alpine-vaultwarden-argon2 (#1314)

Use Argon2 to securely hash passwords and protect them against various types of attacks.

ct/alpine-vaultwarden.sh

@@ -59,7 +59,7 @@ function update_script() {
     CHOICE=$(
       whiptail --title "SUPPORT" --menu "Select option" 11 58 2 \
         "1" "Update Vaultwarden" \
-        "2" "Show Admin Token" 3>&2 2>&1 1>&3
+        "2" "Reset ADMIN_TOKEN" 3>&2 2>&1 1>&3
     )
     exit_status=$?
     if [ $exit_status == 1 ]; then
@@ -73,7 +73,17 @@ function update_script() {
       exit
       ;;
     2)
-      whiptail --title "ADMIN TOKEN" --msgbox "$(cat /etc/conf.d/vaultwarden | grep ADMIN_TOKEN | awk '{print substr($2, 13) }')" 7 68
+      if NEWTOKEN=$(whiptail --passwordbox "Setup your ADMIN_TOKEN (make it strong)" 10 58 3>&1 1>&2 2>&3); then
+        if [[ -z "$NEWTOKEN" ]]; then exit-script; fi
+        if ! command -v argon2 >/dev/null 2>&1; then apk add argon2 &>/dev/null; fi
+        TOKEN=$(echo -n ${NEWTOKEN} | argon2 "$(openssl rand -base64 32)" -e -id -k 19456 -t 2 -p 1)
+        if [[ ! -f /var/lib/vaultwarden/config.json ]]; then
+          sed -i "s|export ADMIN_TOKEN=.*|export ADMIN_TOKEN='${TOKEN}'|" /etc/conf.d/vaultwarden
+        else
+          sed -i "s|\"admin_token\": .*|\"admin_token\": \"${TOKEN}\",|" /var/lib/vaultwarden/config.json
+        fi
+        rc-service vaultwarden restart -q
+      fi      
       clear
       exit
       ;;

install/alpine-vaultwarden-install.sh

@@ -20,6 +20,7 @@ $STD apk add openssl
 $STD apk add openssh
 $STD apk add nano
 $STD apk add mc
+$STD apk add argon2
 msg_ok "Installed Dependencies"
 
 msg_info "Installing Alpine-Vaultwarden"
@@ -28,7 +29,7 @@ cat <<EOF >/etc/conf.d/vaultwarden
 export DATA_FOLDER=/var/lib/vaultwarden
 export WEB_VAULT_FOLDER=/var/lib/vaultwarden/web-vault
 export WEB_VAULT_ENABLED=true
-export ADMIN_TOKEN=$(openssl rand -base64 48)
+export ADMIN_TOKEN=''
 export ROCKET_ADDRESS=0.0.0.0
 EOF
 $STD rc-service vaultwarden start