0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-11-14 14:02:23 +01:00
bitwarden_rs/src/api/core/mod.rs

180 lines
5.8 KiB
Rust
Raw Normal View History

2018-02-10 01:00:55 +01:00
mod accounts;
mod ciphers;
2021-07-04 23:02:56 +02:00
mod emergency_access;
2018-02-10 01:00:55 +01:00
mod folders;
mod organizations;
2021-03-14 23:35:55 +01:00
mod sends;
2021-03-31 22:18:35 +02:00
pub mod two_factor;
2018-02-10 01:00:55 +01:00
pub use ciphers::purge_trashed_ciphers;
pub use emergency_access::{emergency_notification_reminder_job, emergency_request_timeout_job};
pub use sends::purge_sends;
2018-02-10 01:00:55 +01:00
pub fn routes() -> Vec<Route> {
2021-04-06 22:54:42 +02:00
let mut mod_routes =
routes![clear_device_token, put_device_token, get_eq_domains, post_eq_domains, put_eq_domains, hibp_breach,];
let mut routes = Vec::new();
routes.append(&mut accounts::routes());
routes.append(&mut ciphers::routes());
2021-07-04 23:02:56 +02:00
routes.append(&mut emergency_access::routes());
routes.append(&mut folders::routes());
routes.append(&mut organizations::routes());
routes.append(&mut two_factor::routes());
2021-03-14 23:35:55 +01:00
routes.append(&mut sends::routes());
routes.append(&mut mod_routes);
2018-04-20 18:35:11 +02:00
routes
2018-02-10 01:00:55 +01:00
}
//
// Move this somewhere else
//
2018-02-10 01:00:55 +01:00
use rocket::Route;
use rocket_contrib::json::Json;
use serde_json::Value;
2018-02-10 01:00:55 +01:00
use crate::{
2021-03-27 16:07:26 +01:00
api::{JsonResult, JsonUpcase},
auth::Headers,
db::DbConn,
error::Error,
util::get_reqwest_client,
};
2018-02-10 01:00:55 +01:00
#[put("/devices/identifier/<uuid>/clear-token")]
fn clear_device_token(uuid: String) -> &'static str {
// This endpoint doesn't have auth header
let _ = uuid;
// uuid is not related to deviceId
2018-06-01 15:08:03 +02:00
// This only clears push token
// https://github.com/bitwarden/core/blob/master/src/Api/Controllers/DevicesController.cs#L109
// https://github.com/bitwarden/core/blob/master/src/Core/Services/Implementations/DeviceService.cs#L37
""
}
2018-02-10 01:00:55 +01:00
2018-06-01 15:08:03 +02:00
#[put("/devices/identifier/<uuid>/token", data = "<data>")]
2021-03-27 16:07:26 +01:00
fn put_device_token(uuid: String, data: JsonUpcase<Value>, headers: Headers) -> Json<Value> {
let _data: Value = data.into_inner().data;
// Data has a single string value "PushToken"
let _ = uuid;
// uuid is not related to deviceId
// TODO: This should save the push token, but we don't have push functionality
2021-03-27 16:07:26 +01:00
Json(json!({
"Id": headers.device.uuid,
"Name": headers.device.name,
"Type": headers.device.atype,
"Identifier": headers.device.uuid,
"CreationDate": crate::util::format_date(&headers.device.created_at),
2021-03-27 16:07:26 +01:00
}))
}
2018-02-10 01:00:55 +01:00
2018-02-17 23:21:04 +01:00
#[derive(Serialize, Deserialize, Debug)]
#[allow(non_snake_case)]
struct GlobalDomain {
Type: i32,
Domains: Vec<String>,
Excluded: bool,
}
const GLOBAL_DOMAINS: &str = include_str!("../../static/global_domains.json");
2018-02-17 23:21:04 +01:00
2018-02-10 01:00:55 +01:00
#[get("/settings/domains")]
2021-03-27 16:07:26 +01:00
fn get_eq_domains(headers: Headers) -> Json<Value> {
_get_eq_domains(headers, false)
}
2021-03-27 16:07:26 +01:00
fn _get_eq_domains(headers: Headers, no_excluded: bool) -> Json<Value> {
2018-02-17 23:21:04 +01:00
let user = headers.user;
use serde_json::from_str;
let equivalent_domains: Vec<Vec<String>> = from_str(&user.equivalent_domains).unwrap();
let excluded_globals: Vec<i32> = from_str(&user.excluded_globals).unwrap();
let mut globals: Vec<GlobalDomain> = from_str(GLOBAL_DOMAINS).unwrap();
for global in &mut globals {
global.Excluded = excluded_globals.contains(&global.Type);
}
if no_excluded {
globals.retain(|g| !g.Excluded);
}
2021-03-27 16:07:26 +01:00
Json(json!({
2018-02-17 23:21:04 +01:00
"EquivalentDomains": equivalent_domains,
2018-02-20 14:09:00 +01:00
"GlobalEquivalentDomains": globals,
"Object": "domains",
2021-03-27 16:07:26 +01:00
}))
2018-02-10 01:00:55 +01:00
}
#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct EquivDomainData {
ExcludedGlobalEquivalentDomains: Option<Vec<i32>>,
EquivalentDomains: Option<Vec<Vec<String>>>,
}
#[post("/settings/domains", data = "<data>")]
fn post_eq_domains(data: JsonUpcase<EquivDomainData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: EquivDomainData = data.into_inner().data;
let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or_default();
let equivalent_domains = data.EquivalentDomains.unwrap_or_default();
2018-02-17 23:21:04 +01:00
let mut user = headers.user;
use serde_json::to_string;
user.excluded_globals = to_string(&excluded_globals).unwrap_or_else(|_| "[]".to_string());
user.equivalent_domains = to_string(&equivalent_domains).unwrap_or_else(|_| "[]".to_string());
2018-02-17 23:21:04 +01:00
user.save(&conn)?;
Ok(Json(json!({})))
2018-02-10 01:00:55 +01:00
}
#[put("/settings/domains", data = "<data>")]
fn put_eq_domains(data: JsonUpcase<EquivDomainData>, headers: Headers, conn: DbConn) -> JsonResult {
post_eq_domains(data, headers, conn)
}
#[get("/hibp/breach?<username>")]
fn hibp_breach(username: String) -> JsonResult {
let url = format!(
"https://haveibeenpwned.com/api/v3/breachedaccount/{}?truncateResponse=false&includeUnverified=false",
username
);
if let Some(api_key) = crate::CONFIG.hibp_api_key() {
let hibp_client = get_reqwest_client();
2021-04-15 18:24:04 +02:00
let res = hibp_client.get(&url).header("hibp-api-key", api_key).send()?;
// If we get a 404, return a 404, it means no breached accounts
if res.status() == 404 {
return Err(Error::empty().with_code(404));
}
let value: Value = res.error_for_status()?.json()?;
Ok(Json(value))
} else {
Ok(Json(json!([{
"Name": "HaveIBeenPwned",
"Title": "Manual HIBP Check",
"Domain": "haveibeenpwned.com",
"BreachDate": "2019-08-18T00:00:00Z",
"AddedDate": "2019-08-18T00:00:00Z",
"Description": format!("Go to: <a href=\"https://haveibeenpwned.com/account/{account}\" target=\"_blank\" rel=\"noreferrer\">https://haveibeenpwned.com/account/{account}</a> for a manual check.<br/><br/>HaveIBeenPwned API key not set!<br/>Go to <a href=\"https://haveibeenpwned.com/API/Key\" target=\"_blank\" rel=\"noreferrer\">https://haveibeenpwned.com/API/Key</a> to purchase an API key from HaveIBeenPwned.<br/><br/>", account=username),
"LogoPath": "bwrs_static/hibp.png",
"PwnCount": 0,
"DataClasses": [
"Error - No API key set!"
]
}])))
}
}