services/auth.js

"use strict";

const migration = require('./migration');
const sql = require('./sql');
const utils = require('./utils');

async function checkAuth(req, res, next) {
    if (!await sql.isUserInitialized()) {
        res.redirect("setup");
    }
    else if (!req.session.loggedIn && !utils.isElectron()) {
        res.redirect("login");
    }
    else if (!await sql.isDbUpToDate()) {
        res.redirect("migration");
    }
    else {
        next();
    }
}

async function checkAuthForMigrationPage(req, res, next) {
    if (!req.session.loggedIn && !utils.isElectron()) {
        res.redirect("login");
    }
    else {
        next();
    }
}

async function checkApiAuth(req, res, next) {
    if (!req.session.loggedIn) {
        res.status(401).send("Not authorized");
    }
    else if (await sql.isDbUpToDate()) {
        next();
    }
    else {
        res.status(409).send("Mismatched app versions"); // need better response than that
    }
}

async function checkApiAuthForMigrationPage(req, res, next) {
    if (!req.session.loggedIn) {
        res.status(401).send("Not authorized");
    }
    else {
        next();
    }
}

async function checkAppNotInitialized(req, res, next) {
    if (await sql.isUserInitialized()) {
        res.status(400).send("App already initialized.");
    }
    else {
        next();
    }
}

module.exports = {
    checkAuth,
    checkAuthForMigrationPage,
    checkApiAuth,
    checkApiAuthForMigrationPage,
    checkAppNotInitialized
};
use strict in all JS files 2017-10-21 21:10:33 -04:00			`"use strict";`

sync WIP 2017-10-25 22:39:21 -04:00			`const migration = require('./migration');`
converted all timestamps to string representation 2017-12-10 12:56:59 -05:00			`const sql = require('./sql');`
some tweaks mainly for electron support 2017-11-05 17:58:55 -05:00			`const utils = require('./utils');`
sync WIP 2017-10-25 22:39:21 -04:00
			`async function checkAuth(req, res, next) {`
refactored detection of whether user is initialized 2017-12-27 18:23:24 -05:00			`if (!await sql.isUserInitialized()) {`
implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`res.redirect("setup");`
			`}`
			`else if (!req.session.loggedIn && !utils.isElectron()) {`
node authentication 2017-10-15 16:32:49 -04:00			`res.redirect("login");`
sync WIP 2017-10-25 22:39:21 -04:00			`}`
converted all timestamps to string representation 2017-12-10 12:56:59 -05:00			`else if (!await sql.isDbUpToDate()) {`
implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`res.redirect("migration");`
node authentication 2017-10-15 16:32:49 -04:00			`}`
sync WIP 2017-10-25 22:39:21 -04:00			`else {`
implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`next();`
sync WIP 2017-10-25 22:39:21 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00			`}`

separated electron routing into separate file 2017-11-30 20:51:35 -05:00			`async function checkAuthForMigrationPage(req, res, next) {`
some tweaks mainly for electron support 2017-11-05 17:58:55 -05:00			`if (!req.session.loggedIn && !utils.isElectron()) {`
separate sync for pull (implemented) and push (not yet) 2017-10-26 20:31:31 -04:00			`res.redirect("login");`
			`}`
			`else {`
			`next();`
			`}`
			`}`

sync WIP 2017-10-25 22:39:21 -04:00			`async function checkApiAuth(req, res, next) {`
even though trilium APIs are still exposed in electron, they require login if not called directly from electron 2017-11-30 23:29:21 -05:00			`if (!req.session.loggedIn) {`
sync fixes 2017-10-31 20:09:07 -04:00			`res.status(401).send("Not authorized");`
sync WIP 2017-10-25 22:39:21 -04:00			`}`
converted all timestamps to string representation 2017-12-10 12:56:59 -05:00			`else if (await sql.isDbUpToDate()) {`
node authentication 2017-10-15 16:32:49 -04:00			`next();`
			`}`
sync WIP 2017-10-25 22:39:21 -04:00			`else {`
sync fixes 2017-10-31 20:09:07 -04:00			`res.status(409).send("Mismatched app versions"); // need better response than that`
sync WIP 2017-10-25 22:39:21 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00			`}`

separated electron routing into separate file 2017-11-30 20:51:35 -05:00			`async function checkApiAuthForMigrationPage(req, res, next) {`
even though trilium APIs are still exposed in electron, they require login if not called directly from electron 2017-11-30 23:29:21 -05:00			`if (!req.session.loggedIn) {`
sync fixes 2017-10-31 20:09:07 -04:00			`res.status(401).send("Not authorized");`
separate sync for pull (implemented) and push (not yet) 2017-10-26 20:31:31 -04:00			`}`
			`else {`
			`next();`
			`}`
			`}`

implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`async function checkAppNotInitialized(req, res, next) {`
refactored detection of whether user is initialized 2017-12-27 18:23:24 -05:00			`if (await sql.isUserInitialized()) {`
implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`res.status(400).send("App already initialized.");`
			`}`
			`else {`
			`next();`
			`}`
			`}`

node authentication 2017-10-15 16:32:49 -04:00			`module.exports = {`
			`checkAuth,`
separated electron routing into separate file 2017-11-30 20:51:35 -05:00			`checkAuthForMigrationPage,`
separate sync for pull (implemented) and push (not yet) 2017-10-26 20:31:31 -04:00			`checkApiAuth,`
implemented initial setup of the app 2017-12-03 22:29:23 -05:00			`checkApiAuthForMigrationPage,`
			`checkAppNotInitialized`
node authentication 2017-10-15 16:32:49 -04:00			`};`