alpine-vaultwarden-argon2 (#1314)

Use Argon2 to securely hash passwords and protect them against various types of attacks.
This commit is contained in:
nicedevil007 2023-04-10 14:16:47 +02:00 committed by GitHub
parent 3621dd0c35
commit 76479a7733
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 3 deletions

View file

@ -59,7 +59,7 @@ function update_script() {
CHOICE=$( CHOICE=$(
whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \ whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \
"1" "Update Vaultwarden" \ "1" "Update Vaultwarden" \
"2" "Show Admin Token" 3>&2 2>&1 1>&3 "2" "Reset ADMIN_TOKEN" 3>&2 2>&1 1>&3
) )
exit_status=$? exit_status=$?
if [ $exit_status == 1 ]; then if [ $exit_status == 1 ]; then
@ -73,7 +73,17 @@ function update_script() {
exit exit
;; ;;
2) 2)
whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68 if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
if [[ -z "$NEWTOKEN" ]]; then exit-script; fi
if ! command -v argon2 >/dev/null 2>&1; then apk add argon2 &>/dev/null; fi
TOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
if [[ ! -f /var/lib/vaultwarden/config.json ]]; then
sed -i "s|export ADMIN_TOKEN=.*|export ADMIN_TOKEN='${TOKEN}'|" /etc/conf.d/vaultwarden
else
sed -i "s|\"admin_token\": .*|\"admin_token\": \"${TOKEN}\",|" /var/lib/vaultwarden/config.json
fi
rc-service vaultwarden restart -q
fi
clear clear
exit exit
;; ;;

View file

@ -20,6 +20,7 @@ $STD apk add openssl
$STD apk add openssh $STD apk add openssh
$STD apk add nano $STD apk add nano
$STD apk add mc $STD apk add mc
$STD apk add argon2
msg_ok "Installed Dependencies" msg_ok "Installed Dependencies"
msg_info "Installing Alpine-Vaultwarden" msg_info "Installing Alpine-Vaultwarden"
@ -28,7 +29,7 @@ cat <<EOF >/etc/conf.d/vaultwarden
export DATA_FOLDER=/var/lib/vaultwarden export DATA_FOLDER=/var/lib/vaultwarden
export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
export WEB_VAULT_ENABLED=true export WEB_VAULT_ENABLED=true
export ADMIN_TOKEN=$(openssl rand -base64 48) export ADMIN_TOKEN=''
export ROCKET_ADDRESS=0.0.0.0 export ROCKET_ADDRESS=0.0.0.0
EOF EOF
$STD rc-service vaultwarden start $STD rc-service vaultwarden start