Merge ea78965651 into 0fe93edea6

Allow to override log level for specific target
Some fixes for the new mobile apps (#4526 )
2024-04-28 07:50:21 +00:00 · 2024-04-28 09:50:18 +02:00 · 2024-04-27 23:24:04 +02:00
7 changed files with 83 additions and 26 deletions
--- a/.env.template
+++ b/.env.template
@ -366,6 +366,13 @@
 ## routes and static file, websocket and alive requests
 # LOG_LEVEL=info

+## log level target override
+## Change the verbosity of specific log output
+## Format is a line for each "target=log_level"
+#LOG_LEVEL_OVERRIDE="
+#routes=warn
+#"
+
 ## Token for the admin interface, preferably an Argon2 PCH string
 ## Vaultwarden has a built-in generator by calling `vaultwarden hash`
 ## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@ -10,6 +10,7 @@ use rocket::{
 };
 use serde_json::Value;

+use crate::util::NumberOrString;
 use crate::{
    api::{self, core::log_event, EmptyResult, JsonResult, JsonUpcase, Notify, PasswordOrOtpData, UpdateType},
    auth::Headers,
@ -964,7 +965,7 @@ async fn get_attachment(uuid: &str, attachment_id: &str, headers: Headers, mut c
 struct AttachmentRequestData {
    Key: String,
    FileName: String,
-    FileSize: i64,
+    FileSize: NumberOrString,
    AdminRequest: Option<bool>, // true when attaching from an org vault view
 }

@ -994,12 +995,14 @@ async fn post_attachment_v2(
    }

    let data: AttachmentRequestData = data.into_inner().data;
-    if data.FileSize < 0 {
+    let file_size = data.FileSize.into_i64()?;
+
+    if file_size < 0 {
        err!("Attachment size can't be negative")
    }
    let attachment_id = crypto::generate_attachment_id();
    let attachment =
-        Attachment::new(attachment_id.clone(), cipher.uuid.clone(), data.FileName, data.FileSize, Some(data.Key));
+        Attachment::new(attachment_id.clone(), cipher.uuid.clone(), data.FileName, file_size, Some(data.Key));
    attachment.save(&mut conn).await.expect("Error saving attachment");

    let url = format!("/ciphers/{}/attachment/{}", cipher.uuid, attachment_id);
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -295,7 +295,12 @@ async fn _password_login(
        "KdfIterations": user.client_kdf_iter,
        "KdfMemory": user.client_kdf_memory,
        "KdfParallelism": user.client_kdf_parallelism,
-        "ResetMasterPassword": false,// TODO: Same as above
+        "ResetMasterPassword": false, // TODO: Same as above
+        "ForcePasswordReset": false,
+        "MasterPasswordPolicy": {
+            "object": "masterPasswordPolicy",
+        },
+
        "scope": scope,
        "unofficialServer": true,
        "UserDecryptionOptions": {
--- a/src/config.rs
+++ b/src/config.rs
@ -1,8 +1,10 @@
 use std::env::consts::EXE_SUFFIX;
 use std::process::exit;
+use std::str::FromStr;
 use std::sync::RwLock;

 use job_scheduler_ng::Schedule;
+use log::LevelFilter;
 use once_cell::sync::Lazy;
 use reqwest::Url;

@ -566,6 +568,8 @@ make_config! {
        log_file:               String, false,  option;
        /// Log level
        log_level:              String, false,  def,    "Info".to_string();
+        /// Override individual log level
+        log_level_override:     String, false,  def,    String::new();

        /// Enable DB WAL |> Turning this off might lead to worse performance, but might help if using vaultwarden on some exotic filesystems,
        /// that do not support WAL. Please make sure you read project wiki on the topic before changing this setting.
@ -1060,6 +1064,26 @@ fn smtp_convert_deprecated_ssl_options(smtp_ssl: Option<bool>, smtp_explicit_tls
    "starttls".to_string()
 }

+/// Allow to parse a multiline list of Key/Values (`key=value`)
+/// Will ignore comment lines (starting with `//`)
+fn parse_param_list(config: String) -> Vec<(String, String)> {
+    config
+        .lines()
+        .map(|l| l.trim())
+        .filter(|l| !l.is_empty() && !l.starts_with("//"))
+        .filter_map(|l| {
+            let split = l.split('=').collect::<Vec<&str>>();
+            match &split[..] {
+                [key, value] => Some(((*key).to_string(), (*value).to_string())),
+                _ => {
+                    println!("[WARNING] Failed to parse ({l}). Expected key=value");
+                    None
+                }
+            }
+        })
+        .collect()
+}
+
 impl Config {
    pub fn load() -> Result<Self, Error> {
        // Loading from env and file
@ -1249,6 +1273,19 @@ impl Config {
            }
        }
    }
+
+    pub fn log_overrides(&self) -> Vec<(String, LevelFilter)> {
+        parse_param_list(self.log_level_override())
+            .into_iter()
+            .filter_map(|(k, v)| match LevelFilter::from_str(&v) {
+                Ok(lv) => Some((k, lv)),
+                Err(_) => {
+                    println!("[WARNING] Invalid log level: {k}={v}");
+                    None
+                }
+            })
+            .collect()
+    }
 }

 use handlebars::{
--- a/src/db/models/organization.rs
+++ b/src/db/models/organization.rs
@ -344,6 +344,25 @@ impl UserOrganization {
    pub async fn to_json(&self, conn: &mut DbConn) -> Value {
        let org = Organization::find_by_uuid(&self.org_uuid, conn).await.unwrap();

+        let permissions = json!({
+                // TODO: Add support for Custom User Roles
+                // See: https://bitwarden.com/help/article/user-types-access-control/#custom-role
+                "accessEventLogs": false,
+                "accessImportExport": false,
+                "accessReports": false,
+                "createNewCollections": false,
+                "editAnyCollection": false,
+                "deleteAnyCollection": false,
+                "editAssignedCollections": false,
+                "deleteAssignedCollections": false,
+                "manageGroups": false,
+                "managePolicies": false,
+                "manageSso": false, // Not supported
+                "manageUsers": false,
+                "manageResetPassword": false,
+                "manageScim": false // Not supported (Not AGPLv3 Licensed)
+        });
+
        // https://github.com/bitwarden/server/blob/13d1e74d6960cf0d042620b72d85bf583a4236f7/src/Api/Models/Response/ProfileOrganizationResponseModel.cs
        json!({
            "Id": self.org_uuid,
@ -371,27 +390,7 @@ impl UserOrganization {
            // "KeyConnectorEnabled": false,
            // "KeyConnectorUrl": null,

-            // TODO: Add support for Custom User Roles
-            // See: https://bitwarden.com/help/article/user-types-access-control/#custom-role
-            // "Permissions": {
-            //     "AccessEventLogs": false,
-            //     "AccessImportExport": false,
-            //     "AccessReports": false,
-            //     "ManageAllCollections": false,
-            //     "CreateNewCollections": false,
-            //     "EditAnyCollection": false,
-            //     "DeleteAnyCollection": false,
-            //     "ManageAssignedCollections": false,
-            //     "editAssignedCollections": false,
-            //     "deleteAssignedCollections": false,
-            //     "ManageCiphers": false,
-            //     "ManageGroups": false,
-            //     "ManagePolicies": false,
-            //     "ManageResetPassword": false,
-            //     "ManageSso": false, // Not supported
-            //     "ManageUsers": false,
-            //     "ManageScim": false, // Not supported (Not AGPLv3 Licensed)
-            // },
+            "permissions": permissions,

            "MaxStorageGb": 10, // The value doesn't matter, we don't check server-side

--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@ -246,6 +246,7 @@ impl User {
            "Email": self.email,
            "EmailVerified": !CONFIG.mail_enabled() || self.verified_at.is_some(),
            "Premium": true,
+            "PremiumFromOrganization": false,
            "MasterPasswordHint": self.password_hint,
            "Culture": "en-US",
            "TwoFactorEnabled": twofactor_enabled,
@ -257,6 +258,7 @@ impl User {
            "ProviderOrganizations": [],
            "ForcePasswordReset": false,
            "AvatarColor": self.avatar_color,
+            "UsesKeyConnector": false,
            "Object": "profile",
        })
    }
--- a/src/main.rs
+++ b/src/main.rs
@ -3,7 +3,7 @@
 // The more key/value pairs there are the more recursion occurs.
 // We want to keep this as low as possible, but not higher then 128.
 // If you go above 128 it will cause rust-analyzer to fail,
-#![recursion_limit = "87"]
+#![recursion_limit = "90"]

 // When enabled use MiMalloc as malloc instead of the default malloc
 #[cfg(feature = "enable_mimalloc")]
@ -284,6 +284,10 @@ fn init_logging(level: log::LevelFilter) -> Result<(), fern::InitError> {
        logger = logger.level_for("lettre::transport::smtp", log::LevelFilter::Off)
    }

+    for (path, level) in CONFIG.log_overrides() {
+        logger = logger.level_for(path, level);
+    }
+
    if CONFIG.extended_logging() {
        logger = logger.format(|out, message, record| {
            out.finish(format_args!(
Author	SHA1	Message	Date
Timshel	7b59c17e3f	Merge `ea78965651` into `0fe93edea6`	2024-04-28 07:50:21 +00:00
Timshel	ea78965651	Allow to override log level for specific target	2024-04-28 09:50:18 +02:00
Daniel García	0fe93edea6	Some fixes for the new mobile apps (#4526 )	2024-04-27 23:24:04 +02:00