MirrorHub/bitwarden_rs
0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-11-12 04:52:47 +01:00
Code Issues Releases Wiki Activity
bitwarden_rs/src/api/core/mod.rs

234 lines
7.2 KiB
Rust
Raw Normal View History

Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
pub mod accounts;
First working version
2018-02-10 01:00:55 +01:00
mod ciphers;
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
mod emergency_access;
Add Organizational event logging feature This PR adds event/audit logging support for organizations. By default this feature is disabled, since it does log a lot and adds extra database transactions. All events are touched except a few, since we do not support those features (yet), like SSO for example. This feature is tested with multiple clients and all database types. Fixes #229
2022-11-20 19:15:45 +01:00
mod events;
First working version
2018-02-10 01:00:55 +01:00
mod folders;
Some initial work on organizations, nothing works yet
2018-02-17 22:30:19 +01:00
mod organizations;
Merge and modify PR from @Kurnihil Merging a PR from @Kurnihil into the already rebased branch. Made some small changes to make it work with newer changes. Some finetuning is probably still needed. Co-authored-by: Daniele Andrei <daniele.andrei@geo-satis.com> Co-authored-by: Kurnihil
2023-06-02 22:28:30 +02:00
mod public;
Send API
2021-03-14 23:35:55 +01:00
mod sends;
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
pub mod two_factor;
First working version
2018-02-10 01:00:55 +01:00
Implement login-with-device
2023-08-04 21:12:23 +02:00
pub use accounts::purge_auth_requests;
Fix failing large note imports When importing to Vaultwarden (or Bitwarden) notes larger then 10_000 encrypted characters are invalid. This because it for one isn't compatible with Bitwarden. And some clients tend to break on very large notes. We already added a check for this limit when adding a single cipher, but this caused issues during import, and could cause a partial imported vault. Bitwarden does some validations before actually running it through the import process and generates a special error message which helps the user indicate which items are invalid during the import. This PR adds that validation check and returns the same kind of error. Fixes #3048
2023-01-01 15:09:10 +01:00
pub use ciphers::{purge_trashed_ciphers, CipherData, CipherSyncData, CipherSyncType};
Add Emergency contact feature Signed-off-by: thelittlefireman <thelittlefireman@users.noreply.github.com>
2021-03-24 20:15:55 +01:00
pub use emergency_access::{emergency_notification_reminder_job, emergency_request_timeout_job};
Add Organizational event logging feature This PR adds event/audit logging support for organizations. By default this feature is disabled, since it does log a lot and adds extra database transactions. All events are touched except a few, since we do not support those features (yet), like SSO for example. This feature is tested with multiple clients and all database types. Fixes #229
2022-11-20 19:15:45 +01:00
pub use events::{event_cleanup_job, log_event, log_user_event};
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-03 05:16:49 +02:00
pub use sends::purge_sends;
Send deletion thread and updated users revision
2021-03-22 19:57:35 +01:00
First working version
2018-02-10 01:00:55 +01:00
pub fn routes() -> Vec<Route> {
Add `/api/{alive,now,version}` endpoints The added endpoints work the same as in their upstream implementations. Upstream also implements `/api/ip`. This seems to include the server's public IP address (the one that should be hidden behind Cloudflare), which doesn't seem like a great idea.
2022-04-24 08:47:49 +02:00
let mut eq_domains_routes = routes![get_eq_domains, post_eq_domains, put_eq_domains];
let mut hibp_routes = routes![hibp_breach];
Implement config endpoint
2022-09-08 17:38:00 +02:00
let mut meta_routes = routes![alive, now, version, config];
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
let mut routes = Vec::new();
routes.append(&mut accounts::routes());
routes.append(&mut ciphers::routes());
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
routes.append(&mut emergency_access::routes());
Add Organizational event logging feature This PR adds event/audit logging support for organizations. By default this feature is disabled, since it does log a lot and adds extra database transactions. All events are touched except a few, since we do not support those features (yet), like SSO for example. This feature is tested with multiple clients and all database types. Fixes #229
2022-11-20 19:15:45 +01:00
routes.append(&mut events::routes());
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
routes.append(&mut folders::routes());
routes.append(&mut organizations::routes());
routes.append(&mut two_factor::routes());
Send API
2021-03-14 23:35:55 +01:00
routes.append(&mut sends::routes());
Merge and modify PR from @Kurnihil Merging a PR from @Kurnihil into the already rebased branch. Made some small changes to make it work with newer changes. Some finetuning is probably still needed. Co-authored-by: Daniele Andrei <daniele.andrei@geo-satis.com> Co-authored-by: Kurnihil
2023-06-02 22:28:30 +02:00
routes.append(&mut public::routes());
Add `/api/{alive,now,version}` endpoints The added endpoints work the same as in their upstream implementations. Upstream also implements `/api/ip`. This seems to include the server's public IP address (the one that should be hidden behind Cloudflare), which doesn't seem like a great idea.
2022-04-24 08:47:49 +02:00
routes.append(&mut eq_domains_routes);
routes.append(&mut hibp_routes);
routes.append(&mut meta_routes);
Adding some oganization features
2018-04-20 18:35:11 +02:00
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
routes
First working version
2018-02-10 01:00:55 +01:00
}
Add Organizational event logging feature This PR adds event/audit logging support for organizations. By default this feature is disabled, since it does log a lot and adds extra database transactions. All events are touched except a few, since we do not support those features (yet), like SSO for example. This feature is tested with multiple clients and all database types. Fixes #229
2022-11-20 19:15:45 +01:00
pub fn events_routes() -> Vec<Route> {
let mut routes = Vec::new();
routes.append(&mut events::main_routes());
routes
}
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
//
// Move this somewhere else
//
Allow customizing the featureStates (#4168) * Allow customizing the featureStates Use a comma separated list of features to enable using the FEATURE_FLAGS env variable * Move feature flag parsing to util * Fix formatting * Update supported feature flags * Rename feature_flags to experimental_client_feature_flags Additionally, use a caret (^) instead of an exclamation mark (!) to disable features * Fix formatting issue. * Add documentation to env template * Remove functionality to disable feature flags * Fix JSON key for feature states * Convert error to warning when feature flag is unrecognized * Simplify parsing of feature flags * Fix default value of feature flags in env template * Fix formatting
2024-01-01 15:44:02 +01:00
use rocket::{serde::json::Json, serde::json::Value, Catcher, Route};
First working version
2018-02-10 01:00:55 +01:00
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
use crate::{
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
api::{JsonResult, JsonUpcase, Notify, UpdateType},
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
auth::Headers,
db::DbConn,
error::Error,
Allow customizing the featureStates (#4168) * Allow customizing the featureStates Use a comma separated list of features to enable using the FEATURE_FLAGS env variable * Move feature flag parsing to util * Fix formatting * Update supported feature flags * Rename feature_flags to experimental_client_feature_flags Additionally, use a caret (^) instead of an exclamation mark (!) to disable features * Fix formatting issue. * Add documentation to env template * Remove functionality to disable feature flags * Fix JSON key for feature states * Convert error to warning when feature flag is unrecognized * Simplify parsing of feature flags * Fix default value of feature flags in env template * Fix formatting
2024-01-01 15:44:02 +01:00
util::{get_reqwest_client, parse_experimental_client_feature_flags},
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
};
First working version
2018-02-10 01:00:55 +01:00
Equivalent domains
2018-02-17 23:21:04 +01:00
#[derive(Serialize, Deserialize, Debug)]
#[allow(non_snake_case)]
struct GlobalDomain {
Type: i32,
Domains: Vec<String>,
Excluded: bool,
}
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123'
2018-12-18 01:53:21 +01:00
const GLOBAL_DOMAINS: &str = include_str!("../../static/global_domains.json");
Equivalent domains
2018-02-17 23:21:04 +01:00
First working version
2018-02-10 01:00:55 +01:00
#[get("/settings/domains")]
Remove unnecessary result return types
2021-03-27 16:07:26 +01:00
fn get_eq_domains(headers: Headers) -> Json<Value> {
Don't include excluded global equivalent domains during sync Fixes #681
2019-11-05 03:30:57 +01:00
_get_eq_domains(headers, false)
}
Remove unnecessary result return types
2021-03-27 16:07:26 +01:00
fn _get_eq_domains(headers: Headers, no_excluded: bool) -> Json<Value> {
Equivalent domains
2018-02-17 23:21:04 +01:00
let user = headers.user;
use serde_json::from_str;
let equivalent_domains: Vec<Vec<String>> = from_str(&user.equivalent_domains).unwrap();
let excluded_globals: Vec<i32> = from_str(&user.excluded_globals).unwrap();
let mut globals: Vec<GlobalDomain> = from_str(GLOBAL_DOMAINS).unwrap();
for global in &mut globals {
global.Excluded = excluded_globals.contains(&global.Type);
}
Don't include excluded global equivalent domains during sync Fixes #681
2019-11-05 03:30:57 +01:00
if no_excluded {
globals.retain(|g| !g.Excluded);
}
Remove unnecessary result return types
2021-03-27 16:07:26 +01:00
Json(json!({
Equivalent domains
2018-02-17 23:21:04 +01:00
"EquivalentDomains": equivalent_domains,
Added equivalent domains to /api/sync
2018-02-20 14:09:00 +01:00
"GlobalEquivalentDomains": globals,
"Object": "domains",
Remove unnecessary result return types
2021-03-27 16:07:26 +01:00
}))
First working version
2018-02-10 01:00:55 +01:00
}
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings
2018-02-23 00:38:54 +01:00
#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct EquivDomainData {
ExcludedGlobalEquivalentDomains: Option<Vec<i32>>,
EquivalentDomains: Option<Vec<Vec<String>>>,
}
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
#[post("/settings/domains", data = "<data>")]
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
async fn post_eq_domains(
data: JsonUpcase<EquivDomainData>,
headers: Headers,
mut conn: DbConn,
nt: Notify<'_>,
) -> JsonResult {
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time)
2018-06-01 00:18:50 +02:00
let data: EquivDomainData = data.into_inner().data;
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
Some style changes, removed useless matches and formats
2018-06-11 15:44:37 +02:00
let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or_default();
let equivalent_domains = data.EquivalentDomains.unwrap_or_default();
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
Equivalent domains
2018-02-17 23:21:04 +01:00
let mut user = headers.user;
use serde_json::to_string;
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
user.excluded_globals = to_string(&excluded_globals).unwrap_or_else(|_| "[]".to_string());
user.equivalent_domains = to_string(&equivalent_domains).unwrap_or_else(|_| "[]".to_string());
Equivalent domains
2018-02-17 23:21:04 +01:00
Update to diesel2
2022-05-20 23:39:47 +02:00
user.save(&mut conn).await?;
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
nt.send_user_update(UpdateType::SyncSettings, &user).await;
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
Ok(Json(json!({})))
First working version
2018-02-10 01:00:55 +01:00
}
Accept PUT and POST on /settings/domains, returns JsonResult, fixes saving Custom Equivalent Domains
2018-10-23 00:32:43 +02:00
#[put("/settings/domains", data = "<data>")]
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
async fn put_eq_domains(
data: JsonUpcase<EquivDomainData>,
headers: Headers,
conn: DbConn,
nt: Notify<'_>,
) -> JsonResult {
post_eq_domains(data, headers, conn, nt).await
Accept PUT and POST on /settings/domains, returns JsonResult, fixes saving Custom Equivalent Domains
2018-10-23 00:32:43 +02:00
}
Implement HIBP check [WIP]. Add extra security attributes to admin cookie. Error handling.
2019-01-20 15:36:33 +01:00
#[get("/hibp/breach?<username>")]
Change `String` to `&str` for all Rocket functions During setting the latest commit hash for Rocket and updating all the other crates, there were some messages regarding the usage of `String` for the Rocket endpoint function calls. I acted upon this message and changed all `String` types to `&str` and modified the code where needed. This ended up in less alloc calls, and probably also a bit less memory usage. - Updated all the crates and commit hashes - Modified all `String` to `&str` where applicable
2023-04-30 17:18:12 +02:00
async fn hibp_breach(username: &str) -> JsonResult {
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
let url = format!(
Resolve uninlined_format_args clippy warnings The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`. This PR resolves that by inlining all these items. It also looks nicer.
2022-12-29 14:11:52 +01:00
"https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false"
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
);
Implement HIBP check [WIP]. Add extra security attributes to admin cookie. Error handling.
2019-01-20 15:36:33 +01:00
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
if let Some(api_key) = crate::CONFIG.hibp_api_key() {
Extract client creation to a single place
2021-04-06 22:04:37 +02:00
let hibp_client = get_reqwest_client();
Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
let res = hibp_client.get(&url).header("hibp-api-key", api_key).send().await?;
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
// If we get a 404, return a 404, it means no breached accounts
if res.status() == 404 {
return Err(Error::empty().with_code(404));
}
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
let value: Value = res.error_for_status()?.json().await?;
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
Ok(Json(value))
} else {
Ok(Json(json!([{
Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
"Name": "HaveIBeenPwned",
Changed HIBP Error message. - Moved the manual link to the check to the top. - Clearified that hibp is a payed service. - Changed error logo to hibp logo.
2019-10-08 22:29:12 +02:00
"Title": "Manual HIBP Check",
Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
"Domain": "haveibeenpwned.com",
"BreachDate": "2019-08-18T00:00:00Z",
"AddedDate": "2019-08-18T00:00:00Z",
Resolve uninlined_format_args clippy warnings The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`. This PR resolves that by inlining all these items. It also looks nicer.
2022-12-29 14:11:52 +01:00
"Description": format!("Go to: <a href=\"https://haveibeenpwned.com/account/{username}\" target=\"_blank\" rel=\"noreferrer\">https://haveibeenpwned.com/account/{username}</a> for a manual check.<br/><br/>HaveIBeenPwned API key not set!<br/>Go to <a href=\"https://haveibeenpwned.com/API/Key\" target=\"_blank\" rel=\"noreferrer\">https://haveibeenpwned.com/API/Key</a> to purchase an API key from HaveIBeenPwned.<br/><br/>"),
Remove references to "bwrs" #2195 Squashed commit of the following: commit 1bdf1c7954e0731c95703d10118f3874ab5155d3 Merge: 8ba6e61 7257251 Author: Daniel García <dani-garcia@users.noreply.github.com> Date: Sun Jan 23 23:40:17 2022 +0100 Merge branch 'remove-bwrs' of https://github.com/RealOrangeOne/vaultwarden into RealOrangeOne-remove-bwrs commit 7257251ecf23af18deb894e8f2e5519a15360c76 Author: Jake Howard <git@theorangeone.net> Date: Thu Jan 6 17:48:18 2022 +0000 Use `or_else` to save potentially unnecessary function call commit 40ae81dd3c43a596375d5bfdcc00053e786328cc Author: Jake Howard <git@theorangeone.net> Date: Wed Jan 5 21:18:24 2022 +0000 Move $BWRS_VERSION fallback into build.rs commit 743ef74b307a662960f3ca1b9636f3608506516d Author: Jake Howard <git@theorangeone.net> Date: Sat Jan 1 23:08:27 2022 +0000 Revert "Add feature to enable use of `Option::or` in const context" This reverts commit fe8e043b8aaf77c083747bf11760f29b53df0bba. We want to run on stable soon, where these features are not supported commit a1f0da638c8b6ba32209318b105bde1efdd47082 Author: Jake Howard <git@theorangeone.net> Date: Sat Jan 1 13:04:47 2022 +0000 Rename web vault version file https://github.com/dani-garcia/bw_web_builds/pull/58 commit fe8e043b8aaf77c083747bf11760f29b53df0bba Author: Jake Howard <git@theorangeone.net> Date: Sat Jan 1 12:56:44 2022 +0000 Add feature to enable use of `Option::or` in const context commit 687435c8b2b995e90bf6f0ee619bc305e37bc183 Author: Jake Howard <git@theorangeone.net> Date: Sat Jan 1 12:27:28 2022 +0000 Continue to allow using `$BWRS_VERSION` commit 8e2f708e5037db8071251c582ebaf1a97d8e5923 Author: Jake Howard <git@theorangeone.net> Date: Fri Dec 31 11:41:34 2021 +0000 Remove references to "bwrs" The only remaining one is getting the version of the web vault, which requires coordinating with the web vault patching.
2022-01-23 23:40:59 +01:00
"LogoPath": "vw_static/hibp.png",
Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
"PwnCount": 0,
"DataClasses": [
Changed HIBP Error message. - Moved the manual link to the check to the top. - Clearified that hibp is a payed service. - Changed error logo to hibp logo.
2019-10-08 22:29:12 +02:00
"Error - No API key set!"
Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
]
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
}])))
Allow changing error codes and create an empty error. Return 404 instead of 400 when no accounts breached.
2019-03-14 00:17:36 +01:00
}
Implement HIBP check [WIP]. Add extra security attributes to admin cookie. Error handling.
2019-01-20 15:36:33 +01:00
}
Add `/api/{alive,now,version}` endpoints The added endpoints work the same as in their upstream implementations. Upstream also implements `/api/ip`. This seems to include the server's public IP address (the one that should be hidden behind Cloudflare), which doesn't seem like a great idea.
2022-04-24 08:47:49 +02:00
// We use DbConn here to let the alive healthcheck also verify the database connection.
#[get("/alive")]
fn alive(_conn: DbConn) -> Json<String> {
now()
}
#[get("/now")]
pub fn now() -> Json<String> {
Json(crate::util::format_date(&chrono::Utc::now().naive_utc()))
}
#[get("/version")]
fn version() -> Json<&'static str> {
Json(crate::VERSION.unwrap_or_default())
}
Implement config endpoint
2022-09-08 17:38:00 +02:00
#[get("/config")]
fn config() -> Json<Value> {
let domain = crate::CONFIG.domain();
Allow customizing the featureStates (#4168) * Allow customizing the featureStates Use a comma separated list of features to enable using the FEATURE_FLAGS env variable * Move feature flag parsing to util * Fix formatting * Update supported feature flags * Rename feature_flags to experimental_client_feature_flags Additionally, use a caret (^) instead of an exclamation mark (!) to disable features * Fix formatting issue. * Add documentation to env template * Remove functionality to disable feature flags * Fix JSON key for feature states * Convert error to warning when feature flag is unrecognized * Simplify parsing of feature flags * Fix default value of feature flags in env template * Fix formatting
2024-01-01 15:44:02 +01:00
let feature_states = parse_experimental_client_feature_flags(&crate::CONFIG.experimental_client_feature_flags());
Implement config endpoint
2022-09-08 17:38:00 +02:00
Json(json!({
Implement cipher key encryption (#3990)
2023-10-23 00:18:14 +02:00
// Note: The clients use this version to handle backwards compatibility concerns
// This means they expect a version that closely matches the Bitwarden server version
// We should make sure that we keep this updated when we support the new server features
// Version history:
// - Individual cipher key encryption: 2023.9.1
"version": "2023.9.1",
Use optional env as this variable isn't defined during CI
2022-09-08 18:01:27 +02:00
"gitHash": option_env!("GIT_REV"),
Implement config endpoint
2022-09-08 17:38:00 +02:00
"server": {
"name": "Vaultwarden",
Disable autofill-v2 (#4056) Disabled autofill-v2 as it seems to cause strange issues as reported here: https://github.com/dani-garcia/vaultwarden/discussions/4052 Also added the Vaultwarden server version back again but at a different location. Fixes #4052
2023-11-09 00:16:27 +01:00
"url": "https://github.com/dani-garcia/vaultwarden",
"version": crate::VERSION
Implement config endpoint
2022-09-08 17:38:00 +02:00
},
"environment": {
"vault": domain,
"api": format!("{domain}/api"),
"identity": format!("{domain}/identity"),
"notifications": format!("{domain}/notifications"),
"sso": "",
},
Allow customizing the featureStates (#4168) * Allow customizing the featureStates Use a comma separated list of features to enable using the FEATURE_FLAGS env variable * Move feature flag parsing to util * Fix formatting * Update supported feature flags * Rename feature_flags to experimental_client_feature_flags Additionally, use a caret (^) instead of an exclamation mark (!) to disable features * Fix formatting issue. * Add documentation to env template * Remove functionality to disable feature flags * Fix JSON key for feature states * Convert error to warning when feature flag is unrecognized * Simplify parsing of feature flags * Fix default value of feature flags in env template * Fix formatting
2024-01-01 15:44:02 +01:00
"featureStates": feature_states,
Fix the web-vault v2023.2.0 API calls - Supports the new Collection/Group/User editing UI's - Support `/partial` endpoint for cipher updating to allow folder and favorite update for read-only ciphers. - Prevent `Favorite`, `Folder`, `read-only` and `hide-passwords` from being added to the organizational sync. - Added and corrected some `Object` key's to the output json. Fixes #3279
2023-02-27 16:37:58 +01:00
"object": "config",
Implement config endpoint
2022-09-08 17:38:00 +02:00
}))
}
add api_not_found catcher for 404 errors in /api
2022-09-25 10:55:55 +02:00
pub fn catchers() -> Vec<Catcher> {
catchers![api_not_found]
}
#[catch(404)]
fn api_not_found() -> Json<Value> {
Json(json!({
"error": {
"code": 404,
"reason": "Not Found",
"description": "The requested resource could not be found."
}
}))
}
Reference in a new issue Copy permalink