diff --git a/Cargo.toml b/Cargo.toml index 31445dd1..fb5adafb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bitwarden_rs" -version = "0.11.0" +version = "0.12.0" authors = ["Daniel GarcĂ­a "] [dependencies] diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 29f9e8c6..ec1227bf 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -415,6 +415,22 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } +#[post("/ciphers//attachment-admin", format = "multipart/form-data", data = "")] +fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { + post_attachment(uuid, data, content_type, headers, conn) +} + +#[post("/ciphers//attachment//share", format = "multipart/form-data", data = "")] +fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { + _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn)?; + post_attachment(uuid, data, content_type, headers, conn) +} + +#[post("/ciphers//attachment//delete-admin")] +fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult { + delete_attachment(uuid, attachment_id, headers, conn) +} + #[post("/ciphers//attachment//delete")] fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult { delete_attachment(uuid, attachment_id, headers, conn) @@ -422,29 +438,7 @@ fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, #[delete("/ciphers//attachment/")] fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult { - let attachment = match Attachment::find_by_id(&attachment_id, &conn) { - Some(attachment) => attachment, - None => err!("Attachment doesn't exist") - }; - - if attachment.cipher_uuid != uuid { - err!("Attachment from other cipher") - } - - let cipher = match Cipher::find_by_uuid(&uuid, &conn) { - Some(cipher) => cipher, - None => err!("Cipher doesn't exist") - }; - - if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { - err!("Cipher cannot be deleted by user") - } - - // Delete attachment - match attachment.delete(&conn) { - Ok(()) => Ok(()), - Err(_) => err!("Deleting attachement failed") - } + _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn) } #[post("/ciphers//delete")] @@ -578,3 +572,29 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn) -> Empty Err(_) => err!("Failed deleting cipher") } } + +fn _delete_cipher_attachment_by_id(uuid: &str, attachment_id: &str, headers: &Headers, conn: &DbConn) -> EmptyResult { + let attachment = match Attachment::find_by_id(&attachment_id, &conn) { + Some(attachment) => attachment, + None => err!("Attachment doesn't exist") + }; + + if attachment.cipher_uuid != uuid { + err!("Attachment from other cipher") + } + + let cipher = match Cipher::find_by_uuid(&uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { + err!("Cipher cannot be deleted by user") + } + + // Delete attachment + match attachment.delete(&conn) { + Ok(()) => Ok(()), + Err(_) => err!("Deleting attachement failed") + } +} diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 89df7a1f..513319bc 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -34,7 +34,10 @@ pub fn routes() -> Vec { post_ciphers_admin, post_ciphers_import, post_attachment, + post_attachment_admin, + post_attachment_share, delete_attachment_post, + delete_attachment_post_admin, delete_attachment, post_cipher_admin, post_cipher_share, diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs index 1ce4edfe..1f5e29a7 100644 --- a/src/db/models/attachment.rs +++ b/src/db/models/attachment.rs @@ -64,14 +64,33 @@ impl Attachment { pub fn delete(self, conn: &DbConn) -> QueryResult<()> { use util; + use std::{thread, time}; - util::delete_file(&self.get_file_path()); + let mut retries = 10; + + loop { + match diesel::delete( + attachments::table.filter( + attachments::id.eq(&self.id) + ) + ).execute(&**conn) { + Ok(_) => break, + Err(err) => { + if retries < 1 { + println!("ERROR: Failed with 10 retries"); + return Err(err) + } else { + retries = retries - 1; + println!("Had to retry! Retries left: {}", retries); + thread::sleep(time::Duration::from_millis(500)); + continue + } + } + } + } - diesel::delete( - attachments::table.filter( - attachments::id.eq(self.id) - ) - ).execute(&**conn).and(Ok(())) + util::delete_file(&self.get_file_path()); + Ok(()) } pub fn delete_all_by_cipher(cipher_uuid: &str, conn: &DbConn) -> QueryResult<()> { diff --git a/src/main.rs b/src/main.rs index 17b63794..59840b9c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -83,6 +83,11 @@ fn check_db() { exit(1); } } + + // Turn on WAL in SQLite + use diesel::RunQueryDsl; + let connection = db::get_connection().expect("Can't conect to DB"); + diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL"); } fn check_rsa_keys() {