fix(deps): update dependency node-html-parser to v7.0.2

apps/client/src/index.html

@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-    <head>
-        <meta charset="utf-8">
-        <link rel="shortcut icon" href="favicon.ico">
-        <meta name="mobile-web-app-capable" content="yes">
-        <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
-        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, viewport-fit=cover, interactive-widget=resizes-content" />
-        <link rel="manifest" crossorigin="use-credentials" href="manifest.webmanifest">
-        <title>Trilium Notes</title>
-    </head>
-
-    <body id="trilium-app">
-        <noscript>Trilium requires JavaScript to be enabled.</noscript>
-
-        <div class="dropdown-menu dropdown-menu-sm" id="context-menu-container" style="display: none"></div>
-
-        <!-- Required to match the PWA's top bar color with the theme -->
-        <!-- This works even when the user directly changes --root-background in CSS -->
-        <div id="background-color-tracker" style="position: absolute; visibility: hidden; color: var(--root-background); transition: color 1ms;"></div>
-
-        <script src="./index.ts" type="module"></script>
-
-        <!-- Required for correct loading of scripts in Electron -->
-        <script>
-            if (typeof module === 'object') {window.module = module; module = undefined;}
-        </script>
-    </body>
-</html>

apps/client/src/index.ts

@@ -1,110 +0,0 @@
-async function bootstrap() {
-    showSplash();
-    await setupGlob();
-    await Promise.all([
-        initJQuery(),
-        loadBootstrapCss()
-    ]);
-    loadStylesheets();
-    loadIcons();
-    setBodyAttributes();
-    await loadScripts();
-    hideSplash();
-}
-
-async function initJQuery() {
-    const $ = (await import("jquery")).default;
-    window.$ = $;
-    window.jQuery = $;
-}
-
-async function setupGlob() {
-    const response = await fetch(`/bootstrap${window.location.search}`);
-    const json = await response.json();
-
-    window.global = globalThis; /* fixes https://github.com/webpack/webpack/issues/10035 */
-    window.glob = {
-        ...json,
-        activeDialog: null
-    };
-}
-
-async function loadBootstrapCss() {
-    // We have to selectively import Bootstrap CSS based on text direction.
-    if (glob.isRtl) {
-        await import("bootstrap/dist/css/bootstrap.rtl.min.css");
-    } else {
-        await import("bootstrap/dist/css/bootstrap.min.css");
-    }
-}
-
-function loadStylesheets() {
-    const { assetPath, themeCssUrl, themeUseNextAsBase } = window.glob;
-    const cssToLoad: string[] = [];
-    cssToLoad.push(`${assetPath}/stylesheets/ckeditor-theme.css`);
-    cssToLoad.push(`api/fonts`);
-    cssToLoad.push(`${assetPath}/stylesheets/theme-light.css`);
-    if (themeCssUrl) {
-        cssToLoad.push(themeCssUrl);
-    }
-    if (themeUseNextAsBase === "next") {
-        cssToLoad.push(`${assetPath}/stylesheets/theme-next.css`);
-    } else if (themeUseNextAsBase === "next-dark") {
-        cssToLoad.push(`${assetPath}/stylesheets/theme-next-dark.css`);
-    } else if (themeUseNextAsBase === "next-light") {
-        cssToLoad.push(`${assetPath}/stylesheets/theme-next-light.css`);
-    }
-    cssToLoad.push(`${assetPath}/stylesheets/style.css`);
-
-    for (const href of cssToLoad) {
-        const linkEl = document.createElement("link");
-        linkEl.href = href;
-        linkEl.rel = "stylesheet";
-        document.head.appendChild(linkEl);
-    }
-}
-
-function loadIcons() {
-    const styleEl = document.createElement("style");
-    styleEl.innerText = window.glob.iconPackCss;
-    document.head.appendChild(styleEl);
-}
-
-function setBodyAttributes() {
-    const { device, headingStyle, layoutOrientation, platform, isElectron, hasNativeTitleBar, hasBackgroundEffects, currentLocale } = window.glob;
-    const classesToSet = [
-        device,
-        `heading-style-${headingStyle}`,
-        `layout-${layoutOrientation}`,
-        `platform-${platform}`,
-        isElectron && "electron",
-        hasNativeTitleBar && "native-titlebar",
-        hasBackgroundEffects && "background-effects"
-    ].filter(Boolean) as string[];
-
-    for (const classToSet of classesToSet) {
-        document.body.classList.add(classToSet);
-    }
-
-    document.body.lang = currentLocale.id;
-    document.body.dir = currentLocale.rtl ? "rtl" : "ltr";
-}
-
-async function loadScripts() {
-    if (glob.device === "mobile") {
-        await import("./mobile.js");
-    } else {
-        await import("./desktop.js");
-    }
-}
-
-function showSplash() {
-    // hide body to reduce flickering on the startup. This is done through JS and not CSS to not hide <noscript>
-    document.body.style.display = "none";
-}
-
-function hideSplash() {
-    document.body.style.display = "block";
-}
-
-bootstrap();

apps/client/src/login.ts

@@ -1,7 +1,3 @@
-import "bootstrap/dist/css/bootstrap.min.css";
-
 // @ts-ignore - module = undefined
 // Required for correct loading of scripts in Electron
 if (typeof module === 'object') {window.module = module; module = undefined;}
-
-document.body.style.display = "block";

apps/client/src/runtime.ts

@@ -0,0 +1,15 @@
+import $ from "jquery";
+
+async function loadBootstrap() {
+    if (document.body.dir === "rtl") {
+        await import("bootstrap/dist/css/bootstrap.rtl.min.css");
+    } else {
+        await import("bootstrap/dist/css/bootstrap.min.css");
+    }
+}
+
+(window as any).$ = $;
+(window as any).jQuery = $;
+await loadBootstrap();
+
+$("body").show();

apps/client/src/types.d.ts

@@ -1,4 +1,4 @@
-import { IconRegistry, Locale } from "@triliumnext/commons";
+import { IconRegistry } from "@triliumnext/commons";
 
 import appContext, { AppContext } from "./components/app_context";
 import type FNote from "./entities/fnote";
@@ -47,25 +47,14 @@ interface CustomGlobals {
     platform?: typeof process.platform;
     linter: typeof lint;
     hasNativeTitleBar: boolean;
-    hasBackgroundEffects: boolean;
-    isElectron: boolean;
     isRtl: boolean;
     iconRegistry: IconRegistry;
-    themeCssUrl: string;
-    themeUseNextAsBase?: "next" | "next-light" | "next-dark";
-    iconPackCss: string;
-    headingStyle: "plain" | "underline" | "markdown";
-    layoutOrientation: "vertical" | "horizontal";
-    currentLocale: Locale;
 }
 
 type RequireMethod = (moduleName: string) => any;
 
 declare global {
     interface Window {
-        $: JQueryStatic;
-        jQuery: JQueryStatic;
-
         logError(message: string);
         logInfo(message: string);
 

apps/client/src/widgets/layout/StatusBar.tsx

@@ -338,19 +338,19 @@ interface AttributesProps extends StatusBarContext {
 function AttributesButton({ note, attributesShown, setAttributesShown }: AttributesProps) {
     const [ count, setCount ] = useState(note.attributes.length);
 
-    const getAttributeCount = useCallback((note: FNote) => {
+    const refreshCount = useCallback((note: FNote) => {
         return note.getAttributes().filter(a => !a.isAutoLink).length;
     }, []);
 
     // React to note changes.
     useEffect(() => {
-        setCount(getAttributeCount(note));
-    }, [ note, getAttributeCount ]);
+        setCount(refreshCount(note));
+    }, [ note, refreshCount ]);
 
     // React to changes in count.
     useTriliumEvent("entitiesReloaded", (({loadResults}) => {
         if (loadResults.getAttributeRows().some(attr => attributes.isAffecting(attr, note))) {
-            setCount(getAttributeCount(note));
+            setCount(refreshCount(note));
         }
     }));
 

apps/client/vite.config.mts

@@ -1,9 +1,9 @@
 /// <reference types='vitest' />
-import preact from "@preact/preset-vite";
-import { join } from 'path';
-import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
-import { defineConfig } from 'vite';
+import { join, resolve } from 'path';
+import { defineConfig, type Plugin } from 'vite';
 import { viteStaticCopy } from 'vite-plugin-static-copy'
+import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
+import preact from "@preact/preset-vite";
 
 const assets = [ "assets", "stylesheets", "fonts", "translations" ];
 
@@ -70,15 +70,21 @@ export default defineConfig(() => ({
         sourcemap: false,
         rollupOptions: {
             input: {
-                index: join(__dirname, "src", "index.html"),
+                desktop: join(__dirname, "src", "desktop.ts"),
+                mobile: join(__dirname, "src", "mobile.ts"),
                 login: join(__dirname, "src", "login.ts"),
                 setup: join(__dirname, "src", "setup.ts"),
                 set_password: join(__dirname, "src", "set_password.ts"),
+                runtime: join(__dirname, "src", "runtime.ts"),
                 print: join(__dirname, "src", "print.tsx")
             },
             output: {
+                entryFileNames: "src/[name].js",
+                chunkFileNames: "src/[name].js",
+                assetFileNames: "src/[name].[ext]",
                 manualChunks: {
-                    "ckeditor5": [ "@triliumnext/ckeditor5" ]
+                    "ckeditor5": [ "@triliumnext/ckeditor5" ],
+                    "boxicons": [ "../../node_modules/boxicons/css/boxicons.min.css" ]
                 },
             },
             onwarn(warning, rollupWarn) {

apps/server/package.json

@@ -31,7 +31,7 @@
   "dependencies": {
     "better-sqlite3": "12.5.0",
     "html-to-text": "9.0.5",
-    "node-html-parser": "7.0.1",
+    "node-html-parser": "7.0.2",
     "sucrase": "3.35.1"
   },
   "devDependencies": {

apps/server/src/assets/translations/en/server.json

@@ -220,6 +220,7 @@
     "password-confirmation": "Password confirmation",
     "button": "Set password"
   },
+  "javascript-required": "Trilium requires JavaScript to be enabled.",
   "setup": {
     "heading": "Trilium Notes setup",
     "new-document": "I'm a new user, and I want to create a new Trilium document for my notes",

apps/server/src/assets/views/desktop.ejs

@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <link rel="shortcut icon" href="favicon.ico">
+    <meta name="mobile-web-app-capable" content="yes">
+	  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
+	  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, viewport-fit=cover" />
+    <link rel="manifest" crossorigin="use-credentials" href="manifest.webmanifest">
+    <title>Trilium Notes</title>
+    <style id="trilium-icon-packs">
+      <%- iconPackCss %>
+    </style>
+    <script src="<%= appPath %>/runtime.js" crossorigin type="module"></script>
+</head>
+<body
+  id="trilium-app"
+  class="desktop heading-style-<%= headingStyle %> layout-<%= layoutOrientation %> platform-<%= platform %> <%= isElectron ? 'electron' : '' %> <%= hasNativeTitleBar ? 'native-titlebar' : '' %> <%= hasBackgroundEffects ? 'background-effects' : '' %>"
+  lang="<%= currentLocale.id %>" dir="<%= currentLocale.rtl ? 'rtl' : 'ltr' %>"
+>
+<noscript><%= t("javascript-required") %></noscript>
+
+<script>
+    // hide body to reduce flickering on the startup. This is done through JS and not CSS to not hide <noscript>
+    document.getElementsByTagName("body")[0].style.display = "none";
+</script>
+
+<div class="dropdown-menu dropdown-menu-sm" id="context-menu-container" style="display: none"></div>
+
+<%- include("./partials/windowGlobal.ejs", locals) %>
+
+<!-- Required for match the PWA's top bar color with the theme -->
+<!-- This works even when the user directly changes --root-background in CSS -->
+<div id="background-color-tracker" style="position: absolute; visibility: hidden; color: var(--root-background); transition: color 1ms;"></div>
+
+<!-- Required for correct loading of scripts in Electron -->
+<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>
+
+<link href="<%= assetPath %>/stylesheets/ckeditor-theme.css" rel="stylesheet">
+<link href="api/fonts" rel="stylesheet">
+<link href="<%= assetPath %>/stylesheets/theme-light.css" rel="stylesheet">
+
+<% if (themeCssUrl) { %>
+<link href="<%= themeCssUrl %>" rel="stylesheet">
+<% } %>
+
+<% if (themeUseNextAsBase === "next") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next.css" rel="stylesheet">
+<% } else if (themeUseNextAsBase === "next-dark") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next-dark.css" rel="stylesheet">
+<% } else if (themeUseNextAsBase === "next-light") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next-light.css" rel="stylesheet">
+<% } %>
+
+<link href="<%= assetPath %>/stylesheets/style.css" rel="stylesheet">
+
+<script src="<%= appPath %>/desktop.js" crossorigin type="module"></script>
+
+</body>
+</html>

apps/server/src/assets/views/login.ejs

@@ -15,6 +15,7 @@
     <link rel="stylesheet" href="<%= assetPath %>/stylesheets/theme-light.css">
     <link rel="stylesheet" href="<%= assetPath %>/stylesheets/theme-next.css">
     <link rel="stylesheet" href="<%= assetPath %>/stylesheets/style.css">
+    <script src="<%= appPath %>/runtime.js" crossorigin type="module"></script>
 </head>
 <body lang="<%= currentLocale.id %>" dir="<%= currentLocale.rtl ? 'rtl' : 'ltr' %>">
 <div class="container login-page">

apps/server/src/assets/views/mobile.ejs

@@ -0,0 +1,137 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <link rel="shortcut icon" href="favicon.ico">
+    <meta name="mobile-web-app-capable" content="yes">
+	<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, viewport-fit=cover, interactive-widget=resizes-content" />
+    <meta name="theme-color" content="#fff">
+    <title>Trilium Notes</title>
+    <link rel="manifest" crossorigin="use-credentials" href="manifest.webmanifest">
+
+    <style>
+        .lds-roller {
+            display: inline-block;
+            position: relative;
+            width: 80px;
+            height: 80px;
+        }
+        .lds-roller div {
+            animation: lds-roller 1.2s cubic-bezier(0.5, 0, 0.5, 1) infinite;
+            transform-origin: 40px 40px;
+        }
+        .lds-roller div:after {
+            content: " ";
+            display: block;
+            position: absolute;
+            width: 7px;
+            height: 7px;
+            border-radius: 50%;
+            background: #000;
+            margin: -4px 0 0 -4px;
+        }
+        .lds-roller div:nth-child(1) {
+            animation-delay: -0.036s;
+        }
+        .lds-roller div:nth-child(1):after {
+            top: 63px;
+            left: 63px;
+        }
+        .lds-roller div:nth-child(2) {
+            animation-delay: -0.072s;
+        }
+        .lds-roller div:nth-child(2):after {
+            top: 68px;
+            left: 56px;
+        }
+        .lds-roller div:nth-child(3) {
+            animation-delay: -0.108s;
+        }
+        .lds-roller div:nth-child(3):after {
+            top: 71px;
+            left: 48px;
+        }
+        .lds-roller div:nth-child(4) {
+            animation-delay: -0.144s;
+        }
+        .lds-roller div:nth-child(4):after {
+            top: 72px;
+            left: 40px;
+        }
+        .lds-roller div:nth-child(5) {
+            animation-delay: -0.18s;
+        }
+        .lds-roller div:nth-child(5):after {
+            top: 71px;
+            left: 32px;
+        }
+        .lds-roller div:nth-child(6) {
+            animation-delay: -0.216s;
+        }
+        .lds-roller div:nth-child(6):after {
+            top: 68px;
+            left: 24px;
+        }
+        .lds-roller div:nth-child(7) {
+            animation-delay: -0.252s;
+        }
+        .lds-roller div:nth-child(7):after {
+            top: 63px;
+            left: 17px;
+        }
+        .lds-roller div:nth-child(8) {
+            animation-delay: -0.288s;
+        }
+        .lds-roller div:nth-child(8):after {
+            top: 56px;
+            left: 12px;
+        }
+        @keyframes lds-roller {
+            0% {
+                transform: rotate(0deg);
+            }
+            100% {
+                transform: rotate(360deg);
+            }
+        }
+    </style>
+
+    <style id="trilium-icon-packs">
+      <%- iconPackCss %>
+    </style>
+    <script src="<%= appPath %>/runtime.js" crossorigin type="module"></script>
+</head>
+<body
+    class="mobile heading-style-<%= headingStyle %>"
+    lang="<%= currentLocale.id %>" dir="<%= currentLocale.rtl ? 'rtl' : 'ltr' %>"
+>
+<noscript><%= t("javascript-required") %></noscript>
+
+<div id="context-menu-cover"></div>
+
+<div class="dropdown-menu dropdown-menu-sm" id="context-menu-container"></div>
+
+<%- include("./partials/windowGlobal.ejs", locals) %>
+
+<script src="<%= appPath %>/mobile.js" crossorigin type="module"></script>
+
+<link href="api/fonts" rel="stylesheet">
+<link href="<%= assetPath %>/stylesheets/ckeditor-theme.css" rel="stylesheet">
+<link href="<%= assetPath %>/stylesheets/theme-light.css" rel="stylesheet">
+<% if (themeCssUrl) { %>
+    <link href="<%= themeCssUrl %>" rel="stylesheet">
+<% } %>
+
+<% if (themeUseNextAsBase === "next") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next.css" rel="stylesheet">
+<% } else if (themeUseNextAsBase === "next-dark") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next-dark.css" rel="stylesheet">
+<% } else if (themeUseNextAsBase === "next-light") { %>
+  <link href="<%= assetPath %>/stylesheets/theme-next-light.css" rel="stylesheet">
+<% } %>
+
+<link href="<%= assetPath %>/stylesheets/style.css" rel="stylesheet">
+
+</body>
+</html>

apps/server/src/assets/views/partials/windowGlobal.ejs

@@ -0,0 +1,25 @@
+<script type="text/javascript">
+    global = globalThis; /* fixes https://github.com/webpack/webpack/issues/10035 */
+
+    window.glob = {
+        device: "<%= device %>",
+        baseApiUrl: "<%= baseApiUrl %>",
+        activeDialog: null,
+        maxEntityChangeIdAtLoad: <%= maxEntityChangeIdAtLoad %>,
+        maxEntityChangeSyncIdAtLoad: <%= maxEntityChangeSyncIdAtLoad %>,
+        instanceName: '<%= instanceName %>',
+        csrfToken: '<%= csrfToken %>',
+        isDev: <%= isDev %>,
+        appCssNoteIds: <%- JSON.stringify(appCssNoteIds) %>,
+        isMainWindow: <%= isMainWindow %>,
+        isProtectedSessionAvailable: <%= isProtectedSessionAvailable %>,
+        triliumVersion: "<%= triliumVersion %>",
+        assetPath: "<%= assetPath %>",
+        appPath: "<%= appPath %>",
+        platform: "<%= platform %>",
+        hasNativeTitleBar: <%= hasNativeTitleBar %>,
+        TRILIUM_SAFE_MODE: <%= !!process.env.TRILIUM_SAFE_MODE %>,
+        isRtl: <%= !!currentLocale.rtl %>,
+        iconRegistry: <%- JSON.stringify(iconRegistry) %>
+    };
+</script>

apps/server/src/routes/assets.ts

@@ -1,13 +1,10 @@
 import express from "express";
-import rateLimit from "express-rate-limit";
 import { existsSync } from "fs";
 import path from "path";
 import type serveStatic from "serve-static";
 
 import { assetUrlFragment } from "../services/asset_path.js";
-import auth from "../services/auth.js";
 import { getResourceDir, isDev } from "../services/utils.js";
-import { doubleCsrfProtection as csrfMiddleware } from "./csrf_protection.js";
 
 const persistentCacheStatic = (root: string, options?: serveStatic.ServeStaticOptions<express.Response<unknown, Record<string, unknown>>>) => {
     if (!isDev) {
@@ -23,29 +20,19 @@ async function register(app: express.Application) {
     const srcRoot = path.join(__dirname, "..", "..");
     const resourceDir = getResourceDir();
 
-    const rootLimiter = rateLimit({
-        windowMs: 15 * 60 * 1000, // 15 minutes
-        max: 100 // limit each IP to 100 requests per windowMs
-    });
-
     if (process.env.NODE_ENV === "development") {
         const { createServer: createViteServer } = await import("vite");
         const clientDir = path.join(srcRoot, "../client");
         const vite = await createViteServer({
             server: { middlewareMode: true },
-            appType: "spa",
+            appType: "custom",
             cacheDir: path.join(srcRoot, "../../.cache/vite"),
             base: `/${assetUrlFragment}/`,
             root: clientDir,
             css: { devSourcemap: true }
         });
-        app.use(`/${assetUrlFragment}/`, vite.middlewares);
-        app.get(`/`, [ rootLimiter, auth.checkAuth, csrfMiddleware ], (req, res, next) => {
-            req.url = `/${assetUrlFragment}/src/index.html`;
-            vite.middlewares(req, res, next);
-        });
-        app.get(`/index.ts`, (req, res, next) => {
-            req.url = `/${assetUrlFragment}/src/index.ts`;
+        app.use(`/${assetUrlFragment}/`, (req, res, next) => {
+            req.url = `/${assetUrlFragment}${req.url}`;
             vite.middlewares(req, res, next);
         });
         app.use(`/node_modules/@excalidraw/excalidraw/dist/prod`, persistentCacheStatic(path.join(srcRoot, "../../node_modules/@excalidraw/excalidraw/dist/prod")));
@@ -55,14 +42,7 @@ async function register(app: express.Application) {
             throw new Error(`Public directory is missing at: ${path.resolve(publicDir)}`);
         }
 
-        app.get(`/`, [ rootLimiter, auth.checkAuth, csrfMiddleware ], (_, res) => {
-            // We force the page to not be cached since on mobile the CSRF token can be
-            // broken when closing the browser and coming back in to the page.
-            // The page is restored from cache, but the API call fail.
-            res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-            res.sendFile(path.join(publicDir, "src", "index.html"));
-        });
-        app.use("/assets", persistentCacheStatic(path.join(publicDir, "assets")));
+        app.use(`/${assetUrlFragment}/src`, persistentCacheStatic(path.join(publicDir, "src")));
         app.use(`/${assetUrlFragment}/stylesheets`, persistentCacheStatic(path.join(publicDir, "stylesheets")));
         app.use(`/${assetUrlFragment}/fonts`, persistentCacheStatic(path.join(publicDir, "fonts")));
         app.use(`/${assetUrlFragment}/translations/`, persistentCacheStatic(path.join(publicDir, "translations")));

apps/server/src/routes/index.ts

@@ -15,10 +15,10 @@ import sql from "../services/sql.js";
 import { isDev, isElectron, isWindows11 } from "../services/utils.js";
 import { generateToken as generateCsrfToken } from "./csrf_protection.js";
 
-
 type View = "desktop" | "mobile" | "print";
 
-export function bootstrap(req: Request, res: Response) {
+function index(req: Request, res: Response) {
+    const view = getView(req);
     const options = optionService.getOptionMap();
 
     //'overwrite' set to false (default) => the existing token will be re-used and validated
@@ -26,14 +26,17 @@ export function bootstrap(req: Request, res: Response) {
     const csrfToken = generateCsrfToken(req, res, false, false);
     log.info(`CSRF token generation: ${csrfToken ? "Successful" : "Failed"}`);
 
-    const view = getView(req);
+    // We force the page to not be cached since on mobile the CSRF token can be
+    // broken when closing the browser and coming back in to the page.
+    // The page is restored from cache, but the API call fail.
+    res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
+
     const theme = options.theme;
     const themeNote = attributeService.getNoteWithLabel("appTheme", theme);
     const nativeTitleBarVisible = options.nativeTitleBarVisible === "true";
     const iconPacks = getIconPacks();
-    const currentLocale = getCurrentLocale();
 
-    res.send({
+    res.render(view, {
         device: view,
         csrfToken,
         themeCssUrl: getThemeCssUrl(theme, themeNote),
@@ -44,6 +47,9 @@ export function bootstrap(req: Request, res: Response) {
         isElectron,
         hasNativeTitleBar: isElectron && nativeTitleBarVisible,
         hasBackgroundEffects: isElectron && isWindows11 && !nativeTitleBarVisible && options.backgroundEffects === "true",
+        mainFontSize: parseInt(options.mainFontSize),
+        treeFontSize: parseInt(options.treeFontSize),
+        detailFontSize: parseInt(options.detailFontSize),
         maxEntityChangeIdAtLoad: sql.getValue("SELECT COALESCE(MAX(id), 0) FROM entity_changes"),
         maxEntityChangeSyncIdAtLoad: sql.getValue("SELECT COALESCE(MAX(id), 0) FROM entity_changes WHERE isSynced = 1"),
         instanceName: config.General ? config.General.instanceName : null,
@@ -55,16 +61,14 @@ export function bootstrap(req: Request, res: Response) {
         assetPath,
         appPath,
         baseApiUrl: 'api/',
-        currentLocale,
-        isRtl: !!currentLocale.rtl,
+        currentLocale: getCurrentLocale(),
         iconPackCss: iconPacks
             .map(p => generateCss(p, p.builtin
                 ? `${assetPath}/fonts/${p.fontAttachmentId}.${MIME_TO_EXTENSION_MAPPINGS[p.fontMime]}`
                 : `api/attachments/download/${p.fontAttachmentId}`))
             .filter(Boolean)
             .join("\n\n"),
-        iconRegistry: generateIconRegistry(iconPacks),
-        TRILIUM_SAFE_MODE: !!process.env.TRILIUM_SAFE_MODE
+        iconRegistry: generateIconRegistry(iconPacks)
     });
 }
 
@@ -129,3 +133,7 @@ function getThemeCssUrl(theme: string, themeNote: BNote | null) {
 function getAppCssNoteIds() {
     return attributeService.getNotesWithLabel("appCss").map((note) => note.noteId);
 }
+
+export default {
+    index
+};

apps/server/src/routes/routes.ts

@@ -1,73 +1,76 @@
-import { createPartialContentHandler } from "@triliumnext/express-partial-content";
+import { isElectron } from "../services/utils.js";
 import express from "express";
+
+import auth from "../services/auth.js";
+import openID from '../services/open_id.js';
+import totp from './api/totp.js';
+import recoveryCodes from './api/recovery_codes.js';
+import { doubleCsrfProtection as csrfMiddleware } from "./csrf_protection.js";
+import { createPartialContentHandler } from "@triliumnext/express-partial-content";
 import rateLimit from "express-rate-limit";
 
+// page routes
+import setupRoute from "./setup.js";
+import loginRoute from "./login.js";
+import indexRoute from "./index.js";
+
+// API routes
+import treeApiRoute from "./api/tree.js";
+import notesApiRoute from "./api/notes.js";
+import branchesApiRoute from "./api/branches.js";
+import attachmentsApiRoute from "./api/attachments.js";
+import autocompleteApiRoute from "./api/autocomplete.js";
+import cloningApiRoute from "./api/cloning.js";
+import revisionsApiRoute from "./api/revisions.js";
+import recentChangesApiRoute from "./api/recent_changes.js";
+import optionsApiRoute from "./api/options.js";
+import passwordApiRoute from "./api/password.js";
+import syncApiRoute from "./api/sync.js";
+import loginApiRoute from "./api/login.js";
+import recentNotesRoute from "./api/recent_notes.js";
+import appInfoRoute from "./api/app_info.js";
+import exportRoute from "./api/export.js";
+import importRoute from "./api/import.js";
+import setupApiRoute from "./api/setup.js";
+import sqlRoute from "./api/sql.js";
+import databaseRoute from "./api/database.js";
+import imageRoute from "./api/image.js";
+import attributesRoute from "./api/attributes.js";
+import scriptRoute from "./api/script.js";
+import senderRoute from "./api/sender.js";
+import filesRoute from "./api/files.js";
+import searchRoute from "./api/search.js";
+import bulkActionRoute from "./api/bulk_action.js";
+import specialNotesRoute from "./api/special_notes.js";
+import noteMapRoute from "./api/note_map.js";
+import clipperRoute from "./api/clipper.js";
+import similarNotesRoute from "./api/similar_notes.js";
+import keysRoute from "./api/keys.js";
+import backendLogRoute from "./api/backend_log.js";
+import statsRoute from "./api/stats.js";
+import fontsRoute from "./api/fonts.js";
+import etapiTokensApiRoutes from "./api/etapi_tokens.js";
+import relationMapApiRoute from "./api/relation-map.js";
+import otherRoute from "./api/other.js";
+import metricsRoute from "./api/metrics.js";
+import shareRoutes from "../share/routes.js";
+import ollamaRoute from "./api/ollama.js";
+import openaiRoute from "./api/openai.js";
+import anthropicRoute from "./api/anthropic.js";
+import llmRoute from "./api/llm.js";
+import systemInfoRoute from "./api/system_info.js";
+
+import etapiAuthRoutes from "../etapi/auth.js";
 import etapiAppInfoRoutes from "../etapi/app_info.js";
 import etapiAttachmentRoutes from "../etapi/attachments.js";
 import etapiAttributeRoutes from "../etapi/attributes.js";
-import etapiAuthRoutes from "../etapi/auth.js";
-import etapiBackupRoute from "../etapi/backup.js";
 import etapiBranchRoutes from "../etapi/branches.js";
-import etapiMetricsRoute from "../etapi/metrics.js";
 import etapiNoteRoutes from "../etapi/notes.js";
-import etapiSpecRoute from "../etapi/spec.js";
 import etapiSpecialNoteRoutes from "../etapi/special_notes.js";
-import auth from "../services/auth.js";
-import openID from '../services/open_id.js';
-import { isElectron } from "../services/utils.js";
-import shareRoutes from "../share/routes.js";
-import anthropicRoute from "./api/anthropic.js";
-import appInfoRoute from "./api/app_info.js";
-import attachmentsApiRoute from "./api/attachments.js";
-import attributesRoute from "./api/attributes.js";
-import autocompleteApiRoute from "./api/autocomplete.js";
-import backendLogRoute from "./api/backend_log.js";
-import branchesApiRoute from "./api/branches.js";
-import bulkActionRoute from "./api/bulk_action.js";
-import clipperRoute from "./api/clipper.js";
-import cloningApiRoute from "./api/cloning.js";
-import databaseRoute from "./api/database.js";
-import etapiTokensApiRoutes from "./api/etapi_tokens.js";
-import exportRoute from "./api/export.js";
-import filesRoute from "./api/files.js";
-import fontsRoute from "./api/fonts.js";
-import imageRoute from "./api/image.js";
-import importRoute from "./api/import.js";
-import keysRoute from "./api/keys.js";
-import llmRoute from "./api/llm.js";
-import loginApiRoute from "./api/login.js";
-import metricsRoute from "./api/metrics.js";
-import noteMapRoute from "./api/note_map.js";
-import notesApiRoute from "./api/notes.js";
-import ollamaRoute from "./api/ollama.js";
-import openaiRoute from "./api/openai.js";
-import optionsApiRoute from "./api/options.js";
-import otherRoute from "./api/other.js";
-import passwordApiRoute from "./api/password.js";
-import recentChangesApiRoute from "./api/recent_changes.js";
-import recentNotesRoute from "./api/recent_notes.js";
-import recoveryCodes from './api/recovery_codes.js';
-import relationMapApiRoute from "./api/relation-map.js";
-import revisionsApiRoute from "./api/revisions.js";
-import scriptRoute from "./api/script.js";
-import searchRoute from "./api/search.js";
-import senderRoute from "./api/sender.js";
-import setupApiRoute from "./api/setup.js";
-import similarNotesRoute from "./api/similar_notes.js";
-import specialNotesRoute from "./api/special_notes.js";
-import sqlRoute from "./api/sql.js";
-import statsRoute from "./api/stats.js";
-import syncApiRoute from "./api/sync.js";
-import systemInfoRoute from "./api/system_info.js";
-import totp from './api/totp.js';
-// API routes
-import treeApiRoute from "./api/tree.js";
-import { doubleCsrfProtection as csrfMiddleware } from "./csrf_protection.js";
-import * as indexRoute from "./index.js";
-import loginRoute from "./login.js";
+import etapiSpecRoute from "../etapi/spec.js";
+import etapiBackupRoute from "../etapi/backup.js";
+import etapiMetricsRoute from "../etapi/metrics.js";
 import { apiResultHandler, apiRoute, asyncApiRoute, asyncRoute, route, router, uploadMiddlewareWithErrorHandling } from "./route_api.js";
-// page routes
-import setupRoute from "./setup.js";
 
 const GET = "get",
     PST = "post",
@@ -76,6 +79,7 @@ const GET = "get",
     DEL = "delete";
 
 function register(app: express.Application) {
+    route(GET, "/", [auth.checkAuth, csrfMiddleware], indexRoute.index);
     route(GET, "/login", [auth.checkAppInitialized, auth.checkPasswordSet], loginRoute.loginPage);
     route(GET, "/set-password", [auth.checkAppInitialized, auth.checkPasswordNotSet], loginRoute.setPasswordPage);
 
@@ -85,7 +89,6 @@ function register(app: express.Application) {
         skipSuccessfulRequests: true // successful auth to rate-limited ETAPI routes isn't counted. However, successful auth to /login is still counted!
     });
 
-    route(GET, "/bootstrap", [ auth.checkAuth ], indexRoute.bootstrap);
     route(PST, "/login", [loginRateLimiter], loginRoute.login);
     route(PST, "/logout", [csrfMiddleware, auth.checkAuth], loginRoute.logout);
     route(PST, "/set-password", [auth.checkAppInitialized, auth.checkPasswordNotSet], loginRoute.setPassword);

pnpm-lock.yaml

@@ -504,8 +504,8 @@ importers:
         specifier: 9.0.5
         version: 9.0.5
       node-html-parser:
-        specifier: 7.0.1
-        version: 7.0.1
+        specifier: 7.0.2
+        version: 7.0.2
       sucrase:
         specifier: 3.35.1
         version: 3.35.1
@@ -10841,8 +10841,8 @@ packages:
   node-html-parser@6.1.13:
     resolution: {integrity: sha512-qIsTMOY4C/dAa5Q5vsobRpOOvPfC4pB61UVW2uSwZNUp0QU/jCekTal1vMmbO0DgdHeLUJpv/ARmDqErVxA3Sg==}
 
-  node-html-parser@7.0.1:
-    resolution: {integrity: sha512-KGtmPY2kS0thCWGK0VuPyOS+pBKhhe8gXztzA2ilAOhbUbxa9homF1bOyKvhGzMLXUoRds9IOmr/v5lr/lqNmA==}
+  node-html-parser@7.0.2:
+    resolution: {integrity: sha512-DxodLVh7a6JMkYzWyc8nBX9MaF4M0lLFYkJHlWOiu7+9/I6mwNK9u5TbAMC7qfqDJEPX9OIoWA2A9t4C2l1mUQ==}
 
   node-readfiles@0.2.0:
     resolution: {integrity: sha512-SU00ZarexNlE4Rjdm83vglt5Y9yiQ+XI1XpflWlb7q7UTN1JUItm69xMeiQCTxtTfnzt+83T8Cx+vI2ED++VDA==}
@@ -15299,6 +15299,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-block-quote@47.3.0':
     dependencies:
@@ -15309,6 +15311,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-bookmark@47.3.0':
     dependencies:
@@ -15544,8 +15548,6 @@ snapshots:
       '@ckeditor/ckeditor5-widget': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-easy-image@47.3.0':
     dependencies:
@@ -15583,8 +15585,6 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-editor-inline@47.3.0':
     dependencies:
@@ -15594,6 +15594,8 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-editor-multi-root@47.3.0':
     dependencies:
@@ -15616,6 +15618,8 @@ snapshots:
       '@ckeditor/ckeditor5-table': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-emoji@47.3.0':
     dependencies:
@@ -15641,8 +15645,6 @@ snapshots:
       '@ckeditor/ckeditor5-core': 47.3.0
       '@ckeditor/ckeditor5-engine': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-essentials@47.3.0':
     dependencies:
@@ -15674,6 +15676,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-export-word@47.3.0':
     dependencies:
@@ -15698,8 +15702,6 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-font@47.3.0':
     dependencies:
@@ -15709,6 +15711,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-footnotes@47.3.0':
     dependencies:
@@ -15739,6 +15743,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-heading@47.3.0':
     dependencies:
@@ -15770,8 +15776,6 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       '@ckeditor/ckeditor5-widget': 47.3.0
       ckeditor5: 47.3.0
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-html-embed@47.3.0':
     dependencies:
@@ -15831,6 +15835,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-indent@47.3.0':
     dependencies:
@@ -15865,8 +15871,6 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-link@47.3.0':
     dependencies:
@@ -15893,8 +15897,6 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
-    transitivePeerDependencies:
-      - supports-color
 
   '@ckeditor/ckeditor5-list@47.3.0':
     dependencies:
@@ -15947,6 +15949,8 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       '@ckeditor/ckeditor5-widget': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-mention@47.3.0(patch_hash=5981fb59ba35829e4dff1d39cf771000f8a8fdfa7a34b51d8af9549541f2d62d)':
     dependencies:
@@ -15956,6 +15960,8 @@ snapshots:
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-merge-fields@47.3.0':
     dependencies:
@@ -15968,6 +15974,8 @@ snapshots:
       '@ckeditor/ckeditor5-widget': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-minimap@47.3.0':
     dependencies:
@@ -15976,6 +15984,8 @@ snapshots:
       '@ckeditor/ckeditor5-ui': 47.3.0
       '@ckeditor/ckeditor5-utils': 47.3.0
       ckeditor5: 47.3.0
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-operations-compressor@47.3.0':
     dependencies:
@@ -16216,6 +16226,8 @@ snapshots:
       '@ckeditor/ckeditor5-widget': 47.3.0
       ckeditor5: 47.3.0
       es-toolkit: 1.39.5
+    transitivePeerDependencies:
+      - supports-color
 
   '@ckeditor/ckeditor5-template@47.3.0':
     dependencies:
@@ -27127,7 +27139,7 @@ snapshots:
       css-select: 5.2.2
       he: 1.2.0
 
-  node-html-parser@7.0.1:
+  node-html-parser@7.0.2:
     dependencies:
       css-select: 5.2.2
       he: 1.2.0