vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 7a3308200a4256c492010c519831bc12ae0076c8
parent 84a75c871bfb063d838d3db2eb1f07d93e2b3be8
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Fri, 16 Feb 2018 00:32:26 +0100

Finished work on ciphers (import, update, and the missing types)

Diffstat:

Msrc/api/core/ciphers.rs | 162++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------


Msrc/api/core/folders.rs | 4++++


Msrc/api/core/mod.rs | 1+


Msrc/db/models/cipher.rs | 10++++++----


4 files changed, 114 insertions(+), 63 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -81,19 +81,30 @@ struct CipherData {
     name: Option<String>,
     notes: Option<String>,
     favorite: Option<bool>,
+
     login: Option<Value>,
+    secureNote: Option<Value>,
     card: Option<Value>,
+    identity: Option<Value>,
+
     fields: Option<Vec<Value>>,
 }
 
 #[post("/ciphers", data = "<data>")]
 fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
-    let mut cipher = Cipher::new(headers.user.uuid.clone(),
-                                 data.type_,
-                                 data.favorite.unwrap_or(false));
+    let user_uuid = headers.user.uuid.clone();
+    let favorite = data.favorite.unwrap_or(false);
+    let mut cipher = Cipher::new(user_uuid, data.type_, favorite);
+
+    update_cipher_from_data(&mut cipher, &data, &headers, &conn)?;
+    cipher.save(&conn);
+
+    Ok(Json(cipher.to_json(&headers.host, &conn)))
+}
 
+fn update_cipher_from_data(cipher: &mut Cipher, data: &CipherData, headers: &Headers, conn: &DbConn) -> Result<(), BadRequest<Json>> {
     if let Some(ref folder_id) = data.folderId {
-        match Folder::find_by_uuid(folder_id, &conn) {
+        match Folder::find_by_uuid(folder_id, conn) {
             Some(folder) => {
                 if folder.user_uuid != headers.user.uuid {
                     err!("Folder is not owned by user")
@@ -106,63 +117,38 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Resul
     }
 
     if let Some(ref org_id) = data.organizationId {
+        // TODO: Check if user in org
         cipher.organization_uuid = Some(org_id.clone());
     }
 
-    cipher.data = match value_from_data(&data) {
-        Ok(value) => {
-            use serde_json;
-            println!("--- {:?}", serde_json::to_string(&value));
-            println!("--- {:?}", value.to_string());
-
-            value.to_string()
-        }
-        Err(msg) => err!(msg)
-    };
-
-    cipher.save(&conn);
-
-    Ok(Json(cipher.to_json(&headers.host, &conn)))
-}
-
-fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
     let mut values = json!({
         "Name": data.name,
         "Notes": data.notes
     });
 
-    match data.type_ {
-        1 /*Login*/ => {
-            let login_data = match data.login {
-                Some(ref login) => login.clone(),
-                None => return Err("Login data missing")
-            };
+    let type_data_opt = match data.type_ {
+        1 => data.login.clone(),
+        2 => data.secureNote.clone(),
+        3 => data.card.clone(),
+        4 => data.identity.clone(),
+        _ => err!("Invalid type")
+    };
 
-            if !copy_values(&login_data, &mut values) {
-                return Err("Login data invalid");
-            }
-        }
-        3 /*Card*/ => {
-            let card_data = match data.card {
-                Some(ref card) => card.clone(),
-                None => return Err("Card data missing")
-            };
-
-            if !copy_values(&card_data, &mut values) {
-                return Err("Card data invalid");
-            }
-        }
-        _ => return Err("Unknown type")
+    let type_data = match type_data_opt {
+        Some(data) => data,
+        None => err!("Data missing")
+    };
+
+    // Copy the type data and change the names to the correct case
+    if !copy_values(&type_data, &mut values) {
+        err!("Data invalid")
     }
 
     if let Some(ref fields) = data.fields {
         values["Fields"] = Value::Array(fields.iter().map(|f| {
-            use std::collections::BTreeMap;
-            use serde_json;
-
-            let empty_map: BTreeMap<String, Value> = BTreeMap::new();
-            let mut value = serde_json::to_value(empty_map).unwrap();
+            let mut value = empty_map_value();
 
+            // Copy every field object and change the names to the correct case
             copy_values(&f, &mut value);
 
             value
@@ -171,7 +157,16 @@ fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
         values["Fields"] = Value::Null;
     }
 
-    Ok(values)
+    cipher.data = values.to_string();
+
+    Ok(())
+}
+
+fn empty_map_value() -> Value {
+    use std::collections::BTreeMap;
+    use serde_json;
+
+    serde_json::to_value(BTreeMap::<String, Value>::new()).unwrap()
 }
 
 fn copy_values(from: &Value, to: &mut Value) -> bool {
@@ -188,11 +183,65 @@ fn copy_values(from: &Value, to: &mut Value) -> bool {
 }
 
 #[post("/ciphers/import", data = "<data>")]
-fn post_ciphers_import(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
-    println!("{:#?}", data);
-    err!("Not implemented")
+fn post_ciphers_import(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
+    let folders_value = data["folders"].as_array().unwrap();
+    let ciphers_value = data["ciphers"].as_array().unwrap();
+    let relations_value = data["folderRelationships"].as_array().unwrap();
+
+    // Read and create the folders
+    let folders: Vec<_> = folders_value.iter().map(|f| {
+        let name = f["name"].as_str().unwrap().to_string();
+        let mut folder = Folder::new(headers.user.uuid.clone(), name);
+        folder.save(&conn);
+        folder
+    }).collect();
+
+    // Read the relations between folders and ciphers
+    let relations = relations_value.iter().map(|r| r["value"].as_u64().unwrap() as usize);
+
+    // Read and create the ciphers
+    use serde::Deserialize;
+    ciphers_value.iter().zip(
relations).map(|(c, fp)| {
+        let folder_uuid = folders[fp].uuid.clone();
+        let data = CipherData::deserialize(c.clone()).unwrap();
+
+        let user_uuid = headers.user.uuid.clone();
+        let favorite = data.favorite.unwrap_or(false);
+        let mut cipher = Cipher::new(user_uuid, data.type_, favorite);
+
+        if update_cipher_from_data(&mut cipher, &data, &headers, &conn).is_err() { return; }
+
+        cipher.save(&conn);
+    });
+
+    Ok(())
 }
 
+#[post("/ciphers/<uuid>", data = "<data>")]
+fn post_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
+    put_cipher(uuid, data, headers, conn)
+}
+
+#[put("/ciphers/<uuid>", data = "<data>")]
+fn put_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
+    let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+        Some(cipher) => cipher,
+        None => err!("Cipher doesn't exist")
+    };
+
+    if cipher.user_uuid != headers.user.uuid {
+        err!("Cipher is not owned by user")
+    }
+
+    cipher.favorite = data.favorite.unwrap_or(false);
+
+    update_cipher_from_data(&mut cipher, &data, &headers, &conn)?;
+    cipher.save(&conn);
+
+    Ok(Json(cipher.to_json(&headers.host, &conn)))
+}
+
+
 #[post("/ciphers/<uuid>/attachment", format = "multipart/form-data", data = "<data>")]
 fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
     let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
@@ -264,14 +313,9 @@ fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn
     Ok(())
 }
 
-#[post("/ciphers/<uuid>")]
-fn post_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
-    put_cipher(uuid, headers, conn)
-}
-
-#[put("/ciphers/<uuid>")]
-fn put_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
-    err!("Not implemented")
+#[post("/ciphers/<uuid>/delete")]
+fn delete_cipher_post(uuid: String, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
+    delete_cipher(uuid, headers, conn)
 }
 
 #[delete("/ciphers/<uuid>")]
diff --git a/src/api/core/folders.rs b/src/api/core/folders.rs
@@ -94,6 +94,10 @@ fn delete_folder(uuid: String, headers: Headers, conn: DbConn) -> Result<(), Bad
         err!("Folder belongs to another user")
     }
 
+    if !Cipher::find_by_folder(&folder.uuid, &conn).is_empty() {
+        err!("Folder is not empty")
+    }
+
     folder.delete(&conn);
 
     Ok(())
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -31,6 +31,7 @@ pub fn routes() -> Vec<Route> {
         post_cipher,
         put_cipher,
         delete_cipher,
+        delete_cipher_post,
         delete_all,
 
         get_folders,
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
@@ -18,10 +18,6 @@ pub struct Cipher {
     pub folder_uuid: Option<String>,
     pub organization_uuid: Option<String>,
 
-    // Login = 1,
-    // SecureNote = 2,
-    // Card = 3,
-    // Identity = 4
     pub type_: i32,
 
     pub data: String,
@@ -113,4 +109,10 @@ impl Cipher {
             .filter(ciphers::user_uuid.eq(user_uuid))
             .load::<Self>(&**conn).expect("Error loading ciphers")
     }
+
+    pub fn find_by_folder(folder_uuid: &str, conn: &DbConn) -> Vec<Self> {
+        ciphers::table
+            .filter(ciphers::folder_uuid.eq(folder_uuid))
+            .load::<Self>(&**conn).expect("Error loading ciphers")
+    }
 }