Daniel García
7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors
3 years ago
Daniel García
e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf
3 years ago
Kaito Udagawa
c640abbcd7
Update src/util.rs
...
Co-authored-by: William Desportes <williamdes@wdes.fr>
3 years ago
Kaito Udagawa
13598c098f
Add links to browser extensions
3 years ago
Kaito Udagawa
a622b4d2fb
Add Edge's frame-ancestors
...
Edge's frame-ancestors are required for Edge extension to do WebAuthn.
3 years ago
Daniel García
46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch
3 years ago
Daniel García
34ea10475d
Project renaming
4 years ago
Daniel García
305de2e2cd
Format the changes from merge to master
4 years ago
Daniel García
95d906bdbb
Merge branch 'master' into fmt
4 years ago
Jake Howard
3ab90259f2
Modify rustfmt file
4 years ago
Jake Howard
155109dea1
Extract client creation to a single place
4 years ago
Jake Howard
0af3956abd
Run `cargo fmt` on codebase
4 years ago
Daniel García
fd27759a95
Merge pull request #1546 from RealOrangeOne/clippy-run
...
Run Clippy
4 years ago
Jake Howard
49af9cf4f5
Correctly camelCase acronyms
...
https://rust-lang.github.io/rust-clippy/master/index.html#upper_case_acronyms
4 years ago
Jake Howard
131348a49f
Add immutable caching for vault assets
...
The URLs are cachebusted, so updates will still be applied cleanly and immediately
4 years ago
Jake Howard
b22564cb00
Cache icons on the client
...
This should make the vault pages load much faster, and massively reduce the number of requests.
4 years ago
Jeremy Lin
7d0e234b34
CORS fixes
...
* The Safari extension apparently now uses the origin `file://` and expects
that to be returned (see bitwarden/browser#1311 , bitwarden/server#800 ).
* The `Access-Control-Allow-Origin` header was reflecting the value of the
`Origin` header without checking whether the origin was actually allowed.
This effectively allows any origin to interact with the server, which
defeats the purpose of CORS.
4 years ago
Jeremy Lin
513056f711
Check for data folder on startup
...
Currently, when starting up for the first time (running standalone, outside
of Docker), bitwarden_rs panics when the `openssl` tool isn't able to create
`data/rsa_key.pem` due to the `data` dir not existing. Instead, print a more
helpful error message telling the user to create the directory.
4 years ago
Jeremy Lin
e37ff60617
Change `twofactorauth.org` to `2fa.directory`
...
The `twofactorauth.org` has apparently been sold to some company for
marketing purposes.
4 years ago
Jeremy Lin
455a23361f
Clean up datetime output and code
...
* For clarity, add `UTC` suffix for datetimes in the `Diagnostics` admin tab.
* Format datetimes in the local timezone in the `Users` admin tab.
* Refactor some datetime code and add doc comments.
4 years ago
janost
e8ef76b8f9
Read config vars from files
4 years ago
Daniel García
729c9cff41
Retry initial db connection, with adjustable option
4 years ago
Jeremy Lin
de70fbf88a
Use `strip_prefix()` instead of `trim_start_matches()` as appropriate
...
As of Rust 1.45.0, `strip_prefix()` is now stable.
4 years ago
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports
4 years ago
fdeĉ
4c3727b4a3
use format! for rounding to fix arm issue
5 years ago
Daniel García
a8870eef0d
Convert to f32 before rounding to fix arm issue
5 years ago
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
5 years ago
Jeremy Lin
29a0795219
Add backend support for alternate base dir (subdir/subpath) hosting
...
To use this, include a path in the `DOMAIN` URL, e.g.:
* `DOMAIN=https://example.com/custom-path `
* `DOMAIN=https://example.com/multiple/levels/are/ok `
5 years ago
Daniel García
8867626de8
Add option to change invitation org name, fixes #825
...
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
5 years ago
Daniel García
d212dfe735
Accept y/n, True/False, 1/0 as booleans in environment vars
5 years ago
Daniel García
36ae946655
Avoid some to_string in the request logging and include message to disable web vault when not found.
5 years ago
Daniel García
2545469713
Fix crash when page URL points to huge file
5 years ago
Daniel García
a03db6d224
Also hide options requests, unless using debug or trace
5 years ago
Daniel García
8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative.
...
Use LOG_LEVEL debug or trace to recover them.
Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.
Removed duplicate error messages
Made websocket not proxied message more prominent, but only print it once.
5 years ago
vpl
7b1da527a6
Change CORS headers
...
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
5 years ago
vpl
56f12dc982
Use Access-Control-Allow-Method
5 years ago
vpl
5a2f968d7a
Set correct response headers, status code
5 years ago
vpl
16d88402cb
Initial version of CORS support
5 years ago
Daniel García
4689ed7b30
Changed uppercase deserializer to avoid a clone.
6 years ago
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
6 years ago
Daniel García
877408b808
Implement basic config loading and updating. No save to file yet.
6 years ago
Daniel García
86ed75bf7c
Config can now be serialized / deserialized
6 years ago
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
6 years ago
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template
6 years ago
TBK
d8116a80df
Add Feature-Policy header
6 years ago
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
6 years ago
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally
6 years ago
Daniel García
6a99849a1e
Implemented proper error handling, now we can do `user.save($conn)?;` and it works.
...
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
6 years ago
Daniel García
4e827e4f8a
Implement better retry and use it while saving device
6 years ago
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
...
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
6 years ago