mirror of
https://github.com/zadam/trilium.git
synced 2025-10-31 02:16:05 +01:00
more complete support for network-less electron frontend-backend communication including protected session
This commit is contained in:
azivner
12
app.js
12
app.js
@@ -80,16 +80,24 @@ if (utils.isElectron()) {
|
||||
req.url = arg.url;
|
||||
req.method = arg.method;
|
||||
req.body = arg.data;
|
||||
req.headers = {};
|
||||
req.headers = arg.headers;
|
||||
|
||||
const res = {
|
||||
statusCode: 200
|
||||
};
|
||||
|
||||
const res = {};
|
||||
res.setHeader = function() {
|
||||
|
||||
};
|
||||
|
||||
res.status = function(statusCode) {
|
||||
res.statusCode = statusCode;
|
||||
};
|
||||
|
||||
res.send = function(obj) {
|
||||
event.sender.send('server-response', {
|
||||
requestId: arg.requestId,
|
||||
statusCode: res.statusCode,
|
||||
body: obj
|
||||
});
|
||||
};
|
||||
|
||||
@@ -24,13 +24,13 @@ $(document).bind('keydown', 'alt+t', () => {
|
||||
});
|
||||
|
||||
$(document).bind('keydown', 'f5', () => {
|
||||
window.location.reload(true);
|
||||
reloadApp();
|
||||
|
||||
return false;
|
||||
});
|
||||
|
||||
$(document).bind('keydown', 'ctrl+r', () => {
|
||||
window.location.reload(true);
|
||||
reloadApp();
|
||||
|
||||
return false;
|
||||
});
|
||||
|
||||
@@ -625,6 +625,6 @@ const noteTree = (function() {
|
||||
createNewTopLevelNote,
|
||||
createNote,
|
||||
setPrefix,
|
||||
getNotePathTitle
|
||||
|
||||
};
|
||||
})();
|
||||
@@ -10,8 +10,8 @@ const protected_session = (function() {
|
||||
let protectedSessionTimeout = null;
|
||||
let protectedSessionId = null;
|
||||
|
||||
server.get('settings/all').then(settings => {
|
||||
protectedSessionTimeout = settings.protected_session_timeout;
|
||||
$(document).ready(() => {
|
||||
server.get('settings/all').then(settings => protectedSessionTimeout = settings.protected_session_timeout);
|
||||
});
|
||||
|
||||
function setProtectedSessionTimeout(encSessTimeout) {
|
||||
@@ -57,7 +57,6 @@ const protected_session = (function() {
|
||||
}
|
||||
|
||||
protectedSessionId = response.protectedSessionId;
|
||||
server.initAjax();
|
||||
|
||||
dialogEl.dialog("close");
|
||||
|
||||
@@ -96,11 +95,9 @@ const protected_session = (function() {
|
||||
function resetProtectedSession() {
|
||||
protectedSessionId = null;
|
||||
|
||||
server.initAjax();
|
||||
|
||||
// most secure solution - guarantees nothing remained in memory
|
||||
// since this expires because user doesn't use the app, it shouldn't be disruptive
|
||||
window.location.reload(true);
|
||||
reloadApp();
|
||||
}
|
||||
|
||||
function isProtectedSessionAvailable() {
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
const server = (function() {
|
||||
function initAjax() {
|
||||
$.ajaxSetup({
|
||||
headers: {
|
||||
'x-protected-session-id': typeof protected_session !== 'undefined' ? protected_session.getProtectedSessionId() : null
|
||||
}
|
||||
});
|
||||
function getHeaders() {
|
||||
return {
|
||||
'x-protected-session-id': protected_session.getProtectedSessionId()
|
||||
};
|
||||
}
|
||||
|
||||
async function get(url) {
|
||||
@@ -34,8 +32,11 @@ const server = (function() {
|
||||
return new Promise((resolve, reject) => {
|
||||
reqResolves[requestId] = resolve;
|
||||
|
||||
console.log("Request #" + requestId + " to " + method + " " + url);
|
||||
|
||||
ipc.send('server-request', {
|
||||
requestId: requestId,
|
||||
headers: getHeaders(),
|
||||
method: method,
|
||||
url: "/" + baseApiUrl + url,
|
||||
data: data
|
||||
@@ -51,14 +52,19 @@ const server = (function() {
|
||||
const ipc = require('electron').ipcRenderer;
|
||||
|
||||
ipc.on('server-response', (event, arg) => {
|
||||
console.log("Response #" + arg.requestId + ": " + arg.statusCode);
|
||||
|
||||
reqResolves[arg.requestId](arg.body);
|
||||
|
||||
delete reqResolves[arg.requestId];
|
||||
});
|
||||
}
|
||||
|
||||
async function ajax(url, method, data) {
|
||||
const options = {
|
||||
url: baseApiUrl + url,
|
||||
type: method
|
||||
type: method,
|
||||
headers: getHeaders()
|
||||
};
|
||||
|
||||
if (data) {
|
||||
@@ -71,14 +77,10 @@ const server = (function() {
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
initAjax();
|
||||
|
||||
return {
|
||||
get,
|
||||
post,
|
||||
put,
|
||||
remove,
|
||||
initAjax
|
||||
remove
|
||||
}
|
||||
})();
|
||||
@@ -1,5 +1,9 @@
|
||||
"use strict";
|
||||
|
||||
function reloadApp() {
|
||||
window.location.reload(true);
|
||||
}
|
||||
|
||||
function showMessage(message) {
|
||||
console.log("message: ", message);
|
||||
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
"use strict";
|
||||
|
||||
const utils = require('./utils');
|
||||
const session = {};
|
||||
|
||||
function setDataKey(req, decryptedDataKey) {
|
||||
req.session.decryptedDataKey = Array.from(decryptedDataKey); // can't store buffer in session
|
||||
req.session.protectedSessionId = utils.randomSecureToken(32);
|
||||
session.decryptedDataKey = Array.from(decryptedDataKey); // can't store buffer in session
|
||||
session.protectedSessionId = utils.randomSecureToken(32);
|
||||
|
||||
return req.session.protectedSessionId;
|
||||
return session.protectedSessionId;
|
||||
}
|
||||
|
||||
function getProtectedSessionId(req) {
|
||||
@@ -16,8 +17,8 @@ function getProtectedSessionId(req) {
|
||||
function getDataKey(req) {
|
||||
const protectedSessionId = getProtectedSessionId(req);
|
||||
|
||||
if (protectedSessionId && req.session.protectedSessionId === protectedSessionId) {
|
||||
return req.session.decryptedDataKey;
|
||||
if (protectedSessionId && session.protectedSessionId === protectedSessionId) {
|
||||
return session.decryptedDataKey;
|
||||
}
|
||||
else {
|
||||
return null;
|
||||
@@ -27,7 +28,7 @@ function getDataKey(req) {
|
||||
function isProtectedSessionAvailable(req) {
|
||||
const protectedSessionId = getProtectedSessionId(req);
|
||||
|
||||
return protectedSessionId && req.session.protectedSessionId === protectedSessionId;
|
||||
return protectedSessionId && session.protectedSessionId === protectedSessionId;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
||||
Reference in New Issue
Block a user