Merge pull request #1108 from rfwatson/add-db-connections-setting

Add DATABASE_MAX_CONNS config setting
2025-09-10 18:55:57 +03:00 · 2020-10-10 00:25:03 +02:00 · 2020-10-09 10:29:02 +02:00 · 2020-10-08 16:05:03 +02:00 · 2020-10-08 13:12:58 +02:00 · 2020-10-07 23:20:16 +02:00
212 changed files with 50084 additions and 4982 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,6 +3,7 @@ target
 # Data folder
 data
 .env
 # IDE files
 .vscode
@@ -10,5 +11,15 @@ data
 *.iml
 # Documentation
 .github
 *.md
 *.txt
 *.yml
 *.yaml
 # Docker folders
 hooks
 tools
 # Web vault
 web-vault
--- a/.env.template
+++ b/.env.template
@@ -1,11 +1,30 @@
 ## Bitwarden_RS Configuration File
 ## Uncomment any of the following lines to change the defaults
 ##
 ## Be aware that most of these settings will be overridden if they were changed
 ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
 ## Main data folder
 # DATA_FOLDER=data
-## Individual folders, these override %DATA_FOLDER%
+## Database URL
 ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
 # DATABASE_URL=data/db.sqlite3
 ## When using MySQL, specify an appropriate connection URI.
 ## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html
 # DATABASE_URL=mysql://user:password@host[:port]/database_name
 ## When using PostgreSQL, specify an appropriate connection URI (recommended)
 ## or keyword/value connection string.
 ## Details:
 ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 ## Database max connections
 ## Define the size of the connection pool used for connecting to the database.
 # DATABASE_MAX_CONNS=10
 ## Individual folders, these override %DATA_FOLDER%
 # RSA_KEY_FILENAME=data/rsa_key
 # ICON_CACHE_FOLDER=data/icon_cache
 # ATTACHMENTS_FOLDER=data/attachments
@@ -16,6 +35,10 @@
 ## Automatically reload the templates for every request, slow, use only for development
 # RELOAD_TEMPLATES=false
 ## Client IP Header, used to identify the IP of the client, defaults to "X-Client-IP"
 ## Set to the string "none" (without quotes), to disable any headers and just use the remote IP
 # IP_HEADER=X-Client-IP
 ## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever")
 # ICON_CACHE_TTL=2592000
 ## Cache time-to-live for icons which weren't available, in seconds (0 is "forever")
@@ -32,14 +55,14 @@
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
-## Enable extended logging
+## Enable extended logging, which shows timestamps and targets in the logs
 ## This shows timestamps and allows logging to file and to syslog
 ### To enable logging to file, use the LOG_FILE env variable
 ### To enable syslog, use the USE_SYSLOG env variable
 # EXTENDED_LOGGING=true
 ## Timestamp format used in extended logging.
 ## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime
 # LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f"
 ## Logging to file
 ## This requires extended logging
 ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
 # LOG_FILE=/path/to/log
@@ -51,7 +74,8 @@
 ## Log level
 ## Change the verbosity of the log output
 ## Valid values are "trace", "debug", "info", "warn", "error" and "off"
-## This requires extended logging
+## Setting it to "trace" or "debug" would also show logs for mounted
 ## routes and static file, websocket and alive requests
 # LOG_LEVEL=Info
 ## Enable WAL for the DB
@@ -62,6 +86,10 @@
 ## cause performance degradation or might render  the service unable to start.
 # ENABLE_DB_WAL=true
 ## Database connection retries
 ## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely
 # DB_CONNECTION_RETRIES=15
 ## Disable icon downloading
 ## Set to true to disable icon downloading, this would still serve icons from $ICON_CACHE_FOLDER,
 ## but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0,
@@ -78,22 +106,77 @@
 ## Useful to hide other servers in the local network. Check the WIKI for more details
 # ICON_BLACKLIST_REGEX=192\.168\.1\.[0-9].*^
 ## Any IP which is not defined as a global IP will be blacklisted.
 ## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block
 # ICON_BLACKLIST_NON_GLOBAL_IPS=true
 ## Disable 2FA remember
 ## Enabling this would force the users to use a second factor to login every time.
 ## Note that the checkbox would still be present, but ignored.
 # DISABLE_2FA_REMEMBER=false
 ## Maximum attempts before an email token is reset and a new email will need to be sent.
 # EMAIL_ATTEMPTS_LIMIT=3
 ## Token expiration time
 ## Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
 # EMAIL_EXPIRATION_TIME=600
 ## Email token size
 ## Number of digits in an email token (min: 6, max: 19).
 ## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting!
 # EMAIL_TOKEN_SIZE=6
 ## Controls if new users can register
 # SIGNUPS_ALLOWED=true
 ## Controls if new users need to verify their email address upon registration
 ## Note that setting this option to true prevents logins until the email address has been verified!
 ## The welcome email will include a verification link, and login attempts will periodically
 ## trigger another verification email to be sent.
 # SIGNUPS_VERIFY=false
 ## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time
 ## an email verification link has been sent another verification email will be sent
 # SIGNUPS_VERIFY_RESEND_TIME=3600
 ## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification
 ## email will be re-sent upon an attempted login.
 # SIGNUPS_VERIFY_RESEND_LIMIT=6
 ## Controls if new users from a list of comma-separated domains can register
 ## even if SIGNUPS_ALLOWED is set to false
 # SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
 ## Controls which users can create new orgs.
 ## Blank or 'all' means all users can create orgs (this is the default):
 # ORG_CREATION_USERS=
 ## 'none' means no users can create orgs:
 # ORG_CREATION_USERS=none
 ## A comma-separated list means only those users can create orgs:
 # ORG_CREATION_USERS=admin1@example.com,admin2@example.com
 ## Token for the admin interface, preferably use a long random string
 ## One option is to use 'openssl rand -base64 48'
 ## If not set, the admin panel is disabled
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
 ## Enable this to bypass the admin panel security. This option is only
 ## meant to be used with the use of a separate auth layer in front
 # DISABLE_ADMIN_TOKEN=false
 ## Invitations org admins to invite users, even when signups are disabled
 # INVITATIONS_ALLOWED=true
 ## Name shown in the invitation emails that don't come from a specific organization
 # INVITATION_ORG_NAME=Bitwarden_RS
 ## Per-organization attachment limit (KB)
 ## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more
 # ORG_ATTACHMENT_LIMIT=
 ## Per-user attachment limit (KB).
 ## Limit in kilobytes for a users attachments, once the limit is exceeded it won't be possible to upload more
 # USER_ATTACHMENT_LIMIT=
 ## Controls the PBBKDF password iterations to apply on the server
 ## The change only applies when the password is changed
@@ -109,6 +192,13 @@
 ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
 # DOMAIN=https://bw.domain.tld:8443
 ## Allowed iframe ancestors (Know the risks!)
 ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
 ## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets
 ## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value.
 ## Multiple values must be separated with a whitespace.
 # ALLOWED_IFRAME_ANCESTORS=
 ## Yubico (Yubikey) Settings
 ## Set your Client ID and Secret Key for Yubikey OTP
 ## You can generate it here: https://upgrade.yubico.com/getapikey/
@@ -128,6 +218,18 @@
 ## After that, you should be able to follow the rest of the guide linked above,
 ## ignoring the fields that ask for the values that you already configured beforehand.
 ## Authenticator Settings
 ## Disable authenticator time drifted codes to be valid.
 ## TOTP codes of the previous and next 30 seconds will be invalid
 ##
 ## According to the RFC6238 (https://tools.ietf.org/html/rfc6238),
 ## we allow by default the TOTP code which was valid one step back and one in the future.
 ## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes.
 ## You can disable this, so that only the current TOTP Code is allowed.
 ## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid.
 ## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid.
 # AUTHENTICATOR_DISABLE_TIME_DRIFT = false
 ## Rocket specific settings, check Rocket documentation to learn more
 # ROCKET_ENV=staging
 # ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
@@ -141,6 +243,28 @@
 # SMTP_FROM=bitwarden-rs@domain.tld
 # SMTP_FROM_NAME=Bitwarden_RS
 # SMTP_PORT=587
-# SMTP_SSL=true
+# SMTP_SSL=true          # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true.
 # SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work.
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.
 # SMTP_AUTH_MECHANISM="Plain"
 ## Server name sent during the SMTP HELO
 ## By default this value should be is on the machine's hostname,
 ## but might need to be changed in case it trips some anti-spam filters
 # HELO_NAME=
 ## Require new device emails. When a user logs in an email is required to be sent.
 ## If sending the email fails the login attempt will fail!!
 # REQUIRE_DEVICE_EMAIL=false
 ## HIBP Api Key
 ## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
 # HIBP_API_KEY=
 # vim: syntax=ini
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,2 @@
 github: dani-garcia
 custom: ["https://paypal.me/DaniGG"]
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,42 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
 ---
 <!--
 Please fill out the following template to make solving your problem easier and faster for us.
 This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them.
 Remember to hide/obfuscate personal and confidential information, 
 such as names, global IP/DNS adresses and especially passwords, if neccessary.
 -->
 ### Subject of the issue
 <!-- Describe your issue here.-->
 ### Your environment
 <!-- The version number, obtained from the logs or the admin page -->
 * Bitwarden_rs version: 
 <!-- How the server was installed: Docker image / package / built from source -->
 * Install method: 
 * Clients used: <!-- if applicable -->
 * Reverse proxy and version: <!-- if applicable -->
 * Version of mysql/postgresql: <!-- if applicable -->
 * Other relevant information: 
 ### Steps to reproduce
 <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults)
 and how did you start bitwarden_rs? -->
 ### Expected behaviour
 <!-- Tell us what should happen -->
 ### Actual behaviour
 <!-- Tell us what happens instead -->
 ### Relevant logs
 <!-- Share some logfiles, screenshots or output of relevant programs with us. -->
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,11 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: better for forum
 assignees: ''
 ---
 # Please submit all your feature requests to the forum
 Link: https://bitwardenrs.discourse.group/c/feature-requests
--- a/.github/ISSUE_TEMPLATE/help-with-installation-configuration.md
+++ b/.github/ISSUE_TEMPLATE/help-with-installation-configuration.md
@@ -0,0 +1,11 @@
 ---
 name: Help with installation/configuration
 about: Any questions about the setup of bitwarden_rs
 title: ''
 labels: better for forum
 assignees: ''
 ---
 # Please submit all your third party help requests to the forum
 Link: https://bitwardenrs.discourse.group/c/help
--- a/.github/ISSUE_TEMPLATE/help-with-proxy-database-nas-setup.md
+++ b/.github/ISSUE_TEMPLATE/help-with-proxy-database-nas-setup.md
@@ -0,0 +1,11 @@
 ---
 name: Help with proxy/database/NAS setup
 about: Any questions about third party software
 title: ''
 labels: better for forum
 assignees: ''
 ---
 # Please submit all your third party help requests to the forum
 Link: https://bitwardenrs.discourse.group/c/third-party-help
--- a/.github/workflows/workspace.yml
+++ b/.github/workflows/workspace.yml
@@ -0,0 +1,148 @@
 name: Workflow
 on:
  push:
    paths-ignore:
      - "**.md"
  #pull_request:
  #  paths-ignore:
  #    - "**.md"
 jobs:
  build:
    name: Build
    strategy:
      fail-fast: false
      matrix:
        db-backend: [sqlite, mysql, postgresql]
        target:
          - x86_64-unknown-linux-gnu
          # - x86_64-unknown-linux-musl
          # - x86_64-apple-darwin
          # - x86_64-pc-windows-msvc
        include:
          - target: x86_64-unknown-linux-gnu
            os: ubuntu-latest
            ext:
          # - target: x86_64-unknown-linux-musl
          #   os: ubuntu-latest
          #   ext:
          # - target: x86_64-apple-darwin
          #   os: macOS-latest
          #   ext:
          # - target: x86_64-pc-windows-msvc
          #   os: windows-latest
          #   ext: .exe
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v1
    # - name: Cache choco cache
    #   uses: actions/cache@v1.0.3
    #   if: matrix.os == 'windows-latest'
    #   with:
    #     path: ~\AppData\Local\Temp\chocolatey
    #     key: ${{ runner.os }}-choco-cache-${{ matrix.db-backend }}
    - name: Cache vcpkg installed
      uses: actions/cache@v1.0.3
      if: matrix.os == 'windows-latest'
      with:
        path: $VCPKG_ROOT/installed
        key: ${{ runner.os }}-vcpkg-cache-${{ matrix.db-backend }}
      env:
        VCPKG_ROOT: 'C:\vcpkg'
    - name: Cache vcpkg downloads
      uses: actions/cache@v1.0.3
      if: matrix.os == 'windows-latest'
      with:
        path: $VCPKG_ROOT/downloads
        key: ${{ runner.os }}-vcpkg-cache-${{ matrix.db-backend }}
      env:
        VCPKG_ROOT: 'C:\vcpkg'
    # - name: Cache homebrew
    #   uses: actions/cache@v1.0.3
    #   if: matrix.os == 'macOS-latest'
    #   with:
    #     path: ~/Library/Caches/Homebrew
    #     key: ${{ runner.os }}-brew-cache
    # - name: Cache apt
    #   uses: actions/cache@v1.0.3
    #   if: matrix.os == 'ubuntu-latest'
    #   with:
    #     path: /var/cache/apt/archives
    #     key: ${{ runner.os }}-apt-cache
    # Install dependencies
    - name: Install dependencies macOS
      run: brew update; brew install openssl sqlite libpq mysql
      if: matrix.os == 'macOS-latest'
    - name: Install dependencies Ubuntu
      run: sudo apt-get update && sudo apt-get install --no-install-recommends openssl sqlite libpq-dev libmysql++-dev
      if: matrix.os == 'ubuntu-latest'
    - name: Install dependencies Windows
      run: vcpkg integrate install; vcpkg install sqlite3:x64-windows openssl:x64-windows libpq:x64-windows libmysql:x64-windows
      if: matrix.os == 'windows-latest'
      env:
        VCPKG_ROOT: 'C:\vcpkg'
    # End Install dependencies
    # Install rust nightly toolchain
    - name: Cache cargo registry
      uses: actions/cache@v1.0.3
      with:
        path: ~/.cargo/registry
        key: ${{ runner.os }}-${{matrix.db-backend}}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
    - name: Cache cargo index
      uses: actions/cache@v1.0.3
      with:
        path: ~/.cargo/git
        key: ${{ runner.os }}-${{matrix.db-backend}}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
    - name: Cache cargo build
      uses: actions/cache@v1.0.3
      with:
        path: target
        key: ${{ runner.os }}-${{matrix.db-backend}}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
    - name: Install latest nightly
      uses: actions-rs/toolchain@v1.0.5
      with:
        # Uses rust-toolchain to determine version
        profile: minimal
        target: ${{ matrix.target }}
    # Build
    - name: Build Win
      if: matrix.os == 'windows-latest'
      run: cargo.exe build --features ${{ matrix.db-backend }} --release --target ${{ matrix.target }}
      env:
        RUSTFLAGS: -Ctarget-feature=+crt-static
        VCPKG_ROOT: 'C:\vcpkg'
    - name: Build macOS / Ubuntu
      if: matrix.os == 'macOS-latest' || matrix.os == 'ubuntu-latest'
      run: cargo build --verbose --features ${{ matrix.db-backend }} --release --target ${{ matrix.target }}
    # Test
    - name: Run tests
      run: cargo test --features ${{ matrix.db-backend }}
    # Upload & Release
    - name: Upload artifact
      uses: actions/upload-artifact@v1.0.0
      with:
        name: bitwarden_rs-${{ matrix.db-backend }}-${{ matrix.target }}${{ matrix.ext }}
        path: target/${{ matrix.target }}/release/bitwarden_rs${{ matrix.ext }}
    - name: Release
      uses: Shopify/upload-to-release@1.0.0
      if: startsWith(github.ref, 'refs/tags/')
      with:
        name: bitwarden_rs-${{ matrix.db-backend }}-${{ matrix.target }}${{ matrix.ext }}
        path: target/${{ matrix.target }}/release/bitwarden_rs${{ matrix.ext }}
        repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -0,0 +1,7 @@
 ignored:
  # disable explicit version for apt install
  - DL3008
  # disable explicit version for apk install
  - DL3018
 trustedRegistries:
  - docker.io
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,9 +1,21 @@
 dist: xenial
 env:
  global:
    - HADOLINT_VERSION=1.17.1
 language: rust
 rust: nightly
 cache: cargo
 before_install:
  - sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint
  - sudo chmod +rx /usr/local/bin/hadolint
  - rustup set profile minimal
 # Nothing to install
 install: true
-script: cargo build --all-features
+script:
 - git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint
 - cargo test --features "sqlite"
 - cargo test --features "mysql"
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,96 +13,125 @@ build = "build.rs"
 [features]
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
 postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]
 # Enable to use a vendored and statically linked openssl
 vendored_openssl = ["openssl/vendored"]
 # Enable unstable features, requires nightly
 # Currently only used to enable rusts official ip support
 unstable = []
 [target."cfg(not(windows))".dependencies]
 syslog = "4.0.1"
 [dependencies]
 # Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
-rocket = { version = "0.4.0", features = ["tls"], default-features = false }
+rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false }
-rocket_contrib = "0.4.0"
+rocket_contrib = "0.5.0-dev"
 # HTTP client
-reqwest = "0.9.15"
+reqwest = { version = "0.10.8", features = ["blocking", "json"] }
 # multipart/form-data support
-multipart = { version = "0.16.1", features = ["server"], default-features = false }
+multipart = { version = "0.17.0", features = ["server"], default-features = false }
 # WebSockets library
-ws = "0.8.0"
+ws = "0.9.1"
 # MessagePack library
-rmpv = "0.4.0"
+rmpv = "0.4.5"
 # Concurrent hashmap implementation
 chashmap = "2.2.2"
 # A generic serialization/deserialization framework
-serde = "1.0.90"
+serde = "1.0.115"
-serde_derive = "1.0.90"
+serde_derive = "1.0.115"
-serde_json = "1.0.39"
+serde_json = "1.0.57"
 # Logging
-log = "0.4.6"
+log = "0.4.11"
-fern = { version = "0.5.8", features = ["syslog-4"] }
+fern = { version = "0.6.0", features = ["syslog-4"] }
 # A safe, extensible ORM and Query builder
-diesel = { version = "1.4.2", features = ["sqlite", "chrono", "r2d2"] }
+diesel = { version = "1.4.5", features = [ "chrono", "r2d2"] }
-diesel_migrations = { version = "1.4.0", features = ["sqlite"] }
+diesel_migrations = "1.4.0"
 # Bundled SQLite
-libsqlite3-sys = { version = "0.12.0", features = ["bundled"] }
+libsqlite3-sys = { version = "0.18.0", features = ["bundled"], optional = true }
-# Crypto library
+# Crypto-related libraries
-ring = { version = "0.13.5", features = ["rsa_signing"] }
+rand = "0.7.3"
 ring = "0.16.15"
 # UUID generation
-uuid = { version = "0.7.4", features = ["v4"] }
+uuid = { version = "0.8.1", features = ["v4"] }
-# Date and time library for Rust
+# Date and time libraries
-chrono = "0.4.6"
+chrono = "0.4.15"
 chrono-tz = "0.5.3"
 time = "0.2.18"
 # TOTP library
 oath = "0.10.2"
 # Data encoding library
-data-encoding = "2.1.2"
+data-encoding = "2.3.0"
 # JWT library
-jsonwebtoken = "5.0.1"
+jsonwebtoken = "7.2.0"
 # U2F library
-u2f = "0.1.4"
+u2f = "0.2.0"
 # Yubico Library
-yubico = { version = "0.5.1", features = ["online"], default-features = false }
+yubico = { version = "0.9.1", features = ["online-tokio"], default-features = false }
 # A `dotenv` implementation for Rust
-dotenv = { version = "0.13.0", default-features = false }
+dotenv = { version = "0.15.0", default-features = false }
-# Lazy static macro
+# Lazy initialization
-lazy_static = "1.3.0"
+once_cell = "1.4.1"
 # More derives
 derive_more = "0.14.0"
 # Numerical libraries
-num-traits = "0.2.6"
+num-traits = "0.2.12"
-num-derive = "0.2.5"
+num-derive = "0.3.2"
 # Email libraries
-lettre = "0.9.0"
+lettre = { version = "0.10.0-alpha.2", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname"], default-features = false }
-lettre_email = "0.9.0"
+newline-converter = "0.1.0"
 native-tls = "0.2.2"
 quoted_printable = "0.4.0"
 # Template library
-handlebars = "1.1.0"
+handlebars = { version = "3.4.0", features = ["dir_source"] }
 # For favicon extraction from main website
-soup = "0.3.0"
+soup = "0.5.0"
-regex = "1.1.6"
+regex = "1.3.9"
 data-url = "0.1.0"
 # Used by U2F, JWT and Postgres
 openssl = "0.10.30"
 # URL encoding library
 percent-encoding = "2.1.0"
 # Punycode conversion
 idna = "0.2.0"
 # CLI argument parsing
 structopt = "0.3.17"
 # Logging panics to logfile instead stderr only
 backtrace = "0.3.50"
 # Macro ident concatenation
 paste = "1.0.0"
 [patch.crates-io]
-# Add support for Timestamp type
+# Use newest ring
-rmp = { git = 'https://github.com/dani-garcia/msgpack-rust' }
+rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = '1010f6a2a88fac899dec0cd2f642156908038a53' }
 rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = '1010f6a2a88fac899dec0cd2f642156908038a53' }
 # For favicon extraction from main website
 data-url = { git = 'https://github.com/servo/rust-url', package="data-url", rev = '7f1bd6ce1c2fde599a757302a843a60e714c5f72' }
--- a/86
+++ b/86
@@ -1,86 +0,0 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM alpine as vault
 ENV VAULT_VERSION "v2.10.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    tar
 RUN mkdir /web-vault
 WORKDIR /web-vault
 RUN curl -L $URL | tar xz
 RUN ls
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust as build
 # Using bundled SQLite, no need to install it
 # RUN apt-get update && apt-get install -y\
 #    sqlite3\
 #    --no-install-recommends\
 # && rm -rf /var/lib/apt/lists/*
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --release
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM debian:stretch-slim
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 # Install needed libraries
 RUN apt-get update && apt-get install -y\
    openssl\
    ca-certificates\
    --no-install-recommends\
 && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 # Configures the startup!
 CMD ./bitwarden_rs
--- a/1
+++ b/1
@@ -0,0 +1 @@
 docker/amd64/Dockerfile
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,92 +0,0 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM alpine as vault
 ENV VAULT_VERSION "v2.10.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    tar
 RUN mkdir /web-vault
 WORKDIR /web-vault
 RUN curl -L $URL | tar xz
 RUN ls
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust as build
 RUN apt-get update \
    && apt-get install -y \
        gcc-aarch64-linux-gnu \
    && mkdir -p ~/.cargo \
    && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \
    && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 WORKDIR /app
 # Prepare openssl arm64 libs
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        libssl-dev:arm64 \
        libc6-dev:arm64
 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
 ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Build
 RUN rustup target add aarch64-unknown-linux-gnu
 RUN cargo build --release --target=aarch64-unknown-linux-gnu -v
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/aarch64-debian:stretch
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y\
    openssl\
    ca-certificates\
    --no-install-recommends\
 && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]  
 VOLUME /data
 EXPOSE 80
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
 # Configures the startup!
 CMD ./bitwarden_rs
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -1,66 +0,0 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM alpine as vault
 ENV VAULT_VERSION "v2.10.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    tar
 RUN mkdir /web-vault
 WORKDIR /web-vault
 RUN curl -L $URL | tar xz
 RUN ls
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
 FROM clux/muslrust:nightly-2018-12-01 as build
 ENV USER "root"
 WORKDIR /app
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 RUN rustup target add x86_64-unknown-linux-musl
 # Build
 RUN cargo build --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM alpine:3.8
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 ENV SSL_CERT_DIR=/etc/ssl/certs
 # Install needed libraries
 RUN apk add \
        openssl\
        ca-certificates \
    && rm /var/cache/apk/*
 RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 # Configures the startup!
 CMD ./bitwarden_rs
--- a/Dockerfile.armv6
+++ b/Dockerfile.armv6
@@ -1,93 +0,0 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM alpine as vault
 ENV VAULT_VERSION "v2.10.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    tar
 RUN mkdir /web-vault
 WORKDIR /web-vault
 RUN curl -L $URL | tar xz
 RUN ls
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust as build
 RUN apt-get update \
    && apt-get install -y \
        gcc-arm-linux-gnueabi \
    && mkdir -p ~/.cargo \
    && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 WORKDIR /app
 # Prepare openssl armel libs
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        libssl-dev:armel \
        libc6-dev:armel
 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Build
 RUN rustup target add arm-unknown-linux-gnueabi
 RUN cargo build --release --target=arm-unknown-linux-gnueabi -v
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/rpi-debian:stretch
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y\
    openssl\
    ca-certificates\
    --no-install-recommends\
 && ln -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3\
 && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]  
 VOLUME /data
 EXPOSE 80
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
 # Configures the startup!
 CMD ./bitwarden_rs
--- a/Dockerfile.armv7
+++ b/Dockerfile.armv7
@@ -1,92 +0,0 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM alpine as vault
 ENV VAULT_VERSION "v2.10.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    tar
 RUN mkdir /web-vault
 WORKDIR /web-vault
 RUN curl -L $URL | tar xz
 RUN ls
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust as build
 RUN apt-get update \
    && apt-get install -y \
        gcc-arm-linux-gnueabihf \
    && mkdir -p ~/.cargo \
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 WORKDIR /app
 # Prepare openssl armhf libs
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        libssl-dev:armhf \
        libc6-dev:armhf
 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Build
 RUN rustup target add armv7-unknown-linux-gnueabihf
 RUN cargo build --release --target=armv7-unknown-linux-gnueabihf -v
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/armv7hf-debian:stretch
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y\
    openssl\
    ca-certificates\
    --no-install-recommends\
 && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]  
 VOLUME /data
 EXPOSE 80
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
 # Configures the startup!
 CMD ./bitwarden_rs
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 ---
 [![Travis Build Status](https://travis-ci.org/dani-garcia/bitwarden_rs.svg?branch=master)](https://travis-ci.org/dani-garcia/bitwarden_rs)
-[![Docker Pulls](https://img.shields.io/docker/pulls/mprasil/bitwarden.svg)](https://hub.docker.com/r/mprasil/bitwarden)
+[![Docker Pulls](https://img.shields.io/docker/pulls/bitwardenrs/server.svg)](https://hub.docker.com/r/bitwardenrs/server)
 [![Dependency Status](https://deps.rs/repo/github/dani-garcia/bitwarden_rs/status.svg)](https://deps.rs/repo/github/dani-garcia/bitwarden_rs)
 [![GitHub Release](https://img.shields.io/github/release/dani-garcia/bitwarden_rs.svg)](https://github.com/dani-garcia/bitwarden_rs/releases/latest)
 [![GPL-3.0 Licensed](https://img.shields.io/github/license/dani-garcia/bitwarden_rs.svg)](https://github.com/dani-garcia/bitwarden_rs/blob/master/LICENSE.txt)
@@ -13,7 +13,7 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani
 **This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC.**
-#### ⚠️**IMPORTANT**⚠️: When using this server, please report any Bitwarden related bug-reports or suggestions [here](https://github.com/dani-garcia/bitwarden_rs/issues/new), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.
+#### ⚠️**IMPORTANT**⚠️: When using this server, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.
 ---
@@ -21,21 +21,20 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani
 Basically full implementation of Bitwarden API is provided including:
 * Basic single user functionality
 * Organizations support
 * Attachments
 * Vault API support
 * Serving the static files for Vault interface
 * Website icons API
 * Authenticator and U2F support
- * YubiKey OTP
+ * YubiKey and Duo support
 ## Installation
 Pull the docker image and mount a volume from the host for persistent storage:
 ```sh
-docker pull mprasil/bitwarden:latest
+docker pull bitwardenrs/server:latest
-docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 mprasil/bitwarden:latest
+docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 bitwardenrs/server:latest
 ```
 This will preserve any persistent data under /bw-data/, you can adapt the path to whatever suits you.
@@ -49,7 +48,14 @@ If you have an available domain name, you can get HTTPS certificates with [Let's
 See the [bitwarden_rs wiki](https://github.com/dani-garcia/bitwarden_rs/wiki) for more information on how to configure and run the bitwarden_rs server.
 ## Get in touch
 To ask a question, offer suggestions or new features or to get help configuring or installing the software, please [use the forum](https://bitwardenrs.discourse.group/).
-To ask an question, [raising an issue](https://github.com/dani-garcia/bitwarden_rs/issues/new) is fine, also please report any bugs spotted here.
+If you spot any bugs or crashes with bitwarden_rs itself, please [create an issue](https://github.com/dani-garcia/bitwarden_rs/issues/). Make sure there aren't any similar issues open, though!
 If you prefer to chat, we're usually hanging around at [#bitwarden_rs:matrix.org](https://matrix.to/#/#bitwarden_rs:matrix.org) room on Matrix. Feel free to join us!
 ### Sponsors
 Thanks for your contribution to the project!
 - [@ChonoN](https://github.com/ChonoN)
 - [@themightychris](https://github.com/themightychris)
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -4,14 +4,22 @@ pool:
 steps:
 - script: |
    ls -la
-    curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(cat rust-toolchain)
+    curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(cat rust-toolchain) --profile=minimal
    echo "##vso[task.prependpath]$HOME/.cargo/bin"
  displayName: 'Install Rust'
 - script: |
    sudo apt-get update
    sudo apt-get install -y libmysql++-dev
  displayName: Install libmysql
 - script: |
    rustc -Vv
    cargo -V
  displayName: Query rust and cargo versions
- script : cargo build --all-features
+- script : cargo test --features "sqlite"
-  displayName: 'Build project'
+  displayName: 'Test project with sqlite backend'
 - script : cargo test --features "mysql"
  displayName: 'Test project with mysql backend'
--- a/build.rs
+++ b/build.rs
@@ -1,7 +1,24 @@
 use std::process::Command;
 use std::env;
 fn main() { 
    // This allow using #[cfg(sqlite)] instead of #[cfg(feature = "sqlite")], which helps when trying to add them through macros
    #[cfg(feature = "sqlite")]
    println!("cargo:rustc-cfg=sqlite");
    #[cfg(feature = "mysql")]
    println!("cargo:rustc-cfg=mysql");
    #[cfg(feature = "postgresql")]
    println!("cargo:rustc-cfg=postgresql");
    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
    compile_error!("You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite");
    if let Ok(version) = env::var("BWRS_VERSION") {
        println!("cargo:rustc-env=BWRS_VERSION={}", version);
        println!("cargo:rustc-env=CARGO_PKG_VERSION={}", version);
    } else {
        read_git_info().ok();
    }
 }
 fn run(args: &[&str]) -> Result<String, std::io::Error> {
@@ -44,14 +61,16 @@ fn read_git_info() -> Result<(), std::io::Error> {
    } else {
        format!("{}-{}", last_tag, rev_short)
    };
-    println!("cargo:rustc-env=GIT_VERSION={}", version);
+    
    println!("cargo:rustc-env=BWRS_VERSION={}", version);
    println!("cargo:rustc-env=CARGO_PKG_VERSION={}", version);
    // To access these values, use:
    //    env!("GIT_EXACT_TAG")
    //    env!("GIT_LAST_TAG")
    //    env!("GIT_BRANCH")
    //    env!("GIT_REV")
-    //    env!("GIT_VERSION")
+    //    env!("BWRS_VERSION")
    Ok(())
 }
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -0,0 +1,333 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 {% set build_stage_base_image = "rust:1.46" %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
 {%     set build_stage_base_image = "clux/muslrust:nightly-2020-10-02" %}
 {%     set runtime_stage_base_image = "alpine:3.12" %}
 {%     set package_arch_name = "" %}
 {%   elif "arm32v7" in target_file %}
 {%     set build_stage_base_image = "messense/rust-musl-cross:armv7-musleabihf" %}
 {%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.12" %}
 {%     set package_arch_name = "" %}
 {%   endif %}
 {% elif "amd64" in target_file %}
 {%   set runtime_stage_base_image = "debian:buster-slim" %}
 {%   set package_arch_name = "" %}
 {% elif "arm64v8" in target_file %}
 {%   set runtime_stage_base_image = "balenalib/aarch64-debian:buster" %}
 {%   set package_arch_name = "arm64" %}
 {% elif "arm32v6" in target_file %}
 {%   set runtime_stage_base_image = "balenalib/rpi-debian:buster" %}
 {%   set package_arch_name = "armel" %}
 {% elif "arm32v7" in target_file %}
 {%   set runtime_stage_base_image = "balenalib/armv7hf-debian:buster" %}
 {%   set package_arch_name = "armhf" %}
 {% endif %}
 {% set package_arch_prefix = ":" + package_arch_name %}
 {% if package_arch_name == "" %}
 {%   set package_arch_prefix = "" %}
 {% endif %}
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 {% set vault_image_hash = "sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303" %}
 {% raw %}
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 {% endraw %}
 FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault
 ########################## BUILD IMAGE  ##########################
 FROM {{ build_stage_base_image }} as build
 {% if "alpine" in target_file %}
 # Alpine only works on SQlite
 ARG DB=sqlite
 {% else %}
 # Debian-based builds support multidb
 ARG DB=sqlite,mysql,postgresql
 {% endif %}
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 {% if "alpine" in target_file %}
 ENV USER "root"
 ENV RUSTFLAGS='-C link-arg=-s'
 {% elif "arm" in target_file %}
 # Install required build libs for {{ package_arch_name }} architecture.
 # To compile both mysql and postgresql we need some extra packages for both host arch and target arch
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture {{ package_arch_name }} \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libssl-dev{{ package_arch_prefix }} \
        libc6-dev{{ package_arch_prefix }} \
        libpq5{{ package_arch_prefix }} \
        libpq-dev \
        libmariadb-dev{{ package_arch_prefix }} \
        libmariadb-dev-compat{{ package_arch_prefix }}
 {% endif -%}
 {% if "arm64v8" in target_file %}
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-aarch64-linux-gnu \
    && mkdir -p ~/.cargo \
    && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \
    && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 {% elif "arm32v6" in target_file %}
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabi \
    && mkdir -p ~/.cargo \
    && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 {% elif "arm32v7" in target_file and "alpine" not in target_file %}
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabihf \
    && mkdir -p ~/.cargo \
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 {% endif %}
 {% if "amd64" in target_file and "alpine" not in target_file %}
 # Install DB packages
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    libmariadb-dev{{ package_arch_prefix }} \
    libpq-dev{{ package_arch_prefix }} \
    && rm -rf /var/lib/apt/lists/*
 {% endif %}
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 {% if "alpine" not in target_file %}
 {%   if "arm" in target_file %}
 # NOTE: This should be the last apt-get/dpkg for this stage, since after this it will fail because of broken dependencies.
 # For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic.
 # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client)
 # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the {{ package_arch_prefix }} version.
 # What we can do is a force install, because nothing important is overlapping each other.
 RUN apt-get install -y libmariadb3:amd64 && \
    mkdir -pv /tmp/dpkg && \
    cd /tmp/dpkg && \
    apt-get download libmariadb-dev-compat:amd64 && \
    dpkg --force-all -i *.deb && \
    rm -rf /tmp/dpkg
 # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic.
 # The libpq5{{ package_arch_prefix }} package seems to not provide a symlink to libpq.so.5 with the name libpq.so.
 # This is only provided by the libpq-dev package which can't be installed for both arch at the same time.
 # Without this specific file the ld command will fail and compilation fails with it.
 {%   endif -%}
 {%   if "arm64v8" in target_file %}
 RUN ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so
 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
 ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 RUN rustup target add aarch64-unknown-linux-gnu
 {%   elif "arm32v6" in target_file %}
 RUN ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so
 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 RUN rustup target add arm-unknown-linux-gnueabi
 {%   elif "arm32v7" in target_file %}
 RUN ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so
 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 RUN rustup target add armv7-unknown-linux-gnueabihf
 {%   endif -%}
 {% else -%}
 {%   if "amd64" in target_file %}
 RUN rustup target add x86_64-unknown-linux-musl
 {%   elif "arm32v7" in target_file %}
 RUN rustup target add armv7-unknown-linux-musleabihf
 {%   endif %}
 {% endif %}
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 {%   elif "arm32v7" in target_file %}
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 {%   endif %}
 {% elif "alpine" not in target_file %}
 {%   if "amd64" in target_file %}
 RUN cargo build --features ${DB} --release
 {%   elif "arm64v8" in target_file %}
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 {%   elif "arm32v6" in target_file %}
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 {%   elif "arm32v7" in target_file %}
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 {%   endif %}
 {% endif %}
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 {%   elif "arm32v7" in target_file %}
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/bitwarden_rs
 {%   endif %}
 {% elif "alpine" not in target_file %}
 {%   if "amd64" in target_file %}
 RUN cargo build --features ${DB} --release
 {%   elif "arm64v8" in target_file %}
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 {%   elif "arm32v6" in target_file %}
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 {%   elif "arm32v7" in target_file %}
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 {%   endif %}
 {% endif %}
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM {{ runtime_stage_base_image }}
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 {% if "alpine" in runtime_stage_base_image %}
 ENV SSL_CERT_DIR=/etc/ssl/certs
 {% endif %}
 {% if "amd64" not in target_file %}
 RUN [ "cross-build-start" ]
 {% endif %}
 # Install needed libraries
 {% if "alpine" in runtime_stage_base_image %}
 RUN apk add --no-cache \
        openssl \
        curl \
 {%   if "sqlite" in target_file %}
        sqlite \
 {%   elif "mysql" in target_file %}
        mariadb-connector-c \
 {%   elif "postgresql" in target_file %}
        postgresql-libs \
 {%   endif %}
        ca-certificates
 {% else %}
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    sqlite3 \
    libmariadb-dev-compat \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*
 {% endif %}
 {% if "alpine" in target_file and "arm32v7" in target_file %}
 RUN apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community catatonit
 {% endif %}
 RUN mkdir /data
 {% if "amd64" not in target_file %}
 RUN [ "cross-build-end" ]
 {% endif %}
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 {%   elif "arm32v7" in target_file %}
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/bitwarden_rs .
 {%   endif %}
 {% elif "alpine" not in target_file %}
 {%   if "arm64v8" in target_file %}
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
 {%   elif "arm32v6" in target_file %}
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
 {%   elif "arm32v7" in target_file %}
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
 {%   else %}
 COPY --from=build app/target/release/bitwarden_rs .
 {%   endif %}
 {% endif %}
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 {% if "alpine" in target_file and "arm32v7" in target_file %}
 CMD ["catatonit", "/start.sh"]
 {% else %}
 CMD ["/start.sh"]
 {% endif %}
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -0,0 +1,9 @@
 OBJECTS := $(shell find -mindepth 2 -name 'Dockerfile*')
 all: $(OBJECTS)
 %/Dockerfile: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
 %/Dockerfile.alpine: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
--- a/docker/README.md
+++ b/docker/README.md
@@ -0,0 +1,3 @@
 The arch-specific directory names follow the arch identifiers used by the Docker official images:
 https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@@ -0,0 +1,105 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM rust:1.46 as build
 # Debian-based builds support multidb
 ARG DB=sqlite,mysql,postgresql
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 # Install DB packages
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    libmariadb-dev \
    libpq-dev \
    && rm -rf /var/lib/apt/lists/*
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM debian:buster-slim
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 # Install needed libraries
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    sqlite3 \
    libmariadb-dev-compat \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@@ -0,0 +1,99 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM clux/muslrust:nightly-2020-10-02 as build
 # Alpine only works on SQlite
 ARG DB=sqlite
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 ENV USER "root"
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add x86_64-unknown-linux-musl
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM alpine:3.12
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 ENV SSL_CERT_DIR=/etc/ssl/certs
 # Install needed libraries
 RUN apk add --no-cache \
        openssl \
        curl \
        ca-certificates
 RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["/start.sh"]
--- a/docker/arm32v6/Dockerfile
+++ b/docker/arm32v6/Dockerfile
@@ -0,0 +1,153 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM rust:1.46 as build
 # Debian-based builds support multidb
 ARG DB=sqlite,mysql,postgresql
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 # Install required build libs for armel architecture.
 # To compile both mysql and postgresql we need some extra packages for both host arch and target arch
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libssl-dev:armel \
        libc6-dev:armel \
        libpq5:armel \
        libpq-dev \
        libmariadb-dev:armel \
        libmariadb-dev-compat:armel
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabi \
    && mkdir -p ~/.cargo \
    && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # NOTE: This should be the last apt-get/dpkg for this stage, since after this it will fail because of broken dependencies.
 # For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic.
 # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client)
 # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armel version.
 # What we can do is a force install, because nothing important is overlapping each other.
 RUN apt-get install -y libmariadb3:amd64 && \
    mkdir -pv /tmp/dpkg && \
    cd /tmp/dpkg && \
    apt-get download libmariadb-dev-compat:amd64 && \
    dpkg --force-all -i *.deb && \
    rm -rf /tmp/dpkg
 # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic.
 # The libpq5:armel package seems to not provide a symlink to libpq.so.5 with the name libpq.so.
 # This is only provided by the libpq-dev package which can't be installed for both arch at the same time.
 # Without this specific file the ld command will fail and compilation fails with it.
 RUN ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so
 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 RUN rustup target add arm-unknown-linux-gnueabi
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/rpi-debian:buster
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    sqlite3 \
    libmariadb-dev-compat \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["/start.sh"]
--- a/docker/arm32v7/Dockerfile
+++ b/docker/arm32v7/Dockerfile
@@ -0,0 +1,153 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM rust:1.46 as build
 # Debian-based builds support multidb
 ARG DB=sqlite,mysql,postgresql
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 # Install required build libs for armhf architecture.
 # To compile both mysql and postgresql we need some extra packages for both host arch and target arch
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libssl-dev:armhf \
        libc6-dev:armhf \
        libpq5:armhf \
        libpq-dev \
        libmariadb-dev:armhf \
        libmariadb-dev-compat:armhf
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabihf \
    && mkdir -p ~/.cargo \
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # NOTE: This should be the last apt-get/dpkg for this stage, since after this it will fail because of broken dependencies.
 # For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic.
 # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client)
 # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armhf version.
 # What we can do is a force install, because nothing important is overlapping each other.
 RUN apt-get install -y libmariadb3:amd64 && \
    mkdir -pv /tmp/dpkg && \
    cd /tmp/dpkg && \
    apt-get download libmariadb-dev-compat:amd64 && \
    dpkg --force-all -i *.deb && \
    rm -rf /tmp/dpkg
 # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic.
 # The libpq5:armhf package seems to not provide a symlink to libpq.so.5 with the name libpq.so.
 # This is only provided by the libpq-dev package which can't be installed for both arch at the same time.
 # Without this specific file the ld command will fail and compilation fails with it.
 RUN ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so
 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 RUN rustup target add armv7-unknown-linux-gnueabihf
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/armv7hf-debian:buster
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    sqlite3 \
    libmariadb-dev-compat \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["/start.sh"]
--- a/docker/arm32v7/Dockerfile.alpine
+++ b/docker/arm32v7/Dockerfile.alpine
@@ -0,0 +1,106 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM messense/rust-musl-cross:armv7-musleabihf as build
 # Alpine only works on SQlite
 ARG DB=sqlite
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 ENV USER "root"
 ENV RUSTFLAGS='-C link-arg=-s'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add armv7-unknown-linux-musleabihf
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/bitwarden_rs
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/armv7hf-alpine:3.12
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 ENV SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apk add --no-cache \
        openssl \
        curl \
        ca-certificates
 RUN apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community catatonit
 RUN mkdir /data
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["catatonit", "/start.sh"]
--- a/docker/arm64v8/Dockerfile
+++ b/docker/arm64v8/Dockerfile
@@ -0,0 +1,153 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 #  This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.16.1
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.16.1
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303
 FROM bitwardenrs/web-vault@sha256:e40228f94cead5e50af6575fb39850a002dad146dab6836e5da5663e6d214303 as vault
 ########################## BUILD IMAGE  ##########################
 FROM rust:1.46 as build
 # Debian-based builds support multidb
 ARG DB=sqlite,mysql,postgresql
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 # Don't download rust docs
 RUN rustup set profile minimal
 # Install required build libs for arm64 architecture.
 # To compile both mysql and postgresql we need some extra packages for both host arch and target arch
 RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
        /etc/apt/sources.list.d/deb-src.list \
    && dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libssl-dev:arm64 \
        libc6-dev:arm64 \
        libpq5:arm64 \
        libpq-dev \
        libmariadb-dev:arm64 \
        libmariadb-dev-compat:arm64
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-aarch64-linux-gnu \
    && mkdir -p ~/.cargo \
    && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \
    && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config \
    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> ~/.cargo/config
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # NOTE: This should be the last apt-get/dpkg for this stage, since after this it will fail because of broken dependencies.
 # For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic.
 # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client)
 # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :arm64 version.
 # What we can do is a force install, because nothing important is overlapping each other.
 RUN apt-get install -y libmariadb3:amd64 && \
    mkdir -pv /tmp/dpkg && \
    cd /tmp/dpkg && \
    apt-get download libmariadb-dev-compat:amd64 && \
    dpkg --force-all -i *.deb && \
    rm -rf /tmp/dpkg
 # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic.
 # The libpq5:arm64 package seems to not provide a symlink to libpq.so.5 with the name libpq.so.
 # This is only provided by the libpq-dev package which can't be installed for both arch at the same time.
 # Without this specific file the ld command will fail and compilation fails with it.
 RUN ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so
 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
 ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 RUN rustup target add aarch64-unknown-linux-gnu
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM balenalib/aarch64-debian:buster
 ENV ROCKET_ENV "staging"
 ENV ROCKET_PORT=80
 ENV ROCKET_WORKERS=10
 RUN [ "cross-build-start" ]
 # Install needed libraries
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    sqlite3 \
    libmariadb-dev-compat \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 # Configures the startup!
 WORKDIR /
 CMD ["/start.sh"]
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -0,0 +1,53 @@
 #!/bin/sh
 # Use the value of the corresponding env var (if present),
 # or a default value otherwise.
 : ${DATA_FOLDER:="data"}
 : ${ROCKET_PORT:="80"}
 CONFIG_FILE="${DATA_FOLDER}"/config.json
 # Given a config key, return the corresponding config value from the
 # config file. If the key doesn't exist, return an empty string.
 get_config_val() {
    local key="$1"
    # Extract a line of the form:
    #   "domain": "https://bw.example.com/path",
    grep "\"${key}\":" "${CONFIG_FILE}" |
    # To extract just the value (https://bw.example.com/path), delete:
    # (1) everything up to and including the first ':',
    # (2) whitespace and '"' from the front,
    # (3) ',' and '"' from the back.
    sed -e 's/[^:]\+://' -e 's/^[ "]\+//' -e 's/[,"]\+$//'
 }
 # Extract the base path from a domain URL. For example:
 # - `` -> ``
 # - `https://bw.example.com` -> ``
 # - `https://bw.example.com/` -> ``
 # - `https://bw.example.com/path` -> `/path`
 # - `https://bw.example.com/multi/path` -> `/multi/path`
 get_base_path() {
    echo "$1" |
    # Delete:
    # (1) everything up to and including '://',
    # (2) everything up to '/',
    # (3) trailing '/' from the back.
    sed -e 's|.*://||' -e 's|[^/]\+||' -e 's|/*$||'
 }
 # Read domain URL from config.json, if present.
 if [ -r "${CONFIG_FILE}" ]; then
    domain="$(get_config_val 'domain')"
    if [ -n "${domain}" ]; then
        # config.json 'domain' overrides the DOMAIN env var.
        DOMAIN="${domain}"
    fi
 fi
 base_path="$(get_base_path "${DOMAIN}")"
 if [ -n "${ROCKET_TLS}" ]; then
    s='s'
 fi
 curl --insecure --fail --silent --show-error \
     "http${s}://localhost:${ROCKET_PORT}${base_path}/alive" || exit 1
--- a/docker/render_template
+++ b/docker/render_template
@@ -0,0 +1,17 @@
 #!/usr/bin/env python3
 import os, argparse, json
 import jinja2
 args_parser = argparse.ArgumentParser()
 args_parser.add_argument('template_file', help='Jinja2 template file to render.')
 args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
 cli_args = args_parser.parse_args()
 render_vars = json.loads(cli_args.render_vars)
 environment = jinja2.Environment(
 	loader=jinja2.FileSystemLoader(os.getcwd()),
 	trim_blocks=True,
 )
 print(environment.get_template(cli_args.template_file).render(render_vars))
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -0,0 +1,15 @@
 #!/bin/sh
 if [ -r /etc/bitwarden_rs.sh ]; then
    . /etc/bitwarden_rs.sh
 fi
 if [ -d /etc/bitwarden_rs.d ]; then
    for f in /etc/bitwarden_rs.d/*.sh; do
        if [ -r $f ]; then
            . $f
        fi
    done
 fi
 exec /bitwarden_rs "${@}"
--- a/hooks/README.md
+++ b/hooks/README.md
@@ -0,0 +1,20 @@
 The hooks in this directory are used to create multi-arch images using Docker Hub automated builds.
 Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing):
 * `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested.
 * `SOURCE_COMMIT`: the SHA1 hash of the commit being tested.
 * `COMMIT_MSG`: the message from the commit being tested and built.
 * `DOCKER_REPO`: the name of the Docker repository being built.
 * `DOCKERFILE_PATH`: the dockerfile currently being built.
 * `DOCKER_TAG`: the Docker repository tag being built.
 * `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.)
 The current multi-arch image build relies on the original bitwarden_rs Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/database/OS combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point.
 ## References
 * https://docs.docker.com/docker-hub/builds/advanced/
 * https://docs.docker.com/engine/reference/commandline/manifest/
 * https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
 * https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api
--- a/hooks/arches.sh
+++ b/hooks/arches.sh
@@ -0,0 +1,19 @@
 # The default Debian-based images support these arches for all database connections
 #
 # Other images (Alpine-based) currently
 # support only a subset of these.
 arches=(
    amd64
    arm32v6
    arm32v7
    arm64v8
 )
 if [[ "${DOCKER_TAG}" == *alpine ]]; then
    # The Alpine build currently only works for amd64.
    os_suffix=.alpine
    arches=(
        amd64
        arm32v7
    )
 fi
--- a/hooks/build
+++ b/hooks/build
@@ -0,0 +1,14 @@
 #!/bin/bash
 echo ">>> Building images..."
 source ./hooks/arches.sh
 set -ex
 for arch in "${arches[@]}"; do
    docker build \
           -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
           -f docker/${arch}/Dockerfile${os_suffix} \
           .
 done
--- a/hooks/push
+++ b/hooks/push
@@ -0,0 +1,117 @@
 #!/bin/bash
 echo ">>> Pushing images..."
 export DOCKER_CLI_EXPERIMENTAL=enabled
 declare -A annotations=(
    [amd64]="--os linux --arch amd64"
    [arm32v6]="--os linux --arch arm --variant v6"
    [arm32v7]="--os linux --arch arm --variant v7"
    [arm64v8]="--os linux --arch arm64 --variant v8"
 )
 source ./hooks/arches.sh
 set -ex
 declare -A images
 for arch in ${arches[@]}; do
    images[$arch]="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
 done
 # Push the images that were just built; manifest list creation fails if the
 # images (manifests) referenced don't already exist in the Docker registry.
 for image in "${images[@]}"; do
    docker push "${image}"
 done
 manifest_lists=("${DOCKER_REPO}:${DOCKER_TAG}")
 # If the Docker tag starts with a version number, assume the latest release is
 # being pushed. Add an extra manifest (`latest` or `alpine`, as appropriate)
 # to make it easier for users to track the latest release.
 if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
    if [[ "${DOCKER_TAG}" == *alpine ]]; then
        manifest_lists+=(${DOCKER_REPO}:alpine)
    else
        manifest_lists+=(${DOCKER_REPO}:latest)
        # Add an extra `latest-arm32v6` tag; Docker can't seem to properly
        # auto-select that image on Armv6 platforms like Raspberry Pi 1 and Zero
        # (https://github.com/moby/moby/issues/41017).
        #
        # Add this tag only for the SQLite image, as the MySQL and PostgreSQL
        # builds don't currently work on non-amd64 arches.
        #
        # TODO: Also add an `alpine-arm32v6` tag if multi-arch support for
        # Alpine-based bitwarden_rs images is implemented before this Docker
        # issue is fixed.
        if [[ ${DOCKER_REPO} == *server ]]; then
            docker tag "${DOCKER_REPO}:${DOCKER_TAG}-arm32v6" "${DOCKER_REPO}:latest-arm32v6"
            docker push "${DOCKER_REPO}:latest-arm32v6"
        fi
    fi
 fi
 for manifest_list in "${manifest_lists[@]}"; do
    # Create the (multi-arch) manifest list of arch-specific images.
    docker manifest create ${manifest_list} ${images[@]}
    # Make sure each image manifest is annotated with the correct arch info.
    # Docker does not auto-detect the arch of each cross-compiled image, so
    # everything would appear as `linux/amd64` otherwise.
    for arch in "${arches[@]}"; do
        docker manifest annotate ${annotations[$arch]} ${manifest_list} ${images[$arch]}
    done
    # Push the manifest list.
    docker manifest push --purge ${manifest_list}
 done
 # Avoid logging credentials and tokens.
 set +ex
 # Delete the arch-specific tags, if credentials for doing so are available.
 # Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT
 # obtained using a personal access token results in a 403 error with
 # {"detail": "access to the resource is forbidden with personal access token"}
 if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then
    exit 0
 fi
 # Given a JSON input on stdin, extract the string value associated with the
 # specified key. This avoids an extra dependency on a tool like `jq`.
 extract() {
    local key="$1"
    # Extract "<key>":"<val>" (assumes key/val won't contain double quotes).
    # The colon may have whitespace on either side.
    grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" |
    # Extract just <val> by deleting the last '"', and then greedily deleting
    # everything up to '"'.
    sed -e 's/"$//' -e 's/.*"//'
 }
 echo ">>> Getting API token..."
 jwt=$(curl -sS -X POST \
           -H "Content-Type: application/json" \
           -d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \
           "https://hub.docker.com/v2/users/login" |
      extract 'token')
 # Strip the registry portion from `index.docker.io/user/repo`.
 repo="${DOCKER_REPO#*/}"
 for arch in ${arches[@]}; do
    # Don't delete the `arm32v6` tag; Docker can't seem to properly
    # auto-select that image on Armv6 platforms like Raspberry Pi 1 and Zero
    # (https://github.com/moby/moby/issues/41017).
    if [[ ${arch} == 'arm32v6' ]]; then
        continue
    fi
    tag="${DOCKER_TAG}-${arch}"
    echo ">>> Deleting '${repo}:${tag}'..."
    curl -sS -X DELETE \
         -H "Authorization: Bearer ${jwt}" \
         "https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/"
 done
--- a/migrations/mysql/2018-01-14-171611_create_tables/down.sql
+++ b/migrations/mysql/2018-01-14-171611_create_tables/down.sql
--- a/migrations/mysql/2018-01-14-171611_create_tables/up.sql
+++ b/migrations/mysql/2018-01-14-171611_create_tables/up.sql
@@ -0,0 +1,62 @@
 CREATE TABLE users (
  uuid                CHAR(36) NOT NULL PRIMARY KEY,
  created_at          DATETIME NOT NULL,
  updated_at          DATETIME NOT NULL,
  email               VARCHAR(255) NOT NULL UNIQUE,
  name                TEXT     NOT NULL,
  password_hash       BLOB     NOT NULL,
  salt                BLOB     NOT NULL,
  password_iterations INTEGER  NOT NULL,
  password_hint       TEXT,
  `key`               TEXT     NOT NULL,
  private_key         TEXT,
  public_key          TEXT,
  totp_secret         TEXT,
  totp_recover        TEXT,
  security_stamp      TEXT     NOT NULL,
  equivalent_domains  TEXT     NOT NULL,
  excluded_globals    TEXT     NOT NULL
 );
 CREATE TABLE devices (
  uuid          CHAR(36) NOT NULL PRIMARY KEY,
  created_at    DATETIME NOT NULL,
  updated_at    DATETIME NOT NULL,
  user_uuid     CHAR(36) NOT NULL REFERENCES users (uuid),
  name          TEXT     NOT NULL,
  type          INTEGER  NOT NULL,
  push_token    TEXT,
  refresh_token TEXT     NOT NULL
 );
 CREATE TABLE ciphers (
  uuid              CHAR(36) NOT NULL PRIMARY KEY,
  created_at        DATETIME NOT NULL,
  updated_at        DATETIME NOT NULL,
  user_uuid         CHAR(36) NOT NULL REFERENCES users (uuid),
  folder_uuid       CHAR(36) REFERENCES folders (uuid),
  organization_uuid CHAR(36),
  type              INTEGER  NOT NULL,
  name              TEXT     NOT NULL,
  notes             TEXT,
  fields            TEXT,
  data              TEXT     NOT NULL,
  favorite          BOOLEAN  NOT NULL
 );
 CREATE TABLE attachments (
  id          CHAR(36) NOT NULL PRIMARY KEY,
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  file_name   TEXT    NOT NULL,
  file_size   INTEGER NOT NULL
 );
 CREATE TABLE folders (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  created_at DATETIME NOT NULL,
  updated_at DATETIME NOT NULL,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  name       TEXT     NOT NULL
 );
--- a/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/down.sql
+++ b/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/down.sql
--- a/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/up.sql
+++ b/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/up.sql
@@ -0,0 +1,30 @@
 CREATE TABLE collections (
  uuid     VARCHAR(40) NOT NULL PRIMARY KEY,
  org_uuid VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
  name     TEXT NOT NULL
 );
 CREATE TABLE organizations (
  uuid          VARCHAR(40) NOT NULL PRIMARY KEY,
  name          TEXT NOT NULL,
  billing_email TEXT NOT NULL
 );
 CREATE TABLE users_collections (
  user_uuid       CHAR(36) NOT NULL REFERENCES users (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  PRIMARY KEY (user_uuid, collection_uuid)
 );
 CREATE TABLE users_organizations (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  org_uuid   CHAR(36) NOT NULL REFERENCES organizations (uuid),
  access_all BOOLEAN NOT NULL,
  `key`      TEXT    NOT NULL,
  status     INTEGER NOT NULL,
  type       INTEGER NOT NULL,
  UNIQUE (user_uuid, org_uuid)
 );
--- a/migrations/mysql/2018-04-27-155151_create_users_ciphers/down.sql
+++ b/migrations/mysql/2018-04-27-155151_create_users_ciphers/down.sql
--- a/migrations/mysql/2018-04-27-155151_create_users_ciphers/up.sql
+++ b/migrations/mysql/2018-04-27-155151_create_users_ciphers/up.sql
@@ -0,0 +1,34 @@
 ALTER TABLE ciphers RENAME TO oldCiphers;
 CREATE TABLE ciphers (
  uuid              CHAR(36) NOT NULL PRIMARY KEY,
  created_at        DATETIME NOT NULL,
  updated_at        DATETIME NOT NULL,
  user_uuid         CHAR(36) REFERENCES users (uuid), -- Make this optional
  organization_uuid CHAR(36) REFERENCES organizations (uuid), -- Add reference to orgs table
  -- Remove folder_uuid
  type              INTEGER  NOT NULL,
  name              TEXT     NOT NULL,
  notes             TEXT,
  fields            TEXT,
  data              TEXT     NOT NULL,
  favorite          BOOLEAN  NOT NULL
 );
 CREATE TABLE folders_ciphers (
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  folder_uuid CHAR(36) NOT NULL REFERENCES folders (uuid),
  PRIMARY KEY (cipher_uuid, folder_uuid)
 );
 INSERT INTO ciphers (uuid, created_at, updated_at, user_uuid, organization_uuid, type, name, notes, fields, data, favorite) 
 SELECT uuid, created_at, updated_at, user_uuid, organization_uuid, type, name, notes, fields, data, favorite FROM oldCiphers;
 INSERT INTO folders_ciphers (cipher_uuid, folder_uuid)
 SELECT uuid, folder_uuid FROM oldCiphers WHERE folder_uuid IS NOT NULL;
 DROP TABLE oldCiphers;
 ALTER TABLE users_collections ADD COLUMN read_only BOOLEAN NOT NULL DEFAULT 0; -- False
--- a/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/down.sql
+++ b/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/down.sql
--- a/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/up.sql
+++ b/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/up.sql
@@ -0,0 +1,5 @@
 CREATE TABLE ciphers_collections (
  cipher_uuid       CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  PRIMARY KEY (cipher_uuid, collection_uuid)
 );
--- a/migrations/mysql/2018-05-25-232323_update_attachments_reference/down.sql
+++ b/migrations/mysql/2018-05-25-232323_update_attachments_reference/down.sql
--- a/migrations/mysql/2018-05-25-232323_update_attachments_reference/up.sql
+++ b/migrations/mysql/2018-05-25-232323_update_attachments_reference/up.sql
@@ -0,0 +1,14 @@
 ALTER TABLE attachments RENAME TO oldAttachments;
 CREATE TABLE attachments (
  id          CHAR(36) NOT NULL PRIMARY KEY,
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  file_name   TEXT    NOT NULL,
  file_size   INTEGER NOT NULL
 );
 INSERT INTO attachments (id, cipher_uuid, file_name, file_size) 
 SELECT id, cipher_uuid, file_name, file_size FROM oldAttachments;
 DROP TABLE oldAttachments;
--- a/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/down.sql
+++ b/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/down.sql
--- a/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/up.sql
+++ b/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/up.sql
--- a/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/down.sql
+++ b/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/down.sql
--- a/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/up.sql
+++ b/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/up.sql
@@ -0,0 +1,15 @@
 CREATE TABLE twofactor (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid CHAR(36) NOT NULL REFERENCES users (uuid),
  type      INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (user_uuid, type)
 );
 INSERT INTO twofactor (uuid, user_uuid, type, enabled, data) 
 SELECT UUID(), uuid, 0, 1, u.totp_secret FROM users u where u.totp_secret IS NOT NULL;
 UPDATE users SET totp_secret = NULL; -- Instead of recreating the table, just leave the columns empty
--- a/migrations/mysql/2018-08-27-172114_update_ciphers/down.sql
+++ b/migrations/mysql/2018-08-27-172114_update_ciphers/down.sql
--- a/migrations/mysql/2018-08-27-172114_update_ciphers/up.sql
+++ b/migrations/mysql/2018-08-27-172114_update_ciphers/up.sql
--- a/migrations/mysql/2018-09-10-111213_add_invites/down.sql
+++ b/migrations/mysql/2018-09-10-111213_add_invites/down.sql
--- a/migrations/mysql/2018-09-10-111213_add_invites/up.sql
+++ b/migrations/mysql/2018-09-10-111213_add_invites/up.sql
@@ -0,0 +1,3 @@
 CREATE TABLE invitations (
    email   VARCHAR(255) NOT NULL PRIMARY KEY
 );
--- a/migrations/mysql/2018-09-19-144557_add_kdf_columns/down.sql
+++ b/migrations/mysql/2018-09-19-144557_add_kdf_columns/down.sql
--- a/migrations/mysql/2018-09-19-144557_add_kdf_columns/up.sql
+++ b/migrations/mysql/2018-09-19-144557_add_kdf_columns/up.sql
@@ -4,4 +4,4 @@ ALTER TABLE users
 ALTER TABLE users
    ADD COLUMN
-    client_kdf_iter INTEGER NOT NULL DEFAULT 5000;
+    client_kdf_iter INTEGER NOT NULL DEFAULT 100000;
--- a/migrations/mysql/2018-11-27-152651_add_att_key_columns/down.sql
+++ b/migrations/mysql/2018-11-27-152651_add_att_key_columns/down.sql
--- a/migrations/mysql/2018-11-27-152651_add_att_key_columns/up.sql
+++ b/migrations/mysql/2018-11-27-152651_add_att_key_columns/up.sql
@@ -0,0 +1,3 @@
 ALTER TABLE attachments
    ADD COLUMN
    `key` TEXT;
--- a/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/down.sql
+++ b/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/down.sql
@@ -0,0 +1,7 @@
 ALTER TABLE attachments CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE ciphers CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE devices CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE twofactor CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE users CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN atype type INTEGER NOT NULL;
--- a/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/up.sql
+++ b/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/up.sql
@@ -0,0 +1,7 @@
 ALTER TABLE attachments CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE ciphers CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE devices CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE twofactor CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE users CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN type atype INTEGER NOT NULL;
--- a/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql
+++ b/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql
--- a/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql
+++ b/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql
@@ -0,0 +1 @@
 ALTER TABLE twofactor ADD COLUMN last_used INTEGER NOT NULL DEFAULT 0;
--- a/migrations/mysql/2019-11-17-011009_add_email_verification/down.sql
+++ b/migrations/mysql/2019-11-17-011009_add_email_verification/down.sql
@@ -0,0 +1 @@
--- a/migrations/mysql/2019-11-17-011009_add_email_verification/up.sql
+++ b/migrations/mysql/2019-11-17-011009_add_email_verification/up.sql
@@ -0,0 +1,5 @@
 ALTER TABLE users ADD COLUMN verified_at DATETIME DEFAULT NULL;
 ALTER TABLE users ADD COLUMN last_verifying_at DATETIME DEFAULT NULL;
 ALTER TABLE users ADD COLUMN login_verify_count INTEGER NOT NULL DEFAULT 0;
 ALTER TABLE users ADD COLUMN email_new VARCHAR(255) DEFAULT NULL;
 ALTER TABLE users ADD COLUMN email_new_token VARCHAR(16) DEFAULT NULL;
--- a/migrations/mysql/2020-03-13-205045_add_policy_table/down.sql
+++ b/migrations/mysql/2020-03-13-205045_add_policy_table/down.sql
@@ -0,0 +1 @@
 DROP TABLE org_policies;
--- a/migrations/mysql/2020-03-13-205045_add_policy_table/up.sql
+++ b/migrations/mysql/2020-03-13-205045_add_policy_table/up.sql
@@ -0,0 +1,9 @@
 CREATE TABLE org_policies (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  org_uuid  CHAR(36) NOT NULL REFERENCES organizations (uuid),
  atype     INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (org_uuid, atype)
 );
--- a/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/down.sql
+++ b/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/down.sql
@@ -0,0 +1 @@
--- a/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/up.sql
+++ b/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/up.sql
@@ -0,0 +1,3 @@
 ALTER TABLE ciphers
    ADD COLUMN
    deleted_at DATETIME;
--- a/migrations/mysql/2020-07-01-214531_add_hide_passwords/down.sql
+++ b/migrations/mysql/2020-07-01-214531_add_hide_passwords/down.sql
--- a/migrations/mysql/2020-07-01-214531_add_hide_passwords/up.sql
+++ b/migrations/mysql/2020-07-01-214531_add_hide_passwords/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users_collections
 ADD COLUMN hide_passwords BOOLEAN NOT NULL DEFAULT FALSE;
--- a/migrations/mysql/2020-08-02-025025_add_favorites_table/down.sql
+++ b/migrations/mysql/2020-08-02-025025_add_favorites_table/down.sql
@@ -0,0 +1,13 @@
 ALTER TABLE ciphers
 ADD COLUMN favorite BOOLEAN NOT NULL DEFAULT FALSE;
 -- Transfer favorite status for user-owned ciphers.
 UPDATE ciphers
 SET favorite = TRUE
 WHERE EXISTS (
  SELECT * FROM favorites
  WHERE favorites.user_uuid = ciphers.user_uuid
    AND favorites.cipher_uuid = ciphers.uuid
 );
 DROP TABLE favorites;
--- a/migrations/mysql/2020-08-02-025025_add_favorites_table/up.sql
+++ b/migrations/mysql/2020-08-02-025025_add_favorites_table/up.sql
@@ -0,0 +1,16 @@
 CREATE TABLE favorites (
  user_uuid   CHAR(36) NOT NULL REFERENCES users(uuid),
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers(uuid),
  PRIMARY KEY (user_uuid, cipher_uuid)
 );
 -- Transfer favorite status for user-owned ciphers.
 INSERT INTO favorites(user_uuid, cipher_uuid)
 SELECT user_uuid, uuid
 FROM ciphers
 WHERE favorite = TRUE
  AND user_uuid IS NOT NULL;
 ALTER TABLE ciphers
 DROP COLUMN favorite;
--- a/migrations/postgresql/2019-09-12-100000_create_tables/down.sql
+++ b/migrations/postgresql/2019-09-12-100000_create_tables/down.sql
@@ -0,0 +1,13 @@
 DROP TABLE devices;
 DROP TABLE attachments;
 DROP TABLE users_collections;
 DROP TABLE users_organizations;
 DROP TABLE folders_ciphers;
 DROP TABLE ciphers_collections;
 DROP TABLE twofactor;
 DROP TABLE invitations;
 DROP TABLE collections;
 DROP TABLE folders;
 DROP TABLE ciphers;
 DROP TABLE users;
 DROP TABLE organizations;
--- a/migrations/postgresql/2019-09-12-100000_create_tables/up.sql
+++ b/migrations/postgresql/2019-09-12-100000_create_tables/up.sql
@@ -0,0 +1,121 @@
 CREATE TABLE users (
  uuid                CHAR(36) NOT NULL PRIMARY KEY,
  created_at          TIMESTAMP NOT NULL,
  updated_at          TIMESTAMP NOT NULL,
  email               VARCHAR(255) NOT NULL UNIQUE,
  name                TEXT     NOT NULL,
  password_hash       BYTEA     NOT NULL,
  salt                BYTEA     NOT NULL,
  password_iterations INTEGER  NOT NULL,
  password_hint       TEXT,
  akey                TEXT     NOT NULL,
  private_key         TEXT,
  public_key          TEXT,
  totp_secret         TEXT,
  totp_recover        TEXT,
  security_stamp      TEXT     NOT NULL,
  equivalent_domains  TEXT     NOT NULL,
  excluded_globals    TEXT     NOT NULL,
  client_kdf_type     INTEGER NOT NULL DEFAULT 0,
  client_kdf_iter INTEGER NOT NULL DEFAULT 100000
 );
 CREATE TABLE devices (
  uuid          CHAR(36) NOT NULL PRIMARY KEY,
  created_at    TIMESTAMP NOT NULL,
  updated_at    TIMESTAMP NOT NULL,
  user_uuid     CHAR(36) NOT NULL REFERENCES users (uuid),
  name          TEXT     NOT NULL,
  atype         INTEGER  NOT NULL,
  push_token    TEXT,
  refresh_token TEXT     NOT NULL,
  twofactor_remember TEXT
 );
 CREATE TABLE organizations (
  uuid          VARCHAR(40) NOT NULL PRIMARY KEY,
  name          TEXT NOT NULL,
  billing_email TEXT NOT NULL
 );
 CREATE TABLE ciphers (
  uuid              CHAR(36) NOT NULL PRIMARY KEY,
  created_at        TIMESTAMP NOT NULL,
  updated_at        TIMESTAMP NOT NULL,
  user_uuid         CHAR(36) REFERENCES users (uuid),
  organization_uuid CHAR(36) REFERENCES organizations (uuid),
  atype             INTEGER  NOT NULL,
  name              TEXT     NOT NULL,
  notes             TEXT,
  fields            TEXT,
  data              TEXT     NOT NULL,
  favorite          BOOLEAN  NOT NULL,
  password_history  TEXT
 );
 CREATE TABLE attachments (
  id          CHAR(36) NOT NULL PRIMARY KEY,
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  file_name   TEXT    NOT NULL,
  file_size   INTEGER NOT NULL,
  akey        TEXT
 );
 CREATE TABLE folders (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  created_at TIMESTAMP NOT NULL,
  updated_at TIMESTAMP NOT NULL,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  name       TEXT     NOT NULL
 );
 CREATE TABLE collections (
  uuid     VARCHAR(40) NOT NULL PRIMARY KEY,
  org_uuid VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
  name     TEXT NOT NULL
 );
 CREATE TABLE users_collections (
  user_uuid       CHAR(36) NOT NULL REFERENCES users (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  read_only       BOOLEAN NOT NULL DEFAULT false,
  PRIMARY KEY (user_uuid, collection_uuid)
 );
 CREATE TABLE users_organizations (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  org_uuid   CHAR(36) NOT NULL REFERENCES organizations (uuid),
  access_all BOOLEAN NOT NULL,
  akey       TEXT    NOT NULL,
  status     INTEGER NOT NULL,
  atype      INTEGER NOT NULL,
  UNIQUE (user_uuid, org_uuid)
 );
 CREATE TABLE folders_ciphers (
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  folder_uuid CHAR(36) NOT NULL REFERENCES folders (uuid),
  PRIMARY KEY (cipher_uuid, folder_uuid)
 );
 CREATE TABLE ciphers_collections (
  cipher_uuid       CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  PRIMARY KEY (cipher_uuid, collection_uuid)
 );
 CREATE TABLE twofactor (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid CHAR(36) NOT NULL REFERENCES users (uuid),
  atype     INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (user_uuid, atype)
 );
 CREATE TABLE invitations (
    email   VARCHAR(255) NOT NULL PRIMARY KEY
 );
--- a/migrations/postgresql/2019-09-16-150000_fix_attachments/down.sql
+++ b/migrations/postgresql/2019-09-16-150000_fix_attachments/down.sql
@@ -0,0 +1,26 @@
 ALTER TABLE attachments ALTER COLUMN id TYPE CHAR(36);
 ALTER TABLE attachments ALTER COLUMN cipher_uuid TYPE CHAR(36);
 ALTER TABLE users ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE users ALTER COLUMN email TYPE VARCHAR(255);
 ALTER TABLE devices ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE devices ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE organizations ALTER COLUMN uuid TYPE CHAR(40);
 ALTER TABLE ciphers ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE ciphers ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE ciphers ALTER COLUMN organization_uuid TYPE CHAR(36);
 ALTER TABLE folders ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE folders ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE collections ALTER COLUMN uuid TYPE CHAR(40);
 ALTER TABLE collections ALTER COLUMN org_uuid TYPE CHAR(40);
 ALTER TABLE users_collections ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE users_collections ALTER COLUMN collection_uuid TYPE CHAR(36);
 ALTER TABLE users_organizations ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE users_organizations ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE users_organizations ALTER COLUMN org_uuid TYPE CHAR(36);
 ALTER TABLE folders_ciphers ALTER COLUMN cipher_uuid TYPE CHAR(36);
 ALTER TABLE folders_ciphers ALTER COLUMN folder_uuid TYPE CHAR(36);
 ALTER TABLE ciphers_collections ALTER COLUMN cipher_uuid TYPE CHAR(36);
 ALTER TABLE ciphers_collections ALTER COLUMN collection_uuid TYPE CHAR(36);
 ALTER TABLE twofactor ALTER COLUMN uuid TYPE CHAR(36);
 ALTER TABLE twofactor ALTER COLUMN user_uuid TYPE CHAR(36);
 ALTER TABLE invitations ALTER COLUMN email TYPE VARCHAR(255);
--- a/migrations/postgresql/2019-09-16-150000_fix_attachments/up.sql
+++ b/migrations/postgresql/2019-09-16-150000_fix_attachments/up.sql
@@ -0,0 +1,27 @@
 -- Switch from CHAR() types to VARCHAR() types to avoid padding issues.
 ALTER TABLE attachments ALTER COLUMN id TYPE TEXT;
 ALTER TABLE attachments ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
 ALTER TABLE users ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE users ALTER COLUMN email TYPE TEXT;
 ALTER TABLE devices ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE devices ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE organizations ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE ciphers ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE ciphers ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE ciphers ALTER COLUMN organization_uuid TYPE VARCHAR(40);
 ALTER TABLE folders ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE folders ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE collections ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE collections ALTER COLUMN org_uuid TYPE VARCHAR(40);
 ALTER TABLE users_collections ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE users_collections ALTER COLUMN collection_uuid TYPE VARCHAR(40);
 ALTER TABLE users_organizations ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE users_organizations ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE users_organizations ALTER COLUMN org_uuid TYPE VARCHAR(40);
 ALTER TABLE folders_ciphers ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
 ALTER TABLE folders_ciphers ALTER COLUMN folder_uuid TYPE VARCHAR(40);
 ALTER TABLE ciphers_collections ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
 ALTER TABLE ciphers_collections ALTER COLUMN collection_uuid TYPE VARCHAR(40);
 ALTER TABLE twofactor ALTER COLUMN uuid TYPE VARCHAR(40);
 ALTER TABLE twofactor ALTER COLUMN user_uuid TYPE VARCHAR(40);
 ALTER TABLE invitations ALTER COLUMN email TYPE TEXT;
--- a/migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/down.sql
+++ b/migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/down.sql
--- a/migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/up.sql
+++ b/migrations/postgresql/2019-10-10-083032_add_column_to_twofactor/up.sql
@@ -0,0 +1 @@
 ALTER TABLE twofactor ADD COLUMN last_used INTEGER NOT NULL DEFAULT 0;
--- a/migrations/postgresql/2019-11-17-011009_add_email_verification/down.sql
+++ b/migrations/postgresql/2019-11-17-011009_add_email_verification/down.sql
@@ -0,0 +1 @@
--- a/migrations/postgresql/2019-11-17-011009_add_email_verification/up.sql
+++ b/migrations/postgresql/2019-11-17-011009_add_email_verification/up.sql
@@ -0,0 +1,5 @@
 ALTER TABLE users ADD COLUMN verified_at TIMESTAMP DEFAULT NULL;
 ALTER TABLE users ADD COLUMN last_verifying_at TIMESTAMP DEFAULT NULL;
 ALTER TABLE users ADD COLUMN login_verify_count INTEGER NOT NULL DEFAULT 0;
 ALTER TABLE users ADD COLUMN email_new VARCHAR(255) DEFAULT NULL;
 ALTER TABLE users ADD COLUMN email_new_token VARCHAR(16) DEFAULT NULL;
--- a/migrations/postgresql/2020-03-13-205045_add_policy_table/down.sql
+++ b/migrations/postgresql/2020-03-13-205045_add_policy_table/down.sql
@@ -0,0 +1 @@
 DROP TABLE org_policies;
--- a/migrations/postgresql/2020-03-13-205045_add_policy_table/up.sql
+++ b/migrations/postgresql/2020-03-13-205045_add_policy_table/up.sql
@@ -0,0 +1,9 @@
 CREATE TABLE org_policies (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  org_uuid  CHAR(36) NOT NULL REFERENCES organizations (uuid),
  atype     INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (org_uuid, atype)
 );
--- a/migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/down.sql
+++ b/migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/down.sql
@@ -0,0 +1 @@
--- a/migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/up.sql
+++ b/migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/up.sql
@@ -0,0 +1,3 @@
 ALTER TABLE ciphers
    ADD COLUMN
    deleted_at TIMESTAMP;
--- a/migrations/postgresql/2020-07-01-214531_add_hide_passwords/down.sql
+++ b/migrations/postgresql/2020-07-01-214531_add_hide_passwords/down.sql
--- a/migrations/postgresql/2020-07-01-214531_add_hide_passwords/up.sql
+++ b/migrations/postgresql/2020-07-01-214531_add_hide_passwords/up.sql
@@ -0,0 +1,2 @@
 ALTER TABLE users_collections
 ADD COLUMN hide_passwords BOOLEAN NOT NULL DEFAULT FALSE;
--- a/migrations/postgresql/2020-08-02-025025_add_favorites_table/down.sql
+++ b/migrations/postgresql/2020-08-02-025025_add_favorites_table/down.sql
@@ -0,0 +1,13 @@
 ALTER TABLE ciphers
 ADD COLUMN favorite BOOLEAN NOT NULL DEFAULT FALSE;
 -- Transfer favorite status for user-owned ciphers.
 UPDATE ciphers
 SET favorite = TRUE
 WHERE EXISTS (
  SELECT * FROM favorites
  WHERE favorites.user_uuid = ciphers.user_uuid
    AND favorites.cipher_uuid = ciphers.uuid
 );
 DROP TABLE favorites;
--- a/migrations/postgresql/2020-08-02-025025_add_favorites_table/up.sql
+++ b/migrations/postgresql/2020-08-02-025025_add_favorites_table/up.sql
@@ -0,0 +1,16 @@
 CREATE TABLE favorites (
  user_uuid   VARCHAR(40) NOT NULL REFERENCES users(uuid),
  cipher_uuid VARCHAR(40) NOT NULL REFERENCES ciphers(uuid),
  PRIMARY KEY (user_uuid, cipher_uuid)
 );
 -- Transfer favorite status for user-owned ciphers.
 INSERT INTO favorites(user_uuid, cipher_uuid)
 SELECT user_uuid, uuid
 FROM ciphers
 WHERE favorite = TRUE
  AND user_uuid IS NOT NULL;
 ALTER TABLE ciphers
 DROP COLUMN favorite;
--- a/migrations/sqlite/2018-01-14-171611_create_tables/down.sql
+++ b/migrations/sqlite/2018-01-14-171611_create_tables/down.sql
@@ -0,0 +1,9 @@
 DROP TABLE users;
 DROP TABLE devices;
 DROP TABLE ciphers;
 DROP TABLE attachments;
 DROP TABLE folders;
--- a/migrations/sqlite/2018-01-14-171611_create_tables/up.sql
+++ b/migrations/sqlite/2018-01-14-171611_create_tables/up.sql
--- a/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/down.sql
+++ b/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/down.sql
@@ -0,0 +1,8 @@
 DROP TABLE collections;
 DROP TABLE organizations;
 DROP TABLE users_collections;
 DROP TABLE users_organizations;
--- a/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/up.sql
+++ b/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/up.sql
--- a/migrations/sqlite/2018-04-27-155151_create_users_ciphers/down.sql
+++ b/migrations/sqlite/2018-04-27-155151_create_users_ciphers/down.sql
--- a/migrations/sqlite/2018-04-27-155151_create_users_ciphers/up.sql
+++ b/migrations/sqlite/2018-04-27-155151_create_users_ciphers/up.sql
--- a/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/down.sql
+++ b/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/down.sql
@@ -0,0 +1 @@
 DROP TABLE ciphers_collections;
--- a/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/up.sql
+++ b/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/up.sql
--- a/migrations/sqlite/2018-05-25-232323_update_attachments_reference/down.sql
+++ b/migrations/sqlite/2018-05-25-232323_update_attachments_reference/down.sql
--- a/migrations/sqlite/2018-05-25-232323_update_attachments_reference/up.sql
+++ b/migrations/sqlite/2018-05-25-232323_update_attachments_reference/up.sql
--- a/migrations/sqlite/2018-06-01-112529_update_devices_twofactor_remember/down.sql
+++ b/migrations/sqlite/2018-06-01-112529_update_devices_twofactor_remember/down.sql
@@ -0,0 +1 @@
 -- This file should undo anything in `up.sql`
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`github: dani-garcia`
							`custom: ["https://paypal.me/DaniGG"]`
		`@@ -0,0 +1,3 @@`
							`The arch-specific directory names follow the arch identifiers used by the Docker official images:`

							`https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64`
		`@@ -0,0 +1 @@`
							`ALTER TABLE twofactor ADD COLUMN last_used INTEGER NOT NULL DEFAULT 0;`
		`@@ -0,0 +1,2 @@`
							`ALTER TABLE users_collections`
							`ADD COLUMN hide_passwords BOOLEAN NOT NULL DEFAULT FALSE;`
		`@@ -0,0 +1 @@`
							-- This file should undo anything in `up.sql`