US or EU Data Region Selection (#3752)

* add selection of data region for push

* fix cargo check + rewrite config + add check url

* fix clippy error

* add comment in .env.template, adapt config.rs

* Update .env.template

Co-authored-by: William Desportes <williamdes@wdes.fr>

* Update .env.template

Co-authored-by: William Desportes <williamdes@wdes.fr>

* Revert "Update .env.template"

This reverts commit 5bed974ba7b9f481792d2228834585f053d47dc3.

* Revert "Update .env.template"

This reverts commit 0760eff95dfaf2a9cf97bb25f6cf7660bdf55173.

* fix /connect/token to push identity

* fix /connect/token to push identity

* Fixed formatting when solving merge conflicts

---------

Co-authored-by: William Desportes <williamdes@wdes.fr>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

.env.template

@@ -77,11 +77,13 @@
 # WEBSOCKET_PORT=3012
 
 ## Enables push notifications (requires key and id from https://bitwarden.com/host)
+## If you choose "European Union" Data Region, uncomment PUSH_RELAY_URI and PUSH_IDENTITY_URI then replace .com by .eu
 # PUSH_ENABLED=true
 # PUSH_INSTALLATION_ID=CHANGEME
 # PUSH_INSTALLATION_KEY=CHANGEME
 ## Don't change this unless you know what you're doing.
 # PUSH_RELAY_URI=https://push.bitwarden.com
+# PUSH_IDENTITY_URI=https://identity.bitwarden.com
 
 ## Controls whether users are allowed to create Bitwarden Sends.
 ## This setting applies globally to all users.
@@ -462,4 +464,4 @@
 ## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
 # HIBP_API_KEY=
 
-# vim: syntax=ini
+# vim: syntax=ini

src/api/push.rs

@@ -50,7 +50,11 @@ async fn get_auth_push_token() -> ApiResult<String> {
         ("client_secret", &client_secret),
     ];
 
-    let res = match get_reqwest_client().post("https://identity.bitwarden.com/connect/token").form(&params).send().await
+    let res = match get_reqwest_client()
+        .post(&format!("{}/connect/token", CONFIG.push_identity_uri()))
+        .form(&params)
+        .send()
+        .await
     {
         Ok(r) => r,
         Err(e) => err!(format!("Error getting push token from bitwarden server: {e}")),

src/config.rs

@@ -380,8 +380,10 @@ make_config! {
     push {
         /// Enable push notifications
         push_enabled:           bool,   false,  def,    false;
-        /// Push relay base uri
+        /// Push relay uri
         push_relay_uri:         String, false,  def,    "https://push.bitwarden.com".to_string();
+        /// Push identity uri
+        push_identity_uri:      String, false,  def,    "https://identity.bitwarden.com".to_string();
         /// Installation id |> The installation id from https://bitwarden.com/host
         push_installation_id:   Pass,   false,  def,    String::new();
         /// Installation key |> The installation key from https://bitwarden.com/host
@@ -754,6 +756,26 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
         )
     }
 
+    if cfg.push_enabled {
+        let push_relay_uri = cfg.push_relay_uri.to_lowercase();
+        if !push_relay_uri.starts_with("https://") {
+            err!("`PUSH_RELAY_URI` must start with 'https://'.")
+        }
+
+        if Url::parse(&push_relay_uri).is_err() {
+            err!("Invalid URL format for `PUSH_RELAY_URI`.");
+        }
+
+        let push_identity_uri = cfg.push_identity_uri.to_lowercase();
+        if !push_identity_uri.starts_with("https://") {
+            err!("`PUSH_IDENTITY_URI` must start with 'https://'.")
+        }
+
+        if Url::parse(&push_identity_uri).is_err() {
+            err!("Invalid URL format for `PUSH_IDENTITY_URI`.");
+        }
+    }
+
     const KNOWN_FLAGS: &[&str] =
         &["autofill-overlay", "autofill-v2", "browser-fileless-import", "fido2-vault-credentials"];
     for flag in parse_experimental_client_feature_flags(&cfg.experimental_client_feature_flags).keys() {