bitwarden_rs/src/api/core/mod.rs

mod accounts;
mod ciphers;
mod folders;
mod organizations;
pub(crate) mod two_factor;

use self::accounts::*;
use self::ciphers::*;
use self::folders::*;
use self::organizations::*;
use self::two_factor::*;

pub fn routes() -> Vec<Route> {
    routes![
        register,
        profile,
        put_profile,
        post_profile,
        get_public_keys,
        post_keys,
        post_password,
        post_kdf,
        post_sstamp,
        post_email_token,
        post_email,
        delete_account,
        post_delete_account,
        revision_date,
        password_hint,
        prelogin,

        sync,
        sync_no_query,

        get_ciphers,
        get_cipher,
        get_cipher_admin,
        get_cipher_details,
        post_ciphers,
        put_cipher_admin,
        post_ciphers_admin,
        post_ciphers_import,
        post_attachment,
        post_attachment_admin,
        post_attachment_share,
        delete_attachment_post,
        delete_attachment_post_admin,
        delete_attachment,
        delete_attachment_admin,
        post_cipher_admin,
        post_cipher_share,
        put_cipher_share,
        put_cipher_share_seleted,
        post_cipher,
        put_cipher,
        delete_cipher_post,
        delete_cipher_post_admin,
        delete_cipher,
        delete_cipher_admin,
        delete_cipher_selected,
        delete_cipher_selected_post,
        delete_all,
        move_cipher_selected,
        move_cipher_selected_put,

        get_folders,
        get_folder,
        post_folders,
        post_folder,
        put_folder,
        delete_folder_post,
        delete_folder,

        get_twofactor,
        get_recover,
        recover,
        disable_twofactor,
        disable_twofactor_put,
        generate_authenticator,
        activate_authenticator,
        activate_authenticator_put,
        generate_u2f,
        activate_u2f,
        activate_u2f_put,

        get_organization,
        create_organization,
        delete_organization,
        post_delete_organization,
        leave_organization,
        get_user_collections,
        get_org_collections,
        get_org_collection_detail,
        get_collection_users,
        put_organization,
        post_organization,
        post_organization_collections,
        delete_organization_collection_user,
        post_organization_collection_delete_user,
        post_organization_collection_update,
        put_organization_collection_update,
        delete_organization_collection,
        post_organization_collection_delete,
        post_collections_update,
        post_collections_admin,
        put_collections_admin,
        get_org_details,
        get_org_users,
        send_invite,
        confirm_invite,
        get_user,
        edit_user,
        put_organization_user,
        delete_user,
        post_delete_user,
        post_reinvite_user,
        post_org_import,

        clear_device_token,
        put_device_token,

        get_eq_domains,
        post_eq_domains,

    ]
}

///
/// Move this somewhere else
///

use rocket::Route;

use rocket_contrib::{Json, Value};

use db::DbConn;
use db::models::*;

use api::{JsonResult, EmptyResult, JsonUpcase};
use auth::Headers;

#[put("/devices/identifier/<uuid>/clear-token", data = "<data>")]
fn clear_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
    let _data: Value = data.into_inner();
    
    let device = match Device::find_by_uuid(&uuid, &conn) {
        Some(device) => device,
        None => err!("Device not found")
    };

    if device.user_uuid != headers.user.uuid {
        err!("Device not owned by user")
    }

    match device.delete(&conn) {
        Ok(()) => Ok(()),
        Err(_) => err!("Failed deleting device")
    }
}

#[put("/devices/identifier/<uuid>/token", data = "<data>")]
fn put_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> JsonResult {
    let _data: Value = data.into_inner();
    
    let device = match Device::find_by_uuid(&uuid, &conn) {
        Some(device) => device,
        None => err!("Device not found")
    };

    if device.user_uuid != headers.user.uuid {
        err!("Device not owned by user")
    }

    // TODO: What does this do?

    err!("Not implemented")
}

#[derive(Serialize, Deserialize, Debug)]
#[allow(non_snake_case)]
struct GlobalDomain {
    Type: i32,
    Domains: Vec<String>,
    Excluded: bool,
}

const GLOBAL_DOMAINS: &str = include_str!("global_domains.json");

#[get("/settings/domains")]
fn get_eq_domains(headers: Headers) -> JsonResult {
    let user = headers.user;
    use serde_json::from_str;

    let equivalent_domains: Vec<Vec<String>> = from_str(&user.equivalent_domains).unwrap();
    let excluded_globals: Vec<i32> = from_str(&user.excluded_globals).unwrap();

    let mut globals: Vec<GlobalDomain> = from_str(GLOBAL_DOMAINS).unwrap();

    for global in &mut globals {
        global.Excluded = excluded_globals.contains(&global.Type);
    }

    Ok(Json(json!({
        "EquivalentDomains": equivalent_domains,
        "GlobalEquivalentDomains": globals,
        "Object": "domains",
    })))
}


#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct EquivDomainData {
    ExcludedGlobalEquivalentDomains: Option<Vec<i32>>,
    EquivalentDomains: Option<Vec<Vec<String>>>,
}

#[post("/settings/domains", data = "<data>")]
fn post_eq_domains(data: JsonUpcase<EquivDomainData>, headers: Headers, conn: DbConn) -> EmptyResult {
    let data: EquivDomainData = data.into_inner().data;

    let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or_default();
    let equivalent_domains = data.EquivalentDomains.unwrap_or_default();

    let mut user = headers.user;
    use serde_json::to_string;

    user.excluded_globals = to_string(&excluded_globals).unwrap_or("[]".to_string());
    user.equivalent_domains = to_string(&equivalent_domains).unwrap_or("[]".to_string());

    match user.save(&conn) {
        Ok(()) => Ok(()),
        Err(_) => err!("Failed to save user")
    }

}
First working version 2018-02-10 00:00:55 +00:00			`mod accounts;`
			`mod ciphers;`
			`mod folders;`
Some initial work on organizations, nothing works yet 2018-02-17 21:30:19 +00:00			`mod organizations;`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`pub(crate) mod two_factor;`
First working version 2018-02-10 00:00:55 +00:00
			`use self::accounts::*;`
			`use self::ciphers::*;`
			`use self::folders::*;`
Some initial work on organizations, nothing works yet 2018-02-17 21:30:19 +00:00			`use self::organizations::*;`
First working version 2018-02-10 00:00:55 +00:00			`use self::two_factor::*;`

			`pub fn routes() -> Vec<Route> {`
			`routes![`
			`register,`
			`profile,`
Add PUT alias for profile update 2018-08-15 15:10:40 +00:00			`put_profile,`
Implemented API endpoints to modify profile name and hint, and to change email address, fixes #43 2018-06-16 22:06:59 +00:00			`post_profile,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`get_public_keys,`
First working version 2018-02-10 00:00:55 +00:00			`post_keys,`
			`post_password,`
Implement KDF iterations change (Fixes #195) 2018-09-19 15:30:14 +00:00			`post_kdf,`
First working version 2018-02-10 00:00:55 +00:00			`post_sstamp,`
Implemented API endpoints to modify profile name and hint, and to change email address, fixes #43 2018-06-16 22:06:59 +00:00			`post_email_token,`
First working version 2018-02-10 00:00:55 +00:00			`post_email,`
			`delete_account,`
Add alias for DELETE call on accounts 2018-09-18 10:13:45 +00:00			`post_delete_account,`
First working version 2018-02-10 00:00:55 +00:00			`revision_date,`
Make password hints available in the error message #85 2018-08-10 13:21:42 +00:00			`password_hint,`
Implemented basic support for prelogin and notification negotiation 2018-08-24 17:02:34 +00:00			`prelogin,`
First working version 2018-02-10 00:00:55 +00:00
			`sync,`
Fix /sync without query string 2018-10-18 22:54:40 +00:00			`sync_no_query,`
First working version 2018-02-10 00:00:55 +00:00
			`get_ciphers,`
			`get_cipher,`
Implemented some admin methods, inserted CollectionsUsers only when Org accessAll == false, and implemented find_collection when user has access_all in Org 2018-05-04 17:25:50 +00:00			`get_cipher_admin,`
Support editing collections from user vault 2018-05-17 22:03:08 +00:00			`get_cipher_details,`
First working version 2018-02-10 00:00:55 +00:00			`post_ciphers,`
Add PUT alias for editing cipher 2018-08-15 13:27:37 +00:00			`put_cipher_admin,`
Add support for adding and viewing of org ciphers 2018-04-27 11:49:34 +00:00			`post_ciphers_admin,`
First working version 2018-02-10 00:00:55 +00:00			`post_ciphers_import,`
			`post_attachment,`
Very dirty addition of missing api's 2018-07-14 06:09:20 +00:00			`post_attachment_admin,`
			`post_attachment_share,`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`delete_attachment_post,`
Very dirty addition of missing api's 2018-07-14 06:09:20 +00:00			`delete_attachment_post_admin,`
First working version 2018-02-10 00:00:55 +00:00			`delete_attachment,`
Add DELETE handlers fo cipher and attachment deletion (fixes #158) (#160) 2018-08-28 22:48:53 +00:00			`delete_attachment_admin,`
Implemented some admin methods, inserted CollectionsUsers only when Org accessAll == false, and implemented find_collection when user has access_all in Org 2018-05-04 17:25:50 +00:00			`post_cipher_admin,`
Implement cipher sharing 2018-05-14 15:13:59 +00:00			`post_cipher_share,`
Implemented PUT for single cipher sharing (#97) 2018-08-01 18:37:14 +00:00			`put_cipher_share,`
Revert "Merge branch 'beta' of https://github.com/krankur/bitwarden_rs into beta" This reverts commit 3fd3d8d5e9e424ebe976a33a86d8fa42e8d8b7f6. 2018-08-13 11:35:41 +00:00			`put_cipher_share_seleted,`
First working version 2018-02-10 00:00:55 +00:00			`post_cipher,`
			`put_cipher,`
Finished work on ciphers (import, update, and the missing types) 2018-02-15 23:32:26 +00:00			`delete_cipher_post,`
Implement delete-admin call 2018-07-01 11:43:11 +00:00			`delete_cipher_post_admin,`
Updated Cipher API with breaking changes, and included backwards compatibility 2018-03-05 23:02:36 +00:00			`delete_cipher,`
Add DELETE handlers fo cipher and attachment deletion (fixes #158) (#160) 2018-08-28 22:48:53 +00:00			`delete_cipher_admin,`
Updated Cipher API with breaking changes, and included backwards compatibility 2018-03-05 23:02:36 +00:00			`delete_cipher_selected,`
clean up 2018-08-03 14:01:01 +00:00			`delete_cipher_selected_post,`
First working version 2018-02-10 00:00:55 +00:00			`delete_all,`
Add bulk move and bulk delete 2018-04-19 14:32:11 +00:00			`move_cipher_selected,`
Reverting removal of 'api/ciphers/move' POST as it is required for backward compatibility 2018-08-01 05:51:05 +00:00			`move_cipher_selected_put,`
First working version 2018-02-10 00:00:55 +00:00
			`get_folders,`
			`get_folder,`
			`post_folders,`
			`post_folder,`
			`put_folder,`
			`delete_folder_post,`
			`delete_folder,`

			`get_twofactor,`
			`get_recover,`
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 18:05:57 +00:00			`recover,`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`disable_twofactor,`
Implemented PUT for /two-factor/authenticator and /two-factor/disable 2018-08-10 17:49:07 +00:00			`disable_twofactor_put,`
First working version 2018-02-10 00:00:55 +00:00			`generate_authenticator,`
			`activate_authenticator,`
Implemented PUT for /two-factor/authenticator and /two-factor/disable 2018-08-10 17:49:07 +00:00			`activate_authenticator_put,`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`generate_u2f,`
			`activate_u2f,`
Implemented PUT for u2f registration 2018-08-13 13:26:01 +00:00			`activate_u2f_put,`
First working version 2018-02-10 00:00:55 +00:00
Adding some oganization features 2018-04-20 16:35:11 +00:00			`get_organization,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`create_organization,`
Added org user editing 2018-04-24 22:34:40 +00:00			`delete_organization,`
Add couple more aliases for PUTs and DELETEs 2018-08-13 15:45:30 +00:00			`post_delete_organization,`
Implement leave organization (accessed from the bottom of the user's settings page) 2018-07-11 14:30:03 +00:00			`leave_organization,`
Some initial work on organizations, nothing works yet 2018-02-17 21:30:19 +00:00			`get_user_collections,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`get_org_collections,`
Adding some oganization features 2018-04-20 16:35:11 +00:00			`get_org_collection_detail,`
Added org user editing 2018-04-24 22:34:40 +00:00			`get_collection_users,`
Add PUT alias for Organization updates 2018-08-21 12:25:52 +00:00			`put_organization,`
Adding some oganization features 2018-04-20 16:35:11 +00:00			`post_organization,`
			`post_organization_collections,`
Add couple more aliases for PUTs and DELETEs 2018-08-13 15:45:30 +00:00			`delete_organization_collection_user,`
Support listing and deleting users from collection 2018-05-29 15:01:38 +00:00			`post_organization_collection_delete_user,`
Adding some oganization features 2018-04-20 16:35:11 +00:00			`post_organization_collection_update,`
Add couple more aliases for PUTs and DELETEs 2018-08-13 15:45:30 +00:00			`put_organization_collection_update,`
			`delete_organization_collection,`
Implement deleting collections 2018-05-16 22:05:50 +00:00			`post_organization_collection_delete,`
Support editing collections from user vault 2018-05-17 22:03:08 +00:00			`post_collections_update,`
Implement Collection-Cipher mapping 2018-05-09 10:55:05 +00:00			`post_collections_admin,`
add alias for PUT collections-admin 2018-08-13 15:00:10 +00:00			`put_collections_admin,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`get_org_details,`
			`get_org_users,`
			`send_invite,`
			`confirm_invite,`
Added org user editing 2018-04-24 22:34:40 +00:00			`get_user,`
			`edit_user,`
Add couple more aliases for PUTs and DELETEs 2018-08-13 15:45:30 +00:00			`put_organization_user,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`delete_user,`
Add couple more aliases for PUTs and DELETEs 2018-08-13 15:45:30 +00:00			`post_delete_user,`
Return proper error message for org reinvite 2018-10-05 09:38:02 +00:00			`post_reinvite_user,`
Implement organization import for admins and owners (Fixes #178) 2018-09-13 13:16:24 +00:00			`post_org_import,`
First working version 2018-02-10 00:00:55 +00:00
			`clear_device_token,`
			`put_device_token,`

			`get_eq_domains,`
Adding some oganization features 2018-04-20 16:35:11 +00:00			`post_eq_domains,`

First working version 2018-02-10 00:00:55 +00:00			`]`
			`}`

			`///`
			`/// Move this somewhere else`
			`///`

			`use rocket::Route;`

Improved two factor auth 2018-06-01 13:08:03 +00:00			`use rocket_contrib::{Json, Value};`
First working version 2018-02-10 00:00:55 +00:00
			`use db::DbConn;`
Improved two factor auth 2018-06-01 13:08:03 +00:00			`use db::models::*;`
First working version 2018-02-10 00:00:55 +00:00
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-05-31 22:18:50 +00:00			`use api::{JsonResult, EmptyResult, JsonUpcase};`
First working version 2018-02-10 00:00:55 +00:00			`use auth::Headers;`

Improved two factor auth 2018-06-01 13:08:03 +00:00			`#[put("/devices/identifier/<uuid>/clear-token", data = "<data>")]`
			`fn clear_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {`
Remove unused warnings 2018-07-04 12:27:47 +00:00			`let _data: Value = data.into_inner();`

Improved two factor auth 2018-06-01 13:08:03 +00:00			`let device = match Device::find_by_uuid(&uuid, &conn) {`
			`Some(device) => device,`
			`None => err!("Device not found")`
			`};`

			`if device.user_uuid != headers.user.uuid {`
			`err!("Device not owned by user")`
			`}`

Implement poor man's admin panel 2018-10-12 14:20:10 +00:00			`match device.delete(&conn) {`
			`Ok(()) => Ok(()),`
			`Err(_) => err!("Failed deleting device")`
			`}`
Detect device type correctly and shorten return types of functions 2018-02-17 19:47:13 +00:00			`}`
First working version 2018-02-10 00:00:55 +00:00
Improved two factor auth 2018-06-01 13:08:03 +00:00			`#[put("/devices/identifier/<uuid>/token", data = "<data>")]`
			`fn put_device_token(uuid: String, data: Json<Value>, headers: Headers, conn: DbConn) -> JsonResult {`
Remove unused warnings 2018-07-04 12:27:47 +00:00			`let _data: Value = data.into_inner();`

Improved two factor auth 2018-06-01 13:08:03 +00:00			`let device = match Device::find_by_uuid(&uuid, &conn) {`
			`Some(device) => device,`
			`None => err!("Device not found")`
			`};`

			`if device.user_uuid != headers.user.uuid {`
			`err!("Device not owned by user")`
			`}`

			`// TODO: What does this do?`

Detect device type correctly and shorten return types of functions 2018-02-17 19:47:13 +00:00			`err!("Not implemented")`
			`}`
First working version 2018-02-10 00:00:55 +00:00
Equivalent domains 2018-02-17 22:21:04 +00:00			`#[derive(Serialize, Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct GlobalDomain {`
			`Type: i32,`
			`Domains: Vec<String>,`
			`Excluded: bool,`
			`}`

Some style changes, removed useless matches and formats 2018-06-11 13:44:37 +00:00			`const GLOBAL_DOMAINS: &str = include_str!("global_domains.json");`
Equivalent domains 2018-02-17 22:21:04 +00:00
First working version 2018-02-10 00:00:55 +00:00			`#[get("/settings/domains")]`
Added equivalent domains to /api/sync 2018-02-20 13:09:00 +00:00			`fn get_eq_domains(headers: Headers) -> JsonResult {`
Equivalent domains 2018-02-17 22:21:04 +00:00			`let user = headers.user;`
			`use serde_json::from_str;`

			`let equivalent_domains: Vec<Vec<String>> = from_str(&user.equivalent_domains).unwrap();`
			`let excluded_globals: Vec<i32> = from_str(&user.excluded_globals).unwrap();`

			`let mut globals: Vec<GlobalDomain> = from_str(GLOBAL_DOMAINS).unwrap();`

			`for global in &mut globals {`
			`global.Excluded = excluded_globals.contains(&global.Type);`
			`}`

			`Ok(Json(json!({`
			`"EquivalentDomains": equivalent_domains,`
Added equivalent domains to /api/sync 2018-02-20 13:09:00 +00:00			`"GlobalEquivalentDomains": globals,`
			`"Object": "domains",`
Equivalent domains 2018-02-17 22:21:04 +00:00			`})))`
First working version 2018-02-10 00:00:55 +00:00			`}`

Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-22 23:38:54 +00:00
			`#[derive(Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct EquivDomainData {`
			`ExcludedGlobalEquivalentDomains: Option<Vec<i32>>,`
			`EquivalentDomains: Option<Vec<Vec<String>>>,`
			`}`

Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`#[post("/settings/domains", data = "<data>")]`
Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-05-31 22:18:50 +00:00			`fn post_eq_domains(data: JsonUpcase<EquivDomainData>, headers: Headers, conn: DbConn) -> EmptyResult {`
			`let data: EquivDomainData = data.into_inner().data;`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00
Some style changes, removed useless matches and formats 2018-06-11 13:44:37 +00:00			`let excluded_globals = data.ExcludedGlobalEquivalentDomains.unwrap_or_default();`
			`let equivalent_domains = data.EquivalentDomains.unwrap_or_default();`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00
Equivalent domains 2018-02-17 22:21:04 +00:00			`let mut user = headers.user;`
			`use serde_json::to_string;`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00
Equivalent domains 2018-02-17 22:21:04 +00:00			`user.excluded_globals = to_string(&excluded_globals).unwrap_or("[]".to_string());`
			`user.equivalent_domains = to_string(&equivalent_domains).unwrap_or("[]".to_string());`

User::save() should return QueryResult instead of bool 2018-10-14 17:32:43 +00:00			`match user.save(&conn) {`
			`Ok(()) => Ok(()),`
			`Err(_) => err!("Failed to save user")`
			`}`
Equivalent domains 2018-02-17 22:21:04 +00:00
First working version 2018-02-10 00:00:55 +00:00			`}`