diff options
| author | Daniel GarcĂa <[email protected]> | 2024-07-12 22:33:11 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-07-12 22:33:11 +0200 |
| commit | 035f694d2f94df5203bec6c0af951f78fcc888c2 (patch) | |
| tree | c97b00c905735f11abae9ae621a93303288eca5a /src/config.rs | |
| parent | a4ab014ade53e4e60bda0b9cbce3af9de7eac753 (diff) | |
| download | vaultwarden-035f694d2f94df5203bec6c0af951f78fcc888c2.tar.gz vaultwarden-035f694d2f94df5203bec6c0af951f78fcc888c2.zip | |
Improved HTTP client (#4740)
* Improved HTTP client
* Change config compat to use auto, rename blacklist
* Fix wrong doc references
Diffstat (limited to 'src/config.rs')
| -rw-r--r-- | src/config.rs | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/config.rs b/src/config.rs index 489a229d..7beb86ab 100644 --- a/src/config.rs +++ b/src/config.rs @@ -146,6 +146,12 @@ macro_rules! make_config { config.signups_domains_whitelist = config.signups_domains_whitelist.trim().to_lowercase(); config.org_creation_users = config.org_creation_users.trim().to_lowercase(); + + // Copy the values from the deprecated flags to the new ones + if config.http_request_block_regex.is_none() { + config.http_request_block_regex = config.icon_blacklist_regex.clone(); + } + config } } @@ -531,12 +537,18 @@ make_config! { icon_cache_negttl: u64, true, def, 259_200; /// Icon download timeout |> Number of seconds when to stop attempting to download an icon. icon_download_timeout: u64, true, def, 10; - /// Icon blacklist Regex |> Any domains or IPs that match this regex won't be fetched by the icon service. + + /// [Deprecated] Icon blacklist Regex |> Use `http_request_block_regex` instead + icon_blacklist_regex: String, false, option; + /// [Deprecated] Icon blacklist non global IPs |> Use `http_request_block_non_global_ips` instead + icon_blacklist_non_global_ips: bool, false, def, true; + + /// Block HTTP domains/IPs by Regex |> Any domains or IPs that match this regex won't be fetched by the internal HTTP client. /// Useful to hide other servers in the local network. Check the WIKI for more details - icon_blacklist_regex: String, true, option; - /// Icon blacklist non global IPs |> Any IP which is not defined as a global IP will be blacklisted. + http_request_block_regex: String, true, option; + /// Block non global IPs |> Enabling this will cause the internal HTTP client to refuse to connect to any non global IP address. /// Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block - icon_blacklist_non_global_ips: bool, true, def, true; + http_request_block_non_global_ips: bool, true, auto, |c| c.icon_blacklist_non_global_ips; /// Disable Two-Factor remember |> Enabling this would force the users to use a second factor to login every time. /// Note that the checkbox would still be present, but ignored. @@ -899,12 +911,12 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { err!("To use email 2FA as automatic fallback, email 2fa has to be enabled!"); } - // Check if the icon blacklist regex is valid - if let Some(ref r) = cfg.icon_blacklist_regex { + // Check if the HTTP request block regex is valid + if let Some(ref r) = cfg.http_request_block_regex { let validate_regex = regex::Regex::new(r); match validate_regex { Ok(_) => (), - Err(e) => err!(format!("`ICON_BLACKLIST_REGEX` is invalid: {e:#?}")), + Err(e) => err!(format!("`HTTP_REQUEST_BLOCK_REGEX` is invalid: {e:#?}")), } } |