Max/SolidScribe
1
0
Fork 0
Code Issues 24 Pull Requests Releases Wiki Activity

* Delete Crunch Menu Component

Browse Source 
* Disabled Quick Note
* Note crunches over when menu is open
* Added a cool loader
* Remomoved locked notes
* Added full note encryption
* Added encrypted search index
* Added encrypted shared notes
* Made search bar have a clear and search button
* Tags only loade when clicking on the tags menu
* Tweaked home page to be a little more sane
* built out some gigantic test cases
* simplified a lot of things to make entire app easier to maintain
This commit is contained in:
Max G
2020-05-10 21:15:59 +00:00
parent df073b0e4d
commit 67b218329b
16 changed files with 797 additions and 603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/index.js
View File

@@ -106,7 +106,7 @@ io.on('connection', function(socket){
http.listen(3001, function(){
console.log('socket.io liseting on port 3001');
// console.log('socket.io liseting on port 3001');
});
//Enable json body parsing in requests. Allows me to post data in ajax calls
@@ -139,6 +139,11 @@ app.use(function(req, res, next){
// Test Area
// -> right here
let UserTest = require('@models/User')
let NoteTest = require('@models/Note')
// UserTest.keyPairTest()
// .then( ({testUserId, masterKey}) => NoteTest.test(testUserId, masterKey))
// .then( message => { console.log(message) })
// Test Area
@@ -173,4 +178,6 @@ var quickNote = require('@routes/quicknoteController')
app.use(prefix+'/quick-note', quickNote)
//Output running status
app.listen(port, () => console.log(`Listening on port ${port}!`))
app.listen(port, () => {
// console.log(`Listening on port ${port}!`)
})

396
server/models/Note.js
View File

@@ -1,5 +1,7 @@
let db = require('@config/database')
let Note = module.exports = {}
let Tags = require('@models/Tag')
let Attachment = require('@models/Attachment')
let ShareNote = require('@models/ShareNote')
@@ -8,14 +10,90 @@ let ProcessText = require('@helpers/ProcessText')
const DiffMatchPatch = require('@helpers/DiffMatchPatch')
const crypto = require('crypto')
const cs = require('@helpers/CryptoString')
const rp = require('request-promise');
const fs = require('fs')
let Note = module.exports = {}
const gm = require('gm')
Note.test = (userId, masterKey) => {
return new Promise((resolve, reject) => {
let testNoteId = 0
Note.create(userId, '','', masterKey)
.then(newNoteId => {
console.log('Test: Create Note - Pass')
testNoteId = newNoteId
return Note.update
(null, userId, testNoteId, 'Note text', 'Test Note beans Title', 0, 0, 0, 'hash', masterKey)
})
.then(() => {
console.log('Test: Update Note - Pass')
return Note.get(userId, testNoteId, masterKey)
})
.then(updatedText => {
console.log('Test: Open Updated Note - Pass')
const shareUserId = 61
return ShareNote.migrateNoteToShared(userId, testNoteId, shareUserId, masterKey)
})
.then(shareResults => {
console.log('Test: Set Note To Shared - Pass')
return Note.get(userId, testNoteId, masterKey)
})
.then(() => {
console.log('Test: Open Shared Note - Pass')
return Note.update
(null, userId, testNoteId, 'Shared Update', 'Test Note beans Title', 0, 0, 0, 'hash', masterKey)
})
.then(() => {
console.log('Test: Update Shared Note - Pass')
return Note.reindex(userId, masterKey)
})
.then( reindexResults => {
console.log(`Test: Reindex Notes - ${reindexResults?'Pass':'Fail'}`)
return Note.encryptedIndexSearch(userId, 'beans', null, masterKey)
})
.then(textSearchResults => {
if(textSearchResults['ids'] && textSearchResults['ids'].length >= 1){
console.log('Test: Search Index - Pass')
} else { console.log('Test: Search Index - Fail') }
return Note.delete(userId, testNoteId)
})
.then(results => {
console.log('Test: Delete Note - Pass')
return resolve('Test: Complete')
})
})
}
//User doesn't have an encrypted note set. Encrypt all notes
Note.encryptEveryNote = (userId, masterKey) => {
@@ -85,6 +163,7 @@ Note.encryptEveryNote = (userId, masterKey) => {
})
}
//Returns insertedId of new note
Note.create = (userId, noteTitle, noteText, masterKey) => {
return new Promise((resolve, reject) => {
@@ -92,6 +171,7 @@ Note.create = (userId, noteTitle, noteText, masterKey) => {
const created = Math.round((+new Date)/1000)
const salt = cs.createSmallSalt()
const snippetSalt = cs.createSmallSalt()
const textObject = JSON.stringify([noteTitle, noteText])
const encryptedText = cs.encrypt(masterKey, salt, textObject)
@@ -103,8 +183,8 @@ Note.create = (userId, noteTitle, noteText, masterKey) => {
const rawTextId = rows[0].insertId
return db.promise()
.query('INSERT INTO note (user_id, note_raw_text_id, created, quick_note) VALUES (?,?,?,?)',
[userId, rawTextId, created, 0])
.query('INSERT INTO note (user_id, note_raw_text_id, created, quick_note, snippet_salt) VALUES (?,?,?,?,?)',
[userId, rawTextId, created, 0, snippetSalt])
})
.then((rows, fields) => {
// Indexing is done on save
@@ -114,6 +194,9 @@ Note.create = (userId, noteTitle, noteText, masterKey) => {
})
}
// Called when a note is close
// Will attempt to reindex all notes that are flagged in database as not indexed
// Limit to 100 notes per batch
Note.reindex = (userId, masterKey) => {
return new Promise((resolve, reject) => {
@@ -148,7 +231,6 @@ Note.reindex = (userId, masterKey) => {
if(rows[0].length == 0){
console.log('Creating a new index')
//Create search index entry, return an object
searchIndexSalt = cs.createSmallSalt()
@@ -266,7 +348,7 @@ Note.reindex = (userId, masterKey) => {
})
.then(rawSearchIndex => {
console.log('All notes indexed')
// console.log('All notes indexed')
const created = Math.round((+new Date)/1000)
const jsonSearchIndex = JSON.stringify(searchIndex)
@@ -281,7 +363,7 @@ Note.reindex = (userId, masterKey) => {
})
.then((rows, fields) => {
console.log('Indexd Note Count: ' + rows[0]['affectedRows'])
// console.log('Indexd Note Count: ' + rows[0]['affectedRows'])
resolve(true)
})
@@ -337,69 +419,84 @@ Note.reindex = (userId, masterKey) => {
})
}
Note.update = (io, userId, noteId, noteText, noteTitle, color, pinned, archived, password = '', passwordHint = '', masterKey) => {
// Returns updated note text
Note.update = (io, userId, noteId, noteText, noteTitle, color, pinned, archived, hash, masterKey) => {
return new Promise((resolve, reject) => {
const now = Math.round((+new Date)/1000)
db.promise()
.query(`
SELECT note_raw_text_id, salt FROM note
JOIN note_raw_text ON note_raw_text_id = note_raw_text.id
WHERE note.id = ? AND user_id = ?`, [noteId, userId])
let noteSnippet = ''
let User = require('@models/User')
let userPrivateKey = null
User.getPrivateKey(userId, masterKey)
.then(privateKey => {
userPrivateKey = privateKey
return db.promise()
.query(`
SELECT note_raw_text_id, salt, snippet_salt, encrypted_share_password_key FROM note
JOIN note_raw_text ON note_raw_text_id = note_raw_text.id
WHERE note.id = ? AND user_id = ?`, [noteId, userId])
})
.then((rows, fields) => {
const textId = rows[0][0]['note_raw_text_id']
let salt = rows[0][0]['salt']
let noteSnippet = ''
let snippetSalt = rows[0][0]['snippet_salt']
//If a password is set, create a salt
if(password.length > 3 && !salt){
salt = cs.createSalt()
//Shared notes use encrypted key - decrypt key then decrypt note
const encryptedShareKey = rows[0][0].encrypted_share_password_key
if(encryptedShareKey != null){
masterKey = crypto.privateDecrypt(userPrivateKey,
Buffer.from(encryptedShareKey, 'base64') )
}
//Save password hint on first encryption
if(passwordHint.length > 0){
db.promise().query('UPDATE note_raw_text SET password_hint = ? WHERE id = ?', [passwordHint, textId])
let encryptedNoteText = ''
//Create encrypted snippet
const snippet = JSON.stringify([noteTitle, noteText.substring(0, 500)])
noteSnippet = cs.encrypt(masterKey, snippetSalt, snippet)
//Encrypt note text
const textObject = JSON.stringify([noteTitle, noteText])
encryptedNoteText = cs.encrypt(masterKey, salt, textObject)
//
// @TODO - this needs some kind of rate limiting
// A note shared with a lot of users could do a ton of updates every save
//
//Update text snippet for all other shared users
db.promise().query('SELECT * FROM note WHERE note_raw_text_id = ? AND id != ?', [textId, noteId])
.then((rows, fields) => {
for (var i = 0; i < rows[0].length; i++) {
const otherNote = rows[0][i]
//Re-encrypt for other user
const updatedSnippet = cs.encrypt(masterKey, otherNote.snippet_salt, snippet)
db.promise().query('UPDATE note SET snippet = ? WHERE id = ?', [updatedSnippet, otherNote.id])
}
}
//Encrypt note text if proper data is setup
if(password.length > 3 && salt.length > 1000){
noteText = cs.encrypt(password, salt, noteText)
//
// @TODO - Do note save data if encryption goes wrong, do some validation
//
} else {
//Create encrypted snippet
const snippet = JSON.stringify([noteTitle, noteText.substring(0, 500)])
noteSnippet = cs.encrypt(masterKey, salt, snippet)
//Encrypt note text
const textObject = JSON.stringify([noteTitle, noteText])
noteText = cs.encrypt(masterKey, salt, textObject)
}
})
//Update Note text
return db.promise()
.query('UPDATE note_raw_text SET text = ?, snippet = ? ,updated = ?, salt = ? WHERE id = ?', [noteText, noteSnippet, now, salt, textId])
.query('UPDATE note_raw_text SET text = ?, updated = ? WHERE id = ?', [encryptedNoteText, now, textId])
})
.then( (rows, fields) => {
const encrypted = password.length > 3 ? 1:0
//Update other note attributes
return db.promise()
.query('UPDATE note SET pinned = ?, archived = ?, color = ?, encrypted = ?, indexed = 0 WHERE id = ? AND user_id = ? LIMIT 1',
[pinned, archived, color, encrypted, noteId, userId])
.query('UPDATE note SET pinned = ?, archived = ?, color = ?, snippet = ?, indexed = 0 WHERE id = ? AND user_id = ? LIMIT 1',
[pinned, archived, color, noteSnippet, noteId, userId])
})
.then((rows, fields) => {
//Async solr note reindex
// Note.reindex(userId, noteId)
if(io){
io.to(userId).emit('new_note_text_saved', {noteId, hash})
}
//Async attachment reindex
Attachment.scanTextForWebsites(io, userId, noteId, noteText)
@@ -565,121 +662,87 @@ Note.getDiffText = (userId, noteId, usersCurrentText, lastUpdated) => {
}
Note.get = (userId, noteId, password = '', masterKey) => {
Note.get = (userId, noteId, masterKey) => {
return new Promise((resolve, reject) => {
let User = require('@models/User')
if(!masterKey || masterKey.length == 0){
return reject('Get note called without master key')
}
db.promise()
.query(`
SELECT
note_raw_text.text,
note_raw_text.salt,
note_raw_text.password_hint,
note_raw_text.updated as updated,
note_raw_text.decrypt_attempts_count,
note_raw_text.last_decrypted_date,
note.id,
note.user_id,
note.created,
note.pinned,
note.archived,
note.color,
note.encrypted,
count(distinct attachment.id) as attachment_count,
note.note_raw_text_id as rawTextId,
shareUser.username as shareUsername
FROM note
JOIN note_raw_text ON (note_raw_text.id = note.note_raw_text_id)
LEFT JOIN attachment ON (note.id = attachment.note_id)
LEFT JOIN user as shareUser ON (note.share_user_id = shareUser.id)
WHERE note.user_id = ? AND note.id = ? LIMIT 1`, [userId, noteId])
let userPrivateKey = null;
User.getPrivateKey(userId, masterKey)
.then(privateKey => {
//Grab users private key
userPrivateKey = privateKey
return db.promise()
.query(`
SELECT
note_raw_text.text,
note_raw_text.salt,
note_raw_text.updated as updated,
note.id,
note.user_id,
note.created,
note.pinned,
note.archived,
note.color,
note.encrypted_share_password_key,
count(distinct attachment.id) as attachment_count,
note.note_raw_text_id as rawTextId,
shareUser.username as shareUsername
FROM note
JOIN note_raw_text ON (note_raw_text.id = note.note_raw_text_id)
LEFT JOIN attachment ON (note.id = attachment.note_id)
LEFT JOIN user as shareUser ON (note.share_user_id = shareUser.id)
WHERE note.user_id = ? AND note.id = ? LIMIT 1`, [userId, noteId])
})
.then((rows, fields) => {
const nowTime = Math.round((+new Date)/1000)
let noteLockedOut = false
let noteData = rows[0][0]
const rawTextId = noteData['rawTextId']
noteData.decrypted = true
// const rawTextId = noteData['rawTextId']
//Block access to notes if invalid or user doesn't have access
if(!noteData || !noteData['user_id'] || noteData['user_id'] != userId || noteData['id'] != noteId){
return resolve(false)
}
//If this is not and encrypted note, pass decrypted true, skip encryption stuff
if(noteData.encrypted == 1){
noteData.decrypted = false
//Shared notes use encrypted key - decrypt key then decrypt note
if(noteData.encrypted_share_password_key != null){
masterKey = crypto.privateDecrypt(userPrivateKey,
Buffer.from(noteData.encrypted_share_password_key, 'base64') )
}
//
//Rate Limiting
//
//Check if note is exceeding decrypt attempt limit
if(noteData.encrypted == 1){
const timeSinceLastUnlock = nowTime - noteData.last_decrypted_date
//To many attempts in less than 5 minutes, note is locked
if(noteData.decrypt_attempts_count > 3 && timeSinceLastUnlock < 300){
noteLockedOut = true
}
//its been 5 minutes, reset attempt count
if(noteData.decrypt_attempts_count > 0 && timeSinceLastUnlock > 300){
noteLockedOut = false
noteData.decrypt_attempts_count = 0
db.promise().query('UPDATE note_raw_text SET last_decrypted_date = ?, decrypt_attempts_count = 0 WHERE id = ?', [nowTime, rawTextId ])
}
}
//Note is encrypted, lets try and decipher it with the given password
if(password.length > 3 && noteData.encrypted == 1 && !noteLockedOut){
const decipheredText = cs.decrypt(password, noteData.salt, noteData.text)
//Text was decrypted, return decrypted text
if(decipheredText !== null){
noteData.decrypted = true
noteData.text = decipheredText
//Save last decrypted date, reset decrypt atempts
db.promise().query('UPDATE note_raw_text SET last_decrypted_date = ?, decrypt_attempts_count = 0 WHERE id = ?', [nowTime, rawTextId ])
}
//Text was not deciphered, delete object, never return cipher text
if(decipheredText === null){
noteData.text = '' //Never return cipher text
noteData.decryptFail = true
noteData.decrypt_attempts_count++ //Update display for user
//Update decrypt attempts
db.promise().query('UPDATE note_raw_text SET decrypt_attempts_count = decrypt_attempts_count +1 WHERE id = ?', [rawTextId ])
}
}
if(noteData.encrypted == 0 && noteData.salt && noteData.salt.length > 0){
//Normal Encrypted note
const decipheredText = cs.decrypt(masterKey, noteData.salt, noteData.text)
if(decipheredText == null){
throw new Error('Unable to decropt note text')
}
//Parse title and text from encrypted data and update object
const textObject = JSON.parse(decipheredText)
noteData.title = textObject[0]
noteData.text = textObject[1]
//Normal Encrypted note
const decipheredText = cs.decrypt(masterKey, noteData.salt, noteData.text)
if(decipheredText == null){
throw new Error('Unable to decropt note text')
}
//Parse title and text from encrypted data and update object
const textObject = JSON.parse(decipheredText)
noteData.title = textObject[0]
noteData.text = textObject[1]
db.promise().query(`UPDATE note SET opened = ? WHERE (id = ?)`, [nowTime, noteId])
//Return note data
delete noteData.salt //remove salt from return data
delete noteData.encrypted_share_password_key
noteData.lockedOut = noteLockedOut
resolve(noteData)
})
.catch(console.log)
.catch(error => {
console.log(error)
resolve(false)
})
})
}
@@ -699,7 +762,7 @@ Note.getShared = (noteId) => {
}
// Searches text index, returns nothing if there is no search query
Note.solrQuery = (userId, searchQuery, searchTags, masterKey) => {
Note.encryptedIndexSearch = (userId, searchQuery, searchTags, masterKey) => {
return new Promise((resolve, reject) => {
if(searchQuery.length == 0){
@@ -752,7 +815,7 @@ Note.solrQuery = (userId, searchQuery, searchTags, masterKey) => {
searchData['ids'] = searchData['exact'].concat(searchData['partial'])
searchData['total'] = searchData['ids'].length
console.log(searchData['total'])
// console.log(searchData['total'])
return resolve({ 'ids':searchData['ids'] })
@@ -772,10 +835,19 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
//Define return data objects
let returnData = {
'notes':[],
'tags':[]
'total':0,
}
Note.solrQuery(userId, searchQuery, searchTags, masterKey).then( (textSearchResults) => {
let userPrivateKey = null
let User = require('@models/User')
User.generateKeypair(userId, masterKey)
.then(({publicKey, privateKey}) => {
userPrivateKey = privateKey
return Note.encryptedIndexSearch(userId, searchQuery, searchTags, masterKey)
})
.then( (textSearchResults) => {
//Pull out search results from previous query
let textSearchIds = []
@@ -784,6 +856,7 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
if(textSearchResults != null){
textSearchIds = textSearchResults['ids']
returnData['total'] = textSearchIds.length
// highlights = textSearchResults['snippets']
}
@@ -799,9 +872,8 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
let searchParams = [userId]
let noteSearchQuery = `
SELECT note.id,
note_raw_text.title as title,
note_raw_text.snippet as snippet,
note_raw_text.salt as salt,
note.snippet as snippet,
note.snippet_salt as salt,
note_raw_text.updated as updated,
opened,
color,
@@ -813,7 +885,8 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
GROUP_CONCAT(DISTINCT tag.text) as tags,
GROUP_CONCAT(DISTINCT attachment.file_location) as thumbs,
shareUser.username as shareUsername,
note.shared
note.shared,
note.encrypted_share_password_key
FROM note
JOIN note_raw_text ON (note_raw_text.id = note.note_raw_text_id)
LEFT JOIN note_tag ON (note.id = note_tag.note_id)
@@ -924,6 +997,9 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
.query(noteSearchQuery, searchParams)
.then((noteRows, noteFields) => {
//Current note key may change, default to master key
let currentNoteKey = masterKey
//Push all notes
returnData['notes'] = noteRows[0]
@@ -934,12 +1010,18 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
//Grab note ID for finding tags
noteIds.push(note.id)
if(note.encrypted == 1){
note.text = ''
//Shared notes use encrypted key - decrypt key then decrypt note
const encryptedShareKey = note.encrypted_share_password_key
if(encryptedShareKey != null){
currentNoteKey = crypto.privateDecrypt(userPrivateKey,
Buffer.from(encryptedShareKey, 'base64') )
}
//Decrypt note text
if(note.snippet && note.salt){
const decipheredText = cs.decrypt(masterKey, note.salt, note.snippet)
const decipheredText = cs.decrypt(currentNoteKey, note.salt, note.snippet)
const textObject = JSON.parse(decipheredText)
if(textObject != null && textObject.length == 2){
note.title = textObject[0]
@@ -953,6 +1035,7 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
note.title = textData.title
note.subtext = textData.sub
//Remove these variables
note.note_highlights = []
note.attachment_highlights = []
note.tag_highlights = []
@@ -967,38 +1050,13 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
}
//Clear out note.text before sending it to front end, its being used in title and subtext
delete note.text
delete note.snippet
delete note.salt
})
//If no notes are returned, there are no tags, return empty
if(noteIds.length == 0){
return resolve(returnData)
}
//Return all notes, tags are not being searched
// if tags are being searched, continue
// if notes are being filtered, return tags
if(searchTags.length == 0 && returnTagResults == false){
return resolve(returnData)
}
return resolve(returnData)
//Only show tags of selected notes
db.promise()
.query(`SELECT tag.id, tag.text, count(tag.id) as usages FROM note_tag
JOIN tag ON (tag.id = note_tag.tag_id)
WHERE note_tag.user_id = ?
AND note_id IN (?)
GROUP BY tag.id
ORDER BY usages DESC;`,[userId, noteIds])
.then((tagRows, tagFields) => {
returnData['tags'] = tagRows[0]
resolve(returnData)
})
.catch(console.log)
})
.catch(console.log)

142
server/models/ShareNote.js
View File

@@ -9,80 +9,122 @@ const Note = require('@models/Note')
let ShareNote = module.exports = {}
// Share a note with a user, given the correct username
ShareNote.addUser = (userId, noteId, rawTextId, username) => {
const crypto = require('crypto')
const cs = require('@helpers/CryptoString')
ShareNote.migrateNoteToShared = (userId, noteId, shareUserId, masterKey) => {
return new Promise((resolve, reject) => {
let shareUserId = null
let newNoteShare = null
const cleanUser = username.toLowerCase().trim()
const Note = require('@models/Note')
const User = require('@models/User')
//Check that user actually exists
db.promise().query(`SELECT id FROM user WHERE LOWER(username) = ?`, [cleanUser])
//generate new random salts and password
const sharedNoteMasterKey = cs.createSmallSalt()
let encryptedSharedKey = null //new key for note encrypted with shared users pubic key
//Current note object
let note = null
let publicKey = null
db.promise().query('SELECT id FROM user WHERE id = ?', [shareUserId])
.then((rows, fields) => {
if(rows[0].length == 0){
throw new Error('User Does Not Exist')
}
shareUserId = rows[0][0]['id']
return Note.get(userId, noteId, masterKey)
})
.then( noteObject => {
if(!noteObject){
throw new Error('Note Not Found')
}
note = noteObject
//Check if note has already been added for user
return db.promise()
.query('SELECT id FROM note WHERE user_id = ? AND note_raw_text_id = ?', [shareUserId, rawTextId])
.query('SELECT id FROM note WHERE user_id = ? AND note_raw_text_id = ?', [shareUserId, note.rawTextId])
})
.then((rows, fields) => {
if(rows[0].length >= 1){
throw new Error('User Already has this note shared with them')
}
//All check pass, proceed with sharing note
return User.getPublicKey(userId)
})
.then( userPublicKey => {
//Get users public key
publicKey = userPublicKey
//
// Modify note to have a shared password, encrypt text with this password
//
const sharedNoteSalt = cs.createSmallSalt()
//Encrypt note text with new password
const textObject = JSON.stringify([note.title, note.text])
const encryptedText = cs.encrypt(sharedNoteMasterKey, sharedNoteSalt, textObject)
//Update note raw text with new data
return db.promise()
.query("UPDATE `application`.`note_raw_text` SET `text` = ?, `salt` = ? WHERE (`id` = ?)",
[encryptedText, sharedNoteSalt, note.rawTextId])
})
.then((rows, fields) => {
if(rows[0].length != 0){
throw new Error('User Already Has Note')
}
//New Encrypted snippet, using new shared password
const sharedNoteSnippetSalt = cs.createSmallSalt()
const snippet = JSON.stringify([note.title, note.text.substring(0, 500)])
const encryptedSnippet = cs.encrypt(sharedNoteMasterKey, sharedNoteSnippetSalt, snippet)
//Lookup note to share with user, clone this data to create users new note
return db.promise()
.query(`SELECT * FROM note WHERE id = ? LIMIT 1`, [noteId])
})
.then((rows, fields) => {
//Encrypt shared password for this user
const encryptedSharedKey = crypto.publicEncrypt(publicKey, Buffer.from(sharedNoteMasterKey, 'utf8')).toString('base64')
newNoteShare = rows[0][0]
//Modify note with the share attributes we want
delete newNoteShare['id']
delete newNoteShare['opened']
newNoteShare['share_user_id'] = userId //User who shared the note
newNoteShare['user_id'] = shareUserId //User who gets note
//Setup db colums, db values and number of '?' to put into prepared statement
let dbColumns = []
let dbValues = []
let escapeChars = []
//Pull out all the data we need from object to create prepared statemnt
Object.keys(newNoteShare).forEach( key => {
escapeChars.push('?')
dbColumns.push(key)
dbValues.push(newNoteShare[key])
})
//Stick all the note value back into query, insert updated note
return db.promise()
.query(`INSERT INTO note (${dbColumns.join()}) VALUES (${escapeChars.join()})`, dbValues)
})
.then((rows, fields) => {
//Update note share status to 2
return db.promise()
.query('UPDATE note SET shared = 2 WHERE id = ?', [noteId])
//Update note snippet for current user with public key encoded snippet
return db.promise().query('UPDATE note SET snippet = ?, snippet_salt = ?, encrypted_share_password_key = ? WHERE id = ? AND user_id = ?',
[encryptedSnippet, sharedNoteSnippetSalt, encryptedSharedKey, noteId, userId])
})
.then((rows, fields) => {
//Success!
return resolve({'success':true, shareUserId})
return User.getPublicKey(shareUserId)
})
.then(shareUserPublicKey => {
//New Encrypted snippet, using new shared password
const newSnippetSalt = cs.createSmallSalt()
const snippet = JSON.stringify([note.title, note.text.substring(0, 500)])
const encryptedSnippet = cs.encrypt(sharedNoteMasterKey, newSnippetSalt, snippet)
//Encrypt shared password for this user
const encryptedSharedKey = crypto.publicEncrypt(shareUserPublicKey, Buffer.from(sharedNoteMasterKey, 'utf8')).toString('base64')
//Insert new note for shared user
return db.promise().query(`
INSERT INTO note (user_id, note_raw_text_id, created, color, share_user_id, snippet, snippet_salt, encrypted_share_password_key) VALUES (?,?,?,?,?,?,?,?);
`, [shareUserId, note.rawTextId, note.created, note.color, userId, encryptedSnippet, newSnippetSalt, encryptedSharedKey])
})
.then((rows, fields) => {
let success = true
return resolve({success, shareUserId})
})
.catch(error => {
console.log('Shared Note Error')
console.log(error)
resolve(false)
})
})
}

20
server/models/Tag.js
View File

@@ -20,26 +20,8 @@ Tag.userTags = (userId, searchQuery, searchTags, fastFilters) => {
WHERE note_tag.user_id = ?
`
//Show shared notes
if(fastFilters && fastFilters.onlyShowSharedNotes == 1){
query += ' AND note.share_user_id IS NOT NULL' //Show Archived
} else {
query += ' AND note.share_user_id IS NULL'
}
if(fastFilters && fastFilters.onlyShowEncrypted == 1){
query += ' AND note.encrypted = 1' //Show Archived
}
//Show archived notes, only if fast filter is set, default to not archived
if(fastFilters && fastFilters.onlyArchived == 1){
query += ' AND note.archived = 1' //Show Archived
} else {
query += ' AND note.archived = 0' //Exclude archived
}
query += ` GROUP BY tag.id
ORDER BY usages DESC, text ASC`
ORDER BY LOWER(TRIM(text)) ASC`
db.promise()

170
server/models/User.js
View File

@@ -1,4 +1,4 @@
var crypto = require('crypto')
const crypto = require('crypto')
const Note = require('@models/Note')
@@ -30,9 +30,10 @@ User.login = (username, password) => {
})
}
if(lookedUpUser && lookedUpUser.salt){
if(rows[0].length == 1){
//hash the password and check for a match
const salt = new Buffer(lookedUpUser.salt, 'binary')
// const salt = new Buffer(lookedUpUser.salt, 'binary')
const salt = Buffer.from(lookedUpUser.salt, 'binary')
crypto.pbkdf2(password, salt, lookedUpUser.iterations, 512, 'sha512', function(err, delivered_key){
if(delivered_key.toString('hex') === lookedUpUser.password){
@@ -40,9 +41,14 @@ User.login = (username, password) => {
.then( result => User.getMasterKey(lookedUpUser.id, password))
.then(masterKey => {
//Passback a json web token
const token = Auth.createToken(lookedUpUser.id, masterKey)
resolve({ token: token, userId:lookedUpUser.id })
User.generateKeypair(lookedUpUser.id, masterKey)
.then(({publicKey, privateKey}) => {
//Passback a json web token
const token = Auth.createToken(lookedUpUser.id, masterKey)
resolve({ token: token, userId:lookedUpUser.id })
})
})
} else {
@@ -80,7 +86,7 @@ User.create = (username, password) => {
shasum.update(''+otherRandomInt) //Update Hasd
const saltString = shasum.digest('hex')
const salt = new Buffer(saltString, 'binary') //Generate Salt hash
const salt = Buffer.from(saltString, 'binary') //Generate Salt hash
const iterations = 25000
crypto.pbkdf2(password, salt, iterations, 512, 'sha512', function(err, delivered_key) {
@@ -108,8 +114,14 @@ User.create = (username, password) => {
.then( result => User.getMasterKey(userId, password))
.then(masterKey => {
const token = Auth.createToken(userId, masterKey)
return resolve({token, userId})
User.generateKeypair(userId, masterKey)
.then(({publicKey, privateKey}) => {
const token = Auth.createToken(userId, masterKey)
return resolve({token, userId})
})
})
} else {
@@ -202,7 +214,6 @@ User.generateMasterKey = (userId, password) => {
} else {
// Generate user key, its big and random
const masterPassword = cs.createSmallSalt()
console.log('Generating new key for user', userId)
//Generate a salt because it wants it
const salt = cs.createSmallSalt()
@@ -261,4 +272,143 @@ User.getMasterKey = (userId, password) => {
})
})
}
User.generateKeypair = (userId, masterKey) => {
let publicKey = null
let privateKey = null
return new Promise((resolve, reject) => {
db.promise().query('SELECT * FROM user_key WHERE user_id = ?', [userId])
.then((rows, fields) => {
const row = rows[0][0]
const salt = row['salt']
publicKey = row['public_key']
privateKey = row['private_key_encrypted']
if(row['public_key'] == null){
const keyPair = crypto.generateKeyPairSync('rsa', {
modulusLength: 1024,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
})
publicKey = keyPair.publicKey
privateKey = keyPair.privateKey
const privateKeyEncrypted = cs.encrypt(masterKey, salt, privateKey)
db.promise()
.query(
'UPDATE user_key SET `public_key` = ?, `private_key_encrypted` = ? WHERE user_id = ?;',
[publicKey, privateKeyEncrypted, userId]
)
.then((rows, fields)=>{
return resolve({publicKey, privateKey})
})
} else {
//Decrypt private key
privateKey = cs.decrypt(masterKey, salt, privateKey)
return resolve({publicKey, privateKey})
}
})
})
}
User.getPublicKey = (userId) => {
return new Promise((resolve, reject) => {
db.promise().query('SELECT public_key FROM user_key WHERE user_id = ?', [userId])
.then((rows, fields) => {
const row = rows[0][0]
return resolve(row['public_key'])
})
})
}
User.getPrivateKey = (userId, masterKey) => {
return new Promise((resolve, reject) => {
db.promise().query('SELECT salt, private_key_encrypted FROM user_key WHERE user_id = ?', [userId])
.then((rows, fields) => {
const row = rows[0][0]
const salt = row['salt']
privateKey = row['private_key_encrypted']
//Decrypt private key
privateKey = cs.decrypt(masterKey, salt, privateKey)
return resolve(privateKey)
})
})
}
User.getByUserName = (username) => {
return new Promise((resolve, reject) => {
db.promise().query('SELECT * FROM user WHERE username = ? LIMIT 1', [username.toLowerCase()])
.then((rows, fields) => {
resolve(rows[0][0])
})
})
}
User.deleteUser = (userId, password) => {
//Verify user is correct by decryptig master key with password
//Delete user, all notes, all keys
}
User.keyPairTest = (testUserName = 'genMan', password = '1') => {
return new Promise((resolve, reject) => {
let masterKey = null
let testUserId = null
User.login(testUserName, password)
.then( ({ token, userId }) => {
testUserId = userId
console.log('Test: Create/Login User - Pass')
return User.getMasterKey(testUserId, password)
})
.then(newMasterKey => {
masterKey = newMasterKey
console.log('Test: Generate/Decrypt Master Key - Pass')
return User.generateKeypair(testUserId, masterKey)
})
.then(({publicKey, privateKey}) => {
const publicKeyMessage = 'Test: Public key decrypt - Pass'
const privateKeyMessage = 'Test: Private key decrypt - Pass'
//Encrypt Message with private Key
const privateKeyEncrypted = crypto.privateEncrypt(privateKey, Buffer.from(privateKeyMessage, 'utf8')).toString('base64')
const decryptedPrivate = crypto.publicDecrypt(publicKey, Buffer.from(privateKeyEncrypted, 'base64'))
//Conver back to a string
console.log(decryptedPrivate.toString('utf8'))
//Encrypt with public key
const pubEncrMsc = crypto.publicEncrypt(publicKey, Buffer.from(publicKeyMessage, 'utf8')).toString('base64')
const publicDeccryptMessage = crypto.privateDecrypt(privateKey, Buffer.from(pubEncrMsc, 'base64') )
//Convert it back to string
console.log(publicDeccryptMessage.toString('utf8'))
resolve({testUserId, masterKey})
})
})
}

15
server/routes/noteController.js
View File

@@ -1,8 +1,9 @@
var express = require('express')
var router = express.Router()
let Notes = require('@models/Note');
let ShareNote = require('@models/ShareNote');
let Notes = require('@models/Note')
let User = require('@models/User')
let ShareNote = require('@models/ShareNote')
let userId = null
let masterKey = null
@@ -21,7 +22,7 @@ router.use(function setUserId (req, res, next) {
// Note actions
//
router.post('/get', function (req, res) {
Notes.get(userId, req.body.noteId, req.body.password, masterKey)
Notes.get(userId, req.body.noteId, masterKey)
.then( data => {
res.send(data)
})
@@ -38,7 +39,7 @@ router.post('/create', function (req, res) {
})
router.post('/update', function (req, res) {
Notes.update(req.io, userId, req.body.noteId, req.body.text, req.body.title, req.body.color, req.body.pinned, req.body.archived, req.body.password, req.body.hint, masterKey)
Notes.update(req.io, userId, req.body.noteId, req.body.text, req.body.title, req.body.color, req.body.pinned, req.body.archived, req.body.hash, masterKey)
.then( id => res.send({id}) )
})
@@ -90,7 +91,11 @@ router.post('/getshareusers', function (req, res) {
})
router.post('/shareadduser', function (req, res) {
ShareNote.addUser(userId, req.body.noteId, req.body.rawTextId, req.body.username)
// ShareNote.addUser(userId, req.body.noteId, req.body.rawTextId, req.body.username, masterKey)
User.getByUserName(req.body.username)
.then( user => {
return ShareNote.migrateNoteToShared(userId, req.body.noteId, user.id, masterKey)
})
.then( ({success, shareUserId}) => {
//Emit update count event to user shared with - so they see the note in real time