1
1
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-01-25 16:42:45 +08:00

logging API auth rejections

This commit is contained in:
zadam 2019-07-25 21:05:16 +02:00
parent b488adc330
commit 78ffac8232

View file

@ -1,6 +1,7 @@
"use strict";
const sql = require('./sql');
const log = require('./log');
const sqlInit = require('./sql_init');
const utils = require('./utils');
const passwordEncryptionService = require('./password_encryption');
@ -22,7 +23,7 @@ async function checkAuth(req, res, next) {
// currently we're doing that for file upload because handling form data seems to be difficult
async function checkApiAuthOrElectron(req, res, next) {
if (!req.session.loggedIn && !utils.isElectron()) {
res.status(401).send("Not authorized");
reject(req, res, "Not authorized");
}
else {
next();
@ -31,7 +32,7 @@ async function checkApiAuthOrElectron(req, res, next) {
async function checkApiAuth(req, res, next) {
if (!req.session.loggedIn) {
res.status(401).send("Not authorized");
reject(req, res, "Not authorized");
}
else {
next();
@ -49,7 +50,7 @@ async function checkAppInitialized(req, res, next) {
async function checkAppNotInitialized(req, res, next) {
if (await sqlInit.isDbInitialized()) {
res.status(400).send("App already initialized.");
reject(req, res, "App already initialized.");
}
else {
next();
@ -60,13 +61,19 @@ async function checkToken(req, res, next) {
const token = req.headers.authorization;
if (await sql.getValue("SELECT COUNT(*) FROM api_tokens WHERE isDeleted = 0 AND token = ?", [token]) === 0) {
res.status(401).send("Not authorized");
reject(req, res, "Not authorized");
}
else {
next();
}
}
function reject(req, res, message) {
log.info(`${req.method} ${req.path} rejected with 401 ${message}`);
res.status(401).send(message);
}
async function checkBasicAuth(req, res, next) {
const header = req.headers.authorization || '';
const token = header.split(/\s+/).pop() || '';