Skip to content

dbrgn/sekursranko

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

124 Commits

.circleci

.circleci

 
 

.github

.github

 
 

src

src

 
 

tests

tests

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

Dockerfile

Dockerfile

 
 

LICENSE-APACHE

LICENSE-APACHE

 
 

LICENSE-MIT

LICENSE-MIT

 
 

README.md

README.md

 
 

RELEASING.md

RELEASING.md

 
 

config.example.toml

config.example.toml

 
 

docker-entrypoint.sh

docker-entrypoint.sh

 
 

release-build.sh

release-build.sh

 
 

safe.png

safe.png

 
 

Repository files navigation

Sekurŝranko

Icon

CircleCI

An efficient and memory-safe Threema Safe server implementation written in Rust.

This is a private project, not developed nor endorsed by Threema GmbH.

The server spec can be found in the Cryptography Whitepaper.

Features

The following features are implemented:

  • Request config
  • Download backups
  • Upload backups
  • Delete backups
  • Settings configurable by user
  • User agent validation

To be implemented:

  • Automatic cleanup of expired backups

The following feature is out of scope and should be handled by another server component (e.g. Nginx):

  • Throttling
  • TLS termination

Docker

There is a Docker image for this project:

docker run \
    -v /sekursranko:/tmp/sekursranko \
    -p 3000:3000 \
    docker.io/dbrgn/sekursranko:master

Config variables can be passed to the Docker image as uppercase env vars, for example:

docker run -e MAX_BACKUP_BYTES=12345 (...)

The image for the master branch is re-built on every push. The image for the latest release and the master branch is re-built every week.

Note: The UID/GID of the user within the Docker image is fixed to 1337.

Note: I do not offer any guarantees for this published image. It's purely provided for convenience. For critical setups, build the image yourself.

Building

To make a release build:

cargo build --release

You will find the binary at target/release/sekursranko.

Testing

Sekurŝranko is thoroughly covered by unit tests and integration tests.

To run the tests:

cargo test

In case you want to enable logging:

RUST_LOG=sekursranko=trace cargo test

To run linting:

rustup component add clippy
cargo clippy --all-targets --all-features

Running

Simply execute the binary with the -c or --config argument:

./sekursranko --config config.toml

You can find an example configfile in this repository at config.example.toml.

Configure logging using the RUST_LOG env var:

RUST_LOG=sekursranko=debug ./sekursranko -c config.toml

Deployment Notes

Sekurŝranko is meant to be run behind a reverse proxy (e.g. Nginx) that does TLS termination. That's why it currently doesn't support TLS directly.

Note that you cannot backup to a server without TLS from the Threema app.

Name

The name of this project is the Esperanto word for "safe". English-speaking people might recognize the "sekur-" prefix (-> secure), and German-speaking people might recognize the "-ŝranko" suffix (-> "Schrank", a cabinet).

License

Licensed under either of

Contributing

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

Sekurŝranko, an efficient and memory-safe Threema Safe server implementation in Rust.

Topics

rust webservice backup threema threema-safe

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity

Stars

17 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases 8

v0.5.1 Latest
Nov 23, 2022
+ 7 releases

Contributors 4

  •  
  •  
  •  
  •  

Languages