feat: added support for apikey authorization

2024-11-23 07:13:51 +01:00 · 2024-02-12 23:03:05 +01:00 · 2024-02-12 23:03:05 +01:00 · 756c939d86
commit 756c939d86
parent 5003ae16c3
6 changed files with 64 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 .docker-export
 results
 *.enc
 .env
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [1.2.0](https://hub.docker.com/r/mastermindzh/bw-export/tags)
 - Added support for apikey authorization
  - Skips 2 factor authentication
 ## [1.1.1]
 Cleaned up the export.sh script from extraneous documentation and a useless empty echo.
--- a/4
+++ b/4
@ -2,11 +2,11 @@ FROM node:lts-slim
 # install openssl
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends openssl && \
+    apt-get install -y --no-install-recommends openssl expect && \
    rm -rf /var/cache/apk/*
 # install bitwarden-cli
-RUN npm install -g @bitwarden/cli@2023.2.0
+RUN npm install -g @bitwarden/cli
 # add the export script
 RUN mkdir -p /opt/bw-export
--- a/README.md
+++ b/README.md
@ -41,14 +41,17 @@ To decrypt that simply run OpenSSL with the same params in export mode:
 You can tweak a lot of the internal workings of bw-export with simple environmental variables.
 The list below outlines most of them:
-| Variable            | Default value                            | Description                                                    |
+| Variable            | Default value                             | Description                                                           |
-| ------------------- | ---------------------------------------- | -------------------------------------------------------------- |
+| ------------------- | ----------------------------------------- | --------------------------------------------------------------------- |
-| BW_ACCOUNT          | `bitwarden_vault_test@mastermindzh.tech` | Bitwarden email address                                        |
+| BW_ACCOUNT          | `bitwarden_vault_test@mastermindzh.tech`  | Bitwarden email address                                               |
-| BW_PASS             | `VGhpc0lzQVZhdWx0UGFzc3dvcmQK`           | Bitwarden password                                             |
+| BW_PASS             | `VGhpc0lzQVZhdWx0UGFzc3dvcmQK`            | Bitwarden password                                                    |
-| BW_FILENAME_PREFIX  | `bitwarden_vault_export_`                | Prefix to use for generated files ($prefix$timestamp.enc)      |
+| BW_FILENAME_PREFIX  | `bitwarden_vault_export_`                 | Prefix to use for generated files ($prefix$timestamp.enc)             |
-| BW_TIMESTAMP        | `Y-%m-%d %H:%M:%S`                       | Timestamp to use for generated files                           |
+| BW_TIMESTAMP        | `Y-%m-%d %H:%M:%S`                        | Timestamp to use for generated files                                  |
-| BW_EXPORT_FOLDER    | `export`                                 | Folder to put export files in                                  |
+| BW_EXPORT_FOLDER    | `export`                                  | Folder to put export files in                                         |
-| BW_FOLDER_STRUCTURE | `Y/%m`                                   | Date/timestamp to generate folders                             |
+| BW_FOLDER_STRUCTURE | `Y/%m`                                    | Date/timestamp to generate folders                                    |
-| BW_PASSWORD_ENCODE  | `base64`                                 | "plain", or "base64", depending on whether you encoded BW_PASS |
+| BW_PASSWORD_ENCODE  | `base64`                                  | "plain", or "base64", depending on whether you encoded BW_PASS        |
-| BW_OPENSSL_OPTIONS  | `aes-256-cbc -pbkdf2 -iter 100000`       | Options passed to openssl's "enc" command                      |
+| BW_OPENSSL_OPTIONS  | `aes-256-cbc -pbkdf2 -iter 100000`        | Options passed to openssl's "enc" command                             |
-| BW_ENCRYPTION_PASS  | `$BW_PASS` (same value as BW_PASS)       | Password to encrypt the json file                              |
+| BW_ENCRYPTION_PASS  | `$BW_PASS` (same value as BW_PASS)        | Password to encrypt the json file                                     |
 | BW_AUTH_METHOD      | password                                  | Whether to login with a password or  apikey (apikey required for 2fa) |
 | BW_CLIENT_ID        | user.cc433b96-4767-432f-85a5-b11100d4faa6 | Bitwarden client id                                                   |
 | BW_APIKEY           | OG1LS3RSVzdXVWRZN25UWEgwdkdOUVMzV0QzVTZr  | Bitwarden api key                                                     |
--- a/export.sh
+++ b/export.sh
@ -9,8 +9,13 @@ bw_logout() {
 }
 # environment variables
-BW_ACCOUNT=${BW_ACCOUNT:-"bitwarden_vault_test@mastermindzh.tech"}
+# BW_AUTH_METHOD=${BW_AUTH_METHOD:-"password"}
-BW_PASS=${BW_PASS:-"VGhpc0lzQVZhdWx0UGFzc3dvcmQK"}
+BW_AUTH_METHOD=${BW_AUTH_METHOD:-"apikey"}
 BW_CLIENT_ID=${BW_CLIENT_ID:-"fake_client_id"}
 BW_APIKEY=${BW_APIKEY:-"fake_apikey"}
 BW_ACCOUNT=${BW_ACCOUNT:-"fake_account"}
 BW_PASS=${BW_PASS:-"fake_password"}
 BW_FILENAME_PREFIX=${BW_FILENAME_PREFIX:-"bitwarden_vault_export_"}
 BW_TIMESTAMP=${BW_TIMESTAMP:-"+%Y-%m-%d %H:%M:%S"}
 BW_EXPORT_FOLDER=${BW_EXPORT_FOLDER:-"/export"}
@ -23,6 +28,7 @@ BW_ENCRYPTION_PASS=${BW_ENCRYPTION_PASS:-"$BW_PASS"}
 BW_INTERNAL_TIMESTAMP=$(date "$BW_TIMESTAMP")
 BW_INTERNAL_PASSWORD="$BW_PASS"
 BW_INTERNAL_ENCRYPTION_PASS="$BW_ENCRYPTION_PASS"
 BW_INTERNAL_API_KEY="$BW_APIKEY"
 BW_INTERNAL_FOLDER_STRUCTURE="$BW_EXPORT_FOLDER"
 BW_ENC_OUTPUT_FILE="$BW_FILENAME_PREFIX$BW_INTERNAL_TIMESTAMP.enc"
 if [ -n "$BW_FOLDER_STRUCTURE" ]; then
@ -39,6 +45,7 @@ case $BW_PASSWORD_ENCODE in
 "base64")
    BW_INTERNAL_PASSWORD=$(echo "$BW_INTERNAL_PASSWORD" | base64 -d)
    BW_INTERNAL_ENCRYPTION_PASS=$(echo "$BW_INTERNAL_ENCRYPTION_PASS" | base64 -d)
    BW_INTERNAL_API_KEY=$(echo "$BW_INTERNAL_API_KEY" | base64 -d)
    ;;
 "none" | "plain")
    echo "using un-encoded password."
@ -51,7 +58,31 @@ case $BW_PASSWORD_ENCODE in
 esac
 #login
-BW_SESSION=$(bw login "$BW_ACCOUNT" "$BW_INTERNAL_PASSWORD" --raw)
+case $BW_AUTH_METHOD in
 "password")
    BW_SESSION=$(bw login "$BW_ACCOUNT" "$BW_INTERNAL_PASSWORD" --raw)
    ;;
 "apikey")
    export BW_CLIENT_ID=$BW_CLIENT_ID
    export BW_INTERNAL_API_KEY=$BW_INTERNAL_API_KEY
    expect >/dev/null <<'EOF'
        spawn bw login --apikey
        expect "client_id:"
        send "$env(BW_CLIENT_ID)\n" 
        expect "client_secret:"
        send "$env(BW_INTERNAL_API_KEY)\n" 
        expect eof
 EOF
    BW_SESSION=$(bw unlock --raw "$BW_INTERNAL_PASSWORD")
    ;;
 *)
    echo "unrecognized authorization method."
    exit 1
    ;;
 esac
 # commands
 echo "Exporting to \"$BW_ENC_OUTPUT_FILE\""
@ -59,6 +90,9 @@ bw --raw --session "$BW_SESSION" export --format json | openssl enc $BW_OPENSSL_
 bw_logout
 # make sure none of these are available later
 unset BW_CLIENT_ID
 unset BW_APIKEY
 unset BW_INTERNAL_API_KEY
 unset BW_SESSION
 unset BW_ACCOUNT
 unset BW_PASS
--- a/package.json
+++ b/package.json
@ -1,10 +1,12 @@
 {
  "name": "bw-export",
-  "version": "1.1.1",
+  "version": "1.2.0",
  "description": "bw-export is a simple bash script that exports a raw, encrypted JSON copy of your Bitwarden vault.",
  "main": "export.sh",
  "scripts": {
-    "docker-build": "docker build -t bw-export .",
+    "start": "export $(cat .env | xargs) && bash export.sh",
    "build": "docker build -t bw-export .",
    "test": "docker run -v \"$PWD\":/export bw-export:latest",
    "publish": "bash docker-publish.sh"
  },
  "repository": {