saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-10 10:45:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add some extra access checks for attachments and groups

Browse Source
This commit is contained in:
Daniel García
2023-07-03 19:58:14 +02:00
parent e7f083dee9
commit 60964c07e6
7 changed files with 101 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/db/models/attachment.rs
View File

@@ -35,7 +35,8 @@ impl Attachment {
}
pub fn get_url(&self, host: &str) -> String {
format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id)
let token = encode_jwt(&generate_file_download_claims(self.cipher_uuid.clone(), self.id.clone()));
format!("{}/attachments/{}/{}?token={}", host, self.cipher_uuid, self.id, token)
}
pub fn to_json(&self, host: &str) -> Value {
@@ -51,6 +52,7 @@ impl Attachment {
}
}
use crate::auth::{encode_jwt, generate_file_download_claims};
use crate::db::DbConn;
use crate::api::EmptyResult;