Merge pull request #960 from jjlin/admin-token

Warn on empty `ADMIN_TOKEN` instead of bailing out
Warn on empty ADMIN_TOKEN instead of bailing out
2020-04-11 23:34:37 +02:00 · 2020-04-09 20:55:08 -07:00 · 2020-04-09 22:54:31 +02:00 · 2020-04-08 08:43:24 +02:00 · 2020-04-07 20:40:51 -07:00 · 2020-03-31 12:56:49 +02:00
80 changed files with 3706 additions and 2184 deletions
@@ -1 +1,2 @@
 github: dani-garcia
+custom: ["https://paypal.me/DaniGG"]
@@ -1,3 +1,12 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
 <!--
 Please fill out the following template to make solving your problem easier and faster for us.
 This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them.
@@ -0,0 +1,11 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: better for forum
+assignees: ''
+
+---
+
+# Please submit all your feature requests to the forum
+Link: https://bitwardenrs.discourse.group/c/feature-requests
@@ -0,0 +1,11 @@
+---
+name: Help with installation/configuration
+about: Any questions about the setup of bitwarden_rs
+title: ''
+labels: better for forum
+assignees: ''
+
+---
+
+# Please submit all your third party help requests to the forum
+Link: https://bitwardenrs.discourse.group/c/help
@@ -0,0 +1,11 @@
+---
+name: Help with proxy/database/NAS setup
+about: Any questions about third party software
+title: ''
+labels: better for forum
+assignees: ''
+
+---
+
+# Please submit all your third party help requests to the forum
+Link: https://bitwardenrs.discourse.group/c/third-party-help
@@ -1,70 +0,0 @@
-name: build-windows
-
-on: [push, pull_request]
-
-jobs:
-  build:
-
-    runs-on: windows-latest
-
-    strategy:
-      matrix:
-        db-backend: [sqlite, mysql, postgresql]
-
-    steps:
-    - uses: actions/checkout@v1
-
-    - name: Cache choco cache
-      uses: actions/cache@v1.0.3
-      with:
-        path: ~\AppData\Local\Temp\chocolatey
-        key: ${{ runner.os }}-choco-cache
-
-    - name: Install dependencies
-      run: choco install openssl sqlite postgresql12 mysql
-
-    - name: Cache cargo registry
-      uses: actions/cache@v1.0.3
-      with:
-        path: ~/.cargo/registry
-        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
-    - name: Cache cargo index
-      uses: actions/cache@v1.0.3
-      with:
-        path: ~/.cargo/git
-        key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
-    - name: Cache cargo build
-      uses: actions/cache@v1.0.3
-      with:
-        path: target
-        key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
-
-    - name: Install latest nightly
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: nightly
-        override: true
-        profile: minimal
-        target: x86_64-pc-windows-msvc
-
-    - name: Build
-      run: cargo.exe build --verbose --features ${{ matrix.db-backend }} --release --target x86_64-pc-windows-msvc
-      env:
-        OPENSSL_DIR: C:\Program Files\OpenSSL-Win64\
-
-    - name: Run tests
-      run: cargo test --features ${{ matrix.db-backend }}
-
-    - name: Upload windows artifact
-      uses: actions/upload-artifact@v1.0.0
-      with:
-        name: x86_64-pc-windows-msvc-${{ matrix.db-backend }}-bitwarden_rs
-        path: target/release/bitwarden_rs.exe
-
-    - name: Release
-      uses: Shopify/upload-to-release@1.0.0
-      if: startsWith(github.ref, 'refs/tags/')
-      with:
-        name: x86_64-pc-windows-msvc-${{ matrix.db-backend }}-bitwarden_rs
-        path: target/release/bitwarden_rs.exe
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -4,9 +4,9 @@ on:
  push:
    paths-ignore:
      - "**.md"
-  pull_request:
-    paths-ignore:
-      - "**.md"
+  #pull_request:
+  #  paths-ignore:
+  #    - "**.md"

 jobs:
  build:
@@ -18,7 +18,7 @@ jobs:
        target:
          - x86_64-unknown-linux-gnu
          # - x86_64-unknown-linux-musl
-          - x86_64-apple-darwin
+          # - x86_64-apple-darwin
          # - x86_64-pc-windows-msvc
        include:
          - target: x86_64-unknown-linux-gnu
@@ -27,9 +27,9 @@ jobs:
          # - target: x86_64-unknown-linux-musl
          #   os: ubuntu-latest
          #   ext:
-          - target: x86_64-apple-darwin
-            os: macOS-latest
-            ext:
+          # - target: x86_64-apple-darwin
+          #   os: macOS-latest
+          #   ext:
          # - target: x86_64-pc-windows-msvc
          #   os: windows-latest
          #   ext: .exe
@@ -110,10 +110,9 @@ jobs:
        key: ${{ runner.os }}-${{matrix.db-backend}}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}

    - name: Install latest nightly
-      uses: actions-rs/toolchain@v1
+      uses: actions-rs/toolchain@v1.0.5
      with:
-        toolchain: nightly
-        override: true
+        # Uses rust-toolchain to determine version
        profile: minimal
        target: ${{ matrix.target }}

@@ -14,7 +14,7 @@ build = "build.rs"
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
-postgresql = ["diesel/postgres", "diesel_migrations/postgres", "openssl"]
+postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]

 [target."cfg(not(windows))".dependencies]
@@ -26,7 +26,7 @@ rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false }
 rocket_contrib = "0.5.0-dev"

 # HTTP client
-reqwest = "0.9.24"
+reqwest = { version = "0.10.4", features = ["blocking", "json"] }

 # multipart/form-data support
 multipart = { version = "0.16.1", features = ["server"], default-features = false }
@@ -35,92 +35,99 @@ multipart = { version = "0.16.1", features = ["server"], default-features = fals
 ws = "0.9.1"

 # MessagePack library
-rmpv = "0.4.3"
+rmpv = "0.4.4"

 # Concurrent hashmap implementation
 chashmap = "2.2.2"

 # A generic serialization/deserialization framework
-serde = "1.0.104"
-serde_derive = "1.0.104"
-serde_json = "1.0.44"
+serde = "1.0.106"
+serde_derive = "1.0.106"
+serde_json = "1.0.51"

 # Logging
 log = "0.4.8"
-fern = { version = "0.5.9", features = ["syslog-4"] }
+fern = { version = "0.6.0", features = ["syslog-4"] }

 # A safe, extensible ORM and Query builder
-diesel = { version = "1.4.3", features = [ "chrono", "r2d2"] }
+diesel = { version = "1.4.4", features = [ "chrono", "r2d2"] }
 diesel_migrations = "1.4.0"

-# Bundled SQLite                                           
-libsqlite3-sys = { version = "0.16.0", features = ["bundled"], optional = true }
+# Bundled SQLite
+libsqlite3-sys = { version = "0.17.3", features = ["bundled"], optional = true }

 # Crypto library
-ring = "0.14.6"
+ring = "0.16.12"

 # UUID generation
 uuid = { version = "0.8.1", features = ["v4"] }

-# Date and time library for Rust
-chrono = "0.4.10"
+# Date and time librar for Rust
+chrono = "0.4.11"
+time = "0.2.9"

 # TOTP library
 oath = "0.10.2"

 # Data encoding library
-data-encoding = "2.1.2"
+data-encoding = "2.2.0"

 # JWT library
-jsonwebtoken = "6.0.1"
+jsonwebtoken = "7.1.0"

 # U2F library
-u2f = "0.1.6"
+u2f = "0.2.0"

 # Yubico Library
-yubico = { version = "0.7.1", features = ["online-tokio"], default-features = false }
+yubico = { version = "0.9.0", features = ["online-tokio"], default-features = false }

 # A `dotenv` implementation for Rust
 dotenv = { version = "0.15.0", default-features = false }

-# Lazy static macro
-lazy_static = "1.4.0"
+# Lazy initialization
+once_cell = "1.3.1"

 # More derives
-derive_more = "0.99.2"
+derive_more = "0.99.5"

 # Numerical libraries
-num-traits = "0.2.10"
+num-traits = "0.2.11"
 num-derive = "0.3.0"

 # Email libraries
-lettre = "0.9.2"
-lettre_email = "0.9.2"
-native-tls = "0.2.3"
-quoted_printable = "0.4.1"
+lettre = "0.10.0-pre"
+native-tls = "0.2.4"
+quoted_printable = "0.4.2"

 # Template library
-handlebars = "=2.0.2"
+handlebars = { version = "3.0.1", features = ["dir_source"] }

 # For favicon extraction from main website
-soup = "0.4.1"
-regex = "1.3.1"
+soup = "0.5.0"
+regex = "1.3.6"
 data-url = "0.1.0"

-# Required for SSL support for PostgreSQL
-openssl = { version = "0.10.26", optional = true }
+# Used by U2F, JWT and Postgres
+openssl = "0.10.29"

 # URL encoding library
 percent-encoding = "2.1.0"
+# Punycode conversion
+idna = "0.2.0"
+
+# CLI argument parsing
+structopt = "0.3.13"
+
+# Logging panics to logfile instead stderr only
+backtrace = "0.3.46"

 [patch.crates-io]
 # Use newest ring
-rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'b95b6765e1cc8be7c1e7eaef8a9d9ad940b0ac13' }
-rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'b95b6765e1cc8be7c1e7eaef8a9d9ad940b0ac13' }
+rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' }
+rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' }

 # Use git version for timeout fix #706
-lettre = { git = 'https://github.com/lettre/lettre', rev = '24d694db3be017d82b1cdc8bf9da601420b31bb0' }
-lettre_email = { git = 'https://github.com/lettre/lettre', rev = '24d694db3be017d82b1cdc8bf9da601420b31bb0' }
+lettre = { git = 'https://github.com/lettre/lettre', rev = '245c600c82ee18b766e8729f005ff453a55dce34' }

 # For favicon extraction from main website
 data-url = { git = 'https://github.com/servo/rust-url', package="data-url", rev = '7f1bd6ce1c2fde599a757302a843a60e714c5f72' }
@@ -13,7 +13,7 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani

 **This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC.**

-#### ⚠️**IMPORTANT**⚠️: When using this server, please report any Bitwarden related bug-reports or suggestions [here](https://github.com/dani-garcia/bitwarden_rs/issues/new), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.
+#### ⚠️**IMPORTANT**⚠️: When using this server, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.

 ---

@@ -21,14 +21,14 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani

 Basically full implementation of Bitwarden API is provided including:

- * Basic single user functionality
+ * Single user functionality
 * Organizations support
 * Attachments
 * Vault API support
 * Serving the static files for Vault interface
 * Website icons API
 * Authenticator and U2F support
- * YubiKey OTP
+ * YubiKey and Duo support

 ## Installation
 Pull the docker image and mount a volume from the host for persistent storage:
@@ -49,12 +49,13 @@ If you have an available domain name, you can get HTTPS certificates with [Let's
 See the [bitwarden_rs wiki](https://github.com/dani-garcia/bitwarden_rs/wiki) for more information on how to configure and run the bitwarden_rs server.

 ## Get in touch
+To ask a question, offer suggestions or new features or to get help configuring or installing the software, please [use the forum](https://bitwardenrs.discourse.group/).

-To ask a question, [raising an issue](https://github.com/dani-garcia/bitwarden_rs/issues/new) is fine. Please also report any bugs spotted here.
+If you spot any bugs or crashes with bitwarden_rs itself, please [create an issue](https://github.com/dani-garcia/bitwarden_rs/issues/). Make sure there aren't any similar issues open, though!

 If you prefer to chat, we're usually hanging around at [#bitwarden_rs:matrix.org](https://matrix.to/#/#bitwarden_rs:matrix.org) room on Matrix. Feel free to join us!

 ### Sponsors
 Thanks for your contribution to the project!

- [@Skaronator](https://github.com/Skaronator)
+- [@ChonoN](https://github.com/ChonoN)
@@ -1,4 +1,5 @@
 use std::process::Command;
+use std::env;

 fn main() {
    #[cfg(all(feature = "sqlite", feature = "mysql"))]
@@ -10,8 +11,13 @@ fn main() {

    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
    compile_error!("You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite");
-
-    read_git_info().ok();
+    
+    if let Ok(version) = env::var("BWRS_VERSION") {
+        println!("cargo:rustc-env=BWRS_VERSION={}", version);
+        println!("cargo:rustc-env=CARGO_PKG_VERSION={}", version);
+    } else {
+        read_git_info().ok();
+    }
 }

 fn run(args: &[&str]) -> Result<String, std::io::Error> {
@@ -54,14 +60,16 @@ fn read_git_info() -> Result<(), std::io::Error> {
    } else {
        format!("{}-{}", last_tag, rev_short)
    };
-    println!("cargo:rustc-env=GIT_VERSION={}", version);
+    
+    println!("cargo:rustc-env=BWRS_VERSION={}", version);
+    println!("cargo:rustc-env=CARGO_PKG_VERSION={}", version);

    // To access these values, use:
    //    env!("GIT_EXACT_TAG")
    //    env!("GIT_LAST_TAG")
    //    env!("GIT_BRANCH")
    //    env!("GIT_REV")
-    //    env!("GIT_VERSION")
+    //    env!("BWRS_VERSION")

    Ok(())
 }
@@ -0,0 +1,296 @@
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+{% set build_stage_base_image = "rust:1.40" %}
+{% if "alpine" in target_file %}
+{%   set build_stage_base_image = "clux/muslrust:nightly-2020-03-09" %}
+{%   set runtime_stage_base_image = "alpine:3.11" %}
+{%   set package_arch_name = "" %}
+{% elif "amd64" in target_file %}
+{%   set runtime_stage_base_image = "debian:buster-slim" %}
+{%   set package_arch_name = "" %}
+{% elif "aarch64" in target_file %}
+{%   set runtime_stage_base_image = "balenalib/aarch64-debian:buster" %}
+{%   set package_arch_name = "arm64" %}
+{% elif "armv6" in target_file %}
+{%   set runtime_stage_base_image = "balenalib/rpi-debian:buster" %}
+{%   set package_arch_name = "armel" %}
+{% elif "armv7" in target_file %}
+{%   set runtime_stage_base_image = "balenalib/armv7hf-debian:buster" %}
+{%   set package_arch_name = "armhf" %}
+{% endif %}
+{% set package_arch_prefix = ":" + package_arch_name %}
+{% if package_arch_name == "" %}
+{%   set package_arch_prefix = "" %}
+{% endif %}
+# Using multistage build:
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+####################### VAULT BUILD IMAGE  #######################
+{% set vault_image_hash = "sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554" %}
+{% raw %}
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+{% endraw %}
+FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault
+
+########################## BUILD IMAGE  ##########################
+{% if "musl" in build_stage_base_image %}
+# Musl build image for statically compiled binary
+{% else %}
+# We need to use the Rust build image, because
+# we need the Rust compiler and Cargo tooling
+{% endif %}
+FROM {{ build_stage_base_image }} as build
+
+{% if "sqlite" in target_file %}
+# set sqlite as default for DB ARG for backward compatibility
+ARG DB=sqlite
+
+{% elif "mysql" in target_file %}
+# set mysql backend
+ARG DB=mysql
+
+{% elif "postgresql" in target_file %}
+# set postgresql backend
+ARG DB=postgresql
+
+{% endif %}
+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
+# Don't download rust docs
+RUN rustup set profile minimal
+
+{% if "alpine" in target_file %}
+ENV USER "root"
+ENV RUSTFLAGS='-C link-arg=-s'
+
+{% elif "aarch64" in target_file or "armv" in target_file %}
+# Install required build libs for {{ package_arch_name }} architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture {{ package_arch_name }} \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev{{ package_arch_prefix }} \
+        libc6-dev{{ package_arch_prefix }}
+
+{% endif -%}
+{% if "aarch64" in target_file %}
+RUN apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        gcc-aarch64-linux-gnu \
+    && mkdir -p ~/.cargo \
+    && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \
+    && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% elif "armv6" in target_file %}
+RUN apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        gcc-arm-linux-gnueabi \
+    && mkdir -p ~/.cargo \
+    && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \
+    && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% elif "armv6" in target_file %}
+RUN apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        gcc-arm-linux-gnueabihf \
+    && mkdir -p ~/.cargo \
+    && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
+    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% elif "armv7" in target_file %}
+RUN apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        gcc-arm-linux-gnueabihf \
+    && mkdir -p ~/.cargo \
+    && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
+    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% endif %}
+{% if "mysql" in target_file %}
+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+{% if "musl" in build_stage_base_image %}
+    libmysqlclient-dev{{ package_arch_prefix }} \
+{% else %}
+    libmariadb-dev{{ package_arch_prefix }} \
+{% endif %}
+    && rm -rf /var/lib/apt/lists/*
+
+{% elif "postgresql" in target_file %}
+# Install PostgreSQL package
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    libpq-dev{{ package_arch_prefix }} \
+    && rm -rf /var/lib/apt/lists/*
+
+{% endif %}
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
+WORKDIR /app
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+{% if "aarch64" in target_file %}
+ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
+ENV CROSS_COMPILE="1"
+ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
+ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+{% elif "armv6" in target_file %}
+ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
+ENV CROSS_COMPILE="1"
+ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
+ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+{% elif "armv7" in target_file %}
+ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
+ENV CROSS_COMPILE="1"
+ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
+ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
+{% endif -%}
+
+{% if "alpine" in target_file %}
+RUN rustup target add x86_64-unknown-linux-musl
+
+{% elif "aarch64" in target_file %}
+RUN rustup target add aarch64-unknown-linux-gnu
+
+{% elif "armv6" in target_file %}
+RUN rustup target add arm-unknown-linux-gnueabi
+
+{% elif "armv7" in target_file %}
+RUN rustup target add armv7-unknown-linux-gnueabihf
+{% endif %}
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
+{% if "amd64" in target_file %}
+RUN cargo build --features ${DB} --release
+{% elif "aarch64" in target_file %}
+RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
+{% elif "armv6" in target_file %}
+RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
+{% elif "armv7" in target_file %}
+RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
+{% endif %}
+
+######################## RUNTIME IMAGE  ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+FROM {{ runtime_stage_base_image }}
+
+ENV ROCKET_ENV "staging"
+ENV ROCKET_PORT=80
+ENV ROCKET_WORKERS=10
+{% if "alpine" in runtime_stage_base_image %}
+ENV SSL_CERT_DIR=/etc/ssl/certs
+{% endif %}
+
+{% if "amd64" not in target_file %}
+RUN [ "cross-build-start" ]
+
+{% endif %}
+# Install needed libraries
+{% if "alpine" in runtime_stage_base_image %}
+RUN apk add --no-cache \
+        openssl \
+        curl \
+{%   if "sqlite" in target_file %}
+        sqlite \
+{%   elif "mysql" in target_file %}
+        mariadb-connector-c \
+{%   elif "postgresql" in target_file %}
+        postgresql-libs \
+{%   endif %}
+        ca-certificates
+{% else %}
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    openssl \
+    ca-certificates \
+    curl \
+{%   if "sqlite" in target_file %}
+    sqlite3 \
+{%   elif "mysql" in target_file %}
+    libmariadbclient-dev \
+{%   elif "postgresql" in target_file %}
+    libpq5 \
+{%   endif %}
+    && rm -rf /var/lib/apt/lists/*
+{% endif %}
+
+RUN mkdir /data
+{% if "amd64" not in target_file %}
+
+RUN [ "cross-build-end" ]
+
+{% endif %}
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+COPY Rocket.toml .
+COPY --from=vault /web-vault ./web-vault
+{% if "alpine" in target_file %}
+COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
+{% elif "aarch64" in target_file %}
+COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
+{% elif "armv6" in target_file %}
+COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
+{% elif "armv7" in target_file %}
+COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
+{% else %}
+COPY --from=build app/target/release/bitwarden_rs .
+{% endif %}
+
+COPY docker/healthcheck.sh /healthcheck.sh
+
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
+
+# Configures the startup!
+WORKDIR /
+CMD ["/bitwarden_rs"]
@@ -0,0 +1,9 @@
+OBJECTS := $(shell find -mindepth 2 -name 'Dockerfile*')
+
+all: $(OBJECTS)
+
+%/Dockerfile: Dockerfile.j2 render_template
+	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
+
+%/Dockerfile.alpine: Dockerfile.j2 render_template
+	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
@@ -1,24 +1,21 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
@@ -28,9 +25,22 @@ FROM rust:1.40 as build
 # set mysql backend
 ARG DB=mysql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for arm64 architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture arm64 \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:arm64 \
+        libc6-dev:arm64
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,30 +52,42 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    libmariadb-dev:arm64 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl arm64 libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture arm64 \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:arm64 \
-        libc6-dev:arm64 \
-        libmariadb-dev:arm64
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
 ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+RUN rustup target add aarch64-unknown-linux-gnu
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add aarch64-unknown-linux-gnu
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu

 ######################## RUNTIME IMAGE  ########################
@@ -86,14 +108,15 @@ RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    libmariadbclient-dev \
- && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/*

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -101,9 +124,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,36 +1,46 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust:1.40 as build

-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
 ARG DB=sqlite

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for arm64 architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture arm64 \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:arm64 \
+        libc6-dev:arm64
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,29 +52,36 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl arm64 libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture arm64 \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:arm64 \
-        libc6-dev:arm64
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
 ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+RUN rustup target add aarch64-unknown-linux-gnu
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add aarch64-unknown-linux-gnu
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu

 ######################## RUNTIME IMAGE  ########################
@@ -85,14 +102,15 @@ RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    sqlite3 \
- && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/*

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -100,9 +118,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,24 +1,21 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
@@ -28,6 +25,9 @@ FROM rust:1.40 as build
 # set mysql backend
 ARG DB=mysql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

@@ -38,7 +38,7 @@ RUN apt-get update && apt-get install -y \
    && rm -rf /var/lib/apt/lists/*

 # Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin app
+RUN USER=root cargo new --bin /app
 WORKDIR /app

 # Copies over *only* your manifests and build files
@@ -92,9 +92,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,55 +1,70 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
-FROM clux/muslrust:nightly-2019-12-19 as build
+FROM clux/muslrust:nightly-2020-03-09 as build

 # set mysql backend
 ARG DB=mysql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

 ENV USER "root"
+ENV RUSTFLAGS='-C link-arg=-s'

-# Install needed libraries
+# Install MySQL package
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    libmysqlclient-dev \
    && rm -rf /var/lib/apt/lists/*

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-RUN rustup target add x86_64-unknown-linux-musl
-
 # Make sure that we actually build the project
 RUN touch src/main.rs

-# Build
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release

 ######################## RUNTIME IMAGE  ########################
@@ -65,8 +80,8 @@ ENV SSL_CERT_DIR=/etc/ssl/certs
 # Install needed libraries
 RUN apk add --no-cache \
        openssl \
-        mariadb-connector-c \
        curl \
+        mariadb-connector-c \
        ca-certificates

 RUN mkdir /data
@@ -80,9 +95,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,50 +1,44 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust:1.40 as build

-# set mysql backend
+# set postgresql backend
 ARG DB=postgresql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

-# Using bundled SQLite, no need to install it
-# RUN apt-get update && apt-get install -y\
-#    --no-install-recommends \
-#    sqlite3\
-# && rm -rf /var/lib/apt/lists/*
-
-# Install MySQL package
+# Install PostgreSQL package
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    libpq-dev \
    && rm -rf /var/lib/apt/lists/*

 # Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin app
+RUN USER=root cargo new --bin /app
 WORKDIR /app

 # Copies over *only* your manifests and build files
@@ -84,7 +78,6 @@ RUN apt-get update && apt-get install -y \
    openssl \
    ca-certificates \
    curl \
-    sqlite3 \
    libpq5 \
    && rm -rf /var/lib/apt/lists/*

@@ -99,9 +92,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,55 +1,70 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
-FROM clux/muslrust:nightly-2019-12-19 as build
+FROM clux/muslrust:nightly-2020-03-09 as build

 # set postgresql backend
 ARG DB=postgresql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

 ENV USER "root"
+ENV RUSTFLAGS='-C link-arg=-s'

-# Install needed libraries
+# Install PostgreSQL package
 RUN apt-get update && apt-get install -y \
    --no-install-recommends \
    libpq-dev \
    && rm -rf /var/lib/apt/lists/*

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-RUN rustup target add x86_64-unknown-linux-musl
-
 # Make sure that we actually build the project
 RUN touch src/main.rs

-# Build
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release

 ######################## RUNTIME IMAGE  ########################
@@ -65,9 +80,8 @@ ENV SSL_CERT_DIR=/etc/ssl/certs
 # Install needed libraries
 RUN apk add --no-cache \
        openssl \
-        postgresql-libs \
        curl \
-        sqlite \
+        postgresql-libs \
        ca-certificates

 RUN mkdir /data
@@ -81,9 +95,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,38 +1,38 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust:1.40 as build

-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
 ARG DB=sqlite

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

 # Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin app
+RUN USER=root cargo new --bin /app
 WORKDIR /app

 # Copies over *only* your manifests and build files
@@ -86,9 +86,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,49 +1,64 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
-FROM clux/muslrust:nightly-2019-12-19 as build
+FROM clux/muslrust:nightly-2020-03-09 as build

-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
 ARG DB=sqlite

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

 ENV USER "root"
+ENV RUSTFLAGS='-C link-arg=-s'

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-RUN rustup target add x86_64-unknown-linux-musl
-
 # Make sure that we actually build the project
 RUN touch src/main.rs

-# Build
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release

 ######################## RUNTIME IMAGE  ########################
@@ -74,10 +89,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
-
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+COPY docker/healthcheck.sh /healthcheck.sh

+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,24 +1,21 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
@@ -28,9 +25,22 @@ FROM rust:1.40 as build
 # set mysql backend
 ARG DB=mysql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for armel architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture armel \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:armel \
+        libc6-dev:armel
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,30 +52,42 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    libmariadb-dev:armel \
+    && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl armel libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture armel \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:armel \
-        libc6-dev:armel \
-        libmariadb-dev:armel
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+RUN rustup target add arm-unknown-linux-gnueabi
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add arm-unknown-linux-gnueabi
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi

 ######################## RUNTIME IMAGE  ########################
@@ -90,10 +112,11 @@ RUN apt-get update && apt-get install -y \

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -101,9 +124,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,36 +1,46 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust:1.40 as build

-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
 ARG DB=sqlite

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for armel architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture armel \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:armel \
+        libc6-dev:armel
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,29 +52,36 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl armel libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture armel \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:armel \
-        libc6-dev:armel
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+RUN rustup target add arm-unknown-linux-gnueabi
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add arm-unknown-linux-gnueabi
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi

 ######################## RUNTIME IMAGE  ########################
@@ -89,10 +106,11 @@ RUN apt-get update && apt-get install -y \

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -100,9 +118,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,24 +1,21 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
@@ -28,9 +25,22 @@ FROM rust:1.40 as build
 # set mysql backend
 ARG DB=mysql

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for armhf architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture armhf \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:armhf \
+        libc6-dev:armhf
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,31 +52,41 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    libmariadb-dev:armhf \
+    && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl armhf libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture armhf \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:armhf \
-        libc6-dev:armhf \
-        libmariadb-dev:armhf
-
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
+RUN rustup target add armv7-unknown-linux-gnueabihf
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add armv7-unknown-linux-gnueabihf
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf

 ######################## RUNTIME IMAGE  ########################
@@ -91,10 +111,11 @@ RUN apt-get update && apt-get install -y \

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -102,9 +123,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,36 +1,46 @@
-# Using multistage build: 
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
+
+# Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault

-ENV VAULT_VERSION "v2.12.0b"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
-
-RUN mkdir /web-vault
-WORKDIR /web-vault
-
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.13.2b
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault

 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rust:1.40 as build

-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
 ARG DB=sqlite

+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
+
 # Don't download rust docs
 RUN rustup set profile minimal

+# Install required build libs for armhf architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+        /etc/apt/sources.list.d/deb-src.list \
+    && dpkg --add-architecture armhf \
+    && apt-get update \
+    && apt-get install -y \
+        --no-install-recommends \
+        libssl-dev:armhf \
+        libc6-dev:armhf
+
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
@@ -42,29 +52,35 @@ RUN apt-get update \
 ENV CARGO_HOME "/root/.cargo"
 ENV USER "root"

+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Prepare openssl armhf libs
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
-        /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture armhf \
-    && apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        libssl-dev:armhf \
-        libc6-dev:armhf
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs

 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
 ENV CROSS_COMPILE="1"
 ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
 ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
+RUN rustup target add armv7-unknown-linux-gnueabihf
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete

 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .

-# Build
-RUN rustup target add armv7-unknown-linux-gnueabihf
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf

 ######################## RUNTIME IMAGE  ########################
@@ -89,10 +105,11 @@ RUN apt-get update && apt-get install -y \

 RUN mkdir /data

-RUN [ "cross-build-end" ]  
+RUN [ "cross-build-end" ]

 VOLUME /data
 EXPOSE 80
+EXPOSE 3012

 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
@@ -100,9 +117,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .

-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh

-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]

 # Configures the startup!
 WORKDIR /
@@ -1,8 +1,53 @@
-#!/usr/bin/env sh
+#!/bin/sh

-if [ -z "$ROCKET_TLS"]
-then
-  curl --fail http://localhost:${ROCKET_PORT:-"80"}/alive || exit 1
-else
-  curl --insecure --fail https://localhost:${ROCKET_PORT:-"80"}/alive || exit 1
-fi
+# Use the value of the corresponding env var (if present),
+# or a default value otherwise.
+: ${DATA_FOLDER:="data"}
+: ${ROCKET_PORT:="80"}
+
+CONFIG_FILE="${DATA_FOLDER}"/config.json
+
+# Given a config key, return the corresponding config value from the
+# config file. If the key doesn't exist, return an empty string.
+get_config_val() {
+    local key="$1"
+    # Extract a line of the form:
+    #   "domain": "https://bw.example.com/path",
+    grep "\"${key}\":" "${CONFIG_FILE}" |
+    # To extract just the value (https://bw.example.com/path), delete:
+    # (1) everything up to and including the first ':',
+    # (2) whitespace and '"' from the front,
+    # (3) ',' and '"' from the back.
+    sed -e 's/[^:]\+://' -e 's/^[ "]\+//' -e 's/[,"]\+$//'
+}
+
+# Extract the base path from a domain URL. For example:
+# - `` -> ``
+# - `https://bw.example.com` -> ``
+# - `https://bw.example.com/` -> ``
+# - `https://bw.example.com/path` -> `/path`
+# - `https://bw.example.com/multi/path` -> `/multi/path`
+get_base_path() {
+    echo "$1" |
+    # Delete:
+    # (1) everything up to and including '://',
+    # (2) everything up to '/',
+    # (3) trailing '/' from the back.
+    sed -e 's|.*://||' -e 's|[^/]\+||' -e 's|/*$||'
+}
+
+# Read domain URL from config.json, if present.
+if [ -r "${CONFIG_FILE}" ]; then
+    domain="$(get_config_val 'domain')"
+    if [ -n "${domain}" ]; then
+        # config.json 'domain' overrides the DOMAIN env var.
+        DOMAIN="${domain}"
+    fi
+fi
+
+base_path="$(get_base_path "${DOMAIN}")"
+if [ -n "${ROCKET_TLS}" ]; then
+    s='s'
+fi
+curl --insecure --fail --silent --show-error \
+     "http${s}://localhost:${ROCKET_PORT}${base_path}/alive" || exit 1
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+
+import os, argparse, json
+
+import jinja2
+
+args_parser = argparse.ArgumentParser()
+args_parser.add_argument('template_file', help='Jinja2 template file to render.')
+args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
+cli_args = args_parser.parse_args()
+
+render_vars = json.loads(cli_args.render_vars)
+environment = jinja2.Environment(
+	loader=jinja2.FileSystemLoader(os.getcwd()),
+	trim_blocks=True,
+)
+print(environment.get_template(cli_args.template_file).render(render_vars))
@@ -0,0 +1 @@
+DROP TABLE org_policies;
@@ -0,0 +1,9 @@
+CREATE TABLE org_policies (
+  uuid      CHAR(36) NOT NULL PRIMARY KEY,
+  org_uuid  CHAR(36) NOT NULL REFERENCES organizations (uuid),
+  atype     INTEGER  NOT NULL,
+  enabled   BOOLEAN  NOT NULL,
+  data      TEXT     NOT NULL,
+
+  UNIQUE (org_uuid, atype)
+);
@@ -0,0 +1 @@
+DROP TABLE org_policies;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Daniel García	e3feba2a2c	Merge pull request #960 from jjlin/admin-token Warn on empty `ADMIN_TOKEN` instead of bailing out	2020-04-11 23:34:37 +02:00
Jeremy Lin	0a68de6c24	Warn on empty `ADMIN_TOKEN` instead of bailing out The admin page will still be disabled. Fixes #849.	2020-04-09 20:55:08 -07:00
Daniel García	4be8dae626	Make web vault show a more informative error when browsers block WebCrypto in insecure contexts and update dependencies	2020-04-09 22:54:31 +02:00
Daniel García	77f95146d6	Merge pull request #956 from jjlin/duo Fix Duo auth failure with non-lowercased email addresses	2020-04-08 08:43:24 +02:00
Jeremy Lin	6cd8512bbd	Fix Duo auth failure with non-lowercased email addresses	2020-04-07 20:40:51 -07:00
Daniel García	843604c9e7	Merge pull request #939 from jjlin/attachment-size Fix attachment size limit calculation	2020-03-31 12:56:49 +02:00
Jeremy Lin	7407b8326a	Fix attachment size limit calculation The config values (in KB) need to be converted to bytes when comparing against total attachment sizes.	2020-03-31 02:30:28 -07:00
Daniel García	adf47827c9	Make sure the data field is always returned, otherwise the mobile apps seem to have issues	2020-03-30 22:19:50 +02:00
Daniel García	5471088e93	Merge pull request #933 from jjlin/dockerfiles Rebuild Dockerfiles to match latest Dockerfile.j2 template	2020-03-27 17:45:10 +01:00
Daniel García	4e85a1dee1	Update web vault to 2.13.2	2020-03-27 17:44:10 +01:00
Daniel García	ec60839064	Merge pull request #932 from jjlin/ws-fix Fix WebSocket notifications	2020-03-27 08:38:54 +01:00
Jeremy Lin	d4bfa1a189	Rebuild Dockerfiles to match latest Dockerfile.j2 template Picks up a couple of missed changes from `b837348b` and `ccf6ee79`.	2020-03-26 20:10:33 -07:00
Jeremy Lin	862d401077	Fix WebSocket notifications Ignore a missing `id` query param; it's unclear what this ID represents, but it wasn't being used in the existing bitwarden_rs code, and no longer seems to be sent in the latest versions of the official clients.	2020-03-26 19:26:44 -07:00
Daniel García	255a06382d	Merge pull request #928 from jjlin/healthcheck Healthcheck fixes/optimizations	2020-03-26 21:13:31 +01:00
Jeremy Lin	bbb0484d03	Healthcheck fixes/optimizations * Switch healthcheck interval/timeout from 30s/3s to 60s/10s. 30s interval is arguably overkill, and 3s timeout is definitely too short for lower end machines. * Use HEALTHCHECK CMD exec form to avoid superfluous `sh` invocations. * Add `--silent --show-error` flags to curl call to avoid progress meter being shown in healthcheck logs.	2020-03-25 20:13:36 -07:00
Daniel García	93346bc05d	Merge pull request #927 from jjlin/healthcheck Update healthcheck script to handle alternate base dir	2020-03-25 22:21:08 +01:00
Jeremy Lin	fdf50f0064	Update healthcheck script to handle alternate base dir	2020-03-24 20:00:35 -07:00
Daniel García	ccf6ee79d0	Update dependencies, mainly diesel and sqlite	2020-03-24 20:36:19 +01:00
Daniel García	91dd19473d	Merge pull request #922 from jjlin/device-push-token Handle `devicePushToken`	2020-03-23 00:03:10 +01:00
Jeremy Lin	c06162b22f	Handle `devicePushToken` Mobile push isn't currently supported, but this should get rid of spurious `Detected unexpected parameter during login: devicepushtoken` warnings.	2020-03-22 15:04:25 -07:00
Daniel García	7a6a3e4160	Set the cargo version and allow changing it during build time with BWRS_VERSION. Also renamed GIT_VERSION because that's not the only source anymore.	2020-03-22 16:13:34 +01:00
Daniel García	94341f9f3f	Fix token error while accepting invite	2020-03-20 10:51:17 +01:00
Daniel García	ff19fb3426	Merge pull request #919 from BlackDex/issue-908 Fixed issue #908	2020-03-19 18:11:47 +01:00
BlackDex	baac8d9627	Fixed issue #908 The organization uuid is most of the time within the uri path as a parameter. But sometimes it only is there as a query value. This fix checks both, and returns the uuid when possible.	2020-03-19 17:37:10 +01:00
BlackDex	669b101e6a	Fixing issue #908 Sometimes an org-uuid is not within the path but in a query value, This fixes the check for that.	2020-03-19 16:50:47 +01:00
Daniel García	935f38692f	Merge pull request #918 from dani-garcia/revert-901-feature/opportunistic_tls Revert "Use opportunistic TLS in SMTP connections"	2020-03-19 13:58:00 +01:00
Daniel García	d2d9fb08cc	Revert "Use opportunistic TLS in SMTP connections"	2020-03-19 13:56:53 +01:00
Daniel García	b85d548879	Merge pull request #916 from BlackDex/issue-759 Fixing issue #759 by disabling Foreign Key Checks.	2020-03-18 18:48:08 +01:00
BlackDex	35f30088b2	Fixing issue #759 by disabling Foreign Key Checks. During migrations some queries are out of order regarding to foreign keys. Because of this the migrations fail when the sql database has this enforced by default. Turning of this check during the migrations will fix this and this is only per session.	2020-03-18 18:11:11 +01:00
Daniel García	dce054e632	Merge pull request #912 from ymage/openssl_as_default Fix alpine build with openssl crate as default	2020-03-16 23:02:07 +01:00
Ymage	ba725e1c25	Make openssl crate as default (non feature-flipped)	2020-03-16 22:39:10 +01:00
Ymage	b837348b25	Build as static	2020-03-16 22:34:59 +01:00
Daniel García	7d9c7017c9	Merge pull request #911 from BlackDex/upgrade-rocket Upgrade rocket	2020-03-16 18:17:17 +01:00
Daniel García	d6b9b8bf0c	Merge pull request #876 from BlackDex/log-panics Make panics logable (as warn)	2020-03-16 18:16:49 +01:00
BlackDex	bd09fe1a3d	Updated code so backtraces are logged also.	2020-03-16 17:53:22 +01:00
BlackDex	bcbe6177b8	Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into log-panics	2020-03-16 17:19:27 +01:00
BlackDex	9b1d07365e	Updated ring Some small changes to match the updated ring package.	2020-03-16 16:39:20 +01:00
BlackDex	37b212427c	Updated jsonwebtoken Updated to the latest version of jsonwebtoken. Some small code changes to match the new versions.	2020-03-16 16:38:00 +01:00
BlackDex	078234d8b3	Small change for rocket compatibilty	2020-03-16 16:36:44 +01:00
BlackDex	3ce0c3d1a5	Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)	2020-03-16 16:32:33 +01:00
Daniel García	2ee07ea1d8	Fix empty data when cloning cipher	2020-03-15 17:26:34 +01:00
Daniel García	40c339db9b	Fix postgres policies, second try	2020-03-14 23:53:12 +01:00
Daniel García	402c1cd06c	Merge pull request #906 from BlackDex/upgrade-reqwest Updated reqwest to the latest version.	2020-03-14 23:35:52 +01:00
Daniel García	819f340f39	Fix issue with postgres	2020-03-14 23:35:34 +01:00
BlackDex	1b4b40c95d	Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.	2020-03-14 23:12:45 +01:00
Daniel García	afd9f4e278	Allow the smtp mechanism to be provided without quotes and all lowercase	2020-03-14 22:31:41 +01:00
Daniel García	47a9461f39	Merge pull request #903 from TheBinaryLoop/patch-1 Updated domains with new values vualt	2020-03-14 14:41:39 +01:00
Daniel García	c6f64d8368	Merge pull request #901 from sleweke/feature/opportunistic_tls Use opportunistic TLS in SMTP connections	2020-03-14 14:41:00 +01:00
Daniel García	edabf19ddf	Update vault to 2.13.1	2020-03-14 14:40:06 +01:00
Daniel García	a30d5f4cf9	Fix cloning issues	2020-03-14 14:08:57 +01:00
Daniel García	3fa78e7bb1	Initial version of policies	2020-03-14 13:32:28 +01:00
Lukas Eßmann	a8a7e4f9a5	Updated domains with new values vualt Added domains from official vault.bitwarden.com	2020-03-13 20:08:52 +01:00
Samuel Leweke	5d3b765a23	Use opportunistic TLS in SMTP connections If SSL is disabled, the SMTP ClientSecurity of the lettre crate defaults to None, that is, an insecure connection. This is changed to Opportunistic, which uses TLS if available. If TLS is not available, the insecure connection is used (i.e., this change is backward compatible).	2020-03-12 11:40:52 +01:00
Daniel García	70f3ab8ec3	Migrate lazy_static to once_cell, less macro magic and slightly faster	2020-03-09 22:04:03 +01:00
Daniel García	b6612e90ca	Update dependencies	2020-03-09 22:00:59 +01:00
Daniel García	161cccca30	Merge pull request #892 from BlackDex/smtp-test-button Relocated SMTP test input+button.	2020-03-05 00:05:52 +01:00
BlackDex	84dc2eda1f	Changed javascript default argument construction	2020-03-04 15:08:14 +01:00
BlackDex	390d10d656	Relocated SMTP test input+button. - Moved smtp test option to within the "SMTP Email" Settings block. - Added optional option to prevent full page reload. - SMTP Test and Backup do not reload the admin interface any more.	2020-03-04 13:25:38 +01:00
Daniel García	1f775f4414	Merge pull request #888 from zethra/add_cli_args Added command line flags for help and version	2020-03-03 00:12:15 +01:00
zethra	cc404b4edc	Added command line flags for help and version Signed-off-by: zethra <benaagoldberg@gmail.com>	2020-03-02 15:51:57 -05:00
Daniel García	536672ac1b	Delete ISSUE_TEMPLATE.md	2020-03-02 19:58:53 +01:00
Daniel García	e41e7c07db	Update issue templates	2020-03-02 19:58:36 +01:00
Daniel García	f1d3b03c60	Update README.md	2020-03-02 19:37:49 +01:00
Daniel García	2ebff958a4	Merge pull request #879 from BlackDex/smtp-test-button Added SMTP test button in the admin gui	2020-03-01 15:00:20 +01:00
Daniel García	edfdda86ae	Use web vault built by docker autobuild, using the hash to reference the image for extra security	2020-03-01 02:40:18 +01:00
BlackDex	97fb7b5b96	Added urlpath to smtpTest function	2020-02-26 16:58:57 +01:00
BlackDex	f6de144cbb	Merge branch 'smtp-test-button' of github.com:BlackDex/bitwarden_rs into smtp-test-button	2020-02-26 16:56:03 +01:00
BlackDex	5a974c7b94	Added SMTP test button in the admin gui - Added a test button for checking the e-mail settings. - Fixed a bug with the _post JavaScript function: A function was overwriten with a variable and errors were not handled correctly like a 500 for example.	2020-02-26 16:49:56 +01:00
BlackDex	5f61607419	Added SMTP test button in the admin gui - Added a test button for checking the e-mail settings. - Fixed a bug with the _post JavaScript function: A function was overwriten with a variable and errors were not handled correctly like a 500 for example.	2020-02-26 11:02:22 +01:00
BlackDex	7439aeb63e	Make panics logable (as warn) panic!()'s only appear on stderr, this makes tracking down some strange issues harder with the usage of docker since stderr does not get logged into the bitwarden.log file. This change logs the message to stdout and the logfile when activated.	2020-02-25 14:10:52 +01:00
Daniel García	cd8907542a	Make sure the provided domain contains the protocol and show a useful error when it doesn't	2020-02-23 14:55:27 +01:00
Daniel García	8a5450e830	Merge pull request #868 from jjlin/alt-base Add backend support for alternate base dir (subdir/subpath) hosting	2020-02-22 22:06:07 +01:00
Daniel García	ad9f2b2d8e	Removed test urlpath	2020-02-22 19:01:58 +01:00
Daniel García	2f4a9865e1	Use absolute paths in the admin page	2020-02-22 17:49:33 +01:00
Daniel García	0a3008e753	Update web vault used in docker	2020-02-22 16:00:43 +01:00
Jeremy Lin	29a0795219	Add backend support for alternate base dir (subdir/subpath) hosting To use this, include a path in the `DOMAIN` URL, e.g.: * `DOMAIN=https://example.com/custom-path` * `DOMAIN=https://example.com/multiple/levels/are/ok`	2020-02-18 21:27:00 -08:00
Daniel García	63459c5f72	Updated FUNDING as mentioned in #859	2020-02-18 21:48:11 +01:00
Daniel García	916e96b143	Update web vault to fix copy issues	2020-02-18 20:08:21 +01:00
Daniel García	325039c316	Attachment size limits, per-user and per-organization	2020-02-17 22:56:26 +01:00
Daniel García	c5b97f4146	Merge pull request #864 from mprasil/admin-invitation Do not disable invitations via admin API	2020-02-16 22:12:00 +01:00
Miro Prasil	03233429f4	Remove check from Invitation:take() I've checked the spots when `Invitation::new()` and `Invitation::take()` are used and it seems like all spots are already correctly gated. So to enable invitations via admin API even when invitations are otherwise disabled, this check can be removed.	2020-02-16 20:28:50 +00:00
Miroslav Prasil	0a72c4b6db	Do not disable invitations via admin API This was brought up today: https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073 I don't think it makes much sense in checking whether admin has the right to send invitation as admin can change the setting anyway. Removing the condition allows users to forbid regular users from inviting new users to server while still preserving the option to do so via the admin API.	2020-02-16 15:01:07 +00:00
Daniel García	8867626de8	Add option to change invitation org name, fixes #825 Add option to allow additional iframe ancestors, fixes #843 Sort the rocket routes before printing them	2020-02-04 22:14:50 +01:00
Daniel García	f5916ec396	Fix backwards indices	2020-01-30 22:33:50 +01:00
Daniel García	ebb36235a7	Cache icons in the clients	2020-01-30 22:30:57 +01:00
Daniel García	def174a517	Convert email domains to punycode	2020-01-30 22:11:53 +01:00
Daniel García	2798f623d4	Updated rust toolchain version	2020-01-30 22:11:44 +01:00
Daniel García	480ba933fa	Don't error if admin token is empty but disabled	2020-01-30 22:10:50 +01:00
Daniel García	3d1ee9ef62	Use rust-toolchain file to determine version in workflows, disabled mac builds for now	2020-01-29 19:26:06 +01:00
Daniel García	5352321fe1	Merge pull request #831 from mprasil/whitelist-fix SIGNUPS_ALLOWED with no whitelist [fixes #830]	2020-01-29 13:28:07 +01:00
Miro Prasil	c4101162d6	SIGNUPS_ALLOWED with no whitelist [fixes #830 ] This reverts back to `SIGNUPS_ALLOWED` when there is no domain whitelist set. The functionality was broken in `64d6f72`.	2020-01-29 11:32:42 +00:00
Daniel García	632d55265b	Merge pull request #824 from tomuta/fix_change_email Fix change email when no whitelist is configured	2020-01-28 20:52:16 +01:00
tomuta	e277f7d1c1	Fix change email when no whitelist is configured Fixes issue #792	2020-01-26 13:34:56 -07:00
Daniel García	ff7b4a3d38	Update handlebars to 3.0 which included performance improvements. Updated lettre to newer git revision, which should give better error messages now.	2020-01-26 15:29:14 +01:00
Daniel García	d212dfe735	Accept y/n, True/False, 1/0 as booleans in environment vars	2020-01-20 22:28:54 +01:00
Daniel García	84ed185579	Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.	2020-01-19 21:34:13 +01:00
Daniel García	c0ba3406ef	Merge pull request #812 from swedishborgie/postgresql Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL	2020-01-16 16:21:57 +01:00
Michael Powers	e196ba6e86	Switch error handling to ? operator instead of explicit handling.	2020-01-16 08:14:25 -05:00
Michael Powers	76743aee48	Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated. This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.	2020-01-13 21:53:57 -05:00
Daniel García	9ebca99290	Update dependencies	2020-01-10 18:37:16 +01:00
Daniel García	a734ad2d36	Add contributor	2020-01-10 18:36:36 +01:00
Daniel García	baf7d1be4e	Delete old workflow file and disable building binaries on pull requests, as we already have CI for that	2020-01-05 22:46:34 +01:00
Daniel García	31bcd1bf7c	Merge pull request #784 from ypid/docker/use-debian-base Use Debian base image for all steps of the build process	2020-01-05 22:42:43 +01:00
Daniel García	a3b30ed65a	Add missing target armv7 and cross compile envs	2020-01-05 22:41:58 +01:00
Robin Schneider	402c857d17	Add hint to Dockerfile's that they are generated	2020-01-03 22:07:56 +01:00
Robin Schneider	def858854b	Readd missing cargo build for armv7. Thanks to @dani-garcia!	2020-01-03 22:00:45 +01:00
Robin Schneider	f6761ac30e	Remove debugging echo statement from Dockerfiles	2020-01-01 15:17:33 +01:00
Robin Schneider	f8e49ea3f4	Use apt-get instead of apt in Dockerfiles, also --no-install-recommends apt is intended for humans, not scripts. --no-install-recommends improves build time by avoiding to install unneeded packages.	2019-12-31 16:46:08 +01:00
Robin Schneider	f6a4a2127b	Remove duplicate empty lines in generated Dockerfiles Checked with: ```Shell find . -type f -print0 \| xargs -0 pcregrep -M '\n\n\n' ```	2019-12-31 16:33:00 +01:00
Robin Schneider	446fc3f1f8	Set build time options for dpkg and reproducible builds Ref: https://github.com/moby/moby/issues/4032 Ref: https://sweetcode.io/using-docker-reproducible-build-environments/ Ref: https://github.com/hashbang/aosp-build/blob/master/config/container/Dockerfile	2019-12-31 16:33:00 +01:00
Robin Schneider	146525db91	Improve Jinja2 template logic a bit	2019-12-31 16:33:00 +01:00
Robin Schneider	1698b43f9b	Readd missing cargo setup for armv7. Thanks to @dani-garcia!	2019-12-31 16:33:00 +01:00
Robin Schneider	078b21db85	Fix armv6 build, thanks to @dani-garcia for the review!	2019-12-31 16:33:00 +01:00
Robin Schneider	43adcde094	Move `rustup target` before `cargo build`. Thanks to @dani-garcia! Note from @dani-garcia: > I don't think this is doing anything right now because the target is probably > installed already.	2019-12-31 16:32:59 +01:00
Daniel García	7a0bb18dcf	Make `cargo new` independent of workdir to be exact The muslrust images seem to have a workdir of /volume as opposed to / in the others so doing cargo new like this would create the folder in /volume/app.	2019-12-31 16:32:59 +01:00
Robin Schneider	47a5a4e1fc	Fix package name for Ubuntu 16.04 based image. Thanks @dani-garcia!	2019-12-31 16:32:59 +01:00
Robin Schneider	0f0e5876ae	Move `dpkg --add-architecture` before the first apt call Thanks to @dani-garcia for the review!	2019-12-31 16:32:59 +01:00
Robin Schneider	43aa75dc89	Fix cross platform build support, thanks to @dani-garcia for the review	2019-12-31 16:32:59 +01:00
Robin Schneider	8280d200ea	Generate Dockerfiles from one source for maintainability. Closes #785 .	2019-12-28 22:52:20 +01:00
Robin Schneider	f250c54813	WIP: Use Debian base image for all steps of the build process No need to use two different base images. Debian buster is pulled later anyway so we can just use it for the vault stage as well. My reason for this change is partly to avoid redundancy and partly to make it easier to build everything yourself. When all the build environment is based on Debian than you just have to figure out how to build a Debian Docker base image (ref: https://github.com/ypid/docker-makefile).	2019-12-28 14:43:08 +01:00