vaultwarden/src/api/web.rs

use std::path::{Path, PathBuf};

use rocket::{http::ContentType, response::content::Content, response::NamedFile, Route};
use rocket_contrib::json::Json;
use serde_json::Value;

use crate::{
    error::Error,
    util::{Cached, SafeString},
    CONFIG,
};

pub fn routes() -> Vec<Route> {
    // If addding more routes here, consider also adding them to
    // crate::utils::LOGGED_ROUTES to make sure they appear in the log
    if CONFIG.web_vault_enabled() {
        routes![web_index, app_id, web_files, attachments, alive, static_files]
    } else {
        routes![attachments, alive, static_files]
    }
}

#[get("/")]
fn web_index() -> Cached<Option<NamedFile>> {
    Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok())
}

#[get("/app-id.json")]
fn app_id() -> Cached<Content<Json<Value>>> {
    let content_type = ContentType::new("application", "fido.trusted-apps+json");

    Cached::long(Content(
        content_type,
        Json(json!({
        "trustedFacets": [
            {
            "version": { "major": 1, "minor": 0 },
            "ids": [
                // Per <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application>:
                //
                // "In the Web case, the FacetID MUST be the Web Origin [RFC6454]
                // of the web page triggering the FIDO operation, written as
                // a URI with an empty path. Default ports are omitted and any
                // path component is ignored."
                //
                // This leaves it unclear as to whether the path must be empty,
                // or whether it can be non-empty and will be ignored. To be on
                // the safe side, use a proper web origin (with empty path).
                &CONFIG.domain_origin(),
                "ios:bundle-id:com.8bit.bitwarden",
                "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
            }]
        })),
    ))
}

#[get("/<p..>", rank = 10)] // Only match this if the other routes don't match
fn web_files(p: PathBuf) -> Cached<Option<NamedFile>> {
    Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok())
}

#[get("/attachments/<uuid>/<file_id>")]
fn attachments(uuid: SafeString, file_id: SafeString) -> Option<NamedFile> {
    NamedFile::open(Path::new(&CONFIG.attachments_folder()).join(uuid).join(file_id)).ok()
}

#[get("/alive")]
fn alive() -> Json<String> {
    use crate::util::format_date;
    use chrono::Utc;

    Json(format_date(&Utc::now().naive_utc()))
}

#[get("/bwrs_static/<filename>")]
fn static_files(filename: String) -> Result<Content<&'static [u8]>, Error> {
    match filename.as_ref() {
        "mail-github.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/mail-github.png"))),
        "logo-gray.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/logo-gray.png"))),
        "error-x.svg" => Ok(Content(ContentType::SVG, include_bytes!("../static/images/error-x.svg"))),
        "hibp.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/hibp.png"))),
        "vaultwarden-icon.png" => {
            Ok(Content(ContentType::PNG, include_bytes!("../static/images/vaultwarden-icon.png")))
        }

        "bootstrap.css" => Ok(Content(ContentType::CSS, include_bytes!("../static/scripts/bootstrap.css"))),
        "bootstrap-native.js" => {
            Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/bootstrap-native.js")))
        }
        "identicon.js" => Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/identicon.js"))),
        "datatables.js" => Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/datatables.js"))),
        "datatables.css" => Ok(Content(ContentType::CSS, include_bytes!("../static/scripts/datatables.css"))),
        "jquery-3.6.0.slim.js" => {
            Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/jquery-3.6.0.slim.js")))
        }
        _ => err!(format!("Static file not found: {}", filename)),
    }
}
First working version 7 years ago			`use std::path::{Path, PathBuf};`

Removed try_trait and some formatting, particularly around imports 4 years ago			`use rocket::{http::ContentType, response::content::Content, response::NamedFile, Route};`
Updated bw_rs to Rocket version 0.4-rc1 6 years ago			`use rocket_contrib::json::Json;`
			`use serde_json::Value;`
First working version 7 years ago
Formatting 3 years ago			`use crate::{`
			`error::Error,`
			`util::{Cached, SafeString},`
			`CONFIG,`
			`};`
First working version 7 years ago
			`pub fn routes() -> Vec<Route> {`
Formatting 5 years ago			`// If addding more routes here, consider also adding them to`
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. Use LOG_LEVEL debug or trace to recover them. Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace. Removed duplicate error messages Made websocket not proxied message more prominent, but only print it once. 5 years ago			`// crate::utils::LOGGED_ROUTES to make sure they appear in the log`
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods. 6 years ago			`if CONFIG.web_vault_enabled() {`
Add token with short expiration time to send url 3 years ago			`routes![web_index, app_id, web_files, attachments, alive, static_files]`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 7 years ago			`} else {`
Rename static files endpoint 5 years ago			`routes![attachments, alive, static_files]`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 7 years ago			`}`
First working version 7 years ago			`}`

			`#[get("/")]`
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder. Removed unnecessary returns 5 years ago			`fn web_index() -> Cached<Option<NamedFile>> {`
Formatting 5 years ago			`Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok())`
First working version 7 years ago			`}`

Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 6 years ago			`#[get("/app-id.json")]`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 6 years ago			`fn app_id() -> Cached<Content<Json<Value>>> {`
Set facets contentType 6 years ago			`let content_type = ContentType::new("application", "fido.trusted-apps+json");`

Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 6 years ago			`Cached::long(Content(`
			`content_type,`
			`Json(json!({`
			`"trustedFacets": [`
			`{`
			`"version": { "major": 1, "minor": 0 },`
			`"ids": [`
Add backend support for alternate base dir (subdir/subpath) hosting To use this, include a path in the `DOMAIN` URL, e.g.: * `DOMAIN=https://example.com/custom-path` * `DOMAIN=https://example.com/multiple/levels/are/ok` 5 years ago			`// Per <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application>:`
			`//`
			`// "In the Web case, the FacetID MUST be the Web Origin [RFC6454]`
			`// of the web page triggering the FIDO operation, written as`
			`// a URI with an empty path. Default ports are omitted and any`
			`// path component is ignored."`
			`//`
			`// This leaves it unclear as to whether the path must be empty,`
			`// or whether it can be non-empty and will be ignored. To be on`
			`// the safe side, use a proper web origin (with empty path).`
			`&CONFIG.domain_origin(),`
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 6 years ago			`"ios:bundle-id:com.8bit.bitwarden",`
			`"android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]`
			`}]`
			`})),`
			`))`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 6 years ago			`}`

Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 6 years ago			`#[get("/<p..>", rank = 10)] // Only match this if the other routes don't match`
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder. Removed unnecessary returns 5 years ago			`fn web_files(p: PathBuf) -> Cached<Option<NamedFile>> {`
			`Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok())`
First working version 7 years ago			`}`

Fix attachment downloads Upstream switched to new upload/download APIs. Uploads fall back to the legacy APIs for now, but not downloads apparently. 4 years ago			`#[get("/attachments/<uuid>/<file_id>")]`
Protect namedfile against path traversal, rocket only does it for pathbuf 3 years ago			`fn attachments(uuid: SafeString, file_id: SafeString) -> Option<NamedFile> {`
Fix attachment downloads Upstream switched to new upload/download APIs. Uploads fall back to the legacy APIs for now, but not downloads apparently. 4 years ago			`NamedFile::open(Path::new(&CONFIG.attachments_folder()).join(uuid).join(file_id)).ok()`
First working version 7 years ago			`}`

			`#[get("/alive")]`
			`fn alive() -> Json<String> {`
Migrate to rust 2018 edition 6 years ago			`use crate::util::format_date;`
Solved some warnings 7 years ago			`use chrono::Utc;`
First working version 7 years ago
			`Json(format_date(&Utc::now().naive_utc()))`
			`}`
Added static email image routes 6 years ago
Rename static files endpoint 5 years ago			`#[get("/bwrs_static/<filename>")]`
			`fn static_files(filename: String) -> Result<Content<&'static [u8]>, Error> {`
Added static email image routes 6 years ago			`match filename.as_ref() {`
Modify rustfmt file 4 years ago			`"mail-github.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/mail-github.png"))),`
			`"logo-gray.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/logo-gray.png"))),`
			`"error-x.svg" => Ok(Content(ContentType::SVG, include_bytes!("../static/images/error-x.svg"))),`
Changed HIBP Error message. - Moved the manual link to the check to the top. - Clearified that hibp is a payed service. - Changed error logo to hibp logo. 5 years ago			`"hibp.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/hibp.png"))),`
Updated branding, email and crates - Updated branding for admin and emails - Updated crates and some deprications - Removed newline-converter because this is built-in into lettre - Updated email templates to use a shared header and footer template - Also trigger SMTP SSL When TLS is selected without SSL Resolves #1641 4 years ago			`"vaultwarden-icon.png" => {`
			`Ok(Content(ContentType::PNG, include_bytes!("../static/images/vaultwarden-icon.png")))`
			`}`
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 5 years ago
Modify rustfmt file 4 years ago			`"bootstrap.css" => Ok(Content(ContentType::CSS, include_bytes!("../static/scripts/bootstrap.css"))),`
			`"bootstrap-native.js" => {`
			`Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/bootstrap-native.js")))`
			`}`
			`"identicon.js" => Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/identicon.js"))),`
			`"datatables.js" => Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/datatables.js"))),`
			`"datatables.css" => Ok(Content(ContentType::CSS, include_bytes!("../static/scripts/datatables.css"))),`
Multiple Admin Interface fixes and some others. Misc: - Fixed hadolint workflow, new git cli needs some extra arguments. - Add ignore paths to all specific on triggers. - Updated hadolint version. - Made SMTP_DEBUG read-only, since it can't be changed at runtime. Admin: - Migrated from Bootstrap v4 to v5 - Updated jquery to v3.6.0 - Updated Datatables - Made Javascript strict - Added a way to show which ENV Vars are overridden. - Changed the way to provide data for handlebars. - Fixed date/time check. - Made support string use details and summary feature of markdown/github. 3 years ago			`"jquery-3.6.0.slim.js" => {`
			`Ok(Content(ContentType::JavaScript, include_bytes!("../static/scripts/jquery-3.6.0.slim.js")))`
Modify rustfmt file 4 years ago			`}`
Add backend support for alternate base dir (subdir/subpath) hosting To use this, include a path in the `DOMAIN` URL, e.g.: * `DOMAIN=https://example.com/custom-path` * `DOMAIN=https://example.com/multiple/levels/are/ok` 5 years ago			`_ => err!(format!("Static file not found: {}", filename)),`
Added static email image routes 6 years ago			`}`
Formatting 5 years ago			`}`