1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-01 13:43:23 +01:00
bitwarden-server/util/Setup/Context.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

197 lines
8.4 KiB
C#
Raw Normal View History

using Bit.Setup.Enums;
using YamlDotNet.Serialization;
2018-08-30 17:35:44 +02:00
using YamlDotNet.Serialization.NamingConventions;
namespace Bit.Setup;
2022-08-29 22:06:55 +02:00
2018-08-30 17:35:44 +02:00
public class Context
{
private const string ConfigPath = "/bitwarden/config.yml";
// These track of old CSP default values to correct.
// Do not change these values.
private const string Dec2020ContentSecurityPolicy = "default-src 'self'; style-src 'self' " +
"'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://twofactorauth.org; object-src 'self' blob:;";
private const string Jan2021ContentSecurityPolicy = "default-src 'self'; style-src 'self' " +
"'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://twofactorauth.org; object-src 'self' blob:;";
private const string Feb2021ContentSecurityPolicy = "default-src 'self'; style-src 'self' " +
"'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://2fa.directory; object-src 'self' blob:;";
private const string Jan2023ContentSecurityPolicy = "default-src 'self'; style-src 'self' " +
"'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com; " +
"child-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://api.2fa.directory; object-src 'self' blob:;";
2022-08-29 22:06:55 +02:00
private string[] _oldCspDefaults =
{
Dec2020ContentSecurityPolicy,
Jan2021ContentSecurityPolicy,
Feb2021ContentSecurityPolicy,
Jan2023ContentSecurityPolicy
};
2018-08-30 17:35:44 +02:00
public string[] Args { get; set; }
public bool Quiet { get; set; }
public bool Stub { get; set; }
public IDictionary<string, string> Parameters { get; set; }
public string OutputDir { get; set; } = "/etc/bitwarden";
public string HostOS { get; set; } = "win";
public string CoreVersion { get; set; } = "latest";
public string WebVersion { get; set; } = "latest";
public string KeyConnectorVersion { get; set; } = "latest";
public Installation Install { get; set; } = new Installation();
public Configuration Config { get; set; } = new Configuration();
2022-08-29 22:06:55 +02:00
2018-08-30 17:35:44 +02:00
public bool PrintToScreen()
{
return !Quiet || Parameters.ContainsKey("install");
}
2022-08-29 20:53:16 +02:00
public void LoadConfiguration()
2022-08-29 22:06:55 +02:00
{
if (!File.Exists(ConfigPath))
{
Helpers.WriteLine(this, "No existing `config.yml` detected. Let's generate one.");
2022-08-29 22:06:55 +02:00
// Looks like updating from older version. Try to create config file.
2018-10-18 17:41:49 +02:00
var url = Helpers.GetValueFromEnvFile("global", "globalSettings__baseServiceUri__vault");
if (!Uri.TryCreate(url, UriKind.Absolute, out var uri))
2018-08-30 17:35:44 +02:00
{
2019-03-12 15:26:14 +01:00
Helpers.WriteLine(this, "Unable to determine existing installation url.");
2022-08-29 22:06:55 +02:00
return;
}
2018-08-30 17:35:44 +02:00
Config.Url = url;
2022-08-29 22:06:55 +02:00
2019-03-12 15:26:14 +01:00
var push = Helpers.GetValueFromEnvFile("global", "globalSettings__pushRelayBaseUri");
Config.PushNotifications = push != "REPLACE";
2018-08-30 22:40:06 +02:00
2018-10-18 17:41:49 +02:00
var composeFile = "/bitwarden/docker/docker-compose.yml";
if (File.Exists(composeFile))
2022-08-29 22:06:55 +02:00
{
2018-10-18 17:41:49 +02:00
var fileLines = File.ReadAllLines(composeFile);
foreach (var line in fileLines)
2018-08-30 17:35:44 +02:00
{
2019-03-12 15:26:14 +01:00
if (!line.StartsWith("# Parameter:"))
2022-08-29 22:06:55 +02:00
{
2018-08-30 17:35:44 +02:00
continue;
2022-08-29 22:06:55 +02:00
}
2018-08-30 17:35:44 +02:00
2018-10-18 17:41:49 +02:00
var paramParts = line.Split("=");
if (paramParts.Length < 2)
2022-08-29 22:06:55 +02:00
{
2018-08-30 17:35:44 +02:00
continue;
2022-08-29 22:06:55 +02:00
}
2018-08-30 17:35:44 +02:00
if (paramParts[0] == "# Parameter:MssqlDataDockerVolume" &&
2018-08-30 17:35:44 +02:00
bool.TryParse(paramParts[1], out var mssqlDataDockerVolume))
{
Config.DatabaseDockerVolume = mssqlDataDockerVolume;
continue;
2022-08-29 22:06:55 +02:00
}
if (paramParts[0] == "# Parameter:HttpPort" && int.TryParse(paramParts[1], out var httpPort))
{
2018-08-30 17:35:44 +02:00
Config.HttpPort = httpPort == 0 ? null : httpPort.ToString();
continue;
}
2022-08-29 22:06:55 +02:00
if (paramParts[0] == "# Parameter:HttpsPort" && int.TryParse(paramParts[1], out var httpsPort))
{
2018-08-30 17:35:44 +02:00
Config.HttpsPort = httpsPort == 0 ? null : httpsPort.ToString();
continue;
}
}
2022-08-29 22:06:55 +02:00
}
2018-08-30 17:35:44 +02:00
var nginxFile = "/bitwarden/nginx/default.conf";
if (File.Exists(nginxFile))
2022-08-29 22:06:55 +02:00
{
var confContent = File.ReadAllText(nginxFile);
var selfSigned = confContent.Contains("/etc/ssl/self/");
Config.Ssl = confContent.Contains("ssl http2;");
Config.SslManagedLetsEncrypt = !selfSigned && confContent.Contains("/etc/letsencrypt/live/");
var diffieHellman = confContent.Contains("/dhparam.pem;");
var trusted = confContent.Contains("ssl_trusted_certificate ");
if (Config.SslManagedLetsEncrypt)
2018-08-30 17:35:44 +02:00
{
Config.Ssl = true;
2022-08-29 22:06:55 +02:00
}
else if (Config.Ssl)
2022-08-29 22:06:55 +02:00
{
var sslPath = selfSigned ? $"/etc/ssl/self/{Config.Domain}" : $"/etc/ssl/{Config.Domain}";
Config.SslCertificatePath = string.Concat(sslPath, "/", "certificate.crt");
Config.SslKeyPath = string.Concat(sslPath, "/", "private.key");
if (trusted)
2018-08-30 17:35:44 +02:00
{
Config.SslCaPath = string.Concat(sslPath, "/", "ca.crt");
}
if (diffieHellman)
2018-08-30 17:35:44 +02:00
{
Config.SslDiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem");
}
}
}
SaveConfiguration();
}
var configText = File.ReadAllText(ConfigPath);
var deserializer = new DeserializerBuilder()
.WithNamingConvention(UnderscoredNamingConvention.Instance)
.IgnoreUnmatchedProperties()
2018-08-30 17:35:44 +02:00
.Build();
Config = deserializer.Deserialize<Configuration>(configText);
// Fix old explicit config assignments of CSP which should be treated as a default value
if (_oldCspDefaults.Any(c => c == Config.NginxHeaderContentSecurityPolicy))
{
Config.NginxHeaderContentSecurityPolicy = null;
SaveConfiguration();
}
2022-08-29 22:06:55 +02:00
}
2018-08-30 17:35:44 +02:00
public void SaveConfiguration()
2022-08-29 22:06:55 +02:00
{
if (Config == null)
2018-08-30 17:35:44 +02:00
{
throw new Exception("Config is null.");
}
var serializer = new SerializerBuilder()
.WithNamingConvention(UnderscoredNamingConvention.Instance)
.WithTypeInspector(inner => new CommentGatheringTypeInspector(inner))
.WithEmissionPhaseObjectGraphVisitor(args => new CommentsObjectGraphVisitor(args.InnerVisitor))
.Build();
var yaml = serializer.Serialize(Config);
Directory.CreateDirectory("/bitwarden/");
using (var sw = File.CreateText(ConfigPath))
2018-08-30 17:35:44 +02:00
{
sw.Write(yaml);
}
}
2022-08-29 22:06:55 +02:00
2018-08-30 17:35:44 +02:00
public class Installation
2022-08-29 22:06:55 +02:00
{
2018-08-30 17:35:44 +02:00
public Guid InstallationId { get; set; }
public string InstallationKey { get; set; }
public CloudRegion CloudRegion { get; set; }
2018-08-30 17:35:44 +02:00
public bool DiffieHellman { get; set; }
public bool Trusted { get; set; }
public bool SelfSignedCert { get; set; }
public string IdentityCertPassword { get; set; }
public string Domain { get; set; }
public string Database { get; set; }
2022-08-29 22:06:55 +02:00
}
2018-08-30 17:35:44 +02:00
}