diff options
author | Daniel García <[email protected]> | 2024-11-10 23:59:06 +0100 |
---|---|---|
committer | Daniel García <[email protected]> | 2024-11-10 23:59:06 +0100 |
commit | 38aad4f7bedfb4279ecb385e036b1d84f3d59483 (patch) | |
tree | 53c284490db3f4ce154434f7ae2a99758d3871cb | |
parent | 20d9e885bfcd7df7828d92c6e59ed5fe7b40a879 (diff) | |
download | vaultwarden-38aad4f7bedfb4279ecb385e036b1d84f3d59483.tar.gz vaultwarden-38aad4f7bedfb4279ecb385e036b1d84f3d59483.zip |
Limit HIBP to authed users1.32.4
-rw-r--r-- | src/api/core/mod.rs | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 4ac6b777..1638afe5 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -135,13 +135,13 @@ async fn put_eq_domains(data: Json<EquivDomainData>, headers: Headers, conn: DbC } #[get("/hibp/breach?<username>")] -async fn hibp_breach(username: &str) -> JsonResult { - let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect(); - let url = format!( - "https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false" - ); - +async fn hibp_breach(username: &str, _headers: Headers) -> JsonResult { if let Some(api_key) = crate::CONFIG.hibp_api_key() { + let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect(); + let url = format!( + "https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false" + ); + let res = make_http_request(Method::GET, &url)?.header("hibp-api-key", api_key).send().await?; // If we get a 404, return a 404, it means no breached accounts |