An efficient and memory-safe Threema Safe server implementation written in Rust.
This is a private project, not developed nor endorsed by Threema GmbH.
The server spec can be found in the Cryptography Whitepaper.
The following features are implemented:
- Request config
- Download backups
- Upload backups
- Delete backups
- Settings configurable by user
- User agent validation
To be implemented:
- Automatic cleanup of expired backups
The following feature is out of scope and should be handled by another server component (e.g. Nginx):
- Throttling
- TLS termination
There is a Docker image for this project:
docker run \
-v /sekursranko:/tmp/sekursranko \
-p 3000:3000 \
docker.io/dbrgn/sekursranko:master
Config variables can be passed to the Docker image as uppercase env vars, for example:
docker run -e MAX_BACKUP_BYTES=12345 (...)
The image for the master branch is re-built on every push. The image for the
latest release and the master branch is re-built every week.
Note: The UID/GID of the user within the Docker image is fixed to 1337.
Note: I do not offer any guarantees for this published image. It's purely provided for convenience. For critical setups, build the image yourself.
To make a release build:
cargo build --release
You will find the binary at target/release/sekursranko.
Sekurŝranko is thoroughly covered by unit tests and integration tests.
To run the tests:
cargo test
In case you want to enable logging:
RUST_LOG=sekursranko=trace cargo test
To run linting:
rustup component add clippy
cargo clippy --all-targets --all-features
Simply execute the binary with the -c or --config argument:
./sekursranko --config config.toml
You can find an example configfile in this repository at config.example.toml.
Configure logging using the RUST_LOG env var:
RUST_LOG=sekursranko=debug ./sekursranko -c config.toml
Sekurŝranko is meant to be run behind a reverse proxy (e.g. Nginx) that does TLS termination. That's why it currently doesn't support TLS directly.
Note that you cannot backup to a server without TLS from the Threema app.
The name of this project is the Esperanto word for "safe". English-speaking people might recognize the "sekur-" prefix (-> secure), and German-speaking people might recognize the "-ŝranko" suffix (-> "Schrank", a cabinet).
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT) at your option.
Contributing
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.