warden-worker/src/router.rs
2025-12-29 10:19:39 +00:00

213 lines
8.6 KiB
Rust

use axum::{
routing::{delete, get, post, put},
Router,
};
use std::sync::Arc;
use worker::Env;
use crate::handlers::{
accounts, attachments, ciphers, config, devices, domains, emergency_access, folders, identity,
import, meta, sync, twofactor, webauth,
};
pub fn api_router(env: Env) -> Router {
let app_state = Arc::new(env);
Router::new()
// Identity/Auth routes
.route("/identity/accounts/prelogin", post(accounts::prelogin))
.route("/identity/accounts/register", post(accounts::register))
.route(
"/identity/accounts/register/finish",
post(accounts::register),
)
.route("/identity/connect/token", post(identity::token))
.route(
"/identity/accounts/register/send-verification-email",
post(accounts::send_verification_email),
)
// Main data sync route
.route("/api/sync", get(sync::get_sync_data))
// For on-demand sync checks
.route("/api/accounts/revision-date", get(accounts::revision_date))
.route("/api/accounts/tasks", get(accounts::get_tasks))
.route("/api/accounts/profile", get(accounts::get_profile))
.route("/api/accounts/profile", post(accounts::post_profile))
.route("/api/accounts/profile", put(accounts::put_profile))
.route("/api/accounts/avatar", put(accounts::put_avatar))
// Delete account
.route("/api/accounts", delete(accounts::delete_account))
.route("/api/accounts/delete", post(accounts::delete_account))
// Set KDF
.route("/api/accounts/kdf", post(accounts::post_kdf))
// Change password
.route("/api/accounts/password", post(accounts::post_password))
// Rotate encryption keys
.route(
"/api/accounts/key-management/rotate-user-account-keys",
post(accounts::post_rotatekey),
)
// Auth requests (login with device) - stub to prevent client 404s
.route("/api/auth-requests", get(accounts::get_auth_requests))
.route(
"/api/auth-requests/pending",
get(accounts::get_auth_requests_pending),
)
// Ciphers CRUD
.route("/api/ciphers", get(ciphers::list_ciphers))
.route("/api/ciphers", post(ciphers::create_cipher_simple))
.route("/api/ciphers/create", post(ciphers::create_cipher))
.route("/api/ciphers/import", post(import::import_data))
.route("/api/ciphers/{id}", get(ciphers::get_cipher))
.route(
"/api/ciphers/{id}/details",
get(ciphers::get_cipher_details),
)
// Attachments
.route(
"/api/ciphers/{id}/attachment/v2",
post(attachments::create_attachment_v2),
)
// Note: Azure upload and download routes are handled in entry.js for zero-copy streaming
// PUT /api/ciphers/{id}/attachment/{attachment_id}/azure-upload
// GET /api/ciphers/{id}/attachment/{attachment_id}/download?token=...
.route(
"/api/ciphers/{id}/attachment",
post(attachments::upload_attachment_legacy),
)
.route(
"/api/ciphers/{id}/attachment/{attachment_id}",
post(attachments::upload_attachment_v2_data),
)
.route(
"/api/ciphers/{id}/attachment/{attachment_id}",
get(attachments::get_attachment),
)
.route(
"/api/ciphers/{id}/attachment/{attachment_id}",
delete(attachments::delete_attachment),
)
.route(
"/api/ciphers/{id}/attachment/{attachment_id}/delete",
post(attachments::delete_attachment_post),
)
.route("/api/ciphers/{id}", put(ciphers::update_cipher))
.route("/api/ciphers/{id}", post(ciphers::update_cipher))
// Cipher soft delete (PUT sets deleted_at timestamp)
.route("/api/ciphers/{id}/delete", put(ciphers::soft_delete_cipher))
// Cipher hard delete (DELETE/POST permanently removes cipher)
.route("/api/ciphers/{id}", delete(ciphers::hard_delete_cipher))
.route(
"/api/ciphers/{id}/delete",
post(ciphers::hard_delete_cipher),
)
// Partial update for folder/favorite
.route(
"/api/ciphers/{id}/partial",
put(ciphers::update_cipher_partial),
)
.route(
"/api/ciphers/{id}/partial",
post(ciphers::update_cipher_partial),
)
// Cipher bulk soft delete
.route(
"/api/ciphers/delete",
put(ciphers::soft_delete_ciphers_bulk),
)
// Cipher bulk hard delete
.route(
"/api/ciphers/delete",
post(ciphers::hard_delete_ciphers_bulk),
)
.route("/api/ciphers", delete(ciphers::hard_delete_ciphers_bulk))
// Cipher restore (clears deleted_at)
.route("/api/ciphers/{id}/restore", put(ciphers::restore_cipher))
// Cipher bulk restore
.route("/api/ciphers/restore", put(ciphers::restore_ciphers_bulk))
// Move ciphers to folder
.route("/api/ciphers/move", post(ciphers::move_cipher_selected))
.route("/api/ciphers/move", put(ciphers::move_cipher_selected))
// Purge vault - delete all ciphers and folders (requires password verification)
.route("/api/ciphers/purge", post(ciphers::purge_vault))
// Folders CRUD
.route("/api/folders", get(folders::list_folders))
.route("/api/folders", post(folders::create_folder))
.route("/api/folders/{id}", get(folders::get_folder))
.route("/api/folders/{id}", put(folders::update_folder))
.route("/api/folders/{id}", delete(folders::delete_folder))
.route("/api/folders/{id}/delete", post(folders::delete_folder))
.route("/api/config", get(config::config))
// Meta endpoints (mirrors a subset of vaultwarden core/mod.rs)
.route("/api/alive", get(meta::alive))
.route("/api/now", get(meta::now))
.route("/api/version", get(meta::version))
.route("/api/hibp/breach", get(meta::hibp_breach))
// Settings (stubbed)
.route("/api/settings/domains", get(domains::get_domains))
.route("/api/settings/domains", post(domains::post_domains))
.route("/api/settings/domains", put(domains::put_domains))
// Emergency access (stub - returns empty lists, feature not supported)
.route(
"/api/emergency-access/trusted",
get(emergency_access::get_trusted_contacts),
)
.route(
"/api/emergency-access/granted",
get(emergency_access::get_granted_access),
)
// Devices (stub - device tracking not implemented, JWT-based auth)
.route("/api/devices", get(devices::get_devices))
.route("/api/devices/knowndevice", get(devices::get_known_device))
.route(
"/api/devices/identifier/{device_id}",
get(devices::get_device),
)
.route(
"/api/devices/identifier/{device_id}/token",
post(devices::post_device_token),
)
.route(
"/api/devices/identifier/{device_id}/token",
put(devices::put_device_token),
)
.route(
"/api/devices/identifier/{device_id}/clear-token",
put(devices::put_clear_device_token),
)
.route(
"/api/devices/identifier/{device_id}/clear-token",
post(devices::post_clear_device_token),
)
// WebAuthn (stub - prevents 404 errors, passkeys not supported)
.route("/api/webauthn", get(webauth::get_webauthn_credentials))
// Two-factor authentication
.route("/api/two-factor", get(twofactor::get_twofactor))
.route(
"/api/two-factor/get-authenticator",
post(twofactor::get_authenticator),
)
.route(
"/api/two-factor/authenticator",
post(twofactor::activate_authenticator),
)
.route(
"/api/two-factor/authenticator",
put(twofactor::activate_authenticator_put),
)
.route(
"/api/two-factor/authenticator",
delete(twofactor::disable_authenticator),
)
.route(
"/api/two-factor/disable",
post(twofactor::disable_twofactor),
)
.route(
"/api/two-factor/disable",
put(twofactor::disable_twofactor_put),
)
.route("/api/two-factor/get-recover", post(twofactor::get_recover))
.route("/api/two-factor/recover", post(twofactor::recover))
.with_state(app_state)
}