* Added fake site warning

* Fixed a bunch of style bugs for chrome browsers
* Improved check box styles on desktop and mobile
* Touch up tool tip styles. Only dark now.
* Created a separate terms page
* Added 2FA auth token options to login
* Added tool tip displays to some buttons on editor
* Added pinned and archived options to overflow menu
* Changed shared note styles
* Disabled Scroll into view
* Made image display smaller when adding images to notes
* Added a last used color option
* Updated help page
* Fixed spelling error on terms page
* Added a big ass green label on the new note icon
* Scratch pad now opens a note, which is the scratch pad
* Added better 2fa guide
* Added change password option
* Added log out and log out all active sessions option
* Added strict rate limiting on login and register actions
* Added middleware to routes that force authentication to be accessed
* Fixed bug that was causing shared notes to appear empty
* Updated option now appears on shared notes after they are actually updated

server/routes/attachmentController.js

@@ -6,16 +6,23 @@ let router = express.Router()
 
 let Attachment = require('@models/Attachment')
 let Note = require('@models/Note')
+
 let userId = null
+let masterKey = null
 
 // middleware that is specific to this router
 router.use(function setUserId (req, res, next) {
-	if(userId = req.headers.userId){
+
+	//Session key is required to continue
+	if(!req.headers.sessionId){
+		next('Unauthorized')
+	}
+
+	if(req.headers.userId){
 		userId = req.headers.userId
 		masterKey = req.headers.masterKey
+		next()
 	}
-	
-	next()
 })
 
 router.post('/search', function (req, res) {

server/routes/noteController.js

@@ -10,12 +10,17 @@ let masterKey = null
 
 // middleware that is specific to this router
 router.use(function setUserId (req, res, next) {
+
+	//Session key is required to continue
+	if(!req.headers.sessionId){
+		next('Unauthorized')
+	}
+
 	if(req.headers.userId){
 		userId = req.headers.userId
 		masterKey = req.headers.masterKey
+		next()
 	}
-	
-	next()
 })
 
 //

server/routes/publicController.js

@@ -1,17 +1,60 @@
 var express = require('express')
 var router = express.Router()
+const rateLimit = require('express-rate-limit')
+
+const Note = require('@models/Note')
+const User = require('@models/User')
+
+
 
-let Note = require('@models/Note')
 
 //
 // Public Note action
 //
-router.post('/opensharednote', function (req, res) {
+const sharedNoteLimiter = rateLimit({
+	windowMs: 30 * 60 * 1000, //30 min window
+	max: 50, // start blocking after 50 requests
+	message:'Unable to open that many shared notes'
+})
+router.post('/opensharednote', sharedNoteLimiter, function (req, res) {
 	
 	Note.getShared(req.body.noteId, req.body.sharedKey)
 	.then(results => res.send(results))
 })
 
+//
+// Login User
+//
+const loginLimiter = rateLimit({
+	windowMs: 30 * 60 * 1000, // 30 min window
+	max: 25, // start blocking after 25 requests
+	message:'Please try to login again later'
+})
+router.post('/login', loginLimiter, function (req, res) {
+
+	User.login(req.body.username, req.body.password, req.body.authToken)
+	.then( returnData => {
+
+		res.send(returnData)
+	})
+})
+
+//
+// Register User
+//
+const registerLimiter = rateLimit({
+	windowMs: 60 * 60 * 1000, // 1 hour window
+	max: 5, // start blocking after 5 requests
+	message:'Please try again to create an acount in an hour'
+})
+router.post('/register', registerLimiter, function (req, res) {
+
+	User.register(req.body.username, req.body.password)
+	.then( returnData => {
+
+		res.send(returnData)
+	})
+})
 
 
 

server/routes/quicknoteController.js

@@ -6,13 +6,19 @@ let QuickNote = require('@models/QuickNote');
 let userId = null
 let masterKey = null
 
+// middleware that is specific to this router
 router.use(function setUserId (req, res, next) {
+
+	//Session key is required to continue
+	if(!req.headers.sessionId){
+		next('Unauthorized')
+	}
+
 	if(req.headers.userId){
 		userId = req.headers.userId
 		masterKey = req.headers.masterKey
+		next()
 	}
-	
-	next()
 })
 
 //Get quick note text

server/routes/tagController.js

@@ -1,16 +1,24 @@
 var express = require('express')
 var router = express.Router()
 
-let Tags = require('@models/Tag');
+let Tags = require('@models/Tag')
+
 let userId = null
+let masterKey = null
 
 // middleware that is specific to this router
 router.use(function setUserId (req, res, next) {
-	if(userId = req.headers.userId){
-		userId = req.headers.userId
+
+	//Session key is required to continue
+	if(!req.headers.sessionId){
+		next('Unauthorized')
+	}
+
+	if(req.headers.userId){
+		userId = req.headers.userId
+		masterKey = req.headers.masterKey
+		next()
 	}
-	
-	next()
 })
 
 //Get the latest notes the user has created

server/routes/userController.js

@@ -5,20 +5,24 @@ const User = require('@models/User')
 const Auth = require('@helpers/Auth')
 const cs = require('@helpers/CryptoString')
 
+let userId = null
+let masterKey = null
+
 // middleware that is specific to this router
-router.use(function timeLog (req, res, next) {
-	// console.log('Time: ', Date.now())
-	next()
+router.use(function setUserId (req, res, next) {
+
+	//Session key is required to continue
+	if(!req.headers.sessionId){
+		next('Unauthorized')
+	}
+
+	if(req.headers.userId){
+		userId = req.headers.userId
+		masterKey = req.headers.masterKey
+		next()
+	}
 })
 
-// Login User
-router.post('/login', function (req, res) {
-
-	User.login(req.body.username, req.body.password, req.body.authToken)
-	.then( returnData => {
-		res.send(returnData)
-	})
-})
 // Logout User
 router.post('/logout', function (req, res) {
 
@@ -28,19 +32,6 @@ router.post('/logout', function (req, res) {
 	})
 })
 
-// Register User
-router.post('/register', function (req, res) {
-
-	User.register(req.body.username, req.body.password)
-	.then( returnData => {
-
-		res.send(returnData)
-	})
-	.catch(e => {
-		res.send(false)
-	})
-})
-
 // change password
 router.post('/changepassword', function (req, res) {