vaultwarden/src/api/web.rs

72 lines
1.9 KiB
Rust
Raw Normal View History

2018-02-10 01:00:55 +01:00
use std::io;
use std::path::{Path, PathBuf};
use rocket::request::Request;
use rocket::response::{self, NamedFile, Responder};
2018-02-10 01:00:55 +01:00
use rocket::Route;
use rocket_contrib::{Json, Value};
2018-02-10 01:00:55 +01:00
use CONFIG;
pub fn routes() -> Vec<Route> {
if CONFIG.web_vault_enabled {
routes![web_index, app_id, web_files, attachments, alive]
} else {
routes![attachments, alive]
}
2018-02-10 01:00:55 +01:00
}
// TODO: Might want to use in memory cache: https://github.com/hgzimmerman/rocket-file-cache
#[get("/")]
fn web_index() -> WebHeaders<io::Result<NamedFile>> {
web_files("index.html".into())
2018-02-10 01:00:55 +01:00
}
#[get("/app-id.json")]
fn app_id() -> WebHeaders<Json<Value>> {
WebHeaders(Json(json!({
"trustedFacets": [
{
"version": { "major": 1, "minor": 0 },
"ids": [
&CONFIG.domain,
"ios:bundle-id:com.8bit.bitwarden",
"android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
}]
})))
}
#[get("/<p..>", rank = 1)] // Only match this if the other routes don't match
fn web_files(p: PathBuf) -> WebHeaders<io::Result<NamedFile>> {
WebHeaders(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p)))
2018-02-10 01:00:55 +01:00
}
struct WebHeaders<R>(R);
impl<'r, R: Responder<'r>> Responder<'r> for WebHeaders<R> {
fn respond_to(self, req: &Request) -> response::Result<'r> {
let mut res = self.0.respond_to(req)?;
res.set_raw_header("Referrer-Policy", "same-origin");
res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
res.set_raw_header("X-Content-Type-Options", "nosniff");
res.set_raw_header("X-XSS-Protection", "1; mode=block");
Ok(res)
}
}
2018-02-10 01:00:55 +01:00
#[get("/attachments/<uuid>/<file..>")]
fn attachments(uuid: String, file: PathBuf) -> io::Result<NamedFile> {
NamedFile::open(Path::new(&CONFIG.attachments_folder).join(uuid).join(file))
2018-02-10 01:00:55 +01:00
}
#[get("/alive")]
fn alive() -> Json<String> {
use util::format_date;
2018-02-15 00:53:11 +01:00
use chrono::Utc;
2018-02-10 01:00:55 +01:00
Json(format_date(&Utc::now().naive_utc()))
}