use std::io; use std::path::{Path, PathBuf}; use rocket::request::Request; use rocket::response::{self, NamedFile, Responder}; use rocket::response::content::Content; use rocket::http::{ContentType, Status}; use rocket::Route; use rocket_contrib::{Json, Value}; use CONFIG; pub fn routes() -> Vec { if CONFIG.web_vault_enabled { routes![web_index, app_id, web_files, attachments, alive] } else { routes![attachments, alive] } } // TODO: Might want to use in memory cache: https://github.com/hgzimmerman/rocket-file-cache #[get("/")] fn web_index() -> WebHeaders> { web_files("index.html".into()) } #[get("/app-id.json")] fn app_id() -> WebHeaders>> { let content_type = ContentType::new("application", "fido.trusted-apps+json"); WebHeaders(Content(content_type, Json(json!({ "trustedFacets": [ { "version": { "major": 1, "minor": 0 }, "ids": [ &CONFIG.domain, "ios:bundle-id:com.8bit.bitwarden", "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ] }] })))) } #[get("/", rank = 1)] // Only match this if the other routes don't match fn web_files(p: PathBuf) -> WebHeaders> { WebHeaders(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p))) } struct WebHeaders(R); impl<'r, R: Responder<'r>> Responder<'r> for WebHeaders { fn respond_to(self, req: &Request) -> response::Result<'r> { match self.0.respond_to(req) { Ok(mut res) => { res.set_raw_header("Referrer-Policy", "same-origin"); res.set_raw_header("X-Frame-Options", "SAMEORIGIN"); res.set_raw_header("X-Content-Type-Options", "nosniff"); res.set_raw_header("X-XSS-Protection", "1; mode=block"); Ok(res) }, Err(_) => { Err(Status::NotFound) } } } } #[get("/attachments//")] fn attachments(uuid: String, file: PathBuf) -> io::Result { NamedFile::open(Path::new(&CONFIG.attachments_folder).join(uuid).join(file)) } #[get("/alive")] fn alive() -> Json { use util::format_date; use chrono::Utc; Json(format_date(&Utc::now().naive_utc())) }