* Added fake site warning

* Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated
2020-07-23 05:00:20 +00:00
parent a8a966866c
commit b34a62e114
24 changed files with 560 additions and 484 deletions
--- a/server/models/Note.js
+++ b/server/models/Note.js
@@ -449,8 +449,7 @@ Note.update = (userId, noteId, noteText, noteTitle, color, pinned, archived, has
 			//Shared notes use encrypted key - decrypt key then decrypt note
 			const encryptedShareKey = rows[0][0].encrypted_share_password_key
 			if(encryptedShareKey != null){
-				masterKey = crypto.privateDecrypt(userPrivateKey, 
-					Buffer.from(encryptedShareKey, 'base64') )
+				masterKey = crypto.privateDecrypt(userPrivateKey, Buffer.from(encryptedShareKey, 'base64') )
 			}

 			let encryptedNoteText = ''
@@ -475,10 +474,14 @@ Note.update = (userId, noteId, noteText, noteTitle, color, pinned, archived, has
 				for (var i = 0; i < rows[0].length; i++) {
 					const otherNote = rows[0][i]
 					//Re-encrypt for other user
-					const updatedSnippet = cs.encrypt(masterKey, otherNote.snippet_salt, snippet)
+					let updatedSnippet = '' //Default to no snippet
+					if(noteText.length > 500){
+						updatedSnippet = cs.encrypt(masterKey, otherNote.snippet_salt, snippet)
+					}
 					db.promise().query('UPDATE note SET snippet = ? WHERE id = ?', [updatedSnippet, otherNote.id])
-
-					SocketIo.to(otherNote['user_id']).emit('new_note_text_saved', {'noteId':otherNote.id, hash})
+					.then((rows, fields) => {
+						SocketIo.to(otherNote['user_id']).emit('new_note_text_saved', {'noteId':otherNote.id, hash})
+					})
 				}
 			})
 			
@@ -489,10 +492,13 @@ Note.update = (userId, noteId, noteText, noteTitle, color, pinned, archived, has
 		})
 		.then( (rows, fields) => {

+			//Set openend time to a minute ago
+			const theFuture = Math.round((+new Date)/1000) + 10
+
 			//Update other note attributes
 			return db.promise()
-			.query('UPDATE note SET pinned = ?, archived = ?, color = ?, snippet = ?, indexed = 0 WHERE id = ? AND user_id = ? LIMIT 1', 
-			[pinned, archived, color, noteSnippet, noteId, userId])
+			.query('UPDATE note SET pinned = ?, archived = ?, color = ?, snippet = ?, indexed = 0, opened = ? WHERE id = ? AND user_id = ? LIMIT 1', 
+			[pinned, archived, color, noteSnippet, theFuture, noteId, userId])

 		})
 		.then((rows, fields) => {
@@ -750,7 +756,6 @@ Note.get = (userId, noteId, masterKey) => {
 		})
 		.then((rows, fields) => {

-			const nowTime = Math.round((+new Date)/1000)
 			let noteLockedOut = false
 			let noteData = rows[0][0]
 			// const rawTextId = noteData['rawTextId']
@@ -776,6 +781,7 @@ Note.get = (userId, noteId, masterKey) => {
 			noteData.title = textObject[0]
 			noteData.text = textObject[1]

+			const nowTime = Math.round((+new Date)/1000)
 			db.promise().query(`UPDATE note SET opened = ? WHERE (id = ?)`, [nowTime, noteId])

 			//Return note data
@@ -1122,7 +1128,7 @@ Note.search = (userId, searchQuery, searchTags, fastFilters, masterKey) => {
 							}
 						}
 					} catch(err) {
-						console.log('Error opening note id -> ', note.id)
+						console.log('Error opening note id -> '+note.id+' for userId -> '+userId)
 						console.log(err)
 					}

--- a/server/models/User.js
+++ b/server/models/User.js
@@ -9,7 +9,7 @@ const speakeasy = require('speakeasy')

 let User = module.exports = {}

-const version = '3.1.5'
+const version = '3.1.6'

 //Login a user, if that user does not exist create them
 //Issues login token
@@ -498,6 +498,7 @@ User.deleteUser = (userId, password) => {
 	
 	let deletePromises = []

+	//Delete all notes and raw text
 	let noteDelete = db.promise().query(`
 		DELETE note, note_raw_text 
 		FROM note
@@ -506,12 +507,14 @@ User.deleteUser = (userId, password) => {
 	`,[userId])
 	deletePromises.push(noteDelete)

+	//Delete user entry
 	let userDelete = db.promise().query(`
 		DELETE FROM user WHERE id = ?
 	`,[userId])
 	deletePromises.push(userDelete)

-	let tables = ['user_key', 'user_encrypted_search_index', 'attachment']
+	//Delete user_key, encrypted search index
+	let tables = ['user_key', 'user_encrypted_search_index']
 	tables.forEach(tableName => {

 		const query = `DELETE FROM ${tableName} WHERE user_id = ?`
@@ -519,6 +522,8 @@ User.deleteUser = (userId, password) => {
 		deletePromises.push(deleteQuery)
 	})

+	//Remove all note attachments and files
+
 	return Promise.all(deletePromises)
 }