Commit Graph

71 Commits

Author SHA1 Message Date
Jake Howard 690d0ed1bb
Add our own HTTP date formatter 2021-12-29 16:21:28 +00:00
Jake Howard 248e7dabc2
Collapse field name definition
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2021-12-28 21:54:09 +00:00
Jake Howard 4584cfe3c1
Additionally set expires header when caching responses
Browsers are rather smart, but also dumb. This uses the `Expires` header
alongside `cache-control` to better prompt the browser to actually
cache.

Unfortunately, firefox still tries to "race" its own cache, in an
attempt to respond to requests faster, so still ends up making a bunch
of requests which could have been cached. Doesn't appear there's any way
around this.
2021-12-28 16:24:47 +00:00
BlackDex c453528dc1
Macro recursion decrease and other optimizations
- Decreased `recursion_limit` from 512 to 87
  Mainly done by optimizing the config macro's.
  This fixes an issue with the rust-analyzer which doesn't go beyond 128
- Removed Regex for masking sensitive values and replaced it with a map()
  This is much faster then using a Regex.
- Refactored the get_support_json macro's
- All items above also lowered the binary size and possibly compile-time
- Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all
- Decreased json response for `/plans`
- Updated libraries and where needed some code changes
  This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678
- Using Rust 2021 instead of 2018
- Updated rust nightly
2021-11-06 17:44:53 +01:00
BlackDex 338756550a
Fix error reporting in admin and some small fixes
- Fixed a bug in JavaScript which caused no messages to be shown to the
user in-case of an error send by the server.
- Changed mail error handling for better error messages
- Changed user/org actions from a to buttons, this should prevent
strange issues in-case of javascript issues and the page does re-load.
- Added Alpine and Debian info for the running docker image

During the mail error testing i encountered a bug which caused lettre to
panic. This panic only happens on debug builds and not release builds,
so no need to update anything on that part. This bug is also already
fixed. See https://github.com/lettre/lettre/issues/678 and https://github.com/lettre/lettre/pull/679

Resolves #2021
Could also fix the issue reported here #2022, or at least no hash `#` in
the url.
2021-10-08 00:01:24 +02:00
Daniel García 7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors 2021-07-15 19:20:19 +02:00
Daniel García e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf 2021-07-15 19:15:55 +02:00
Kaito Udagawa c640abbcd7
Update src/util.rs
Co-authored-by: William Desportes <williamdes@wdes.fr>
2021-07-08 02:55:58 +09:00
Kaito Udagawa 13598c098f Add links to browser extensions 2021-07-08 02:52:45 +09:00
Kaito Udagawa a622b4d2fb Add Edge's frame-ancestors
Edge's frame-ancestors are required for Edge extension to do WebAuthn.
2021-07-08 01:19:52 +09:00
Daniel García 46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García 34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Daniel García 305de2e2cd
Format the changes from merge to master 2021-04-15 18:30:23 +02:00
Daniel García 95d906bdbb
Merge branch 'master' into fmt 2021-04-15 18:24:04 +02:00
Jake Howard 3ab90259f2
Modify rustfmt file 2021-04-06 21:54:42 +01:00
Jake Howard 155109dea1
Extract client creation to a single place 2021-04-06 21:04:37 +01:00
Jake Howard 0af3956abd
Run `cargo fmt` on codebase 2021-03-31 21:18:35 +01:00
Daniel García fd27759a95
Merge pull request #1546 from RealOrangeOne/clippy-run
Run Clippy
2021-03-28 16:04:09 +02:00
Jake Howard 49af9cf4f5
Correctly camelCase acronyms
https://rust-lang.github.io/rust-clippy/master/index.html#upper_case_acronyms
2021-03-27 14:26:32 +00:00
Jake Howard 131348a49f
Add immutable caching for vault assets
The URLs are cachebusted, so updates will still be applied cleanly and immediately
2021-03-27 13:37:56 +00:00
Jake Howard b22564cb00
Cache icons on the client
This should make the vault pages load much faster, and massively reduce the number of requests.
2021-03-27 13:30:40 +00:00
Jeremy Lin 7d0e234b34 CORS fixes
* The Safari extension apparently now uses the origin `file://` and expects
  that to be returned (see bitwarden/browser#1311, bitwarden/server#800).

* The `Access-Control-Allow-Origin` header was reflecting the value of the
  `Origin` header without checking whether the origin was actually allowed.
  This effectively allows any origin to interact with the server, which
  defeats the purpose of CORS.
2021-03-07 00:35:08 -08:00
Jeremy Lin 513056f711 Check for data folder on startup
Currently, when starting up for the first time (running standalone, outside
of Docker), bitwarden_rs panics when the `openssl` tool isn't able to create
`data/rsa_key.pem` due to the `data` dir not existing. Instead, print a more
helpful error message telling the user to create the directory.
2021-02-28 01:45:05 -08:00
Jeremy Lin e37ff60617 Change `twofactorauth.org` to `2fa.directory`
The `twofactorauth.org` has apparently been sold to some company for
marketing purposes.
2021-02-23 18:51:07 -08:00
Jeremy Lin 455a23361f Clean up datetime output and code
* For clarity, add `UTC` suffix for datetimes in the `Diagnostics` admin tab.
* Format datetimes in the local timezone in the `Users` admin tab.
* Refactor some datetime code and add doc comments.
2020-12-13 19:49:22 -08:00
janost e8ef76b8f9 Read config vars from files 2020-11-29 02:31:49 +01:00
Daniel García 729c9cff41
Retry initial db connection, with adjustable option 2020-10-03 22:32:00 +02:00
Jeremy Lin de70fbf88a Use `strip_prefix()` instead of `trim_start_matches()` as appropriate
As of Rust 1.45.0, `strip_prefix()` is now stable.
2020-07-20 22:33:13 -07:00
Daniel García 668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
fdeĉ 4c3727b4a3 use format! for rounding to fix arm issue 2020-05-22 12:10:56 +02:00
Daniel García a8870eef0d
Convert to f32 before rounding to fix arm issue 2020-05-20 17:58:39 +02:00
Daniel García 9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
2020-02-18 21:27:00 -08:00
Daniel García 8867626de8
Add option to change invitation org name, fixes #825
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
2020-02-04 22:14:50 +01:00
Daniel García d212dfe735
Accept y/n, True/False, 1/0 as booleans in environment vars 2020-01-20 22:28:54 +01:00
Daniel García 36ae946655
Avoid some to_string in the request logging and include message to disable web vault when not found. 2019-12-29 15:34:22 +01:00
Daniel García 2545469713
Fix crash when page URL points to huge file 2019-12-19 00:37:16 +01:00
Daniel García a03db6d224
Also hide options requests, unless using debug or trace 2019-12-06 22:55:29 +01:00
Daniel García 8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative.
Use LOG_LEVEL debug or trace to recover them.

Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.

Removed duplicate error messages

Made websocket not proxied message more prominent, but only print it once.
2019-12-06 22:46:12 +01:00
vpl 7b1da527a6 Change CORS headers
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
2019-10-01 20:12:33 +02:00
vpl 56f12dc982 Use Access-Control-Allow-Method 2019-09-23 07:44:44 +02:00
vpl 5a2f968d7a Set correct response headers, status code 2019-09-02 21:13:12 +02:00
vpl 16d88402cb Initial version of CORS support 2019-09-01 13:00:12 +02:00
Daniel García 4689ed7b30
Changed uppercase deserializer to avoid a clone. 2019-03-18 22:02:37 +01:00
Daniel García 5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García 877408b808
Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García 86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García 834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
TBK d8116a80df Add Feature-Policy header 2019-01-17 21:08:31 +01:00