bootstrap modal)
    try {
        $dialog.modal('hide');
    }
    catch (e) {}

    $passwordInputs.val('');
}

async function enterProtectedSessionOnServer(password) {
    return await server.post('login/protected', {
        password: password
    });
}

async function protectNoteAndSendToServer() {
    if (noteDetailService.getCurrentNote().isProtected) {
        return;
    }

    await ensureProtectedSession(true, true);

    const note = noteDetailService.getCurrentNote();
    note.isProtected = true;

    await noteDetailService.saveNote(note);

    treeService.setProtected(note.noteId, note.isProtected);

    noteDetailService.setNoteBackgroundIfProtected(note);
}

async function unprotectNoteAndSendToServer() {
    const currentNote = noteDetailService.getCurrentNote();

    if (!currentNote.isProtected) {
        infoService.showAndLogError(`Note ${currentNote.noteId} is not protected`);

        return;
    }

    if (!protectedSessionHolder.isProtectedSessionAvailable()) {
        console.log("Unprotecting notes outside of protected session is not allowed.");
        // the reason is that it's not easy to handle even with ensureProtectedSession,
        // because we would first have to make sure the note is loaded and only then unprotect
        // we used to have a bug where we would overwrite the previous note with unprotected content.

        return;
    }

    currentNote.isProtected = false;

    await noteDetailService.saveNote(currentNote);

    treeService.setProtected(currentNote.noteId, currentNote.isProtected);

    noteDetailService.setNoteBackgroundIfProtected(currentNote);
}

async function protectSubtree(noteId, protect) {
    await ensureProtectedSession(true, true);

    await server.put('notes/' + noteId + "/protect/" + (protect ? 1 : 0));

    infoService.showMessage("Request to un/protect sub tree has finished successfully");

    treeService.reload();
    noteDetailService.reload();
}

$passwordForms.submit(function() { // needs to stay as function
    const password = $(this).find(".protected-session-password").val();

    setupProtectedSession(password);

    return false;
});

$protectButton.click(protectNoteAndSendToServer);
$unprotectButton.click(unprotectNoteAndSendToServer);

$dialog.on("shown.bs.modal", e => $passwordInModal.focus());

export default {
    ensureProtectedSession,
    protectSubtree,
    ensureDialogIsClosed,
    enterProtectedSession,
    leaveProtectedSession,
    protectNoteAndSendToServer
};
renamed service variables to conform to new naming scheme 2018-03-26 01:41:29 +08:00			`import treeService from './tree.js';`
naming standards 2018-04-08 21:25:35 +08:00			`import noteDetailService from './note_detail.js';`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`import utils from './utils.js';`
			`import server from './server.js';`
decoupled protected session holder from presentation stuff and similar things 2018-03-26 09:16:57 +08:00			`import protectedSessionHolder from './protected_session_holder.js';`
reduced dependencies of utils 2018-03-26 09:29:35 +08:00			`import infoService from "./info.js";`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00
			`const $dialog = $("#protected-session-password-dialog");`
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`const $component = $("#protected-session-password-component");`
			`const $passwordForms = $(".protected-session-password-form");`
			`const $passwordInputs = $(".protected-session-password");`
			`const $passwordInModal = $("#protected-session-password-in-modal");`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`const $noteDetailWrapper = $("#note-detail-wrapper");`
			`const $protectButton = $("#protect-button");`
			`const $unprotectButton = $("#unprotect-button");`
on/off button for entering/leaving protected session has been changed to literal buttons 2018-11-25 21:12:33 +08:00			`const $enterProtectedSessionButton = $("#enter-protected-session-button");`
			`const $leaveProtectedSessionButton = $("#leave-protected-session-button");`
cannot edit note title when not in protected session 2018-12-28 03:22:33 +08:00			`const $noteTitle = $("#note-title");`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00
			`let protectedSessionDeferred = null;`

add switch to manually enter/leave protected session, fixes #107 2018-06-01 08:00:39 +08:00			`async function enterProtectedSession() {`
			`if (!protectedSessionHolder.isProtectedSessionAvailable()) {`
			`await ensureProtectedSession(true, true);`
			`}`
			`}`

			`async function leaveProtectedSession() {`
			`if (protectedSessionHolder.isProtectedSessionAvailable()) {`
			`utils.reloadApp();`
			`}`
			`}`

fix for protected note freezing because of double initialization of CKEditor 2018-08-28 21:03:23 +08:00			`/** returned promise resolves with true if new protected session was established, false if no action was necessary */`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function ensureProtectedSession(requireProtectedSession, modal) {`
			`const dfd = $.Deferred();`

decoupled protected session holder from presentation stuff and similar things 2018-03-26 09:16:57 +08:00			`if (requireProtectedSession && !protectedSessionHolder.isProtectedSessionAvailable()) {`
unprotecting note outside of protected session is not forbidden because it could overwrite previous note 2018-08-17 21:21:59 +08:00			`// using deferred instead of promise because it allows resolving from outside`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`protectedSessionDeferred = dfd;`

cannot edit note title when not in protected session 2018-12-28 03:22:33 +08:00			`// user shouldn't be able to edit note title`
			`$noteTitle.prop("readonly", true);`

non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`if (modal) {`
			`if (treeService.getCurrentNode().data.isProtected) {`
			`$noteDetailWrapper.hide();`
			`}`
encryption settings loading moved from tree to encryption module 2017-11-05 07:57:40 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`$dialog.modal();`
			`}`
			`else {`
			`$component.show();`
			`}`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
			`else {`
fix for protected note freezing because of double initialization of CKEditor 2018-08-28 21:03:23 +08:00			`dfd.resolve(false);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00			`}`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`return dfd.promise();`
			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`async function setupProtectedSession(password) {`
			`$passwordInputs.val("");`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
add switch to manually enter/leave protected session, fixes #107 2018-06-01 08:00:39 +08:00			`const response = await enterProtectedSessionOnServer(password);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`if (!response.success) {`
fix z-index of notification 2018-11-23 04:19:12 +08:00			`infoService.showError("Wrong password.", 3000);`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`return;`
encryption converted to module 2017-11-05 06:18:55 +08:00			`}`
frontend now generates two scrypt hashes with different salts - one for verification and one for encryption. Lowered complexity to half to not affect frontend performance. 2017-09-09 08:55:24 +08:00
decoupled protected session holder from presentation stuff and similar things 2018-03-26 09:16:57 +08:00			`protectedSessionHolder.setProtectedSessionId(response.protectedSessionId);`
server side encryption WIP 2017-11-11 11:55:19 +08:00
migrated all remaining dialogs to bootstrap modals, #203 2018-11-07 00:47:40 +08:00			`$dialog.modal("hide");`
note titles are now encrypted as well - plus auto-decryption of note tree and unloading 2017-09-07 11:13:39 +08:00
fix minor UI issue causing children overview not being decrypted right after entering protected session 2018-11-30 17:33:40 +08:00			`await treeService.reload();`
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00
fix minor UI issue causing children overview not being decrypted right after entering protected session 2018-11-30 17:33:40 +08:00			`// it's important that tree has been already reloaded at this point`
			`// since detail also uses tree cache (for children overview)`
			`await noteDetailService.reload();`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`if (protectedSessionDeferred !== null) {`
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`ensureDialogIsClosed();`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$noteDetailWrapper.show();`
more cleanup 2017-11-15 12:01:23 +08:00
fix for protected note freezing because of double initialization of CKEditor 2018-08-28 21:03:23 +08:00			`protectedSessionDeferred.resolve(true);`
new UI for search, closes #108 (still needs cleanup) 2018-06-04 08:42:25 +08:00			`protectedSessionDeferred = null;`
new code icons, protected note icon in note tree is now styled using CSS filter drop shadow 2018-01-27 11:32:44 +08:00
on/off button for entering/leaving protected session has been changed to literal buttons 2018-11-25 21:12:33 +08:00			`$enterProtectedSessionButton.hide();`
			`$leaveProtectedSessionButton.show();`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00			`}`
cssClass is correctly filled for new note 2018-09-01 19:18:55 +08:00
			`infoService.showMessage("Protected session has been started.");`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`function ensureDialogIsClosed() {`
fix shadow of protected note's icon in the tree 2018-11-14 15:23:34 +08:00			`// this may fal if the dialog has not been previously opened (not sure if still true with Bootstrap modal)`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`try {`
migrated all remaining dialogs to bootstrap modals, #203 2018-11-07 00:47:40 +08:00			`$dialog.modal('hide');`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00			`}`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`catch (e) {}`
hiding protected session dialog when moving over to unprotected note 2017-11-15 13:10:11 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`$passwordInputs.val('');`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
server side encryption WIP 2017-11-11 11:55:19 +08:00
add switch to manually enter/leave protected session, fixes #107 2018-06-01 08:00:39 +08:00			`async function enterProtectedSessionOnServer(password) {`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`return await server.post('login/protected', {`
			`password: password`
			`});`
			`}`
server side encryption WIP 2017-11-11 11:55:19 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function protectNoteAndSendToServer() {`
better protected/unprotected note indicator, fixes #110 2018-06-02 23:47:16 +08:00			`if (noteDetailService.getCurrentNote().isProtected) {`
			`return;`
			`}`

using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`await ensureProtectedSession(true, true);`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
naming standards 2018-04-08 21:25:35 +08:00			`const note = noteDetailService.getCurrentNote();`
introduced NoteFull entity, fixes 2018-03-26 11:25:17 +08:00			`note.isProtected = true;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
naming standards 2018-04-08 21:25:35 +08:00			`await noteDetailService.saveNote(note);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
introduced NoteFull entity, fixes 2018-03-26 11:25:17 +08:00			`treeService.setProtected(note.noteId, note.isProtected);`
encryption of note history if the note is encrypted 2017-11-03 11:36:58 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`noteDetailService.setNoteBackgroundIfProtected(note);`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
also de-encryption of note history plus bug fixes 2017-11-03 11:55:22 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`async function unprotectNoteAndSendToServer() {`
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00			`const currentNote = noteDetailService.getCurrentNote();`

			`if (!currentNote.isProtected) {`
			infoService.showAndLogError(`Note ${currentNote.noteId} is not protected`);

better protected/unprotected note indicator, fixes #110 2018-06-02 23:47:16 +08:00			`return;`
			`}`

unprotecting note outside of protected session is not forbidden because it could overwrite previous note 2018-08-17 21:21:59 +08:00			`if (!protectedSessionHolder.isProtectedSessionAvailable()) {`
			`console.log("Unprotecting notes outside of protected session is not allowed.");`
			`// the reason is that it's not easy to handle even with ensureProtectedSession,`
			`// because we would first have to make sure the note is loaded and only then unprotect`
			`// we used to have a bug where we would overwrite the previous note with unprotected content.`

			`return;`
			`}`
initial decallbackization and promisification of frontend 2017-11-04 08:01:32 +08:00
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00			`currentNote.isProtected = false;`
encryption code separated into its own file 2017-09-07 10:06:43 +08:00
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00			`await noteDetailService.saveNote(currentNote);`
fix setting "protected" class and background on note tree 2017-12-25 22:30:37 +08:00
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00			`treeService.setProtected(currentNote.noteId, currentNote.isProtected);`
encrypt and decrypt subtrees (in tree context menu) 2017-09-18 00:46:14 +08:00
unprotecting note after protecting it sometimes didn't work fix protected note background 2018-11-09 21:36:27 +08:00			`noteDetailService.setNoteBackgroundIfProtected(currentNote);`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`

renamed subtree operations in context menu from "branch" to "subtree" 2018-09-01 00:22:53 +08:00			`async function protectSubtree(noteId, protect) {`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`await ensureProtectedSession(true, true);`
fixing encrypt / decrypt subtree 2017-11-23 09:46:42 +08:00
changes in API format 2018-04-02 08:33:10 +08:00			`await server.put('notes/' + noteId + "/protect/" + (protect ? 1 : 0));`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
reduced dependencies of utils 2018-03-26 09:29:35 +08:00			`infoService.showMessage("Request to un/protect sub tree has finished successfully");`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`treeService.reload();`
naming standards 2018-04-08 21:25:35 +08:00			`noteDetailService.reload();`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`}`
protect/unprotect subtree 2017-11-15 13:04:26 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`$passwordForms.submit(function() { // needs to stay as function`
			`const password = $(this).find(".protected-session-password").val();`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`setupProtectedSession(password);`
cosmetic cleanup, mostly in encryption 2017-11-09 11:33:08 +08:00
non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`return false;`
enter protected password is not modal now, closes #217 2018-11-09 06:48:49 +08:00			`});`
migrated all remaining dialogs to bootstrap modals, #203 2018-11-07 00:47:40 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`$protectButton.click(protectNoteAndSendToServer);`
			`$unprotectButton.click(unprotectNoteAndSendToServer);`

non-modal protected session password form is now done separately as a kind of detail component. Also reworked branch prefix dialog input 2018-12-28 03:04:59 +08:00			`$dialog.on("shown.bs.modal", e => $passwordInModal.focus());`
fix shadow of protected note's icon in the tree 2018-11-14 15:23:34 +08:00
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`export default {`
			`ensureProtectedSession,`
renamed subtree operations in context menu from "branch" to "subtree" 2018-09-01 00:22:53 +08:00			`protectSubtree,`
add switch to manually enter/leave protected session, fixes #107 2018-06-01 08:00:39 +08:00			`ensureDialogIsClosed,`
			`enterProtectedSession,`
frontend API addition to protect current note 2019-01-01 22:39:13 +08:00			`leaveProtectedSession,`
			`protectNoteAndSendToServer`
using ES6 modules for whole frontend SPA app 2018-03-25 23:09:17 +08:00			`};`