Attachment azure upload blobs (#312)

* Add direct attachment download and upload API endpoints

* Use direct download method

Enable download of emergency access attachments through EmergencyAccessId

* Match new Server model items

* New Server model for creating attachments.

Provides a url to upload data to, the type of upload, and the Cipher Response expected by the previous call

* Use direct upload url and scheme

* Report Failed single shot azure uploads

* Add cipher attachment upload to file upload service

* Deprecate legacy api methods

* Handle old servers missing new upload api methods

* Improve Send error handling

* Fallback attachment downloads on new endpoint not found

Limit upload size to the new 500MB

* Improve error handling

* lint fixes

src/abstractions/api.service.ts

@@ -1,6 +1,7 @@
 import { PolicyType } from '../enums/policyType';
 
 import { EnvironmentUrls } from '../models/domain/environmentUrls';
+import { AttachmentRequest } from '../models/request/attachmentRequest';
 
 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
 import { CipherBulkDeleteRequest } from '../models/request/cipherBulkDeleteRequest';
@@ -70,6 +71,8 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove
 import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';
 
 import { ApiKeyResponse } from '../models/response/apiKeyResponse';
+import { AttachmentResponse } from '../models/response/attachmentResponse';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { BillingResponse } from '../models/response/billingResponse';
 import { BreachAccountResponse } from '../models/response/breachAccountResponse';
 import { CipherResponse } from '../models/response/cipherResponse';
@@ -193,6 +196,7 @@ export abstract class ApiService {
 
     getCipher: (id: string) => Promise<CipherResponse>;
     getCipherAdmin: (id: string) => Promise<CipherResponse>;
+    getAttachmentData: (cipherId: string, attachmentId: string, emergencyAccessId?: string) => Promise<AttachmentResponse>;
     getCiphersOrganization: (organizationId: string) => Promise<ListResponse<CipherResponse>>;
     postCipher: (request: CipherRequest) => Promise<CipherResponse>;
     postCipherCreate: (request: CipherCreateRequest) => Promise<CipherResponse>;
@@ -219,12 +223,23 @@ export abstract class ApiService {
     putRestoreCipherAdmin: (id: string) => Promise<CipherResponse>;
     putRestoreManyCiphers: (request: CipherBulkRestoreRequest) => Promise<ListResponse<CipherResponse>>;
 
-    postCipherAttachment: (id: string, data: FormData) => Promise<CipherResponse>;
+    /**
-    postCipherAttachmentAdmin: (id: string, data: FormData) => Promise<CipherResponse>;
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    postCipherAttachmentLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    postCipherAttachmentAdminLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+    postCipherAttachment: (id: string, request: AttachmentRequest) => Promise<AttachmentUploadDataResponse>;
     deleteCipherAttachment: (id: string, attachmentId: string) => Promise<any>;
     deleteCipherAttachmentAdmin: (id: string, attachmentId: string) => Promise<any>;
     postShareCipherAttachment: (id: string, attachmentId: string, data: FormData,
         organizationId: string) => Promise<any>;
+    renewAttachmentUploadUrl: (id: string, attachmentId: string) => Promise<AttachmentUploadDataResponse>;
+    postAttachmentFile: (id: string, attachmentId: string, data: FormData) => Promise<any>;
 
     getCollectionDetails: (organizationId: string, id: string) => Promise<CollectionGroupDetailsResponse>;
     getUserCollections: () => Promise<ListResponse<CollectionResponse>>;

src/abstractions/fileUpload.service.ts

@@ -1,7 +1,10 @@
 import { CipherString } from '../models/domain';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDataResponse';
 
 export abstract class FileUploadService {
     uploadSendFile: (uploadData: SendFileUploadDataResponse, fileName: CipherString,
         encryptedFileData: ArrayBuffer) => Promise<any>;
+    uploadCipherAttachment: (admin: boolean, uploadData: AttachmentUploadDataResponse, fileName: string,
+        encryptedFileData: ArrayBuffer) => Promise<any>;
 }

src/angular/components/attachments.component.ts

@@ -6,6 +6,7 @@ import {
     Output,
 } from '@angular/core';
 
+import { ApiService } from '../../abstractions/api.service';
 import { CipherService } from '../../abstractions/cipher.service';
 import { CryptoService } from '../../abstractions/crypto.service';
 import { I18nService } from '../../abstractions/i18n.service';
@@ -13,6 +14,7 @@ import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
 import { UserService } from '../../abstractions/user.service';
 
 import { Cipher } from '../../models/domain/cipher';
+import { ErrorResponse } from '../../models/response';
 
 import { AttachmentView } from '../../models/view/attachmentView';
 import { CipherView } from '../../models/view/cipherView';
@@ -31,10 +33,12 @@ export class AttachmentsComponent implements OnInit {
     formPromise: Promise<any>;
     deletePromises: { [id: string]: Promise<any>; } = {};
     reuploadPromises: { [id: string]: Promise<any>; } = {};
+    emergencyAccessId?: string = null;
 
     constructor(protected cipherService: CipherService, protected i18nService: I18nService,
         protected cryptoService: CryptoService, protected userService: UserService,
-        protected platformUtilsService: PlatformUtilsService, protected win: Window) { }
+        protected platformUtilsService: PlatformUtilsService, protected apiService: ApiService,
+        protected win: Window) { }
 
     async ngOnInit() {
         await this.init();
@@ -55,7 +59,7 @@ export class AttachmentsComponent implements OnInit {
             return;
         }
 
-        if (files[0].size > 104857600) { // 100 MB
+        if (files[0].size > 524288000) { // 500 MB
             this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
                 this.i18nService.t('maxFileSize'));
             return;
@@ -116,8 +120,23 @@ export class AttachmentsComponent implements OnInit {
             return;
         }
 
+        let url: string;
+        try {
+            const attachmentDownloadResponse = await this.apiService.getAttachmentData(this.cipher.id, attachment.id,
+                this.emergencyAccessId);
+            url = attachmentDownloadResponse.url;
+        } catch (e) {
+            if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404) {
+                url = attachment.url;
+            } else if (e instanceof ErrorResponse) {
+                throw new Error((e as ErrorResponse).getSingleMessage());
+            } else {
+                throw e;
+            }
+        }
+
         a.downloading = true;
-        const response = await fetch(new Request(attachment.url, { cache: 'no-store' }));
+        const response = await fetch(new Request(url, { cache: 'no-store' }));
         if (response.status !== 200) {
             this.platformUtilsService.showToast('error', null, this.i18nService.t('errorOccurred'));
             a.downloading = false;

src/models/request/attachmentRequest.ts

@@ -1,4 +1,6 @@
 export class AttachmentRequest {
     fileName: string;
     key: string;
+    fileSize: number;
+    adminRequest: boolean;
 }

src/models/response/attachmentUploadDataResponse.ts

@@ -0,0 +1,20 @@
+import { FileUploadType } from '../../enums/fileUploadType';
+import { BaseResponse } from './baseResponse';
+import { CipherResponse } from './cipherResponse';
+
+export class AttachmentUploadDataResponse extends BaseResponse {
+    attachmentId: string;
+    fileUploadType: FileUploadType;
+    cipherResponse: CipherResponse;
+    cipherMiniResponse: CipherResponse;
+    url: string = null;
+    constructor(response: any) {
+        super(response);
+        this.attachmentId = this.getResponseProperty('AttachmentId');
+        this.fileUploadType = this.getResponseProperty('FileUploadType');
+        this.cipherResponse = this.getResponseProperty('CipherResponse');
+        this.cipherMiniResponse = this.getResponseProperty('CipherMiniResponse');
+        this.url = this.getResponseProperty('Url');
+    }
+
+}

src/services/api.service.ts

@@ -7,6 +7,7 @@ import { TokenService } from '../abstractions/token.service';
 
 import { EnvironmentUrls } from '../models/domain/environmentUrls';
 
+import { AttachmentRequest } from '../models/request/attachmentRequest';
 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
 import { CipherBulkDeleteRequest } from '../models/request/cipherBulkDeleteRequest';
 import { CipherBulkMoveRequest } from '../models/request/cipherBulkMoveRequest';
@@ -75,6 +76,8 @@ import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';
 
 import { Utils } from '../misc/utils';
 import { ApiKeyResponse } from '../models/response/apiKeyResponse';
+import { AttachmentResponse } from '../models/response/attachmentResponse';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { BillingResponse } from '../models/response/billingResponse';
 import { BreachAccountResponse } from '../models/response/breachAccountResponse';
 import { CipherResponse } from '../models/response/cipherResponse';
@@ -600,12 +603,33 @@ export class ApiService implements ApiServiceAbstraction {
 
     // Attachments APIs
 
-    async postCipherAttachment(id: string, data: FormData): Promise<CipherResponse> {
+    async getAttachmentData(cipherId: string, attachmentId: string, emergencyAccessId?: string): Promise<AttachmentResponse> {
+        const path = (emergencyAccessId != null ?
+            '/emergency-access/' + emergencyAccessId + '/' :
+            '/ciphers/') + cipherId + '/attachment/' + attachmentId;
+        const r = await this.send('GET', path, null, true, true);
+        return new AttachmentResponse(r);
+    }
+
+    async postCipherAttachment(id: string, request: AttachmentRequest): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('POST', '/ciphers/' + id + '/attachment/v2', request, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentLegacy(id: string, data: FormData): Promise<CipherResponse> {
         const r = await this.send('POST', '/ciphers/' + id + '/attachment', data, true, true);
         return new CipherResponse(r);
     }
 
-    async postCipherAttachmentAdmin(id: string, data: FormData): Promise<CipherResponse> {
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentAdminLegacy(id: string, data: FormData): Promise<CipherResponse> {
         const r = await this.send('POST', '/ciphers/' + id + '/attachment-admin', data, true, true);
         return new CipherResponse(r);
     }
@@ -624,6 +648,15 @@ export class ApiService implements ApiServiceAbstraction {
             attachmentId + '/share?organizationId=' + organizationId, data, true, false);
     }
 
+    async renewAttachmentUploadUrl(id: string, attachmentId: string): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('GET', '/ciphers/' + id + '/attachment/' + attachmentId, null, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    postAttachmentFile(id: string, attachmentId: string, data: FormData): Promise<any> {
+        return this.send('POST', '/ciphers/' + id + '/attachment/' + attachmentId + '/renew', data, true, false);
+    }
+
     // Collections APIs
 
     async getCollectionDetails(organizationId: string, id: string): Promise<CollectionGroupDetailsResponse> {

src/services/azureFileUpload.service.ts

@@ -32,6 +32,10 @@ export class AzureFileUploadService {
         });
 
         const blobResponse = await fetch(request);
+
+        if (blobResponse.status !== 201) {
+            throw new Error(`Failed to create Azure blob: ${blobResponse.status}`);
+        }
     }
     private async azureUploadBlocks(url: string, data: ArrayBuffer, renewalCallback: () => Promise<string>) {
         const baseUrl = Utils.getUrl(url);

src/services/bitwardenFileUpload.service.ts

@@ -2,28 +2,26 @@ import { ApiService } from '../abstractions/api.service';
 
 import { Utils } from '../misc/utils';
 
-import { CipherString } from '../models/domain';
-import { SendResponse } from '../models/response/sendResponse';
-
 export class BitwardenFileUploadService
 {
     constructor(private apiService: ApiService) { }
 
-    async upload(sendResponse: SendResponse, fileName: CipherString, data: ArrayBuffer) {
+    async upload(encryptedFileName: string, encryptedFileData: ArrayBuffer, apiCall: (fd: FormData) => Promise<any>) {
         const fd = new FormData();
         try {
-            const blob = new Blob([data], { type: 'application/octet-stream' });
+            const blob = new Blob([encryptedFileData], { type: 'application/octet-stream' });
-            fd.append('data', blob, fileName.encryptedString);
+            fd.append('data', blob, encryptedFileName);
         } catch (e) {
             if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('data', Buffer.from(data) as any, {
+                fd.append('data', Buffer.from(encryptedFileData) as any, {
-                    filepath: fileName.encryptedString,
+                    filepath: encryptedFileName,
                     contentType: 'application/octet-stream',
                 } as any);
             } else {
                 throw e;
             }
         }
-        await this.apiService.postSendFile(sendResponse.id, sendResponse.file.id, fd);
+
+        await apiCall(fd);
     }
 }

src/services/cipher.service.ts

@@ -40,6 +40,7 @@ import { SortedCiphersCache } from '../models/domain/sortedCiphersCache';
 import { ApiService } from '../abstractions/api.service';
 import { CipherService as CipherServiceAbstraction } from '../abstractions/cipher.service';
 import { CryptoService } from '../abstractions/crypto.service';
+import { FileUploadService } from '../abstractions/fileUpload.service';
 import { I18nService } from '../abstractions/i18n.service';
 import { SearchService } from '../abstractions/search.service';
 import { SettingsService } from '../abstractions/settings.service';
@@ -50,6 +51,7 @@ import { ConstantsService } from './constants.service';
 
 import { sequentialize } from '../misc/sequentialize';
 import { Utils } from '../misc/utils';
+import { AttachmentRequest } from '../models/request/attachmentRequest';
 
 const Keys = {
     ciphersPrefix: 'ciphers_',
@@ -69,8 +71,8 @@ export class CipherService implements CipherServiceAbstraction {
 
     constructor(private cryptoService: CryptoService, private userService: UserService,
         private settingsService: SettingsService, private apiService: ApiService,
-        private storageService: StorageService, private i18nService: I18nService,
+        private fileUploadService: FileUploadService, private storageService: StorageService,
-        private searchService: () => SearchService) {
+        private i18nService: I18nService, private searchService: () => SearchService) {
     }
 
     get decryptedCipherCache() {
@@ -618,14 +620,50 @@ export class CipherService implements CipherServiceAbstraction {
         const dataEncKey = await this.cryptoService.makeEncKey(key);
         const encData = await this.cryptoService.encryptToBytes(data, dataEncKey[0]);
 
+        const request: AttachmentRequest = {
+            key: dataEncKey[1].encryptedString,
+            fileName: encFileName.encryptedString,
+            fileSize: encData.byteLength,
+            adminRequest: admin,
+        };
+
+        let response: CipherResponse;
+        try {
+            const uploadDataResponse = await this.apiService.postCipherAttachment(cipher.id, request);
+            response = admin ? uploadDataResponse.cipherMiniResponse : uploadDataResponse.cipherResponse;
+            this.fileUploadService.uploadCipherAttachment(admin, uploadDataResponse, filename, data);
+        } catch (e) {
+            if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404 || (e as ErrorResponse).statusCode === 405) {
+                response = await this.legacyServerAttachmentFileUpload(admin, cipher.id, encFileName, encData, dataEncKey[1]);
+            } else if (e instanceof ErrorResponse) {
+                throw new Error((e as ErrorResponse).getSingleMessage());
+            } else {
+                throw e;
+            }
+        }
+
+        const userId = await this.userService.getUserId();
+        const cData = new CipherData(response, userId, cipher.collectionIds);
+        if (!admin) {
+            await this.upsert(cData);
+        }
+        return new Cipher(cData);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async legacyServerAttachmentFileUpload(admin: boolean, cipherId: string, encFileName: CipherString,
+        encData: ArrayBuffer, key: CipherString) {
         const fd = new FormData();
         try {
             const blob = new Blob([encData], { type: 'application/octet-stream' });
-            fd.append('key', dataEncKey[1].encryptedString);
+            fd.append('key', key.encryptedString);
             fd.append('data', blob, encFileName.encryptedString);
         } catch (e) {
             if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('key', dataEncKey[1].encryptedString);
+                fd.append('key', key.encryptedString);
                 fd.append('data', Buffer.from(encData) as any, {
                     filepath: encFileName.encryptedString,
                     contentType: 'application/octet-stream',
@@ -638,20 +676,15 @@ export class CipherService implements CipherServiceAbstraction {
         let response: CipherResponse;
         try {
             if (admin) {
-                response = await this.apiService.postCipherAttachmentAdmin(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentAdminLegacy(cipherId, fd);
             } else {
-                response = await this.apiService.postCipherAttachment(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentLegacy(cipherId, fd);
             }
         } catch (e) {
             throw new Error((e as ErrorResponse).getSingleMessage());
         }
 
-        const userId = await this.userService.getUserId();
+        return response;
-        const cData = new CipherData(response, userId, cipher.collectionIds);
-        if (!admin) {
-            await this.upsert(cData);
-        }
-        return new Cipher(cData);
     }
 
     async saveCollectionsWithServer(cipher: Cipher): Promise<any> {

src/services/fileUpload.service.ts

@@ -5,6 +5,7 @@ import { LogService } from '../abstractions/log.service';
 import { FileUploadType } from '../enums/fileUploadType';
 
 import { CipherString } from '../models/domain';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDataResponse';
 
 import { AzureFileUploadService } from './azureFileUpload.service';
@@ -23,7 +24,8 @@ export class FileUploadService implements FileUploadServiceAbstraction {
         try {
             switch (uploadData.fileUploadType) {
                 case FileUploadType.Direct:
-                    await this.bitwardenFileUploadService.upload(uploadData.sendResponse, fileName, encryptedFileData);
+                    await this.bitwardenFileUploadService.upload(fileName.encryptedString, encryptedFileData,
+                        fd => this.apiService.postSendFile(uploadData.sendResponse.id, uploadData.sendResponse.file.id, fd));
                     break;
                 case FileUploadType.Azure:
                     const renewalCallback = async () => {
@@ -42,4 +44,33 @@ export class FileUploadService implements FileUploadServiceAbstraction {
             throw e;
         }
     }
+
+    async uploadCipherAttachment(admin: boolean, uploadData: AttachmentUploadDataResponse, encryptedFileName: string, encryptedFileData: ArrayBuffer) {
+        const response = admin ? uploadData.cipherMiniResponse : uploadData.cipherResponse;
+        try {
+            switch (uploadData.fileUploadType) {
+                case FileUploadType.Direct:
+                    await this.bitwardenFileUploadService.upload(encryptedFileName, encryptedFileData,
+                        fd => this.apiService.postAttachmentFile(response.id, uploadData.attachmentId, fd));
+                    break;
+                case FileUploadType.Azure:
+                    const renewalCallback = async () => {
+                        const renewalResponse = await this.apiService.renewAttachmentUploadUrl(response.id,
+                            uploadData.attachmentId);
+                        return renewalResponse.url;
+                    };
+                    this.azureFileUploadService.upload(uploadData.url, encryptedFileData, renewalCallback);
+                    break;
+                default:
+                    throw new Error('Unknown file upload type.');
+            }
+        } catch (e) {
+            if (admin) {
+                this.apiService.deleteCipherAttachmentAdmin(response.id, uploadData.attachmentId);
+            } else {
+                this.apiService.deleteCipherAttachment(response.id, uploadData.attachmentId);
+            }
+            throw e;
+        }
+    }
 }

src/services/send.service.ts

@@ -146,6 +146,8 @@ export class SendService implements SendServiceAbstraction {
                 } catch (e) {
                     if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404) {
                         response = await this.legacyServerSendFileUpload(sendData, request);
+                    } else if (e instanceof ErrorResponse) {
+                        throw new Error((e as ErrorResponse).getSingleMessage());
                     } else {
                         throw e;
                     }