bitwarden_rs/src/main.rs

#![feature(plugin, custom_derive)]
#![plugin(rocket_codegen)]
#![allow(proc_macro_derive_resolution_fallback)] // TODO: Remove this when diesel update fixes warnings
extern crate rocket;
extern crate rocket_contrib;
extern crate reqwest;
extern crate multipart;
extern crate serde;
#[macro_use]
extern crate serde_derive;
#[macro_use]
extern crate serde_json;
#[macro_use]
extern crate diesel;
#[macro_use]
extern crate diesel_migrations;
extern crate ring;
extern crate uuid;
extern crate chrono;
extern crate oath;
extern crate data_encoding;
extern crate jsonwebtoken as jwt;
extern crate u2f;
extern crate dotenv;
#[macro_use]
extern crate lazy_static;
#[macro_use]
extern crate num_derive;
extern crate num_traits;

use std::{env, path::Path, process::{exit, Command}};
use rocket::Rocket;

#[macro_use]
mod util;

mod api;
mod db;
mod crypto;
mod auth;

fn init_rocket() -> Rocket {
    rocket::ignite()
        .mount("/", api::web_routes())
        .mount("/api", api::core_routes())
        .mount("/identity", api::identity_routes())
        .mount("/icons", api::icons_routes())
        .mount("/notifications", api::notifications_routes())
        .manage(db::init_pool())
}

// Embed the migrations from the migrations folder into the application
// This way, the program automatically migrates the database to the latest version
// https://docs.rs/diesel_migrations/*/diesel_migrations/macro.embed_migrations.html
#[allow(unused_imports)]
mod migrations {
    embed_migrations!();

    pub fn run_migrations() {
        // Make sure the database is up to date (create if it doesn't exist, or run the migrations)
        let connection = ::db::get_connection().expect("Can't conect to DB");

        use std::io::stdout;
        embedded_migrations::run_with_output(&connection, &mut stdout()).expect("Can't run migrations");
    }
}

fn main() {
    check_db();
    check_rsa_keys();
    check_web_vault();  
    migrations::run_migrations(); 


    init_rocket().launch();
}

fn check_db() {
    let path = Path::new(&CONFIG.database_url);

    if let Some(parent) = path.parent() {
        use std::fs;
        if fs::create_dir_all(parent).is_err() {
            println!("Error creating database directory");
            exit(1);
        }
    }

    // Turn on WAL in SQLite
    use diesel::RunQueryDsl;
    let connection = db::get_connection().expect("Can't conect to DB");
    diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL");
}

fn check_rsa_keys() {
    // If the RSA keys don't exist, try to create them
    if !util::file_exists(&CONFIG.private_rsa_key)
        || !util::file_exists(&CONFIG.public_rsa_key) {
        println!("JWT keys don't exist, checking if OpenSSL is available...");

        Command::new("openssl")
            .arg("version")
            .output().unwrap_or_else(|_| {
            println!("Can't create keys because OpenSSL is not available, make sure it's installed and available on the PATH");
            exit(1);
        });

        println!("OpenSSL detected, creating keys...");

        let mut success = Command::new("openssl").arg("genrsa")
            .arg("-out").arg(&CONFIG.private_rsa_key_pem)
            .output().expect("Failed to create private pem file")
            .status.success();

        success &= Command::new("openssl").arg("rsa")
            .arg("-in").arg(&CONFIG.private_rsa_key_pem)
            .arg("-outform").arg("DER")
            .arg("-out").arg(&CONFIG.private_rsa_key)
            .output().expect("Failed to create private der file")
            .status.success();

        success &= Command::new("openssl").arg("rsa")
            .arg("-in").arg(&CONFIG.private_rsa_key)
            .arg("-inform").arg("DER")
            .arg("-RSAPublicKey_out")
            .arg("-outform").arg("DER")
            .arg("-out").arg(&CONFIG.public_rsa_key)
            .output().expect("Failed to create public der file")
            .status.success();

        if success {
            println!("Keys created correctly.");
        } else {
            println!("Error creating keys, exiting...");
            exit(1);
        }
    }
}

fn check_web_vault() {
    if !CONFIG.web_vault_enabled {
        return;
    }

    let index_path = Path::new(&CONFIG.web_vault_folder).join("index.html");

    if !index_path.exists() {
        println!("Web vault is not found. Please follow the steps in the README to install it");
        exit(1);
    }
}

lazy_static! {
    // Load the config from .env or from environment variables
    static ref CONFIG: Config = Config::load();
}

#[derive(Debug)]
pub struct Config {
    database_url: String,
    icon_cache_folder: String,
    attachments_folder: String,

    private_rsa_key: String,
    private_rsa_key_pem: String,
    public_rsa_key: String,

    web_vault_folder: String,
    web_vault_enabled: bool,

    local_icon_extractor: bool,
    signups_allowed: bool,
    password_iterations: i32,
    show_password_hint: bool,
    domain: String,
    domain_set: bool,
}

impl Config {
    fn load() -> Self {
        dotenv::dotenv().ok();

        let df = env::var("DATA_FOLDER").unwrap_or("data".into());
        let key = env::var("RSA_KEY_FILENAME").unwrap_or(format!("{}/{}", &df, "rsa_key"));

        let domain = env::var("DOMAIN");

        Config {
            database_url: env::var("DATABASE_URL").unwrap_or(format!("{}/{}", &df, "db.sqlite3")),
            icon_cache_folder: env::var("ICON_CACHE_FOLDER").unwrap_or(format!("{}/{}", &df, "icon_cache")),
            attachments_folder: env::var("ATTACHMENTS_FOLDER").unwrap_or(format!("{}/{}", &df, "attachments")),

            private_rsa_key: format!("{}.der", &key),
            private_rsa_key_pem: format!("{}.pem", &key),
            public_rsa_key: format!("{}.pub.der", &key),

            web_vault_folder: env::var("WEB_VAULT_FOLDER").unwrap_or("web-vault/".into()),
            web_vault_enabled: util::parse_option_string(env::var("WEB_VAULT_ENABLED").ok()).unwrap_or(true),

            local_icon_extractor: util::parse_option_string(env::var("LOCAL_ICON_EXTRACTOR").ok()).unwrap_or(false),
            signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(true),
            password_iterations: util::parse_option_string(env::var("PASSWORD_ITERATIONS").ok()).unwrap_or(100_000),
            show_password_hint: util::parse_option_string(env::var("SHOW_PASSWORD_HINT").ok()).unwrap_or(true),

            domain_set: domain.is_ok(),
            domain: domain.unwrap_or("http://localhost".into()),
        }
    }
}
First working version 2018-02-10 00:00:55 +00:00			`#![feature(plugin, custom_derive)]`
			`#![plugin(rocket_codegen)]`
Updated dependencies and Docker image to new web-vault 2018-07-21 15:27:00 +00:00			`#![allow(proc_macro_derive_resolution_fallback)] // TODO: Remove this when diesel update fixes warnings`
First working version 2018-02-10 00:00:55 +00:00			`extern crate rocket;`
			`extern crate rocket_contrib;`
			`extern crate reqwest;`
			`extern crate multipart;`
			`extern crate serde;`
			`#[macro_use]`
			`extern crate serde_derive;`
			`#[macro_use]`
			`extern crate serde_json;`
			`#[macro_use]`
			`extern crate diesel;`
			`#[macro_use]`
			`extern crate diesel_migrations;`
			`extern crate ring;`
			`extern crate uuid;`
			`extern crate chrono;`
			`extern crate oath;`
			`extern crate data_encoding;`
			`extern crate jsonwebtoken as jwt;`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`extern crate u2f;`
First working version 2018-02-10 00:00:55 +00:00			`extern crate dotenv;`
			`#[macro_use]`
			`extern crate lazy_static;`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`#[macro_use]`
			`extern crate num_derive;`
			`extern crate num_traits;`
First working version 2018-02-10 00:00:55 +00:00
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage. 2018-06-12 15:24:29 +00:00			`use std::{env, path::Path, process::{exit, Command}};`
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-22 23:38:54 +00:00			`use rocket::Rocket;`
First working version 2018-02-10 00:00:55 +00:00
			`#[macro_use]`
			`mod util;`

			`mod api;`
			`mod db;`
			`mod crypto;`
			`mod auth;`

			`fn init_rocket() -> Rocket {`
			`rocket::ignite()`
			`.mount("/", api::web_routes())`
			`.mount("/api", api::core_routes())`
			`.mount("/identity", api::identity_routes())`
			`.mount("/icons", api::icons_routes())`
Implemented basic support for prelogin and notification negotiation 2018-08-24 17:02:34 +00:00			`.mount("/notifications", api::notifications_routes())`
First working version 2018-02-10 00:00:55 +00:00			`.manage(db::init_pool())`
			`}`

			`// Embed the migrations from the migrations folder into the application`
			`// This way, the program automatically migrates the database to the latest version`
			`// https://docs.rs/diesel_migrations/*/diesel_migrations/macro.embed_migrations.html`
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage. 2018-06-12 15:24:29 +00:00			`#[allow(unused_imports)]`
			`mod migrations {`
			`embed_migrations!();`

			`pub fn run_migrations() {`
			`// Make sure the database is up to date (create if it doesn't exist, or run the migrations)`
			`let connection = ::db::get_connection().expect("Can't conect to DB");`

			`use std::io::stdout;`
			`embedded_migrations::run_with_output(&connection, &mut stdout()).expect("Can't run migrations");`
			`}`
			`}`
First working version 2018-02-10 00:00:55 +00:00
			`fn main() {`
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect. 2018-05-12 20:55:18 +00:00			`check_db();`
			`check_rsa_keys();`
Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage. 2018-06-12 15:24:29 +00:00			`check_web_vault();`
			`migrations::run_migrations();`
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect. 2018-05-12 20:55:18 +00:00
First working version 2018-02-10 00:00:55 +00:00
			`init_rocket().launch();`
			`}`

Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect. 2018-05-12 20:55:18 +00:00			`fn check_db() {`
			`let path = Path::new(&CONFIG.database_url);`

			`if let Some(parent) = path.parent() {`
			`use std::fs;`
			`if fs::create_dir_all(parent).is_err() {`
			`println!("Error creating database directory");`
			`exit(1);`
			`}`
			`}`
WAL journal mode and delete retry added 2018-07-31 14:07:17 +00:00
			`// Turn on WAL in SQLite`
			`use diesel::RunQueryDsl;`
			`let connection = db::get_connection().expect("Can't conect to DB");`
			`diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL");`
Check that the database folder exists before connecting If the parent folder ('data' by default) doesn't exist, the database won't be able to connect. 2018-05-12 20:55:18 +00:00			`}`

Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00			`fn check_rsa_keys() {`
			`// If the RSA keys don't exist, try to create them`
			`if !util::file_exists(&CONFIG.private_rsa_key)`
			`\|\| !util::file_exists(&CONFIG.public_rsa_key) {`
			`println!("JWT keys don't exist, checking if OpenSSL is available...");`

			`Command::new("openssl")`
			`.arg("version")`
			`.output().unwrap_or_else(\|_\| {`
			`println!("Can't create keys because OpenSSL is not available, make sure it's installed and available on the PATH");`
			`exit(1);`
			`});`

			`println!("OpenSSL detected, creating keys...");`

			`let mut success = Command::new("openssl").arg("genrsa")`
			`.arg("-out").arg(&CONFIG.private_rsa_key_pem)`
			`.output().expect("Failed to create private pem file")`
			`.status.success();`

			`success &= Command::new("openssl").arg("rsa")`
			`.arg("-in").arg(&CONFIG.private_rsa_key_pem)`
			`.arg("-outform").arg("DER")`
			`.arg("-out").arg(&CONFIG.private_rsa_key)`
			`.output().expect("Failed to create private der file")`
			`.status.success();`

			`success &= Command::new("openssl").arg("rsa")`
			`.arg("-in").arg(&CONFIG.private_rsa_key)`
			`.arg("-inform").arg("DER")`
			`.arg("-RSAPublicKey_out")`
			`.arg("-outform").arg("DER")`
			`.arg("-out").arg(&CONFIG.public_rsa_key)`
			`.output().expect("Failed to create public der file")`
			`.status.success();`

			`if success {`
Updated dependencies 2018-03-20 23:08:46 +00:00			`println!("Keys created correctly.");`
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00			`} else {`
			`println!("Error creating keys, exiting...");`
			`exit(1);`
			`}`
			`}`
			`}`

Removed included web vault. Now that docker automatically downloads the web-vault, keeping it in the repo doesn't make sense. Added error message in case someone tries to run the application directly without the web-vault instaled.. 2018-04-24 20:38:23 +00:00			`fn check_web_vault() {`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`if !CONFIG.web_vault_enabled {`
			`return;`
			`}`

Removed included web vault. Now that docker automatically downloads the web-vault, keeping it in the repo doesn't make sense. Added error message in case someone tries to run the application directly without the web-vault instaled.. 2018-04-24 20:38:23 +00:00			`let index_path = Path::new(&CONFIG.web_vault_folder).join("index.html");`

			`if !index_path.exists() {`
			`println!("Web vault is not found. Please follow the steps in the README to install it");`
			`exit(1);`
			`}`
			`}`

First working version 2018-02-10 00:00:55 +00:00			`lazy_static! {`
			`// Load the config from .env or from environment variables`
			`static ref CONFIG: Config = Config::load();`
			`}`

			`#[derive(Debug)]`
			`pub struct Config {`
			`database_url: String,`
			`icon_cache_folder: String,`
			`attachments_folder: String,`
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00
			`private_rsa_key: String,`
			`private_rsa_key_pem: String,`
			`public_rsa_key: String,`

First working version 2018-02-10 00:00:55 +00:00			`web_vault_folder: String,`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`web_vault_enabled: bool,`
First working version 2018-02-10 00:00:55 +00:00
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`local_icon_extractor: bool,`
First working version 2018-02-10 00:00:55 +00:00			`signups_allowed: bool,`
			`password_iterations: i32,`
Make password hints available in the error message #85 2018-08-10 13:21:42 +00:00			`show_password_hint: bool,`
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 19:46:50 +00:00			`domain: String,`
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain 2018-07-12 21:28:01 +00:00			`domain_set: bool,`
First working version 2018-02-10 00:00:55 +00:00			`}`

			`impl Config {`
			`fn load() -> Self {`
			`dotenv::dotenv().ok();`

Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00			`let df = env::var("DATA_FOLDER").unwrap_or("data".into());`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`let key = env::var("RSA_KEY_FILENAME").unwrap_or(format!("{}/{}", &df, "rsa_key"));`
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain 2018-07-12 21:28:01 +00:00			`let domain = env::var("DOMAIN");`

First working version 2018-02-10 00:00:55 +00:00			`Config {`
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00			`database_url: env::var("DATABASE_URL").unwrap_or(format!("{}/{}", &df, "db.sqlite3")),`
			`icon_cache_folder: env::var("ICON_CACHE_FOLDER").unwrap_or(format!("{}/{}", &df, "icon_cache")),`
			`attachments_folder: env::var("ATTACHMENTS_FOLDER").unwrap_or(format!("{}/{}", &df, "attachments")),`

Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`private_rsa_key: format!("{}.der", &key),`
			`private_rsa_key_pem: format!("{}.pem", &key),`
			`public_rsa_key: format!("{}.pub.der", &key),`
Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH) 2018-02-17 00:13:02 +00:00
First working version 2018-02-10 00:00:55 +00:00			`web_vault_folder: env::var("WEB_VAULT_FOLDER").unwrap_or("web-vault/".into()),`
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`web_vault_enabled: util::parse_option_string(env::var("WEB_VAULT_ENABLED").ok()).unwrap_or(true),`
First working version 2018-02-10 00:00:55 +00:00
Improved configuration and documented options. Implemented option to disable web vault and to disable the use of bitwarden's official icon servers 2018-06-12 19:09:42 +00:00			`local_icon_extractor: util::parse_option_string(env::var("LOCAL_ICON_EXTRACTOR").ok()).unwrap_or(false),`
			`signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(true),`
First working version 2018-02-10 00:00:55 +00:00			`password_iterations: util::parse_option_string(env::var("PASSWORD_ITERATIONS").ok()).unwrap_or(100_000),`
Make password hints available in the error message #85 2018-08-10 13:21:42 +00:00			`show_password_hint: util::parse_option_string(env::var("SHOW_PASSWORD_HINT").ok()).unwrap_or(true),`

Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain 2018-07-12 21:28:01 +00:00			`domain_set: domain.is_ok(),`
			`domain: domain.unwrap_or("http://localhost".into()),`
First working version 2018-02-10 00:00:55 +00:00			`}`
			`}`
			`}`