From 47a116bbee635426a94974c9a535699e8a44ad8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Thu, 15 Feb 2018 01:49:36 +0100 Subject: [PATCH] Get host from client and put it in the attachments URL (only the web vault works without indicating the host in the URL) --- Dockerfile | 5 +---- src/api/core/ciphers.rs | 12 ++++++------ src/auth.rs | 9 ++++++++- src/db/models/attachment.rs | 4 ++-- src/db/models/cipher.rs | 4 ++-- 5 files changed, 19 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca5707e..001ee43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,11 +47,8 @@ RUN mkdir /data VOLUME /data EXPOSE 80 -# Copies the files from the context (migrations, web-vault, ...) +# Copies the files from the context (env file and web-vault) # and the binary from the "build" stage to the current stage - -# TODO Only needs web-vault and .env -# COPY . . COPY .env . COPY web-vault ./web-vault COPY --from=build app/target/release/bitwarden_rs . diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 13afc65..3a1e5b7 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -23,13 +23,13 @@ use CONFIG; #[get("/sync")] fn sync(headers: Headers, conn: DbConn) -> Result> { - let user = headers.user; + let user = &headers.user; let folders = Folder::find_by_user(&user.uuid, &conn); let folders_json: Vec = folders.iter().map(|c| c.to_json()).collect(); let ciphers = Cipher::find_by_user(&user.uuid, &conn); - let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&conn)).collect(); + let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect(); Ok(Json(json!({ "Profile": user.to_json(), @@ -49,7 +49,7 @@ fn sync(headers: Headers, conn: DbConn) -> Result> { fn get_ciphers(headers: Headers, conn: DbConn) -> Result> { let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn); - let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&conn)).collect(); + let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect(); Ok(Json(json!({ "Data": ciphers_json, @@ -68,7 +68,7 @@ fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result, headers: Headers, conn: DbConn) -> Resul cipher.save(&conn); - Ok(Json(cipher.to_json(&conn))) + Ok(Json(cipher.to_json(&headers.host, &conn))) } fn value_from_data(data: &CipherData) -> Result { @@ -229,7 +229,7 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers attachment.save(&conn); }); - Ok(Json(cipher.to_json(&conn))) + Ok(Json(cipher.to_json(&headers.host, &conn))) } #[post("/ciphers//attachment//delete", data = "<_data>")] diff --git a/src/auth.rs b/src/auth.rs index 5ef6672..6e69ee7 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -94,6 +94,7 @@ use db::models::{User, Device}; pub struct Headers { pub device_type: Option, + pub host: String, pub device: Device, pub user: User, } @@ -111,6 +112,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers { _ => None // return err_handler!("Device-Type is invalid or missing") }; + // Get host + let host = match headers.get_one("Host") { + Some(host) => format!("http://{}", host), // TODO: Check if HTTPS + _ => String::new() // return err_handler!("Host is invalid or missing") + }; + // Get access_token let access_token: &str = match request.headers().get_one("Authorization") { Some(a) => { @@ -156,6 +163,6 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers { err_handler!("Invalid security stamp") } - Outcome::Success(Headers { device_type, device, user }) + Outcome::Success(Headers { device_type, host, device, user }) } } \ No newline at end of file diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs index 5dd2d23..7d09a77 100644 --- a/src/db/models/attachment.rs +++ b/src/db/models/attachment.rs @@ -29,10 +29,10 @@ impl Attachment { format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id) } - pub fn to_json(&self) -> JsonValue { + pub fn to_json(&self, host: &str) -> JsonValue { use util::get_display_size; - let web_path = format!("/attachments/{}/{}", self.cipher_uuid, self.id); + let web_path = format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id); let display_size = get_display_size(self.file_size); json!({ diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index b81dec0..a4940ca 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -57,7 +57,7 @@ use db::schema::ciphers; /// Database methods impl Cipher { - pub fn to_json(&self, conn: &DbConn) -> JsonValue { + pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue { use serde_json; use util::format_date; use super::Attachment; @@ -65,7 +65,7 @@ impl Cipher { let data_json: JsonValue = serde_json::from_str(&self.data).unwrap(); let attachments = Attachment::find_by_cipher(&self.uuid, conn); - let attachments_json: Vec = attachments.iter().map(|c| c.to_json()).collect(); + let attachments_json: Vec = attachments.iter().map(|c| c.to_json(host)).collect(); json!({ "Id": self.uuid,