use std::collections::{HashSet, HashMap}; use std::path::Path; use rocket::http::ContentType; use rocket::{request::Form, Data, Route, State}; use rocket_contrib::json::Json; use serde_json::Value; use multipart::server::save::SavedData; use multipart::server::{Multipart, SaveResult}; use data_encoding::HEXLOWER; use db::models::*; use db::DbConn; use crypto; use api::{self, EmptyResult, JsonResult, JsonUpcase, PasswordData, UpdateType, WebSocketUsers}; use auth::Headers; use CONFIG; pub fn routes() -> Vec { routes![ sync, get_ciphers, get_cipher, get_cipher_admin, get_cipher_details, post_ciphers, put_cipher_admin, post_ciphers_admin, post_ciphers_create, post_ciphers_import, post_attachment, post_attachment_admin, post_attachment_share, delete_attachment_post, delete_attachment_post_admin, delete_attachment, delete_attachment_admin, post_cipher_admin, post_cipher_share, put_cipher_share, put_cipher_share_seleted, post_cipher, put_cipher, delete_cipher_post, delete_cipher_post_admin, delete_cipher, delete_cipher_admin, delete_cipher_selected, delete_cipher_selected_post, delete_all, move_cipher_selected, move_cipher_selected_put, post_collections_update, post_collections_admin, put_collections_admin, ] } #[derive(FromForm, Default)] struct SyncData { #[form(field = "excludeDomains")] exclude_domains: bool, // Default: 'false' } #[get("/sync?")] fn sync(data: Form, headers: Headers, conn: DbConn) -> JsonResult { let user_json = headers.user.to_json(&conn); let folders = Folder::find_by_user(&headers.user.uuid, &conn); let folders_json: Vec = folders.iter().map(|c| c.to_json()).collect(); let collections = Collection::find_by_user_uuid(&headers.user.uuid, &conn); let collections_json: Vec = collections.iter().map(|c| c.to_json()).collect(); let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn); let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&headers.host, &headers.user.uuid, &conn)).collect(); let domains_json = if data.exclude_domains { Value::Null } else { api::core::get_eq_domains(headers).unwrap().into_inner() }; Ok(Json(json!({ "Profile": user_json, "Folders": folders_json, "Collections": collections_json, "Ciphers": ciphers_json, "Domains": domains_json, "Object": "sync" }))) } #[get("/ciphers")] fn get_ciphers(headers: Headers, conn: DbConn) -> JsonResult { let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn); let ciphers_json: Vec = ciphers.iter().map(|c| c.to_json(&headers.host, &headers.user.uuid, &conn)).collect(); Ok(Json(json!({ "Data": ciphers_json, "Object": "list", "ContinuationToken": null }))) } #[get("/ciphers/")] fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> JsonResult { let cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher is not owned by user") } Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } #[get("/ciphers//admin")] fn get_cipher_admin(uuid: String, headers: Headers, conn: DbConn) -> JsonResult { // TODO: Implement this correctly get_cipher(uuid, headers, conn) } #[get("/ciphers//details")] fn get_cipher_details(uuid: String, headers: Headers, conn: DbConn) -> JsonResult { get_cipher(uuid, headers, conn) } #[derive(Deserialize, Debug)] #[allow(non_snake_case)] pub struct CipherData { // Id is optional as it is included only in bulk share pub Id: Option, // Folder id is not included in import FolderId: Option, // TODO: Some of these might appear all the time, no need for Option OrganizationId: Option, /* Login = 1, SecureNote = 2, Card = 3, Identity = 4 */ pub Type: i32, // TODO: Change this to NumberOrString pub Name: String, Notes: Option, Fields: Option, // Only one of these should exist, depending on type Login: Option, SecureNote: Option, Card: Option, Identity: Option, Favorite: Option, PasswordHistory: Option, // These are used during key rotation #[serde(rename = "Attachments")] _Attachments: Option, // Unused, contains map of {id: filename} Attachments2: Option> } #[derive(Deserialize, Debug)] #[allow(non_snake_case)] pub struct Attachments2Data { FileName: String, Key: String, } #[post("/ciphers/admin", data = "")] fn post_ciphers_admin(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { let data: ShareCipherData = data.into_inner().data; let mut cipher = Cipher::new(data.Cipher.Type.clone(), data.Cipher.Name.clone()); cipher.user_uuid = Some(headers.user.uuid.clone()); match cipher.save(&conn) { Ok(()) => (), Err(_) => err!("Failed saving cipher") }; share_cipher_by_uuid(&cipher.uuid, data, &headers, &conn, &ws) } #[post("/ciphers/create", data = "")] fn post_ciphers_create(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { post_ciphers_admin(data, headers, conn, ws) } #[post("/ciphers", data = "")] fn post_ciphers(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { let data: CipherData = data.into_inner().data; let mut cipher = Cipher::new(data.Type, data.Name.clone()); update_cipher_from_data(&mut cipher, data, &headers, false, &conn, &ws, UpdateType::SyncCipherCreate)?; Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } pub fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, shared_to_collection: bool, conn: &DbConn, ws: &State, ut: UpdateType) -> EmptyResult { if let Some(org_id) = data.OrganizationId { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { None => err!("You don't have permission to add item to organization"), Some(org_user) => if shared_to_collection || org_user.has_full_access() || cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { cipher.organization_uuid = Some(org_id); cipher.user_uuid = None; } else { err!("You don't have permission to add cipher directly to organization") } } } else { cipher.user_uuid = Some(headers.user.uuid.clone()); } if let Some(ref folder_id) = data.FolderId { match Folder::find_by_uuid(folder_id, conn) { Some(folder) => { if folder.user_uuid != headers.user.uuid { err!("Folder is not owned by user") } } None => err!("Folder doesn't exist") } } // Modify attachments name and keys when rotating if let Some(attachments) = data.Attachments2 { for (id, attachment) in attachments { let mut saved_att = match Attachment::find_by_id(&id, &conn) { Some(att) => att, None => err!("Attachment doesn't exist") }; if saved_att.cipher_uuid != cipher.uuid { err!("Attachment is not owned by the cipher") } saved_att.key = Some(attachment.Key); saved_att.file_name = attachment.FileName; match saved_att.save(&conn) { Ok(()) => (), Err(_) => err!("Failed to save attachment") }; } } let type_data_opt = match data.Type { 1 => data.Login, 2 => data.SecureNote, 3 => data.Card, 4 => data.Identity, _ => err!("Invalid type") }; let mut type_data = match type_data_opt { Some(data) => data, None => err!("Data missing") }; // TODO: ******* Backwards compat start ********** // To remove backwards compatibility, just delete this code, // and remove the compat code from cipher::to_json type_data["Name"] = Value::String(data.Name.clone()); type_data["Notes"] = data.Notes.clone().map(Value::String).unwrap_or(Value::Null); type_data["Fields"] = data.Fields.clone().unwrap_or(Value::Null); type_data["PasswordHistory"] = data.PasswordHistory.clone().unwrap_or(Value::Null); // TODO: ******* Backwards compat end ********** cipher.favorite = data.Favorite.unwrap_or(false); cipher.name = data.Name; cipher.notes = data.Notes; cipher.fields = data.Fields.map(|f| f.to_string()); cipher.data = type_data.to_string(); cipher.password_history = data.PasswordHistory.map(|f| f.to_string()); match cipher.save(&conn) { Ok(()) => (), Err(_) => err!("Failed to save cipher") }; ws.send_cipher_update(ut, &cipher, &cipher.update_users_revision(&conn)); if cipher.move_to_folder(data.FolderId, &headers.user.uuid, &conn).is_err() { err!("Error saving the folder information") } Ok(()) } use super::folders::FolderData; #[derive(Deserialize)] #[allow(non_snake_case)] struct ImportData { Ciphers: Vec, Folders: Vec, FolderRelationships: Vec, } #[derive(Deserialize)] #[allow(non_snake_case)] struct RelationsData { // Cipher id Key: usize, // Folder id Value: usize, } #[post("/ciphers/import", data = "")] fn post_ciphers_import(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { let data: ImportData = data.into_inner().data; // Read and create the folders let mut folders: Vec<_> = Vec::new(); for folder in data.Folders.into_iter() { let mut new_folder = Folder::new(headers.user.uuid.clone(), folder.Name); if new_folder.save(&conn).is_err() { err!("Failed importing folders") } else { folders.push(new_folder); } } // Read the relations between folders and ciphers let mut relations_map = HashMap::new(); for relation in data.FolderRelationships { relations_map.insert(relation.Key, relation.Value); } // Read and create the ciphers for (index, cipher_data) in data.Ciphers.into_iter().enumerate() { let folder_uuid = relations_map.get(&index) .map(|i| folders[*i].uuid.clone()); let mut cipher = Cipher::new(cipher_data.Type, cipher_data.Name.clone()); update_cipher_from_data(&mut cipher, cipher_data, &headers, false, &conn, &ws, UpdateType::SyncCipherCreate)?; cipher.move_to_folder(folder_uuid, &headers.user.uuid.clone(), &conn).ok(); } let mut user = headers.user; match user.update_revision(&conn) { Ok(()) => Ok(()), Err(_) => err!("Failed to update the revision, please log out and log back in to finish import.") } } #[put("/ciphers//admin", data = "")] fn put_cipher_admin(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { put_cipher(uuid, data, headers, conn, ws) } #[post("/ciphers//admin", data = "")] fn post_cipher_admin(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { post_cipher(uuid, data, headers, conn, ws) } #[post("/ciphers/", data = "")] fn post_cipher(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { put_cipher(uuid, data, headers, conn, ws) } #[put("/ciphers/", data = "")] fn put_cipher(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { let data: CipherData = data.into_inner().data; let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher is not write accessible") } update_cipher_from_data(&mut cipher, data, &headers, false, &conn, &ws, UpdateType::SyncCipherUpdate)?; Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } #[derive(Deserialize)] #[allow(non_snake_case)] struct CollectionsAdminData { CollectionIds: Vec, } #[post("/ciphers//collections", data = "")] fn post_collections_update(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { post_collections_admin(uuid, data, headers, conn) } #[put("/ciphers//collections-admin", data = "")] fn put_collections_admin(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { post_collections_admin(uuid, data, headers, conn) } #[post("/ciphers//collections-admin", data = "")] fn post_collections_admin(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data: CollectionsAdminData = data.into_inner().data; let cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher is not write accessible") } let posted_collections: HashSet = data.CollectionIds.iter().cloned().collect(); let current_collections: HashSet = cipher.get_collections(&headers.user.uuid ,&conn).iter().cloned().collect(); for collection in posted_collections.symmetric_difference(¤t_collections) { match Collection::find_by_uuid(&collection, &conn) { None => err!("Invalid collection ID provided"), Some(collection) => { if collection.is_writable_by_user(&headers.user.uuid, &conn) { if posted_collections.contains(&collection.uuid) { // Add to collection match CollectionCipher::save(&cipher.uuid, &collection.uuid, &conn) { Ok(()) => (), Err(_) => err!("Failed to add cipher to collection") }; } else { // Remove from collection match CollectionCipher::delete(&cipher.uuid, &collection.uuid, &conn) { Ok(()) => (), Err(_) => err!("Failed to remove cipher from collection") }; } } else { err!("No rights to modify the collection") } } } } Ok(()) } #[derive(Deserialize)] #[allow(non_snake_case)] struct ShareCipherData { Cipher: CipherData, CollectionIds: Vec, } #[post("/ciphers//share", data = "")] fn post_cipher_share(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { let data: ShareCipherData = data.into_inner().data; share_cipher_by_uuid(&uuid, data, &headers, &conn, &ws) } #[put("/ciphers//share", data = "")] fn put_cipher_share(uuid: String, data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> JsonResult { let data: ShareCipherData = data.into_inner().data; share_cipher_by_uuid(&uuid, data, &headers, &conn, &ws) } #[derive(Deserialize)] #[allow(non_snake_case)] struct ShareSelectedCipherData { Ciphers: Vec, CollectionIds: Vec } #[put("/ciphers/share", data = "")] fn put_cipher_share_seleted(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { let mut data: ShareSelectedCipherData = data.into_inner().data; let mut cipher_ids: Vec = Vec::new(); if data.Ciphers.is_empty() { err!("You must select at least one cipher.") } if data.CollectionIds.is_empty() { err!("You must select at least one collection.") } for cipher in data.Ciphers.iter() { match cipher.Id { Some(ref id) => cipher_ids.push(id.to_string()), None => err!("Request missing ids field") }; } let attachments = Attachment::find_by_ciphers(cipher_ids, &conn); if !attachments.is_empty() { err!("Ciphers should not have any attachments.") } while let Some(cipher) = data.Ciphers.pop() { let mut shared_cipher_data = ShareCipherData { Cipher: cipher, CollectionIds: data.CollectionIds.clone() }; match shared_cipher_data.Cipher.Id.take() { Some(id) => share_cipher_by_uuid(&id, shared_cipher_data , &headers, &conn, &ws)?, None => err!("Request missing ids field") }; } Ok(()) } fn share_cipher_by_uuid(uuid: &str, data: ShareCipherData, headers: &Headers, conn: &DbConn, ws: &State) -> JsonResult { let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => { if cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { cipher } else { err!("Cipher is not write accessible") } }, None => err!("Cipher doesn't exist") }; match data.Cipher.OrganizationId.clone() { None => err!("Organization id not provided"), Some(organization_uuid) => { let mut shared_to_collection = false; for uuid in &data.CollectionIds { match Collection::find_by_uuid_and_org(uuid, &organization_uuid, &conn) { None => err!("Invalid collection ID provided"), Some(collection) => { if collection.is_writable_by_user(&headers.user.uuid, &conn) { match CollectionCipher::save(&cipher.uuid.clone(), &collection.uuid, &conn) { Ok(()) => (), Err(_) => err!("Failed to add cipher to collection") }; shared_to_collection = true; } else { err!("No rights to modify the collection") } } } } update_cipher_from_data(&mut cipher, data.Cipher, &headers, shared_to_collection, &conn, &ws, UpdateType::SyncCipherUpdate)?; Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } } } #[post("/ciphers//attachment", format = "multipart/form-data", data = "")] fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { let cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher is not write accessible") } let mut params = content_type.params(); let boundary_pair = params.next().expect("No boundary provided"); let boundary = boundary_pair.1; let base_path = Path::new(&CONFIG.attachments_folder).join(&cipher.uuid); let mut attachment_key = None; Multipart::with_body(data.open(), boundary).foreach_entry(|mut field| { match field.headers.name.as_str() { "key" => { use std::io::Read; let mut key_buffer = String::new(); if field.data.read_to_string(&mut key_buffer).is_ok() { attachment_key = Some(key_buffer); } }, "data" => { // This is provided by the client, don't trust it let name = field.headers.filename.expect("No filename provided"); let file_name = HEXLOWER.encode(&crypto::get_random(vec![0; 10])); let path = base_path.join(&file_name); let size = match field.data.save() .memory_threshold(0) .size_limit(None) .with_path(path) { SaveResult::Full(SavedData::File(_, size)) => size as i32, SaveResult::Full(other) => { error!("Attachment is not a file: {:?}", other); return; }, SaveResult::Partial(_, reason) => { error!("Partial result: {:?}", reason); return; }, SaveResult::Error(e) => { error!("Error: {:?}", e); return; } }; let mut attachment = Attachment::new(file_name, cipher.uuid.clone(), name, size); attachment.key = attachment_key.clone(); match attachment.save(&conn) { Ok(()) => (), Err(_) => error!("Failed to save attachment") }; }, _ => error!("Invalid multipart name") } }).expect("Error processing multipart data"); Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } #[post("/ciphers//attachment-admin", format = "multipart/form-data", data = "")] fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { post_attachment(uuid, data, content_type, headers, conn) } #[post("/ciphers//attachment//share", format = "multipart/form-data", data = "")] fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn, ws: State) -> JsonResult { _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn, &ws)?; post_attachment(uuid, data, content_type, headers, conn) } #[post("/ciphers//attachment//delete-admin")] fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { delete_attachment(uuid, attachment_id, headers, conn, ws) } #[post("/ciphers//attachment//delete")] fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { delete_attachment(uuid, attachment_id, headers, conn, ws) } #[delete("/ciphers//attachment/")] fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn, &ws) } #[delete("/ciphers//attachment//admin")] fn delete_attachment_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn, &ws) } #[post("/ciphers//delete")] fn delete_cipher_post(uuid: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_by_uuid(&uuid, &headers, &conn, &ws) } #[post("/ciphers//delete-admin")] fn delete_cipher_post_admin(uuid: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_by_uuid(&uuid, &headers, &conn, &ws) } #[delete("/ciphers/")] fn delete_cipher(uuid: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_by_uuid(&uuid, &headers, &conn, &ws) } #[delete("/ciphers//admin")] fn delete_cipher_admin(uuid: String, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { _delete_cipher_by_uuid(&uuid, &headers, &conn, &ws) } #[delete("/ciphers", data = "")] fn delete_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { let data: Value = data.into_inner().data; let uuids = match data.get("Ids") { Some(ids) => match ids.as_array() { Some(ids) => ids.iter().filter_map(Value::as_str), None => err!("Posted ids field is not an array") }, None => err!("Request missing ids field") }; for uuid in uuids { if let error @ Err(_) = _delete_cipher_by_uuid(uuid, &headers, &conn, &ws) { return error; }; } Ok(()) } #[post("/ciphers/delete", data = "")] fn delete_cipher_selected_post(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { delete_cipher_selected(data, headers, conn, ws) } #[post("/ciphers/move", data = "")] fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { let data = data.into_inner().data; let folder_id = match data.get("FolderId") { Some(folder_id) => { match folder_id.as_str() { Some(folder_id) => { match Folder::find_by_uuid(folder_id, &conn) { Some(folder) => { if folder.user_uuid != headers.user.uuid { err!("Folder is not owned by user") } Some(folder.uuid) } None => err!("Folder doesn't exist") } } None => err!("Folder id provided in wrong format") } } None => None }; let uuids = match data.get("Ids") { Some(ids) => match ids.as_array() { Some(ids) => ids.iter().filter_map(Value::as_str), None => err!("Posted ids field is not an array") }, None => err!("Request missing ids field") }; for uuid in uuids { let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher is not accessible by user") } // Move cipher if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() { err!("Error saving the folder information") } match cipher.save(&conn) { Ok(()) => (), Err(_) => err!("Failed to save cipher") }; ws.send_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &cipher.update_users_revision(&conn)); } Ok(()) } #[put("/ciphers/move", data = "")] fn move_cipher_selected_put(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { move_cipher_selected(data, headers, conn, ws) } #[post("/ciphers/purge", data = "")] fn delete_all(data: JsonUpcase, headers: Headers, conn: DbConn, ws: State) -> EmptyResult { let data: PasswordData = data.into_inner().data; let password_hash = data.MasterPasswordHash; let user = headers.user; if !user.check_valid_password(&password_hash) { err!("Invalid password") } // Delete ciphers and their attachments for cipher in Cipher::find_owned_by_user(&user.uuid, &conn) { if cipher.delete(&conn).is_err() { err!("Failed deleting cipher") } else { ws.send_cipher_update(UpdateType::SyncCipherDelete, &cipher, &cipher.update_users_revision(&conn)); } } // Delete folders for f in Folder::find_by_user(&user.uuid, &conn) { if f.delete(&conn).is_err() { err!("Failed deleting folder") } else { ws.send_folder_update(UpdateType::SyncFolderCreate, &f); } } Ok(()) } fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, ws: &State) -> EmptyResult { let cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist"), }; if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher can't be deleted by user") } match cipher.delete(&conn) { Ok(()) => { ws.send_cipher_update(UpdateType::SyncCipherDelete, &cipher, &cipher.update_users_revision(&conn)); Ok(()) } Err(_) => err!("Failed deleting cipher") } } fn _delete_cipher_attachment_by_id(uuid: &str, attachment_id: &str, headers: &Headers, conn: &DbConn, ws: &State) -> EmptyResult { let attachment = match Attachment::find_by_id(&attachment_id, &conn) { Some(attachment) => attachment, None => err!("Attachment doesn't exist") }; if attachment.cipher_uuid != uuid { err!("Attachment from other cipher") } let cipher = match Cipher::find_by_uuid(&uuid, &conn) { Some(cipher) => cipher, None => err!("Cipher doesn't exist") }; if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { err!("Cipher cannot be deleted by user") } // Delete attachment match attachment.delete(&conn) { Ok(()) => { ws.send_cipher_update(UpdateType::SyncCipherDelete, &cipher, &cipher.update_users_revision(&conn)); Ok(()) } Err(_) => err!("Deleting attachment failed") } }