bitwarden_rs/src/api/core/folders.rs

use rocket::State;
use rocket_contrib::json::Json;
use serde_json::Value;

use db::DbConn;
use db::models::*;

use api::{JsonResult, EmptyResult, JsonUpcase, WebSocketUsers, UpdateType};
use auth::Headers;

use rocket::Route;

pub fn routes() -> Vec<Route> {
    routes![
        get_folders,
        get_folder,
        post_folders,
        post_folder,
        put_folder,
        delete_folder_post,
        delete_folder,
    ]
}

#[get("/folders")]
fn get_folders(headers: Headers, conn: DbConn) -> JsonResult {
    let folders = Folder::find_by_user(&headers.user.uuid, &conn);

    let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();

    Ok(Json(json!({
      "Data": folders_json,
      "Object": "list",
      "ContinuationToken": null,
    })))
}

#[get("/folders/<uuid>")]
fn get_folder(uuid: String, headers: Headers, conn: DbConn) -> JsonResult {
    let folder = match Folder::find_by_uuid(&uuid, &conn) {
        Some(folder) => folder,
        _ => err!("Invalid folder")
    };

    if folder.user_uuid != headers.user.uuid {
        err!("Folder belongs to another user")
    }

    Ok(Json(folder.to_json()))
}

#[derive(Deserialize)]
#[allow(non_snake_case)]

pub struct FolderData {
    pub Name: String
}

#[post("/folders", data = "<data>")]
fn post_folders(data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {
    let data: FolderData = data.into_inner().data;

    let mut folder = Folder::new(headers.user.uuid.clone(), data.Name);

    if folder.save(&conn).is_err() {
        err!("Failed to save folder")
    }
    ws.send_folder_update(UpdateType::SyncFolderCreate, &folder);

    Ok(Json(folder.to_json()))
}

#[post("/folders/<uuid>", data = "<data>")]
fn post_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {
    put_folder(uuid, data, headers, conn, ws)
}

#[put("/folders/<uuid>", data = "<data>")]
fn put_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {
    let data: FolderData = data.into_inner().data;

    let mut folder = match Folder::find_by_uuid(&uuid, &conn) {
        Some(folder) => folder,
        _ => err!("Invalid folder")
    };

    if folder.user_uuid != headers.user.uuid {
        err!("Folder belongs to another user")
    }

    folder.name = data.Name;

    if folder.save(&conn).is_err() {
        err!("Failed to save folder")
    }
    ws.send_folder_update(UpdateType::SyncFolderUpdate, &folder);

    Ok(Json(folder.to_json()))
}

#[post("/folders/<uuid>/delete")]
fn delete_folder_post(uuid: String, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> EmptyResult {
    delete_folder(uuid, headers, conn, ws)
}

#[delete("/folders/<uuid>")]
fn delete_folder(uuid: String, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> EmptyResult {
    let folder = match Folder::find_by_uuid(&uuid, &conn) {
        Some(folder) => folder,
        _ => err!("Invalid folder")
    };

    if folder.user_uuid != headers.user.uuid {
        err!("Folder belongs to another user")
    }

    // Delete the actual folder entry
    match folder.delete(&conn) {
        Ok(()) => {
            ws.send_folder_update(UpdateType::SyncFolderDelete, &folder);
            Ok(())
        }
        Err(_) => err!("Failed deleting folder")
    }
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`use rocket::State;`
Updated bw_rs to Rocket version 0.4-rc1 2018-10-10 20:40:39 +02:00			`use rocket_contrib::json::Json;`
			`use serde_json::Value;`
First working version 2018-02-10 01:00:55 +01:00
			`use db::DbConn;`
			`use db::models::*;`

Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`use api::{JsonResult, EmptyResult, JsonUpcase, WebSocketUsers, UpdateType};`
First working version 2018-02-10 01:00:55 +01:00			`use auth::Headers;`

Updated bw_rs to Rocket version 0.4-rc1 2018-10-10 20:40:39 +02:00			`use rocket::Route;`

			`pub fn routes() -> Vec<Route> {`
			`routes![`
			`get_folders,`
			`get_folder,`
			`post_folders,`
			`post_folder,`
			`put_folder,`
			`delete_folder_post,`
			`delete_folder,`
			`]`
			`}`

First working version 2018-02-10 01:00:55 +01:00			`#[get("/folders")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn get_folders(headers: Headers, conn: DbConn) -> JsonResult {`
First working version 2018-02-10 01:00:55 +01:00			`let folders = Folder::find_by_user(&headers.user.uuid, &conn);`

			`let folders_json: Vec<Value> = folders.iter().map(\|c\| c.to_json()).collect();`

			`Ok(Json(json!({`
			`"Data": folders_json,`
			`"Object": "list",`
Add continuation token when we return object list 2018-10-01 18:02:58 +02:00			`"ContinuationToken": null,`
First working version 2018-02-10 01:00:55 +01:00			`})))`
			`}`

			`#[get("/folders/<uuid>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn get_folder(uuid: String, headers: Headers, conn: DbConn) -> JsonResult {`
Solved some warnings 2018-02-15 00:53:11 +01:00			`let folder = match Folder::find_by_uuid(&uuid, &conn) {`
First working version 2018-02-10 01:00:55 +01:00			`Some(folder) => folder,`
			`_ => err!("Invalid folder")`
			`};`

			`if folder.user_uuid != headers.user.uuid {`
			`err!("Folder belongs to another user")`
			`}`

			`Ok(Json(folder.to_json()))`
			`}`

Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00			`#[derive(Deserialize)]`
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`#[allow(non_snake_case)]`

Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00			`pub struct FolderData {`
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`pub Name: String`
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00			`}`
First working version 2018-02-10 01:00:55 +01:00
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00			`#[post("/folders", data = "<data>")]`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`fn post_folders(data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {`
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`let data: FolderData = data.into_inner().data;`
First working version 2018-02-10 01:00:55 +01:00
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`let mut folder = Folder::new(headers.user.uuid.clone(), data.Name);`
First working version 2018-02-10 01:00:55 +01:00
Folder::save() should return QueryResult instead of bool 2018-10-14 14:55:00 +02:00			`if folder.save(&conn).is_err() {`
			`err!("Failed to save folder")`
			`}`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`ws.send_folder_update(UpdateType::SyncFolderCreate, &folder);`
First working version 2018-02-10 01:00:55 +01:00
			`Ok(Json(folder.to_json()))`
			`}`

			`#[post("/folders/<uuid>", data = "<data>")]`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`fn post_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {`
			`put_folder(uuid, data, headers, conn, ws)`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[put("/folders/<uuid>", data = "<data>")]`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`fn put_folder(uuid: String, data: JsonUpcase<FolderData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {`
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`let data: FolderData = data.into_inner().data;`
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00
First working version 2018-02-10 01:00:55 +01:00			`let mut folder = match Folder::find_by_uuid(&uuid, &conn) {`
			`Some(folder) => folder,`
			`_ => err!("Invalid folder")`
			`};`

			`if folder.user_uuid != headers.user.uuid {`
			`err!("Folder belongs to another user")`
			`}`

Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00			`folder.name = data.Name;`
First working version 2018-02-10 01:00:55 +01:00
Folder::save() should return QueryResult instead of bool 2018-10-14 14:55:00 +02:00			`if folder.save(&conn).is_err() {`
			`err!("Failed to save folder")`
			`}`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`ws.send_folder_update(UpdateType::SyncFolderUpdate, &folder);`
First working version 2018-02-10 01:00:55 +01:00
			`Ok(Json(folder.to_json()))`
			`}`

Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`#[post("/folders/<uuid>/delete")]`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`fn delete_folder_post(uuid: String, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> EmptyResult {`
			`delete_folder(uuid, headers, conn, ws)`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[delete("/folders/<uuid>")]`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`fn delete_folder(uuid: String, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> EmptyResult {`
First working version 2018-02-10 01:00:55 +01:00			`let folder = match Folder::find_by_uuid(&uuid, &conn) {`
			`Some(folder) => folder,`
			`_ => err!("Invalid folder")`
			`};`

			`if folder.user_uuid != headers.user.uuid {`
			`err!("Folder belongs to another user")`
			`}`

Delete folder mappings when deleting folders and make sure that we can't change a ciphers owner when created 2018-05-04 19:02:19 +02:00			`// Delete the actual folder entry`
Improve Folder::delete() to handle FolderCipher 2018-05-16 18:19:52 +02:00			`match folder.delete(&conn) {`
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015. 2018-08-30 17:43:46 +02:00			`Ok(()) => {`
			`ws.send_folder_update(UpdateType::SyncFolderDelete, &folder);`
			`Ok(())`
			`}`
Improve Folder::delete() to handle FolderCipher 2018-05-16 18:19:52 +02:00			`Err(_) => err!("Failed deleting folder")`
			`}`
First working version 2018-02-10 01:00:55 +01:00			`}`