From 682e372752173cdc67e12e76d6c0c70ede7f0a9d Mon Sep 17 00:00:00 2001 From: qaz741wsd856 Date: Sun, 30 Nov 2025 09:24:19 +0000 Subject: [PATCH] feat: add emergency access and WebAuthn handlers with stub implementations --- src/handlers/emergency_access.rs | 32 ++++++++++++++++++++++++++++++++ src/handlers/mod.rs | 6 ++++-- src/handlers/webauth.rs | 16 ++++++++++++++++ src/router.rs | 16 +++++++++++++++- 4 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 src/handlers/emergency_access.rs create mode 100644 src/handlers/webauth.rs diff --git a/src/handlers/emergency_access.rs b/src/handlers/emergency_access.rs new file mode 100644 index 0000000..b792ac4 --- /dev/null +++ b/src/handlers/emergency_access.rs @@ -0,0 +1,32 @@ +use axum::Json; +use serde_json::{json, Value}; + +/// GET /emergency-access/trusted +/// +/// Returns the list of trusted emergency access contacts (grantees) for the current user. +/// This is a stub implementation that always returns an empty list since emergency access +/// is not supported in this minimal Bitwarden-compatible implementation. +/// +/// In vaultwarden, when `emergency_access_allowed` is disabled, it returns an empty list. +/// We follow the same pattern here. +#[worker::send] +pub async fn get_trusted_contacts() -> Json { + Json(json!({ + "data": [], + "object": "list", + "continuationToken": null + })) +} + +/// GET /emergency-access/granted +/// +/// Returns the list of emergency access grants where the current user is a grantee. +/// This is a stub implementation that always returns an empty list. +#[worker::send] +pub async fn get_granted_access() -> Json { + Json(json!({ + "data": [], + "object": "list", + "continuationToken": null + })) +} diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs index 2bf4465..b9a2e76 100644 --- a/src/handlers/mod.rs +++ b/src/handlers/mod.rs @@ -1,11 +1,13 @@ pub mod accounts; pub mod ciphers; pub mod config; -pub mod identity; -pub mod sync; +pub mod emergency_access; pub mod folders; +pub mod identity; pub mod import; pub mod purge; +pub mod sync; +pub mod webauth; /// Shared helper for reading an environment variable into usize. pub(crate) fn get_env_usize(env: &worker::Env, var_name: &str, default: usize) -> usize { diff --git a/src/handlers/webauth.rs b/src/handlers/webauth.rs new file mode 100644 index 0000000..585460f --- /dev/null +++ b/src/handlers/webauth.rs @@ -0,0 +1,16 @@ +use axum::Json; +use serde_json::{json, Value}; + +/// GET /webauthn +/// +/// Returns an empty list of WebAuthn credentials. +/// This prevents 404 errors and key-rotation issues when passkey login is enabled. +/// Vaultwarden does not yet support passkey login, so we return an empty list. +#[worker::send] +pub async fn get_webauthn_credentials() -> Json { + Json(json!({ + "object": "list", + "data": [], + "continuationToken": null + })) +} diff --git a/src/router.rs b/src/router.rs index 96aafde..61fa516 100644 --- a/src/router.rs +++ b/src/router.rs @@ -5,7 +5,7 @@ use axum::{ use std::sync::Arc; use worker::Env; -use crate::handlers::{accounts, ciphers, config, folders, identity, import, sync}; +use crate::handlers::{accounts, ciphers, config, emergency_access, folders, identity, import, sync, webauth}; pub fn api_router(env: Env) -> Router { let app_state = Arc::new(env); @@ -69,5 +69,19 @@ pub fn api_router(env: Env) -> Router { .route("/api/folders/{id}", put(folders::update_folder)) .route("/api/folders/{id}", delete(folders::delete_folder)) .route("/api/config", get(config::config)) + // Emergency access (stub - returns empty lists, feature not supported) + .route( + "/api/emergency-access/trusted", + get(emergency_access::get_trusted_contacts), + ) + .route( + "/api/emergency-access/granted", + get(emergency_access::get_granted_access), + ) + // WebAuthn (stub - prevents 404 errors, passkeys not supported) + .route( + "/api/webauthn", + get(webauth::get_webauthn_credentials), + ) .with_state(app_state) }