mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-10 03:12:53 +01:00
Code Issues Releases Aktivität
vaultwarden/src/api/notifications.rs

737 Zeilen
23 KiB
Rust
Originalformat Normale Ansicht Verlauf

Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
use std::{
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
net::{IpAddr, SocketAddr},
sync::Arc,
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
time::Duration,
};
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. Use LOG_LEVEL debug or trace to recover them. Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace. Removed duplicate error messages Made websocket not proxied message more prominent, but only print it once.
2019-12-06 22:19:07 +01:00
Fix collection change ws notifications When chaning a collection this did not got notified via WebSockets. This PR adds this feature and resolves #3534
2023-05-25 20:57:31 +02:00
use chrono::{NaiveDateTime, Utc};
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
use rmpv::Value;
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
use rocket::{
futures::{SinkExt, StreamExt},
Route,
};
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
use tokio::{
net::{TcpListener, TcpStream},
sync::mpsc::Sender,
};
use tokio_tungstenite::{
accept_hdr_async,
tungstenite::{handshake, Message},
};
use crate::{
Allow Authorization header for Web Sockets Some clients (Thirdparty) might use the `Authorization` header instead of a query param. We didn't supported this since all the official clients do not seem to use this way of working. But Bitwarden does check both ways. This PR adds an extra check for this header which can be optional. Fixes #3776
2023-08-27 22:28:35 +02:00
auth::{ClientIp, WsAccessTokenHeader},
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
db::{
models::{Cipher, Folder, Send as DbSend, User},
DbConn,
},
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
Error, CONFIG,
};
Added config option for websocket port, and reworked the config parsing a bit. Added SMTP_FROM config to examples and made it mandatory, it doesn't make much sense to not specify the from address.
2018-09-13 20:59:51 +02:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
use once_cell::sync::Lazy;
static WS_USERS: Lazy<Arc<WebSocketUsers>> = Lazy::new(|| {
Arc::new(WebSocketUsers {
map: Arc::new(dashmap::DashMap::new()),
})
});
Implement login-with-device
2023-08-04 21:12:23 +02:00
pub static WS_ANONYMOUS_SUBSCRIPTIONS: Lazy<Arc<AnonymousWebSocketSubscriptions>> = Lazy::new(|| {
Arc::new(AnonymousWebSocketSubscriptions {
map: Arc::new(dashmap::DashMap::new()),
})
});
use super::{
push::push_auth_request, push::push_auth_response, push_cipher_update, push_folder_update, push_logout,
push_send_update, push_user_update,
};
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
Implemented basic support for prelogin and notification negotiation
2018-08-24 19:02:34 +02:00
pub fn routes() -> Vec<Route> {
Implement login-with-device
2023-08-04 21:12:23 +02:00
routes![websockets_hub, anonymous_websockets_hub]
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
}
#[derive(FromForm, Debug)]
struct WsAccessToken {
access_token: Option<String>,
Add error message when the proxy doesn't route websockets correctly
2018-09-11 17:09:33 +02:00
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
struct WSEntryMapGuard {
users: Arc<WebSocketUsers>,
user_uuid: String,
entry_uuid: uuid::Uuid,
addr: IpAddr,
}
impl WSEntryMapGuard {
fn new(users: Arc<WebSocketUsers>, user_uuid: String, entry_uuid: uuid::Uuid, addr: IpAddr) -> Self {
Self {
users,
user_uuid,
entry_uuid,
addr,
}
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. Use LOG_LEVEL debug or trace to recover them. Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace. Removed duplicate error messages Made websocket not proxied message more prominent, but only print it once.
2019-12-06 22:19:07 +01:00
}
Implemented basic support for prelogin and notification negotiation
2018-08-24 19:02:34 +02:00
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
impl Drop for WSEntryMapGuard {
fn drop(&mut self) {
info!("Closing WS connection from {}", self.addr);
if let Some(mut entry) = self.users.map.get_mut(&self.user_uuid) {
entry.retain(|(uuid, _)| uuid != &self.entry_uuid);
}
}
}
Implement login-with-device
2023-08-04 21:12:23 +02:00
struct WSAnonymousEntryMapGuard {
subscriptions: Arc<AnonymousWebSocketSubscriptions>,
token: String,
addr: IpAddr,
}
impl WSAnonymousEntryMapGuard {
fn new(subscriptions: Arc<AnonymousWebSocketSubscriptions>, token: String, addr: IpAddr) -> Self {
Self {
subscriptions,
token,
addr,
}
}
}
impl Drop for WSAnonymousEntryMapGuard {
fn drop(&mut self) {
info!("Closing WS connection from {}", self.addr);
self.subscriptions.map.remove(&self.token);
}
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
#[get("/hub?<data..>")]
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
fn websockets_hub<'r>(
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
ws: rocket_ws::WebSocket,
data: WsAccessToken,
ip: ClientIp,
Allow Authorization header for Web Sockets Some clients (Thirdparty) might use the `Authorization` header instead of a query param. We didn't supported this since all the official clients do not seem to use this way of working. But Bitwarden does check both ways. This PR adds an extra check for this header which can be optional. Fixes #3776
2023-08-27 22:28:35 +02:00
header_token: WsAccessTokenHeader,
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
) -> Result<rocket_ws::Stream!['r], Error> {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
let addr = ip.ip;
info!("Accepting Rocket WS connection from {addr}");
Allow Authorization header for Web Sockets Some clients (Thirdparty) might use the `Authorization` header instead of a query param. We didn't supported this since all the official clients do not seem to use this way of working. But Bitwarden does check both ways. This PR adds an extra check for this header which can be optional. Fixes #3776
2023-08-27 22:28:35 +02:00
let token = if let Some(token) = data.access_token {
token
} else if let Some(token) = header_token.access_token {
token
} else {
err_code!("Invalid claim", 401)
};
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
let Ok(claims) = crate::auth::decode_login(&token) else {
err_code!("Invalid token", 401)
};
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
let (mut rx, guard) = {
let users = Arc::clone(&WS_USERS);
// Add a channel to send messages to this client to the map
let entry_uuid = uuid::Uuid::new_v4();
let (tx, rx) = tokio::sync::mpsc::channel::<Message>(100);
users.map.entry(claims.sub.clone()).or_default().push((entry_uuid, tx));
// Once the guard goes out of scope, the connection will have been closed and the entry will be deleted from the map
(rx, WSEntryMapGuard::new(users, claims.sub, entry_uuid, addr))
};
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
Ok({
rocket_ws::Stream! { ws => {
let mut ws = ws;
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
let _guard = guard;
let mut interval = tokio::time::interval(Duration::from_secs(15));
loop {
tokio::select! {
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
res = ws.next() => {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
match res {
Some(Ok(message)) => {
match message {
// Respond to any pings
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
Message::Ping(ping) => yield Message::Pong(ping),
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Message::Pong(_) => {/* Ignored */},
// We should receive an initial message with the protocol and version, and we will reply to it
Message::Text(ref message) => {
let msg = message.strip_suffix(RECORD_SEPARATOR as char).unwrap_or(message);
if serde_json::from_str(msg).ok() == Some(INITIAL_MESSAGE) {
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
yield Message::binary(INITIAL_RESPONSE);
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
continue;
}
}
// Just echo anything else the client sends
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
_ => yield message,
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
}
}
_ => break,
}
}
res = rx.recv() => {
match res {
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
Some(res) => yield res,
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
None => break,
}
}
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
_ = interval.tick() => yield Message::Ping(create_ping())
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
}
}
Small update to Rocket WebSockets Switched from channels to stream. This is able to use yield, and the code looks a bit nicer this way. Also updated all the crates.
2023-04-12 15:59:05 +02:00
}}
})
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
}
Implement login-with-device
2023-08-04 21:12:23 +02:00
#[get("/anonymous-hub?<token..>")]
fn anonymous_websockets_hub<'r>(
ws: rocket_ws::WebSocket,
token: String,
ip: ClientIp,
) -> Result<rocket_ws::Stream!['r], Error> {
let addr = ip.ip;
info!("Accepting Anonymous Rocket WS connection from {addr}");
let (mut rx, guard) = {
let subscriptions = Arc::clone(&WS_ANONYMOUS_SUBSCRIPTIONS);
// Add a channel to send messages to this client to the map
let (tx, rx) = tokio::sync::mpsc::channel::<Message>(100);
subscriptions.map.insert(token.clone(), tx);
// Once the guard goes out of scope, the connection will have been closed and the entry will be deleted from the map
(rx, WSAnonymousEntryMapGuard::new(subscriptions, token, addr))
};
Ok({
rocket_ws::Stream! { ws => {
let mut ws = ws;
let _guard = guard;
let mut interval = tokio::time::interval(Duration::from_secs(15));
loop {
tokio::select! {
res = ws.next() => {
match res {
Some(Ok(message)) => {
match message {
// Respond to any pings
Message::Ping(ping) => yield Message::Pong(ping),
Message::Pong(_) => {/* Ignored */},
// We should receive an initial message with the protocol and version, and we will reply to it
Message::Text(ref message) => {
let msg = message.strip_suffix(RECORD_SEPARATOR as char).unwrap_or(message);
if serde_json::from_str(msg).ok() == Some(INITIAL_MESSAGE) {
yield Message::binary(INITIAL_RESPONSE);
continue;
}
}
// Just echo anything else the client sends
_ => yield message,
}
}
_ => break,
}
}
res = rx.recv() => {
match res {
Some(res) => yield res,
None => break,
}
}
_ = interval.tick() => yield Message::Ping(create_ping())
}
}
}}
})
}
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
//
// Websockets server
//
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
fn serialize(val: Value) -> Vec<u8> {
use rmpv::encode::write_value;
let mut buf = Vec::new();
write_value(&mut buf, &val).expect("Error encoding MsgPack");
// Add size bytes at the start
// Extracted from BinaryMessageFormat.js
Fixed some lint issues
2018-09-13 21:55:23 +02:00
let mut size: usize = buf.len();
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let mut len_buf: Vec<u8> = Vec::new();
loop {
let mut size_part = size & 0x7f;
Fixed some lint issues
2018-09-13 21:55:23 +02:00
size >>= 7;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
if size > 0 {
Fixed some lint issues
2018-09-13 21:55:23 +02:00
size_part |= 0x80;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
len_buf.push(size_part as u8);
Fixed some lint issues
2018-09-13 21:55:23 +02:00
if size == 0 {
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
break;
}
}
len_buf.append(&mut buf);
len_buf
}
fn serialize_date(date: NaiveDateTime) -> Value {
let seconds: i64 = date.timestamp();
Updated dependencies, removed some unnecessary clones and fixed some lints
2019-02-20 17:54:18 +01:00
let nanos: i64 = date.timestamp_subsec_nanos().into();
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let timestamp = nanos << 34 | seconds;
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods.
2019-01-25 18:23:51 +01:00
Use new i64::to_be_bytes and remove byteorder dep (https://doc.rust-lang.org/stable/std/primitive.i64.html#method.to_be_bytes)
2019-01-16 22:14:17 +01:00
let bs = timestamp.to_be_bytes();
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
// -1 is Timestamp
// https://github.com/msgpack/msgpack/blob/master/spec.md#timestamp-extension-type
Value::Ext(-1, bs.to_vec())
}
fn convert_option<T: Into<Value>>(option: Option<T>) -> Value {
match option {
Some(a) => a.into(),
None => Value::Nil,
}
}
const RECORD_SEPARATOR: u8 = 0x1e;
const INITIAL_RESPONSE: [u8; 3] = [0x7b, 0x7d, RECORD_SEPARATOR]; // {, }, <RS>
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
#[derive(Deserialize, Copy, Clone, Eq, PartialEq)]
struct InitialMessage<'a> {
protocol: &'a str,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
version: i32,
}
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
static INITIAL_MESSAGE: InitialMessage<'static> = InitialMessage {
protocol: "messagepack",
version: 1,
};
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
// We attach the UUID to the sender so we can differentiate them when we need to remove them from the Vec
type UserSenders = (uuid::Uuid, Sender<Message>);
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
#[derive(Clone)]
pub struct WebSocketUsers {
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
map: Arc<dashmap::DashMap<String, Vec<UserSenders>>>,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
impl WebSocketUsers {
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
async fn send_update(&self, user_uuid: &str, data: &[u8]) {
if let Some(user) = self.map.get(user_uuid).map(|v| v.clone()) {
for (_, sender) in user.iter() {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
if let Err(e) = sender.send(Message::binary(data)).await {
error!("Error sending WS update {e}");
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
}
}
// NOTE: The last modified date needs to be updated before calling these methods
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
pub async fn send_user_update(&self, ut: UpdateType, user: &User) {
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let data = create_update(
Modify rustfmt file
2021-04-06 22:54:42 +02:00
vec![("UserId".into(), user.uuid.clone().into()), ("Date".into(), serialize_date(user.updated_at))],
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
ut,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
None,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
);
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
self.send_update(&user.uuid, &data).await;
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
if CONFIG.push_enabled() {
Fix mobile push blocking requests and spamming push server
2023-06-16 23:34:16 +02:00
push_user_update(ut, user);
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
Fix mobile push blocking requests and spamming push server
2023-06-16 23:34:16 +02:00
pub async fn send_logout(&self, user: &User, acting_device_uuid: Option<String>) {
Validate note sizes on key-rotation. We also need to validate the note sizes on key-rotation. If we do not validate them before we store them, that could lead to a partial or total loss of the password vault. Validating these restrictions before actually processing them to store/replace the existing ciphers should prevent this. There was also a small bug when using web-sockets. The client which is triggering the password/key-rotation change should not be forced to logout via a web-socket request. That is something the client will handle it self. Refactored the logout notification to either send the device uuid or not on specific actions. Fixes #3152
2023-01-20 15:43:45 +01:00
let data = create_update(
vec![("UserId".into(), user.uuid.clone().into()), ("Date".into(), serialize_date(user.updated_at))],
UpdateType::LogOut,
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
acting_device_uuid.clone(),
Validate note sizes on key-rotation. We also need to validate the note sizes on key-rotation. If we do not validate them before we store them, that could lead to a partial or total loss of the password vault. Validating these restrictions before actually processing them to store/replace the existing ciphers should prevent this. There was also a small bug when using web-sockets. The client which is triggering the password/key-rotation change should not be forced to logout via a web-socket request. That is something the client will handle it self. Refactored the logout notification to either send the device uuid or not on specific actions. Fixes #3152
2023-01-20 15:43:45 +01:00
);
self.send_update(&user.uuid, &data).await;
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
if CONFIG.push_enabled() {
Fix mobile push blocking requests and spamming push server
2023-06-16 23:34:16 +02:00
push_logout(user, acting_device_uuid);
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
}
Validate note sizes on key-rotation. We also need to validate the note sizes on key-rotation. If we do not validate them before we store them, that could lead to a partial or total loss of the password vault. Validating these restrictions before actually processing them to store/replace the existing ciphers should prevent this. There was also a small bug when using web-sockets. The client which is triggering the password/key-rotation change should not be forced to logout via a web-socket request. That is something the client will handle it self. Refactored the logout notification to either send the device uuid or not on specific actions. Fixes #3152
2023-01-20 15:43:45 +01:00
}
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
pub async fn send_folder_update(
&self,
ut: UpdateType,
folder: &Folder,
acting_device_uuid: &String,
conn: &mut DbConn,
) {
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let data = create_update(
vec![
("Id".into(), folder.uuid.clone().into()),
("UserId".into(), folder.user_uuid.clone().into()),
("RevisionDate".into(), serialize_date(folder.updated_at)),
Fixed some lint issues
2018-09-13 21:55:23 +02:00
],
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
ut,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
Some(acting_device_uuid.into()),
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
);
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
self.send_update(&folder.user_uuid, &data).await;
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
if CONFIG.push_enabled() {
push_folder_update(ut, folder, acting_device_uuid, conn).await;
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
pub async fn send_cipher_update(
&self,
ut: UpdateType,
cipher: &Cipher,
user_uuids: &[String],
acting_device_uuid: &String,
Fix collection change ws notifications When chaning a collection this did not got notified via WebSockets. This PR adds this feature and resolves #3534
2023-05-25 20:57:31 +02:00
collection_uuids: Option<Vec<String>>,
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
conn: &mut DbConn,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
) {
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let org_uuid = convert_option(cipher.organization_uuid.clone());
Fix collection change ws notifications When chaning a collection this did not got notified via WebSockets. This PR adds this feature and resolves #3534
2023-05-25 20:57:31 +02:00
// Depending if there are collections provided or not, we need to have different values for the following variables.
// The user_uuid should be `null`, and the revision date should be set to now, else the clients won't sync the collection change.
let (user_uuid, collection_uuids, revision_date) = if let Some(collection_uuids) = collection_uuids {
(
Value::Nil,
Value::Array(collection_uuids.into_iter().map(|v| v.into()).collect::<Vec<rmpv::Value>>()),
serialize_date(Utc::now().naive_utc()),
)
} else {
(convert_option(cipher.user_uuid.clone()), Value::Nil, serialize_date(cipher.updated_at))
};
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
let data = create_update(
vec![
("Id".into(), cipher.uuid.clone().into()),
("UserId".into(), user_uuid),
("OrganizationId".into(), org_uuid),
Fix collection change ws notifications When chaning a collection this did not got notified via WebSockets. This PR adds this feature and resolves #3534
2023-05-25 20:57:31 +02:00
("CollectionIds".into(), collection_uuids),
("RevisionDate".into(), revision_date),
Fixed some lint issues
2018-09-13 21:55:23 +02:00
],
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
ut,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
Some(acting_device_uuid.into()),
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
);
Send create, update and delete notifications for `Send`s in the correct format. Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:33:59 +02:00
for uuid in user_uuids {
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
self.send_update(uuid, &data).await;
Send create, update and delete notifications for `Send`s in the correct format. Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:33:59 +02:00
}
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
if CONFIG.push_enabled() && user_uuids.len() == 1 {
push_cipher_update(ut, cipher, acting_device_uuid, conn).await;
}
Send create, update and delete notifications for `Send`s in the correct format. Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:33:59 +02:00
}
Fix mobile push blocking requests and spamming push server
2023-06-16 23:34:16 +02:00
pub async fn send_send_update(
&self,
ut: UpdateType,
send: &DbSend,
user_uuids: &[String],
acting_device_uuid: &String,
conn: &mut DbConn,
) {
Send create, update and delete notifications for `Send`s in the correct format. Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:33:59 +02:00
let user_uuid = convert_option(send.user_uuid.clone());
let data = create_update(
vec![
("Id".into(), send.uuid.clone().into()),
("UserId".into(), user_uuid),
("RevisionDate".into(), serialize_date(send.revision_date)),
],
ut,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
None,
Send create, update and delete notifications for `Send`s in the correct format. Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:33:59 +02:00
);
Add support for CipherUpdate notifications
2018-09-01 06:30:53 +02:00
for uuid in user_uuids {
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
self.send_update(uuid, &data).await;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
if CONFIG.push_enabled() && user_uuids.len() == 1 {
Fix mobile push blocking requests and spamming push server
2023-06-16 23:34:16 +02:00
push_send_update(ut, send, acting_device_uuid, conn).await;
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
Implement login-with-device
2023-08-04 21:12:23 +02:00
pub async fn send_auth_request(
&self,
user_uuid: &String,
auth_request_uuid: &String,
acting_device_uuid: &String,
conn: &mut DbConn,
) {
let data = create_update(
vec![("Id".into(), auth_request_uuid.clone().into()), ("UserId".into(), user_uuid.clone().into())],
UpdateType::AuthRequest,
Some(acting_device_uuid.to_string()),
);
self.send_update(user_uuid, &data).await;
if CONFIG.push_enabled() {
push_auth_request(user_uuid.to_string(), auth_request_uuid.to_string(), conn).await;
}
}
pub async fn send_auth_response(
&self,
user_uuid: &String,
auth_response_uuid: &str,
approving_device_uuid: String,
conn: &mut DbConn,
) {
let data = create_update(
vec![("Id".into(), auth_response_uuid.to_owned().into()), ("UserId".into(), user_uuid.clone().into())],
UpdateType::AuthRequestResponse,
approving_device_uuid.clone().into(),
);
self.send_update(auth_response_uuid, &data).await;
if CONFIG.push_enabled() {
push_auth_response(user_uuid.to_string(), auth_response_uuid.to_string(), approving_device_uuid, conn)
.await;
}
}
}
#[derive(Clone)]
pub struct AnonymousWebSocketSubscriptions {
map: Arc<dashmap::DashMap<String, Sender<Message>>>,
}
impl AnonymousWebSocketSubscriptions {
async fn send_update(&self, token: &str, data: &[u8]) {
if let Some(sender) = self.map.get(token).map(|v| v.clone()) {
if let Err(e) = sender.send(Message::binary(data)).await {
error!("Error sending WS update {e}");
}
}
}
pub async fn send_auth_response(&self, user_uuid: &String, auth_response_uuid: &str) {
let data = create_anonymous_update(
vec![("Id".into(), auth_response_uuid.to_owned().into()), ("UserId".into(), user_uuid.clone().into())],
UpdateType::AuthRequestResponse,
user_uuid.to_string(),
);
self.send_update(auth_response_uuid, &data).await;
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
/* Message Structure
[
1, // MessageType.Invocation
Fix MsgPack headers and support mobile SignalR
2020-08-31 19:05:07 +02:00
{}, // Headers (map)
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
null, // InvocationId
"ReceiveMessage", // Target
[ // Arguments
{
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
"ContextId": acting_device_uuid || Nil,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
"Type": ut as i32,
"Payload": {}
}
]
]
*/
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
fn create_update(payload: Vec<(Value, Value)>, ut: UpdateType, acting_device_uuid: Option<String>) -> Vec<u8> {
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
use rmpv::Value as V;
let value = V::Array(vec![
1.into(),
Fix MsgPack headers and support mobile SignalR
2020-08-31 19:05:07 +02:00
V::Map(vec![]),
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
V::Nil,
"ReceiveMessage".into(),
V::Array(vec![V::Map(vec![
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
("ContextId".into(), acting_device_uuid.map(|v| v.into()).unwrap_or_else(|| V::Nil)),
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
("Type".into(), (ut as i32).into()),
("Payload".into(), payload.into()),
])]),
]);
serialize(value)
}
Implement login-with-device
2023-08-04 21:12:23 +02:00
fn create_anonymous_update(payload: Vec<(Value, Value)>, ut: UpdateType, user_id: String) -> Vec<u8> {
use rmpv::Value as V;
let value = V::Array(vec![
1.into(),
V::Map(vec![]),
V::Nil,
"AuthRequestResponseRecieved".into(),
V::Array(vec![V::Map(vec![
("Type".into(), (ut as i32).into()),
("Payload".into(), payload.into()),
("UserId".into(), user_id.into()),
])]),
]);
serialize(value)
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
fn create_ping() -> Vec<u8> {
serialize(Value::Array(vec![6.into()]))
}
#[allow(dead_code)]
feat: Push Notifications Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com> Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
#[derive(Copy, Clone, Eq, PartialEq)]
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
pub enum UpdateType {
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
SyncCipherUpdate = 0,
SyncCipherCreate = 1,
SyncLoginDelete = 2,
SyncFolderDelete = 3,
SyncCiphers = 4,
SyncVault = 5,
SyncOrgKeys = 6,
SyncFolderCreate = 7,
SyncFolderUpdate = 8,
SyncCipherDelete = 9,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
SyncSettings = 10,
LogOut = 11,
Only send one notification per vault import and purge, improve move ciphers functions
2019-01-28 00:39:14 +01:00
Send API
2021-03-14 23:35:55 +01:00
SyncSendCreate = 12,
SyncSendUpdate = 13,
SyncSendDelete = 14,
Update WebSocket Notifications Previously the websocket notifications were using `app_id` as the `ContextId`. This was incorrect and should have been the device_uuid from the client device executing the request. The clients will ignore the websocket request if the uuid matches. This also fixes some issues with the Desktop client which is able to modify attachments within the same screen and causes an issue when saving the attachment afterwards. Also changed the way to handle removed attachments, since that causes an error saving the vault cipher afterwards, complaining about a missing attachment. Bitwarden ignores this, and continues with the remaining attachments (if any). This also fixes #2591 . Further some more websocket notifications have been added to some other functions which enhance the user experience. - Logout users when deauthed, changed password, rotated keys - Trigger OrgSyncKeys on user confirm and removal - Added some extra to the send feature Also renamed UpdateTypes to match Bitwarden naming.
2022-12-30 21:23:55 +01:00
AuthRequest = 15,
AuthRequestResponse = 16,
Only send one notification per vault import and purge, improve move ciphers functions
2019-01-28 00:39:14 +01:00
None = 100,
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
pub type Notify<'a> = &'a rocket::State<Arc<WebSocketUsers>>;
Implement login-with-device
2023-08-04 21:12:23 +02:00
pub type AnonymousNotify<'a> = &'a rocket::State<Arc<AnonymousWebSocketSubscriptions>>;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
pub fn start_notification_server() -> Arc<WebSocketUsers> {
let users = Arc::clone(&WS_USERS);
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods.
2019-01-25 18:23:51 +01:00
if CONFIG.websocket_enabled() {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
let users2 = Arc::<WebSocketUsers>::clone(&users);
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
tokio::spawn(async move {
let addr = (CONFIG.websocket_address(), CONFIG.websocket_port());
Fix incorrect pings sent, and respond to pings from the client
2022-05-21 19:12:38 +02:00
info!("Starting WebSockets server on {}:{}", addr.0, addr.1);
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
let listener = TcpListener::bind(addr).await.expect("Can't listen on websocket port");
let (shutdown_tx, mut shutdown_rx) = tokio::sync::oneshot::channel::<()>();
CONFIG.set_ws_shutdown_handle(shutdown_tx);
loop {
tokio::select! {
Ok((stream, addr)) = listener.accept() => {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
tokio::spawn(handle_connection(stream, Arc::<WebSocketUsers>::clone(&users2), addr));
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
}
_ = &mut shutdown_rx => {
break;
}
}
}
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
info!("Shutting down WebSockets server!")
Do not spawn WS thread if it's disabled
2018-10-15 16:08:15 +02:00
});
}
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
users
}
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
async fn handle_connection(stream: TcpStream, users: Arc<WebSocketUsers>, addr: SocketAddr) -> Result<(), Error> {
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
let mut user_uuid: Option<String> = None;
Fix incorrect pings sent, and respond to pings from the client
2022-05-21 19:12:38 +02:00
info!("Accepting WS connection from {addr}");
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
// Accept connection, do initial handshake, validate auth token and get the user ID
use handshake::server::{Request, Response};
let mut stream = accept_hdr_async(stream, |req: &Request, res: Response| {
if let Some(token) = get_request_token(req) {
if let Ok(claims) = crate::auth::decode_login(&token) {
user_uuid = Some(claims.sub);
return Ok(res);
}
}
Err(Response::builder().status(401).body(None).unwrap())
})
.await?;
let user_uuid = user_uuid.expect("User UUID should be set after the handshake");
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
let (mut rx, guard) = {
// Add a channel to send messages to this client to the map
let entry_uuid = uuid::Uuid::new_v4();
let (tx, rx) = tokio::sync::mpsc::channel::<Message>(100);
users.map.entry(user_uuid.clone()).or_default().push((entry_uuid, tx));
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
// Once the guard goes out of scope, the connection will have been closed and the entry will be deleted from the map
(rx, WSEntryMapGuard::new(users, user_uuid, entry_uuid, addr.ip()))
};
let _guard = guard;
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
let mut interval = tokio::time::interval(Duration::from_secs(15));
loop {
tokio::select! {
res = stream.next() => {
match res {
Some(Ok(message)) => {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
match message {
// Respond to any pings
Message::Ping(ping) => stream.send(Message::Pong(ping)).await?,
Message::Pong(_) => {/* Ignored */},
// We should receive an initial message with the protocol and version, and we will reply to it
Message::Text(ref message) => {
let msg = message.strip_suffix(RECORD_SEPARATOR as char).unwrap_or(message);
if serde_json::from_str(msg).ok() == Some(INITIAL_MESSAGE) {
stream.send(Message::binary(INITIAL_RESPONSE)).await?;
continue;
}
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
// Just echo anything else the client sends
_ => stream.send(message).await?,
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
}
}
_ => break,
}
}
res = rx.recv() => {
match res {
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Some(res) => stream.send(res).await?,
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
None => break,
}
}
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
_ = interval.tick() => stream.send(Message::Ping(create_ping())).await?
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
}
}
Ok(())
}
fn get_request_token(req: &handshake::server::Request) -> Option<String> {
const ACCESS_TOKEN_KEY: &str = "access_token=";
if let Some(Ok(auth)) = req.headers().get("Authorization").map(|a| a.to_str()) {
if let Some(token_part) = auth.strip_prefix("Bearer ") {
return Some(token_part.to_owned());
}
}
if let Some(params) = req.uri().query() {
let params_iter = params.split('&').take(1);
for val in params_iter {
if let Some(stripped) = val.strip_prefix(ACCESS_TOKEN_KEY) {
return Some(stripped.to_owned());
}
}
}
None
}
Permalink kopieren