From 155109dea120e109e1e027d4e1312b6adad4c231 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Tue, 6 Apr 2021 21:04:37 +0100 Subject: [PATCH 1/3] Extract client creation to a single place --- src/api/admin.rs | 10 ++++------ src/api/core/mod.rs | 7 ++----- src/api/core/two_factor/duo.rs | 14 +++++++------- src/api/icons.rs | 6 +++--- src/util.rs | 19 +++++++++++++++++-- 5 files changed, 33 insertions(+), 23 deletions(-) diff --git a/src/api/admin.rs b/src/api/admin.rs index d5a743c9..af0d8ebc 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -3,7 +3,7 @@ use serde::de::DeserializeOwned; use serde_json::Value; use std::{env, time::Duration}; -use reqwest::{blocking::Client, header::USER_AGENT}; + use rocket::{ http::{Cookie, Cookies, SameSite}, request::{self, FlashMessage, Form, FromRequest, Outcome, Request}, @@ -19,7 +19,7 @@ use crate::{ db::{backup_database, get_sql_server_version, models::*, DbConn, DbConnType}, error::{Error, MapResult}, mail, - util::{format_naive_datetime_local, get_display_size, is_running_in_docker}, + util::{format_naive_datetime_local, get_display_size, is_running_in_docker, get_reqwest_client}, CONFIG, }; @@ -469,24 +469,22 @@ struct GitCommit { } fn get_github_api(url: &str) -> Result { - let github_api = Client::builder().build()?; + let github_api = get_reqwest_client(); Ok(github_api .get(url) .timeout(Duration::from_secs(10)) - .header(USER_AGENT, "Bitwarden_RS") .send()? .error_for_status()? .json::()?) } fn has_http_access() -> bool { - let http_access = Client::builder().build().unwrap(); + let http_access = get_reqwest_client(); match http_access .head("https://github.com/dani-garcia/bitwarden_rs") .timeout(Duration::from_secs(10)) - .header(USER_AGENT, "Bitwarden_RS") .send() { Ok(r) => r.status().is_success(), diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 2964d4fb..d24d8cdf 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -43,6 +43,7 @@ use crate::{ auth::Headers, db::DbConn, error::Error, + util::get_reqwest_client, }; #[put("/devices/identifier//clear-token")] @@ -147,20 +148,16 @@ fn put_eq_domains(data: JsonUpcase, headers: Headers, conn: DbC #[get("/hibp/breach?")] fn hibp_breach(username: String) -> JsonResult { - let user_agent = "Bitwarden_RS"; let url = format!( "https://haveibeenpwned.com/api/v3/breachedaccount/{}?truncateResponse=false&includeUnverified=false", username ); - use reqwest::{blocking::Client, header::USER_AGENT}; - if let Some(api_key) = crate::CONFIG.hibp_api_key() { - let hibp_client = Client::builder().build()?; + let hibp_client = get_reqwest_client(); let res = hibp_client .get(&url) - .header(USER_AGENT, user_agent) .header("hibp-api-key", api_key) .send()?; diff --git a/src/api/core/two_factor/duo.rs b/src/api/core/two_factor/duo.rs index 18eda4b2..688ab785 100644 --- a/src/api/core/two_factor/duo.rs +++ b/src/api/core/two_factor/duo.rs @@ -12,6 +12,7 @@ use crate::{ DbConn, }, error::MapResult, + util::get_reqwest_client, CONFIG, }; @@ -185,9 +186,7 @@ fn activate_duo_put(data: JsonUpcase, headers: Headers, conn: DbC } fn duo_api_request(method: &str, path: &str, params: &str, data: &DuoData) -> EmptyResult { - const AGENT: &str = "bitwarden_rs:Duo/1.0 (Rust)"; - - use reqwest::{blocking::Client, header::*, Method}; + use reqwest::{header, Method}; use std::str::FromStr; // https://duo.com/docs/authapi#api-details @@ -199,11 +198,12 @@ fn duo_api_request(method: &str, path: &str, params: &str, data: &DuoData) -> Em let m = Method::from_str(method).unwrap_or_default(); - Client::new() - .request(m, &url) + let client = get_reqwest_client(); + + client.request(m, &url) .basic_auth(username, Some(password)) - .header(USER_AGENT, AGENT) - .header(DATE, date) + .header(header::USER_AGENT, "bitwarden_rs:Duo/1.0 (Rust)") + .header(header::DATE, date) .send()? .error_for_status()?; diff --git a/src/api/icons.rs b/src/api/icons.rs index 3f8a41e1..59aba43e 100644 --- a/src/api/icons.rs +++ b/src/api/icons.rs @@ -12,7 +12,7 @@ use regex::Regex; use reqwest::{blocking::Client, blocking::Response, header, Url}; use rocket::{http::ContentType, http::Cookie, response::Content, Route}; -use crate::{error::Error, util::Cached, CONFIG}; +use crate::{error::Error, util::{Cached, get_reqwest_client_builder}, CONFIG}; pub fn routes() -> Vec { routes![icon] @@ -28,11 +28,11 @@ static CLIENT: Lazy = Lazy::new(|| { default_headers.insert(header::ACCEPT, header::HeaderValue::from_static("text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,image/apng,*/*;q=0.8")); // Reuse the client between requests - Client::builder() + get_reqwest_client_builder() .timeout(Duration::from_secs(CONFIG.icon_download_timeout())) .default_headers(default_headers) .build() - .unwrap() + .expect("Failed to build icon client") }); // Build Regex only once since this takes a lot of time. diff --git a/src/util.rs b/src/util.rs index feafa467..6dd6c4a7 100644 --- a/src/util.rs +++ b/src/util.rs @@ -478,7 +478,6 @@ pub fn retry(func: F, max_tries: u32) -> Result where F: Fn() -> Result, { - use std::{thread::sleep, time::Duration}; let mut tries = 0; loop { @@ -497,12 +496,13 @@ where } } +use std::{thread::sleep, time::Duration}; + pub fn retry_db(func: F, max_tries: u32) -> Result where F: Fn() -> Result, E: std::error::Error, { - use std::{thread::sleep, time::Duration}; let mut tries = 0; loop { @@ -522,3 +522,18 @@ where } } } + +use reqwest::{blocking::{Client, ClientBuilder}, header}; + +pub fn get_reqwest_client() -> Client { + get_reqwest_client_builder().build().expect("Failed to build client") +} + +pub fn get_reqwest_client_builder() -> ClientBuilder { + let mut headers = header::HeaderMap::new(); + headers.insert(header::USER_AGENT, header::HeaderValue::from_static("Bitwarden_RS")); + Client::builder() + .default_headers(headers) + .timeout(Duration::from_secs(10)) + +} From f7056bcaa5d9e699f667994592ffb4bc02619a1e Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 7 Apr 2021 19:25:02 +0100 Subject: [PATCH 2/3] Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy --- Cargo.lock | 39 +++++++++++++++++++++++++++++++++++++++ Cargo.toml | 2 +- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 7a18fadc..4c982ca5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -563,6 +563,12 @@ version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f" +[[package]] +name = "either" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" + [[package]] name = "encoding_rs" version = "0.8.28" @@ -2213,6 +2219,7 @@ dependencies = [ "serde_urlencoded", "tokio", "tokio-native-tls", + "tokio-socks", "tokio-util", "url 2.2.1", "wasm-bindgen", @@ -2767,6 +2774,26 @@ dependencies = [ "utf-8", ] +[[package]] +name = "thiserror" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0f4a65597094d4483ddaed134f409b2cb7c1beccf25201a9f73c719254fa98e" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0" +dependencies = [ + "proc-macro2 1.0.24", + "quote 1.0.9", + "syn 1.0.65", +] + [[package]] name = "threadpool" version = "1.8.1" @@ -2865,6 +2892,18 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-socks" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51165dfa029d2a65969413a6cc96f354b86b464498702f174a4efa13608fd8c0" +dependencies = [ + "either", + "futures-util", + "thiserror", + "tokio", +] + [[package]] name = "tokio-util" version = "0.6.5" diff --git a/Cargo.toml b/Cargo.toml index 4edffc42..84c08806 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,7 +32,7 @@ rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false } rocket_contrib = "0.5.0-dev" # HTTP client -reqwest = { version = "0.11.2", features = ["blocking", "json", "gzip", "brotli"] } +reqwest = { version = "0.11.2", features = ["blocking", "json", "gzip", "brotli", "socks"] } # multipart/form-data support multipart = { version = "0.17.1", features = ["server"], default-features = false } From 244bad3a24300792b74d4d51c7a90bfafba3842f Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Fri, 9 Apr 2021 22:30:39 -0700 Subject: [PATCH 3/3] Warn that the SQLite backup feature doesn't produce a complete backup Also add a link to the wiki page on backups. --- src/static/templates/admin/settings.hbs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/static/templates/admin/settings.hbs b/src/static/templates/admin/settings.hbs index 0b8c6277..e19c2c39 100644 --- a/src/static/templates/admin/settings.hbs +++ b/src/static/templates/admin/settings.hbs @@ -116,7 +116,11 @@ data-target="#g_database">Backup Database
- NOTE: A local installation of sqlite3 is required for this section to work. + WARNING: This function only creates a backup copy of the SQLite database. + This does not include any configuration or file attachment data that may + also be needed to fully restore a bitwarden_rs instance. For details on + how to perform complete backups, refer to the wiki page on + backups.