Browse Source

Get host from client and put it in the attachments URL (only the web vault works without indicating the host in the URL)

pull/1/head
Daniel García 7 years ago
parent
commit
47a116bbee
  1. 5
      Dockerfile
  2. 12
      src/api/core/ciphers.rs
  3. 9
      src/auth.rs
  4. 4
      src/db/models/attachment.rs
  5. 4
      src/db/models/cipher.rs

5
Dockerfile

@ -47,11 +47,8 @@ RUN mkdir /data
VOLUME /data
EXPOSE 80
# Copies the files from the context (migrations, web-vault, ...)
# Copies the files from the context (env file and web-vault)
# and the binary from the "build" stage to the current stage
# TODO Only needs web-vault and .env
# COPY . .
COPY .env .
COPY web-vault ./web-vault
COPY --from=build app/target/release/bitwarden_rs .

12
src/api/core/ciphers.rs

@ -23,13 +23,13 @@ use CONFIG;
#[get("/sync")]
fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
let user = headers.user;
let user = &headers.user;
let folders = Folder::find_by_user(&user.uuid, &conn);
let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();
let ciphers = Cipher::find_by_user(&user.uuid, &conn);
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect();
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
Ok(Json(json!({
"Profile": user.to_json(),
@ -49,7 +49,7 @@ fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn);
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect();
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
Ok(Json(json!({
"Data": ciphers_json,
@ -68,7 +68,7 @@ fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadR
err!("Cipher is not owned by user")
}
Ok(Json(cipher.to_json(&conn)))
Ok(Json(cipher.to_json(&headers.host, &conn)))
}
#[derive(Deserialize, Debug)]
@ -122,7 +122,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Resul
cipher.save(&conn);
Ok(Json(cipher.to_json(&conn)))
Ok(Json(cipher.to_json(&headers.host, &conn)))
}
fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
@ -229,7 +229,7 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
attachment.save(&conn);
});
Ok(Json(cipher.to_json(&conn)))
Ok(Json(cipher.to_json(&headers.host, &conn)))
}
#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")]

9
src/auth.rs

@ -94,6 +94,7 @@ use db::models::{User, Device};
pub struct Headers {
pub device_type: Option<i32>,
pub host: String,
pub device: Device,
pub user: User,
}
@ -111,6 +112,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
_ => None // return err_handler!("Device-Type is invalid or missing")
};
// Get host
let host = match headers.get_one("Host") {
Some(host) => format!("http://{}", host), // TODO: Check if HTTPS
_ => String::new() // return err_handler!("Host is invalid or missing")
};
// Get access_token
let access_token: &str = match request.headers().get_one("Authorization") {
Some(a) => {
@ -156,6 +163,6 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
err_handler!("Invalid security stamp")
}
Outcome::Success(Headers { device_type, device, user })
Outcome::Success(Headers { device_type, host, device, user })
}
}

4
src/db/models/attachment.rs

@ -29,10 +29,10 @@ impl Attachment {
format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id)
}
pub fn to_json(&self) -> JsonValue {
pub fn to_json(&self, host: &str) -> JsonValue {
use util::get_display_size;
let web_path = format!("/attachments/{}/{}", self.cipher_uuid, self.id);
let web_path = format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id);
let display_size = get_display_size(self.file_size);
json!({

4
src/db/models/cipher.rs

@ -57,7 +57,7 @@ use db::schema::ciphers;
/// Database methods
impl Cipher {
pub fn to_json(&self, conn: &DbConn) -> JsonValue {
pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue {
use serde_json;
use util::format_date;
use super::Attachment;
@ -65,7 +65,7 @@ impl Cipher {
let data_json: JsonValue = serde_json::from_str(&self.data).unwrap();
let attachments = Attachment::find_by_cipher(&self.uuid, conn);
let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json()).collect();
let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json(host)).collect();
json!({
"Id": self.uuid,

Loading…
Cancel
Save