Attachment azure upload blobs (#312)

* Add direct attachment download and upload API endpoints * Use direct download method Enable download of emergency access attachments through EmergencyAccessId * Match new Server model items * New Server model for creating attachments. Provides a url to upload data to, the type of upload, and the Cipher Response expected by the previous call * Use direct upload url and scheme * Report Failed single shot azure uploads * Add cipher attachment upload to file upload service * Deprecate legacy api methods * Handle old servers missing new upload api methods * Improve Send error handling * Fallback attachment downloads on new endpoint not found Limit upload size to the new 500MB * Improve error handling * lint fixes
2026-01-09 03:53:53 +00:00 · 2021-03-26 16:57:07 -05:00
parent 0735569479
commit afac694e9a
11 changed files with 189 additions and 29 deletions
--- a/src/services/api.service.ts
+++ b/src/services/api.service.ts
@@ -7,6 +7,7 @@ import { TokenService } from '../abstractions/token.service';

 import { EnvironmentUrls } from '../models/domain/environmentUrls';

+import { AttachmentRequest } from '../models/request/attachmentRequest';
 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
 import { CipherBulkDeleteRequest } from '../models/request/cipherBulkDeleteRequest';
 import { CipherBulkMoveRequest } from '../models/request/cipherBulkMoveRequest';
@@ -75,6 +76,8 @@ import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';

 import { Utils } from '../misc/utils';
 import { ApiKeyResponse } from '../models/response/apiKeyResponse';
+import { AttachmentResponse } from '../models/response/attachmentResponse';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { BillingResponse } from '../models/response/billingResponse';
 import { BreachAccountResponse } from '../models/response/breachAccountResponse';
 import { CipherResponse } from '../models/response/cipherResponse';
@@ -600,12 +603,33 @@ export class ApiService implements ApiServiceAbstraction {

    // Attachments APIs

-    async postCipherAttachment(id: string, data: FormData): Promise<CipherResponse> {
+    async getAttachmentData(cipherId: string, attachmentId: string, emergencyAccessId?: string): Promise<AttachmentResponse> {
+        const path = (emergencyAccessId != null ?
+            '/emergency-access/' + emergencyAccessId + '/' :
+            '/ciphers/') + cipherId + '/attachment/' + attachmentId;
+        const r = await this.send('GET', path, null, true, true);
+        return new AttachmentResponse(r);
+    }
+
+    async postCipherAttachment(id: string, request: AttachmentRequest): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('POST', '/ciphers/' + id + '/attachment/v2', request, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentLegacy(id: string, data: FormData): Promise<CipherResponse> {
        const r = await this.send('POST', '/ciphers/' + id + '/attachment', data, true, true);
        return new CipherResponse(r);
    }

-    async postCipherAttachmentAdmin(id: string, data: FormData): Promise<CipherResponse> {
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentAdminLegacy(id: string, data: FormData): Promise<CipherResponse> {
        const r = await this.send('POST', '/ciphers/' + id + '/attachment-admin', data, true, true);
        return new CipherResponse(r);
    }
@@ -624,6 +648,15 @@ export class ApiService implements ApiServiceAbstraction {
            attachmentId + '/share?organizationId=' + organizationId, data, true, false);
    }

+    async renewAttachmentUploadUrl(id: string, attachmentId: string): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('GET', '/ciphers/' + id + '/attachment/' + attachmentId, null, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    postAttachmentFile(id: string, attachmentId: string, data: FormData): Promise<any> {
+        return this.send('POST', '/ciphers/' + id + '/attachment/' + attachmentId + '/renew', data, true, false);
+    }
+
    // Collections APIs

    async getCollectionDetails(organizationId: string, id: string): Promise<CollectionGroupDetailsResponse> {
--- a/src/services/azureFileUpload.service.ts
+++ b/src/services/azureFileUpload.service.ts
@@ -32,6 +32,10 @@ export class AzureFileUploadService {
        });

        const blobResponse = await fetch(request);
+
+        if (blobResponse.status !== 201) {
+            throw new Error(`Failed to create Azure blob: ${blobResponse.status}`);
+        }
    }
    private async azureUploadBlocks(url: string, data: ArrayBuffer, renewalCallback: () => Promise<string>) {
        const baseUrl = Utils.getUrl(url);
--- a/src/services/bitwardenFileUpload.service.ts
+++ b/src/services/bitwardenFileUpload.service.ts
@@ -2,28 +2,26 @@ import { ApiService } from '../abstractions/api.service';

 import { Utils } from '../misc/utils';

-import { CipherString } from '../models/domain';
-import { SendResponse } from '../models/response/sendResponse';
-
 export class BitwardenFileUploadService
 {
    constructor(private apiService: ApiService) { }

-    async upload(sendResponse: SendResponse, fileName: CipherString, data: ArrayBuffer) {
+    async upload(encryptedFileName: string, encryptedFileData: ArrayBuffer, apiCall: (fd: FormData) => Promise<any>) {
        const fd = new FormData();
        try {
-            const blob = new Blob([data], { type: 'application/octet-stream' });
-            fd.append('data', blob, fileName.encryptedString);
+            const blob = new Blob([encryptedFileData], { type: 'application/octet-stream' });
+            fd.append('data', blob, encryptedFileName);
        } catch (e) {
            if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('data', Buffer.from(data) as any, {
-                    filepath: fileName.encryptedString,
+                fd.append('data', Buffer.from(encryptedFileData) as any, {
+                    filepath: encryptedFileName,
                    contentType: 'application/octet-stream',
                } as any);
            } else {
                throw e;
            }
        }
-        await this.apiService.postSendFile(sendResponse.id, sendResponse.file.id, fd);
+
+        await apiCall(fd);
    }
 }
--- a/src/services/cipher.service.ts
+++ b/src/services/cipher.service.ts
@@ -40,6 +40,7 @@ import { SortedCiphersCache } from '../models/domain/sortedCiphersCache';
 import { ApiService } from '../abstractions/api.service';
 import { CipherService as CipherServiceAbstraction } from '../abstractions/cipher.service';
 import { CryptoService } from '../abstractions/crypto.service';
+import { FileUploadService } from '../abstractions/fileUpload.service';
 import { I18nService } from '../abstractions/i18n.service';
 import { SearchService } from '../abstractions/search.service';
 import { SettingsService } from '../abstractions/settings.service';
@@ -50,6 +51,7 @@ import { ConstantsService } from './constants.service';

 import { sequentialize } from '../misc/sequentialize';
 import { Utils } from '../misc/utils';
+import { AttachmentRequest } from '../models/request/attachmentRequest';

 const Keys = {
    ciphersPrefix: 'ciphers_',
@@ -69,8 +71,8 @@ export class CipherService implements CipherServiceAbstraction {

    constructor(private cryptoService: CryptoService, private userService: UserService,
        private settingsService: SettingsService, private apiService: ApiService,
-        private storageService: StorageService, private i18nService: I18nService,
-        private searchService: () => SearchService) {
+        private fileUploadService: FileUploadService, private storageService: StorageService,
+        private i18nService: I18nService, private searchService: () => SearchService) {
    }

    get decryptedCipherCache() {
@@ -618,14 +620,50 @@ export class CipherService implements CipherServiceAbstraction {
        const dataEncKey = await this.cryptoService.makeEncKey(key);
        const encData = await this.cryptoService.encryptToBytes(data, dataEncKey[0]);

+        const request: AttachmentRequest = {
+            key: dataEncKey[1].encryptedString,
+            fileName: encFileName.encryptedString,
+            fileSize: encData.byteLength,
+            adminRequest: admin,
+        };
+
+        let response: CipherResponse;
+        try {
+            const uploadDataResponse = await this.apiService.postCipherAttachment(cipher.id, request);
+            response = admin ? uploadDataResponse.cipherMiniResponse : uploadDataResponse.cipherResponse;
+            this.fileUploadService.uploadCipherAttachment(admin, uploadDataResponse, filename, data);
+        } catch (e) {
+            if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404 || (e as ErrorResponse).statusCode === 405) {
+                response = await this.legacyServerAttachmentFileUpload(admin, cipher.id, encFileName, encData, dataEncKey[1]);
+            } else if (e instanceof ErrorResponse) {
+                throw new Error((e as ErrorResponse).getSingleMessage());
+            } else {
+                throw e;
+            }
+        }
+
+        const userId = await this.userService.getUserId();
+        const cData = new CipherData(response, userId, cipher.collectionIds);
+        if (!admin) {
+            await this.upsert(cData);
+        }
+        return new Cipher(cData);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async legacyServerAttachmentFileUpload(admin: boolean, cipherId: string, encFileName: CipherString,
+        encData: ArrayBuffer, key: CipherString) {
        const fd = new FormData();
        try {
            const blob = new Blob([encData], { type: 'application/octet-stream' });
-            fd.append('key', dataEncKey[1].encryptedString);
+            fd.append('key', key.encryptedString);
            fd.append('data', blob, encFileName.encryptedString);
        } catch (e) {
            if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('key', dataEncKey[1].encryptedString);
+                fd.append('key', key.encryptedString);
                fd.append('data', Buffer.from(encData) as any, {
                    filepath: encFileName.encryptedString,
                    contentType: 'application/octet-stream',
@@ -638,20 +676,15 @@ export class CipherService implements CipherServiceAbstraction {
        let response: CipherResponse;
        try {
            if (admin) {
-                response = await this.apiService.postCipherAttachmentAdmin(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentAdminLegacy(cipherId, fd);
            } else {
-                response = await this.apiService.postCipherAttachment(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentLegacy(cipherId, fd);
            }
        } catch (e) {
            throw new Error((e as ErrorResponse).getSingleMessage());
        }

-        const userId = await this.userService.getUserId();
-        const cData = new CipherData(response, userId, cipher.collectionIds);
-        if (!admin) {
-            await this.upsert(cData);
-        }
-        return new Cipher(cData);
+        return response;
    }

    async saveCollectionsWithServer(cipher: Cipher): Promise<any> {
--- a/src/services/fileUpload.service.ts
+++ b/src/services/fileUpload.service.ts
@@ -5,6 +5,7 @@ import { LogService } from '../abstractions/log.service';
 import { FileUploadType } from '../enums/fileUploadType';

 import { CipherString } from '../models/domain';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDataResponse';

 import { AzureFileUploadService } from './azureFileUpload.service';
@@ -23,7 +24,8 @@ export class FileUploadService implements FileUploadServiceAbstraction {
        try {
            switch (uploadData.fileUploadType) {
                case FileUploadType.Direct:
-                    await this.bitwardenFileUploadService.upload(uploadData.sendResponse, fileName, encryptedFileData);
+                    await this.bitwardenFileUploadService.upload(fileName.encryptedString, encryptedFileData,
+                        fd => this.apiService.postSendFile(uploadData.sendResponse.id, uploadData.sendResponse.file.id, fd));
                    break;
                case FileUploadType.Azure:
                    const renewalCallback = async () => {
@@ -42,4 +44,33 @@ export class FileUploadService implements FileUploadServiceAbstraction {
            throw e;
        }
    }
+
+    async uploadCipherAttachment(admin: boolean, uploadData: AttachmentUploadDataResponse, encryptedFileName: string, encryptedFileData: ArrayBuffer) {
+        const response = admin ? uploadData.cipherMiniResponse : uploadData.cipherResponse;
+        try {
+            switch (uploadData.fileUploadType) {
+                case FileUploadType.Direct:
+                    await this.bitwardenFileUploadService.upload(encryptedFileName, encryptedFileData,
+                        fd => this.apiService.postAttachmentFile(response.id, uploadData.attachmentId, fd));
+                    break;
+                case FileUploadType.Azure:
+                    const renewalCallback = async () => {
+                        const renewalResponse = await this.apiService.renewAttachmentUploadUrl(response.id,
+                            uploadData.attachmentId);
+                        return renewalResponse.url;
+                    };
+                    this.azureFileUploadService.upload(uploadData.url, encryptedFileData, renewalCallback);
+                    break;
+                default:
+                    throw new Error('Unknown file upload type.');
+            }
+        } catch (e) {
+            if (admin) {
+                this.apiService.deleteCipherAttachmentAdmin(response.id, uploadData.attachmentId);
+            } else {
+                this.apiService.deleteCipherAttachment(response.id, uploadData.attachmentId);
+            }
+            throw e;
+        }
+    }
 }
--- a/src/services/send.service.ts
+++ b/src/services/send.service.ts
@@ -146,6 +146,8 @@ export class SendService implements SendServiceAbstraction {
                } catch (e) {
                    if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404) {
                        response = await this.legacyServerSendFileUpload(sendData, request);
+                    } else if (e instanceof ErrorResponse) {
+                        throw new Error((e as ErrorResponse).getSingleMessage());
                    } else {
                        throw e;
                    }