vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit c2ef331df9d2a1a3e50ed8129b07cca0a52e6f41
parent 5fef7983f4e3bc942ec0f029037454edfb057cad
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date:   Tue, 25 May 2021 23:15:24 -0700

Rework file ID generation

Diffstat:

Msrc/api/core/ciphers.rs | 4++--


Msrc/api/core/sends.rs | 2+-


Msrc/crypto.rs | 14++++++++++++--


3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -808,7 +808,7 @@ fn post_attachment_v2(
         err!("Cipher is not write accessible")
     }
 
-    let attachment_id = crypto::generate_file_id();
+    let attachment_id = crypto::generate_attachment_id();
     let data: AttachmentRequestData = data.into_inner().data;
     let attachment =
         Attachment::new(attachment_id.clone(), cipher.uuid.clone(), data.FileName, data.FileSize, Some(data.Key));
@@ -912,7 +912,7 @@ fn save_attachment(
                     // In the v2 API, we use the value from post_attachment_v2().
                     let file_id = match &attachment {
                         Some(attachment) => attachment.id.clone(), // v2 API
-                        None => crypto::generate_file_id(),        // Legacy API
+                        None => crypto::generate_attachment_id(),  // Legacy API
                     };
                     path = base_path.join(&file_id);
 
diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
@@ -173,7 +173,7 @@ fn post_send_file(data: Data, content_type: &ContentType, headers: Headers, conn
 
     // Create the Send
     let mut send = create_send(data.data, headers.user.uuid.clone())?;
-    let file_id = crate::crypto::generate_file_id();
+    let file_id = crate::crypto::generate_send_id();
 
     if send.atype != SendType::File as i32 {
         err!("Send content is not a file");
diff --git a/src/crypto.rs b/src/crypto.rs
@@ -51,8 +51,18 @@ pub fn get_random(mut array: Vec<u8>) -> Vec<u8> {
     array
 }
 
-pub fn generate_file_id() -> String {
-    HEXLOWER.encode(&get_random(vec![0; 16])) // 128 bits
+pub fn generate_id(num_bytes: usize) -> String {
+    HEXLOWER.encode(&get_random(vec![0; num_bytes]))
+}
+
+pub fn generate_send_id() -> String {
+    // Send IDs are globally scoped, so make them longer to avoid collisions.
+    generate_id(32) // 256 bits
+}
+
+pub fn generate_attachment_id() -> String {
+    // Attachment IDs are scoped to a cipher, so they can be smaller.
+    generate_id(10) // 80 bits
 }
 
 pub fn generate_token(token_size: u32) -> Result<String, Error> {