src/etapi/etapi_utils.js

const cls = require('../services/cls.js');
const sql = require('../services/sql.js');
const log = require('../services/log.js');
const becca = require('../becca/becca.js');
const etapiTokenService = require('../services/etapi_tokens.js');
const config = require('../services/config.js');
const GENERIC_CODE = "GENERIC";

const noAuthentication = config.General && config.General.noAuthentication === true;

class EtapiError extends Error {
    constructor(statusCode, code, message) {
        super();

        this.statusCode = statusCode;
        this.code = code;
        this.message = message;
    }
}

function sendError(res, statusCode, code, message) {
    return res
        .set('Content-Type', 'application/json')
        .status(statusCode)
        .send(JSON.stringify({
            "status": statusCode,
            "code": code,
            "message": message
        }));
}

function checkEtapiAuth(req, res, next) {
    if (noAuthentication || etapiTokenService.isValidAuthHeader(req.headers.authorization)) {
        next();
    }
    else {
        sendError(res, 401, "NOT_AUTHENTICATED", "Not authenticated");
    }
}

function processRequest(req, res, routeHandler, next, method, path) {
    try {
        cls.namespace.bindEmitter(req);
        cls.namespace.bindEmitter(res);

        cls.init(() => {
            cls.set('componentId', "etapi");
            cls.set('localNowDateTime', req.headers['trilium-local-now-datetime']);

            const cb = () => routeHandler(req, res, next);

            return sql.transactional(cb);
        });
    } catch (e) {
        log.error(`${method} ${path} threw exception ${e.message} with stacktrace: ${e.stack}`);

        if (e instanceof EtapiError) {
            sendError(res, e.statusCode, e.code, e.message);
        } else {
            sendError(res, 500, GENERIC_CODE, e.message);
        }
    }
}

function route(router, method, path, routeHandler) {
    router[method](path, checkEtapiAuth, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}

function NOT_AUTHENTICATED_ROUTE(router, method, path, middleware, routeHandler) {
    router[method](path, ...middleware, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}

function getAndCheckNote(noteId) {
    const note = becca.getNote(noteId);

    if (note) {
        return note;
    }
    else {
        throw new EtapiError(404, "NOTE_NOT_FOUND", `Note '${noteId}' not found.`);
    }
}

function getAndCheckAttachment(attachmentId) {
    const attachment = becca.getAttachment(attachmentId, {includeContentLength: true});

    if (attachment) {
        return attachment;
    }
    else {
        throw new EtapiError(404, "ATTACHMENT_NOT_FOUND", `Attachment '${attachmentId}' not found.`);
    }
}

function getAndCheckBranch(branchId) {
    const branch = becca.getBranch(branchId);

    if (branch) {
        return branch;
    }
    else {
        throw new EtapiError(404, "BRANCH_NOT_FOUND", `Branch '${branchId}' not found.`);
    }
}

function getAndCheckAttribute(attributeId) {
    const attribute = becca.getAttribute(attributeId);

    if (attribute) {
        return attribute;
    }
    else {
        throw new EtapiError(404, "ATTRIBUTE_NOT_FOUND", `Attribute '${attributeId}' not found.`);
    }
}

function validateAndPatch(target, source, allowedProperties) {
    for (const key of Object.keys(source)) {
        if (!(key in allowedProperties)) {
            throw new EtapiError(400, "PROPERTY_NOT_ALLOWED", `Property '${key}' is not allowed for this method.`);
        }
        else {
            for (const validator of allowedProperties[key]) {
                const validationResult = validator(source[key]);

                if (validationResult) {
                    throw new EtapiError(400, "PROPERTY_VALIDATION_ERROR", `Validation failed on property '${key}': ${validationResult}.`);
                }
            }
        }
    }

    // validation passed, let's patch
    for (const propName of Object.keys(source)) {
        target[propName] = source[propName];
    }
}

module.exports = {
    EtapiError,
    sendError,
    route,
    NOT_AUTHENTICATED_ROUTE,
    GENERIC_CODE,
    validateAndPatch,
    getAndCheckNote,
    getAndCheckBranch,
    getAndCheckAttribute,
    getAndCheckAttachment
}
use .js extension for require() as a preparation for future migration to ESM 2023-11-22 19:34:48 +01:00			`const cls = require('../services/cls.js');`
			`const sql = require('../services/sql.js');`
			`const log = require('../services/log.js');`
			`const becca = require('../becca/becca.js');`
			`const etapiTokenService = require('../services/etapi_tokens.js');`
			`const config = require('../services/config.js');`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`const GENERIC_CODE = "GENERIC";`

ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const noAuthentication = config.General && config.General.noAuthentication === true;`

ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`class EtapiError extends Error {`
			`constructor(statusCode, code, message) {`
			`super();`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`this.statusCode = statusCode;`
			`this.code = code;`
			`this.message = message;`
			`}`
			`}`

			`function sendError(res, statusCode, code, message) {`
			`return res`
			`.set('Content-Type', 'application/json')`
			`.status(statusCode)`
			`.send(JSON.stringify({`
			`"status": statusCode,`
			`"code": code,`
			`"message": message`
			`}));`
			`}`

			`function checkEtapiAuth(req, res, next) {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`if (noAuthentication \|\| etapiTokenService.isValidAuthHeader(req.headers.authorization)) {`
			`next();`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`else {`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`sendError(res, 401, "NOT_AUTHENTICATED", "Not authenticated");`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`

ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`function processRequest(req, res, routeHandler, next, method, path) {`
			`try {`
			`cls.namespace.bindEmitter(req);`
			`cls.namespace.bindEmitter(res);`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`cls.init(() => {`
			`cls.set('componentId', "etapi");`
			`cls.set('localNowDateTime', req.headers['trilium-local-now-datetime']);`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`const cb = () => routeHandler(req, res, next);`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`return sql.transactional(cb);`
			`});`
			`} catch (e) {`
			log.error(`${method} ${path} threw exception ${e.message} with stacktrace: ${e.stack}`);

			`if (e instanceof EtapiError) {`
			`sendError(res, e.statusCode, e.code, e.message);`
			`} else {`
			`sendError(res, 500, GENERIC_CODE, e.message);`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`}`
			`}`

			`function route(router, method, path, routeHandler) {`
			`router[method](path, checkEtapiAuth, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));`
			`}`

Rate limit the /auth/login route of ETAPI 2022-08-22 11:50:58 +02:00			`function NOT_AUTHENTICATED_ROUTE(router, method, path, middleware, routeHandler) {`
			`router[method](path, ...middleware, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`

			`function getAndCheckNote(noteId) {`
			`const note = becca.getNote(noteId);`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`if (note) {`
			`return note;`
			`}`
			`else {`
attachment ETAPI support WIP 2023-06-05 09:23:42 +02:00			throw new EtapiError(404, "NOTE_NOT_FOUND", `Note '${noteId}' not found.`);
			`}`
			`}`

			`function getAndCheckAttachment(attachmentId) {`
			`const attachment = becca.getAttachment(attachmentId, {includeContentLength: true});`

			`if (attachment) {`
			`return attachment;`
			`}`
			`else {`
			throw new EtapiError(404, "ATTACHMENT_NOT_FOUND", `Attachment '${attachmentId}' not found.`);
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`

			`function getAndCheckBranch(branchId) {`
			`const branch = becca.getBranch(branchId);`

			`if (branch) {`
			`return branch;`
			`}`
			`else {`
attachment ETAPI support WIP 2023-06-05 09:23:42 +02:00			throw new EtapiError(404, "BRANCH_NOT_FOUND", `Branch '${branchId}' not found.`);
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`

			`function getAndCheckAttribute(attributeId) {`
			`const attribute = becca.getAttribute(attributeId);`

			`if (attribute) {`
			`return attribute;`
			`}`
			`else {`
attachment ETAPI support WIP 2023-06-05 09:23:42 +02:00			throw new EtapiError(404, "ATTRIBUTE_NOT_FOUND", `Attribute '${attributeId}' not found.`);
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`

etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`function validateAndPatch(target, source, allowedProperties) {`
			`for (const key of Object.keys(source)) {`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`if (!(key in allowedProperties)) {`
etapi fix misleading error message 2022-07-10 22:09:13 +02:00			throw new EtapiError(400, "PROPERTY_NOT_ALLOWED", `Property '${key}' is not allowed for this method.`);
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`else {`
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`for (const validator of allowedProperties[key]) {`
			`const validationResult = validator(source[key]);`

			`if (validationResult) {`
attachment ETAPI support WIP 2023-06-05 09:23:42 +02:00			throw new EtapiError(400, "PROPERTY_VALIDATION_ERROR", `Validation failed on property '${key}': ${validationResult}.`);
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`}`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`
			`}`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`// validation passed, let's patch`
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`for (const propName of Object.keys(source)) {`
			`target[propName] = source[propName];`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`}`
			`}`

			`module.exports = {`
			`EtapiError,`
			`sendError,`
			`route,`
ETAPI auth, spec improvements etc. 2022-01-10 17:09:20 +01:00			`NOT_AUTHENTICATED_ROUTE,`
ETAPI delete/patch, refactoring 2022-01-07 19:33:59 +01:00			`GENERIC_CODE,`
			`validateAndPatch,`
			`getAndCheckNote,`
			`getAndCheckBranch,`
attachment ETAPI support WIP 2023-06-05 09:23:42 +02:00			`getAndCheckAttribute,`
			`getAndCheckAttachment`
add memberId to entity_changes to avoid having to resend all changes second time 2022-01-09 20:16:39 +01:00			`}`