vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 76687e2df7fd875b4cde4164dc1a4defc9665dd4
parent 920371929bc89f5000d26c55b834148b32c8058f
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun,  2 Jan 2022 23:46:23 +0100

Merge pull request #2188 from jjlin/icons

Add config option to set the HTTP redirect code for external icons
Diffstat:
M.env.template | 9++++++++-
Msrc/api/icons.rs | 9++++++++-
Msrc/config.rs | 13++++++++++++-
3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/.env.template b/.env.template @@ -135,13 +135,20 @@ ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. ## ## `internal` refers to Vaultwarden's built-in icon fetching implementation. -## If an external service is set, an icon request to Vaultwarden will return an HTTP 307 +## If an external service is set, an icon request to Vaultwarden will return an HTTP ## redirect to the corresponding icon at the external service. An external service may ## be useful if your Vaultwarden instance has no external network connectivity, or if ## you are concerned that someone may probe your instance to try to detect whether icons ## for certain sites have been cached. # ICON_SERVICE=internal +## Icon redirect code +## The HTTP status code to use for redirects to an external icon service. +## The supported codes are 307 (temporary) and 308 (permanent). +## Temporary redirects are useful while testing different icon services, but once a service +## has been decided on, consider using permanent redirects for cacheability. +# ICON_REDIRECT_CODE=307 + ## Disable icon downloading ## Set to true to disable icon downloading in the internal icon service. ## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external diff --git a/src/api/icons.rs b/src/api/icons.rs @@ -71,7 +71,14 @@ fn icon_redirect(domain: &str, template: &str) -> Option<Redirect> { } let url = template.replace("{}", domain); - Some(Redirect::temporary(url)) + match CONFIG.icon_redirect_code() { + 308 => Some(Redirect::permanent(url)), + 307 => Some(Redirect::temporary(url)), + _ => { + error!("Unexpected redirect code {}", CONFIG.icon_redirect_code()); + None + } + } } #[get("/<domain>/icon.png")] diff --git a/src/config.rs b/src/config.rs @@ -454,9 +454,14 @@ make_config! { /// To specify a custom icon service, set a URL template with exactly one instance of `{}`, /// which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. /// `internal` refers to Vaultwarden's built-in icon fetching implementation. If an external - /// service is set, an icon request to Vaultwarden will return an HTTP 307 redirect to the + /// service is set, an icon request to Vaultwarden will return an HTTP redirect to the /// corresponding icon at the external service. icon_service: String, false, def, "internal".to_string(); + /// Icon redirect code |> The HTTP status code to use for redirects to an external icon service. + /// The supported codes are 307 (temporary) and 308 (permanent). + /// Temporary redirects are useful while testing different icon services, but once a service + /// has been decided on, consider using permanent redirects for cacheability. + icon_redirect_code: u32, true, def, 307; /// Positive icon cache expiry |> Number of seconds to consider that an already cached icon is fresh. After this period, the icon will be redownloaded icon_cache_ttl: u64, true, def, 2_592_000; /// Negative icon cache expiry |> Number of seconds before trying to download an icon that failed again. @@ -693,6 +698,12 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { } } + // Check if the icon redirect code is valid + match cfg.icon_redirect_code { + 307 | 308 => (), + _ => err!("Only HTTP 307/308 redirects are supported"), + } + Ok(()) }