diff --git a/Cargo.lock b/Cargo.lock index 72728273..2476f6a8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,17 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + [[package]] name = "ahash" version = "0.8.11" @@ -74,6 +85,12 @@ dependencies = [ "libc", ] +[[package]] +name = "anyhow" +version = "1.0.97" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f" + [[package]] name = "argon2" version = "0.5.3" @@ -311,6 +328,314 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +[[package]] +name = "aws-config" +version = "1.5.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "490aa7465ee685b2ced076bb87ef654a47724a7844e2c7d3af4e749ce5b875dd" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-sdk-sso", + "aws-sdk-ssooidc", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "hex", + "http 0.2.12", + "ring", + "time", + "tokio", + "tracing", + "url", + "zeroize", +] + +[[package]] +name = "aws-credential-types" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60e8f6b615cb5fc60a98132268508ad104310f0cfb25a1c22eee76efdf9154da" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "zeroize", +] + +[[package]] +name = "aws-runtime" +version = "1.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76dd04d39cc12844c0994f2c9c5a6f5184c22e9188ec1ff723de41910a21dcad" +dependencies = [ + "aws-credential-types", + "aws-sigv4", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http-body 0.4.6", + "once_cell", + "percent-encoding", + "pin-project-lite", + "tracing", + "uuid", +] + +[[package]] +name = "aws-sdk-sso" +version = "1.60.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60186fab60b24376d3e33b9ff0a43485f99efd470e3b75a9160c849741d63d56" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-ssooidc" +version = "1.61.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7033130ce1ee13e6018905b7b976c915963755aef299c1521897679d6cd4f8ef" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sts" +version = "1.61.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5c1cac7677179d622b4448b0d31bcb359185295dc6fca891920cfb17e2b5156" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sigv4" +version = "1.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bfe75fad52793ce6dec0dc3d4b1f388f038b5eb866c8d4d7f3a8e21b5ea5051" +dependencies = [ + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "form_urlencoded", + "hex", + "hmac", + "http 0.2.12", + "http 1.2.0", + "once_cell", + "percent-encoding", + "sha2", + "time", + "tracing", +] + +[[package]] +name = "aws-smithy-async" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa59d1327d8b5053c54bf2eaae63bf629ba9e904434d0835a28ed3c0ed0a614e" +dependencies = [ + "futures-util", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "aws-smithy-http" +version = "0.60.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7809c27ad8da6a6a68c454e651d4962479e81472aa19ae99e59f9aba1f9713cc" +dependencies = [ + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http-body 0.4.6", + "once_cell", + "percent-encoding", + "pin-project-lite", + "pin-utils", + "tracing", +] + +[[package]] +name = "aws-smithy-json" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "623a51127f24c30776c8b374295f2df78d92517386f77ba30773f15a30ce1422" +dependencies = [ + "aws-smithy-types", +] + +[[package]] +name = "aws-smithy-query" +version = "0.60.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb" +dependencies = [ + "aws-smithy-types", + "urlencoding", +] + +[[package]] +name = "aws-smithy-runtime" +version = "1.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d526a12d9ed61fadefda24abe2e682892ba288c2018bcb38b1b4c111d13f6d92" +dependencies = [ + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "fastrand", + "h2 0.3.26", + "http 0.2.12", + "http-body 0.4.6", + "http-body 1.0.1", + "httparse", + "hyper 0.14.32", + "hyper-rustls 0.24.2", + "once_cell", + "pin-project-lite", + "pin-utils", + "rustls 0.21.12", + "tokio", + "tracing", +] + +[[package]] +name = "aws-smithy-runtime-api" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92165296a47a812b267b4f41032ff8069ab7ff783696d217f0994a0d7ab585cd" +dependencies = [ + "aws-smithy-async", + "aws-smithy-types", + "bytes", + "http 0.2.12", + "http 1.2.0", + "pin-project-lite", + "tokio", + "tracing", + "zeroize", +] + +[[package]] +name = "aws-smithy-types" +version = "1.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7b8a53819e42f10d0821f56da995e1470b199686a1809168db6ca485665f042" +dependencies = [ + "base64-simd", + "bytes", + "bytes-utils", + "http 0.2.12", + "http 1.2.0", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "itoa", + "num-integer", + "pin-project-lite", + "pin-utils", + "ryu", + "serde", + "time", +] + +[[package]] +name = "aws-smithy-xml" +version = "0.60.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab0b0166827aa700d3dc519f72f8b3a91c35d0b8d042dc5d643a91e6f80648fc" +dependencies = [ + "xmlparser", +] + +[[package]] +name = "aws-types" +version = "1.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dfbd0a668309ec1f66c0f6bda4840dd6d4796ae26d699ebc266d7cc95c6d040f" +dependencies = [ + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "rustc_version", + "tracing", +] + +[[package]] +name = "backon" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49fef586913a57ff189f25c9b3d034356a5bf6b3fa9a7f067588fe1698ba1f5d" +dependencies = [ + "fastrand", + "gloo-timers", + "tokio", +] + [[package]] name = "backtrace" version = "0.3.74" @@ -344,6 +669,16 @@ version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64-simd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195" +dependencies = [ + "outref", + "vsimd", +] + [[package]] name = "base64ct" version = "1.6.0" @@ -393,6 +728,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-padding" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" +dependencies = [ + "generic-array", +] + [[package]] name = "blocking" version = "1.6.1" @@ -451,6 +795,16 @@ version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f61dac84819c6588b558454b194026eb1f09c293b9036ae9b159e74e73ab6cf9" +[[package]] +name = "bytes-utils" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35" +dependencies = [ + "bytes", + "either", +] + [[package]] name = "cached" version = "0.54.0" @@ -487,6 +841,15 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ade8366b8bd5ba243f0a58f036cc0ca8a2f069cff1a2351ef1cac6b083e16fc0" +[[package]] +name = "cbc" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" +dependencies = [ + "cipher", +] + [[package]] name = "cc" version = "1.2.15" @@ -502,6 +865,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + [[package]] name = "chrono" version = "0.4.39" @@ -510,8 +879,10 @@ checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825" dependencies = [ "android-tzdata", "iana-time-zone", + "js-sys", "num-traits", "serde", + "wasm-bindgen", "windows-targets 0.52.6", ] @@ -546,6 +917,16 @@ dependencies = [ "stacker", ] +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + [[package]] name = "codemap" version = "0.1.3" @@ -561,6 +942,32 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "const-random" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87e00182fe74b066627d63b85fd550ac2998d4b0bd86bfed477a0ae4c7c71359" +dependencies = [ + "const-random-macro", +] + +[[package]] +name = "const-random-macro" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e" +dependencies = [ + "getrandom 0.2.15", + "once_cell", + "tiny-keccak", +] + [[package]] name = "cookie" version = "0.18.1" @@ -615,6 +1022,15 @@ dependencies = [ "libc", ] +[[package]] +name = "crc32c" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a47af21622d091a8f0fb295b88bc886ac74efcc613efc19f5d0b21de5c89e47" +dependencies = [ + "rustc_version", +] + [[package]] name = "crc32fast" version = "1.4.2" @@ -641,6 +1057,12 @@ version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" +[[package]] +name = "crunchy" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43da5946c66ffcc7745f48db692ffbb10a83bfe0afd96235c5c2a4fb23994929" + [[package]] name = "crypto-common" version = "0.1.6" @@ -712,6 +1134,17 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c297a1c74b71ae29df00c3e22dd9534821d60eb9af5a0192823fa2acea70c2a" +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + [[package]] name = "deranged" version = "0.3.11" @@ -891,6 +1324,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", + "const-oid", "crypto-common", "subtle", ] @@ -906,6 +1340,15 @@ dependencies = [ "syn", ] +[[package]] +name = "dlv-list" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "442039f5147480ba31067cb00ada1adae6892028e40e45fc5de7b7df6dcc1b5f" +dependencies = [ + "const-random", +] + [[package]] name = "document-features" version = "0.2.11" @@ -1316,6 +1759,25 @@ dependencies = [ "phf", ] +[[package]] +name = "h2" +version = "0.3.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http 0.2.12", + "indexmap", + "slab", + "tokio", + "tokio-util", + "tracing", +] + [[package]] name = "h2" version = "0.4.8" @@ -1392,6 +1854,12 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + [[package]] name = "hickory-proto" version = "0.24.4" @@ -1446,6 +1914,15 @@ dependencies = [ "digest", ] +[[package]] +name = "home" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "hostname" version = "0.3.1" @@ -1555,6 +2032,7 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", + "h2 0.3.26", "http 0.2.12", "http-body 0.4.6", "httparse", @@ -1577,7 +2055,7 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "h2", + "h2 0.4.8", "http 1.2.0", "http-body 1.0.1", "httparse", @@ -1588,6 +2066,22 @@ dependencies = [ "want", ] +[[package]] +name = "hyper-rustls" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +dependencies = [ + "futures-util", + "http 0.2.12", + "hyper 0.14.32", + "log", + "rustls 0.21.12", + "rustls-native-certs", + "tokio", + "tokio-rustls 0.24.1", +] + [[package]] name = "hyper-rustls" version = "0.27.5" @@ -1603,6 +2097,7 @@ dependencies = [ "tokio", "tokio-rustls 0.26.1", "tower-service", + "webpki-roots", ] [[package]] @@ -1825,6 +2320,16 @@ version = "0.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb" +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "block-padding", + "generic-array", +] + [[package]] name = "ipconfig" version = "0.3.2" @@ -1925,6 +2430,9 @@ name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] [[package]] name = "lettre" @@ -2080,6 +2588,16 @@ dependencies = [ "regex-automata 0.1.10", ] +[[package]] +name = "md-5" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" +dependencies = [ + "cfg-if", + "digest", +] + [[package]] name = "memchr" version = "2.7.4" @@ -2245,6 +2763,23 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "smallvec", + "zeroize", +] + [[package]] name = "num-conv" version = "0.1.0" @@ -2271,6 +2806,17 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-modular" version = "0.6.1" @@ -2293,6 +2839,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -2329,6 +2876,35 @@ version = "1.20.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e" +[[package]] +name = "opendal" +version = "0.51.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b1063ea459fa9e94584115743b06330f437902dd1d9f692b863ef1875a20548" +dependencies = [ + "anyhow", + "async-trait", + "backon", + "base64 0.22.1", + "bytes", + "chrono", + "crc32c", + "futures", + "getrandom 0.2.15", + "http 1.2.0", + "log", + "md-5", + "once_cell", + "percent-encoding", + "quick-xml 0.36.2", + "reqsign", + "reqwest", + "serde", + "serde_json", + "tokio", + "uuid", +] + [[package]] name = "openssl" version = "0.10.71" @@ -2383,6 +2959,22 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "ordered-multimap" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49203cdcae0030493bad186b28da2fa25645fa276a51b6fec8010d281e02ef79" +dependencies = [ + "dlv-list", + "hashbrown 0.14.5", +] + +[[package]] +name = "outref" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" + [[package]] name = "overload" version = "0.1.1" @@ -2444,6 +3036,16 @@ version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" +[[package]] +name = "pbkdf2" +version = "0.12.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" +dependencies = [ + "digest", + "hmac", +] + [[package]] name = "pear" version = "0.2.9" @@ -2477,6 +3079,15 @@ dependencies = [ "serde", ] +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.1" @@ -2609,6 +3220,44 @@ dependencies = [ "futures-io", ] +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs5" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" +dependencies = [ + "aes", + "cbc", + "der", + "pbkdf2", + "scrypt", + "sha2", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "pkcs5", + "rand_core 0.6.4", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.31" @@ -2729,6 +3378,78 @@ version = "1.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" +[[package]] +name = "quick-xml" +version = "0.35.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86e446ed58cef1bbfe847bc2fda0e2e4ea9f0e57b90c507d4781292590d72a4e" +dependencies = [ + "memchr", + "serde", +] + +[[package]] +name = "quick-xml" +version = "0.36.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7649a7b4df05aed9ea7ec6f628c67c9953a43869b8bc50929569b2999d443fe" +dependencies = [ + "memchr", + "serde", +] + +[[package]] +name = "quinn" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef" +dependencies = [ + "bytes", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls 0.23.23", + "socket2", + "thiserror 2.0.11", + "tokio", + "tracing", +] + +[[package]] +name = "quinn-proto" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d" +dependencies = [ + "bytes", + "getrandom 0.2.15", + "rand 0.8.5", + "ring", + "rustc-hash", + "rustls 0.23.23", + "rustls-pki-types", + "slab", + "thiserror 2.0.11", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e46f3055866785f6b92bc6164b76be02ca8f2eb4b002c0354b28cf4c119e5944" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.59.0", +] + [[package]] name = "quote" version = "1.0.38" @@ -2886,6 +3607,12 @@ dependencies = [ "regex-syntax 0.8.5", ] +[[package]] +name = "regex-lite" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" + [[package]] name = "regex-syntax" version = "0.6.29" @@ -2909,6 +3636,38 @@ dependencies = [ "signal-hook", ] +[[package]] +name = "reqsign" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb0075a66c8bfbf4cc8b70dca166e722e1f55a3ea9250ecbb85f4d92a5f64149" +dependencies = [ + "anyhow", + "async-trait", + "base64 0.22.1", + "chrono", + "form_urlencoded", + "getrandom 0.2.15", + "hex", + "hmac", + "home", + "http 1.2.0", + "jsonwebtoken", + "log", + "once_cell", + "percent-encoding", + "quick-xml 0.35.0", + "rand 0.8.5", + "reqwest", + "rsa", + "rust-ini", + "serde", + "serde_json", + "sha1", + "sha2", + "toml", +] + [[package]] name = "reqwest" version = "0.12.12" @@ -2924,12 +3683,12 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", - "h2", + "h2 0.4.8", "http 1.2.0", "http-body 1.0.1", "http-body-util", "hyper 1.6.0", - "hyper-rustls", + "hyper-rustls 0.27.5", "hyper-tls", "hyper-util", "ipnet", @@ -2940,7 +3699,10 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "quinn", + "rustls 0.23.23", "rustls-pemfile 2.2.0", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", @@ -2948,6 +3710,7 @@ dependencies = [ "system-configuration", "tokio", "tokio-native-tls", + "tokio-rustls 0.26.1", "tokio-socks", "tokio-util", "tower", @@ -2957,6 +3720,7 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams", "web-sys", + "webpki-roots", "windows-registry", ] @@ -3111,6 +3875,27 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "rsa" +version = "0.9.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core 0.6.4", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + [[package]] name = "rtoolbox" version = "0.0.2" @@ -3121,12 +3906,38 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "rust-ini" +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e310ef0e1b6eeb79169a1171daf9abcb87a2e17c03bee2c4bb100b55c75409f" +dependencies = [ + "cfg-if", + "ordered-multimap", + "trim-in-place", +] + [[package]] name = "rustc-demangle" version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "rustix" version = "0.38.44" @@ -3159,12 +3970,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395" dependencies = [ "once_cell", + "ring", "rustls-pki-types", "rustls-webpki 0.102.8", "subtle", "zeroize", ] +[[package]] +name = "rustls-native-certs" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" +dependencies = [ + "openssl-probe", + "rustls-pemfile 1.0.4", + "schannel", + "security-framework", +] + [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -3188,6 +4012,9 @@ name = "rustls-pki-types" version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c" +dependencies = [ + "web-time", +] [[package]] name = "rustls-webpki" @@ -3222,6 +4049,15 @@ version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd" +[[package]] +name = "salsa20" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" +dependencies = [ + "cipher", +] + [[package]] name = "same-file" version = "1.0.6" @@ -3261,6 +4097,17 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "scrypt" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" +dependencies = [ + "pbkdf2", + "salsa20", + "sha2", +] + [[package]] name = "sct" version = "0.7.1" @@ -3419,6 +4266,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core 0.6.4", +] + [[package]] name = "simple_asn1" version = "0.6.3" @@ -3477,6 +4334,16 @@ dependencies = [ "lock_api", ] +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable-pattern" version = "0.1.0" @@ -3696,6 +4563,15 @@ dependencies = [ "time-core", ] +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" +dependencies = [ + "crunchy", +] + [[package]] name = "tinystr" version = "0.7.6" @@ -3817,12 +4693,13 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.13" +version = "0.7.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" +checksum = "6b9590b93e6fcc1739458317cccd391ad3955e2bde8913edf6f95f9e65a8f034" dependencies = [ "bytes", "futures-core", + "futures-io", "futures-sink", "pin-project-lite", "tokio", @@ -3963,6 +4840,12 @@ dependencies = [ "tracing-log", ] +[[package]] +name = "trim-in-place" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "343e926fc669bc8cde4fa3129ab681c63671bae288b1f1081ceee6d9d37904fc" + [[package]] name = "try-lock" version = "0.2.5" @@ -4049,6 +4932,12 @@ dependencies = [ "serde", ] +[[package]] +name = "urlencoding" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" + [[package]] name = "utf-8" version = "0.7.6" @@ -4074,6 +4963,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "93d59ca99a559661b96bf898d8fce28ed87935fd2bea9f05983c1464dd6c71b1" dependencies = [ "getrandom 0.3.1", + "serde", ] [[package]] @@ -4092,7 +4982,10 @@ checksum = "3ef4c4aa54d5d05a279399bfa921ec387b7aba77caf7a682ae8d86785b8fdad2" name = "vaultwarden" version = "1.0.0" dependencies = [ + "anyhow", "argon2", + "aws-config", + "aws-credential-types", "bigdecimal", "bytes", "cached", @@ -4127,12 +5020,14 @@ dependencies = [ "num-derive", "num-traits", "once_cell", + "opendal", "openssl", "paste", "percent-encoding", "pico-args", "rand 0.9.0", "regex", + "reqsign", "reqwest", "ring", "rmpv", @@ -4146,6 +5041,7 @@ dependencies = [ "syslog", "time", "tokio", + "tokio-util", "totp-lite", "tracing", "url", @@ -4167,6 +5063,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "vsimd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" + [[package]] name = "walkdir" version = "2.5.0" @@ -4324,6 +5226,15 @@ dependencies = [ "url", ] +[[package]] +name = "webpki-roots" +version = "0.26.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2210b291f7ea53617fbafcc4939f10914214ec15aace5ba62293a668f322c5c9" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "which" version = "7.0.2" @@ -4625,6 +5536,12 @@ version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" +[[package]] +name = "xmlparser" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4" + [[package]] name = "yansi" version = "1.0.1" diff --git a/Cargo.toml b/Cargo.toml index 8fdd6866..c78443cd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,6 +31,7 @@ enable_mimalloc = ["dep:mimalloc"] # You also need to set an env variable `QUERY_LOGGER=1` to fully activate this so you do not have to re-compile # if you want to turn off the logging for a specific run. query_logger = ["dep:diesel_logger"] +s3 = ["opendal/services-s3", "dep:aws-config", "dep:aws-credential-types", "dep:anyhow", "dep:reqsign"] # Enable unstable features, requires nightly # Currently only used to enable rusts official ip support @@ -72,6 +73,7 @@ dashmap = "6.1.0" # Async futures futures = "0.3.31" tokio = { version = "1.43.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] } +tokio-util = { version = "0.7.14", features = ["compat"]} # A generic serialization/deserialization framework serde = { version = "1.0.218", features = ["derive"] } @@ -174,6 +176,15 @@ rpassword = "7.3.1" # Loading a dynamic CSS Stylesheet grass_compiler = { version = "0.13.4", default-features = false } +# File are accessed through Apache OpenDAL +opendal = { version = "0.51.2", features = ["services-fs"] } + +# For retrieving AWS credentials, including temporary SSO credentials +anyhow = { version = "1.0.96", optional = true } +aws-config = { version = "1.5.12", features = ["behavior-version-latest"], optional = true } +aws-credential-types = { version = "1.2.1", optional = true } +reqsign = { version = "0.16.1", optional = true } + [patch.crates-io] # Patch yubico to remove duplicate crates of older versions yubico = { git = "https://github.com/BlackDex/yubico-rs", rev = "00df14811f58155c0f02e3ab10f1570ed3e115c6" } diff --git a/build.rs b/build.rs index 07bd99a7..016cf313 100644 --- a/build.rs +++ b/build.rs @@ -11,6 +11,8 @@ fn main() { println!("cargo:rustc-cfg=postgresql"); #[cfg(feature = "query_logger")] println!("cargo:rustc-cfg=query_logger"); + #[cfg(feature = "s3")] + println!("cargo:rustc-cfg=s3"); #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))] compile_error!( @@ -23,6 +25,7 @@ fn main() { println!("cargo::rustc-check-cfg=cfg(mysql)"); println!("cargo::rustc-check-cfg=cfg(postgresql)"); println!("cargo::rustc-check-cfg=cfg(query_logger)"); + println!("cargo::rustc-check-cfg=cfg(s3)"); // Rerun when these paths are changed. // Someone could have checked-out a tag or specific commit, but no other files changed. diff --git a/src/api/admin.rs b/src/api/admin.rs index b3e703d9..6a0585ca 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -745,17 +745,17 @@ fn get_diagnostics_http(code: u16, _token: AdminToken) -> EmptyResult { } #[post("/config", format = "application/json", data = "")] -fn post_config(data: Json, _token: AdminToken) -> EmptyResult { +async fn post_config(data: Json, _token: AdminToken) -> EmptyResult { let data: ConfigBuilder = data.into_inner(); - if let Err(e) = CONFIG.update_config(data, true) { + if let Err(e) = CONFIG.update_config(data, true).await { err!(format!("Unable to save config: {e:?}")) } Ok(()) } #[post("/config/delete", format = "application/json")] -fn delete_config(_token: AdminToken) -> EmptyResult { - if let Err(e) = CONFIG.delete_user_config() { +async fn delete_config(_token: AdminToken) -> EmptyResult { + if let Err(e) = CONFIG.delete_user_config().await { err!(format!("Unable to delete config: {e:?}")) } Ok(()) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 6c75d246..24842046 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -11,10 +11,11 @@ use rocket::{ use serde_json::Value; use crate::auth::ClientVersion; -use crate::util::NumberOrString; +use crate::util::{save_temp_file, NumberOrString}; use crate::{ api::{self, core::log_event, EmptyResult, JsonResult, Notify, PasswordOrOtpData, UpdateType}, auth::Headers, + config::PathType, crypto, db::{models::*, DbConn, DbPool}, CONFIG, @@ -105,12 +106,7 @@ struct SyncData { } #[get("/sync?")] -async fn sync( - data: SyncData, - headers: Headers, - client_version: Option, - mut conn: DbConn, -) -> Json { +async fn sync(data: SyncData, headers: Headers, client_version: Option, mut conn: DbConn) -> JsonResult { let user_json = headers.user.to_json(&mut conn).await; // Get all ciphers which are visible by the user @@ -134,7 +130,7 @@ async fn sync( for c in ciphers { ciphers_json.push( c.to_json(&headers.host, &headers.user.uuid, Some(&cipher_sync_data), CipherSyncType::User, &mut conn) - .await, + .await?, ); } @@ -159,7 +155,7 @@ async fn sync( api::core::_get_eq_domains(headers, true).into_inner() }; - Json(json!({ + Ok(Json(json!({ "profile": user_json, "folders": folders_json, "collections": collections_json, @@ -168,11 +164,11 @@ async fn sync( "domains": domains_json, "sends": sends_json, "object": "sync" - })) + }))) } #[get("/ciphers")] -async fn get_ciphers(headers: Headers, mut conn: DbConn) -> Json { +async fn get_ciphers(headers: Headers, mut conn: DbConn) -> JsonResult { let ciphers = Cipher::find_by_user_visible(&headers.user.uuid, &mut conn).await; let cipher_sync_data = CipherSyncData::new(&headers.user.uuid, CipherSyncType::User, &mut conn).await; @@ -180,15 +176,15 @@ async fn get_ciphers(headers: Headers, mut conn: DbConn) -> Json { for c in ciphers { ciphers_json.push( c.to_json(&headers.host, &headers.user.uuid, Some(&cipher_sync_data), CipherSyncType::User, &mut conn) - .await, + .await?, ); } - Json(json!({ + Ok(Json(json!({ "data": ciphers_json, "object": "list", "continuationToken": null - })) + }))) } #[get("/ciphers/")] @@ -201,7 +197,7 @@ async fn get_cipher(cipher_id: CipherId, headers: Headers, mut conn: DbConn) -> err!("Cipher is not owned by user") } - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } #[get("/ciphers//admin")] @@ -339,7 +335,7 @@ async fn post_ciphers(data: Json, headers: Headers, mut conn: DbConn let mut cipher = Cipher::new(data.r#type, data.name.clone()); update_cipher_from_data(&mut cipher, data, &headers, None, &mut conn, &nt, UpdateType::SyncCipherCreate).await?; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } /// Enforces the personal ownership policy on user-owned ciphers, if applicable. @@ -676,7 +672,7 @@ async fn put_cipher( update_cipher_from_data(&mut cipher, data, &headers, None, &mut conn, &nt, UpdateType::SyncCipherUpdate).await?; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } #[post("/ciphers//partial", data = "")] @@ -714,7 +710,7 @@ async fn put_cipher_partial( // Update favorite cipher.set_favorite(Some(data.favorite), &headers.user.uuid, &mut conn).await?; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } #[derive(Deserialize)] @@ -825,7 +821,7 @@ async fn post_collections_update( ) .await; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } #[put("/ciphers//collections-admin", data = "")] @@ -1030,7 +1026,7 @@ async fn share_cipher_by_uuid( update_cipher_from_data(&mut cipher, data.cipher, headers, Some(shared_to_collections), conn, nt, ut).await?; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, conn).await?)) } /// v2 API for downloading an attachment. This just redirects the client to @@ -1055,7 +1051,7 @@ async fn get_attachment( } match Attachment::find_by_id(&attachment_id, &mut conn).await { - Some(attachment) if cipher_id == attachment.cipher_uuid => Ok(Json(attachment.to_json(&headers.host))), + Some(attachment) if cipher_id == attachment.cipher_uuid => Ok(Json(attachment.to_json(&headers.host).await?)), Some(_) => err!("Attachment doesn't belong to cipher"), None => err!("Attachment doesn't exist"), } @@ -1116,7 +1112,7 @@ async fn post_attachment_v2( "attachmentId": attachment_id, "url": url, "fileUploadType": FileUploadType::Direct as i32, - response_key: cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await, + response_key: cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?, }))) } @@ -1142,7 +1138,7 @@ async fn save_attachment( mut conn: DbConn, nt: Notify<'_>, ) -> Result<(Cipher, DbConn), crate::error::Error> { - let mut data = data.into_inner(); + let data = data.into_inner(); let Some(size) = data.data.len().to_i64() else { err!("Attachment data size overflow"); @@ -1269,13 +1265,7 @@ async fn save_attachment( attachment.save(&mut conn).await.expect("Error saving attachment"); } - let folder_path = tokio::fs::canonicalize(&CONFIG.attachments_folder()).await?.join(cipher_id.as_ref()); - let file_path = folder_path.join(file_id.as_ref()); - tokio::fs::create_dir_all(&folder_path).await?; - - if let Err(_err) = data.data.persist_to(&file_path).await { - data.data.move_copy_to(file_path).await? - } + save_temp_file(PathType::Attachments, &format!("{cipher_id}/{file_id}"), data.data, true).await?; nt.send_cipher_update( UpdateType::SyncCipherUpdate, @@ -1342,7 +1332,7 @@ async fn post_attachment( let (cipher, mut conn) = save_attachment(attachment, cipher_id, data, &headers, conn, nt).await?; - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &mut conn).await?)) } #[post("/ciphers//attachment-admin", format = "multipart/form-data", data = "")] @@ -1786,7 +1776,7 @@ async fn _restore_cipher_by_uuid( .await; } - Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, conn).await)) + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, conn).await?)) } async fn _restore_multiple_ciphers( diff --git a/src/api/core/emergency_access.rs b/src/api/core/emergency_access.rs index 8c6fcb65..39f7490a 100644 --- a/src/api/core/emergency_access.rs +++ b/src/api/core/emergency_access.rs @@ -582,7 +582,7 @@ async fn view_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut CipherSyncType::User, &mut conn, ) - .await, + .await?, ); } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index aabcc5e2..c5a84895 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -901,21 +901,26 @@ async fn get_org_details(data: OrgIdData, headers: OrgMemberHeaders, mut conn: D } Ok(Json(json!({ - "data": _get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await, + "data": _get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await?, "object": "list", "continuationToken": null, }))) } -async fn _get_org_details(org_id: &OrganizationId, host: &str, user_id: &UserId, conn: &mut DbConn) -> Value { +async fn _get_org_details( + org_id: &OrganizationId, + host: &str, + user_id: &UserId, + conn: &mut DbConn, +) -> Result { let ciphers = Cipher::find_by_org(org_id, conn).await; let cipher_sync_data = CipherSyncData::new(user_id, CipherSyncType::Organization, conn).await; let mut ciphers_json = Vec::with_capacity(ciphers.len()); for c in ciphers { - ciphers_json.push(c.to_json(host, user_id, Some(&cipher_sync_data), CipherSyncType::Organization, conn).await); + ciphers_json.push(c.to_json(host, user_id, Some(&cipher_sync_data), CipherSyncType::Organization, conn).await?); } - json!(ciphers_json) + Ok(json!(ciphers_json)) } #[derive(FromForm)] @@ -3317,7 +3322,7 @@ async fn get_org_export( "continuationToken": null, }, "ciphers": { - "data": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), + "data": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await?), "object": "list", "continuationToken": null, } @@ -3326,7 +3331,7 @@ async fn get_org_export( // v2023.1.0 and newer response Ok(Json(json!({ "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), - "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), + "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await?), }))) } } diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs index bf7a5ec8..19df42c1 100644 --- a/src/api/core/sends.rs +++ b/src/api/core/sends.rs @@ -1,4 +1,6 @@ +use std::error::Error as _; use std::path::Path; +use std::time::Duration; use chrono::{DateTime, TimeDelta, Utc}; use num_traits::ToPrimitive; @@ -11,8 +13,9 @@ use serde_json::Value; use crate::{ api::{ApiResult, EmptyResult, JsonResult, Notify, UpdateType}, auth::{ClientIp, Headers, Host}, + config::PathType, db::{models::*, DbConn, DbPool}, - util::NumberOrString, + util::{save_temp_file, NumberOrString}, CONFIG, }; @@ -210,7 +213,7 @@ async fn post_send_file(data: Form>, headers: Headers, mut conn: let UploadData { model, - mut data, + data, } = data.into_inner(); let model = model.into_inner(); @@ -250,13 +253,8 @@ async fn post_send_file(data: Form>, headers: Headers, mut conn: } let file_id = crate::crypto::generate_send_file_id(); - let folder_path = tokio::fs::canonicalize(&CONFIG.sends_folder()).await?.join(&send.uuid); - let file_path = folder_path.join(&file_id); - tokio::fs::create_dir_all(&folder_path).await?; - if let Err(_err) = data.persist_to(&file_path).await { - data.move_copy_to(file_path).await? - } + save_temp_file(PathType::Sends, &format!("{}/{file_id}", send.uuid), data, true).await?; let mut data_value: Value = serde_json::from_str(&send.data)?; if let Some(o) = data_value.as_object_mut() { @@ -363,7 +361,7 @@ async fn post_send_file_v2_data( ) -> EmptyResult { enforce_disable_send_policy(&headers, &mut conn).await?; - let mut data = data.into_inner(); + let data = data.into_inner(); let Some(send) = Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await else { err!("Send not found. Unable to save the file.", "Invalid send uuid or does not belong to user.") @@ -406,19 +404,29 @@ async fn post_send_file_v2_data( err!("Send file size does not match.", format!("Expected a file size of {} got {size}", send_data.size)); } - let folder_path = tokio::fs::canonicalize(&CONFIG.sends_folder()).await?.join(send_id); - let file_path = folder_path.join(file_id); + let file_path = format!("{send_id}/{file_id}"); - // Check if the file already exists, if that is the case do not overwrite it - if tokio::fs::metadata(&file_path).await.is_ok() { - err!("Send file has already been uploaded.", format!("File {file_path:?} already exists")) - } + save_temp_file(PathType::Sends, &file_path, data.data, false).await.map_err(|e| { + let was_file_exists_error = e + .source() + .and_then(|e| e.downcast_ref::()) + .and_then(|e| e.get_ref()) + .and_then(|e| e.downcast_ref::()) + .map(|e| e.kind() == opendal::ErrorKind::ConditionNotMatch) + .unwrap_or(false); - tokio::fs::create_dir_all(&folder_path).await?; + if was_file_exists_error { + return crate::Error::new( + "Send file has already been uploaded.", + format!("File {file_path:?} already exists"), + ); + } - if let Err(_err) = data.data.persist_to(&file_path).await { - data.data.move_copy_to(file_path).await? - } + crate::Error::new( + "Unexpected error while creating send file", + format!("Error while saving send file at path {file_path}: {e:?}"), + ) + })?; nt.send_send_update( UpdateType::SyncSendCreate, @@ -551,15 +559,26 @@ async fn post_access_file( ) .await; - let token_claims = crate::auth::generate_send_claims(&send_id, &file_id); - let token = crate::auth::encode_jwt(&token_claims); Ok(Json(json!({ "object": "send-fileDownload", "id": file_id, - "url": format!("{}/api/sends/{}/{}?t={}", &host.host, send_id, file_id, token) + "url": download_url(&host, &send_id, &file_id).await?, }))) } +async fn download_url(host: &Host, send_id: &SendId, file_id: &SendFileId) -> Result { + let operator = CONFIG.opendal_operator_for_path_type(PathType::Sends)?; + + if operator.info().scheme() == opendal::Scheme::Fs { + let token_claims = crate::auth::generate_send_claims(send_id, file_id); + let token = crate::auth::encode_jwt(&token_claims); + + Ok(format!("{}/api/sends/{}/{}?t={}", &host.host, send_id, file_id, token)) + } else { + Ok(operator.presign_read(&format!("{send_id}/{file_id}"), Duration::from_secs(5 * 60)).await?.uri().to_string()) + } +} + #[get("/sends//?")] async fn download_send(send_id: SendId, file_id: SendFileId, t: &str) -> Option { if let Ok(claims) = crate::auth::decode_send(t) { diff --git a/src/api/core/two_factor/duo.rs b/src/api/core/two_factor/duo.rs index aa281ae7..f46c1e90 100644 --- a/src/api/core/two_factor/duo.rs +++ b/src/api/core/two_factor/duo.rs @@ -258,7 +258,7 @@ pub(crate) async fn get_duo_keys_email(email: &str, conn: &mut DbConn) -> ApiRes } .map_res("Can't fetch Duo Keys")?; - Ok((data.ik, data.sk, CONFIG.get_duo_akey(), data.host)) + Ok((data.ik, data.sk, CONFIG.get_duo_akey().await, data.host)) } pub async fn generate_duo_signature(email: &str, conn: &mut DbConn) -> ApiResult<(String, String)> { diff --git a/src/api/icons.rs b/src/api/icons.rs index 0b437d53..187c635c 100644 --- a/src/api/icons.rs +++ b/src/api/icons.rs @@ -14,14 +14,11 @@ use reqwest::{ Client, Response, }; use rocket::{http::ContentType, response::Redirect, Route}; -use tokio::{ - fs::{create_dir_all, remove_file, symlink_metadata, File}, - io::{AsyncReadExt, AsyncWriteExt}, -}; use html5gum::{Emitter, HtmlString, Readable, StringReader, Tokenizer}; use crate::{ + config::PathType, error::Error, http_client::{get_reqwest_client_builder, should_block_address, CustomHttpClientError}, util::Cached, @@ -159,7 +156,7 @@ fn is_valid_domain(domain: &str) -> bool { } async fn get_icon(domain: &str) -> Option<(Vec, String)> { - let path = format!("{}/{}.png", CONFIG.icon_cache_folder(), domain); + let path = format!("{domain}.png"); // Check for expiration of negatively cached copy if icon_is_negcached(&path).await { @@ -181,7 +178,7 @@ async fn get_icon(domain: &str) -> Option<(Vec, String)> { // Get the icon, or None in case of error match download_icon(domain).await { Ok((icon, icon_type)) => { - save_icon(&path, &icon).await; + save_icon(&path, icon.to_vec()).await; Some((icon.to_vec(), icon_type.unwrap_or("x-icon").to_string())) } Err(e) => { @@ -194,7 +191,7 @@ async fn get_icon(domain: &str) -> Option<(Vec, String)> { warn!("Unable to download icon: {:?}", e); let miss_indicator = path + ".miss"; - save_icon(&miss_indicator, &[]).await; + save_icon(&miss_indicator, vec![]).await; None } } @@ -207,11 +204,9 @@ async fn get_cached_icon(path: &str) -> Option> { } // Try to read the cached icon, and return it if it exists - if let Ok(mut f) = File::open(path).await { - let mut buffer = Vec::new(); - - if f.read_to_end(&mut buffer).await.is_ok() { - return Some(buffer); + if let Ok(operator) = CONFIG.opendal_operator_for_path_type(PathType::IconCache) { + if let Ok(buf) = operator.read(path).await { + return Some(buf.to_vec()); } } @@ -219,9 +214,11 @@ async fn get_cached_icon(path: &str) -> Option> { } async fn file_is_expired(path: &str, ttl: u64) -> Result { - let meta = symlink_metadata(path).await?; - let modified = meta.modified()?; - let age = SystemTime::now().duration_since(modified)?; + let operator = CONFIG.opendal_operator_for_path_type(PathType::IconCache)?; + let meta = operator.stat(path).await?; + let modified = + meta.last_modified().ok_or_else(|| std::io::Error::other(format!("No last modified time for `{path}`")))?; + let age = SystemTime::now().duration_since(modified.into())?; Ok(ttl > 0 && ttl <= age.as_secs()) } @@ -233,8 +230,13 @@ async fn icon_is_negcached(path: &str) -> bool { match expired { // No longer negatively cached, drop the marker Ok(true) => { - if let Err(e) = remove_file(&miss_indicator).await { - error!("Could not remove negative cache indicator for icon {:?}: {:?}", path, e); + match CONFIG.opendal_operator_for_path_type(PathType::IconCache) { + Ok(operator) => { + if let Err(e) = operator.delete(&miss_indicator).await { + error!("Could not remove negative cache indicator for icon {:?}: {:?}", path, e); + } + } + Err(e) => error!("Could not remove negative cache indicator for icon {:?}: {:?}", path, e), } false } @@ -568,17 +570,17 @@ async fn download_icon(domain: &str) -> Result<(Bytes, Option<&str>), Error> { Ok((buffer, icon_type)) } -async fn save_icon(path: &str, icon: &[u8]) { - match File::create(path).await { - Ok(mut f) => { - f.write_all(icon).await.expect("Error writing icon file"); - } - Err(ref e) if e.kind() == std::io::ErrorKind::NotFound => { - create_dir_all(&CONFIG.icon_cache_folder()).await.expect("Error creating icon cache folder"); - } +async fn save_icon(path: &str, icon: Vec) { + let operator = match CONFIG.opendal_operator_for_path_type(PathType::IconCache) { + Ok(operator) => operator, Err(e) => { - warn!("Unable to save icon: {:?}", e); + warn!("Failed to get OpenDAL operator while saving icon: {e}"); + return; } + }; + + if let Err(e) = operator.write(path, icon).await { + warn!("Unable to save icon: {e:?}"); } } diff --git a/src/auth.rs b/src/auth.rs index 0fabd6a4..7194801f 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -7,16 +7,14 @@ use once_cell::sync::{Lazy, OnceCell}; use openssl::rsa::Rsa; use serde::de::DeserializeOwned; use serde::ser::Serialize; -use std::{ - env, - fs::File, - io::{Read, Write}, - net::IpAddr, -}; - -use crate::db::models::{ - AttachmentId, CipherId, CollectionId, DeviceId, EmergencyAccessId, MembershipId, OrgApiKeyId, OrganizationId, - SendFileId, SendId, UserId, +use std::{env, net::IpAddr}; + +use crate::{ + config::PathType, + db::models::{ + AttachmentId, CipherId, CollectionId, DeviceId, EmergencyAccessId, MembershipId, OrgApiKeyId, OrganizationId, + SendFileId, SendId, UserId, + }, }; use crate::{error::Error, CONFIG}; @@ -40,37 +38,44 @@ static JWT_REGISTER_VERIFY_ISSUER: Lazy = Lazy::new(|| format!("{}|regis static PRIVATE_RSA_KEY: OnceCell = OnceCell::new(); static PUBLIC_RSA_KEY: OnceCell = OnceCell::new(); -pub fn initialize_keys() -> Result<(), Error> { - fn read_key(create_if_missing: bool) -> Result<(Rsa, Vec), Error> { - let mut priv_key_buffer = Vec::with_capacity(2048); +pub async fn initialize_keys() -> Result<(), Error> { + async fn read_key(create_if_missing: bool) -> Result<(Rsa, Vec), std::io::Error> { + use std::io::{Error, ErrorKind}; - let mut priv_key_file = File::options() - .create(create_if_missing) - .truncate(false) - .read(true) - .write(create_if_missing) - .open(CONFIG.private_rsa_key())?; + let rsa_key_filename = std::path::PathBuf::from(CONFIG.private_rsa_key()) + .file_name() + .ok_or_else(|| Error::other("Private RSA key path missing filename"))? + .to_str() + .ok_or_else(|| Error::other("Private RSA key path filename is not valid UTF-8"))? + .to_string(); - #[allow(clippy::verbose_file_reads)] - let bytes_read = priv_key_file.read_to_end(&mut priv_key_buffer)?; + let operator = CONFIG.opendal_operator_for_path_type(PathType::RsaKey).map_err(Error::other)?; - let rsa_key = if bytes_read > 0 { - Rsa::private_key_from_pem(&priv_key_buffer[..bytes_read])? - } else if create_if_missing { - // Only create the key if the file doesn't exist or is empty - let rsa_key = Rsa::generate(2048)?; - priv_key_buffer = rsa_key.private_key_to_pem()?; - priv_key_file.write_all(&priv_key_buffer)?; - info!("Private key '{}' created correctly", CONFIG.private_rsa_key()); - rsa_key - } else { - err!("Private key does not exist or invalid format", CONFIG.private_rsa_key()); + let priv_key_buffer = match operator.read(&rsa_key_filename).await { + Ok(buffer) => Some(buffer), + Err(e) if e.kind() == opendal::ErrorKind::NotFound && create_if_missing => None, + Err(e) if e.kind() == opendal::ErrorKind::NotFound => { + return Err(Error::new(ErrorKind::NotFound, "Private key not found")) + } + Err(e) => return Err(Error::new(ErrorKind::InvalidData, format!("Error reading private key: {e}"))), }; - Ok((rsa_key, priv_key_buffer)) + if let Some(priv_key_buffer) = priv_key_buffer { + Ok((Rsa::private_key_from_pem(priv_key_buffer.to_vec().as_slice())?, priv_key_buffer.to_vec())) + } else { + let rsa_key = Rsa::generate(2048)?; + let priv_key_buffer = rsa_key.private_key_to_pem()?; + operator.write(&rsa_key_filename, priv_key_buffer).await?; + info!("Private key '{}' created correctly", CONFIG.private_rsa_key()); + Err(Error::new(ErrorKind::NotFound, "Private key created, forcing attempt to read it again")) + } } - let (priv_key, priv_key_buffer) = read_key(true).or_else(|_| read_key(false))?; + let (priv_key, priv_key_buffer) = match read_key(true).await { + Ok(key) => key, + Err(e) if e.kind() == std::io::ErrorKind::NotFound => read_key(false).await?, + Err(e) => return Err(e.into()), + }; let pub_key_buffer = priv_key.public_key_to_pem()?; let enc = EncodingKey::from_rsa_pem(&priv_key_buffer)?; diff --git a/src/config.rs b/src/config.rs index 6a06cac6..d0fe9029 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,9 +1,10 @@ use std::{ + collections::HashMap, env::consts::EXE_SUFFIX, process::exit, sync::{ atomic::{AtomicBool, Ordering}, - RwLock, + LazyLock, Mutex, RwLock, }, }; @@ -22,10 +23,32 @@ static CONFIG_FILE: Lazy = Lazy::new(|| { get_env("CONFIG_FILE").unwrap_or_else(|| format!("{data_folder}/config.json")) }); +static CONFIG_FILE_PARENT_DIR: LazyLock = LazyLock::new(|| { + let path = std::path::PathBuf::from(&*CONFIG_FILE); + path.parent().unwrap_or(std::path::Path::new("data")).to_str().unwrap_or("data").to_string() +}); + +static CONFIG_FILENAME: LazyLock = LazyLock::new(|| { + let path = std::path::PathBuf::from(&*CONFIG_FILE); + path.file_name().unwrap_or(std::ffi::OsStr::new("config.json")).to_str().unwrap_or("config.json").to_string() +}); + pub static SKIP_CONFIG_VALIDATION: AtomicBool = AtomicBool::new(false); pub static CONFIG: Lazy = Lazy::new(|| { - Config::load().unwrap_or_else(|e| { + std::thread::spawn(|| { + let rt = tokio::runtime::Builder::new_current_thread().enable_all().build().unwrap_or_else(|e| { + println!("Error loading config:\n {e:?}\n"); + exit(12) + }); + + rt.block_on(Config::load()).unwrap_or_else(|e| { + println!("Error loading config:\n {e:?}\n"); + exit(12) + }) + }) + .join() + .unwrap_or_else(|e| { println!("Error loading config:\n {e:?}\n"); exit(12) }) @@ -110,9 +133,12 @@ macro_rules! make_config { builder } - fn from_file(path: &str) -> Result { - let config_str = std::fs::read_to_string(path)?; - println!("[INFO] Using saved config from `{path}` for configuration.\n"); + async fn from_file() -> Result { + let operator = opendal_operator_for_path(&CONFIG_FILE_PARENT_DIR)?; + let config_bytes = operator.read(&CONFIG_FILENAME).await?; + let config_str = String::from_utf8(config_bytes.to_vec()) + .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e.to_string()))?; + println!("[INFO] Using saved config from `{}` for configuration.\n", *CONFIG_FILE); serde_json::from_str(&config_str).map_err(Into::into) } @@ -1132,11 +1158,96 @@ fn smtp_convert_deprecated_ssl_options(smtp_ssl: Option, smtp_explicit_tls "starttls".to_string() } +fn opendal_operator_for_path(path: &str) -> Result { + // Cache of previously built operators by path + static OPERATORS_BY_PATH: LazyLock>> = + LazyLock::new(|| Mutex::new(HashMap::new())); + + let mut operators_by_path = + OPERATORS_BY_PATH.lock().map_err(|e| format!("Failed to lock OpenDAL operators cache: {e}"))?; + + if let Some(operator) = operators_by_path.get(path) { + return Ok(operator.clone()); + } + + let operator = if path.starts_with("s3://") { + #[cfg(not(s3))] + return Err(opendal::Error::new(opendal::ErrorKind::ConfigInvalid, "S3 support is not enabled").into()); + + #[cfg(s3)] + opendal_s3_operator_for_path(path)? + } else { + let builder = opendal::services::Fs::default().root(path); + opendal::Operator::new(builder)?.finish() + }; + + operators_by_path.insert(path.to_string(), operator.clone()); + + Ok(operator) +} + +#[cfg(s3)] +fn opendal_s3_operator_for_path(path: &str) -> Result { + // This is a custom AWS credential loader that uses the official AWS Rust + // SDK config crate to load credentials. This ensures maximum compatibility + // with AWS credential configurations. For example, OpenDAL doesn't support + // AWS SSO temporary credentials yet. + struct OpenDALS3CredentialLoader {} + + #[async_trait] + impl reqsign::AwsCredentialLoad for OpenDALS3CredentialLoader { + async fn load_credential(&self, _client: reqwest::Client) -> anyhow::Result> { + use aws_credential_types::provider::ProvideCredentials as _; + use tokio::sync::OnceCell; + + static DEFAULT_CREDENTIAL_CHAIN: OnceCell< + aws_config::default_provider::credentials::DefaultCredentialsChain, + > = OnceCell::const_new(); + + let chain = DEFAULT_CREDENTIAL_CHAIN + .get_or_init(|| aws_config::default_provider::credentials::DefaultCredentialsChain::builder().build()) + .await; + + let creds = chain.provide_credentials().await?; + + Ok(Some(reqsign::AwsCredential { + access_key_id: creds.access_key_id().to_string(), + secret_access_key: creds.secret_access_key().to_string(), + session_token: creds.session_token().map(|s| s.to_string()), + expires_in: creds.expiry().map(|expiration| expiration.into()), + })) + } + } + + const OPEN_DAL_S3_CREDENTIAL_LOADER: OpenDALS3CredentialLoader = OpenDALS3CredentialLoader {}; + + let url = Url::parse(path).map_err(|e| format!("Invalid path S3 URL path {path:?}: {e}"))?; + + let bucket = url.host_str().ok_or_else(|| format!("Missing Bucket name in data folder S3 URL {path:?}"))?; + + let builder = opendal::services::S3::default() + .customized_credential_load(Box::new(OPEN_DAL_S3_CREDENTIAL_LOADER)) + .enable_virtual_host_style() + .bucket(bucket) + .root(url.path()) + .default_storage_class("INTELLIGENT_TIERING"); + + Ok(opendal::Operator::new(builder)?.finish()) +} + +pub enum PathType { + Data, + IconCache, + Attachments, + Sends, + RsaKey, +} + impl Config { - pub fn load() -> Result { + pub async fn load() -> Result { // Loading from env and file let _env = ConfigBuilder::from_env(); - let _usr = ConfigBuilder::from_file(&CONFIG_FILE).unwrap_or_default(); + let _usr = ConfigBuilder::from_file().await.unwrap_or_default(); // Create merged config, config file overwrites env let mut _overrides = Vec::new(); @@ -1160,7 +1271,7 @@ impl Config { }) } - pub fn update_config(&self, other: ConfigBuilder, ignore_non_editable: bool) -> Result<(), Error> { + pub async fn update_config(&self, other: ConfigBuilder, ignore_non_editable: bool) -> Result<(), Error> { // Remove default values //let builder = other.remove(&self.inner.read().unwrap()._env); @@ -1192,20 +1303,19 @@ impl Config { } //Save to file - use std::{fs::File, io::Write}; - let mut file = File::create(&*CONFIG_FILE)?; - file.write_all(config_str.as_bytes())?; + let operator = opendal_operator_for_path(&CONFIG_FILE_PARENT_DIR)?; + operator.write(&CONFIG_FILENAME, config_str).await?; Ok(()) } - fn update_config_partial(&self, other: ConfigBuilder) -> Result<(), Error> { + async fn update_config_partial(&self, other: ConfigBuilder) -> Result<(), Error> { let builder = { let usr = &self.inner.read().unwrap()._usr; let mut _overrides = Vec::new(); usr.merge(&other, false, &mut _overrides) }; - self.update_config(builder, false) + self.update_config(builder, false).await } /// Tests whether an email's domain is allowed. A domain is allowed if it @@ -1247,8 +1357,9 @@ impl Config { } } - pub fn delete_user_config(&self) -> Result<(), Error> { - std::fs::remove_file(&*CONFIG_FILE)?; + pub async fn delete_user_config(&self) -> Result<(), Error> { + let operator = opendal_operator_for_path(&CONFIG_FILE_PARENT_DIR)?; + operator.delete(&CONFIG_FILENAME).await?; // Empty user config let usr = ConfigBuilder::default(); @@ -1278,7 +1389,7 @@ impl Config { inner._enable_smtp && (inner.smtp_host.is_some() || inner.use_sendmail) } - pub fn get_duo_akey(&self) -> String { + pub async fn get_duo_akey(&self) -> String { if let Some(akey) = self._duo_akey() { akey } else { @@ -1289,7 +1400,7 @@ impl Config { _duo_akey: Some(akey_s.clone()), ..Default::default() }; - self.update_config_partial(builder).ok(); + self.update_config_partial(builder).await.ok(); akey_s } @@ -1302,6 +1413,23 @@ impl Config { token.is_some() && !token.unwrap().trim().is_empty() } + pub fn opendal_operator_for_path_type(&self, path_type: PathType) -> Result { + let path = match path_type { + PathType::Data => self.data_folder(), + PathType::IconCache => self.icon_cache_folder(), + PathType::Attachments => self.attachments_folder(), + PathType::Sends => self.sends_folder(), + PathType::RsaKey => std::path::Path::new(&self.rsa_key_filename()) + .parent() + .ok_or_else(|| std::io::Error::other("Failed to get directory of RSA key file"))? + .to_str() + .ok_or_else(|| std::io::Error::other("Failed to convert RSA key file directory to UTF-8 string"))? + .to_string(), + }; + + opendal_operator_for_path(&path) + } + pub fn render_template(&self, name: &str, data: &T) -> Result { if self.reload_templates() { warn!("RELOADING TEMPLATES"); diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs index 09348f78..68a67565 100644 --- a/src/db/models/attachment.rs +++ b/src/db/models/attachment.rs @@ -1,11 +1,11 @@ -use std::io::ErrorKind; +use std::time::Duration; use bigdecimal::{BigDecimal, ToPrimitive}; use derive_more::{AsRef, Deref, Display}; use serde_json::Value; use super::{CipherId, OrganizationId, UserId}; -use crate::CONFIG; +use crate::{config::PathType, CONFIG}; use macros::IdFromParam; db_object! { @@ -41,24 +41,30 @@ impl Attachment { } pub fn get_file_path(&self) -> String { - format!("{}/{}/{}", CONFIG.attachments_folder(), self.cipher_uuid, self.id) + format!("{}/{}", self.cipher_uuid, self.id) } - pub fn get_url(&self, host: &str) -> String { - let token = encode_jwt(&generate_file_download_claims(self.cipher_uuid.clone(), self.id.clone())); - format!("{}/attachments/{}/{}?token={}", host, self.cipher_uuid, self.id, token) + pub async fn get_url(&self, host: &str) -> Result { + let operator = CONFIG.opendal_operator_for_path_type(PathType::Attachments)?; + + if operator.info().scheme() == opendal::Scheme::Fs { + let token = encode_jwt(&generate_file_download_claims(self.cipher_uuid.clone(), self.id.clone())); + Ok(format!("{}/attachments/{}/{}?token={}", host, self.cipher_uuid, self.id, token)) + } else { + Ok(operator.presign_read(&self.get_file_path(), Duration::from_secs(5 * 60)).await?.uri().to_string()) + } } - pub fn to_json(&self, host: &str) -> Value { - json!({ + pub async fn to_json(&self, host: &str) -> Result { + Ok(json!({ "id": self.id, - "url": self.get_url(host), + "url": self.get_url(host).await?, "fileName": self.file_name, "size": self.file_size.to_string(), "sizeName": crate::util::get_display_size(self.file_size), "key": self.akey, "object": "attachment" - }) + })) } } @@ -104,26 +110,26 @@ impl Attachment { pub async fn delete(&self, conn: &mut DbConn) -> EmptyResult { db_run! { conn: { - let _: () = crate::util::retry( + crate::util::retry( || diesel::delete(attachments::table.filter(attachments::id.eq(&self.id))).execute(conn), 10, ) - .map_res("Error deleting attachment")?; - - let file_path = &self.get_file_path(); - - match std::fs::remove_file(file_path) { - // Ignore "file not found" errors. This can happen when the - // upstream caller has already cleaned up the file as part of - // its own error handling. - Err(e) if e.kind() == ErrorKind::NotFound => { - debug!("File '{}' already deleted.", file_path); - Ok(()) - } - Err(e) => Err(e.into()), - _ => Ok(()), + .map(|_| ()) + .map_res("Error deleting attachment") + }}?; + + let operator = CONFIG.opendal_operator_for_path_type(PathType::Attachments)?; + let file_path = self.get_file_path(); + + if let Err(e) = operator.delete(&file_path).await { + if e.kind() == opendal::ErrorKind::NotFound { + debug!("File '{file_path}' already deleted."); + } else { + return Err(e.into()); } - }} + } + + Ok(()) } pub async fn delete_all_by_cipher(cipher_uuid: &CipherId, conn: &mut DbConn) -> EmptyResult { diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index d9dbd28d..7c3785fa 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -141,18 +141,28 @@ impl Cipher { cipher_sync_data: Option<&CipherSyncData>, sync_type: CipherSyncType, conn: &mut DbConn, - ) -> Value { + ) -> Result { use crate::util::{format_date, validate_and_format_date}; let mut attachments_json: Value = Value::Null; if let Some(cipher_sync_data) = cipher_sync_data { if let Some(attachments) = cipher_sync_data.cipher_attachments.get(&self.uuid) { - attachments_json = attachments.iter().map(|c| c.to_json(host)).collect(); + if !attachments.is_empty() { + let mut attachments_json_vec = vec![]; + for attachment in attachments { + attachments_json_vec.push(attachment.to_json(host).await?); + } + attachments_json = Value::Array(attachments_json_vec); + } } } else { let attachments = Attachment::find_by_cipher(&self.uuid, conn).await; if !attachments.is_empty() { - attachments_json = attachments.iter().map(|c| c.to_json(host)).collect() + let mut attachments_json_vec = vec![]; + for attachment in attachments { + attachments_json_vec.push(attachment.to_json(host).await?); + } + attachments_json = Value::Array(attachments_json_vec); } } @@ -384,7 +394,7 @@ impl Cipher { }; json_object[key] = type_data_json; - json_object + Ok(json_object) } pub async fn update_users_revision(&self, conn: &mut DbConn) -> Vec { diff --git a/src/db/models/send.rs b/src/db/models/send.rs index c0bb0b33..bf82c181 100644 --- a/src/db/models/send.rs +++ b/src/db/models/send.rs @@ -1,7 +1,7 @@ use chrono::{NaiveDateTime, Utc}; use serde_json::Value; -use crate::util::LowerCase; +use crate::{config::PathType, util::LowerCase, CONFIG}; use super::{OrganizationId, User, UserId}; use id::SendId; @@ -226,7 +226,8 @@ impl Send { self.update_users_revision(conn).await; if self.atype == SendType::File as i32 { - std::fs::remove_dir_all(std::path::Path::new(&crate::CONFIG.sends_folder()).join(&self.uuid)).ok(); + let operator = CONFIG.opendal_operator_for_path_type(PathType::Sends)?; + operator.remove_all(&self.uuid).await.ok(); } db_run! { conn: { diff --git a/src/error.rs b/src/error.rs index 1061a08d..c6c77275 100644 --- a/src/error.rs +++ b/src/error.rs @@ -46,6 +46,7 @@ use jsonwebtoken::errors::Error as JwtErr; use lettre::address::AddressError as AddrErr; use lettre::error::Error as LettreErr; use lettre::transport::smtp::Error as SmtpErr; +use opendal::Error as OpenDALErr; use openssl::error::ErrorStack as SSLErr; use regex::Error as RegexErr; use reqwest::Error as ReqErr; @@ -95,6 +96,8 @@ make_error! { DieselCon(DieselConErr): _has_source, _api_error, Webauthn(WebauthnErr): _has_source, _api_error, + + OpenDAL(OpenDALErr): _has_source, _api_error, } impl std::fmt::Debug for Error { diff --git a/src/main.rs b/src/main.rs index 530c7b2c..18bfcf46 100644 --- a/src/main.rs +++ b/src/main.rs @@ -61,7 +61,7 @@ mod util; use crate::api::core::two_factor::duo_oidc::purge_duo_contexts; use crate::api::purge_auth_requests; use crate::api::{WS_ANONYMOUS_SUBSCRIPTIONS, WS_USERS}; -pub use config::CONFIG; +pub use config::{PathType, CONFIG}; pub use error::{Error, MapResult}; use rocket::data::{Limits, ToByteUnit}; use std::sync::{atomic::Ordering, Arc}; @@ -75,16 +75,13 @@ async fn main() -> Result<(), Error> { let level = init_logging()?; check_data_folder().await; - auth::initialize_keys().unwrap_or_else(|e| { + auth::initialize_keys().await.unwrap_or_else(|e| { error!("Error creating private key '{}'\n{e:?}\nExiting Vaultwarden!", CONFIG.private_rsa_key()); exit(1); }); check_web_vault(); - create_dir(&CONFIG.icon_cache_folder(), "icon cache"); create_dir(&CONFIG.tmp_folder(), "tmp folder"); - create_dir(&CONFIG.sends_folder(), "sends folder"); - create_dir(&CONFIG.attachments_folder(), "attachments folder"); let pool = create_db_pool().await; schedule_jobs(pool.clone()); @@ -467,6 +464,24 @@ fn create_dir(path: &str, description: &str) { async fn check_data_folder() { let data_folder = &CONFIG.data_folder(); + + if data_folder.starts_with("s3://") { + if let Err(e) = CONFIG + .opendal_operator_for_path_type(PathType::Data) + .unwrap_or_else(|e| { + error!("Failed to create S3 operator for data folder '{data_folder}': {e:?}"); + exit(1); + }) + .check() + .await + { + error!("Could not access S3 data folder '{data_folder}': {e:?}"); + exit(1); + } + + return; + } + let path = Path::new(data_folder); if !path.exists() { error!("Data folder '{}' doesn't exist.", data_folder); diff --git a/src/util.rs b/src/util.rs index 1f8d1c27..8dc48621 100644 --- a/src/util.rs +++ b/src/util.rs @@ -16,7 +16,7 @@ use tokio::{ time::{sleep, Duration}, }; -use crate::CONFIG; +use crate::{config::PathType, CONFIG}; pub struct AppHeaders(); @@ -816,6 +816,26 @@ pub fn is_global(ip: std::net::IpAddr) -> bool { ip.is_global() } +/// Saves a Rocket temporary file to the OpenDAL Operator at the given path. +pub async fn save_temp_file( + path_type: PathType, + path: &str, + temp_file: rocket::fs::TempFile<'_>, + overwrite: bool, +) -> Result<(), crate::Error> { + use futures::AsyncWriteExt as _; + use tokio_util::compat::TokioAsyncReadCompatExt as _; + + let operator = CONFIG.opendal_operator_for_path_type(path_type)?; + + let mut read_stream = temp_file.open().await?.compat(); + let mut writer = operator.writer_with(path).if_not_exists(!overwrite).await?.into_futures_async_write(); + futures::io::copy(&mut read_stream, &mut writer).await?; + writer.close().await?; + + Ok(()) +} + /// These are some tests to check that the implementations match /// The IPv4 can be all checked in 30 seconds or so and they are correct as of nightly 2023-07-17 /// The IPV6 can't be checked in a reasonable time, so we check over a hundred billion random ones, so far correct