vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

main.rs (5624B)

      1 #![deny(
      2     unknown_lints,
      3     future_incompatible,
      4     let_underscore,
      5     nonstandard_style,
      6     refining_impl_trait,
      7     rust_2018_compatibility,
      8     rust_2018_idioms,
      9     rust_2021_compatibility,
     10     rust_2024_compatibility,
     11     unsafe_code,
     12     unused,
     13     warnings,
     14     clippy::all,
     15     clippy::cargo,
     16     clippy::complexity,
     17     clippy::correctness,
     18     clippy::nursery,
     19     clippy::pedantic,
     20     clippy::perf,
     21     clippy::restriction,
     22     clippy::style,
     23     clippy::suspicious
     24 )]
     25 #![expect(
     26     clippy::allow_attributes,
     27     clippy::allow_attributes_without_reason,
     28     clippy::arbitrary_source_item_ordering,
     29     clippy::blanket_clippy_restriction_lints,
     30     clippy::doc_markdown,
     31     clippy::expect_used,
     32     clippy::if_then_some_else_none,
     33     clippy::implicit_return,
     34     clippy::indexing_slicing,
     35     clippy::items_after_statements,
     36     clippy::min_ident_chars,
     37     clippy::missing_docs_in_private_items,
     38     clippy::missing_errors_doc,
     39     clippy::missing_trait_methods,
     40     clippy::mod_module_files,
     41     clippy::multiple_crate_versions,
     42     clippy::multiple_inherent_impl,
     43     clippy::panic,
     44     clippy::partial_pub_fields,
     45     clippy::pub_use,
     46     clippy::question_mark_used,
     47     clippy::redundant_type_annotations,
     48     clippy::ref_patterns,
     49     clippy::return_and_then,
     50     clippy::shadow_reuse,
     51     clippy::significant_drop_in_scrutinee,
     52     clippy::significant_drop_tightening,
     53     clippy::single_call_fn,
     54     clippy::single_char_lifetime_names,
     55     clippy::std_instead_of_alloc,
     56     clippy::std_instead_of_core,
     57     clippy::too_many_lines,
     58     clippy::unreachable,
     59     clippy::unseparated_literal_suffix,
     60     clippy::unwrap_in_result,
     61     clippy::unwrap_used,
     62     clippy::used_underscore_binding,
     63     clippy::used_underscore_items,
     64     reason = "noisy, opinionated, and likely doesn't prevent bugs or improve APIs"
     65 )]
     66 // The recursion_limit is mainly triggered by the json!() macro.
     67 // The more key/value pairs there are the more recursion occurs.
     68 // We want to keep this as low as possible, but not higher then 128.
     69 // If you go above 128 it will cause rust-analyzer to fail,
     70 #![recursion_limit = "206"]
     71 #[macro_use]
     72 extern crate diesel;
     73 #[macro_use]
     74 mod error;
     75 #[macro_use]
     76 extern crate rocket;
     77 #[macro_use]
     78 extern crate serde;
     79 #[macro_use]
     80 extern crate serde_json;
     81 mod api;
     82 mod auth;
     83 mod config;
     84 mod crypto;
     85 mod db;
     86 mod priv_sep;
     87 mod util;
     88 use config::Config;
     89 use core::num::NonZeroU32;
     90 pub use error::{Error, MapResult};
     91 use std::env;
     92 use std::{path::Path, process};
     93 use tokio::runtime::Builder;
     94 use tokio::signal;
     95 pub const VERSION: &str = env!("CARGO_PKG_VERSION");
     96 
     97 fn main() -> Result<(), Error> {
     98     let mut promises = priv_sep::pledge_init()?;
     99     priv_sep::unveil_read(env::current_dir()?)?;
    100     static_init();
    101     check_data_folder();
    102     check_web_vault();
    103     Builder::new_multi_thread()
    104         .enable_all()
    105         .build()
    106         .map_or_else(
    107             |e| Err(Error::from(e)),
    108             |runtime| {
    109                 runtime.block_on(async {
    110                     config::get_config()
    111                         .rocket
    112                         .tls
    113                         .as_ref()
    114                         .map_or(Ok(()), |tls| {
    115                             tls.certs().left().map_or(Ok(()), |certs| {
    116                                 priv_sep::unveil_read(certs).and_then(|()| {
    117                                     tls.key().left().map_or(Ok(()), priv_sep::unveil_read)
    118                                 })
    119                             })
    120                         })?;
    121                     priv_sep::pledge_away_unveil(&mut promises)?;
    122                     launch_rocket(create_db_pool().await).await
    123                 })
    124             },
    125         )
    126 }
    127 #[inline]
    128 fn static_init() {
    129     config::init_config();
    130     priv_sep::unveil_create_read_write(Config::DATA_FOLDER).unwrap_or_else(|_| {
    131         panic!(
    132             "unable to unveil(2) {} with create, read, and write permissions",
    133             Config::DATA_FOLDER
    134         )
    135     });
    136     auth::init_values();
    137 }
    138 #[expect(clippy::exit, reason = "upstream")]
    139 fn check_data_folder() {
    140     if !Path::new(Config::DATA_FOLDER).is_dir() {
    141         process::exit(1);
    142     }
    143 }
    144 #[expect(clippy::exit, reason = "upstream")]
    145 fn check_web_vault() {
    146     if config::get_config().web_vault_enabled
    147         && !Path::new(Config::WEB_VAULT_FOLDER)
    148             .join("index.html")
    149             .exists()
    150     {
    151         process::exit(1);
    152     }
    153 }
    154 #[expect(clippy::exit, reason = "upstream")]
    155 async fn create_db_pool() -> db::DbPool {
    156     (util::retry_db(
    157         db::DbPool::from_config,
    158         NonZeroU32::from(config::get_config().db_connection_retries).get(),
    159     )
    160     .await)
    161         .unwrap_or_else(|_| {
    162             process::exit(1);
    163         })
    164 }
    165 
    166 async fn launch_rocket(pool: db::DbPool) -> Result<(), Error> {
    167     let instance = rocket::custom(&config::get_config().rocket)
    168         .mount("/", api::web_routes())
    169         .mount("/admin", api::admin_routes())
    170         .mount("/api", api::core_routes())
    171         .mount("/events", api::core_events_routes())
    172         .mount("/icons", api::icons_routes())
    173         .mount("/identity", api::identity_routes())
    174         .register("/", api::web_catchers())
    175         .register("/admin", api::admin_catchers())
    176         .register("/api", api::core_catchers())
    177         .manage(pool)
    178         .attach(util::AppHeaders)
    179         .attach(util::Cors)
    180         .ignite()
    181         .await?;
    182     let shutdown = instance.shutdown();
    183     tokio::spawn(async move {
    184         signal::ctrl_c()
    185             .await
    186             .expect("Error setting Ctrl-C handler");
    187         shutdown.notify();
    188     });
    189     instance.launch().await?;
    190     Ok(())
    191 }