zadam/trilium
1
1
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2024-09-22 00:26:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

make clipper api authenticated for server and unauthenticated for local electron

Browse source
This commit is contained in:
zadam 2019-07-07 13:12:40 +02:00
parent 95a773e5c9
commit 7d57961ab2
3 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/routes/api/clipper.js
View file

@ -7,6 +7,7 @@ const imageService = require('../../services/image');
const appInfo = require('../../services/app_info');
const messagingService = require('../../services/messaging');
const log = require('../../services/log');
const utils = require('../../services/utils');
const path = require('path');
const Link = require('../../entities/link');
@ -144,12 +145,21 @@ async function createImage(req) {
}
async function openNote(req) {
messagingService.sendMessageToAllClients({
type: 'open-note',
noteId: req.params.noteId
});
if (utils.isElectron()) {
messagingService.sendMessageToAllClients({
type: 'open-note',
noteId: req.params.noteId
});
return {};
return {
result: 'ok'
};
}
else {
return {
result: 'open-in-browser'
}
}
}
async function handshake() {

18
src/routes/routes.js
View file

@ -1,6 +1,7 @@
const setupRoute = require('./setup');
const loginRoute = require('./login');
const indexRoute = require('./index');
const utils = require('../services/utils');
const multer = require('multer')();
// API routes
@ -214,8 +215,8 @@ function register(app) {
// no CSRF since this is called from android app
route(POST, '/api/sender/login', [], loginApiRoute.token, apiResultHandler);
route(POST, '/api/sender/image', [auth.checkSenderToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler);
route(POST, '/api/sender/note', [auth.checkSenderToken], senderRoute.saveNote, apiResultHandler);
route(POST, '/api/sender/image', [auth.checkToken, uploadMiddleware], senderRoute.uploadImage, apiResultHandler);
route(POST, '/api/sender/note', [auth.checkToken], senderRoute.saveNote, apiResultHandler);
apiRoute(GET, '/api/search/:searchString', searchRoute.searchNotes);
apiRoute(GET, '/api/search-note/:noteId', searchRoute.searchFromNote);
@ -225,11 +226,14 @@ function register(app) {
apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
route(GET, '/api/clipper/handshake', [], clipperRoute.handshake, apiResultHandler);
route(POST, '/api/clipper/clippings', [], clipperRoute.addClipping, apiResultHandler);
route(POST, '/api/clipper/notes', [], clipperRoute.createNote, apiResultHandler);
route(POST, '/api/clipper/image', [], clipperRoute.createImage, apiResultHandler);
route(POST, '/api/clipper/open/:noteId', [], clipperRoute.openNote, apiResultHandler);
// in case of local electron, local calls are allowed unauthenticated, for server they need auth
const clipperMiddleware = utils.isElectron() ? [] : [auth.checkToken];
route(GET, '/api/clipper/handshake', clipperMiddleware, clipperRoute.handshake, apiResultHandler);
route(POST, '/api/clipper/clippings', clipperMiddleware, clipperRoute.addClipping, apiResultHandler);
route(POST, '/api/clipper/notes', clipperMiddleware, clipperRoute.createNote, apiResultHandler);
route(POST, '/api/clipper/image', clipperMiddleware, clipperRoute.createImage, apiResultHandler);
route(POST, '/api/clipper/open/:noteId', clipperMiddleware, clipperRoute.openNote, apiResultHandler);
app.use('', router);
}

4
src/services/auth.js
View file

@ -56,7 +56,7 @@ async function checkAppNotInitialized(req, res, next) {
}
}
async function checkSenderToken(req, res, next) {
async function checkToken(req, res, next) {
const token = req.headers.authorization;
if (await sql.getValue("SELECT COUNT(*) FROM api_tokens WHERE isDeleted = 0 AND token = ?", [token]) === 0) {
@ -89,6 +89,6 @@ module.exports = {
checkAppInitialized,
checkAppNotInitialized,
checkApiAuthOrElectron,
checkSenderToken,
checkToken,
checkBasicAuth
};