Crates.io | svanill-vault-server |
lib.rs | svanill-vault-server |
version | 0.1.0 |
source | src |
created_at | 2020-10-10 04:07:04.522755 |
updated_at | 2020-10-10 04:07:04.522755 |
description | svanill-vault, the server |
homepage | |
repository | https://github.com/svanill/svanill-vault-server |
max_upload_size | |
id | 297891 |
size | 194,137 |
An HTTP server to store/retrieve files produced by svanill (cli or web).
An authenticated user can push, list or remove files to a dedicated S3 bucket.
Required:
Optional:
Currently users data is read from a SQLite db, so no external db is required.
You will need cargo, the Rust package manager.
cargo build
The build artifacts end in the target folder at the root of the project (as usual for multicrate Rust repositories).
AWS credential by default are read by env variables AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
, but there are other fallbacks, see rusoto doc.
You can also pass them as args (see --help
).
cargo run # or execute the binary from `../target/debug` or `../target/release`
# most params can be provided as env variables, here we just use arguments
RUST_LOG=trace,actix_server=trace,actix_web=trace cargo run -- \
--s3-access-key-id=test_s3_access_key \
--s3-secret-access-key=test_s3_secret_key \
--s3-bucket testbucket \
--s3-region=us-east-1 \
--s3-endpoint=http://localhost:9000 \
-H 127.0.0.1 \
-P 5000 \
-d test.db \
-v
svanill-vault-server access a read only SQLite database file. If the database file does not exist, it will be created and a migration will run automatically. You can add users by running a query such as
sqlite3 test.db
sqlite> .schema
CREATE TABLE __diesel_schema_migrations (version VARCHAR(50) PRIMARY KEY NOT NULL,run_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP);
CREATE TABLE user (
username VARCHAR(50) NOT NULL PRIMARY KEY,
challenge VARCHAR(255) NOT NULL,
answer VARCHAR(32) NOT NULL
);
sqlite> INSERT INTO user VALUES ('your username', 'the challenge', 'the answer');
Users authenticate by requesting a challenge and then providing the answer to that challenge.
answer
should be a random string, e.g. generated with hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random
challenge
is the answer encrypted with a symmetric algorithm (supposedly using Svanill (web or cli).
It works this way so that a Svanill user can use a single password to both encrypt/decrypt files and login securely (Svanill encrypt using AES-GCM which doesn't suffer from known-plaintext attack).