Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-23 03:01:23 +01:00
Code Issues Projects Releases Wiki Activity

Allow for changing database name (#1397)

Browse Source 
* Remove hard coded database name

* Update permissions on build scripts

* Update Setup project and run scripts for configuring database name

* Remove hyphen from database name flag

* Update with suggested changes, still needs testing

* Revert SQL statements to concatenantion for testing

* Fix typo

* Update util/Setup/EnvironmentFileBuilder.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update SQL commands to prevent SQL injection attacks

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
This commit is contained in:
Vince Grassia 2021-07-02 10:52:34 -04:00 committed by GitHub
parent 86a12efa76
commit bdcfbb3b43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 73 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
bitwarden_license/src/Portal/build.sh Normal file → Executable file
View File

0
bitwarden_license/src/Sso/build.sh Normal file → Executable file
View File

34
scripts/run.ps1
View File

@ -21,15 +21,15 @@ $qFlag = ""
$quietPullFlag = ""
$certbotHttpPort = "80"
$certbotHttpsPort = "443"
if($env:BITWARDEN_QUIET -eq "true") {
if ($env:BITWARDEN_QUIET -eq "true") {
$setupQuiet = 1
$qFlag = " -q"
$quietPullFlag = " --quiet-pull"
}
if("${env:BITWARDEN_CERTBOT_HTTP_PORT}" -ne "") {
if ("${env:BITWARDEN_CERTBOT_HTTP_PORT}" -ne "") {
$certbotHttpPort = $env:BITWARDEN_CERTBOT_HTTP_PORT
}
if("${env:BITWARDEN_CERTBOT_HTTPS_PORT}" -ne "") {
if ("${env:BITWARDEN_CERTBOT_HTTPS_PORT}" -ne "") {
$certbotHttpsPort = $env:BITWARDEN_CERTBOT_HTTPS_PORT
}
@ -53,7 +53,7 @@ function Install() {
if ($letsEncrypt -eq "y") {
Write-Host "(!) " -f cyan -nonewline
[string]$email = $( Read-Host ("Enter your email address (Let's Encrypt will send you certificate " +
"expiration reminders)") )
"expiration reminders)") )
echo ""
$letsEncryptPath = "${outputDir}/letsencrypt"
@ -61,18 +61,26 @@ function Install() {
New-Item -ItemType directory -Path $letsEncryptPath | Out-Null
}
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +`
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +`
"certonly{0} --standalone --noninteractive --agree-tos --preferred-challenges http " +`
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"certonly{0} --standalone --noninteractive --agree-tos --preferred-challenges http " + `
"--email ${email} -d ${domain} --logs-dir /etc/letsencrypt/logs"
Invoke-Expression ($certbotExp -f $qFlag)
}
}
Write-Host "(!) " -f cyan -nonewline
[string]$database = $( Read-Host "Enter the database name for your Bitwarden instance (ex. vault): ")
echo ""
if ($database -eq "") {
$database = "vault"
}
Pull-Setup
docker run -it --rm --name setup -v ${outputDir}:/bitwarden bitwarden/setup:$coreVersion `
dotnet Setup.dll -install 1 -domain ${domain} -letsencrypt ${letsEncrypt} `
-os win -corev $coreVersion -webv $webVersion -q $setupQuiet
-os win -corev $coreVersion -webv $webVersion -q $setupQuiet -dbname "$database"
}
function Docker-Compose-Up {
@ -137,8 +145,8 @@ function Docker-Prune {
function Update-Lets-Encrypt {
if (Test-Path -Path "${outputDir}\letsencrypt\live") {
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +`
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +`
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"renew{0} --logs-dir /etc/letsencrypt/logs" -f $qFlag
Invoke-Expression $certbotExp
}
@ -147,8 +155,8 @@ function Update-Lets-Encrypt {
function Force-Update-Lets-Encrypt {
if (Test-Path -Path "${outputDir}\letsencrypt\live") {
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +`
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +`
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"renew{0} --logs-dir /etc/letsencrypt/logs --force-renew" -f $qFlag
Invoke-Expression $certbotExp
}
@ -200,7 +208,7 @@ function Pull-Setup {
}
function Write-Line($str) {
if($env:BITWARDEN_QUIET -ne "true") {
if ($env:BITWARDEN_QUIET -ne "true") {
Write-Host $str
}
}

11
scripts/run.sh
View File

@ -76,11 +76,20 @@ function install() {
fi
fi
echo -e -n "${CYAN}(!)${NC} Enter the database name for your Bitwarden instance (ex. vault): "
read DATABASE
echo ""
if [ "$DATABASE" == "" ]
then
DATABASE="vault"
fi
pullSetup
docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden \
--env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \
dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS \
-corev $COREVERSION -webv $WEBVERSION
-corev $COREVERSION -webv $WEBVERSION -dbname "$DATABASE"
}
function dockerComposeUp() {

17
util/Migrator/DbMigrator.cs
View File

@ -34,15 +34,24 @@ namespace Bit.Migrator
using (var connection = new SqlConnection(_masterConnectionString))
{
var databaseName = new SqlConnectionStringBuilder(_connectionString).InitialCatalog;
if (string.IsNullOrWhiteSpace(databaseName))
{
databaseName = "vault";
}
var commandBuilder = new SqlCommandBuilder();
var databaseNameQuoted = new SqlCommandBuilder().QuoteIdentifier(databaseName);
var command = new SqlCommand(
"IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " +
"CREATE DATABASE [vault];", connection);
"IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = '@DatabaseName') = 0) " +
"CREATE DATABASE " + databaseNameQuoted + ";", connection);
command.Parameters.Add("@DatabaseName", System.Data.SqlDbType.VarChar);
command.Parameters["@DatabaseName"].Value = databaseName;
command.Connection.Open();
command.ExecuteNonQuery();
command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " +
"FROM sys.databases WHERE [name] = 'vault') = 1) " +
"ALTER DATABASE [vault] SET AUTO_CLOSE OFF;";
"FROM sys.databases WHERE [name] = '@DatabaseName') = 1) " +
"ALTER DATABASE " + databaseNameQuoted + " SET AUTO_CLOSE OFF;";
command.ExecuteNonQuery();
}

14
util/MsSql/backup-db.sql
View File

@ -1,10 +1,18 @@
-- Database name which is set from the backup-db.sh script.
DECLARE @DatabaseName varchar(100)
SET @DatabaseName = 'vault'
-- Database name without spaces for saving the backup files.
DELCARE @DatabaseNameSafe varchar(100)
SET @DatabaseNameSafe = 'vault'
DECLARE @BackupFile varchar(100)
SET @BackupFile = '/etc/bitwarden/mssql/backups/vault_FULL_$(now).BAK'
SET @BackupFile = '/etc/bitwarden/mssql/backups/' + @DatabaseNameSafe + '_FULL_$(now).BAK'
DECLARE @BackupName varchar(100)
SET @BackupName = 'vault full backup for $(now)'
SET @BackupName = @DatabaseName + ' full backup for $(now)'
DECLARE @BackupCommand NVARCHAR(1000)
SET @BackupCommand = 'BACKUP DATABASE [vault] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT'
SET @BackupCommand = 'BACKUP DATABASE [' + @DatabaseName + '] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT'
EXEC(@BackupCommand)

7
util/MsSql/entrypoint.sh
View File

@ -40,6 +40,13 @@ then
export SA_PASSWORD=$(cat $SA_PASSWORD_FILE)
fi
# Replace database name in backup-db.sql
if [ ! -z "$DATABASE" ]
then
sed -i -e "/@DatabaseName /s/vault/$DATABASE/" backup-db.sql
sed -i -e "/@DatabaseNameSafe /s/vault/${DATABASE// /-}/" backup-db.sql
fi
# The rest...
mkdir -p /etc/bitwarden/mssql/backups

1
util/Setup/Context.cs
View File

@ -149,6 +149,7 @@ namespace Bit.Setup
public bool SelfSignedCert { get; set; }
public string IdentityCertPassword { get; set; }
public string Domain { get; set; }
public string Database { get; set; }
}
}
}

4
util/Setup/EnvironmentFileBuilder.cs
View File

@ -62,7 +62,7 @@ namespace Bit.Setup
var dbConnectionString = new SqlConnectionStringBuilder
{
DataSource = "tcp:mssql,1433",
InitialCatalog = "vault",
InitialCatalog = _context.Install?.Database,
UserID = "sa",
Password = dbPassword,
MultipleActiveResultSets = false,
@ -75,7 +75,7 @@ namespace Bit.Setup
_globalOverrideValues = new Dictionary<string, string>
{
["globalSettings__baseServiceUri__vault"] = _context.Config.Url,
["globalSettings__sqlServer__connectionString"] = $"\"{dbConnectionString}\"",
["globalSettings__sqlServer__connectionString"] = $"'{dbConnectionString}'",
["globalSettings__identityServer__certificatePassword"] = _context.Install?.IdentityCertPassword,
["globalSettings__internalIdentityKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" :
Helpers.SecureRandomString(64, alpha: true, numeric: true),

4
util/Setup/Program.cs
View File

@ -75,6 +75,10 @@ namespace Bit.Setup
{
_context.Install.Domain = _context.Parameters["domain"].ToLowerInvariant();
}
if (_context.Parameters.ContainsKey("dbname"))
{
_context.Install.Database = _context.Parameters["dbname"];
}
if (_context.Stub)
{