alpine-vaultwarden-argon2 (#1314)

Use Argon2 to securely hash passwords and protect them against various types of attacks.
This commit is contained in:
nicedevil007 2023-04-10 14:16:47 +02:00 committed by GitHub
parent 3621dd0c35
commit 76479a7733
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 3 deletions

View File

@ -59,7 +59,7 @@ function update_script() {
CHOICE=$(
whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \
"1" "Update Vaultwarden" \
"2" "Show Admin Token" 3>&2 2>&1 1>&3
"2" "Reset ADMIN_TOKEN" 3>&2 2>&1 1>&3
)
exit_status=$?
if [ $exit_status == 1 ]; then
@ -73,7 +73,17 @@ function update_script() {
exit
;;
2)
whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68
if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
if [[ -z "$NEWTOKEN" ]]; then exit-script; fi
if ! command -v argon2 >/dev/null 2>&1; then apk add argon2 &>/dev/null; fi
TOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
if [[ ! -f /var/lib/vaultwarden/config.json ]]; then
sed -i "s|export ADMIN_TOKEN=.*|export ADMIN_TOKEN='${TOKEN}'|" /etc/conf.d/vaultwarden
else
sed -i "s|\"admin_token\": .*|\"admin_token\": \"${TOKEN}\",|" /var/lib/vaultwarden/config.json
fi
rc-service vaultwarden restart -q
fi
clear
exit
;;

View File

@ -20,6 +20,7 @@ $STD apk add openssl
$STD apk add openssh
$STD apk add nano
$STD apk add mc
$STD apk add argon2
msg_ok "Installed Dependencies"
msg_info "Installing Alpine-Vaultwarden"
@ -28,7 +29,7 @@ cat <<EOF >/etc/conf.d/vaultwarden
export DATA_FOLDER=/var/lib/vaultwarden
export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
export WEB_VAULT_ENABLED=true
export ADMIN_TOKEN=$(openssl rand -base64 48)
export ADMIN_TOKEN=''
export ROCKET_ADDRESS=0.0.0.0
EOF
$STD rc-service vaultwarden start