From d787bbb45374c96cf78bbbe4bc30fee55ef2be48 Mon Sep 17 00:00:00 2001
From: nicedevil007 <17103076+nicedevil007@users.noreply.github.com>
Date: Sun, 9 Apr 2023 18:48:35 +0200
Subject: [PATCH] Argon2 Hashing

---
 ct/alpine-vaultwarden.sh              | 19 +++++++++++++++++--
 install/alpine-vaultwarden-install.sh | 21 +++++++++++++++------
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/ct/alpine-vaultwarden.sh b/ct/alpine-vaultwarden.sh
index 45ea5390..6867d356 100644
--- a/ct/alpine-vaultwarden.sh
+++ b/ct/alpine-vaultwarden.sh
@@ -59,7 +59,7 @@ function update_script() {
     CHOICE=$(
       whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \
         "1" "Update Vaultwarden" \
-        "2" "Show Admin Token" 3>&2 2>&1 1>&3
+        "2" "Reset Admin-Token" 3>&2 2>&1 1>&3
     )
     exit_status=$?
     if [ $exit_status == 1 ]; then
@@ -73,7 +73,22 @@ function update_script() {
       exit
       ;;
     2)
-      whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68
+      if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
+        if [[ -z "$NEWTOKEN" ]]; then exit-script; fi      
+        ADMINTOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
+        if [[ -f /var/lib/vaultwarden/config.json ]]; then 
+          sed -i '/admin_token/d' /var/lib/vaultwarden/config.json
+          sed -i "2i\\  \"admin_token\": \"$ADMINTOKEN\"" /var/lib/vaultwarden/config.json
+        fi
+      fi
+      cat <<EOF >/etc/conf.d/vaultwarden
+export DATA_FOLDER=/var/lib/vaultwarden
+export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
+export WEB_VAULT_ENABLED=true
+export ADMIN_TOKEN='$ADMINTOKEN'
+export ROCKET_ADDRESS=0.0.0.0
+EOF
+      rc-service vaultwarden restart
       clear
       exit
       ;;
diff --git a/install/alpine-vaultwarden-install.sh b/install/alpine-vaultwarden-install.sh
index 6c6f90a5..56671b32 100644
--- a/install/alpine-vaultwarden-install.sh
+++ b/install/alpine-vaultwarden-install.sh
@@ -12,23 +12,32 @@ catch_errors
 setting_up_container
 network_check
 update_os
+default_packages
 
 msg_info "Installing Dependencies"
-$STD apk add newt
-$STD apk add curl
 $STD apk add openssl
-$STD apk add openssh
-$STD apk add nano
-$STD apk add mc
+$STD apk add argon2
 msg_ok "Installed Dependencies"
 
 msg_info "Installing Alpine-Vaultwarden"
 $STD apk add vaultwarden
+ADMINTOKEN=''
+if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
+  if [[ ! -z "$NEWTOKEN" ]]; then
+    ADMINTOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
+  else
+    clear
+    echo -e "⚠  User didn't setup ADMIN_TOKEN, admin panel is disabled! \n"
+  fi
+else
+  clear
+  echo -e "⚠  User didn't setup ADMIN_TOKEN, admin panel is disabled! \n"
+fi
 cat <<EOF >/etc/conf.d/vaultwarden
 export DATA_FOLDER=/var/lib/vaultwarden
 export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
 export WEB_VAULT_ENABLED=true
-export ADMIN_TOKEN=$(openssl rand -base64 48)
+export ADMIN_TOKEN='$ADMINTOKEN'
 export ROCKET_ADDRESS=0.0.0.0
 EOF
 $STD rc-service vaultwarden start