From 76479a7733b1e1122835a1b1b0afd05a5204e6b0 Mon Sep 17 00:00:00 2001 From: nicedevil007 <17103076+nicedevil007@users.noreply.github.com> Date: Mon, 10 Apr 2023 14:16:47 +0200 Subject: [PATCH] alpine-vaultwarden-argon2 (#1314) Use Argon2 to securely hash passwords and protect them against various types of attacks. --- ct/alpine-vaultwarden.sh | 14 ++++++++++++-- install/alpine-vaultwarden-install.sh | 3 ++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/ct/alpine-vaultwarden.sh b/ct/alpine-vaultwarden.sh index 45ea5390..3783d633 100644 --- a/ct/alpine-vaultwarden.sh +++ b/ct/alpine-vaultwarden.sh @@ -59,7 +59,7 @@ function update_script() { CHOICE=$( whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \ "1" "Update Vaultwarden" \ - "2" "Show Admin Token" 3>&2 2>&1 1>&3 + "2" "Reset ADMIN_TOKEN" 3>&2 2>&1 1>&3 ) exit_status=$? if [ $exit_status == 1 ]; then @@ -73,7 +73,17 @@ function update_script() { exit ;; 2) - whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68 + if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then + if [[ -z "$NEWTOKEN" ]]; then exit-script; fi + if ! command -v argon2 >/dev/null 2>&1; then apk add argon2 &>/dev/null; fi + TOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1) + if [[ ! -f /var/lib/vaultwarden/config.json ]]; then + sed -i "s|export ADMIN_TOKEN=.*|export ADMIN_TOKEN='${TOKEN}'|" /etc/conf.d/vaultwarden + else + sed -i "s|\"admin_token\": .*|\"admin_token\": \"${TOKEN}\",|" /var/lib/vaultwarden/config.json + fi + rc-service vaultwarden restart -q + fi clear exit ;; diff --git a/install/alpine-vaultwarden-install.sh b/install/alpine-vaultwarden-install.sh index 6c6f90a5..f048745b 100644 --- a/install/alpine-vaultwarden-install.sh +++ b/install/alpine-vaultwarden-install.sh @@ -20,6 +20,7 @@ $STD apk add openssl $STD apk add openssh $STD apk add nano $STD apk add mc +$STD apk add argon2 msg_ok "Installed Dependencies" msg_info "Installing Alpine-Vaultwarden" @@ -28,7 +29,7 @@ cat </etc/conf.d/vaultwarden export DATA_FOLDER=/var/lib/vaultwarden export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault export WEB_VAULT_ENABLED=true -export ADMIN_TOKEN=$(openssl rand -base64 48) +export ADMIN_TOKEN='' export ROCKET_ADDRESS=0.0.0.0 EOF $STD rc-service vaultwarden start