Updated code to work atomically

- Changed the code to work atomically - Also show the alert generated from `Io`
2025-08-01 16:49:09 +00:00 · 2024-07-17 11:39:28 +02:00 · 2024-07-17 11:39:28 +02:00 · 5c1dec9896
commit 5c1dec9896
parent 798c2f274b
2 changed files with 22 additions and 20 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@ -12,7 +12,6 @@ use std::{
    fs::File,
    io::{Read, Write},
    net::IpAddr,
    path::Path,
 };
 use crate::{error::Error, CONFIG};
@ -37,32 +36,36 @@ static PRIVATE_RSA_KEY: OnceCell<EncodingKey> = OnceCell::new();
 static PUBLIC_RSA_KEY: OnceCell<DecodingKey> = OnceCell::new();
 pub fn initialize_keys() -> Result<(), crate::error::Error> {
-    let mut priv_key_buffer = Vec::with_capacity(2048);
+    fn read_key(creat_if_missing: bool) -> Result<(Rsa<openssl::pkey::Private>, Vec<u8>), crate::error::Error> {
        let mut priv_key_buffer = Vec::with_capacity(2048);
-    let priv_key = {
+        let mut priv_key_file = File::options()
-        let mut priv_key_file = if !Path::new(&CONFIG.private_rsa_key()).exists()
+            .create(creat_if_missing)
-            || std::fs::metadata(CONFIG.private_rsa_key())?.len() == 0
+            .truncate(false)
-        {
+            .read(true)
-            File::options().create(true).truncate(false).read(true).write(true).open(CONFIG.private_rsa_key())?
+            .write(creat_if_missing)
-        } else {
+            .open(CONFIG.private_rsa_key())?;
            File::options().read(true).open(CONFIG.private_rsa_key())?
        };
        #[allow(clippy::verbose_file_reads)]
        let bytes_read = priv_key_file.read_to_end(&mut priv_key_buffer)?;
-        if bytes_read > 0 {
+        let rsa_key = if bytes_read > 0 {
            Rsa::private_key_from_pem(&priv_key_buffer[..bytes_read])?
-        } else {
+        } else if creat_if_missing {
            // Only create the key if the file doesn't exist or is empty
            let rsa_key = openssl::rsa::Rsa::generate(2048)?;
            priv_key_buffer = rsa_key.private_key_to_pem()?;
            priv_key_file.write_all(&priv_key_buffer)?;
-            info!("Private key '{}' created correctly.", CONFIG.private_rsa_key());
+            info!("Private key '{}' created correctly", CONFIG.private_rsa_key());
            rsa_key
-        }
+        } else {
-    };
+            err!("Private key does not exist or invalid format", CONFIG.private_rsa_key());
        };
        Ok((rsa_key, priv_key_buffer))
    }
    let (priv_key, priv_key_buffer) = read_key(true).or_else(|_| read_key(false))?;
    let pub_key_buffer = priv_key.public_key_to_pem()?;
    let enc = EncodingKey::from_rsa_pem(&priv_key_buffer)?;
--- a/src/main.rs
+++ b/src/main.rs
@ -73,11 +73,9 @@ async fn main() -> Result<(), Error> {
    });
    init_logging(level).ok();
    let extra_debug = matches!(level, LF::Trace | LF::Debug);
    check_data_folder().await;
-    auth::initialize_keys().unwrap_or_else(|_| {
+    auth::initialize_keys().unwrap_or_else(|e| {
-        error!("Error creating private key '{}', exiting...", CONFIG.private_rsa_key());
+        error!("Error creating private key '{}'\n{e:?}\nExiting Vaultwarden!", CONFIG.private_rsa_key());
        exit(1);
    });
    check_web_vault();
@ -91,6 +89,7 @@ async fn main() -> Result<(), Error> {
    schedule_jobs(pool.clone());
    crate::db::models::TwoFactor::migrate_u2f_to_webauthn(&mut pool.get().await.unwrap()).await.unwrap();
    let extra_debug = matches!(level, LF::Trace | LF::Debug);
    launch_rocket(pool, extra_debug).await // Blocks until program termination.
 }
@ -514,7 +513,7 @@ async fn launch_rocket(pool: db::DbPool, extra_debug: bool) -> Result<(), Error>
    tokio::spawn(async move {
        tokio::signal::ctrl_c().await.expect("Error setting Ctrl-C handler");
-        info!("Exiting vaultwarden!");
+        info!("Exiting Vaultwarden!");
        CONFIG.shutdown();
    });