trashmodern/vaultwarden
1
0
Fork 1
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-05-17 10:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Rust and Crates

Browse Source 
- Updated Rust to v1.72.0
- Updated all the crates
  Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21
- Updated GitHub Workflows
- Run `cargo fmt` which has some new fmt's
- Moved from `rust-toolchain` to `rust-toolchain.toml`
This commit is contained in:
BlackDex
2023-08-28 16:48:42 +02:00
parent 66bff73ebf
commit 32543c46da
29 changed files with 219 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/build.yml vendored
View File

@ -8,9 +8,10 @@ on:
- "migrations/**"
- "Cargo.*"
- "build.rs"
- "rust-toolchain"
- "rust-toolchain.toml"
- "rustfmt.toml"
- "diesel.toml"
- "docker/Dockerfile.j2"
pull_request:
paths:
- ".github/workflows/build.yml"
@ -18,9 +19,10 @@ on:
- "migrations/**"
- "Cargo.*"
- "build.rs"
- "rust-toolchain"
- "rust-toolchain.toml"
- "rustfmt.toml"
- "diesel.toml"
- "docker/Dockerfile.j2"
jobs:
build:
@ -43,7 +45,7 @@ jobs:
steps:
# Checkout the repo
- name: "Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# End Checkout the repo
@ -59,7 +61,7 @@ jobs:
shell: bash
run: |
if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
RUST_TOOLCHAIN="$(cat rust-toolchain)"
RUST_TOOLCHAIN="$(grep -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml)"
elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
else
@ -71,7 +73,7 @@ jobs:
# Only install the clippy and rustfmt components on the default rust-toolchain
- name: "Install rust-toolchain version"
uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
uses: dtolnay/rust-toolchain@f361669954a8ecfc00a3443f35f9ac8e610ffc06 # master @ 2023-08-04 - 01:14 AM GMT+2
if: ${{ matrix.channel == 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@ -81,7 +83,7 @@ jobs:
# Install the any other channel to be used for which we do not execute clippy and rustfmt
- name: "Install MSRV version"
uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
uses: dtolnay/rust-toolchain@f361669954a8ecfc00a3443f35f9ac8e610ffc06 # master @ 2023-08-04 - 01:14 AM GMT+2
if: ${{ matrix.channel != 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@ -89,7 +91,7 @@ jobs:
# Enable Rust Caching
- uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2.5.1
- uses: Swatinem/rust-cache@e207df5d269b42b69c8bc5101da26f7d31feddb4 # v2.6.2
with:
# Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
# Like changing the build host from Ubuntu 20.04 to 22.04 for example.

2
.github/workflows/hadolint.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# End Checkout the repo

4
.github/workflows/release.yml vendored
View File

@ -11,7 +11,7 @@ on:
- "Cargo.*"
- "build.rs"
- "diesel.toml"
- "rust-toolchain"
- "rust-toolchain.toml"
branches: # Only on paths above
- main
@ -73,7 +73,7 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0

320
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

28
Cargo.toml
View File

@ -3,7 +3,7 @@ name = "vaultwarden"
version = "1.0.0"
authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
edition = "2021"
rust-version = "1.69.0"
rust-version = "1.70.0"
resolver = "2"
repository = "https://github.com/dani-garcia/vaultwarden"
@ -40,7 +40,7 @@ syslog = "6.1.0"
[dependencies]
# Logging
log = "0.4.19"
log = "0.4.20"
fern = { version = "0.6.2", features = ["syslog-6"] }
tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
@ -64,18 +64,18 @@ tokio-tungstenite = "0.19.0"
rmpv = "1.0.1" # MessagePack library
# Concurrent HashMap used for WebSocket messaging and favicons
dashmap = "5.5.0"
dashmap = "5.5.3"
# Async futures
futures = "0.3.28"
tokio = { version = "1.30.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
# A generic serialization/deserialization framework
serde = { version = "1.0.183", features = ["derive"] }
serde_json = "1.0.104"
serde = { version = "1.0.188", features = ["derive"] }
serde_json = "1.0.105"
# A safe, extensible ORM and Query builder
diesel = { version = "2.1.0", features = ["chrono", "r2d2"] }
diesel = { version = "2.1.1", features = ["chrono", "r2d2"] }
diesel_migrations = "2.1.0"
diesel_logger = { version = "0.3.0", optional = true }
@ -90,9 +90,9 @@ ring = "0.16.20"
uuid = { version = "1.4.1", features = ["v4"] }
# Date and time libraries
chrono = { version = "0.4.26", features = ["clock", "serde"], default-features = false }
chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false }
chrono-tz = "0.8.3"
time = "0.3.25"
time = "0.3.28"
# Job scheduler
job_scheduler_ng = "2.0.4"
@ -113,7 +113,7 @@ yubico = { version = "0.11.0", features = ["online-tokio"], default-features = f
webauthn-rs = "0.3.2"
# Handling of URL's for WebAuthn and favicons
url = "2.4.0"
url = "2.4.1"
# Email libraries
lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
@ -124,11 +124,11 @@ email_address = "0.2.4"
handlebars = { version = "4.3.7", features = ["dir_source"] }
# HTTP client (Used for favicons, version check, DUO and HIBP API)
reqwest = { version = "0.11.18", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }
reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }
# Favicon extraction libraries
html5gum = "0.5.7"
regex = { version = "1.9.3", features = ["std", "perf", "unicode-perl"], default-features = false }
regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false }
data-url = "0.3.0"
bytes = "1.4.0"
@ -140,7 +140,7 @@ cookie = "0.16.2"
cookie_store = "0.19.1"
# Used by U2F, JWT and PostgreSQL
openssl = "0.10.56"
openssl = "0.10.57"
# CLI argument parsing
pico-args = "0.5.0"
@ -154,7 +154,7 @@ semver = "1.0.18"
# Allow overriding the default memory allocator
# Mainly used for the musl builds, since the default musl malloc is very slow
mimalloc = { version = "0.1.37", features = ["secure"], default-features = false, optional = true }
mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true }
which = "4.4.0"
# Argon2 library with support for the PHC format

2
docker/Dockerfile.j2
View File

@ -2,7 +2,7 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
{% set rust_version = "1.71.1" %}
{% set rust_version = "1.72.0" %}
{% set debian_version = "bookworm" %}
{% set alpine_version = "3.17" %}
{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %}

2
docker/amd64/Dockerfile
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/amd64/Dockerfile.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/amd64/Dockerfile.buildkit
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/amd64/Dockerfile.buildkit.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/arm64/Dockerfile
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/arm64/Dockerfile.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/arm64/Dockerfile.buildkit
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/arm64/Dockerfile.buildkit.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv6/Dockerfile
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv6/Dockerfile.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv6/Dockerfile.buildkit
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv6/Dockerfile.buildkit.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv7/Dockerfile
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv7/Dockerfile.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv7/Dockerfile.buildkit
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/library/rust:1.71.1-bookworm as build
FROM docker.io/library/rust:1.72.0-bookworm as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

2
docker/armv7/Dockerfile.buildkit.alpine
View File

@ -26,7 +26,7 @@
FROM docker.io/vaultwarden/web-vault@sha256:b306f38fe0d54fa3d79059a737f8e1803da44ddc5f273c2aecdd6a4886211b0f as vault
########################## BUILD IMAGE ##########################
FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.71.1-openssl3 as build
FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \

1
rust-toolchain
View File

@ -1 +0,0 @@
1.71.1

4
rust-toolchain.toml Normal file
View File

@ -0,0 +1,4 @@
[toolchain]
channel = "1.72.0"
components = [ "rustfmt", "clippy" ]
profile = "minimal"

8
src/api/core/sends.rs
View File

@ -340,9 +340,13 @@ async fn post_send_file_v2_data(
let mut data = data.into_inner();
let Some(send) = Send::find_by_uuid(send_uuid, &mut conn).await else { err!("Send not found. Unable to save the file.") };
let Some(send) = Send::find_by_uuid(send_uuid, &mut conn).await else {
err!("Send not found. Unable to save the file.")
};
let Some(send_user_id) = &send.user_uuid else {err!("Sends are only supported for users at the moment")};
let Some(send_user_id) = &send.user_uuid else {
err!("Sends are only supported for users at the moment")
};
if send_user_id != &headers.user.uuid {
err!("Send doesn't belong to user");
}

4
src/api/icons.rs
View File

@ -685,7 +685,9 @@ async fn download_icon(domain: &str) -> Result<(Bytes, Option<&str>), Error> {
for icon in icon_result.iconlist.iter().take(5) {
if icon.href.starts_with("data:image") {
let Ok(datauri) = DataUrl::process(&icon.href) else {continue};
let Ok(datauri) = DataUrl::process(&icon.href) else {
continue;
};
// Check if we are able to decode the data uri
let mut body = BytesMut::new();
match datauri.decode::<_, ()>(|bytes| {

4
src/api/notifications.rs
View File

@ -124,7 +124,9 @@ fn websockets_hub<'r>(
err_code!("Invalid claim", 401)
};
let Ok(claims) = crate::auth::decode_login(&token) else { err_code!("Invalid token", 401) };
let Ok(claims) = crate::auth::decode_login(&token) else {
err_code!("Invalid token", 401)
};
let (mut rx, guard) = {
let users = Arc::clone(&WS_USERS);

4
src/api/web.rs
View File

@ -100,7 +100,9 @@ async fn web_files(p: PathBuf) -> Cached<Option<NamedFile>> {
#[get("/attachments/<uuid>/<file_id>?<token>")]
async fn attachments(uuid: SafeString, file_id: SafeString, token: String) -> Option<NamedFile> {
let Ok(claims) = decode_file_download(&token) else { return None };
let Ok(claims) = decode_file_download(&token) else {
return None;
};
if claims.sub != *uuid || claims.file_id != *file_id {
return None;
}

2
src/util.rs
View File

@ -501,7 +501,7 @@ pub fn format_naive_datetime_local(dt: &NaiveDateTime, fmt: &str) -> String {
///
/// https://httpwg.org/specs/rfc7231.html#http.date
pub fn format_datetime_http(dt: &DateTime<Local>) -> String {
let expiry_time: chrono::DateTime<chrono::Utc> = chrono::DateTime::from_utc(dt.naive_utc(), chrono::Utc);
let expiry_time = DateTime::<chrono::Utc>::from_naive_utc_and_offset(dt.naive_utc(), chrono::Utc);
// HACK: HTTP expects the date to always be GMT (UTC) rather than giving an
// offset (which would always be 0 in UTC anyway)