From 3faae63b849a1fabc31b823bb7af3a84d32256a7 Mon Sep 17 00:00:00 2001 From: zadam Date: Fri, 1 Jul 2022 00:01:29 +0200 Subject: [PATCH] set correct content type for error messages --- package-lock.json | 4 ++-- src/routes/api/export.js | 8 ++++++-- src/routes/api/files.js | 4 +++- src/routes/api/image.js | 8 +++++--- src/routes/api/note_revisions.js | 8 ++++++-- src/routes/custom.js | 8 ++++++-- src/routes/routes.js | 12 ++++++++++-- src/services/auth.js | 16 ++++++++++++---- src/share/routes.js | 30 +++++++++++++++++++++--------- 9 files changed, 71 insertions(+), 27 deletions(-) diff --git a/package-lock.json b/package-lock.json index a873e3fa7c..132da10159 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "trilium", - "version": "0.52.1-beta", + "version": "0.52.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "trilium", - "version": "0.52.1-beta", + "version": "0.52.3", "hasInstallScript": true, "license": "AGPL-3.0-only", "dependencies": { diff --git a/src/routes/api/export.js b/src/routes/api/export.js index fe772e4936..6acb19952d 100644 --- a/src/routes/api/export.js +++ b/src/routes/api/export.js @@ -15,7 +15,9 @@ function exportBranch(req, res) { const message = `Cannot export branch ${branchId} since it does not exist.`; log.error(message); - res.status(500).send(message); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send(message); return; } @@ -41,7 +43,9 @@ function exportBranch(req, res) { log.error(message + e.stack); - res.status(500).send(message); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send(message); } } diff --git a/src/routes/api/files.js b/src/routes/api/files.js index 3aa2d51b6b..d28e81169f 100644 --- a/src/routes/api/files.js +++ b/src/routes/api/files.js @@ -48,7 +48,9 @@ function downloadNoteFile(noteId, res, contentDisposition = true) { const note = becca.getNote(noteId); if (!note) { - return res.status(404).send(`Note ${noteId} doesn't exist.`); + return res.setHeader("Content-Type", "text/plain") + .status(404) + .send(`Note ${noteId} doesn't exist.`); } if (note.isProtected && !protectedSessionService.isProtectedSessionAvailable()) { diff --git a/src/routes/api/image.js b/src/routes/api/image.js index 7807f1fb92..f54395697b 100644 --- a/src/routes/api/image.js +++ b/src/routes/api/image.js @@ -20,20 +20,22 @@ function returnImage(req, res) { } /** - * special "image" type. the canvas is actually type application/json + * special "image" type. the canvas is actually type application/json * to avoid bitrot and enable usage as referenced image the svg is included. */ if (image.type === 'canvas') { const content = image.getContent(); try { const data = JSON.parse(content); - + const svg = data.svg || '' res.set('Content-Type', "image/svg+xml"); res.set("Cache-Control", "no-cache, no-store, must-revalidate"); res.send(svg); } catch(err) { - res.status(500).send("there was an error parsing excalidraw to svg"); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send("there was an error parsing excalidraw to svg"); } } else { res.set('Content-Type', image.mime); diff --git a/src/routes/api/note_revisions.js b/src/routes/api/note_revisions.js index 6052e99507..db1b65794c 100644 --- a/src/routes/api/note_revisions.js +++ b/src/routes/api/note_revisions.js @@ -65,11 +65,15 @@ function downloadNoteRevision(req, res) { const noteRevision = becca.getNoteRevision(req.params.noteRevisionId); if (noteRevision.noteId !== req.params.noteId) { - return res.status(400).send(`Note revision ${req.params.noteRevisionId} does not belong to note ${req.params.noteId}`); + return res.setHeader("Content-Type", "text/plain") + .status(400) + .send(`Note revision ${req.params.noteRevisionId} does not belong to note ${req.params.noteId}`); } if (noteRevision.isProtected && !protectedSessionService.isProtectedSessionAvailable()) { - return res.status(401).send("Protected session not available"); + return res.setHeader("Content-Type", "text/plain") + .status(401) + .send("Protected session not available"); } const filename = getRevisionFilename(noteRevision); diff --git a/src/routes/custom.js b/src/routes/custom.js index 9b19040538..7a6ee9c469 100644 --- a/src/routes/custom.js +++ b/src/routes/custom.js @@ -49,7 +49,9 @@ function handleRequest(req, res) { catch (e) { log.error(`Custom handler ${note.noteId} failed with ${e.message}`); - res.status(500).send(e.message); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send(e.message); } } else if (attr.name === 'customResourceProvider') { @@ -65,7 +67,9 @@ function handleRequest(req, res) { const message = `No handler matched for custom ${path} request.`; log.info(message); - res.status(404).send(message); + res.setHeader("Content-Type", "text/plain") + .status(404) + .send(message); } function register(router) { diff --git a/src/routes/routes.js b/src/routes/routes.js index b51f1a5214..b10ca45e96 100644 --- a/src/routes/routes.js +++ b/src/routes/routes.js @@ -120,6 +120,10 @@ function apiResultHandler(req, res, result) { function send(res, statusCode, response) { if (typeof response === 'string') { + if (statusCode >= 400) { + res.setHeader("Content-Type", "text/plain"); + } + res.status(statusCode).send(response); return response.length; @@ -167,7 +171,9 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio .catch(e => { log.error(`${method} ${path} threw exception: ` + e.stack); - res.status(500).send(e.message); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send(e.message); }); } else { @@ -180,7 +186,9 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio catch (e) { log.error(`${method} ${path} threw exception: ` + e.stack); - res.status(500).send(e.message); + res.setHeader("Content-Type", "text/plain") + .status(500) + .send(e.message); } }); } diff --git a/src/services/auth.js b/src/services/auth.js index 3b36fa51cb..331f1d252e 100644 --- a/src/services/auth.js +++ b/src/services/auth.js @@ -88,17 +88,23 @@ function checkEtapiToken(req, res, next) { function reject(req, res, message) { log.info(`${req.method} ${req.path} rejected with 401 ${message}`); - res.status(401).send(message); + res.setHeader("Content-Type", "text/plain") + .status(401) + .send(message); } function checkCredentials(req, res, next) { if (!sqlInit.isDbInitialized()) { - res.status(400).send('Database is not initialized yet.'); + res.setHeader("Content-Type", "text/plain") + .status(400) + .send('Database is not initialized yet.'); return; } if (!passwordService.isPasswordSet()) { - res.status(400).send('Password has not been set yet. Please set a password and repeat the action'); + res.setHeader("Content-Type", "text/plain") + .status(400) + .send('Password has not been set yet. Please set a password and repeat the action'); return; } @@ -109,7 +115,9 @@ function checkCredentials(req, res, next) { // username is ignored if (!passwordEncryptionService.verifyPassword(password)) { - res.status(401).send('Incorrect password'); + res.setHeader("Content-Type", "text/plain") + .status(401) + .send('Incorrect password'); } else { next(); diff --git a/src/share/routes.js b/src/share/routes.js index ce858ad6b0..74ff02e04f 100644 --- a/src/share/routes.js +++ b/src/share/routes.js @@ -39,9 +39,9 @@ function register(router) { addNoIndexHeader(note, res); if (note.hasLabel('shareRaw') || ['image', 'file'].includes(note.type)) { - res.setHeader('Content-Type', note.mime); + res.setHeader('Content-Type', note.mime) + .send(note.getContent()); - res.send(note.getContent()); return; } @@ -83,7 +83,9 @@ function register(router) { const note = shaca.getNote(noteId); if (!note) { - return res.status(404).send(`Note '${noteId}' not found`); + return res.setHeader("Content-Type", "text/plain") + .status(404) + .send(`Note '${noteId}' not found`); } addNoIndexHeader(note, res); @@ -98,7 +100,9 @@ function register(router) { const note = shaca.getNote(noteId); if (!note) { - return res.status(404).send(`Note '${noteId}' not found`); + return res.setHeader("Content-Type", "text/plain") + .status(404) + .send(`Note '${noteId}' not found`); } addNoIndexHeader(note, res); @@ -122,13 +126,17 @@ function register(router) { const image = shaca.getNote(req.params.noteId); if (!image) { - return res.status(404).send(`Note '${req.params.noteId}' not found`); + return res.setHeader('Content-Type', 'text/plain') + .status(404) + .send(`Note '${req.params.noteId}' not found`); } else if (!["image", "canvas"].includes(image.type)) { - return res.status(400).send("Requested note is not a shareable image"); + return res.setHeader('Content-Type', 'text/plain') + .status(400) + .send("Requested note is not a shareable image"); } else if (image.type === "canvas") { /** - * special "image" type. the canvas is actually type application/json + * special "image" type. the canvas is actually type application/json * to avoid bitrot and enable usage as referenced image the svg is included. */ const content = image.getContent(); @@ -141,7 +149,9 @@ function register(router) { res.set("Cache-Control", "no-cache, no-store, must-revalidate"); res.send(svg); } catch(err) { - res.status(500).send("there was an error parsing excalidraw to svg"); + res.setHeader('Content-Type', 'text/plain') + .status(500) + .send("there was an error parsing excalidraw to svg"); } } else { // normal image @@ -159,7 +169,9 @@ function register(router) { const note = shaca.getNote(noteId); if (!note) { - return res.status(404).send(`Note '${noteId}' not found`); + return res.setHeader('Content-Type', 'text/plain') + .status(404) + .send(`Note '${noteId}' not found`); } addNoIndexHeader(note, res);