Implement cipher key encryption (#3990)

migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE ciphers 
+ADD COLUMN "key" TEXT;

migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;

migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;

src/api/core/ciphers.rs

@@ -206,6 +206,8 @@ pub struct CipherData {
     // TODO: Some of these might appear all the time, no need for Option
     OrganizationId: Option<String>,
 
+    Key: Option<String>,
+
     /*
     Login = 1,
     SecureNote = 2,
@@ -483,6 +485,7 @@ pub async fn update_cipher_from_data(
         None => err!("Data missing"),
     };
 
+    cipher.key = data.Key;
     cipher.name = data.Name;
     cipher.notes = data.Notes;
     cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string());

src/api/core/mod.rs

@@ -194,7 +194,12 @@ fn version() -> Json<&'static str> {
 fn config() -> Json<Value> {
     let domain = crate::CONFIG.domain();
     Json(json!({
-        "version": crate::VERSION,
+        // Note: The clients use this version to handle backwards compatibility concerns
+        // This means they expect a version that closely matches the Bitwarden server version
+        // We should make sure that we keep this updated when we support the new server features
+        // Version history:
+        // - Individual cipher key encryption: 2023.9.1
+        "version": "2023.9.1",
         "gitHash": option_env!("GIT_REV"),
         "server": {
           "name": "Vaultwarden",
@@ -207,6 +212,12 @@ fn config() -> Json<Value> {
           "notifications": format!("{domain}/notifications"),
           "sso": "",
         },
+        "featureStates": {
+          // Any feature flags that we want the clients to use
+          // Can check the enabled ones at:
+          // https://vault.bitwarden.com/api/config
+          "autofill-v2": true
+        },
         "object": "config",
     }))
 }

src/db/models/cipher.rs

@@ -23,6 +23,8 @@ db_object! {
         pub user_uuid: Option<String>,
         pub organization_uuid: Option<String>,
 
+        pub key: Option<String>,
+
         /*
         Login = 1,
         SecureNote = 2,
@@ -62,6 +64,8 @@ impl Cipher {
             user_uuid: None,
             organization_uuid: None,
 
+            key: None,
+
             atype,
             name,
 
@@ -203,6 +207,7 @@ impl Cipher {
             "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
             "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
             "OrganizationId": self.organization_uuid,
+            "Key": self.key,
             "Attachments": attachments_json,
             // We have UseTotp set to true by default within the Organization model.
             // This variable together with UsersGetPremium is used to show or hide the TOTP counter.

src/db/schemas/mysql/schema.rs

@@ -15,6 +15,7 @@ table! {
         updated_at -> Datetime,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,

src/db/schemas/postgresql/schema.rs

@@ -15,6 +15,7 @@ table! {
         updated_at -> Timestamp,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,

src/db/schemas/sqlite/schema.rs

@@ -15,6 +15,7 @@ table! {
         updated_at -> Timestamp,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,