vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 47a116bbee635426a94974c9a535699e8a44ad8e
parent 912901780eb2585ac0b182e72a0a05a30c3cdb96
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Thu, 15 Feb 2018 01:49:36 +0100

Get host from client and put it in the attachments URL (only the web vault works without indicating the host in the URL)

Diffstat:
MDockerfile | 5+----
Msrc/api/core/ciphers.rs | 12++++++------
Msrc/auth.rs | 9++++++++-
Msrc/db/models/attachment.rs | 4++--
Msrc/db/models/cipher.rs | 4++--
5 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile @@ -47,11 +47,8 @@ RUN mkdir /data VOLUME /data EXPOSE 80 -# Copies the files from the context (migrations, web-vault, ...) +# Copies the files from the context (env file and web-vault) # and the binary from the "build" stage to the current stage - -# TODO Only needs web-vault and .env -# COPY . . COPY .env . COPY web-vault ./web-vault COPY --from=build app/target/release/bitwarden_rs . diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -23,13 +23,13 @@ use CONFIG; #[get("/sync")] fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { - let user = headers.user; + let user = &headers.user; let folders = Folder::find_by_user(&user.uuid, &conn); let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect(); let ciphers = Cipher::find_by_user(&user.uuid, &conn); - let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect(); + let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect(); Ok(Json(json!({ "Profile": user.to_json(), @@ -49,7 +49,7 @@ fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn); - let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect(); + let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect(); Ok(Json(json!({ "Data": ciphers_json, @@ -68,7 +68,7 @@ fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadR err!("Cipher is not owned by user") } - Ok(Json(cipher.to_json(&conn))) + Ok(Json(cipher.to_json(&headers.host, &conn))) } #[derive(Deserialize, Debug)] @@ -122,7 +122,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Resul cipher.save(&conn); - Ok(Json(cipher.to_json(&conn))) + Ok(Json(cipher.to_json(&headers.host, &conn))) } fn value_from_data(data: &CipherData) -> Result<Value, &'static str> { @@ -229,7 +229,7 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers attachment.save(&conn); }); - Ok(Json(cipher.to_json(&conn))) + Ok(Json(cipher.to_json(&headers.host, &conn))) } #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")] diff --git a/src/auth.rs b/src/auth.rs @@ -94,6 +94,7 @@ use db::models::{User, Device}; pub struct Headers { pub device_type: Option<i32>, + pub host: String, pub device: Device, pub user: User, } @@ -111,6 +112,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers { _ => None // return err_handler!("Device-Type is invalid or missing") }; + // Get host + let host = match headers.get_one("Host") { + Some(host) => format!("http://{}", host), // TODO: Check if HTTPS + _ => String::new() // return err_handler!("Host is invalid or missing") + }; + // Get access_token let access_token: &str = match request.headers().get_one("Authorization") { Some(a) => { @@ -156,6 +163,6 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers { err_handler!("Invalid security stamp") } - Outcome::Success(Headers { device_type, device, user }) + Outcome::Success(Headers { device_type, host, device, user }) } } \ No newline at end of file diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs @@ -29,10 +29,10 @@ impl Attachment { format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id) } - pub fn to_json(&self) -> JsonValue { + pub fn to_json(&self, host: &str) -> JsonValue { use util::get_display_size; - let web_path = format!("/attachments/{}/{}", self.cipher_uuid, self.id); + let web_path = format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id); let display_size = get_display_size(self.file_size); json!({ diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs @@ -57,7 +57,7 @@ use db::schema::ciphers; /// Database methods impl Cipher { - pub fn to_json(&self, conn: &DbConn) -> JsonValue { + pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue { use serde_json; use util::format_date; use super::Attachment; @@ -65,7 +65,7 @@ impl Cipher { let data_json: JsonValue = serde_json::from_str(&self.data).unwrap(); let attachments = Attachment::find_by_cipher(&self.uuid, conn); - let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json()).collect(); + let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json(host)).collect(); json!({ "Id": self.uuid,