mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-12-14 17:43:46 +01:00
Merge pull request #221 from mprasil/ws_disable
Disable WebSockets negotiation by default
This commit is contained in:
commit
eb48a3fac2
3 changed files with 31 additions and 12 deletions
13
README.md
13
README.md
|
@ -212,12 +212,23 @@ docker run -d --name bitwarden \
|
||||||
*Important: This does not apply to the mobile clients, which use push notifications.*
|
*Important: This does not apply to the mobile clients, which use push notifications.*
|
||||||
|
|
||||||
To enable WebSockets notifications, an external reverse proxy is necessary, and it must be configured to do the following:
|
To enable WebSockets notifications, an external reverse proxy is necessary, and it must be configured to do the following:
|
||||||
- Route the `/notifications/hub` endpoint to the WebSocket server, by default at port `3012`, making sure to pass the `Connection` and `Upgrade` headers.
|
- Route the `/notifications/hub` endpoint to the WebSocket server, by default at port `3012`, making sure to pass the `Connection` and `Upgrade` headers. (Note the port can be changed with `WEBSOCKET_PORT` variable)
|
||||||
- Route everything else, including `/notifications/hub/negotiate`, to the standard Rocket server, by default at port `80`.
|
- Route everything else, including `/notifications/hub/negotiate`, to the standard Rocket server, by default at port `80`.
|
||||||
- If using Docker, you may need to map both ports with the `-p` flag
|
- If using Docker, you may need to map both ports with the `-p` flag
|
||||||
|
|
||||||
Example configurations are included in the [PROXY.md](https://github.com/dani-garcia/bitwarden_rs/blob/master/PROXY.md) file.
|
Example configurations are included in the [PROXY.md](https://github.com/dani-garcia/bitwarden_rs/blob/master/PROXY.md) file.
|
||||||
|
|
||||||
|
Then you need to enable WebSockets negotiation on the bitwarden_rs side by setting the `WEBSOCKET_ENABLED` variable to `true`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run -d --name bitwarden \
|
||||||
|
-e WEBSOCKET_ENABLED=true \
|
||||||
|
-v /bw-data/:/data/ \
|
||||||
|
-p 80:80 \
|
||||||
|
-p 3012:3012 \
|
||||||
|
mprasil/bitwarden:latest
|
||||||
|
```
|
||||||
|
|
||||||
Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though [it's a planned feature](https://github.com/SergioBenitez/Rocket/issues/90)), which forces us to launch a secondary server on a separate port.
|
Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though [it's a planned feature](https://github.com/SergioBenitez/Rocket/issues/90)), which forces us to launch a secondary server on a separate port.
|
||||||
|
|
||||||
### Enabling U2F authentication
|
### Enabling U2F authentication
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
use rocket::Route;
|
use rocket::Route;
|
||||||
use rocket_contrib::Json;
|
use rocket_contrib::Json;
|
||||||
|
use serde_json::Value as JsonValue;
|
||||||
|
|
||||||
use api::JsonResult;
|
use api::JsonResult;
|
||||||
use auth::Headers;
|
use auth::Headers;
|
||||||
|
@ -22,17 +23,20 @@ fn negotiate(_headers: Headers, _conn: DbConn) -> JsonResult {
|
||||||
use data_encoding::BASE64URL;
|
use data_encoding::BASE64URL;
|
||||||
|
|
||||||
let conn_id = BASE64URL.encode(&crypto::get_random(vec![0u8; 16]));
|
let conn_id = BASE64URL.encode(&crypto::get_random(vec![0u8; 16]));
|
||||||
|
let mut available_transports: Vec<JsonValue> = Vec::new();
|
||||||
|
|
||||||
|
if CONFIG.websocket_enabled {
|
||||||
|
available_transports.push(json!({"transport":"WebSockets", "transferFormats":["Text","Binary"]}));
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: Implement transports
|
// TODO: Implement transports
|
||||||
// Rocket WS support: https://github.com/SergioBenitez/Rocket/issues/90
|
// Rocket WS support: https://github.com/SergioBenitez/Rocket/issues/90
|
||||||
// Rocket SSE support: https://github.com/SergioBenitez/Rocket/issues/33
|
// Rocket SSE support: https://github.com/SergioBenitez/Rocket/issues/33
|
||||||
|
// {"transport":"ServerSentEvents", "transferFormats":["Text"]},
|
||||||
|
// {"transport":"LongPolling", "transferFormats":["Text","Binary"]}
|
||||||
Ok(Json(json!({
|
Ok(Json(json!({
|
||||||
"connectionId": conn_id,
|
"connectionId": conn_id,
|
||||||
"availableTransports":[
|
"availableTransports": available_transports
|
||||||
{"transport":"WebSockets", "transferFormats":["Text","Binary"]},
|
|
||||||
// {"transport":"ServerSentEvents", "transferFormats":["Text"]},
|
|
||||||
// {"transport":"LongPolling", "transferFormats":["Text","Binary"]}
|
|
||||||
]
|
|
||||||
})))
|
})))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -356,12 +360,14 @@ pub fn start_notification_server() -> WebSocketUsers {
|
||||||
let factory = WSFactory::init();
|
let factory = WSFactory::init();
|
||||||
let users = factory.users.clone();
|
let users = factory.users.clone();
|
||||||
|
|
||||||
thread::spawn(move || {
|
if CONFIG.websocket_enabled {
|
||||||
WebSocket::new(factory)
|
thread::spawn(move || {
|
||||||
.unwrap()
|
WebSocket::new(factory)
|
||||||
.listen(&CONFIG.websocket_url)
|
.unwrap()
|
||||||
.unwrap();
|
.listen(&CONFIG.websocket_url)
|
||||||
});
|
.unwrap();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
users
|
users
|
||||||
}
|
}
|
||||||
|
|
|
@ -232,6 +232,7 @@ pub struct Config {
|
||||||
web_vault_folder: String,
|
web_vault_folder: String,
|
||||||
web_vault_enabled: bool,
|
web_vault_enabled: bool,
|
||||||
|
|
||||||
|
websocket_enabled: bool,
|
||||||
websocket_url: String,
|
websocket_url: String,
|
||||||
|
|
||||||
local_icon_extractor: bool,
|
local_icon_extractor: bool,
|
||||||
|
@ -269,6 +270,7 @@ impl Config {
|
||||||
web_vault_folder: get_env_or("WEB_VAULT_FOLDER", "web-vault/".into()),
|
web_vault_folder: get_env_or("WEB_VAULT_FOLDER", "web-vault/".into()),
|
||||||
web_vault_enabled: get_env_or("WEB_VAULT_ENABLED", true),
|
web_vault_enabled: get_env_or("WEB_VAULT_ENABLED", true),
|
||||||
|
|
||||||
|
websocket_enabled: get_env_or("WEBSOCKET_ENABLED", false),
|
||||||
websocket_url: format!("{}:{}", get_env_or("WEBSOCKET_ADDRESS", "0.0.0.0".to_string()), get_env_or("WEBSOCKET_PORT", 3012)),
|
websocket_url: format!("{}:{}", get_env_or("WEBSOCKET_ADDRESS", "0.0.0.0".to_string()), get_env_or("WEBSOCKET_PORT", 3012)),
|
||||||
|
|
||||||
local_icon_extractor: get_env_or("LOCAL_ICON_EXTRACTOR", false),
|
local_icon_extractor: get_env_or("LOCAL_ICON_EXTRACTOR", false),
|
||||||
|
|
Loading…
Reference in a new issue