mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-02-28 07:13:12 +08:00
9017ca265a
* Optimizations and build speedup With this commit I have changed several components to be more efficient. This can be less llvm-lines generated or less `clone()` calls. ### Config - Re-ordered the `make_config` macro to be more efficient - Created a custom Deserializer for `ConfigBuilder` less code and more efficient - Use struct's for the `prepare_json` function instead of generating a custom JSON object. This generates less code and is more efficient. - Updated the `get_support_string` function to handle the masking differently. This generates less code and also was able to remove some sub-macro-calls ### Error - Added an extra new call to prevent duplicate Strings in generated macro code. This generated less llvm-lines and seems to be more efficient. - Created a custom Serializer for `ApiError` and `CompactApiError` This makes that struct smaller in size, so better for memory, but also less llvm-lines. ### General - Removed `once_lock` and replace it all with Rust's std LazyLock - Added and fixed some Clippy lints which reduced `clone()` calls for example. - Updated build profiles for more efficiency Also added a new profile specifically for CI, which should decrease the build check - Updated several GitHub Workflows for better security and use the new `ci` build profile - Updated to Rust v1.90.0 which uses a new linker `rust-lld` which should help in faster building - Updated the Cargo.toml for all crates to better use the `workspace` variables - Added a `typos` Workflow and Pre-Commit, which should help in detecting spell error's. Also fixed a few found by it. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix release profile Signed-off-by: BlackDex <black.dex@gmail.com> * Update typos and remove mimalloc check from pre-commit checks Signed-off-by: BlackDex <black.dex@gmail.com> * Misc fixes and updated typos Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates and workflows Signed-off-by: BlackDex <black.dex@gmail.com> * Fix formating and pre-commit Signed-off-by: BlackDex <black.dex@gmail.com> * Update to Rust v1.91 and update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Update web-vault to v2025.10.1 and xx to v1.8.0 Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
251 lines
8.2 KiB
Rust
251 lines
8.2 KiB
Rust
use bigdecimal::{BigDecimal, ToPrimitive};
|
|
use derive_more::{AsRef, Deref, Display};
|
|
use diesel::prelude::*;
|
|
use serde_json::Value;
|
|
use std::time::Duration;
|
|
|
|
use super::{CipherId, OrganizationId, UserId};
|
|
use crate::db::schema::{attachments, ciphers};
|
|
use crate::{config::PathType, CONFIG};
|
|
use macros::IdFromParam;
|
|
|
|
#[derive(Identifiable, Queryable, Insertable, AsChangeset)]
|
|
#[diesel(table_name = attachments)]
|
|
#[diesel(treat_none_as_null = true)]
|
|
#[diesel(primary_key(id))]
|
|
pub struct Attachment {
|
|
pub id: AttachmentId,
|
|
pub cipher_uuid: CipherId,
|
|
pub file_name: String, // encrypted
|
|
pub file_size: i64,
|
|
pub akey: Option<String>,
|
|
}
|
|
|
|
/// Local methods
|
|
impl Attachment {
|
|
pub const fn new(
|
|
id: AttachmentId,
|
|
cipher_uuid: CipherId,
|
|
file_name: String,
|
|
file_size: i64,
|
|
akey: Option<String>,
|
|
) -> Self {
|
|
Self {
|
|
id,
|
|
cipher_uuid,
|
|
file_name,
|
|
file_size,
|
|
akey,
|
|
}
|
|
}
|
|
|
|
pub fn get_file_path(&self) -> String {
|
|
format!("{}/{}", self.cipher_uuid, self.id)
|
|
}
|
|
|
|
pub async fn get_url(&self, host: &str) -> Result<String, crate::Error> {
|
|
let operator = CONFIG.opendal_operator_for_path_type(&PathType::Attachments)?;
|
|
|
|
if operator.info().scheme() == opendal::Scheme::Fs {
|
|
let token = encode_jwt(&generate_file_download_claims(self.cipher_uuid.clone(), self.id.clone()));
|
|
Ok(format!("{host}/attachments/{}/{}?token={token}", self.cipher_uuid, self.id))
|
|
} else {
|
|
Ok(operator.presign_read(&self.get_file_path(), Duration::from_secs(5 * 60)).await?.uri().to_string())
|
|
}
|
|
}
|
|
|
|
pub async fn to_json(&self, host: &str) -> Result<Value, crate::Error> {
|
|
Ok(json!({
|
|
"id": self.id,
|
|
"url": self.get_url(host).await?,
|
|
"fileName": self.file_name,
|
|
"size": self.file_size.to_string(),
|
|
"sizeName": crate::util::get_display_size(self.file_size),
|
|
"key": self.akey,
|
|
"object": "attachment"
|
|
}))
|
|
}
|
|
}
|
|
|
|
use crate::auth::{encode_jwt, generate_file_download_claims};
|
|
use crate::db::DbConn;
|
|
|
|
use crate::api::EmptyResult;
|
|
use crate::error::MapResult;
|
|
|
|
/// Database methods
|
|
impl Attachment {
|
|
pub async fn save(&self, conn: &DbConn) -> EmptyResult {
|
|
db_run! { conn:
|
|
sqlite, mysql {
|
|
match diesel::replace_into(attachments::table)
|
|
.values(self)
|
|
.execute(conn)
|
|
{
|
|
Ok(_) => Ok(()),
|
|
// Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.
|
|
Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {
|
|
diesel::update(attachments::table)
|
|
.filter(attachments::id.eq(&self.id))
|
|
.set(self)
|
|
.execute(conn)
|
|
.map_res("Error saving attachment")
|
|
}
|
|
Err(e) => Err(e.into()),
|
|
}.map_res("Error saving attachment")
|
|
}
|
|
postgresql {
|
|
diesel::insert_into(attachments::table)
|
|
.values(self)
|
|
.on_conflict(attachments::id)
|
|
.do_update()
|
|
.set(self)
|
|
.execute(conn)
|
|
.map_res("Error saving attachment")
|
|
}
|
|
}
|
|
}
|
|
|
|
pub async fn delete(&self, conn: &DbConn) -> EmptyResult {
|
|
db_run! { conn: {
|
|
crate::util::retry(||
|
|
diesel::delete(attachments::table.filter(attachments::id.eq(&self.id)))
|
|
.execute(conn),
|
|
10,
|
|
)
|
|
.map(|_| ())
|
|
.map_res("Error deleting attachment")
|
|
}}?;
|
|
|
|
let operator = CONFIG.opendal_operator_for_path_type(&PathType::Attachments)?;
|
|
let file_path = self.get_file_path();
|
|
|
|
if let Err(e) = operator.delete(&file_path).await {
|
|
if e.kind() == opendal::ErrorKind::NotFound {
|
|
debug!("File '{file_path}' already deleted.");
|
|
} else {
|
|
return Err(e.into());
|
|
}
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
pub async fn delete_all_by_cipher(cipher_uuid: &CipherId, conn: &DbConn) -> EmptyResult {
|
|
for attachment in Attachment::find_by_cipher(cipher_uuid, conn).await {
|
|
attachment.delete(conn).await?;
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
pub async fn find_by_id(id: &AttachmentId, conn: &DbConn) -> Option<Self> {
|
|
db_run! { conn: {
|
|
attachments::table
|
|
.filter(attachments::id.eq(id.to_lowercase()))
|
|
.first::<Self>(conn)
|
|
.ok()
|
|
}}
|
|
}
|
|
|
|
pub async fn find_by_cipher(cipher_uuid: &CipherId, conn: &DbConn) -> Vec<Self> {
|
|
db_run! { conn: {
|
|
attachments::table
|
|
.filter(attachments::cipher_uuid.eq(cipher_uuid))
|
|
.load::<Self>(conn)
|
|
.expect("Error loading attachments")
|
|
}}
|
|
}
|
|
|
|
pub async fn size_by_user(user_uuid: &UserId, conn: &DbConn) -> i64 {
|
|
db_run! { conn: {
|
|
let result: Option<BigDecimal> = attachments::table
|
|
.left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
|
|
.filter(ciphers::user_uuid.eq(user_uuid))
|
|
.select(diesel::dsl::sum(attachments::file_size))
|
|
.first(conn)
|
|
.expect("Error loading user attachment total size");
|
|
|
|
match result.map(|r| r.to_i64()) {
|
|
Some(Some(r)) => r,
|
|
Some(None) => i64::MAX,
|
|
None => 0
|
|
}
|
|
}}
|
|
}
|
|
|
|
pub async fn count_by_user(user_uuid: &UserId, conn: &DbConn) -> i64 {
|
|
db_run! { conn: {
|
|
attachments::table
|
|
.left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
|
|
.filter(ciphers::user_uuid.eq(user_uuid))
|
|
.count()
|
|
.first(conn)
|
|
.unwrap_or(0)
|
|
}}
|
|
}
|
|
|
|
pub async fn size_by_org(org_uuid: &OrganizationId, conn: &DbConn) -> i64 {
|
|
db_run! { conn: {
|
|
let result: Option<BigDecimal> = attachments::table
|
|
.left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
|
|
.filter(ciphers::organization_uuid.eq(org_uuid))
|
|
.select(diesel::dsl::sum(attachments::file_size))
|
|
.first(conn)
|
|
.expect("Error loading user attachment total size");
|
|
|
|
match result.map(|r| r.to_i64()) {
|
|
Some(Some(r)) => r,
|
|
Some(None) => i64::MAX,
|
|
None => 0
|
|
}
|
|
}}
|
|
}
|
|
|
|
pub async fn count_by_org(org_uuid: &OrganizationId, conn: &DbConn) -> i64 {
|
|
db_run! { conn: {
|
|
attachments::table
|
|
.left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
|
|
.filter(ciphers::organization_uuid.eq(org_uuid))
|
|
.count()
|
|
.first(conn)
|
|
.unwrap_or(0)
|
|
}}
|
|
}
|
|
|
|
// This will return all attachments linked to the user or org
|
|
// There is no filtering done here if the user actually has access!
|
|
// It is used to speed up the sync process, and the matching is done in a different part.
|
|
pub async fn find_all_by_user_and_orgs(
|
|
user_uuid: &UserId,
|
|
org_uuids: &Vec<OrganizationId>,
|
|
conn: &DbConn,
|
|
) -> Vec<Self> {
|
|
db_run! { conn: {
|
|
attachments::table
|
|
.left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
|
|
.filter(ciphers::user_uuid.eq(user_uuid))
|
|
.or_filter(ciphers::organization_uuid.eq_any(org_uuids))
|
|
.select(attachments::all_columns)
|
|
.load::<Self>(conn)
|
|
.expect("Error loading attachments")
|
|
}}
|
|
}
|
|
}
|
|
|
|
#[derive(
|
|
Clone,
|
|
Debug,
|
|
AsRef,
|
|
Deref,
|
|
DieselNewType,
|
|
Display,
|
|
FromForm,
|
|
Hash,
|
|
PartialEq,
|
|
Eq,
|
|
Serialize,
|
|
Deserialize,
|
|
IdFromParam,
|
|
)]
|
|
pub struct AttachmentId(pub String);
|