Self-Hosted
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add send_file_id newtype

Browse Source
Stefan Melmuk 1 week ago
parent eff2ea0d3f
commit b92415216c
No known key found for this signature in database
GPG Key ID: 817020C608FE9C09
4 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File

12
src/api/core/sends.rs
Unescape View File

@ -12,7 +12,7 @@ use crate::{
api::{ApiResult, EmptyResult, JsonResult, Notify, UpdateType}, api::{ApiResult, EmptyResult, JsonResult, Notify, UpdateType},
auth::{ClientIp, Headers, Host}, auth::{ClientIp, Headers, Host},
db::{models::*, DbConn, DbPool}, db::{models::*, DbConn, DbPool},
util::{NumberOrString, SafeString}, util::NumberOrString,
CONFIG, CONFIG,
}; };
@ -346,7 +346,7 @@ async fn post_send_file_v2(data: Json<SendData>, headers: Headers, mut conn: DbC
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub struct SendFileData { pub struct SendFileData {
id: String, id: SendFileId,
size: u64, size: u64,
fileName: String, fileName: String,
} }
@ -355,7 +355,7 @@ pub struct SendFileData {
#[post("/sends/<uuid>/file/<file_id>", format = "multipart/form-data", data = "<data>")] #[post("/sends/<uuid>/file/<file_id>", format = "multipart/form-data", data = "<data>")]
async fn post_send_file_v2_data( async fn post_send_file_v2_data(
uuid: SendId, uuid: SendId,
file_id: &str, file_id: SendFileId,
data: Form<UploadDataV2<'_>>, data: Form<UploadDataV2<'_>>,
headers: Headers, headers: Headers,
mut conn: DbConn, mut conn: DbConn,
@ -496,7 +496,7 @@ async fn post_access(
#[post("/sends/<uuid>/access/file/<file_id>", data = "<data>")] #[post("/sends/<uuid>/access/file/<file_id>", data = "<data>")]
async fn post_access_file( async fn post_access_file(
uuid: SendId, uuid: SendId,
file_id: &str, file_id: SendFileId,
data: Json<SendAccessData>, data: Json<SendAccessData>,
host: Host, host: Host,
mut conn: DbConn, mut conn: DbConn,
@ -547,7 +547,7 @@ async fn post_access_file(
) )
.await; .await;
let token_claims = crate::auth::generate_send_claims(&uuid, file_id); let token_claims = crate::auth::generate_send_claims(&uuid, &file_id);
let token = crate::auth::encode_jwt(&token_claims); let token = crate::auth::encode_jwt(&token_claims);
Ok(Json(json!({ Ok(Json(json!({
"object": "send-fileDownload", "object": "send-fileDownload",
@ -557,7 +557,7 @@ async fn post_access_file(
} }
#[get("/sends/<uuid>/<file_id>?<t>")] #[get("/sends/<uuid>/<file_id>?<t>")]
async fn download_send(uuid: SendId, file_id: SafeString, t: &str) -> Option<NamedFile> { async fn download_send(uuid: SendId, file_id: SendFileId, t: &str) -> Option<NamedFile> {
if let Ok(claims) = crate::auth::decode_send(t) { if let Ok(claims) = crate::auth::decode_send(t) {
if claims.sub == format!("{uuid}/{file_id}") { if claims.sub == format!("{uuid}/{file_id}") {
return NamedFile::open(Path::new(&CONFIG.sends_folder()).join(uuid).join(file_id)).await.ok(); return NamedFile::open(Path::new(&CONFIG.sends_folder()).join(uuid).join(file_id)).await.ok();

5
src/auth.rs
Unescape View File

@ -15,7 +15,8 @@ use std::{
}; };
use crate::db::models::{ use crate::db::models::{
AttachmentId, CipherId, CollectionId, DeviceId, MembershipId, OrgApiKeyId, OrganizationId, SendId, UserId, AttachmentId, CipherId, CollectionId, DeviceId, MembershipId, OrgApiKeyId, OrganizationId, SendFileId, SendId,
UserId,
}; };
use crate::{error::Error, CONFIG}; use crate::{error::Error, CONFIG};
@ -358,7 +359,7 @@ pub fn generate_admin_claims() -> BasicJwtClaims {
} }
} }
pub fn generate_send_claims(uuid: &SendId, file_id: &str) -> BasicJwtClaims { pub fn generate_send_claims(uuid: &SendId, file_id: &SendFileId) -> BasicJwtClaims {
let time_now = Utc::now(); let time_now = Utc::now();
BasicJwtClaims { BasicJwtClaims {
nbf: time_now.timestamp(), nbf: time_now.timestamp(),

5
src/db/models/mod.rs
Unescape View File

@ -31,7 +31,10 @@ pub use self::organization::{
Membership, MembershipId, MembershipStatus, MembershipType, OrgApiKeyId, Organization, OrganizationApiKey, Membership, MembershipId, MembershipStatus, MembershipType, OrgApiKeyId, Organization, OrganizationApiKey,
OrganizationId, OrganizationId,
}; };
pub use self::send::{id::SendId, Send, SendType}; pub use self::send::{
id::{SendFileId, SendId},
Send, SendType,
};
pub use self::two_factor::{TwoFactor, TwoFactorType}; pub use self::two_factor::{TwoFactor, TwoFactorType};
pub use self::two_factor_duo_context::TwoFactorDuoContext; pub use self::two_factor_duo_context::TwoFactorDuoContext;
pub use self::two_factor_incomplete::TwoFactorIncomplete; pub use self::two_factor_incomplete::TwoFactorIncomplete;

24
src/db/models/send.rs
Unescape View File

@ -356,6 +356,7 @@ pub mod id {
use rocket::request::FromParam; use rocket::request::FromParam;
use std::marker::Send; use std::marker::Send;
use std::path::Path; use std::path::Path;
#[derive( #[derive(
Clone, Debug, AsRef, Deref, DieselNewType, Display, From, FromForm, Hash, PartialEq, Eq, Serialize, Deserialize, Clone, Debug, AsRef, Deref, DieselNewType, Display, From, FromForm, Hash, PartialEq, Eq, Serialize, Deserialize,
)] )]
@ -380,4 +381,27 @@ pub mod id {
} }
} }
} }
#[derive(Clone, Debug, AsRef, Deref, Display, From, FromForm, Hash, PartialEq, Eq, Serialize, Deserialize)]
pub struct SendFileId(String);
impl AsRef<Path> for SendFileId {
#[inline]
fn as_ref(&self) -> &Path {
Path::new(&self.0)
}
}
impl<'r> FromParam<'r> for SendFileId {
type Error = ();
#[inline(always)]
fn from_param(param: &'r str) -> Result<Self, Self::Error> {
if param.chars().all(|c| matches!(c, 'a'..='z' | 'A'..='Z' |'0'..='9' | '-')) {
Ok(Self(param.to_string()))
} else {
Err(())
}
}
}
} }

Write Preview
Loading…
Cancel
Save