Browse Source

Get host from client and put it in the attachments URL (only the web vault works without indicating the host in the URL)

pull/1/head
Daniel García 7 years ago
parent
commit
47a116bbee
  1. 5
      Dockerfile
  2. 12
      src/api/core/ciphers.rs
  3. 9
      src/auth.rs
  4. 4
      src/db/models/attachment.rs
  5. 4
      src/db/models/cipher.rs

5
Dockerfile

@ -47,11 +47,8 @@ RUN mkdir /data
VOLUME /data VOLUME /data
EXPOSE 80 EXPOSE 80
# Copies the files from the context (migrations, web-vault, ...) # Copies the files from the context (env file and web-vault)
# and the binary from the "build" stage to the current stage # and the binary from the "build" stage to the current stage
# TODO Only needs web-vault and .env
# COPY . .
COPY .env . COPY .env .
COPY web-vault ./web-vault COPY web-vault ./web-vault
COPY --from=build app/target/release/bitwarden_rs . COPY --from=build app/target/release/bitwarden_rs .

12
src/api/core/ciphers.rs

@ -23,13 +23,13 @@ use CONFIG;
#[get("/sync")] #[get("/sync")]
fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
let user = headers.user; let user = &headers.user;
let folders = Folder::find_by_user(&user.uuid, &conn); let folders = Folder::find_by_user(&user.uuid, &conn);
let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect(); let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();
let ciphers = Cipher::find_by_user(&user.uuid, &conn); let ciphers = Cipher::find_by_user(&user.uuid, &conn);
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect(); let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
Ok(Json(json!({ Ok(Json(json!({
"Profile": user.to_json(), "Profile": user.to_json(),
@ -49,7 +49,7 @@ fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn); let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn);
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect(); let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
Ok(Json(json!({ Ok(Json(json!({
"Data": ciphers_json, "Data": ciphers_json,
@ -68,7 +68,7 @@ fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadR
err!("Cipher is not owned by user") err!("Cipher is not owned by user")
} }
Ok(Json(cipher.to_json(&conn))) Ok(Json(cipher.to_json(&headers.host, &conn)))
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
@ -122,7 +122,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Resul
cipher.save(&conn); cipher.save(&conn);
Ok(Json(cipher.to_json(&conn))) Ok(Json(cipher.to_json(&headers.host, &conn)))
} }
fn value_from_data(data: &CipherData) -> Result<Value, &'static str> { fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
@ -229,7 +229,7 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
attachment.save(&conn); attachment.save(&conn);
}); });
Ok(Json(cipher.to_json(&conn))) Ok(Json(cipher.to_json(&headers.host, &conn)))
} }
#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")] #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")]

9
src/auth.rs

@ -94,6 +94,7 @@ use db::models::{User, Device};
pub struct Headers { pub struct Headers {
pub device_type: Option<i32>, pub device_type: Option<i32>,
pub host: String,
pub device: Device, pub device: Device,
pub user: User, pub user: User,
} }
@ -111,6 +112,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
_ => None // return err_handler!("Device-Type is invalid or missing") _ => None // return err_handler!("Device-Type is invalid or missing")
}; };
// Get host
let host = match headers.get_one("Host") {
Some(host) => format!("http://{}", host), // TODO: Check if HTTPS
_ => String::new() // return err_handler!("Host is invalid or missing")
};
// Get access_token // Get access_token
let access_token: &str = match request.headers().get_one("Authorization") { let access_token: &str = match request.headers().get_one("Authorization") {
Some(a) => { Some(a) => {
@ -156,6 +163,6 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
err_handler!("Invalid security stamp") err_handler!("Invalid security stamp")
} }
Outcome::Success(Headers { device_type, device, user }) Outcome::Success(Headers { device_type, host, device, user })
} }
} }

4
src/db/models/attachment.rs

@ -29,10 +29,10 @@ impl Attachment {
format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id) format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id)
} }
pub fn to_json(&self) -> JsonValue { pub fn to_json(&self, host: &str) -> JsonValue {
use util::get_display_size; use util::get_display_size;
let web_path = format!("/attachments/{}/{}", self.cipher_uuid, self.id); let web_path = format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id);
let display_size = get_display_size(self.file_size); let display_size = get_display_size(self.file_size);
json!({ json!({

4
src/db/models/cipher.rs

@ -57,7 +57,7 @@ use db::schema::ciphers;
/// Database methods /// Database methods
impl Cipher { impl Cipher {
pub fn to_json(&self, conn: &DbConn) -> JsonValue { pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue {
use serde_json; use serde_json;
use util::format_date; use util::format_date;
use super::Attachment; use super::Attachment;
@ -65,7 +65,7 @@ impl Cipher {
let data_json: JsonValue = serde_json::from_str(&self.data).unwrap(); let data_json: JsonValue = serde_json::from_str(&self.data).unwrap();
let attachments = Attachment::find_by_cipher(&self.uuid, conn); let attachments = Attachment::find_by_cipher(&self.uuid, conn);
let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json()).collect(); let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json(host)).collect();
json!({ json!({
"Id": self.uuid, "Id": self.uuid,

Loading…
Cancel
Save