An unofficial, mostly Bitwarden-compatible API server written in Ruby (Sinatra and ActiveRecord)
attachments: validate device bearer on attachment creation
+6
+6
lib/routes/attachments.rb
+6
lib/routes/attachments.rb
···
20
20
def self.registered(app)
21
21
app.namespace BASE_URL do
22
22
post "/ciphers/:uuid/attachment" do
23
+
if !device_from_bearer
24
+
return validation_error("invalid bearer")
25
+
end
26
+
23
27
cipher = retrieve_cipher uuid: params[:uuid]
24
28
25
29
need_params(:data) do |p|
···
62
66
63
67
app.namespace ATTACHMENTS_URL do
64
68
get "/:uuid/:attachment_id" do
69
+
# no device authentication
70
+
65
71
a = Attachment.find_by_uuid_and_cipher_uuid(params[:attachment_id],
66
72
params[:uuid])
67
73
attachment(a.filename)