Passwall Server is the core backend infrastructure for Passwall platform

Related tags

Open Source Apps go api golang crypto password-manager password hacktoberfest
Overview

PassWall Server

PassWall Server is the core backend for open source password manager PassWall platform. Using this server, you can safely store your passwords and access them from anywhere.

License GitHub issues Build Status Coverage Status Docker Pull Status
Deploy

Support

I promise all the coffee you have ordered will be spent on this project
Become a Patron

Clients

PassWall Server can be used with PassWall Desktop

On Premise Installation

  1. Pull passwall-server image from Docker Hub.
docker pull passwall/passwall-server
  1. Download the docker-compose.yml file and start the server with the following commands.
mkdir $HOME/passwall-server

cd $HOME/passwall-server

wget https://raw.githubusercontent.com/passwall/passwall-server/main/docker-compose.yml

docker-compose up -d
  1. Create a new user with passwall-cli.
docker exec -it passwall-server /app/passwall-cli
  1. Download and install any passwall client you want from paswall.io.
  2. Open your client and write http://localhost:3625 into the server url field. Login with your newly created user information.

API Documentation

API documentation available at Postman Public Directory

Security

  1. PassWall uses The Advanced Encryption Standard (AES) encryption algorithm with Galois/Counter Mode (GCM) symmetric-key cryptographic mode. Passwords encrypted with AES can only be decrypted with the passphrase defined in the config.yml file.

  2. Endpoints are protected with security middlewares against attacks like XSS.

  3. Against SQL injection, PassWall uses Gorm package to handle database queries which clears all queries.

  4. There is rate limiter for signin attempts against brute force attacks.

Environment Variables

These environment variables are accepted:

Server Variables:

  • PORT
  • PW_SERVER_USERNAME
  • PW_SERVER_PASSWORD
  • PW_SERVER_PASSPHRASE
  • PW_SERVER_SECRET
  • PW_SERVER_TIMEOUT
  • PW_SERVER_GENERATED_PASSWORD_LENGTH
  • PW_SERVER_ACCESS_TOKEN_EXPIRE_DURATION
  • PW_SERVER_REFRESH_TOKEN_EXPIRE_DURATION

Database Variables

  • PW_DB_NAME
  • PW_DB_USERNAME
  • PW_DB_PASSWORD
  • PW_DB_HOST
  • PW_DB_PORT
  • PW_DB_LOG_MODE

Hello Contributors

  1. Don't send too much commit at once. It will be easier for us to do a code review.

  2. Be sure to take a look at the dev branch. The version I am working on is there.

  3. First try to fix // TODO:s in the code.

  4. Then you can contribute to the development by following the mile stones.

  5. Don't mess with the user interface. The design guide has not been released yet.

Comments
  • Import needs to be tested manually

    Import needs to be tested manually

    I just finished import ability. I tested it locally and it works fine. However some other tests should be great.

    Also I am not sure if I explained well how to import in readme. Can you anyone check it out?

    gpass import

    opened by yakuter 11
  • Email verification feature needed

    Email verification feature needed

    This issue is related with #124

    Is your feature request related to a problem? Please describe. Now we have multi user system. However we don't have any activation process for users.

    Describe the solution you'd like When users signup, system should send activation email to user. And when user click on activation link, system should activate user.

    Priority: High Type: Enhancement Status: Available 
    opened by yakuter 7
  • Docker Container not starting

    Docker Container not starting

    Describe the bug Hi,

    I got an issue while starting Passwall server. I have actual docker-compose file, I added two service in it for Passwall Server and Postgres. Postgres is working healty but Passwall Server is looping on restarting.

    You can find the error logs from the container:

    standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error
standard_init_linux.go:228: exec user process caused: exec format error

    Docker-Compose File

      passwall-db:
    container_name: passwall-db
    image: postgres:alpine
    hostname: passwall-db
    networks:
      saasnet:
        aliases:
        - passwall-db
    restart: on-failure
    env_file:
    - passwall.env
    volumes:
    - /root/docker/passwall-db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 5s
  passwall-server:
    container_name: passwall-server
    image: passwall/passwall-server:latest
    hostname: passwall-server
    networks:
      saasnet:
        aliases:
        - passwall-server
    restart: always
    env_file:
    - passwall.env
    build:
      context: .
    depends_on:
      passwall-db:
        condition: service_healthy
    volumes:
    - /root/docker/passwall-server:/app/config

    OS Verison

    root@xxx:~/docker# uname -a
Linux xxx 5.4.0-88-generic #99-Ubuntu SMP Thu Sep 23 17:29:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@xxx:~/docker# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal
root@xxx:~/docker#

    Docker Verison

    root@xxx:~/docker# docker version
Client: Docker Engine - Community
 Version:           20.10.9
 API version:       1.41
 Go version:        go1.16.8
 Git commit:        c2ea9bc
 Built:             Mon Oct  4 16:08:29 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.9
  API version:      1.41 (minimum version 1.12)
   o version:       go1.16.8
  Git commit:       79ea9d3
  Built:            Mon Oct  4 16:06:37 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.11
  GitCommit:        5b46e404f6b9f661a205e28d59c982d3634148f8
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2
 docker-init:
   ersion:          0.19.0
  GitCommit:        de40ad0

root@xxx:~/docker# docker compose -verison
docker-compose version 1.29.2, build 5becea4c

    If you need any further logs please don't hesitate to contact me.

    Thanks.Regards

    opened by alkanlab 6
  • some ideas and questions

    some ideas and questions

    Is your feature request related to a problem? Please describe.

    It is NOT a feature but could be nice to do, first of all, I am not very deep into project, which means that if I am suggesting something which is not valid or wrong, please let me know and forgive me. I have following concerns on overall repo, it may valid or not valid. (depends person to person) However, just wanted to share.

    Concerns;

    • is not it a little bit odd that main.go is under cmd/pass-wall folder ? is there any intention or plan to write down CLI as well ?

    • I have noticed that all go files ends with _api.go suffix here. Is it really necessary ? Since it is under api dir, no need to add suffix. (according to best practices )

    • I think, there is an overdue or invalid todo for instance here, it is deprecated, can be read from here

    Describe the solution you'd like

    • Move main.go to root directory. (or prepare a CLI for the repo)
    • Remove suffixes from files under api dir
    • Handle given todo regarding to Public-Key-Pins in different way.
    opened by mrtrkmn 5
  • Ping/HealthCheck endpoint needed.

    Ping/HealthCheck endpoint needed.

    Is your feature request related to a problem? Please describe. We don't know if the server is running. We need a public (excluded from auth) endpoint to check server status. Then we can use uptimerobot and check the server status regularly.

    Describe the solution you'd like

    We need an endpoint which only returns 200 with a GET method. It should be /ping, /health or /health-check. We can search for best practice about it.

    For a better health check, this endpoint can check if postgres or mysql is running and db connection is fine.

    Additional context Does anyone want to work on this?

    Priority: Low Type: Enhancement Status: Available 
    opened by yakuter 5
  • How to backup?

    How to backup?

    API needs a backup plan. Any ideas? For SQL lite file, it can be stored (icloud, google folder etc.) anywhere but what about Postgres and MySQL databases? I think there can be a cron job which gets the backup of dataabse table.

    opened by yakuter 4
  • some features

    some features

    Hi, i created an account on gpass.io to see how is made. i think has some very nice features:

    ###Types you can create types with predefined fields. This allows for multiple type of credentials. Schermata 2020-04-08 alle 07 00 36

    ###Folders you can group credentials into folders. Schermata 2020-04-08 alle 07 01 41

    ###Tags very useful

    ###Adding new fields for same entry on every credentials you can have new fields, dynamically added.

    if you consider adding this support, it should be structured at the begging.

    opened by ionutale 4
  • Postgresql and login.Password type

    Postgresql and login.Password type

    login.Password is a string in the struct, butencrypt func generating the binary data for store in the login.Password, if you use postgresql (maybe mysql too) it throwing the invalid byte sequence error (here)

    I think login model needs to gorm column type tags, postgresql uses bytea type for that.

    opened by murat 4
  • Add export as csv for logins

    Add export as csv for logins

    User should export all logins as csv file.

    Endpoint: /logins/export Method: POST

    Example csv file:

    URL,Username,Password
http://dummy.com,dummyuser,dummypassword
http://dummyweb.com,dummyuser2,dummypassword2
    opened by yakuter 4
  • Suggestions to CONTRIBUTING-TR.md

    Suggestions to CONTRIBUTING-TR.md

    Is your feature request related to a problem? Please describe.

    Update git remote address and update broken link.

    Describe the solution you'd like

    Change upstream git remote address in CONTRIBUTING-TR.md hoodiehq -> passwall as done in CONTRIBUTING.md

    Change "şuradan" link of "Açık kaynak projeye nasıl katkıda bulunulabileceğini anlatan daha detaylı bir dokümana şuradan ulaşabilirsiniz."

    https://egghead.io/series/how-to-contribute-to-an-open-source-project-on-github -> https://app.egghead.io/playlists/how-to-contribute-to-an-open-source-project-on-github

    opened by sadikkuzu 3
  • Nginx and SSL Certificate support via Docker-Compose

    Nginx and SSL Certificate support via Docker-Compose

    Passwall Server has support for on-premise installation with Docker. To do this we have a docker-compose.yml file which has 2 services: passwall-server and postgres. However we need to add Nginx for reverse proxy. Also We need to easly generate SSL certificate with Let's Encrypt or user can add his/her own certificate via volumes.

    I found this article which can give some ideas about the issue: https://www.digitalocean.com/community/tutorials/how-to-deploy-a-go-web-application-with-docker-and-nginx-on-ubuntu-18-04

    Anyone wants to work on this?

    hacktoberfest-accepted 
    opened by yakuter 3
  • Update os matrix in github workflow

    Update os matrix in github workflow

    The ubuntu-18.04 environment is deprecated, consider switching to ubuntu-20.04(ubuntu-latest), or ubuntu-22.04 instead.

    For more details see https://github.com/actions/virtual-environments/issues/6002

    opened by sadikkuzu 1
  • online password generator

    online password generator

    Is your feature request related to a problem? Please describe. No

    Describe the solution you'd like A random password generator like https://www.lastpass.com/password-generator

    Describe alternatives you've considered https://www.lastpass.com/password-generator

    Additional context It can be find on here https://www.lastpass.com/password-generator

    opened by gungoren 2
  • Organisation shared password

    Organisation shared password

    Is your feature request related to a problem? Please describe. I'm bored to share my password to all people that need it. If I've a password to connect to a shared server account for company, It need to be accessed to the same password entry by multiple user.

    Describe the solution you'd like I want to share a password with a group of people, registred on the same instance, and updated to all account if I change it.

    That allow Organisation account, like LastPass allow it (for organisation account).

    opened by shiipou 1
  • increase code coverage by adding unit tests

    increase code coverage by adding unit tests

    Is your feature request related to a problem? Please describe.

    Not feature but requirement, it is clear that coverage level of the repo could be improved by increasing number of unit tests. It can provide more flexibility and easy debugging from code base without requirement of running server from scratch.

    Describe the solution you'd like

    • Add more tests where possible

    Describe alternatives you've considered

    • No alternative solution at the moment.
    Priority: Medium Type: Maintenance Status: Available 
    opened by mrtrkmn 3
  • integration of goreleaser into ci process

    integration of goreleaser into ci process

    It would be nice to integrate Goreleaser process into CI/CD step to have automated release action with tagged commit.

    Proposal

    • With integration of (Github actions) (could be ? or Travis CI does not matter very much ) + Goreleaser, the process of releasing new version would be much convenient.

    • Having Goreleaser in pocket means that uploading necessary binary to homebrew (or another package manager ) will be much easy than anticipated. Seems, homebrew issue #30 has been assigned to @patyogesh however with this approach, it is possible to shot two birds (-tasks-) with one stone :)

    @patyogesh, would like to have comment on it ? I have no glue about the process of your development at the moment however if you think or might think in same way , we can figure out something in common. Otherwise, this issue can also close #30.

    Any suggestion, comment, or improvement related to this issue is very welcome !

    opened by mrtrkmn 9
Releases(v1.2.1)
Owner
PassWall
PassWall is an open source Password Manager
PassWall
GitHub https://passwall.io
GetDoctor is a complete app developed in Flutter, Firebase and Blazor,.Net Core API and SQL Server

GetDoctor ?? ?? ?? GetDoctor is a complete app developed in Flutter, Firebase and Blazor,DotNet Core API and SQL Server GetDoctor is a complete packag

Sunil Vijayan 69 Dec 19, 2022
A Flutter application implementing AR core, Text-to-speech, and Speech-to-text technologies.

ar_x_ai A Flutter application implementing AR core, Text to speech and Speech to text technologies. Getting Started This project is a starting point f

Alston Fernandes 1 Dec 17, 2021
A Package providing Core functionality/Template to start off a Clean Architecture based project

A Package providing Core functionality/Template to start off a Clean Architecture based project Features Provides with APIResult & UseCaseResult model

null 1 Dec 25, 2021
The Dart SDK, including the VM, dart2js, core libraries, and more.

Dart A client-optimized language for fast apps on any platform Dart is: Optimized for UI: Develop with a programming language specialized around the n

Dart 8.7k Jan 2, 2023
News App created in Flutter using News API for fetching realtime data and Firebase as the backend and authenticator.

News Buzz News App created in Flutter using News API for fetching realtime data and Firebase as the backend and authenticator. Features Custom news fe

Ankur Kedia 545 Dec 30, 2022
gui automation based on pyautogui python as backend and flutter desktop as frontend, drag and drop tool, no coding required.

GUI_AUTOMATION gui automation based on pyautogui python as backend and flutter desktop as frontend, drag and drop tool, no coding required. Install py

Hassan Kanso 34 Oct 30, 2022
This is a weather app created in Flutter with backend in Dart

Flutter Weather A Flutter application to view current weather status. Features ✅ Beautiful minimal UI ✅ Dark and Light themes ✅ Current temperature, m

null 2 Jul 4, 2022
A flutter based app using python scripts as backend for a quotes app.

Fluthon APP A new Flutter project which is supported from a python script and lists quotes . Deployment ?? -> /Script - python main.py. -> Run main.d

Yash Joshi 4 Nov 16, 2022
:star: Flutter-Firebase fully backend messaging app

Orgonet ChatApp ⭐ Flutter-Firebase fully backend messaging app I made a backend full messaging app using firebase **download the file named orgone tv2

Berke Can Pınar 5 Nov 18, 2022
Plants online shopping app using flutter firebase as backend.

planta A new Flutter application. Getting Started This project is a starting point for a Flutter application. A few resources to get you started if th

Musthafa Ap 0 Nov 7, 2021
A complete Flutter E-Commerce Book Store application built using firebase as backend

ecommerce A complete Flutter E-Commerce Book Store application built using firebase as backend. Features Add or remove item in cart Search products Ad

aakanksha 2 Sep 24, 2022
Style Dart Backend Framework

style Style is a backend framework written in Flutter coding style. //TODO: This is a template Packages style base package medium article style_cli Co

Mehmet Yaz 6 Jun 5, 2022
A chat App built with flutter and firebase as backend

chat_app A new Flutter project. Getting Started This project is a starting point for a Flutter application. A few resources to get you started if this

Alfi Mostak 0 Dec 3, 2021
A live location sharing app built on Flutter and Firebase as backend

DISCLAIMER I want to stress on three main points: This was my first Flutter project so I have not used any best practices and it needs a lot of code r

ManojNB 237 Dec 30, 2022
Backend team for CPTR450-Diplomacy

Authentication Authentication will be achieved through Firebase APIs to make user management effortless. The frontend authenticates through Firebase d

null 4 Jun 6, 2022
Flutter app to track stocks for multiple users, using Cloud Firestore on the backend.

stock_tracker Flutter app to track stocks for multiple users, using Cloud Firestore on the backend. Overview I wrote this Flutter application as a mea

John 2 Sep 16, 2022
Study Aqueduct(Dart Backend Framework)

study_aqueduct Running the Application Locally Run aqueduct serve from this directory to run the application. For running within an IDE, run bin/main.

null 0 Dec 14, 2021
An App To manage all your tasks with firebase backend

?? Todo App An App To manage all your tasks with firebase backend. Star ⭐ the repo if you like what you see ?? . ✨ Features : Login/SignUp with Fireba

Omar Jadiani 74 Dec 12, 2022
A fast, minimalistic backend framework for Dart 🎯

A fast, minimalistic backend framework for Dart ?? Developed with ?? by Very Good Ventures ?? Experimental ?? Dart Frog is an experimental project und

Very Good Open Source 1.1k Jan 6, 2023