apps/ignis-server/server/plugins/headless-sync/auth.js

const fs = require("fs");
const path = require("path");
const { getObHome } = require("./ob-cli");

function getObAuthFile(dataDir) {
  return path.join(
    getObHome(dataDir),
    ".config",
    "obsidian-headless",
    "auth_token",
  );
}

function getInternalTokenFile(dataDir) {
  return path.join(dataDir, "auth-token.json");
}

function loadToken(dataDir) {
  const internalFile = getInternalTokenFile(dataDir);

  try {
    if (fs.existsSync(internalFile)) {
      const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));

      if (data && data.token) {
        syncToObCli(dataDir, data.token);
        return data;
      }
    }
  } catch {}

  // Fall back to ob CLI's own auth file
  const obAuthFile = getObAuthFile(dataDir);

  try {
    if (fs.existsSync(obAuthFile)) {
      const token = fs.readFileSync(obAuthFile, "utf-8").trim();

      if (token) {
        const data = { token };
        saveInternal(dataDir, data);
        return data;
      }
    }
  } catch {}

  return null;
}

function saveToken(dataDir, tokenData) {
  saveInternal(dataDir, tokenData);
  syncToObCli(dataDir, tokenData.token);
}

function clearToken(dataDir) {
  const internalFile = getInternalTokenFile(dataDir);

  try {
    if (fs.existsSync(internalFile)) {
      fs.unlinkSync(internalFile);
    }
  } catch {}

  const obAuthFile = getObAuthFile(dataDir);

  try {
    if (fs.existsSync(obAuthFile)) {
      fs.unlinkSync(obAuthFile);
    }
  } catch {}
}

function isAuthenticated(dataDir) {
  const internalFile = getInternalTokenFile(dataDir);

  try {
    if (fs.existsSync(internalFile)) {
      const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));
      return !!(data && data.token);
    }
  } catch {}

  return false;
}

function writeSecret(file, contents) {
  fs.writeFileSync(file, contents, { encoding: "utf-8", mode: 0o600 });

  try {
    fs.chmodSync(file, 0o600);
  } catch {}
}

function saveInternal(dataDir, tokenData) {
  const internalFile = getInternalTokenFile(dataDir);
  const dir = path.dirname(internalFile);

  if (!fs.existsSync(dir)) {
    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
  }

  writeSecret(internalFile, JSON.stringify(tokenData, null, 2));
}

function syncToObCli(dataDir, token) {
  const obAuthFile = getObAuthFile(dataDir);

  try {
    const dir = path.dirname(obAuthFile);

    if (!fs.existsSync(dir)) {
      fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
    }

    writeSecret(obAuthFile, token);
  } catch {}
}

function getTokenInfo(dataDir) {
  const internalFile = getInternalTokenFile(dataDir);

  try {
    if (fs.existsSync(internalFile)) {
      const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));

      if (data && data.token) {
        return { email: data.email || null, name: data.name || null };
      }
    }
  } catch {}

  return null;
}

module.exports = {
  loadToken,
  saveToken,
  clearToken,
  isAuthenticated,
  getTokenInfo,
};
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`const fs = require("fs");`
			`const path = require("path");`
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`const { getObHome } = require("./ob-cli");`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`function getObAuthFile(dataDir) {`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`return path.join(`
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`getObHome(dataDir),`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`".config",`
			`"obsidian-headless",`
			`"auth_token",`
			`);`
			`}`

			`function getInternalTokenFile(dataDir) {`
			`return path.join(dataDir, "auth-token.json");`
			`}`

			`function loadToken(dataDir) {`
			`const internalFile = getInternalTokenFile(dataDir);`

			`try {`
			`if (fs.existsSync(internalFile)) {`
			`const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));`

			`if (data && data.token) {`
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`syncToObCli(dataDir, data.token);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`return data;`
			`}`
			`}`
			`} catch {}`

			`// Fall back to ob CLI's own auth file`
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`const obAuthFile = getObAuthFile(dataDir);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00
			`try {`
			`if (fs.existsSync(obAuthFile)) {`
			`const token = fs.readFileSync(obAuthFile, "utf-8").trim();`

			`if (token) {`
			`const data = { token };`
			`saveInternal(dataDir, data);`
			`return data;`
			`}`
			`}`
			`} catch {}`

			`return null;`
			`}`

			`function saveToken(dataDir, tokenData) {`
			`saveInternal(dataDir, tokenData);`
improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`syncToObCli(dataDir, tokenData.token);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`}`

			`function clearToken(dataDir) {`
			`const internalFile = getInternalTokenFile(dataDir);`

			`try {`
			`if (fs.existsSync(internalFile)) {`
			`fs.unlinkSync(internalFile);`
			`}`
			`} catch {}`

improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`const obAuthFile = getObAuthFile(dataDir);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00
			`try {`
			`if (fs.existsSync(obAuthFile)) {`
			`fs.unlinkSync(obAuthFile);`
			`}`
			`} catch {}`
			`}`

			`function isAuthenticated(dataDir) {`
			`const internalFile = getInternalTokenFile(dataDir);`

			`try {`
			`if (fs.existsSync(internalFile)) {`
			`const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));`
			`return !!(data && data.token);`
			`}`
			`} catch {}`

			`return false;`
			`}`

headless-sync minor security improvements 2026-06-02 17:42:47 +02:00			`function writeSecret(file, contents) {`
			`fs.writeFileSync(file, contents, { encoding: "utf-8", mode: 0o600 });`

			`try {`
			`fs.chmodSync(file, 0o600);`
			`} catch {}`
			`}`

headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`function saveInternal(dataDir, tokenData) {`
			`const internalFile = getInternalTokenFile(dataDir);`
			`const dir = path.dirname(internalFile);`

			`if (!fs.existsSync(dir)) {`
headless-sync minor security improvements 2026-06-02 17:42:47 +02:00			`fs.mkdirSync(dir, { recursive: true, mode: 0o700 });`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`}`

headless-sync minor security improvements 2026-06-02 17:42:47 +02:00			`writeSecret(internalFile, JSON.stringify(tokenData, null, 2));`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`}`

improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`function syncToObCli(dataDir, token) {`
			`const obAuthFile = getObAuthFile(dataDir);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00
			`try {`
			`const dir = path.dirname(obAuthFile);`

			`if (!fs.existsSync(dir)) {`
headless-sync minor security improvements 2026-06-02 17:42:47 +02:00			`fs.mkdirSync(dir, { recursive: true, mode: 0o700 });`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`}`

headless-sync minor security improvements 2026-06-02 17:42:47 +02:00			`writeSecret(obAuthFile, token);`
headless-sync-server-plugin 2026-03-28 16:22:15 +01:00			`} catch {}`
			`}`

			`function getTokenInfo(dataDir) {`
			`const internalFile = getInternalTokenFile(dataDir);`

			`try {`
			`if (fs.existsSync(internalFile)) {`
			`const data = JSON.parse(fs.readFileSync(internalFile, "utf-8"));`

			`if (data && data.token) {`
			`return { email: data.email \|\| null, name: data.name \|\| null };`
			`}`
			`}`
			`} catch {}`

			`return null;`
			`}`

improve token management for headless sync cli 2026-05-17 22:11:17 +02:00			`module.exports = {`
			`loadToken,`
			`saveToken,`
			`clearToken,`
			`isAuthenticated,`
			`getTokenInfo,`
			`};`