Attachment azure upload blobs (#312)

* Add direct attachment download and upload API endpoints * Use direct download method Enable download of emergency access attachments through EmergencyAccessId * Match new Server model items * New Server model for creating attachments. Provides a url to upload data to, the type of upload, and the Cipher Response expected by the previous call * Use direct upload url and scheme * Report Failed single shot azure uploads * Add cipher attachment upload to file upload service * Deprecate legacy api methods * Handle old servers missing new upload api methods * Improve Send error handling * Fallback attachment downloads on new endpoint not found Limit upload size to the new 500MB * Improve error handling * lint fixes
2025-02-06 23:51:28 +01:00 · 2021-03-26 16:57:07 -05:00 · 2021-03-26 16:57:07 -05:00 · afac694e9a
commit afac694e9a
parent 0735569479
11 changed files with 189 additions and 29 deletions
--- a/src/abstractions/api.service.ts
+++ b/src/abstractions/api.service.ts
@ -1,6 +1,7 @@
 import { PolicyType } from '../enums/policyType';

 import { EnvironmentUrls } from '../models/domain/environmentUrls';
+import { AttachmentRequest } from '../models/request/attachmentRequest';

 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
 import { CipherBulkDeleteRequest } from '../models/request/cipherBulkDeleteRequest';
@ -70,6 +71,8 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove
 import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';

 import { ApiKeyResponse } from '../models/response/apiKeyResponse';
+import { AttachmentResponse } from '../models/response/attachmentResponse';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { BillingResponse } from '../models/response/billingResponse';
 import { BreachAccountResponse } from '../models/response/breachAccountResponse';
 import { CipherResponse } from '../models/response/cipherResponse';
@ -193,6 +196,7 @@ export abstract class ApiService {

    getCipher: (id: string) => Promise<CipherResponse>;
    getCipherAdmin: (id: string) => Promise<CipherResponse>;
+    getAttachmentData: (cipherId: string, attachmentId: string, emergencyAccessId?: string) => Promise<AttachmentResponse>;
    getCiphersOrganization: (organizationId: string) => Promise<ListResponse<CipherResponse>>;
    postCipher: (request: CipherRequest) => Promise<CipherResponse>;
    postCipherCreate: (request: CipherCreateRequest) => Promise<CipherResponse>;
@ -219,12 +223,23 @@ export abstract class ApiService {
    putRestoreCipherAdmin: (id: string) => Promise<CipherResponse>;
    putRestoreManyCiphers: (request: CipherBulkRestoreRequest) => Promise<ListResponse<CipherResponse>>;

-    postCipherAttachment: (id: string, data: FormData) => Promise<CipherResponse>;
-    postCipherAttachmentAdmin: (id: string, data: FormData) => Promise<CipherResponse>;
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    postCipherAttachmentLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    postCipherAttachmentAdminLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+    postCipherAttachment: (id: string, request: AttachmentRequest) => Promise<AttachmentUploadDataResponse>;
    deleteCipherAttachment: (id: string, attachmentId: string) => Promise<any>;
    deleteCipherAttachmentAdmin: (id: string, attachmentId: string) => Promise<any>;
    postShareCipherAttachment: (id: string, attachmentId: string, data: FormData,
        organizationId: string) => Promise<any>;
+    renewAttachmentUploadUrl: (id: string, attachmentId: string) => Promise<AttachmentUploadDataResponse>;
+    postAttachmentFile: (id: string, attachmentId: string, data: FormData) => Promise<any>;

    getCollectionDetails: (organizationId: string, id: string) => Promise<CollectionGroupDetailsResponse>;
    getUserCollections: () => Promise<ListResponse<CollectionResponse>>;
--- a/src/abstractions/fileUpload.service.ts
+++ b/src/abstractions/fileUpload.service.ts
@ -1,7 +1,10 @@
 import { CipherString } from '../models/domain';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDataResponse';

 export abstract class FileUploadService {
    uploadSendFile: (uploadData: SendFileUploadDataResponse, fileName: CipherString,
        encryptedFileData: ArrayBuffer) => Promise<any>;
+    uploadCipherAttachment: (admin: boolean, uploadData: AttachmentUploadDataResponse, fileName: string,
+        encryptedFileData: ArrayBuffer) => Promise<any>;
 }
--- a/src/angular/components/attachments.component.ts
+++ b/src/angular/components/attachments.component.ts
@ -6,6 +6,7 @@ import {
    Output,
 } from '@angular/core';

+import { ApiService } from '../../abstractions/api.service';
 import { CipherService } from '../../abstractions/cipher.service';
 import { CryptoService } from '../../abstractions/crypto.service';
 import { I18nService } from '../../abstractions/i18n.service';
@ -13,6 +14,7 @@ import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
 import { UserService } from '../../abstractions/user.service';

 import { Cipher } from '../../models/domain/cipher';
+import { ErrorResponse } from '../../models/response';

 import { AttachmentView } from '../../models/view/attachmentView';
 import { CipherView } from '../../models/view/cipherView';
@ -31,10 +33,12 @@ export class AttachmentsComponent implements OnInit {
    formPromise: Promise<any>;
    deletePromises: { [id: string]: Promise<any>; } = {};
    reuploadPromises: { [id: string]: Promise<any>; } = {};
+    emergencyAccessId?: string = null;

    constructor(protected cipherService: CipherService, protected i18nService: I18nService,
        protected cryptoService: CryptoService, protected userService: UserService,
-        protected platformUtilsService: PlatformUtilsService, protected win: Window) { }
+        protected platformUtilsService: PlatformUtilsService, protected apiService: ApiService,
+        protected win: Window) { }

    async ngOnInit() {
        await this.init();
@ -55,7 +59,7 @@ export class AttachmentsComponent implements OnInit {
            return;
        }

-        if (files[0].size > 104857600) { // 100 MB
+        if (files[0].size > 524288000) { // 500 MB
            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
                this.i18nService.t('maxFileSize'));
            return;
@ -116,8 +120,23 @@ export class AttachmentsComponent implements OnInit {
            return;
        }

+        let url: string;
+        try {
+            const attachmentDownloadResponse = await this.apiService.getAttachmentData(this.cipher.id, attachment.id,
+                this.emergencyAccessId);
+            url = attachmentDownloadResponse.url;
+        } catch (e) {
+            if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404) {
+                url = attachment.url;
+            } else if (e instanceof ErrorResponse) {
+                throw new Error((e as ErrorResponse).getSingleMessage());
+            } else {
+                throw e;
+            }
+        }
+
        a.downloading = true;
-        const response = await fetch(new Request(attachment.url, { cache: 'no-store' }));
+        const response = await fetch(new Request(url, { cache: 'no-store' }));
        if (response.status !== 200) {
            this.platformUtilsService.showToast('error', null, this.i18nService.t('errorOccurred'));
            a.downloading = false;
--- a/src/models/request/attachmentRequest.ts
+++ b/src/models/request/attachmentRequest.ts
@ -1,4 +1,6 @@
 export class AttachmentRequest {
    fileName: string;
    key: string;
+    fileSize: number;
+    adminRequest: boolean;
 }
--- a/src/models/response/attachmentUploadDataResponse.ts
+++ b/src/models/response/attachmentUploadDataResponse.ts
@ -0,0 +1,20 @@
+import { FileUploadType } from '../../enums/fileUploadType';
+import { BaseResponse } from './baseResponse';
+import { CipherResponse } from './cipherResponse';
+
+export class AttachmentUploadDataResponse extends BaseResponse {
+    attachmentId: string;
+    fileUploadType: FileUploadType;
+    cipherResponse: CipherResponse;
+    cipherMiniResponse: CipherResponse;
+    url: string = null;
+    constructor(response: any) {
+        super(response);
+        this.attachmentId = this.getResponseProperty('AttachmentId');
+        this.fileUploadType = this.getResponseProperty('FileUploadType');
+        this.cipherResponse = this.getResponseProperty('CipherResponse');
+        this.cipherMiniResponse = this.getResponseProperty('CipherMiniResponse');
+        this.url = this.getResponseProperty('Url');
+    }
+
+}
--- a/src/services/api.service.ts
+++ b/src/services/api.service.ts
@ -7,6 +7,7 @@ import { TokenService } from '../abstractions/token.service';

 import { EnvironmentUrls } from '../models/domain/environmentUrls';

+import { AttachmentRequest } from '../models/request/attachmentRequest';
 import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
 import { CipherBulkDeleteRequest } from '../models/request/cipherBulkDeleteRequest';
 import { CipherBulkMoveRequest } from '../models/request/cipherBulkMoveRequest';
@ -75,6 +76,8 @@ import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';

 import { Utils } from '../misc/utils';
 import { ApiKeyResponse } from '../models/response/apiKeyResponse';
+import { AttachmentResponse } from '../models/response/attachmentResponse';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { BillingResponse } from '../models/response/billingResponse';
 import { BreachAccountResponse } from '../models/response/breachAccountResponse';
 import { CipherResponse } from '../models/response/cipherResponse';
@ -600,12 +603,33 @@ export class ApiService implements ApiServiceAbstraction {

    // Attachments APIs

-    async postCipherAttachment(id: string, data: FormData): Promise<CipherResponse> {
+    async getAttachmentData(cipherId: string, attachmentId: string, emergencyAccessId?: string): Promise<AttachmentResponse> {
+        const path = (emergencyAccessId != null ?
+            '/emergency-access/' + emergencyAccessId + '/' :
+            '/ciphers/') + cipherId + '/attachment/' + attachmentId;
+        const r = await this.send('GET', path, null, true, true);
+        return new AttachmentResponse(r);
+    }
+
+    async postCipherAttachment(id: string, request: AttachmentRequest): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('POST', '/ciphers/' + id + '/attachment/v2', request, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentLegacy(id: string, data: FormData): Promise<CipherResponse> {
        const r = await this.send('POST', '/ciphers/' + id + '/attachment', data, true, true);
        return new CipherResponse(r);
    }

-    async postCipherAttachmentAdmin(id: string, data: FormData): Promise<CipherResponse> {
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async postCipherAttachmentAdminLegacy(id: string, data: FormData): Promise<CipherResponse> {
        const r = await this.send('POST', '/ciphers/' + id + '/attachment-admin', data, true, true);
        return new CipherResponse(r);
    }
@ -624,6 +648,15 @@ export class ApiService implements ApiServiceAbstraction {
            attachmentId + '/share?organizationId=' + organizationId, data, true, false);
    }

+    async renewAttachmentUploadUrl(id: string, attachmentId: string): Promise<AttachmentUploadDataResponse> {
+        const r = await this.send('GET', '/ciphers/' + id + '/attachment/' + attachmentId, null, true, true);
+        return new AttachmentUploadDataResponse(r);
+    }
+
+    postAttachmentFile(id: string, attachmentId: string, data: FormData): Promise<any> {
+        return this.send('POST', '/ciphers/' + id + '/attachment/' + attachmentId + '/renew', data, true, false);
+    }
+
    // Collections APIs

    async getCollectionDetails(organizationId: string, id: string): Promise<CollectionGroupDetailsResponse> {
--- a/src/services/azureFileUpload.service.ts
+++ b/src/services/azureFileUpload.service.ts
@ -32,6 +32,10 @@ export class AzureFileUploadService {
        });

        const blobResponse = await fetch(request);
+
+        if (blobResponse.status !== 201) {
+            throw new Error(`Failed to create Azure blob: ${blobResponse.status}`);
+        }
    }
    private async azureUploadBlocks(url: string, data: ArrayBuffer, renewalCallback: () => Promise<string>) {
        const baseUrl = Utils.getUrl(url);
--- a/src/services/bitwardenFileUpload.service.ts
+++ b/src/services/bitwardenFileUpload.service.ts
@ -2,28 +2,26 @@ import { ApiService } from '../abstractions/api.service';

 import { Utils } from '../misc/utils';

-import { CipherString } from '../models/domain';
-import { SendResponse } from '../models/response/sendResponse';
-
 export class BitwardenFileUploadService
 {
    constructor(private apiService: ApiService) { }

-    async upload(sendResponse: SendResponse, fileName: CipherString, data: ArrayBuffer) {
+    async upload(encryptedFileName: string, encryptedFileData: ArrayBuffer, apiCall: (fd: FormData) => Promise<any>) {
        const fd = new FormData();
        try {
-            const blob = new Blob([data], { type: 'application/octet-stream' });
-            fd.append('data', blob, fileName.encryptedString);
+            const blob = new Blob([encryptedFileData], { type: 'application/octet-stream' });
+            fd.append('data', blob, encryptedFileName);
        } catch (e) {
            if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('data', Buffer.from(data) as any, {
-                    filepath: fileName.encryptedString,
+                fd.append('data', Buffer.from(encryptedFileData) as any, {
+                    filepath: encryptedFileName,
                    contentType: 'application/octet-stream',
                } as any);
            } else {
                throw e;
            }
        }
-        await this.apiService.postSendFile(sendResponse.id, sendResponse.file.id, fd);
+
+        await apiCall(fd);
    }
 }
--- a/src/services/cipher.service.ts
+++ b/src/services/cipher.service.ts
@ -40,6 +40,7 @@ import { SortedCiphersCache } from '../models/domain/sortedCiphersCache';
 import { ApiService } from '../abstractions/api.service';
 import { CipherService as CipherServiceAbstraction } from '../abstractions/cipher.service';
 import { CryptoService } from '../abstractions/crypto.service';
+import { FileUploadService } from '../abstractions/fileUpload.service';
 import { I18nService } from '../abstractions/i18n.service';
 import { SearchService } from '../abstractions/search.service';
 import { SettingsService } from '../abstractions/settings.service';
@ -50,6 +51,7 @@ import { ConstantsService } from './constants.service';

 import { sequentialize } from '../misc/sequentialize';
 import { Utils } from '../misc/utils';
+import { AttachmentRequest } from '../models/request/attachmentRequest';

 const Keys = {
    ciphersPrefix: 'ciphers_',
@ -69,8 +71,8 @@ export class CipherService implements CipherServiceAbstraction {

    constructor(private cryptoService: CryptoService, private userService: UserService,
        private settingsService: SettingsService, private apiService: ApiService,
-        private storageService: StorageService, private i18nService: I18nService,
-        private searchService: () => SearchService) {
+        private fileUploadService: FileUploadService, private storageService: StorageService,
+        private i18nService: I18nService, private searchService: () => SearchService) {
    }

    get decryptedCipherCache() {
@ -618,14 +620,50 @@ export class CipherService implements CipherServiceAbstraction {
        const dataEncKey = await this.cryptoService.makeEncKey(key);
        const encData = await this.cryptoService.encryptToBytes(data, dataEncKey[0]);

+        const request: AttachmentRequest = {
+            key: dataEncKey[1].encryptedString,
+            fileName: encFileName.encryptedString,
+            fileSize: encData.byteLength,
+            adminRequest: admin,
+        };
+
+        let response: CipherResponse;
+        try {
+            const uploadDataResponse = await this.apiService.postCipherAttachment(cipher.id, request);
+            response = admin ? uploadDataResponse.cipherMiniResponse : uploadDataResponse.cipherResponse;
+            this.fileUploadService.uploadCipherAttachment(admin, uploadDataResponse, filename, data);
+        } catch (e) {
+            if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404 || (e as ErrorResponse).statusCode === 405) {
+                response = await this.legacyServerAttachmentFileUpload(admin, cipher.id, encFileName, encData, dataEncKey[1]);
+            } else if (e instanceof ErrorResponse) {
+                throw new Error((e as ErrorResponse).getSingleMessage());
+            } else {
+                throw e;
+            }
+        }
+
+        const userId = await this.userService.getUserId();
+        const cData = new CipherData(response, userId, cipher.collectionIds);
+        if (!admin) {
+            await this.upsert(cData);
+        }
+        return new Cipher(cData);
+    }
+
+    /**
+     * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+     * This method still exists for backward compatibility with old server versions.
+     */
+    async legacyServerAttachmentFileUpload(admin: boolean, cipherId: string, encFileName: CipherString,
+        encData: ArrayBuffer, key: CipherString) {
        const fd = new FormData();
        try {
            const blob = new Blob([encData], { type: 'application/octet-stream' });
-            fd.append('key', dataEncKey[1].encryptedString);
+            fd.append('key', key.encryptedString);
            fd.append('data', blob, encFileName.encryptedString);
        } catch (e) {
            if (Utils.isNode && !Utils.isBrowser) {
-                fd.append('key', dataEncKey[1].encryptedString);
+                fd.append('key', key.encryptedString);
                fd.append('data', Buffer.from(encData) as any, {
                    filepath: encFileName.encryptedString,
                    contentType: 'application/octet-stream',
@ -638,20 +676,15 @@ export class CipherService implements CipherServiceAbstraction {
        let response: CipherResponse;
        try {
            if (admin) {
-                response = await this.apiService.postCipherAttachmentAdmin(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentAdminLegacy(cipherId, fd);
            } else {
-                response = await this.apiService.postCipherAttachment(cipher.id, fd);
+                response = await this.apiService.postCipherAttachmentLegacy(cipherId, fd);
            }
        } catch (e) {
            throw new Error((e as ErrorResponse).getSingleMessage());
        }

-        const userId = await this.userService.getUserId();
-        const cData = new CipherData(response, userId, cipher.collectionIds);
-        if (!admin) {
-            await this.upsert(cData);
-        }
-        return new Cipher(cData);
+        return response;
    }

    async saveCollectionsWithServer(cipher: Cipher): Promise<any> {
--- a/src/services/fileUpload.service.ts
+++ b/src/services/fileUpload.service.ts
@ -5,6 +5,7 @@ import { LogService } from '../abstractions/log.service';
 import { FileUploadType } from '../enums/fileUploadType';

 import { CipherString } from '../models/domain';
+import { AttachmentUploadDataResponse } from '../models/response/attachmentUploadDataResponse';
 import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDataResponse';

 import { AzureFileUploadService } from './azureFileUpload.service';
@ -23,7 +24,8 @@ export class FileUploadService implements FileUploadServiceAbstraction {
        try {
            switch (uploadData.fileUploadType) {
                case FileUploadType.Direct:
-                    await this.bitwardenFileUploadService.upload(uploadData.sendResponse, fileName, encryptedFileData);
+                    await this.bitwardenFileUploadService.upload(fileName.encryptedString, encryptedFileData,
+                        fd => this.apiService.postSendFile(uploadData.sendResponse.id, uploadData.sendResponse.file.id, fd));
                    break;
                case FileUploadType.Azure:
                    const renewalCallback = async () => {
@ -42,4 +44,33 @@ export class FileUploadService implements FileUploadServiceAbstraction {
            throw e;
        }
    }
+
+    async uploadCipherAttachment(admin: boolean, uploadData: AttachmentUploadDataResponse, encryptedFileName: string, encryptedFileData: ArrayBuffer) {
+        const response = admin ? uploadData.cipherMiniResponse : uploadData.cipherResponse;
+        try {
+            switch (uploadData.fileUploadType) {
+                case FileUploadType.Direct:
+                    await this.bitwardenFileUploadService.upload(encryptedFileName, encryptedFileData,
+                        fd => this.apiService.postAttachmentFile(response.id, uploadData.attachmentId, fd));
+                    break;
+                case FileUploadType.Azure:
+                    const renewalCallback = async () => {
+                        const renewalResponse = await this.apiService.renewAttachmentUploadUrl(response.id,
+                            uploadData.attachmentId);
+                        return renewalResponse.url;
+                    };
+                    this.azureFileUploadService.upload(uploadData.url, encryptedFileData, renewalCallback);
+                    break;
+                default:
+                    throw new Error('Unknown file upload type.');
+            }
+        } catch (e) {
+            if (admin) {
+                this.apiService.deleteCipherAttachmentAdmin(response.id, uploadData.attachmentId);
+            } else {
+                this.apiService.deleteCipherAttachment(response.id, uploadData.attachmentId);
+            }
+            throw e;
+        }
+    }
 }
--- a/src/services/send.service.ts
+++ b/src/services/send.service.ts
@ -146,6 +146,8 @@ export class SendService implements SendServiceAbstraction {
                } catch (e) {
                    if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404) {
                        response = await this.legacyServerSendFileUpload(sendData, request);
+                    } else if (e instanceof ErrorResponse) {
+                        throw new Error((e as ErrorResponse).getSingleMessage());
                    } else {
                        throw e;
                    }