mirror of
https://github.com/quexten/goldwarden.git
synced 2024-12-12 21:06:15 +01:00
195 lines
4.9 KiB
Go
195 lines
4.9 KiB
Go
package actions
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/quexten/goldwarden/agent/bitwarden"
|
|
"github.com/quexten/goldwarden/agent/bitwarden/crypto"
|
|
"github.com/quexten/goldwarden/agent/config"
|
|
"github.com/quexten/goldwarden/agent/sockets"
|
|
"github.com/quexten/goldwarden/agent/systemauth"
|
|
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
|
|
"github.com/quexten/goldwarden/agent/vault"
|
|
|
|
"github.com/quexten/goldwarden/ipc/messages"
|
|
)
|
|
|
|
func handleUnlockVault(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
|
if !cfg.HasPin() {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: false,
|
|
Message: "No pin set",
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
if !cfg.IsLocked() {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
Message: "Unlocked",
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
err = cfg.TryUnlock(vault)
|
|
if err != nil {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: false,
|
|
Message: "wrong pin: " + err.Error(),
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
if cfg.IsLoggedIn() {
|
|
token, err := cfg.GetToken()
|
|
if err == nil {
|
|
if token.AccessToken != "" {
|
|
ctx := context.Background()
|
|
bitwarden.RefreshToken(ctx, cfg)
|
|
token, err := cfg.GetToken()
|
|
userSymmkey, err := cfg.GetUserSymmetricKey()
|
|
if err != nil {
|
|
fmt.Println(err)
|
|
}
|
|
|
|
var safeUserSymmkey crypto.SymmetricEncryptionKey
|
|
if vault.Keyring.IsMemguard {
|
|
safeUserSymmkey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmkey)
|
|
} else {
|
|
safeUserSymmkey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmkey)
|
|
}
|
|
if err != nil {
|
|
fmt.Println(err)
|
|
}
|
|
|
|
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, cfg, &safeUserSymmkey, true)
|
|
if err != nil {
|
|
fmt.Println(err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func handleLockVault(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
|
if !cfg.HasPin() {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: false,
|
|
Message: "No pin set",
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
if cfg.IsLocked() {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
Message: "Locked",
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
cfg.Lock()
|
|
vault.Clear()
|
|
vault.Keyring.Lock()
|
|
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func handleWipeVault(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
|
cfg.Purge()
|
|
cfg.WriteConfig()
|
|
vault.Clear()
|
|
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func handleUpdateVaultPin(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
|
pin, err := pinentry.GetPassword("Pin Change", "Enter your desired pin")
|
|
if err != nil {
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: false,
|
|
Message: err.Error(),
|
|
})
|
|
if err != nil {
|
|
return messages.IPCMessage{}, err
|
|
} else {
|
|
return response, nil
|
|
}
|
|
}
|
|
cfg.UpdatePin(pin, true)
|
|
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
})
|
|
|
|
return
|
|
}
|
|
|
|
func handlePinStatus(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
|
var pinStatus string
|
|
if cfg.HasPin() {
|
|
pinStatus = "enabled"
|
|
} else {
|
|
pinStatus = "disabled"
|
|
}
|
|
|
|
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
|
Success: true,
|
|
Message: pinStatus,
|
|
})
|
|
|
|
return
|
|
}
|
|
|
|
func init() {
|
|
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.UnlockVaultRequest{}), handleUnlockVault)
|
|
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.LockVaultRequest{}), handleLockVault)
|
|
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.WipeVaultRequest{}), handleWipeVault)
|
|
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.UpdateVaultPINRequest{}), ensureBiometricsAuthorized(systemauth.AccessVault, handleUpdateVaultPin))
|
|
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetVaultPINRequest{}), handlePinStatus)
|
|
}
|