mirror of
https://github.com/shuaiplus/nodewarden.git
synced 2026-06-20 13:00:39 +00:00
shuaiplus
c0683016c3
- Updated the deployment script to build the web application before deploying. - Upgraded Wrangler dependency from 4.61.1 to 4.69.0. feat: add import item limit and request body size limit - Introduced a new limit for the maximum total items allowed in a single import (5000). - Set a hard body size limit for JSON API endpoints (25 MB). feat: validate KDF parameters during registration and password change - Added validation for KDF parameters to ensure compliance with Bitwarden's minimum requirements. - Enhanced error handling for invalid KDF parameters during user registration and password change. feat: clean up R2 files on user deletion - Implemented cleanup of R2 files associated with user attachments and sends before deleting user metadata. feat: verify folder ownership when creating or updating ciphers - Added checks to ensure that users cannot reference folders owned by other users when creating or updating ciphers. fix: handle corrupted cipher data gracefully - Improved error handling when retrieving ciphers from the database to avoid crashes due to corrupted data. feat: increment send access count atomically - Added a method to atomically increment the access count for sends and return whether the update was successful. fix: enforce request body size limits - Implemented checks to reject oversized request bodies for non-file upload paths. fix: update error handling for database initialization - Enhanced error logging for database initialization failures while providing a generic message to clients. feat: enhance security with Content Security Policy - Added a Content Security Policy to the web application to improve security against XSS attacks. fix: remove plaintext TOTP secret from localStorage - Updated the TOTP enabling process to remove the plaintext secret from localStorage after it is stored on the server. fix: ensure only PBKDF2 hash is sent for public send access - Modified the public send access payload to ensure only the PBKDF2 hash is sent, never the plaintext password.
A third-party Bitwarden server running on Cloudflare Workers, fully compatible with official clients.
Release Notes • Report an Issue • Latest Release
中文文档:README.md
Disclaimer
This project is for learning and communication purposes only. We are not responsible for any data loss; regular vault backups are strongly recommended.
This project is not affiliated with Bitwarden. Please do not report issues to the official Bitwarden team.
Feature Comparison Table (vs Official Bitwarden Server)
| Capability | Bitwarden | NodeWarden | Notes |
|---|---|---|---|
| Web Vault (logins/notes/cards/identities) | ✅ | ✅ | Web-based vault management UI |
| Folders / Favorites | ✅ | ✅ | Common vault organization supported |
Full sync /api/sync |
✅ | ✅ | Compatibility and performance optimized |
| Attachment upload/download | ✅ | ✅ | Backed by Cloudflare R2 |
| Import flow (common clients) | ✅ | ✅ | Common import paths covered |
| Website icon proxy | ✅ | ✅ | Via /icons/{hostname}/icon.png |
| passkey、TOTP fields | ❌ | ✅ | Official service requires premium; NodeWarden does not |
| Multi-user | ✅ | ✅ | Full user management with invitation mechanism |
| Send | ✅ | ✅ | Text Send and File Send are supported |
| Organizations / Collections / Member roles | ✅ | ❌ | Not necessary to implement |
| Login 2FA (TOTP/WebAuthn/Duo/Email) | ✅ | ⚠️ Partial | TOTP-only via TOTP_SECRET |
| SSO / SCIM / Enterprise directory | ✅ | ❌ | Not necessary to implement |
| Emergency access | ✅ | ❌ | Not necessary to implement |
| Admin console / Billing & subscription | ✅ | ❌ | Free only |
| Full push notification pipeline | ✅ | ❌ | Not necessary to implement |
Tested clients / platforms
- ✅ Windows desktop client (v2026.1.0)
- ✅ Mobile app (v2026.1.0)
- ✅ Browser extension (v2026.1.0)
- ✅ Linux desktop client (v2026.1.0)
- ⬜ macOS desktop client (not tested)
Quick start
One-click deploy
Deploy steps:
- Fork this repository and name it NodeWarden.
- Click the deploy button below, rename the project to NodeWarden2, and set JWT_SECRET to a 32-character random string.
- After deployment, open the Workers settings on the same page and disconnect the Git repository.
- From the same location, reconnect the Git repository to the fork you created in step 1.
Sync upstream (update):
- Manual: Open your forked repository on GitHub and click Sync fork when the sync prompt appears at the top.
- Automatic: Go to your fork → Actions, click "I understand my workflows, go ahead and enable them". The repository will auto-sync with upstream every day at 3 AM.
CLI deploy
# Clone repository
git clone https://github.com/shuaiplus/NodeWarden.git
cd NodeWarden
# Install dependencies
npm install
# Cloudflare CLI login
npx wrangler login
# Create cloud resources (D1 + R2)
npx wrangler d1 create nodewarden-db
npx wrangler r2 bucket create nodewarden-attachments
# Deploy
npm run deploy
# To update later: re-clone and re-deploy — no need to recreate cloud resources
git clone https://github.com/shuaiplus/NodeWarden.git
cd NodeWarden
npm run deploy
Local development
This repo is a Cloudflare Workers TypeScript project (Wrangler).
npm install
npm run dev
FAQ
Q: How do I back up my data?
A: Use Export vault in your client and save the JSON file.
Q: What if I forget the master password?
A: It can’t be recovered (end-to-end encryption). Keep it safe.
Q: Can multiple people use it?
A: Yes. The first registered user becomes the admin. The admin can generate invite codes from the admin panel, and other users register with those codes.
License
LGPL-3.0 License
Credits
- Bitwarden - original design and clients
- Vaultwarden - server implementation reference
- Cloudflare Workers - serverless platform