2018-02-10 01:00:55 +01:00
use std ::path ::{ Path , PathBuf } ;
2021-11-07 18:53:39 +01:00
use rocket ::serde ::json ::Json ;
use rocket ::{ fs ::NamedFile , http ::ContentType , Route } ;
2018-10-10 20:40:39 +02:00
use serde_json ::Value ;
2018-02-10 01:00:55 +01:00
2021-07-15 21:52:17 +02:00
use crate ::{
2022-04-24 08:47:49 +02:00
api ::core ::now ,
2021-07-15 21:52:17 +02:00
error ::Error ,
util ::{ Cached , SafeString } ,
CONFIG ,
} ;
2018-02-10 01:00:55 +01:00
pub fn routes ( ) -> Vec < Route > {
2019-12-27 18:37:14 +01:00
// If addding more routes here, consider also adding them to
2019-12-06 22:19:07 +01:00
// crate::utils::LOGGED_ROUTES to make sure they appear in the log
2019-01-25 18:23:51 +01:00
if CONFIG . web_vault_enabled ( ) {
2021-06-25 20:33:51 +02:00
routes! [ web_index , app_id , web_files , attachments , alive , static_files ]
2018-06-12 21:09:42 +02:00
} else {
2019-08-31 17:25:31 +02:00
routes! [ attachments , alive , static_files ]
2018-06-12 21:09:42 +02:00
}
2018-02-10 01:00:55 +01:00
}
#[ get( " / " ) ]
2021-11-07 18:53:39 +01:00
async fn web_index ( ) -> Cached < Option < NamedFile > > {
Cached ::short ( NamedFile ::open ( Path ::new ( & CONFIG . web_vault_folder ( ) ) . join ( " index.html " ) ) . await . ok ( ) , false )
2018-02-10 01:00:55 +01:00
}
2018-07-12 21:46:50 +02:00
#[ get( " /app-id.json " ) ]
2021-11-07 18:53:39 +01:00
fn app_id ( ) -> Cached < ( ContentType , Json < Value > ) > {
2018-07-13 15:05:00 +02:00
let content_type = ContentType ::new ( " application " , " fido.trusted-apps+json " ) ;
2021-12-28 17:24:42 +01:00
Cached ::long (
2021-11-07 18:53:39 +01:00
(
2021-12-28 17:24:42 +01:00
content_type ,
Json ( json! ( {
" trustedFacets " : [
{
" version " : { " major " : 1 , " minor " : 0 } ,
" ids " : [
// Per <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application>:
//
// "In the Web case, the FacetID MUST be the Web Origin [RFC6454]
// of the web page triggering the FIDO operation, written as
// a URI with an empty path. Default ports are omitted and any
// path component is ignored."
//
// This leaves it unclear as to whether the path must be empty,
// or whether it can be non-empty and will be ignored. To be on
// the safe side, use a proper web origin (with empty path).
& CONFIG . domain_origin ( ) ,
" ios:bundle-id:com.8bit.bitwarden " ,
" android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI " ]
} ]
} ) ) ,
) ,
true ,
)
2018-07-12 21:46:50 +02:00
}
2019-01-19 21:36:34 +01:00
#[ get( " /<p..> " , rank = 10) ] // Only match this if the other routes don't match
2021-11-07 18:53:39 +01:00
async fn web_files ( p : PathBuf ) -> Cached < Option < NamedFile > > {
Cached ::long ( NamedFile ::open ( Path ::new ( & CONFIG . web_vault_folder ( ) ) . join ( p ) ) . await . ok ( ) , true )
2018-02-10 01:00:55 +01:00
}
2021-05-16 07:46:57 +02:00
#[ get( " /attachments/<uuid>/<file_id> " ) ]
2021-11-07 18:53:39 +01:00
async fn attachments ( uuid : SafeString , file_id : SafeString ) -> Option < NamedFile > {
NamedFile ::open ( Path ::new ( & CONFIG . attachments_folder ( ) ) . join ( uuid ) . join ( file_id ) ) . await . ok ( )
2018-02-10 01:00:55 +01:00
}
2021-10-09 14:16:27 +02:00
// We use DbConn here to let the alive healthcheck also verify the database connection.
use crate ::db ::DbConn ;
2018-02-10 01:00:55 +01:00
#[ get( " /alive " ) ]
2021-10-09 14:16:27 +02:00
fn alive ( _conn : DbConn ) -> Json < String > {
2022-04-24 08:47:49 +02:00
now ( )
2018-02-10 01:00:55 +01:00
}
2019-02-16 03:44:30 +01:00
2022-01-23 23:40:59 +01:00
#[ get( " /vw_static/<filename> " ) ]
2021-11-07 18:53:39 +01:00
fn static_files ( filename : String ) -> Result < ( ContentType , & 'static [ u8 ] ) , Error > {
2019-02-16 03:44:30 +01:00
match filename . as_ref ( ) {
2021-11-07 18:53:39 +01:00
" mail-github.png " = > Ok ( ( ContentType ::PNG , include_bytes! ( " ../static/images/mail-github.png " ) ) ) ,
" logo-gray.png " = > Ok ( ( ContentType ::PNG , include_bytes! ( " ../static/images/logo-gray.png " ) ) ) ,
" error-x.svg " = > Ok ( ( ContentType ::SVG , include_bytes! ( " ../static/images/error-x.svg " ) ) ) ,
" hibp.png " = > Ok ( ( ContentType ::PNG , include_bytes! ( " ../static/images/hibp.png " ) ) ) ,
" vaultwarden-icon.png " = > Ok ( ( ContentType ::PNG , include_bytes! ( " ../static/images/vaultwarden-icon.png " ) ) ) ,
" bootstrap.css " = > Ok ( ( ContentType ::CSS , include_bytes! ( " ../static/scripts/bootstrap.css " ) ) ) ,
" bootstrap-native.js " = > Ok ( ( ContentType ::JavaScript , include_bytes! ( " ../static/scripts/bootstrap-native.js " ) ) ) ,
" identicon.js " = > Ok ( ( ContentType ::JavaScript , include_bytes! ( " ../static/scripts/identicon.js " ) ) ) ,
" datatables.js " = > Ok ( ( ContentType ::JavaScript , include_bytes! ( " ../static/scripts/datatables.js " ) ) ) ,
" datatables.css " = > Ok ( ( ContentType ::CSS , include_bytes! ( " ../static/scripts/datatables.css " ) ) ) ,
2022-09-06 17:14:16 +02:00
" jquery-3.6.1.slim.js " = > {
Ok ( ( ContentType ::JavaScript , include_bytes! ( " ../static/scripts/jquery-3.6.1.slim.js " ) ) )
2021-04-06 22:54:42 +02:00
}
2020-02-19 06:27:00 +01:00
_ = > err! ( format! ( " Static file not found: {} " , filename ) ) ,
2019-02-16 03:44:30 +01:00
}
2019-12-27 18:37:14 +01:00
}