diff options
| author | Daniel García <[email protected]> | 2023-07-03 19:58:14 +0200 |
|---|---|---|
| committer | Daniel García <[email protected]> | 2023-07-03 19:58:14 +0200 |
| commit | 60964c07e6d178ae632d821e5698eee681f3d3c7 (patch) | |
| tree | 81316d5bc4f7f8efe7e0892286a2fd8ceb74fc0e /src/auth.rs | |
| parent | e7f083dee9743bfe4937f5c8149fa9d8383edb96 (diff) | |
| download | vaultwarden-60964c07e6d178ae632d821e5698eee681f3d3c7.tar.gz vaultwarden-60964c07e6d178ae632d821e5698eee681f3d3c7.zip | |
Add some extra access checks for attachments and groups
Diffstat (limited to 'src/auth.rs')
| -rw-r--r-- | src/auth.rs | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/auth.rs b/src/auth.rs index 6b01a4d4..6879bb6e 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -24,6 +24,7 @@ static JWT_VERIFYEMAIL_ISSUER: Lazy<String> = Lazy::new(|| format!("{}|verifyema static JWT_ADMIN_ISSUER: Lazy<String> = Lazy::new(|| format!("{}|admin", CONFIG.domain_origin())); static JWT_SEND_ISSUER: Lazy<String> = Lazy::new(|| format!("{}|send", CONFIG.domain_origin())); static JWT_ORG_API_KEY_ISSUER: Lazy<String> = Lazy::new(|| format!("{}|api.organization", CONFIG.domain_origin())); +static JWT_FILE_DOWNLOAD_ISSUER: Lazy<String> = Lazy::new(|| format!("{}|file_download", CONFIG.domain_origin())); static PRIVATE_RSA_KEY: Lazy<EncodingKey> = Lazy::new(|| { let key = @@ -98,6 +99,10 @@ pub fn decode_api_org(token: &str) -> Result<OrgApiKeyLoginJwtClaims, Error> { decode_jwt(token, JWT_ORG_API_KEY_ISSUER.to_string()) } +pub fn decode_file_download(token: &str) -> Result<FileDownloadClaims, Error> { + decode_jwt(token, JWT_FILE_DOWNLOAD_ISSUER.to_string()) +} + #[derive(Debug, Serialize, Deserialize)] pub struct LoginJwtClaims { // Not before @@ -235,6 +240,31 @@ pub fn generate_organization_api_key_login_claims(uuid: String, org_id: String) } #[derive(Debug, Serialize, Deserialize)] +pub struct FileDownloadClaims { + // Not before + pub nbf: i64, + // Expiration time + pub exp: i64, + // Issuer + pub iss: String, + // Subject + pub sub: String, + + pub file_id: String, +} + +pub fn generate_file_download_claims(uuid: String, file_id: String) -> FileDownloadClaims { + let time_now = Utc::now().naive_utc(); + FileDownloadClaims { + nbf: time_now.timestamp(), + exp: (time_now + Duration::minutes(5)).timestamp(), + iss: JWT_FILE_DOWNLOAD_ISSUER.to_string(), + sub: uuid, + file_id, + } +} + +#[derive(Debug, Serialize, Deserialize)] pub struct BasicJwtClaims { // Not before pub nbf: i64, |