vividboarder
/
bitwarden_rs
mirror of https://github.com/ViViDboarder/bitwarden_rs.git
1
0
Fork 0
Code Issues Releases Wiki Activity
bitwarden_rs/src/main.rs

277 lines
8.4 KiB
Rust
Raw Normal View History

Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 15:43:46 +00:00
#![feature(plugin, custom_derive, vec_remove_item)]
First working version
2018-02-10 00:00:55 +00:00
#![plugin(rocket_codegen)]
Updated dependencies and Docker image to new web-vault
2018-07-21 15:27:00 +00:00
#![allow(proc_macro_derive_resolution_fallback)] // TODO: Remove this when diesel update fixes warnings
First working version
2018-02-10 00:00:55 +00:00
extern crate rocket;
extern crate rocket_contrib;
extern crate reqwest;
extern crate multipart;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 15:43:46 +00:00
extern crate ws;
extern crate rmpv;
extern crate chashmap;
First working version
2018-02-10 00:00:55 +00:00
extern crate serde;
#[macro_use]
extern crate serde_derive;
#[macro_use]
extern crate serde_json;
#[macro_use]
extern crate diesel;
#[macro_use]
extern crate diesel_migrations;
extern crate ring;
extern crate uuid;
extern crate chrono;
extern crate oath;
extern crate data_encoding;
extern crate jsonwebtoken as jwt;
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 19:46:50 +00:00
extern crate u2f;
First working version
2018-02-10 00:00:55 +00:00
extern crate dotenv;
#[macro_use]
extern crate lazy_static;
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 19:46:50 +00:00
#[macro_use]
extern crate num_derive;
extern crate num_traits;
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
extern crate lettre;
extern crate lettre_email;
extern crate native_tls;
Check email validity before using it for password hint sending
2018-08-15 15:25:59 +00:00
extern crate fast_chemail;
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 15:43:46 +00:00
extern crate byteorder;
First working version
2018-02-10 00:00:55 +00:00
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage.
2018-06-12 15:24:29 +00:00
use std::{env, path::Path, process::{exit, Command}};
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings
2018-02-22 23:38:54 +00:00
use rocket::Rocket;
First working version
2018-02-10 00:00:55 +00:00
#[macro_use]
mod util;
mod api;
mod db;
mod crypto;
mod auth;
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
mod mail;
First working version
2018-02-10 00:00:55 +00:00
fn init_rocket() -> Rocket {
rocket::ignite()
.mount("/", api::web_routes())
.mount("/api", api::core_routes())
.mount("/identity", api::identity_routes())
.mount("/icons", api::icons_routes())
Implemented basic support for prelogin and notification negotiation
2018-08-24 17:02:34 +00:00
.mount("/notifications", api::notifications_routes())
First working version
2018-02-10 00:00:55 +00:00
.manage(db::init_pool())
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 15:43:46 +00:00
.manage(api::start_notification_server())
First working version
2018-02-10 00:00:55 +00:00
}
// Embed the migrations from the migrations folder into the application
// This way, the program automatically migrates the database to the latest version
// https://docs.rs/diesel_migrations/*/diesel_migrations/macro.embed_migrations.html
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage.
2018-06-12 15:24:29 +00:00
#[allow(unused_imports)]
mod migrations {
embed_migrations!();
pub fn run_migrations() {
// Make sure the database is up to date (create if it doesn't exist, or run the migrations)
let connection = ::db::get_connection().expect("Can't conect to DB");
use std::io::stdout;
embedded_migrations::run_with_output(&connection, &mut stdout()).expect("Can't run migrations");
}
}
First working version
2018-02-10 00:00:55 +00:00
fn main() {
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect.
2018-05-12 20:55:18 +00:00
check_db();
check_rsa_keys();
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage.
2018-06-12 15:24:29 +00:00
check_web_vault();
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 15:43:46 +00:00
migrations::run_migrations();
First working version
2018-02-10 00:00:55 +00:00
init_rocket().launch();
}
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect.
2018-05-12 20:55:18 +00:00
fn check_db() {
let path = Path::new(&CONFIG.database_url);
if let Some(parent) = path.parent() {
use std::fs;
if fs::create_dir_all(parent).is_err() {
println!("Error creating database directory");
exit(1);
}
}
WAL journal mode and delete retry added
2018-07-31 14:07:17 +00:00
// Turn on WAL in SQLite
use diesel::RunQueryDsl;
let connection = db::get_connection().expect("Can't conect to DB");
diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL");
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect.
2018-05-12 20:55:18 +00:00
}
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
fn check_rsa_keys() {
// If the RSA keys don't exist, try to create them
if !util::file_exists(&CONFIG.private_rsa_key)
|| !util::file_exists(&CONFIG.public_rsa_key) {
println!("JWT keys don't exist, checking if OpenSSL is available...");
Command::new("openssl")
.arg("version")
.output().unwrap_or_else(|_| {
println!("Can't create keys because OpenSSL is not available, make sure it's installed and available on the PATH");
exit(1);
});
println!("OpenSSL detected, creating keys...");
let mut success = Command::new("openssl").arg("genrsa")
.arg("-out").arg(&CONFIG.private_rsa_key_pem)
.output().expect("Failed to create private pem file")
.status.success();
success &= Command::new("openssl").arg("rsa")
.arg("-in").arg(&CONFIG.private_rsa_key_pem)
.arg("-outform").arg("DER")
.arg("-out").arg(&CONFIG.private_rsa_key)
.output().expect("Failed to create private der file")
.status.success();
success &= Command::new("openssl").arg("rsa")
.arg("-in").arg(&CONFIG.private_rsa_key)
.arg("-inform").arg("DER")
.arg("-RSAPublicKey_out")
.arg("-outform").arg("DER")
.arg("-out").arg(&CONFIG.public_rsa_key)
.output().expect("Failed to create public der file")
.status.success();
if success {
Updated dependencies
2018-03-20 23:08:46 +00:00
println!("Keys created correctly.");
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
} else {
println!("Error creating keys, exiting...");
exit(1);
}
}
}
Removed included web vault. Now that docker automatically downloads the web-vault, keeping it in the repo doesn't make sense. Added error message in case someone tries to run the application directly without the web-vault instaled..
2018-04-24 20:38:23 +00:00
fn check_web_vault() {
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
if !CONFIG.web_vault_enabled {
return;
}
Removed included web vault. Now that docker automatically downloads the web-vault, keeping it in the repo doesn't make sense. Added error message in case someone tries to run the application directly without the web-vault instaled..
2018-04-24 20:38:23 +00:00
let index_path = Path::new(&CONFIG.web_vault_folder).join("index.html");
if !index_path.exists() {
println!("Web vault is not found. Please follow the steps in the README to install it");
exit(1);
}
}
First working version
2018-02-10 00:00:55 +00:00
lazy_static! {
// Load the config from .env or from environment variables
static ref CONFIG: Config = Config::load();
}
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
#[derive(Debug)]
pub struct MailConfig {
smtp_host: String,
smtp_port: u16,
smtp_ssl: bool,
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
smtp_from: String,
make SMTP authentication optionnal, let lettre pick the better auth mechanism
2018-08-15 15:00:55 +00:00
smtp_username: Option<String>,
smtp_password: Option<String>,
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
}
impl MailConfig {
fn load() -> Option<Self> {
make SMTP authentication optionnal, let lettre pick the better auth mechanism
2018-08-15 15:00:55 +00:00
let smtp_host = env::var("SMTP_HOST").ok();
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
// When SMTP_HOST is absent, we assume the user does not want to enable it.
if smtp_host.is_none() {
return None
}
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
let smtp_ssl = util::parse_option_string(env::var("SMTP_SSL").ok()).unwrap_or(true);
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
let smtp_port = util::parse_option_string(env::var("SMTP_PORT").ok())
.unwrap_or_else(|| {
if smtp_ssl {
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
587u16
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
} else {
25u16
}
});
make SMTP authentication optionnal, let lettre pick the better auth mechanism
2018-08-15 15:00:55 +00:00
let smtp_username = env::var("SMTP_USERNAME").ok();
let smtp_password = env::var("SMTP_PASSWORD").ok().or_else(|| {
if smtp_username.as_ref().is_some() {
println!("Please specify SMTP_PASSWORD to enable SMTP support.");
exit(1);
} else {
None
}
});
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
Some(MailConfig {
smtp_host: smtp_host.unwrap(),
smtp_port: smtp_port,
smtp_ssl: smtp_ssl,
SMTP integration, send password hint by email.
2018-08-15 06:32:19 +00:00
smtp_from: util::parse_option_string(env::var("SMTP_FROM").ok())
make SMTP authentication optionnal, let lettre pick the better auth mechanism
2018-08-15 15:00:55 +00:00
.unwrap_or("bitwarden-rs@localhost".to_string()),
smtp_username: smtp_username,
smtp_password: smtp_password,
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
})
}
}
First working version
2018-02-10 00:00:55 +00:00
#[derive(Debug)]
pub struct Config {
database_url: String,
icon_cache_folder: String,
attachments_folder: String,
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
private_rsa_key: String,
private_rsa_key_pem: String,
public_rsa_key: String,
First working version
2018-02-10 00:00:55 +00:00
web_vault_folder: String,
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
web_vault_enabled: bool,
First working version
2018-02-10 00:00:55 +00:00
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
local_icon_extractor: bool,
First working version
2018-02-10 00:00:55 +00:00
signups_allowed: bool,
Implement poor man's invitation via Organization invitation
2018-09-10 13:51:40 +00:00
invitations_allowed: bool,
First working version
2018-02-10 00:00:55 +00:00
password_iterations: i32,
Make password hints available in the error message #85
2018-08-10 13:21:42 +00:00
show_password_hint: bool,
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 19:46:50 +00:00
domain: String,
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain
2018-07-12 21:28:01 +00:00
domain_set: bool,
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
mail: Option<MailConfig>,
First working version
2018-02-10 00:00:55 +00:00
}
impl Config {
fn load() -> Self {
dotenv::dotenv().ok();
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
let df = env::var("DATA_FOLDER").unwrap_or("data".into());
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
let key = env::var("RSA_KEY_FILENAME").unwrap_or(format!("{}/{}", &df, "rsa_key"));
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain
2018-07-12 21:28:01 +00:00
let domain = env::var("DOMAIN");
First working version
2018-02-10 00:00:55 +00:00
Config {
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
database_url: env::var("DATABASE_URL").unwrap_or(format!("{}/{}", &df, "db.sqlite3")),
icon_cache_folder: env::var("ICON_CACHE_FOLDER").unwrap_or(format!("{}/{}", &df, "icon_cache")),
attachments_folder: env::var("ATTACHMENTS_FOLDER").unwrap_or(format!("{}/{}", &df, "attachments")),
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
private_rsa_key: format!("{}.der", &key),
private_rsa_key_pem: format!("{}.pem", &key),
public_rsa_key: format!("{}.pub.der", &key),
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
2018-02-17 00:13:02 +00:00
First working version
2018-02-10 00:00:55 +00:00
web_vault_folder: env::var("WEB_VAULT_FOLDER").unwrap_or("web-vault/".into()),
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
web_vault_enabled: util::parse_option_string(env::var("WEB_VAULT_ENABLED").ok()).unwrap_or(true),
First working version
2018-02-10 00:00:55 +00:00
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers
2018-06-12 19:09:42 +00:00
local_icon_extractor: util::parse_option_string(env::var("LOCAL_ICON_EXTRACTOR").ok()).unwrap_or(false),
signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(true),
Implement poor man's invitation via Organization invitation
2018-09-10 13:51:40 +00:00
invitations_allowed: util::parse_option_string(env::var("INVITATIONS_ALLOWED").ok()).unwrap_or(true),
First working version
2018-02-10 00:00:55 +00:00
password_iterations: util::parse_option_string(env::var("PASSWORD_ITERATIONS").ok()).unwrap_or(100_000),
Make password hints available in the error message #85
2018-08-10 13:21:42 +00:00
show_password_hint: util::parse_option_string(env::var("SHOW_PASSWORD_HINT").ok()).unwrap_or(true),
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain
2018-07-12 21:28:01 +00:00
domain_set: domain.is_ok(),
domain: domain.unwrap_or("http://localhost".into()),
SMTP configuration parsing and checking
2018-08-13 11:46:32 +00:00
mail: MailConfig::load(),
First working version
2018-02-10 00:00:55 +00:00
}
}
}