mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-25 13:20:23 +00:00
Disable WebSockets negotiation by default
This commit is contained in:
parent
02fd68d63b
commit
9ecc98c3cc
3 changed files with 23 additions and 6 deletions
13
README.md
13
README.md
|
@ -212,12 +212,23 @@ docker run -d --name bitwarden \
|
|||
*Important: This does not apply to the mobile clients, which use push notifications.*
|
||||
|
||||
To enable WebSockets notifications, an external reverse proxy is necessary, and it must be configured to do the following:
|
||||
- Route the `/notifications/hub` endpoint to the WebSocket server, by default at port `3012`, making sure to pass the `Connection` and `Upgrade` headers.
|
||||
- Route the `/notifications/hub` endpoint to the WebSocket server, by default at port `3012`, making sure to pass the `Connection` and `Upgrade` headers. (Note the port can be changed with `WEBSOCKET_PORT` variable)
|
||||
- Route everything else, including `/notifications/hub/negotiate`, to the standard Rocket server, by default at port `80`.
|
||||
- If using Docker, you may need to map both ports with the `-p` flag
|
||||
|
||||
Example configurations are included in the [PROXY.md](https://github.com/dani-garcia/bitwarden_rs/blob/master/PROXY.md) file.
|
||||
|
||||
Then you need to enable WebSockets negotiation on the bitwarden_rs side by setting the `WEBSOCKET_ENABLED` variable to `true`:
|
||||
|
||||
```sh
|
||||
docker run -d --name bitwarden \
|
||||
-e WEBSOCKET_ENABLED=true \
|
||||
-v /bw-data/:/data/ \
|
||||
-p 80:80 \
|
||||
-p 3012:3012 \
|
||||
mprasil/bitwarden:latest
|
||||
```
|
||||
|
||||
Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though [it's a planned feature](https://github.com/SergioBenitez/Rocket/issues/90)), which forces us to launch a secondary server on a separate port.
|
||||
|
||||
### Enabling U2F authentication
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
use rocket::Route;
|
||||
use rocket_contrib::Json;
|
||||
use serde_json::Value as JsonValue;
|
||||
|
||||
use api::JsonResult;
|
||||
use auth::Headers;
|
||||
|
@ -22,17 +23,20 @@ fn negotiate(_headers: Headers, _conn: DbConn) -> JsonResult {
|
|||
use data_encoding::BASE64URL;
|
||||
|
||||
let conn_id = BASE64URL.encode(&crypto::get_random(vec![0u8; 16]));
|
||||
let mut available_transports: Vec<JsonValue> = Vec::new();
|
||||
|
||||
if CONFIG.websocket_enabled {
|
||||
available_transports.push(json!({"transport":"WebSockets", "transferFormats":["Text","Binary"]}));
|
||||
}
|
||||
|
||||
// TODO: Implement transports
|
||||
// Rocket WS support: https://github.com/SergioBenitez/Rocket/issues/90
|
||||
// Rocket SSE support: https://github.com/SergioBenitez/Rocket/issues/33
|
||||
// {"transport":"ServerSentEvents", "transferFormats":["Text"]},
|
||||
// {"transport":"LongPolling", "transferFormats":["Text","Binary"]}
|
||||
Ok(Json(json!({
|
||||
"connectionId": conn_id,
|
||||
"availableTransports":[
|
||||
{"transport":"WebSockets", "transferFormats":["Text","Binary"]},
|
||||
// {"transport":"ServerSentEvents", "transferFormats":["Text"]},
|
||||
// {"transport":"LongPolling", "transferFormats":["Text","Binary"]}
|
||||
]
|
||||
"availableTransports": available_transports
|
||||
})))
|
||||
}
|
||||
|
||||
|
|
|
@ -232,6 +232,7 @@ pub struct Config {
|
|||
web_vault_folder: String,
|
||||
web_vault_enabled: bool,
|
||||
|
||||
websocket_enabled: bool,
|
||||
websocket_url: String,
|
||||
|
||||
local_icon_extractor: bool,
|
||||
|
@ -269,6 +270,7 @@ impl Config {
|
|||
web_vault_folder: get_env_or("WEB_VAULT_FOLDER", "web-vault/".into()),
|
||||
web_vault_enabled: get_env_or("WEB_VAULT_ENABLED", true),
|
||||
|
||||
websocket_enabled: get_env_or("WEBSOCKET_ENABLED", false),
|
||||
websocket_url: format!("{}:{}", get_env_or("WEBSOCKET_ADDRESS", "0.0.0.0".to_string()), get_env_or("WEBSOCKET_PORT", 3012)),
|
||||
|
||||
local_icon_extractor: get_env_or("LOCAL_ICON_EXTRACTOR", false),
|
||||
|
|
Loading…
Reference in a new issue