2018-02-15 00:40:34 +01:00
|
|
|
use std::path::Path;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:53:11 +01:00
|
|
|
use rocket::Data;
|
2018-02-10 01:00:55 +01:00
|
|
|
use rocket::http::ContentType;
|
|
|
|
use rocket::response::status::BadRequest;
|
|
|
|
|
|
|
|
use rocket_contrib::{Json, Value};
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
use multipart::server::{Multipart, SaveResult};
|
|
|
|
use multipart::server::save::SavedData;
|
|
|
|
|
|
|
|
use data_encoding::HEXLOWER;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
use db::DbConn;
|
|
|
|
use db::models::*;
|
2018-02-15 00:40:34 +01:00
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
use util;
|
2018-02-15 00:40:34 +01:00
|
|
|
use crypto;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
use auth::Headers;
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
use CONFIG;
|
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
#[get("/sync")]
|
|
|
|
fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
2018-02-15 01:49:36 +01:00
|
|
|
let user = &headers.user;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
let folders = Folder::find_by_user(&user.uuid, &conn);
|
|
|
|
let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();
|
|
|
|
|
|
|
|
let ciphers = Cipher::find_by_user(&user.uuid, &conn);
|
2018-02-15 01:49:36 +01:00
|
|
|
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
Ok(Json(json!({
|
|
|
|
"Profile": user.to_json(),
|
|
|
|
"Folders": folders_json,
|
|
|
|
"Ciphers": ciphers_json,
|
|
|
|
"Domains": {
|
|
|
|
"EquivalentDomains": [],
|
|
|
|
"GlobalEquivalentDomains": [],
|
|
|
|
"Object": "domains",
|
|
|
|
},
|
|
|
|
"Object": "sync"
|
|
|
|
})))
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#[get("/ciphers")]
|
|
|
|
fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn);
|
|
|
|
|
2018-02-15 01:49:36 +01:00
|
|
|
let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
Ok(Json(json!({
|
|
|
|
"Data": ciphers_json,
|
|
|
|
"Object": "list",
|
|
|
|
})))
|
|
|
|
}
|
|
|
|
|
|
|
|
#[get("/ciphers/<uuid>")]
|
|
|
|
fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
|
|
|
|
Some(cipher) => cipher,
|
|
|
|
None => err!("Cipher doesn't exist")
|
|
|
|
};
|
|
|
|
|
|
|
|
if cipher.user_uuid != headers.user.uuid {
|
2018-02-15 00:40:34 +01:00
|
|
|
err!("Cipher is not owned by user")
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-02-15 01:49:36 +01:00
|
|
|
Ok(Json(cipher.to_json(&headers.host, &conn)))
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Deserialize, Debug)]
|
|
|
|
#[allow(non_snake_case)]
|
|
|
|
struct CipherData {
|
|
|
|
#[serde(rename = "type")]
|
|
|
|
type_: i32,
|
|
|
|
folderId: Option<String>,
|
|
|
|
organizationId: Option<String>,
|
|
|
|
name: Option<String>,
|
|
|
|
notes: Option<String>,
|
|
|
|
favorite: Option<bool>,
|
|
|
|
login: Option<Value>,
|
|
|
|
card: Option<Value>,
|
|
|
|
fields: Option<Vec<Value>>,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/ciphers", data = "<data>")]
|
|
|
|
fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
let mut cipher = Cipher::new(headers.user.uuid.clone(),
|
|
|
|
data.type_,
|
|
|
|
data.favorite.unwrap_or(false));
|
|
|
|
|
|
|
|
if let Some(ref folder_id) = data.folderId {
|
2018-02-15 00:40:34 +01:00
|
|
|
match Folder::find_by_uuid(folder_id, &conn) {
|
|
|
|
Some(folder) => {
|
|
|
|
if folder.user_uuid != headers.user.uuid {
|
|
|
|
err!("Folder is not owned by user")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
None => err!("Folder doesn't exist")
|
|
|
|
}
|
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
cipher.folder_uuid = Some(folder_id.clone());
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Some(ref org_id) = data.organizationId {
|
|
|
|
cipher.organization_uuid = Some(org_id.clone());
|
|
|
|
}
|
|
|
|
|
|
|
|
cipher.data = match value_from_data(&data) {
|
|
|
|
Ok(value) => {
|
|
|
|
use serde_json;
|
|
|
|
println!("--- {:?}", serde_json::to_string(&value));
|
|
|
|
println!("--- {:?}", value.to_string());
|
|
|
|
|
|
|
|
value.to_string()
|
|
|
|
}
|
|
|
|
Err(msg) => err!(msg)
|
|
|
|
};
|
|
|
|
|
|
|
|
cipher.save(&conn);
|
|
|
|
|
2018-02-15 01:49:36 +01:00
|
|
|
Ok(Json(cipher.to_json(&headers.host, &conn)))
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
|
|
|
|
let mut values = json!({
|
|
|
|
"Name": data.name,
|
|
|
|
"Notes": data.notes
|
|
|
|
});
|
|
|
|
|
|
|
|
match data.type_ {
|
|
|
|
1 /*Login*/ => {
|
|
|
|
let login_data = match data.login {
|
|
|
|
Some(ref login) => login.clone(),
|
|
|
|
None => return Err("Login data missing")
|
|
|
|
};
|
|
|
|
|
|
|
|
if !copy_values(&login_data, &mut values) {
|
|
|
|
return Err("Login data invalid");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
3 /*Card*/ => {
|
|
|
|
let card_data = match data.card {
|
|
|
|
Some(ref card) => card.clone(),
|
|
|
|
None => return Err("Card data missing")
|
|
|
|
};
|
|
|
|
|
|
|
|
if !copy_values(&card_data, &mut values) {
|
|
|
|
return Err("Card data invalid");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
_ => return Err("Unknown type")
|
|
|
|
}
|
|
|
|
|
|
|
|
if let Some(ref fields) = data.fields {
|
|
|
|
values["Fields"] = Value::Array(fields.iter().map(|f| {
|
|
|
|
use std::collections::BTreeMap;
|
|
|
|
use serde_json;
|
|
|
|
|
|
|
|
let empty_map: BTreeMap<String, Value> = BTreeMap::new();
|
|
|
|
let mut value = serde_json::to_value(empty_map).unwrap();
|
|
|
|
|
|
|
|
copy_values(&f, &mut value);
|
|
|
|
|
|
|
|
value
|
|
|
|
}).collect());
|
|
|
|
} else {
|
|
|
|
values["Fields"] = Value::Null;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(values)
|
|
|
|
}
|
|
|
|
|
|
|
|
fn copy_values(from: &Value, to: &mut Value) -> bool {
|
|
|
|
let map = match from.as_object() {
|
|
|
|
Some(map) => map,
|
|
|
|
None => return false
|
|
|
|
};
|
|
|
|
|
|
|
|
for (key, val) in map {
|
|
|
|
to[util::upcase_first(key)] = val.clone();
|
|
|
|
}
|
|
|
|
|
|
|
|
true
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/ciphers/import", data = "<data>")]
|
|
|
|
fn post_ciphers_import(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
println!("{:#?}", data);
|
|
|
|
err!("Not implemented")
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/ciphers/<uuid>/attachment", format = "multipart/form-data", data = "<data>")]
|
|
|
|
fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
2018-02-15 00:40:34 +01:00
|
|
|
let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
|
|
|
|
Some(cipher) => cipher,
|
|
|
|
None => err!("Cipher doesn't exist")
|
|
|
|
};
|
|
|
|
|
|
|
|
if cipher.user_uuid != headers.user.uuid {
|
|
|
|
err!("Cipher is not owned by user")
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
let mut params = content_type.params();
|
2018-02-15 00:40:34 +01:00
|
|
|
let boundary_pair = params.next().expect("No boundary provided");
|
2018-02-10 01:00:55 +01:00
|
|
|
let boundary = boundary_pair.1;
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
let base_path = Path::new(&CONFIG.attachments_folder).join(&cipher.uuid);
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
Multipart::with_body(data.open(), boundary).foreach_entry(|mut field| {
|
|
|
|
let name = field.headers.filename.unwrap(); // This is provided by the client, don't trust it
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
let file_name = HEXLOWER.encode(&crypto::get_random(vec![0; 10]));
|
|
|
|
let path = base_path.join(&file_name);
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
let size = match field.data.save()
|
|
|
|
.memory_threshold(0)
|
|
|
|
.size_limit(None)
|
|
|
|
.with_path(path) {
|
2018-02-15 00:53:11 +01:00
|
|
|
SaveResult::Full(SavedData::File(_, size)) => size as i32,
|
2018-02-15 00:40:34 +01:00
|
|
|
_ => return
|
|
|
|
};
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
let attachment = Attachment::new(file_name, cipher.uuid.clone(), name, size);
|
|
|
|
println!("Attachment: {:#?}", attachment);
|
|
|
|
attachment.save(&conn);
|
|
|
|
});
|
|
|
|
|
2018-02-15 01:49:36 +01:00
|
|
|
Ok(Json(cipher.to_json(&headers.host, &conn)))
|
2018-02-15 00:40:34 +01:00
|
|
|
}
|
|
|
|
|
2018-02-15 00:53:11 +01:00
|
|
|
#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")]
|
|
|
|
fn delete_attachment_post(uuid: String, attachment_id: String, _data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
|
2018-02-15 00:40:34 +01:00
|
|
|
// Data contains a json object with the id, but we don't need it
|
|
|
|
delete_attachment(uuid, attachment_id, headers, conn)
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#[delete("/ciphers/<uuid>/attachment/<attachment_id>")]
|
2018-02-15 00:40:34 +01:00
|
|
|
fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
|
|
|
|
let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
|
|
|
|
Some(attachment) => attachment,
|
|
|
|
None => err!("Attachment doesn't exist")
|
|
|
|
};
|
|
|
|
|
|
|
|
if attachment.cipher_uuid != uuid {
|
|
|
|
err!("Attachment from other cipher")
|
|
|
|
}
|
|
|
|
|
|
|
|
let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
|
|
|
|
Some(cipher) => cipher,
|
|
|
|
None => err!("Cipher doesn't exist")
|
|
|
|
};
|
|
|
|
|
|
|
|
if cipher.user_uuid != headers.user.uuid {
|
|
|
|
err!("Cipher is not owned by user")
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-02-15 19:05:57 +01:00
|
|
|
// Delete attachment
|
2018-02-15 00:40:34 +01:00
|
|
|
attachment.delete(&conn);
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
Ok(())
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/ciphers/<uuid>")]
|
|
|
|
fn post_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
put_cipher(uuid, headers, conn)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[put("/ciphers/<uuid>")]
|
2018-02-15 19:05:57 +01:00
|
|
|
fn put_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
|
|
|
|
err!("Not implemented")
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
#[delete("/ciphers/<uuid>")]
|
2018-02-15 19:05:57 +01:00
|
|
|
fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
|
|
|
|
let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
|
|
|
|
Some(cipher) => cipher,
|
|
|
|
None => err!("Cipher doesn't exist")
|
|
|
|
};
|
|
|
|
|
|
|
|
if cipher.user_uuid != headers.user.uuid {
|
|
|
|
err!("Cipher is not owned by user")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete attachments
|
|
|
|
for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }
|
|
|
|
|
|
|
|
// Delete cipher
|
|
|
|
cipher.delete(&conn);
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
#[post("/ciphers/delete", data = "<data>")]
|
2018-02-15 19:05:57 +01:00
|
|
|
fn delete_all(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
|
2018-02-10 01:00:55 +01:00
|
|
|
let password_hash = data["masterPasswordHash"].as_str().unwrap();
|
|
|
|
|
|
|
|
let user = headers.user;
|
|
|
|
|
|
|
|
if !user.check_valid_password(password_hash) {
|
|
|
|
err!("Invalid password")
|
|
|
|
}
|
|
|
|
|
2018-02-15 19:05:57 +01:00
|
|
|
// Delete ciphers and their attachments
|
|
|
|
for cipher in Cipher::find_by_user(&user.uuid, &conn) {
|
|
|
|
for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 19:05:57 +01:00
|
|
|
cipher.delete(&conn);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete folders
|
|
|
|
for f in Folder::find_by_user(&user.uuid, &conn) { f.delete(&conn); }
|
|
|
|
|
|
|
|
Ok(())
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|