src/services/utils.js

"use strict";

const crypto = require('crypto');
const randtoken = require('rand-token').generator({source: 'crypto'});
const unescape = require('unescape');
const escape = require('escape-html');
const sanitize = require("sanitize-filename");
const mimeTypes = require('mime-types');

function newEntityId() {
    return randomString(12);
}

function randomString(length) {
    return randtoken.generate(length);
}

function randomSecureToken(bytes = 32) {
    return crypto.randomBytes(bytes).toString('base64');
}

function md5(content) {
    return crypto.createHash('md5').update(content).digest('hex');
}

function toBase64(plainText) {
    return Buffer.from(plainText).toString('base64');
}

function fromBase64(encodedText) {
    return Buffer.from(encodedText, 'base64');
}

function hmac(secret, value) {
    const hmac = crypto.createHmac('sha256', Buffer.from(secret.toString(), 'ASCII'));
    hmac.update(value.toString());
    return hmac.digest('base64');
}

function isElectron() {
    return !!process.versions['electron'];
}

function hash(text) {
    return crypto.createHash('sha1').update(text).digest('base64');
}

function isEmptyOrWhitespace(str) {
    return str === null || str.match(/^ *$/) !== null;
}

function sanitizeSql(str) {
    // should be improved or usage eliminated
    return str.replace(/'/g, "''");
}

function sanitizeSqlIdentifier(str) {
    return str.replace(/[^A-Za-z0-9_]/g, "");
}

function prepareSqlForLike(prefix, str, suffix) {
    const value = str
        .replace(/\\/g, "\\\\")
        .replace(/'/g, "''")
        .replace(/_/g, "\\_")
        .replace(/%/g, "\\%");

    return `'${prefix}${value}${suffix}' ESCAPE '\\'`;
}

async function stopWatch(what, func) {
    const start = new Date();

    const ret = await func();

    const tookMs = Date.now() - start.getTime();

    console.log(`${what} took ${tookMs}ms`);

    return ret;
}

function escapeHtml(str) {
    return escape(str);
}

function unescapeHtml(str) {
    return unescape(str);
}

function toObject(array, fn) {
    const obj = {};

    for (const item of array) {
        const ret = fn(item);

        obj[ret[0]] = ret[1];
    }

    return obj;
}

function stripTags(text) {
    return text.replace(/<(?:.|\n)*?>/gm, '');
}

function intersection(a, b) {
    return a.filter(value => b.indexOf(value) !== -1);
}

function union(a, b) {
    const obj = {};

    for (let i = a.length-1; i >= 0; i--) {
        obj[a[i]] = a[i];
    }

    for (let i = b.length-1; i >= 0; i--) {
        obj[b[i]] = b[i];
    }

    const res = [];

    for (const k in obj) {
        if (obj.hasOwnProperty(k)) { // <-- optional
            res.push(obj[k]);
        }
    }

    return res;
}

function escapeRegExp(str) {
    return str.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1");
}

function crash() {
    if (isElectron()) {
        require('electron').app.exit(1);
    }
    else {
        process.exit(1);
    }
}

function sanitizeFilenameForHeader(filename) {
    let sanitizedFilename = sanitize(filename);

    if (sanitizedFilename.trim().length === 0) {
        sanitizedFilename = "file";
    }

    return encodeURIComponent(sanitizedFilename)
}

function getContentDisposition(filename) {
    const sanitizedFilename = sanitizeFilenameForHeader(filename);

    return `file; filename="${sanitizedFilename}"; filename*=UTF-8''${sanitizedFilename}`;
}

const STRING_MIME_TYPES = ["application/x-javascript", "image/svg+xml"];

function isStringNote(type, mime) {
    return ["text", "code", "relation-map", "search"].includes(type)
        || mime.startsWith('text/')
        || STRING_MIME_TYPES.includes(mime);
}

function quoteRegex(url) {
    return url.replace(/[.*+\-?^${}()|[\]\\]/g, '\\$&');
}

function replaceAll(string, replaceWhat, replaceWith) {
    const quotedReplaceWhat = quoteRegex(replaceWhat);

    return string.replace(new RegExp(quotedReplaceWhat, "g"), replaceWith);
}

function formatDownloadTitle(filename, type, mime) {
    if (!filename) {
        filename = "untitled";
    }

    if (type === 'text') {
        return filename + '.html';
    } else if (['relation-map', 'search'].includes(type)) {
        return filename + '.json';
    } else {
        if (!mime) {
            return filename;
        }

        mime = mime.toLowerCase();
        const filenameLc = filename.toLowerCase();
        const extensions = mimeTypes.extensions[mime];

        if (!extensions || extensions.length === 0) {
            return filename;
        }

        for (const ext of extensions) {
            if (filenameLc.endsWith('.' + ext)) {
                return filename;
            }
        }

        if (mime === 'application/octet-stream') {
            // we didn't find any good guess for this one, it will be better to just return
            // the current name without fake extension. It's possible that the title still preserves to correct
            // extension too

            return filename;
        }

        return filename + '.' + extensions[0];
    }
}

function timeLimit(promise, limitMs) {
    return new Promise((res, rej) => {
        let resolved = false;

        promise.then(() => {
            resolved = true;

            res();
        });

        setTimeout(() => {
            if (!resolved) {
                rej(new Error('Process exceeded time limit ' + limitMs));
            }
        }, limitMs);
    });
}

module.exports = {
    randomSecureToken,
    randomString,
    md5,
    newEntityId,
    toBase64,
    fromBase64,
    hmac,
    isElectron,
    hash,
    isEmptyOrWhitespace,
    sanitizeSql,
    sanitizeSqlIdentifier,
    prepareSqlForLike,
    stopWatch,
    escapeHtml,
    unescapeHtml,
    toObject,
    stripTags,
    intersection,
    union,
    escapeRegExp,
    crash,
    sanitizeFilenameForHeader,
    getContentDisposition,
    isStringNote,
    quoteRegex,
    replaceAll,
    formatDownloadTitle,
    timeLimit
};
use strict in all JS files 2017-10-21 21:10:33 -04:00			`"use strict";`

added document_secret as basis for API authentication 2017-10-28 19:55:55 -04:00			`const crypto = require('crypto');`
make sure entity IDs are generated only with alphanumeric characters (base62) 2017-12-09 20:44:06 -05:00			`const randtoken = require('rand-token').generator({source: 'crypto'});`
Script API changes, finished porting reddit plugin, reddit importer tar file 2018-02-26 20:47:34 -05:00			`const unescape = require('unescape');`
enex import recognizes images, media references are converted to links 2018-11-05 12:52:50 +01:00			`const escape = require('escape-html');`
fixed export with non-ASCII characters in note title, fixes #285, #331 2019-01-13 10:22:17 +01:00			`const sanitize = require("sanitize-filename");`
attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`const mimeTypes = require('mime-types');`
added document_secret as basis for API authentication 2017-10-28 19:55:55 -04:00
simplified new entity ID allocation 2018-04-02 20:30:00 -04:00			`function newEntityId() {`
added support for trilium-sender 2018-02-11 00:18:59 -05:00			`return randomString(12);`
			`}`

added document_id for sync identification 2017-10-28 13:19:12 -04:00			`function randomString(length) {`
make sure entity IDs are generated only with alphanumeric characters (base62) 2017-12-09 20:44:06 -05:00			`return randtoken.generate(length);`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`}`

added document_secret as basis for API authentication 2017-10-28 19:55:55 -04:00			`function randomSecureToken(bytes = 32) {`
"sync now" button 2017-10-29 11:22:41 -04:00			`return crypto.randomBytes(bytes).toString('base64');`
added document_secret as basis for API authentication 2017-10-28 19:55:55 -04:00			`}`

enex import recognizes images, media references are converted to links 2018-11-05 12:52:50 +01:00			`function md5(content) {`
			`return crypto.createHash('md5').update(content).digest('hex');`
			`}`

backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`function toBase64(plainText) {`
			`return Buffer.from(plainText).toString('base64');`
			`}`

			`function fromBase64(encodedText) {`
			`return Buffer.from(encodedText, 'base64');`
			`}`

fixes for sync 2017-10-29 14:55:48 -04:00			`function hmac(secret, value) {`
			`const hmac = crypto.createHmac('sha256', Buffer.from(secret.toString(), 'ASCII'));`
			`hmac.update(value.toString());`
			`return hmac.digest('base64');`
			`}`

some tweaks mainly for electron support 2017-11-05 17:58:55 -05:00			`function isElectron() {`
			`return !!process.versions['electron'];`
			`}`

added content hash check 2017-11-21 22:11:27 -05:00			`function hash(text) {`
			`return crypto.createHash('sha1').update(text).digest('base64');`
			`}`

sync fix to prefix and some usability improvements 2017-11-26 23:10:23 -05:00			`function isEmptyOrWhitespace(str) {`
			`return str === null \|\| str.match(/^ *$/) !== null;`
			`}`

cleanup of soft deleted items vacuuming database consolidation of "advanced" operations in settings 2017-12-23 09:35:00 -05:00			`function sanitizeSql(str) {`
			`// should be improved or usage eliminated`
refactoring of router search code into service 2019-03-16 22:19:01 +01:00			`return str.replace(/'/g, "''");`
			`}`

implemented sync hash check recovery process 2019-12-18 22:58:30 +01:00			`function sanitizeSqlIdentifier(str) {`
sync recovery fixes 2019-12-24 16:00:31 +01:00			`return str.replace(/[^A-Za-z0-9_]/g, "");`
implemented sync hash check recovery process 2019-12-18 22:58:30 +01:00			`}`

refactoring of router search code into service 2019-03-16 22:19:01 +01:00			`function prepareSqlForLike(prefix, str, suffix) {`
			`const value = str`
			`.replace(/\\/g, "\\\\")`
			`.replace(/'/g, "''")`
			`.replace(/_/g, "\\_")`
			`.replace(/%/g, "\\%");`

			return `'${prefix}${value}${suffix}' ESCAPE '\\'`;
cleanup of soft deleted items vacuuming database consolidation of "advanced" operations in settings 2017-12-23 09:35:00 -05:00			`}`

reddit plugin refactoring, performance improvemnts etc. 2018-01-13 15:25:09 -05:00			`async function stopWatch(what, func) {`
			`const start = new Date();`

measuring how much time does autocomplete building takes 2018-01-22 23:18:08 -05:00			`const ret = await func();`
reddit plugin refactoring, performance improvemnts etc. 2018-01-13 15:25:09 -05:00
progress of tar import through WS 2019-02-10 16:36:25 +01:00			`const tookMs = Date.now() - start.getTime();`
reddit plugin refactoring, performance improvemnts etc. 2018-01-13 15:25:09 -05:00
			console.log(`${what} took ${tookMs}ms`);
measuring how much time does autocomplete building takes 2018-01-22 23:18:08 -05:00
			`return ret;`
reddit plugin refactoring, performance improvemnts etc. 2018-01-13 15:25:09 -05:00			`}`

enex import recognizes images, media references are converted to links 2018-11-05 12:52:50 +01:00			`function escapeHtml(str) {`
			`return escape(str);`
			`}`

Script API changes, finished porting reddit plugin, reddit importer tar file 2018-02-26 20:47:34 -05:00			`function unescapeHtml(str) {`
			`return unescape(str);`
			`}`

refactoring of getModules function 2018-03-04 12:06:35 -05:00			`function toObject(array, fn) {`
			`const obj = {};`

			`for (const item of array) {`
			`const ret = fn(item);`

			`obj[ret[0]] = ret[1];`
			`}`

			`return obj;`
			`}`

OPML export support (issue #78), import missing for now 2018-05-27 12:26:34 -04:00			`function stripTags(text) {`
			`return text.replace(/<(?:.\|\n)*?>/gm, '');`
			`}`

new UI for search, closes #108 (still needs cleanup) 2018-06-03 20:42:25 -04:00			`function intersection(a, b) {`
			`return a.filter(value => b.indexOf(value) !== -1);`
			`}`

			`function union(a, b) {`
			`const obj = {};`

			`for (let i = a.length-1; i >= 0; i--) {`
			`obj[a[i]] = a[i];`
			`}`

			`for (let i = b.length-1; i >= 0; i--) {`
			`obj[b[i]] = b[i];`
			`}`

			`const res = [];`

			`for (const k in obj) {`
			`if (obj.hasOwnProperty(k)) { // <-- optional`
			`res.push(obj[k]);`
			`}`
			`}`

			`return res;`
			`}`

finished jump to autocomplete, now with token highlighting, #203 2018-11-07 09:35:29 +01:00			`function escapeRegExp(str) {`
			`return str.replace(/([.*+?^=!:${}()\|\[\]\/\\])/g, "\\$1");`
			`}`

fixed app termination after unsuccessful migration for electron 2018-11-18 09:05:50 +01:00			`function crash() {`
			`if (isElectron()) {`
			`require('electron').app.exit(1);`
			`}`
			`else {`
			`process.exit(1);`
			`}`
			`}`

fixed export with non-ASCII characters in note title, fixes #285, #331 2019-01-13 10:22:17 +01:00			`function sanitizeFilenameForHeader(filename) {`
			`let sanitizedFilename = sanitize(filename);`

			`if (sanitizedFilename.trim().length === 0) {`
			`sanitizedFilename = "file";`
			`}`

			`return encodeURIComponent(sanitizedFilename)`
			`}`

			`function getContentDisposition(filename) {`
			`const sanitizedFilename = sanitizeFilenameForHeader(filename);`

			return `file; filename="${sanitizedFilename}"; filename*=UTF-8''${sanitizedFilename}`;
			`}`

local image storage fixes 2020-03-25 18:21:55 +01:00			`const STRING_MIME_TYPES = ["application/x-javascript", "image/svg+xml"];`
moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00
			`function isStringNote(type, mime) {`
			`return ["text", "code", "relation-map", "search"].includes(type)`
			`\|\| mime.startsWith('text/')`
			`\|\| STRING_MIME_TYPES.includes(mime);`
			`}`

attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`function quoteRegex(url) {`
			`return url.replace(/[.*+\-?^${}()\|[\]\\]/g, '\\$&');`
			`}`

fixes for web clipper 2020-04-02 22:55:11 +02:00			`function replaceAll(string, replaceWhat, replaceWith) {`
attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`const quotedReplaceWhat = quoteRegex(replaceWhat);`

			`return string.replace(new RegExp(quotedReplaceWhat, "g"), replaceWith);`
			`}`

			`function formatDownloadTitle(filename, type, mime) {`
			`if (!filename) {`
			`filename = "untitled";`
			`}`

			`if (type === 'text') {`
			`return filename + '.html';`
			`} else if (['relation-map', 'search'].includes(type)) {`
			`return filename + '.json';`
			`} else {`
			`if (!mime) {`
			`return filename;`
			`}`

			`mime = mime.toLowerCase();`
			`const filenameLc = filename.toLowerCase();`
			`const extensions = mimeTypes.extensions[mime];`

			`if (!extensions \|\| extensions.length === 0) {`
			`return filename;`
			`}`
fixes for web clipper 2020-04-02 22:55:11 +02:00
attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`for (const ext of extensions) {`
			`if (filenameLc.endsWith('.' + ext)) {`
			`return filename;`
			`}`
			`}`

better fallback for resolving filenames of binary attachments 2020-06-05 10:40:35 +02:00			`if (mime === 'application/octet-stream') {`
			`// we didn't find any good guess for this one, it will be better to just return`
			`// the current name without fake extension. It's possible that the title still preserves to correct`
			`// extension too`

			`return filename;`
			`}`

attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`return filename + '.' + extensions[0];`
			`}`
fixes for web clipper 2020-04-02 22:55:11 +02:00			`}`

opening transactions only on write operations which enforces exclusive lock only there to improve concurrency, custom handling of sync request timeouts, #1093, #1018 2020-06-13 10:23:36 +02:00			`function timeLimit(promise, limitMs) {`
			`return new Promise((res, rej) => {`
			`let resolved = false;`

			`promise.then(() => {`
			`resolved = true;`

			`res();`
			`});`

			`setTimeout(() => {`
			`if (!resolved) {`
			`rej(new Error('Process exceeded time limit ' + limitMs));`
			`}`
			`}, limitMs);`
			`});`
			`}`

backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`module.exports = {`
added document_secret as basis for API authentication 2017-10-28 19:55:55 -04:00			`randomSecureToken,`
shortening of noteIds to 12 characters 2017-10-28 12:12:20 -04:00			`randomString,`
enex import recognizes images, media references are converted to links 2018-11-05 12:52:50 +01:00			`md5,`
simplified new entity ID allocation 2018-04-02 20:30:00 -04:00			`newEntityId,`
backend ported to node.js (work in progress) 2017-10-14 23:31:44 -04:00			`toBase64,`
fixes for sync 2017-10-29 14:55:48 -04:00			`fromBase64,`
more granular detection of changes which forces less disruptive realoding. Refactoring of audit functions 2017-11-05 10:41:54 -05:00			`hmac,`
sync debugging tweaks etc. 2017-11-05 21:56:42 -05:00			`isElectron,`
sync fix to prefix and some usability improvements 2017-11-26 23:10:23 -05:00			`hash,`
db anonymization implementation 2017-12-16 00:05:37 -05:00			`isEmptyOrWhitespace,`
image sync 2018-01-06 15:56:00 -05:00			`sanitizeSql,`
implemented sync hash check recovery process 2019-12-18 22:58:30 +01:00			`sanitizeSqlIdentifier,`
refactoring of router search code into service 2019-03-16 22:19:01 +01:00			`prepareSqlForLike,`
Script API changes, finished porting reddit plugin, reddit importer tar file 2018-02-26 20:47:34 -05:00			`stopWatch,`
enex import recognizes images, media references are converted to links 2018-11-05 12:52:50 +01:00			`escapeHtml,`
refactoring of getModules function 2018-03-04 12:06:35 -05:00			`unescapeHtml,`
OPML export support (issue #78), import missing for now 2018-05-27 12:26:34 -04:00			`toObject,`
new UI for search, closes #108 (still needs cleanup) 2018-06-03 20:42:25 -04:00			`stripTags,`
			`intersection,`
finished jump to autocomplete, now with token highlighting, #203 2018-11-07 09:35:29 +01:00			`union,`
fixed app termination after unsuccessful migration for electron 2018-11-18 09:05:50 +01:00			`escapeRegExp,`
fixed export with non-ASCII characters in note title, fixes #285, #331 2019-01-13 10:22:17 +01:00			`crash,`
			`sanitizeFilenameForHeader,`
moving out note revision content into separate table, refactoring, WIP 2019-10-31 21:58:34 +01:00			`getContentDisposition,`
fixes for web clipper 2020-04-02 22:55:11 +02:00			`isStringNote,`
attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`quoteRegex,`
			`replaceAll,`
opening transactions only on write operations which enforces exclusive lock only there to improve concurrency, custom handling of sync request timeouts, #1093, #1018 2020-06-13 10:23:36 +02:00			`formatDownloadTitle,`
			`timeLimit`
attach extension to download file if note present 2020-05-12 10:28:31 +02:00			`};`