vaultwarden/src/api/web.rs

use std::io;
use std::path::{Path, PathBuf};

use rocket::http::ContentType;
use rocket::request::Request;
use rocket::response::content::Content;
use rocket::response::{self, NamedFile, Responder};
use rocket::Route;
use rocket_contrib::json::Json;
use serde_json::Value;

use crate::CONFIG;

pub fn routes() -> Vec<Route> {
    if CONFIG.web_vault_enabled {
        routes![web_index, app_id, web_files, admin_page, attachments, alive]
    } else {
        routes![attachments, alive]
    }
}

#[get("/")]
fn web_index() -> Cached<io::Result<NamedFile>> {
    Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join("index.html")))
}

#[get("/app-id.json")]
fn app_id() -> Cached<Content<Json<Value>>> {
    let content_type = ContentType::new("application", "fido.trusted-apps+json");

    Cached::long(Content(
        content_type,
        Json(json!({
        "trustedFacets": [
            {
            "version": { "major": 1, "minor": 0 },
            "ids": [
                &CONFIG.domain,
                "ios:bundle-id:com.8bit.bitwarden",
                "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
            }]
        })),
    ))
}

const ADMIN_PAGE: &'static str = include_str!("../static/admin.html");
use rocket::response::content::Html;

#[get("/admin")]
fn admin_page() -> Cached<Html<&'static str>> {
    Cached::short(Html(ADMIN_PAGE))
}

/* // Use this during Admin page development
#[get("/admin")]
fn admin_page() -> Cached<io::Result<NamedFile>> {
    Cached::short(NamedFile::open("src/static/admin.html"))
}
*/

#[get("/<p..>", rank = 1)] // Only match this if the other routes don't match
fn web_files(p: PathBuf) -> Cached<io::Result<NamedFile>> {
    Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p)))
}

struct Cached<R>(R, &'static str);

impl<R> Cached<R> {
    fn long(r: R) -> Cached<R> {
        // 7 days
        Cached(r, "public, max-age=604800".into())
    }

    fn short(r: R) -> Cached<R> {
        // 10 minutes
        Cached(r, "public, max-age=600".into())
    }
}

impl<'r, R: Responder<'r>> Responder<'r> for Cached<R> {
    fn respond_to(self, req: &Request) -> response::Result<'r> {
        match self.0.respond_to(req) {
            Ok(mut res) => {
                res.set_raw_header("Cache-Control", self.1);
                Ok(res)
            }
            e @ Err(_) => e,
        }
    }
}

#[get("/attachments/<uuid>/<file..>")]
fn attachments(uuid: String, file: PathBuf) -> io::Result<NamedFile> {
    NamedFile::open(Path::new(&CONFIG.attachments_folder).join(uuid).join(file))
}

#[get("/alive")]
fn alive() -> Json<String> {
    use crate::util::format_date;
    use chrono::Utc;

    Json(format_date(&Utc::now().naive_utc()))
}
First working version 2018-02-10 00:00:55 +00:00			`use std::io;`
			`use std::path::{Path, PathBuf};`

Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`use rocket::http::ContentType;`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00			`use rocket::request::Request;`
Updated Error to implement Display and Debug, instead of using custom methods 2018-12-29 00:01:58 +00:00			`use rocket::response::content::Content;`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00			`use rocket::response::{self, NamedFile, Responder};`
First working version 2018-02-10 00:00:55 +00:00			`use rocket::Route;`
Updated bw_rs to Rocket version 0.4-rc1 2018-10-10 18:40:39 +00:00			`use rocket_contrib::json::Json;`
			`use serde_json::Value;`
First working version 2018-02-10 00:00:55 +00:00
Migrate to rust 2018 edition 2018-12-07 01:05:45 +00:00			`use crate::CONFIG;`
First working version 2018-02-10 00:00:55 +00:00
			`pub fn routes() -> Vec<Route> {`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`if CONFIG.web_vault_enabled {`
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-18 00:53:21 +00:00			`routes![web_index, app_id, web_files, admin_page, attachments, alive]`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`} else {`
			`routes![attachments, alive]`
			`}`
First working version 2018-02-10 00:00:55 +00:00			`}`

			`#[get("/")]`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`fn web_index() -> Cached<io::Result<NamedFile>> {`
			`Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join("index.html")))`
First working version 2018-02-10 00:00:55 +00:00			`}`

Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`#[get("/app-id.json")]`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`fn app_id() -> Cached<Content<Json<Value>>> {`
Set facets contentType 2018-07-13 13:05:00 +00:00			`let content_type = ContentType::new("application", "fido.trusted-apps+json");`

Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`Cached::long(Content(`
			`content_type,`
			`Json(json!({`
			`"trustedFacets": [`
			`{`
			`"version": { "major": 1, "minor": 0 },`
			`"ids": [`
			`&CONFIG.domain,`
			`"ios:bundle-id:com.8bit.bitwarden",`
			`"android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]`
			`}]`
			`})),`
			`))`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`}`

Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`const ADMIN_PAGE: &'static str = include_str!("../static/admin.html");`
Updated Error to implement Display and Debug, instead of using custom methods 2018-12-29 00:01:58 +00:00			`use rocket::response::content::Html;`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00
			`#[get("/admin")]`
			`fn admin_page() -> Cached<Html<&'static str>> {`
			`Cached::short(Html(ADMIN_PAGE))`
			`}`

			`/* // Use this during Admin page development`
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-18 00:53:21 +00:00			`#[get("/admin")]`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`fn admin_page() -> Cached<io::Result<NamedFile>> {`
			`Cached::short(NamedFile::open("src/static/admin.html"))`
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-18 00:53:21 +00:00			`}`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`*/`
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-18 00:53:21 +00:00
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`#[get("/<p..>", rank = 1)] // Only match this if the other routes don't match`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`fn web_files(p: PathBuf) -> Cached<io::Result<NamedFile>> {`
			`Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p)))`
First working version 2018-02-10 00:00:55 +00:00			`}`

Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`struct Cached<R>(R, &'static str);`

			`impl<R> Cached<R> {`
			`fn long(r: R) -> Cached<R> {`
			`// 7 days`
			`Cached(r, "public, max-age=604800".into())`
			`}`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`fn short(r: R) -> Cached<R> {`
			`// 10 minutes`
			`Cached(r, "public, max-age=600".into())`
			`}`
			`}`

			`impl<'r, R: Responder<'r>> Responder<'r> for Cached<R> {`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00			`fn respond_to(self, req: &Request) -> response::Result<'r> {`
Return 404 in case the path doesn't match instead of 500 2018-07-18 10:54:33 +00:00			`match self.0.respond_to(req) {`
			`Ok(mut res) => {`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`res.set_raw_header("Cache-Control", self.1);`
Return 404 in case the path doesn't match instead of 500 2018-07-18 10:54:33 +00:00			`Ok(res)`
			`}`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-23 21:37:02 +00:00			`e @ Err(_) => e,`
			`}`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00			`}`
			`}`
First working version 2018-02-10 00:00:55 +00:00
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`#[get("/attachments/<uuid>/<file..>")]`
			`fn attachments(uuid: String, file: PathBuf) -> io::Result<NamedFile> {`
Added security headers to web-vault (fixes #44) 2018-06-25 18:35:36 +00:00			`NamedFile::open(Path::new(&CONFIG.attachments_folder).join(uuid).join(file))`
First working version 2018-02-10 00:00:55 +00:00			`}`

			`#[get("/alive")]`
			`fn alive() -> Json<String> {`
Migrate to rust 2018 edition 2018-12-07 01:05:45 +00:00			`use crate::util::format_date;`
Solved some warnings 2018-02-14 23:53:11 +00:00			`use chrono::Utc;`
First working version 2018-02-10 00:00:55 +00:00
			`Json(format_date(&Utc::now().naive_utc()))`
			`}`