Argon2 Hashing

2 years ago · d787bbb453
parent c152e24ef8
commit d787bbb453
2 changed files with 32 additions and 8 deletions
--- a/ct/alpine-vaultwarden.sh
+++ b/ct/alpine-vaultwarden.sh
@ -59,7 +59,7 @@ function update_script() {
    CHOICE=$(
      whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \
        "1" "Update Vaultwarden" \
-        "2" "Show Admin Token" 3>&2 2>&1 1>&3
+        "2" "Reset Admin-Token" 3>&2 2>&1 1>&3
    )
    exit_status=$?
    if [ $exit_status == 1 ]; then
@ -73,7 +73,22 @@ function update_script() {
      exit
      ;;
    2)
-      whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68
+      if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
+        if [[ -z "$NEWTOKEN" ]]; then exit-script; fi      
+        ADMINTOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
+        if [[ -f /var/lib/vaultwarden/config.json ]]; then 
+          sed -i '/admin_token/d' /var/lib/vaultwarden/config.json
+          sed -i "2i\\  \"admin_token\": \"$ADMINTOKEN\"" /var/lib/vaultwarden/config.json
+        fi
+      fi
+      cat <<EOF >/etc/conf.d/vaultwarden
+export DATA_FOLDER=/var/lib/vaultwarden
+export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
+export WEB_VAULT_ENABLED=true
+export ADMIN_TOKEN='$ADMINTOKEN'
+export ROCKET_ADDRESS=0.0.0.0
+EOF
+      rc-service vaultwarden restart
      clear
      exit
      ;;
--- a/install/alpine-vaultwarden-install.sh
+++ b/install/alpine-vaultwarden-install.sh
@ -12,23 +12,32 @@ catch_errors
 setting_up_container
 network_check
 update_os
+default_packages

 msg_info "Installing Dependencies"
-$STD apk add newt
-$STD apk add curl
 $STD apk add openssl
-$STD apk add openssh
-$STD apk add nano
-$STD apk add mc
+$STD apk add argon2
 msg_ok "Installed Dependencies"

 msg_info "Installing Alpine-Vaultwarden"
 $STD apk add vaultwarden
+ADMINTOKEN=''
+if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
+  if [[ ! -z "$NEWTOKEN" ]]; then
+    ADMINTOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
+  else
+    clear
+    echo -e "⚠  User didn't setup ADMIN_TOKEN, admin panel is disabled! \n"
+  fi
+else
+  clear
+  echo -e "⚠  User didn't setup ADMIN_TOKEN, admin panel is disabled! \n"
+fi
 cat <<EOF >/etc/conf.d/vaultwarden
 export DATA_FOLDER=/var/lib/vaultwarden
 export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
 export WEB_VAULT_ENABLED=true
-export ADMIN_TOKEN=$(openssl rand -base64 48)
+export ADMIN_TOKEN='$ADMINTOKEN'
 export ROCKET_ADDRESS=0.0.0.0
 EOF
 $STD rc-service vaultwarden start