rename membership and adopt newtype pattern (#5320)

* rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-03-21 00:26:39 +00:00 · 2025-01-09 18:37:23 +01:00
parent 10d12676cf
commit 871a3f214a
51 changed files with 2800 additions and 2114 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -5,6 +5,7 @@
 !.git
 !docker/healthcheck.sh
 !docker/start.sh
+!macros
 !migrations
 !src

--- a/Cargo.lock
+++ b/Cargo.lock
@ -752,6 +752,27 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "derive_more"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05"
+dependencies = [
+ "derive_more-impl",
+]
+
+[[package]]
+name = "derive_more-impl"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "unicode-xid",
+]
+
 [[package]]
 name = "devise"
 version = "0.4.2"
@ -809,6 +830,17 @@ dependencies = [
 "url",
 ]

+[[package]]
+name = "diesel-derive-newtype"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5adf688c584fe33726ce0e2898f608a2a92578ac94a4a92fcecf73214fe0716"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "diesel_derives"
 version = "2.2.3"
@ -2013,6 +2045,14 @@ dependencies = [
 "linked-hash-map",
 ]

+[[package]]
+name = "macros"
+version = "0.1.0"
+dependencies = [
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "match_cfg"
 version = "0.1.0"
@ -4011,7 +4051,9 @@ dependencies = [
 "dashmap",
 "data-encoding",
 "data-url",
+ "derive_more",
 "diesel",
+ "diesel-derive-newtype",
 "diesel_logger",
 "diesel_migrations",
 "dotenvy",
@ -4028,6 +4070,7 @@ dependencies = [
 "lettre",
 "libsqlite3-sys",
 "log",
+ "macros",
 "mimalloc",
 "num-derive",
 "num-traits",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,3 +1,5 @@
+workspace = { members = ["macros"] }
+
 [package]
 name = "vaultwarden"
 version = "1.0.0"
@ -39,6 +41,8 @@ unstable = []
 syslog = "7.0.0"

 [dependencies]
+macros = { path = "./macros" }
+
 # Logging
 log = "0.4.22"
 fern = { version = "0.7.1", features = ["syslog-7", "reopen-1"] }
@ -78,6 +82,9 @@ diesel = { version = "2.2.6", features = ["chrono", "r2d2", "numeric"] }
 diesel_migrations = "2.2.0"
 diesel_logger = { version = "0.4.0", optional = true }

+derive_more = { version = "1.0.0", features = ["from", "into", "as_ref", "deref", "display"] }
+diesel-derive-newtype = "2.1.2"
+
 # Bundled/Static SQLite
 libsqlite3-sys = { version = "0.30.1", features = ["bundled"], optional = true }

--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -76,6 +76,7 @@ RUN source /env-cargo && \

 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
+COPY ./macros ./macros

 ARG CARGO_PROFILE=release

--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -116,6 +116,7 @@ RUN source /env-cargo && \

 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
+COPY ./macros ./macros

 ARG CARGO_PROFILE=release

--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -143,6 +143,7 @@ RUN source /env-cargo && \

 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
+COPY ./macros ./macros

 ARG CARGO_PROFILE=release

--- a/macros/Cargo.toml
+++ b/macros/Cargo.toml
@ -0,0 +1,13 @@
+[package]
+name = "macros"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+name = "macros"
+path = "src/lib.rs"
+proc-macro = true
+
+[dependencies]
+quote = "1.0.38"
+syn = "2.0.94"
--- a/macros/src/lib.rs
+++ b/macros/src/lib.rs
@ -0,0 +1,58 @@
+extern crate proc_macro;
+
+use proc_macro::TokenStream;
+use quote::quote;
+
+#[proc_macro_derive(UuidFromParam)]
+pub fn derive_uuid_from_param(input: TokenStream) -> TokenStream {
+    let ast = syn::parse(input).unwrap();
+
+    impl_derive_uuid_macro(&ast)
+}
+
+fn impl_derive_uuid_macro(ast: &syn::DeriveInput) -> TokenStream {
+    let name = &ast.ident;
+    let gen = quote! {
+        #[automatically_derived]
+        impl<'r> rocket::request::FromParam<'r> for #name {
+            type Error = ();
+
+            #[inline(always)]
+            fn from_param(param: &'r str) -> Result<Self, Self::Error> {
+                if uuid::Uuid::parse_str(param).is_ok() {
+                    Ok(Self(param.to_string()))
+                } else {
+                    Err(())
+                }
+            }
+        }
+    };
+    gen.into()
+}
+
+#[proc_macro_derive(IdFromParam)]
+pub fn derive_id_from_param(input: TokenStream) -> TokenStream {
+    let ast = syn::parse(input).unwrap();
+
+    impl_derive_safestring_macro(&ast)
+}
+
+fn impl_derive_safestring_macro(ast: &syn::DeriveInput) -> TokenStream {
+    let name = &ast.ident;
+    let gen = quote! {
+        #[automatically_derived]
+        impl<'r> rocket::request::FromParam<'r> for #name {
+            type Error = ();
+
+            #[inline(always)]
+            fn from_param(param: &'r str) -> Result<Self, Self::Error> {
+                if param.chars().all(|c| matches!(c, 'a'..='z' | 'A'..='Z' |'0'..='9' | '-')) {
+                    Ok(Self(param.to_string()))
+                } else {
+                    Err(())
+                }
+            }
+        }
+    };
+    gen.into()
+}
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@ -50,7 +50,7 @@ pub fn routes() -> Vec<Route> {
        disable_user,
        enable_user,
        remove_2fa,
-        update_user_org_type,
+        update_membership_type,
        update_revision_users,
        post_config,
        delete_config,
@ -280,8 +280,8 @@ struct InviteData {
    email: String,
 }

-async fn get_user_or_404(uuid: &str, conn: &mut DbConn) -> ApiResult<User> {
-    if let Some(user) = User::find_by_uuid(uuid, conn).await {
+async fn get_user_or_404(user_id: &UserId, conn: &mut DbConn) -> ApiResult<User> {
+    if let Some(user) = User::find_by_uuid(user_id, conn).await {
        Ok(user)
    } else {
        err_code!("User doesn't exist", Status::NotFound.code);
@ -381,29 +381,29 @@ async fn get_user_by_mail_json(mail: &str, _token: AdminToken, mut conn: DbConn)
    }
 }

-#[get("/users/<uuid>")]
-async fn get_user_json(uuid: &str, _token: AdminToken, mut conn: DbConn) -> JsonResult {
-    let u = get_user_or_404(uuid, &mut conn).await?;
+#[get("/users/<user_id>")]
+async fn get_user_json(user_id: UserId, _token: AdminToken, mut conn: DbConn) -> JsonResult {
+    let u = get_user_or_404(&user_id, &mut conn).await?;
    let mut usr = u.to_json(&mut conn).await;
    usr["userEnabled"] = json!(u.enabled);
    usr["createdAt"] = json!(format_naive_datetime_local(&u.created_at, DT_FMT));
    Ok(Json(usr))
 }

-#[post("/users/<uuid>/delete")]
-async fn delete_user(uuid: &str, token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    let user = get_user_or_404(uuid, &mut conn).await?;
+#[post("/users/<user_id>/delete")]
+async fn delete_user(user_id: UserId, token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    let user = get_user_or_404(&user_id, &mut conn).await?;

-    // Get the user_org records before deleting the actual user
-    let user_orgs = UserOrganization::find_any_state_by_user(uuid, &mut conn).await;
+    // Get the membership records before deleting the actual user
+    let memberships = Membership::find_any_state_by_user(&user_id, &mut conn).await;
    let res = user.delete(&mut conn).await;

-    for user_org in user_orgs {
+    for membership in memberships {
        log_event(
            EventType::OrganizationUserRemoved as i32,
-            &user_org.uuid,
-            &user_org.org_uuid,
-            ACTING_ADMIN_USER,
+            &membership.uuid,
+            &membership.org_uuid,
+            &ACTING_ADMIN_USER.into(),
            14, // Use UnknownBrowser type
            &token.ip.ip,
            &mut conn,
@ -414,9 +414,9 @@ async fn delete_user(uuid: &str, token: AdminToken, mut conn: DbConn) -> EmptyRe
    res
 }

-#[post("/users/<uuid>/deauth")]
-async fn deauth_user(uuid: &str, _token: AdminToken, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
-    let mut user = get_user_or_404(uuid, &mut conn).await?;
+#[post("/users/<user_id>/deauth")]
+async fn deauth_user(user_id: UserId, _token: AdminToken, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+    let mut user = get_user_or_404(&user_id, &mut conn).await?;

    nt.send_logout(&user, None).await;

@ -435,9 +435,9 @@ async fn deauth_user(uuid: &str, _token: AdminToken, mut conn: DbConn, nt: Notif
    user.save(&mut conn).await
 }

-#[post("/users/<uuid>/disable")]
-async fn disable_user(uuid: &str, _token: AdminToken, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
-    let mut user = get_user_or_404(uuid, &mut conn).await?;
+#[post("/users/<user_id>/disable")]
+async fn disable_user(user_id: UserId, _token: AdminToken, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+    let mut user = get_user_or_404(&user_id, &mut conn).await?;
    Device::delete_all_by_user(&user.uuid, &mut conn).await?;
    user.reset_security_stamp();
    user.enabled = false;
@ -449,26 +449,26 @@ async fn disable_user(uuid: &str, _token: AdminToken, mut conn: DbConn, nt: Noti
    save_result
 }

-#[post("/users/<uuid>/enable")]
-async fn enable_user(uuid: &str, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    let mut user = get_user_or_404(uuid, &mut conn).await?;
+#[post("/users/<user_id>/enable")]
+async fn enable_user(user_id: UserId, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    let mut user = get_user_or_404(&user_id, &mut conn).await?;
    user.enabled = true;

    user.save(&mut conn).await
 }

-#[post("/users/<uuid>/remove-2fa")]
-async fn remove_2fa(uuid: &str, token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    let mut user = get_user_or_404(uuid, &mut conn).await?;
+#[post("/users/<user_id>/remove-2fa")]
+async fn remove_2fa(user_id: UserId, token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    let mut user = get_user_or_404(&user_id, &mut conn).await?;
    TwoFactor::delete_all_by_user(&user.uuid, &mut conn).await?;
-    two_factor::enforce_2fa_policy(&user, ACTING_ADMIN_USER, 14, &token.ip.ip, &mut conn).await?;
+    two_factor::enforce_2fa_policy(&user, &ACTING_ADMIN_USER.into(), 14, &token.ip.ip, &mut conn).await?;
    user.totp_recover = None;
    user.save(&mut conn).await
 }

-#[post("/users/<uuid>/invite/resend")]
-async fn resend_user_invite(uuid: &str, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    if let Some(user) = User::find_by_uuid(uuid, &mut conn).await {
+#[post("/users/<user_id>/invite/resend")]
+async fn resend_user_invite(user_id: UserId, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    if let Some(user) = User::find_by_uuid(&user_id, &mut conn).await {
        //TODO: replace this with user.status check when it will be available (PR#3397)
        if !user.password_hash.is_empty() {
            err_code!("User already accepted invitation", Status::BadRequest.code);
@ -485,42 +485,41 @@ async fn resend_user_invite(uuid: &str, _token: AdminToken, mut conn: DbConn) ->
 }

 #[derive(Debug, Deserialize)]
-struct UserOrgTypeData {
+struct MembershipTypeData {
    user_type: NumberOrString,
-    user_uuid: String,
-    org_uuid: String,
+    user_uuid: UserId,
+    org_uuid: OrganizationId,
 }

 #[post("/users/org_type", data = "<data>")]
-async fn update_user_org_type(data: Json<UserOrgTypeData>, token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    let data: UserOrgTypeData = data.into_inner();
+async fn update_membership_type(data: Json<MembershipTypeData>, token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    let data: MembershipTypeData = data.into_inner();

-    let Some(mut user_to_edit) =
-        UserOrganization::find_by_user_and_org(&data.user_uuid, &data.org_uuid, &mut conn).await
+    let Some(mut member_to_edit) = Membership::find_by_user_and_org(&data.user_uuid, &data.org_uuid, &mut conn).await
    else {
        err!("The specified user isn't member of the organization")
    };

-    let new_type = match UserOrgType::from_str(&data.user_type.into_string()) {
+    let new_type = match MembershipType::from_str(&data.user_type.into_string()) {
        Some(new_type) => new_type as i32,
        None => err!("Invalid type"),
    };

-    if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner {
+    if member_to_edit.atype == MembershipType::Owner && new_type != MembershipType::Owner {
        // Removing owner permission, check that there is at least one other confirmed owner
-        if UserOrganization::count_confirmed_by_org_and_type(&data.org_uuid, UserOrgType::Owner, &mut conn).await <= 1 {
+        if Membership::count_confirmed_by_org_and_type(&data.org_uuid, MembershipType::Owner, &mut conn).await <= 1 {
            err!("Can't change the type of the last owner")
        }
    }

-    // This check is also done at api::organizations::{accept_invite(), _confirm_invite, _activate_user(), edit_user()}, update_user_org_type
+    // This check is also done at api::organizations::{accept_invite, _confirm_invite, _activate_member, edit_member}, update_membership_type
    // It returns different error messages per function.
-    if new_type < UserOrgType::Admin {
-        match OrgPolicy::is_user_allowed(&user_to_edit.user_uuid, &user_to_edit.org_uuid, true, &mut conn).await {
+    if new_type < MembershipType::Admin {
+        match OrgPolicy::is_user_allowed(&member_to_edit.user_uuid, &member_to_edit.org_uuid, true, &mut conn).await {
            Ok(_) => {}
            Err(OrgPolicyErr::TwoFactorMissing) => {
                if CONFIG.email_2fa_auto_fallback() {
-                    two_factor::email::find_and_activate_email_2fa(&user_to_edit.user_uuid, &mut conn).await?;
+                    two_factor::email::find_and_activate_email_2fa(&member_to_edit.user_uuid, &mut conn).await?;
                } else {
                    err!("You cannot modify this user to this type because they have not setup 2FA");
                }
@ -533,17 +532,17 @@ async fn update_user_org_type(data: Json<UserOrgTypeData>, token: AdminToken, mu

    log_event(
        EventType::OrganizationUserUpdated as i32,
-        &user_to_edit.uuid,
+        &member_to_edit.uuid,
        &data.org_uuid,
-        ACTING_ADMIN_USER,
+        &ACTING_ADMIN_USER.into(),
        14, // Use UnknownBrowser type
        &token.ip.ip,
        &mut conn,
    )
    .await;

-    user_to_edit.atype = new_type;
-    user_to_edit.save(&mut conn).await
+    member_to_edit.atype = new_type;
+    member_to_edit.save(&mut conn).await
 }

 #[post("/users/update_revision")]
@ -557,7 +556,7 @@ async fn organizations_overview(_token: AdminToken, mut conn: DbConn) -> ApiResu
    let mut organizations_json = Vec::with_capacity(organizations.len());
    for o in organizations {
        let mut org = o.to_json();
-        org["user_count"] = json!(UserOrganization::count_by_org(&o.uuid, &mut conn).await);
+        org["user_count"] = json!(Membership::count_by_org(&o.uuid, &mut conn).await);
        org["cipher_count"] = json!(Cipher::count_by_org(&o.uuid, &mut conn).await);
        org["collection_count"] = json!(Collection::count_by_org(&o.uuid, &mut conn).await);
        org["group_count"] = json!(Group::count_by_org(&o.uuid, &mut conn).await);
@ -571,9 +570,9 @@ async fn organizations_overview(_token: AdminToken, mut conn: DbConn) -> ApiResu
    Ok(Html(text))
 }

-#[post("/organizations/<uuid>/delete")]
-async fn delete_organization(uuid: &str, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
-    let org = Organization::find_by_uuid(uuid, &mut conn).await.map_res("Organization doesn't exist")?;
+#[post("/organizations/<org_id>/delete")]
+async fn delete_organization(org_id: OrganizationId, _token: AdminToken, mut conn: DbConn) -> EmptyResult {
+    let org = Organization::find_by_uuid(&org_id, &mut conn).await.map_res("Organization doesn't exist")?;
    org.delete(&mut conn).await
 }

--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
--- a/src/api/core/emergency_access.rs
+++ b/src/api/core/emergency_access.rs
@ -93,10 +93,10 @@ async fn get_grantees(headers: Headers, mut conn: DbConn) -> Json<Value> {
 }

 #[get("/emergency-access/<emer_id>")]
-async fn get_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn get_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

-    match EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await {
+    match EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await {
        Some(emergency_access) => Ok(Json(
            emergency_access.to_json_grantee_details(&mut conn).await.expect("Grantee user should exist but does not!"),
        )),
@ -118,7 +118,7 @@ struct EmergencyAccessUpdateData {

 #[put("/emergency-access/<emer_id>", data = "<data>")]
 async fn put_emergency_access(
-    emer_id: &str,
+    emer_id: EmergencyAccessId,
    data: Json<EmergencyAccessUpdateData>,
    headers: Headers,
    conn: DbConn,
@ -128,7 +128,7 @@ async fn put_emergency_access(

 #[post("/emergency-access/<emer_id>", data = "<data>")]
 async fn post_emergency_access(
-    emer_id: &str,
+    emer_id: EmergencyAccessId,
    data: Json<EmergencyAccessUpdateData>,
    headers: Headers,
    mut conn: DbConn,
@ -138,7 +138,7 @@ async fn post_emergency_access(
    let data: EmergencyAccessUpdateData = data.into_inner();

    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -163,12 +163,12 @@ async fn post_emergency_access(
 // region delete

 #[delete("/emergency-access/<emer_id>")]
-async fn delete_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> EmptyResult {
+async fn delete_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> EmptyResult {
    check_emergency_access_enabled()?;

    let emergency_access = match (
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await,
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &headers.user.uuid, &mut conn).await,
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await,
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &headers.user.uuid, &mut conn).await,
    ) {
        (Some(grantor_emer), None) => {
            info!("Grantor deleted emergency access {emer_id}");
@ -186,7 +186,7 @@ async fn delete_emergency_access(emer_id: &str, headers: Headers, mut conn: DbCo
 }

 #[post("/emergency-access/<emer_id>/delete")]
-async fn post_delete_emergency_access(emer_id: &str, headers: Headers, conn: DbConn) -> EmptyResult {
+async fn post_delete_emergency_access(emer_id: EmergencyAccessId, headers: Headers, conn: DbConn) -> EmptyResult {
    delete_emergency_access(emer_id, headers, conn).await
 }

@ -266,8 +266,8 @@ async fn send_invite(data: Json<EmergencyAccessInviteData>, headers: Headers, mu
    if CONFIG.mail_enabled() {
        mail::send_emergency_access_invite(
            &new_emergency_access.email.expect("Grantee email does not exists"),
-            &grantee_user.uuid,
-            &new_emergency_access.uuid,
+            grantee_user.uuid,
+            new_emergency_access.uuid,
            &grantor_user.name,
            &grantor_user.email,
        )
@ -281,11 +281,11 @@ async fn send_invite(data: Json<EmergencyAccessInviteData>, headers: Headers, mu
 }

 #[post("/emergency-access/<emer_id>/reinvite")]
-async fn resend_invite(emer_id: &str, headers: Headers, mut conn: DbConn) -> EmptyResult {
+async fn resend_invite(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> EmptyResult {
    check_emergency_access_enabled()?;

    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -307,8 +307,8 @@ async fn resend_invite(emer_id: &str, headers: Headers, mut conn: DbConn) -> Emp
    if CONFIG.mail_enabled() {
        mail::send_emergency_access_invite(
            &email,
-            &grantor_user.uuid,
-            &emergency_access.uuid,
+            grantor_user.uuid,
+            emergency_access.uuid,
            &grantor_user.name,
            &grantor_user.email,
        )
@ -331,7 +331,12 @@ struct AcceptData {
 }

 #[post("/emergency-access/<emer_id>/accept", data = "<data>")]
-async fn accept_invite(emer_id: &str, data: Json<AcceptData>, headers: Headers, mut conn: DbConn) -> EmptyResult {
+async fn accept_invite(
+    emer_id: EmergencyAccessId,
+    data: Json<AcceptData>,
+    headers: Headers,
+    mut conn: DbConn,
+) -> EmptyResult {
    check_emergency_access_enabled()?;

    let data: AcceptData = data.into_inner();
@ -355,7 +360,7 @@ async fn accept_invite(emer_id: &str, data: Json<AcceptData>, headers: Headers,
    // We need to search for the uuid in combination with the email, since we do not yet store the uuid of the grantee in the database.
    // The uuid of the grantee gets stored once accepted.
    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_email(emer_id, &headers.user.email, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_email(&emer_id, &headers.user.email, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -389,7 +394,7 @@ struct ConfirmData {

 #[post("/emergency-access/<emer_id>/confirm", data = "<data>")]
 async fn confirm_emergency_access(
-    emer_id: &str,
+    emer_id: EmergencyAccessId,
    data: Json<ConfirmData>,
    headers: Headers,
    mut conn: DbConn,
@ -401,7 +406,7 @@ async fn confirm_emergency_access(
    let key = data.key;

    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &confirming_user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &confirming_user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -441,12 +446,12 @@ async fn confirm_emergency_access(
 // region access emergency access

 #[post("/emergency-access/<emer_id>/initiate")]
-async fn initiate_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn initiate_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

    let initiating_user = headers.user;
    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &initiating_user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &initiating_user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -479,11 +484,11 @@ async fn initiate_emergency_access(emer_id: &str, headers: Headers, mut conn: Db
 }

 #[post("/emergency-access/<emer_id>/approve")]
-async fn approve_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn approve_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -514,11 +519,11 @@ async fn approve_emergency_access(emer_id: &str, headers: Headers, mut conn: DbC
 }

 #[post("/emergency-access/<emer_id>/reject")]
-async fn reject_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn reject_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

    let Some(mut emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantor_uuid(emer_id, &headers.user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantor_uuid(&emer_id, &headers.user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -551,11 +556,11 @@ async fn reject_emergency_access(emer_id: &str, headers: Headers, mut conn: DbCo
 // region action

 #[post("/emergency-access/<emer_id>/view")]
-async fn view_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn view_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

    let Some(emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &headers.user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &headers.user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -589,12 +594,12 @@ async fn view_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn
 }

 #[post("/emergency-access/<emer_id>/takeover")]
-async fn takeover_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn takeover_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    check_emergency_access_enabled()?;

    let requesting_user = headers.user;
    let Some(emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &requesting_user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &requesting_user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -628,7 +633,7 @@ struct EmergencyAccessPasswordData {

 #[post("/emergency-access/<emer_id>/password", data = "<data>")]
 async fn password_emergency_access(
-    emer_id: &str,
+    emer_id: EmergencyAccessId,
    data: Json<EmergencyAccessPasswordData>,
    headers: Headers,
    mut conn: DbConn,
@ -641,7 +646,7 @@ async fn password_emergency_access(

    let requesting_user = headers.user;
    let Some(emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &requesting_user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &requesting_user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -662,9 +667,9 @@ async fn password_emergency_access(
    TwoFactor::delete_all_by_user(&grantor_user.uuid, &mut conn).await?;

    // Remove grantor from all organisations unless Owner
-    for user_org in UserOrganization::find_any_state_by_user(&grantor_user.uuid, &mut conn).await {
-        if user_org.atype != UserOrgType::Owner as i32 {
-            user_org.delete(&mut conn).await?;
+    for member in Membership::find_any_state_by_user(&grantor_user.uuid, &mut conn).await {
+        if member.atype != MembershipType::Owner as i32 {
+            member.delete(&mut conn).await?;
        }
    }
    Ok(())
@ -673,10 +678,10 @@ async fn password_emergency_access(
 // endregion

 #[get("/emergency-access/<emer_id>/policies")]
-async fn policies_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
+async fn policies_emergency_access(emer_id: EmergencyAccessId, headers: Headers, mut conn: DbConn) -> JsonResult {
    let requesting_user = headers.user;
    let Some(emergency_access) =
-        EmergencyAccess::find_by_uuid_and_grantee_uuid(emer_id, &requesting_user.uuid, &mut conn).await
+        EmergencyAccess::find_by_uuid_and_grantee_uuid(&emer_id, &requesting_user.uuid, &mut conn).await
    else {
        err!("Emergency access not valid.")
    };
@ -701,11 +706,11 @@ async fn policies_emergency_access(emer_id: &str, headers: Headers, mut conn: Db

 fn is_valid_request(
    emergency_access: &EmergencyAccess,
-    requesting_user_uuid: &str,
+    requesting_user_id: &UserId,
    requested_access_type: EmergencyAccessType,
 ) -> bool {
    emergency_access.grantee_uuid.is_some()
-        && emergency_access.grantee_uuid.as_ref().unwrap() == requesting_user_uuid
+        && emergency_access.grantee_uuid.as_ref().unwrap() == requesting_user_id
        && emergency_access.status == EmergencyAccessStatus::RecoveryApproved as i32
        && emergency_access.atype == requested_access_type as i32
 }
--- a/src/api/core/events.rs
+++ b/src/api/core/events.rs
--- a/src/api/core/folders.rs
+++ b/src/api/core/folders.rs
@ -23,9 +23,9 @@ async fn get_folders(headers: Headers, mut conn: DbConn) -> Json<Value> {
    }))
 }

-#[get("/folders/<uuid>")]
-async fn get_folder(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
-    match Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await {
+#[get("/folders/<folder_id>")]
+async fn get_folder(folder_id: FolderId, headers: Headers, mut conn: DbConn) -> JsonResult {
+    match Folder::find_by_uuid_and_user(&folder_id, &headers.user.uuid, &mut conn).await {
        Some(folder) => Ok(Json(folder.to_json())),
        _ => err!("Invalid folder", "Folder does not exist or belongs to another user"),
    }
@ -35,7 +35,7 @@ async fn get_folder(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResul
 #[serde(rename_all = "camelCase")]
 pub struct FolderData {
    pub name: String,
-    pub id: Option<String>,
+    pub id: Option<FolderId>,
 }

 #[post("/folders", data = "<data>")]
@ -50,14 +50,20 @@ async fn post_folders(data: Json<FolderData>, headers: Headers, mut conn: DbConn
    Ok(Json(folder.to_json()))
 }

-#[post("/folders/<uuid>", data = "<data>")]
-async fn post_folder(uuid: &str, data: Json<FolderData>, headers: Headers, conn: DbConn, nt: Notify<'_>) -> JsonResult {
-    put_folder(uuid, data, headers, conn, nt).await
+#[post("/folders/<folder_id>", data = "<data>")]
+async fn post_folder(
+    folder_id: FolderId,
+    data: Json<FolderData>,
+    headers: Headers,
+    conn: DbConn,
+    nt: Notify<'_>,
+) -> JsonResult {
+    put_folder(folder_id, data, headers, conn, nt).await
 }

-#[put("/folders/<uuid>", data = "<data>")]
+#[put("/folders/<folder_id>", data = "<data>")]
 async fn put_folder(
-    uuid: &str,
+    folder_id: FolderId,
    data: Json<FolderData>,
    headers: Headers,
    mut conn: DbConn,
@ -65,7 +71,7 @@ async fn put_folder(
 ) -> JsonResult {
    let data: FolderData = data.into_inner();

-    let Some(mut folder) = Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+    let Some(mut folder) = Folder::find_by_uuid_and_user(&folder_id, &headers.user.uuid, &mut conn).await else {
        err!("Invalid folder", "Folder does not exist or belongs to another user")
    };

@ -77,14 +83,14 @@ async fn put_folder(
    Ok(Json(folder.to_json()))
 }

-#[post("/folders/<uuid>/delete")]
-async fn delete_folder_post(uuid: &str, headers: Headers, conn: DbConn, nt: Notify<'_>) -> EmptyResult {
-    delete_folder(uuid, headers, conn, nt).await
+#[post("/folders/<folder_id>/delete")]
+async fn delete_folder_post(folder_id: FolderId, headers: Headers, conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+    delete_folder(folder_id, headers, conn, nt).await
 }

-#[delete("/folders/<uuid>")]
-async fn delete_folder(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
-    let Some(folder) = Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+#[delete("/folders/<folder_id>")]
+async fn delete_folder(folder_id: FolderId, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+    let Some(folder) = Folder::find_by_uuid_and_user(&folder_id, &headers.user.uuid, &mut conn).await else {
        err!("Invalid folder", "Folder does not exist or belongs to another user")
    };

--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
--- a/src/api/core/public.rs
+++ b/src/api/core/public.rs
@ -55,38 +55,33 @@ async fn ldap_import(data: Json<OrgImportData>, token: PublicToken, mut conn: Db
        let mut user_created: bool = false;
        if user_data.deleted {
            // If user is marked for deletion and it exists, revoke it
-            if let Some(mut user_org) =
-                UserOrganization::find_by_email_and_org(&user_data.email, &org_id, &mut conn).await
-            {
+            if let Some(mut member) = Membership::find_by_email_and_org(&user_data.email, &org_id, &mut conn).await {
                // Only revoke a user if it is not the last confirmed owner
-                let revoked = if user_org.atype == UserOrgType::Owner
-                    && user_org.status == UserOrgStatus::Confirmed as i32
+                let revoked = if member.atype == MembershipType::Owner
+                    && member.status == MembershipStatus::Confirmed as i32
                {
-                    if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &mut conn).await
-                        <= 1
+                    if Membership::count_confirmed_by_org_and_type(&org_id, MembershipType::Owner, &mut conn).await <= 1
                    {
                        warn!("Can't revoke the last owner");
                        false
                    } else {
-                        user_org.revoke()
+                        member.revoke()
                    }
                } else {
-                    user_org.revoke()
+                    member.revoke()
                };

-                let ext_modified = user_org.set_external_id(Some(user_data.external_id.clone()));
+                let ext_modified = member.set_external_id(Some(user_data.external_id.clone()));
                if revoked || ext_modified {
-                    user_org.save(&mut conn).await?;
+                    member.save(&mut conn).await?;
                }
            }
        // If user is part of the organization, restore it
-        } else if let Some(mut user_org) =
-            UserOrganization::find_by_email_and_org(&user_data.email, &org_id, &mut conn).await
-        {
-            let restored = user_org.restore();
-            let ext_modified = user_org.set_external_id(Some(user_data.external_id.clone()));
+        } else if let Some(mut member) = Membership::find_by_email_and_org(&user_data.email, &org_id, &mut conn).await {
+            let restored = member.restore();
+            let ext_modified = member.set_external_id(Some(user_data.external_id.clone()));
            if restored || ext_modified {
-                user_org.save(&mut conn).await?;
+                member.save(&mut conn).await?;
            }
        } else {
            // If user is not part of the organization
@ -104,17 +99,17 @@ async fn ldap_import(data: Json<OrgImportData>, token: PublicToken, mut conn: Db
                    new_user
                }
            };
-            let user_org_status = if CONFIG.mail_enabled() || user.password_hash.is_empty() {
-                UserOrgStatus::Invited as i32
+            let member_status = if CONFIG.mail_enabled() || user.password_hash.is_empty() {
+                MembershipStatus::Invited as i32
            } else {
-                UserOrgStatus::Accepted as i32 // Automatically mark user as accepted if no email invites
+                MembershipStatus::Accepted as i32 // Automatically mark user as accepted if no email invites
            };

-            let mut new_member = UserOrganization::new(user.uuid.clone(), org_id.clone());
+            let mut new_member = Membership::new(user.uuid.clone(), org_id.clone());
            new_member.set_external_id(Some(user_data.external_id.clone()));
            new_member.access_all = false;
-            new_member.atype = UserOrgType::User as i32;
-            new_member.status = user_org_status;
+            new_member.atype = MembershipType::User as i32;
+            new_member.status = member_status;

            new_member.save(&mut conn).await?;

@ -166,9 +161,8 @@ async fn ldap_import(data: Json<OrgImportData>, token: PublicToken, mut conn: Db
            GroupUser::delete_all_by_group(&group_uuid, &mut conn).await?;

            for ext_id in &group_data.member_external_ids {
-                if let Some(user_org) = UserOrganization::find_by_external_id_and_org(ext_id, &org_id, &mut conn).await
-                {
-                    let mut group_user = GroupUser::new(group_uuid.clone(), user_org.uuid.clone());
+                if let Some(member) = Membership::find_by_external_id_and_org(ext_id, &org_id, &mut conn).await {
+                    let mut group_user = GroupUser::new(group_uuid.clone(), member.uuid.clone());
                    group_user.save(&mut conn).await?;
                }
            }
@ -181,20 +175,19 @@ async fn ldap_import(data: Json<OrgImportData>, token: PublicToken, mut conn: Db
    if data.overwrite_existing {
        // Generate a HashSet to quickly verify if a member is listed or not.
        let sync_members: HashSet<String> = data.members.into_iter().map(|m| m.external_id).collect();
-        for user_org in UserOrganization::find_by_org(&org_id, &mut conn).await {
-            if let Some(ref user_external_id) = user_org.external_id {
+        for member in Membership::find_by_org(&org_id, &mut conn).await {
+            if let Some(ref user_external_id) = member.external_id {
                if !sync_members.contains(user_external_id) {
-                    if user_org.atype == UserOrgType::Owner && user_org.status == UserOrgStatus::Confirmed as i32 {
+                    if member.atype == MembershipType::Owner && member.status == MembershipStatus::Confirmed as i32 {
                        // Removing owner, check that there is at least one other confirmed owner
-                        if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &mut conn)
-                            .await
+                        if Membership::count_confirmed_by_org_and_type(&org_id, MembershipType::Owner, &mut conn).await
                            <= 1
                        {
                            warn!("Can't delete the last owner");
                            continue;
                        }
                    }
-                    user_org.delete(&mut conn).await?;
+                    member.delete(&mut conn).await?;
                }
            }
        }
@ -203,7 +196,7 @@ async fn ldap_import(data: Json<OrgImportData>, token: PublicToken, mut conn: Db
    Ok(())
 }

-pub struct PublicToken(String);
+pub struct PublicToken(OrganizationId);

 #[rocket::async_trait]
 impl<'r> FromRequest<'r> for PublicToken {
@ -243,10 +236,11 @@ impl<'r> FromRequest<'r> for PublicToken {
            Outcome::Success(conn) => conn,
            _ => err_handler!("Error getting DB"),
        };
-        let Some(org_uuid) = claims.client_id.strip_prefix("organization.") else {
+        let Some(org_id) = claims.client_id.strip_prefix("organization.") else {
            err_handler!("Malformed client_id")
        };
-        let Some(org_api_key) = OrganizationApiKey::find_by_org_uuid(org_uuid, &conn).await else {
+        let org_id: OrganizationId = org_id.to_string().into();
+        let Some(org_api_key) = OrganizationApiKey::find_by_org_uuid(&org_id, &conn).await else {
            err_handler!("Invalid client_id")
        };
        if org_api_key.org_uuid != claims.client_sub {
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@ -12,7 +12,7 @@ use crate::{
    api::{ApiResult, EmptyResult, JsonResult, Notify, UpdateType},
    auth::{ClientIp, Headers, Host},
    db::{models::*, DbConn, DbPool},
-    util::{NumberOrString, SafeString},
+    util::NumberOrString,
    CONFIG,
 };

@ -67,7 +67,7 @@ pub struct SendData {
    file_length: Option<NumberOrString>,

    // Used for key rotations
-    pub id: Option<String>,
+    pub id: Option<SendId>,
 }

 /// Enforces the `Disable Send` policy. A non-owner/admin user belonging to
@ -79,9 +79,9 @@ pub struct SendData {
 /// There is also a Vaultwarden-specific `sends_allowed` config setting that
 /// controls this policy globally.
 async fn enforce_disable_send_policy(headers: &Headers, conn: &mut DbConn) -> EmptyResult {
-    let user_uuid = &headers.user.uuid;
+    let user_id = &headers.user.uuid;
    if !CONFIG.sends_allowed()
-        || OrgPolicy::is_applicable_to_user(user_uuid, OrgPolicyType::DisableSend, None, conn).await
+        || OrgPolicy::is_applicable_to_user(user_id, OrgPolicyType::DisableSend, None, conn).await
    {
        err!("Due to an Enterprise Policy, you are only able to delete an existing Send.")
    }
@ -95,9 +95,9 @@ async fn enforce_disable_send_policy(headers: &Headers, conn: &mut DbConn) -> Em
 ///
 /// Ref: https://bitwarden.com/help/article/policies/#send-options
 async fn enforce_disable_hide_email_policy(data: &SendData, headers: &Headers, conn: &mut DbConn) -> EmptyResult {
-    let user_uuid = &headers.user.uuid;
+    let user_id = &headers.user.uuid;
    let hide_email = data.hide_email.unwrap_or(false);
-    if hide_email && OrgPolicy::is_hide_email_disabled(user_uuid, conn).await {
+    if hide_email && OrgPolicy::is_hide_email_disabled(user_id, conn).await {
        err!(
            "Due to an Enterprise Policy, you are not allowed to hide your email address \
              from recipients when creating or editing a Send."
@ -106,7 +106,7 @@ async fn enforce_disable_hide_email_policy(data: &SendData, headers: &Headers, c
    Ok(())
 }

-fn create_send(data: SendData, user_uuid: String) -> ApiResult<Send> {
+fn create_send(data: SendData, user_id: UserId) -> ApiResult<Send> {
    let data_val = if data.r#type == SendType::Text as i32 {
        data.text
    } else if data.r#type == SendType::File as i32 {
@ -129,7 +129,7 @@ fn create_send(data: SendData, user_uuid: String) -> ApiResult<Send> {
    }

    let mut send = Send::new(data.r#type, data.name, data_str, data.key, data.deletion_date.naive_utc());
-    send.user_uuid = Some(user_uuid);
+    send.user_uuid = Some(user_id);
    send.notes = data.notes;
    send.max_access_count = match data.max_access_count {
        Some(m) => Some(m.into_i32()?),
@ -157,11 +157,11 @@ async fn get_sends(headers: Headers, mut conn: DbConn) -> Json<Value> {
    }))
 }

-#[get("/sends/<uuid>")]
-async fn get_send(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
-    match Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await {
+#[get("/sends/<send_id>")]
+async fn get_send(send_id: SendId, headers: Headers, mut conn: DbConn) -> JsonResult {
+    match Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await {
        Some(send) => Ok(Json(send.to_json())),
-        None => err!("Send not found", "Invalid uuid or does not belong to user"),
+        None => err!("Send not found", "Invalid send uuid or does not belong to user"),
    }
 }

@ -249,7 +249,7 @@ async fn post_send_file(data: Form<UploadData<'_>>, headers: Headers, mut conn:
        err!("Send content is not a file");
    }

-    let file_id = crate::crypto::generate_send_id();
+    let file_id = crate::crypto::generate_send_file_id();
    let folder_path = tokio::fs::canonicalize(&CONFIG.sends_folder()).await?.join(&send.uuid);
    let file_path = folder_path.join(&file_id);
    tokio::fs::create_dir_all(&folder_path).await?;
@ -324,7 +324,7 @@ async fn post_send_file_v2(data: Json<SendData>, headers: Headers, mut conn: DbC

    let mut send = create_send(data, headers.user.uuid)?;

-    let file_id = crate::crypto::generate_send_id();
+    let file_id = crate::crypto::generate_send_file_id();

    let mut data_value: Value = serde_json::from_str(&send.data)?;
    if let Some(o) = data_value.as_object_mut() {
@ -346,16 +346,16 @@ async fn post_send_file_v2(data: Json<SendData>, headers: Headers, mut conn: DbC
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
 pub struct SendFileData {
-    id: String,
+    id: SendFileId,
    size: u64,
    fileName: String,
 }

 // https://github.com/bitwarden/server/blob/66f95d1c443490b653e5a15d32977e2f5a3f9e32/src/Api/Tools/Controllers/SendsController.cs#L250
-#[post("/sends/<send_uuid>/file/<file_id>", format = "multipart/form-data", data = "<data>")]
+#[post("/sends/<send_id>/file/<file_id>", format = "multipart/form-data", data = "<data>")]
 async fn post_send_file_v2_data(
-    send_uuid: &str,
-    file_id: &str,
+    send_id: SendId,
+    file_id: SendFileId,
    data: Form<UploadDataV2<'_>>,
    headers: Headers,
    mut conn: DbConn,
@ -365,8 +365,8 @@ async fn post_send_file_v2_data(

    let mut data = data.into_inner();

-    let Some(send) = Send::find_by_uuid_and_user(send_uuid, &headers.user.uuid, &mut conn).await else {
-        err!("Send not found. Unable to save the file.", "Invalid uuid or does not belong to user.")
+    let Some(send) = Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await else {
+        err!("Send not found. Unable to save the file.", "Invalid send uuid or does not belong to user.")
    };

    if send.atype != SendType::File as i32 {
@ -402,7 +402,7 @@ async fn post_send_file_v2_data(
        err!("Send file size does not match.", format!("Expected a file size of {} got {size}", send_data.size));
    }

-    let folder_path = tokio::fs::canonicalize(&CONFIG.sends_folder()).await?.join(send_uuid);
+    let folder_path = tokio::fs::canonicalize(&CONFIG.sends_folder()).await?.join(send_id);
    let file_path = folder_path.join(file_id);

    // Check if the file already exists, if that is the case do not overwrite it
@ -485,7 +485,7 @@ async fn post_access(
        UpdateType::SyncSendUpdate,
        &send,
        &send.update_users_revision(&mut conn).await,
-        &String::from("00000000-0000-0000-0000-000000000000"),
+        &String::from("00000000-0000-0000-0000-000000000000").into(),
        &mut conn,
    )
    .await;
@ -495,14 +495,14 @@ async fn post_access(

 #[post("/sends/<send_id>/access/file/<file_id>", data = "<data>")]
 async fn post_access_file(
-    send_id: &str,
-    file_id: &str,
+    send_id: SendId,
+    file_id: SendFileId,
    data: Json<SendAccessData>,
    host: Host,
    mut conn: DbConn,
    nt: Notify<'_>,
 ) -> JsonResult {
-    let Some(mut send) = Send::find_by_uuid(send_id, &mut conn).await else {
+    let Some(mut send) = Send::find_by_uuid(&send_id, &mut conn).await else {
        err_code!(SEND_INACCESSIBLE_MSG, 404)
    };

@ -542,12 +542,12 @@ async fn post_access_file(
        UpdateType::SyncSendUpdate,
        &send,
        &send.update_users_revision(&mut conn).await,
-        &String::from("00000000-0000-0000-0000-000000000000"),
+        &String::from("00000000-0000-0000-0000-000000000000").into(),
        &mut conn,
    )
    .await;

-    let token_claims = crate::auth::generate_send_claims(send_id, file_id);
+    let token_claims = crate::auth::generate_send_claims(&send_id, &file_id);
    let token = crate::auth::encode_jwt(&token_claims);
    Ok(Json(json!({
        "object": "send-fileDownload",
@ -557,7 +557,7 @@ async fn post_access_file(
 }

 #[get("/sends/<send_id>/<file_id>?<t>")]
-async fn download_send(send_id: SafeString, file_id: SafeString, t: &str) -> Option<NamedFile> {
+async fn download_send(send_id: SendId, file_id: SendFileId, t: &str) -> Option<NamedFile> {
    if let Ok(claims) = crate::auth::decode_send(t) {
        if claims.sub == format!("{send_id}/{file_id}") {
            return NamedFile::open(Path::new(&CONFIG.sends_folder()).join(send_id).join(file_id)).await.ok();
@ -566,15 +566,21 @@ async fn download_send(send_id: SafeString, file_id: SafeString, t: &str) -> Opt
    None
 }

-#[put("/sends/<uuid>", data = "<data>")]
-async fn put_send(uuid: &str, data: Json<SendData>, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
+#[put("/sends/<send_id>", data = "<data>")]
+async fn put_send(
+    send_id: SendId,
+    data: Json<SendData>,
+    headers: Headers,
+    mut conn: DbConn,
+    nt: Notify<'_>,
+) -> JsonResult {
    enforce_disable_send_policy(&headers, &mut conn).await?;

    let data: SendData = data.into_inner();
    enforce_disable_hide_email_policy(&data, &headers, &mut conn).await?;

-    let Some(mut send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
-        err!("Send not found", "Send uuid is invalid or does not belong to user")
+    let Some(mut send) = Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await else {
+        err!("Send not found", "Send send_id is invalid or does not belong to user")
    };

    update_send_from_data(&mut send, data, &headers, &mut conn, &nt, UpdateType::SyncSendUpdate).await?;
@ -640,9 +646,9 @@ pub async fn update_send_from_data(
    Ok(())
 }

-#[delete("/sends/<uuid>")]
-async fn delete_send(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
-    let Some(send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+#[delete("/sends/<send_id>")]
+async fn delete_send(send_id: SendId, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+    let Some(send) = Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await else {
        err!("Send not found", "Invalid send uuid, or does not belong to user")
    };

@ -659,11 +665,11 @@ async fn delete_send(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<
    Ok(())
 }

-#[put("/sends/<uuid>/remove-password")]
-async fn put_remove_password(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
+#[put("/sends/<send_id>/remove-password")]
+async fn put_remove_password(send_id: SendId, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
    enforce_disable_send_policy(&headers, &mut conn).await?;

-    let Some(mut send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+    let Some(mut send) = Send::find_by_uuid_and_user(&send_id, &headers.user.uuid, &mut conn).await else {
        err!("Send not found", "Invalid send uuid, or does not belong to user")
    };

--- a/src/api/core/two_factor/authenticator.rs
+++ b/src/api/core/two_factor/authenticator.rs
@ -7,7 +7,7 @@ use crate::{
    auth::{ClientIp, Headers},
    crypto,
    db::{
-        models::{EventType, TwoFactor, TwoFactorType},
+        models::{EventType, TwoFactor, TwoFactorType, UserId},
        DbConn,
    },
    util::NumberOrString,
@ -95,7 +95,7 @@ async fn activate_authenticator_put(data: Json<EnableAuthenticatorData>, headers
 }

 pub async fn validate_totp_code_str(
-    user_uuid: &str,
+    user_id: &UserId,
    totp_code: &str,
    secret: &str,
    ip: &ClientIp,
@ -105,11 +105,11 @@ pub async fn validate_totp_code_str(
        err!("TOTP code is not a number");
    }

-    validate_totp_code(user_uuid, totp_code, secret, ip, conn).await
+    validate_totp_code(user_id, totp_code, secret, ip, conn).await
 }

 pub async fn validate_totp_code(
-    user_uuid: &str,
+    user_id: &UserId,
    totp_code: &str,
    secret: &str,
    ip: &ClientIp,
@ -121,11 +121,11 @@ pub async fn validate_totp_code(
        err!("Invalid TOTP secret")
    };

-    let mut twofactor =
-        match TwoFactor::find_by_user_and_type(user_uuid, TwoFactorType::Authenticator as i32, conn).await {
-            Some(tf) => tf,
-            _ => TwoFactor::new(user_uuid.to_string(), TwoFactorType::Authenticator, secret.to_string()),
-        };
+    let mut twofactor = match TwoFactor::find_by_user_and_type(user_id, TwoFactorType::Authenticator as i32, conn).await
+    {
+        Some(tf) => tf,
+        _ => TwoFactor::new(user_id.clone(), TwoFactorType::Authenticator, secret.to_string()),
+    };

    // The amount of steps back and forward in time
    // Also check if we need to disable time drifted TOTP codes.
--- a/src/api/core/two_factor/duo.rs
+++ b/src/api/core/two_factor/duo.rs
@ -11,7 +11,7 @@ use crate::{
    auth::Headers,
    crypto,
    db::{
-        models::{EventType, TwoFactor, TwoFactorType, User},
+        models::{EventType, TwoFactor, TwoFactorType, User, UserId},
        DbConn,
    },
    error::MapResult,
@ -228,11 +228,11 @@ const AUTH_PREFIX: &str = "AUTH";
 const DUO_PREFIX: &str = "TX";
 const APP_PREFIX: &str = "APP";

-async fn get_user_duo_data(uuid: &str, conn: &mut DbConn) -> DuoStatus {
+async fn get_user_duo_data(user_id: &UserId, conn: &mut DbConn) -> DuoStatus {
    let type_ = TwoFactorType::Duo as i32;

    // If the user doesn't have an entry, disabled
-    let Some(twofactor) = TwoFactor::find_by_user_and_type(uuid, type_, conn).await else {
+    let Some(twofactor) = TwoFactor::find_by_user_and_type(user_id, type_, conn).await else {
        return DuoStatus::Disabled(DuoData::global().is_some());
    };

--- a/src/api/core/two_factor/duo_oidc.rs
+++ b/src/api/core/two_factor/duo_oidc.rs
@ -10,7 +10,7 @@ use crate::{
    api::{core::two_factor::duo::get_duo_keys_email, EmptyResult},
    crypto,
    db::{
-        models::{EventType, TwoFactorDuoContext},
+        models::{DeviceId, EventType, TwoFactorDuoContext},
        DbConn, DbPool,
    },
    error::Error,
@ -379,7 +379,7 @@ fn make_callback_url(client_name: &str) -> Result<String, Error> {
 pub async fn get_duo_auth_url(
    email: &str,
    client_id: &str,
-    device_identifier: &String,
+    device_identifier: &DeviceId,
    conn: &mut DbConn,
 ) -> Result<String, Error> {
    let (ik, sk, _, host) = get_duo_keys_email(email, conn).await?;
@ -417,7 +417,7 @@ pub async fn validate_duo_login(
    email: &str,
    two_factor_token: &str,
    client_id: &str,
-    device_identifier: &str,
+    device_identifier: &DeviceId,
    conn: &mut DbConn,
 ) -> EmptyResult {
    // Result supplied to us by clients in the form "<authz code>|<state>"
--- a/src/api/core/two_factor/email.rs
+++ b/src/api/core/two_factor/email.rs
@ -10,7 +10,7 @@ use crate::{
    auth::Headers,
    crypto,
    db::{
-        models::{EventType, TwoFactor, TwoFactorType, User},
+        models::{EventType, TwoFactor, TwoFactorType, User, UserId},
        DbConn,
    },
    error::{Error, MapResult},
@ -59,10 +59,9 @@ async fn send_email_login(data: Json<SendEmailLoginData>, mut conn: DbConn) -> E
 }

 /// Generate the token, save the data for later verification and send email to user
-pub async fn send_token(user_uuid: &str, conn: &mut DbConn) -> EmptyResult {
+pub async fn send_token(user_id: &UserId, conn: &mut DbConn) -> EmptyResult {
    let type_ = TwoFactorType::Email as i32;
-    let mut twofactor =
-        TwoFactor::find_by_user_and_type(user_uuid, type_, conn).await.map_res("Two factor not found")?;
+    let mut twofactor = TwoFactor::find_by_user_and_type(user_id, type_, conn).await.map_res("Two factor not found")?;

    let generated_token = crypto::generate_email_token(CONFIG.email_token_size());

@ -198,9 +197,9 @@ async fn email(data: Json<EmailData>, headers: Headers, mut conn: DbConn) -> Jso
 }

 /// Validate the email code when used as TwoFactor token mechanism
-pub async fn validate_email_code_str(user_uuid: &str, token: &str, data: &str, conn: &mut DbConn) -> EmptyResult {
+pub async fn validate_email_code_str(user_id: &UserId, token: &str, data: &str, conn: &mut DbConn) -> EmptyResult {
    let mut email_data = EmailTokenData::from_json(data)?;
-    let mut twofactor = TwoFactor::find_by_user_and_type(user_uuid, TwoFactorType::Email as i32, conn)
+    let mut twofactor = TwoFactor::find_by_user_and_type(user_id, TwoFactorType::Email as i32, conn)
        .await
        .map_res("Two factor not found")?;
    let Some(issued_token) = &email_data.last_token else {
@ -327,8 +326,8 @@ pub fn obscure_email(email: &str) -> String {
    format!("{}@{}", new_name, &domain)
 }

-pub async fn find_and_activate_email_2fa(user_uuid: &str, conn: &mut DbConn) -> EmptyResult {
-    if let Some(user) = User::find_by_uuid(user_uuid, conn).await {
+pub async fn find_and_activate_email_2fa(user_id: &UserId, conn: &mut DbConn) -> EmptyResult {
+    if let Some(user) = User::find_by_uuid(user_id, conn).await {
        activate_email_2fa(&user, conn).await
    } else {
        err!("User not found!");
--- a/src/api/core/two_factor/mod.rs
+++ b/src/api/core/two_factor/mod.rs
@ -173,17 +173,16 @@ async fn disable_twofactor_put(data: Json<DisableTwoFactorData>, headers: Header

 pub async fn enforce_2fa_policy(
    user: &User,
-    act_uuid: &str,
+    act_user_id: &UserId,
    device_type: i32,
    ip: &std::net::IpAddr,
    conn: &mut DbConn,
 ) -> EmptyResult {
-    for member in UserOrganization::find_by_user_and_policy(&user.uuid, OrgPolicyType::TwoFactorAuthentication, conn)
-        .await
-        .into_iter()
+    for member in
+        Membership::find_by_user_and_policy(&user.uuid, OrgPolicyType::TwoFactorAuthentication, conn).await.into_iter()
    {
        // Policy only applies to non-Owner/non-Admin members who have accepted joining the org
-        if member.atype < UserOrgType::Admin {
+        if member.atype < MembershipType::Admin {
            if CONFIG.mail_enabled() {
                let org = Organization::find_by_uuid(&member.org_uuid, conn).await.unwrap();
                mail::send_2fa_removed_from_org(&user.email, &org.name).await?;
@ -196,7 +195,7 @@ pub async fn enforce_2fa_policy(
                EventType::OrganizationUserRevoked as i32,
                &member.uuid,
                &member.org_uuid,
-                act_uuid,
+                act_user_id,
                device_type,
                ip,
                conn,
@ -209,16 +208,16 @@ pub async fn enforce_2fa_policy(
 }

 pub async fn enforce_2fa_policy_for_org(
-    org_uuid: &str,
-    act_uuid: &str,
+    org_id: &OrganizationId,
+    act_user_id: &UserId,
    device_type: i32,
    ip: &std::net::IpAddr,
    conn: &mut DbConn,
 ) -> EmptyResult {
-    let org = Organization::find_by_uuid(org_uuid, conn).await.unwrap();
-    for member in UserOrganization::find_confirmed_by_org(org_uuid, conn).await.into_iter() {
+    let org = Organization::find_by_uuid(org_id, conn).await.unwrap();
+    for member in Membership::find_confirmed_by_org(org_id, conn).await.into_iter() {
        // Don't enforce the policy for Admins and Owners.
-        if member.atype < UserOrgType::Admin && TwoFactor::find_by_user(&member.user_uuid, conn).await.is_empty() {
+        if member.atype < MembershipType::Admin && TwoFactor::find_by_user(&member.user_uuid, conn).await.is_empty() {
            if CONFIG.mail_enabled() {
                let user = User::find_by_uuid(&member.user_uuid, conn).await.unwrap();
                mail::send_2fa_removed_from_org(&user.email, &org.name).await?;
@ -230,8 +229,8 @@ pub async fn enforce_2fa_policy_for_org(
            log_event(
                EventType::OrganizationUserRevoked as i32,
                &member.uuid,
-                org_uuid,
-                act_uuid,
+                org_id,
+                act_user_id,
                device_type,
                ip,
                conn,
--- a/src/api/core/two_factor/protected_actions.rs
+++ b/src/api/core/two_factor/protected_actions.rs
@ -6,7 +6,7 @@ use crate::{
    auth::Headers,
    crypto,
    db::{
-        models::{TwoFactor, TwoFactorType},
+        models::{TwoFactor, TwoFactorType, UserId},
        DbConn,
    },
    error::{Error, MapResult},
@ -104,11 +104,11 @@ async fn verify_otp(data: Json<ProtectedActionVerify>, headers: Headers, mut con

 pub async fn validate_protected_action_otp(
    otp: &str,
-    user_uuid: &str,
+    user_id: &UserId,
    delete_if_valid: bool,
    conn: &mut DbConn,
 ) -> EmptyResult {
-    let pa = TwoFactor::find_by_user_and_type(user_uuid, TwoFactorType::ProtectedActions as i32, conn)
+    let pa = TwoFactor::find_by_user_and_type(user_id, TwoFactorType::ProtectedActions as i32, conn)
        .await
        .map_res("Protected action token not found, try sending the code again or restart the process")?;
    let mut pa_data = ProtectedActionData::from_json(&pa.data)?;
--- a/src/api/core/two_factor/webauthn.rs
+++ b/src/api/core/two_factor/webauthn.rs
@ -11,7 +11,7 @@ use crate::{
    },
    auth::Headers,
    db::{
-        models::{EventType, TwoFactor, TwoFactorType},
+        models::{EventType, TwoFactor, TwoFactorType, UserId},
        DbConn,
    },
    error::Error,
@ -148,7 +148,7 @@ async fn generate_webauthn_challenge(data: Json<PasswordOrOtpData>, headers: Hea
    )?;

    let type_ = TwoFactorType::WebauthnRegisterChallenge;
-    TwoFactor::new(user.uuid, type_, serde_json::to_string(&state)?).save(&mut conn).await?;
+    TwoFactor::new(user.uuid.clone(), type_, serde_json::to_string(&state)?).save(&mut conn).await?;

    let mut challenge_value = serde_json::to_value(challenge.public_key)?;
    challenge_value["status"] = "ok".into();
@ -352,20 +352,20 @@ async fn delete_webauthn(data: Json<DeleteU2FData>, headers: Headers, mut conn:
 }

 pub async fn get_webauthn_registrations(
-    user_uuid: &str,
+    user_id: &UserId,
    conn: &mut DbConn,
 ) -> Result<(bool, Vec<WebauthnRegistration>), Error> {
    let type_ = TwoFactorType::Webauthn as i32;
-    match TwoFactor::find_by_user_and_type(user_uuid, type_, conn).await {
+    match TwoFactor::find_by_user_and_type(user_id, type_, conn).await {
        Some(tf) => Ok((tf.enabled, serde_json::from_str(&tf.data)?)),
        None => Ok((false, Vec::new())), // If no data, return empty list
    }
 }

-pub async fn generate_webauthn_login(user_uuid: &str, conn: &mut DbConn) -> JsonResult {
+pub async fn generate_webauthn_login(user_id: &UserId, conn: &mut DbConn) -> JsonResult {
    // Load saved credentials
    let creds: Vec<Credential> =
-        get_webauthn_registrations(user_uuid, conn).await?.1.into_iter().map(|r| r.credential).collect();
+        get_webauthn_registrations(user_id, conn).await?.1.into_iter().map(|r| r.credential).collect();

    if creds.is_empty() {
        err!("No Webauthn devices registered")
@ -376,7 +376,7 @@ pub async fn generate_webauthn_login(user_uuid: &str, conn: &mut DbConn) -> Json
    let (response, state) = WebauthnConfig::load().generate_challenge_authenticate_options(creds, Some(ext))?;

    // Save the challenge state for later validation
-    TwoFactor::new(user_uuid.into(), TwoFactorType::WebauthnLoginChallenge, serde_json::to_string(&state)?)
+    TwoFactor::new(user_id.clone(), TwoFactorType::WebauthnLoginChallenge, serde_json::to_string(&state)?)
        .save(conn)
        .await?;

@ -384,9 +384,9 @@ pub async fn generate_webauthn_login(user_uuid: &str, conn: &mut DbConn) -> Json
    Ok(Json(serde_json::to_value(response.public_key)?))
 }

-pub async fn validate_webauthn_login(user_uuid: &str, response: &str, conn: &mut DbConn) -> EmptyResult {
+pub async fn validate_webauthn_login(user_id: &UserId, response: &str, conn: &mut DbConn) -> EmptyResult {
    let type_ = TwoFactorType::WebauthnLoginChallenge as i32;
-    let state = match TwoFactor::find_by_user_and_type(user_uuid, type_, conn).await {
+    let state = match TwoFactor::find_by_user_and_type(user_id, type_, conn).await {
        Some(tf) => {
            let state: AuthenticationState = serde_json::from_str(&tf.data)?;
            tf.delete(conn).await?;
@ -403,7 +403,7 @@ pub async fn validate_webauthn_login(user_uuid: &str, response: &str, conn: &mut
    let rsp: PublicKeyCredentialCopy = serde_json::from_str(response)?;
    let rsp: PublicKeyCredential = rsp.into();

-    let mut registrations = get_webauthn_registrations(user_uuid, conn).await?.1;
+    let mut registrations = get_webauthn_registrations(user_id, conn).await?.1;

    // If the credential we received is migrated from U2F, enable the U2F compatibility
    //let use_u2f = registrations.iter().any(|r| r.migrated && r.credential.cred_id == rsp.raw_id.0);
@ -413,7 +413,7 @@ pub async fn validate_webauthn_login(user_uuid: &str, response: &str, conn: &mut
        if &reg.credential.cred_id == cred_id {
            reg.credential.counter = auth_data.counter;

-            TwoFactor::new(user_uuid.to_string(), TwoFactorType::Webauthn, serde_json::to_string(&registrations)?)
+            TwoFactor::new(user_id.clone(), TwoFactorType::Webauthn, serde_json::to_string(&registrations)?)
                .save(conn)
                .await?;
            return Ok(());
--- a/src/api/core/two_factor/yubikey.rs
+++ b/src/api/core/two_factor/yubikey.rs
@ -92,10 +92,10 @@ async fn generate_yubikey(data: Json<PasswordOrOtpData>, headers: Headers, mut c

    data.validate(&user, false, &mut conn).await?;

-    let user_uuid = &user.uuid;
+    let user_id = &user.uuid;
    let yubikey_type = TwoFactorType::YubiKey as i32;

-    let r = TwoFactor::find_by_user_and_type(user_uuid, yubikey_type, &mut conn).await;
+    let r = TwoFactor::find_by_user_and_type(user_id, yubikey_type, &mut conn).await;

    if let Some(r) = r {
        let yubikey_metadata: YubikeyMetadata = serde_json::from_str(&r.data)?;
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -31,7 +31,7 @@ pub fn routes() -> Vec<Route> {
 async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn: DbConn) -> JsonResult {
    let data: ConnectData = data.into_inner();

-    let mut user_uuid: Option<String> = None;
+    let mut user_id: Option<UserId> = None;

    let login_result = match data.grant_type.as_ref() {
        "refresh_token" => {
@ -48,7 +48,7 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
            _check_is_some(&data.device_name, "device_name cannot be blank")?;
            _check_is_some(&data.device_type, "device_type cannot be blank")?;

-            _password_login(data, &mut user_uuid, &mut conn, &client_header.ip).await
+            _password_login(data, &mut user_id, &mut conn, &client_header.ip).await
        }
        "client_credentials" => {
            _check_is_some(&data.client_id, "client_id cannot be blank")?;
@ -59,17 +59,17 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
            _check_is_some(&data.device_name, "device_name cannot be blank")?;
            _check_is_some(&data.device_type, "device_type cannot be blank")?;

-            _api_key_login(data, &mut user_uuid, &mut conn, &client_header.ip).await
+            _api_key_login(data, &mut user_id, &mut conn, &client_header.ip).await
        }
        t => err!("Invalid type", t),
    };

-    if let Some(user_uuid) = user_uuid {
+    if let Some(user_id) = user_id {
        match &login_result {
            Ok(_) => {
                log_user_event(
                    EventType::UserLoggedIn as i32,
-                    &user_uuid,
+                    &user_id,
                    client_header.device_type,
                    &client_header.ip.ip,
                    &mut conn,
@ -80,7 +80,7 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
                if let Some(ev) = e.get_event() {
                    log_user_event(
                        ev.event as i32,
-                        &user_uuid,
+                        &user_id,
                        client_header.device_type,
                        &client_header.ip.ip,
                        &mut conn,
@ -111,7 +111,7 @@ async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult {
    // Because this might get used in the future, and is add by the Bitwarden Server, lets keep it, but then commented out
    // See: https://github.com/dani-garcia/vaultwarden/issues/4156
    // ---
-    // let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, conn).await;
+    // let members = Membership::find_confirmed_by_user(&user.uuid, conn).await;
    let (access_token, expires_in) = device.refresh_tokens(&user, scope_vec);
    device.save(conn).await?;

@ -141,7 +141,7 @@ struct MasterPasswordPolicy {

 async fn _password_login(
    data: ConnectData,
-    user_uuid: &mut Option<String>,
+    user_id: &mut Option<UserId>,
    conn: &mut DbConn,
    ip: &ClientIp,
 ) -> JsonResult {
@ -161,8 +161,8 @@ async fn _password_login(
        err!("Username or password is incorrect. Try again", format!("IP: {}. Username: {}.", ip.ip, username))
    };

-    // Set the user_uuid here to be passed back used for event logging.
-    *user_uuid = Some(user.uuid.clone());
+    // Set the user_id here to be passed back used for event logging.
+    *user_id = Some(user.uuid.clone());

    // Check if the user is disabled
    if !user.enabled {
@ -178,9 +178,8 @@ async fn _password_login(
    let password = data.password.as_ref().unwrap();

    // If we get an auth request, we don't check the user's password, but the access code of the auth request
-    if let Some(ref auth_request_uuid) = data.auth_request {
-        let Some(auth_request) = AuthRequest::find_by_uuid_and_user(auth_request_uuid.as_str(), &user.uuid, conn).await
-        else {
+    if let Some(ref auth_request_id) = data.auth_request {
+        let Some(auth_request) = AuthRequest::find_by_uuid_and_user(auth_request_id, &user.uuid, conn).await else {
            err!(
                "Auth request not found. Try again.",
                format!("IP: {}. Username: {}.", ip.ip, username),
@ -291,7 +290,7 @@ async fn _password_login(
    // Because this might get used in the future, and is add by the Bitwarden Server, lets keep it, but then commented out
    // See: https://github.com/dani-garcia/vaultwarden/issues/4156
    // ---
-    // let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, conn).await;
+    // let members = Membership::find_confirmed_by_user(&user.uuid, conn).await;
    let (access_token, expires_in) = device.refresh_tokens(&user, scope_vec);
    device.save(conn).await?;

@ -359,7 +358,7 @@ async fn _password_login(

 async fn _api_key_login(
    data: ConnectData,
-    user_uuid: &mut Option<String>,
+    user_id: &mut Option<UserId>,
    conn: &mut DbConn,
    ip: &ClientIp,
 ) -> JsonResult {
@ -368,7 +367,7 @@ async fn _api_key_login(

    // Validate scope
    match data.scope.as_ref().unwrap().as_ref() {
-        "api" => _user_api_key_login(data, user_uuid, conn, ip).await,
+        "api" => _user_api_key_login(data, user_id, conn, ip).await,
        "api.organization" => _organization_api_key_login(data, conn, ip).await,
        _ => err!("Scope not supported"),
    }
@ -376,21 +375,22 @@ async fn _api_key_login(

 async fn _user_api_key_login(
    data: ConnectData,
-    user_uuid: &mut Option<String>,
+    user_id: &mut Option<UserId>,
    conn: &mut DbConn,
    ip: &ClientIp,
 ) -> JsonResult {
    // Get the user via the client_id
    let client_id = data.client_id.as_ref().unwrap();
-    let Some(client_user_uuid) = client_id.strip_prefix("user.") else {
+    let Some(client_user_id) = client_id.strip_prefix("user.") else {
        err!("Malformed client_id", format!("IP: {}.", ip.ip))
    };
-    let Some(user) = User::find_by_uuid(client_user_uuid, conn).await else {
+    let client_user_id: UserId = client_user_id.into();
+    let Some(user) = User::find_by_uuid(&client_user_id, conn).await else {
        err!("Invalid client_id", format!("IP: {}.", ip.ip))
    };

-    // Set the user_uuid here to be passed back used for event logging.
-    *user_uuid = Some(user.uuid.clone());
+    // Set the user_id here to be passed back used for event logging.
+    *user_id = Some(user.uuid.clone());

    // Check if the user is disabled
    if !user.enabled {
@ -440,7 +440,7 @@ async fn _user_api_key_login(
    // Because this might get used in the future, and is add by the Bitwarden Server, lets keep it, but then commented out
    // See: https://github.com/dani-garcia/vaultwarden/issues/4156
    // ---
-    // let orgs = UserOrganization::find_confirmed_by_user(&user.uuid, conn).await;
+    // let members = Membership::find_confirmed_by_user(&user.uuid, conn).await;
    let (access_token, expires_in) = device.refresh_tokens(&user, scope_vec);
    device.save(conn).await?;

@ -469,10 +469,11 @@ async fn _user_api_key_login(
 async fn _organization_api_key_login(data: ConnectData, conn: &mut DbConn, ip: &ClientIp) -> JsonResult {
    // Get the org via the client_id
    let client_id = data.client_id.as_ref().unwrap();
-    let Some(org_uuid) = client_id.strip_prefix("organization.") else {
+    let Some(org_id) = client_id.strip_prefix("organization.") else {
        err!("Malformed client_id", format!("IP: {}.", ip.ip))
    };
-    let Some(org_api_key) = OrganizationApiKey::find_by_org_uuid(org_uuid, conn).await else {
+    let org_id: OrganizationId = org_id.to_string().into();
+    let Some(org_api_key) = OrganizationApiKey::find_by_org_uuid(&org_id, conn).await else {
        err!("Invalid client_id", format!("IP: {}.", ip.ip))
    };

@ -614,7 +615,7 @@ fn _selected_data(tf: Option<TwoFactor>) -> ApiResult<String> {

 async fn _json_err_twofactor(
    providers: &[i32],
-    user_uuid: &str,
+    user_id: &UserId,
    data: &ConnectData,
    conn: &mut DbConn,
 ) -> ApiResult<Value> {
@ -635,12 +636,12 @@ async fn _json_err_twofactor(
            Some(TwoFactorType::Authenticator) => { /* Nothing to do for TOTP */ }

            Some(TwoFactorType::Webauthn) if CONFIG.domain_set() => {
-                let request = webauthn::generate_webauthn_login(user_uuid, conn).await?;
+                let request = webauthn::generate_webauthn_login(user_id, conn).await?;
                result["TwoFactorProviders2"][provider.to_string()] = request.0;
            }

            Some(TwoFactorType::Duo) => {
-                let email = match User::find_by_uuid(user_uuid, conn).await {
+                let email = match User::find_by_uuid(user_id, conn).await {
                    Some(u) => u.email,
                    None => err!("User does not exist"),
                };
@ -672,7 +673,7 @@ async fn _json_err_twofactor(
            }

            Some(tf_type @ TwoFactorType::YubiKey) => {
-                let Some(twofactor) = TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn).await else {
+                let Some(twofactor) = TwoFactor::find_by_user_and_type(user_id, tf_type as i32, conn).await else {
                    err!("No YubiKey devices registered")
                };

@ -684,13 +685,13 @@ async fn _json_err_twofactor(
            }

            Some(tf_type @ TwoFactorType::Email) => {
-                let Some(twofactor) = TwoFactor::find_by_user_and_type(user_uuid, tf_type as i32, conn).await else {
+                let Some(twofactor) = TwoFactor::find_by_user_and_type(user_id, tf_type as i32, conn).await else {
                    err!("No twofactor email registered")
                };

                // Send email immediately if email is the only 2FA option
                if providers.len() == 1 {
-                    email::send_token(user_uuid, conn).await?
+                    email::send_token(user_id, conn).await?
                }

                let email_data = email::EmailTokenData::from_json(&twofactor.data)?;
@ -745,7 +746,7 @@ struct ConnectData {

    #[field(name = uncased("device_identifier"))]
    #[field(name = uncased("deviceidentifier"))]
-    device_identifier: Option<String>,
+    device_identifier: Option<DeviceId>,
    #[field(name = uncased("device_name"))]
    #[field(name = uncased("devicename"))]
    device_name: Option<String>,
@ -768,7 +769,7 @@ struct ConnectData {
    #[field(name = uncased("twofactorremember"))]
    two_factor_remember: Option<i32>,
    #[field(name = uncased("authrequest"))]
-    auth_request: Option<String>,
+    auth_request: Option<AuthRequestId>,
 }

 fn _check_is_some<T>(value: &Option<T>, msg: &str) -> EmptyResult {
--- a/src/api/notifications.rs
+++ b/src/api/notifications.rs
--- a/src/api/push.rs
+++ b/src/api/push.rs
@ -7,7 +7,7 @@ use tokio::sync::RwLock;

 use crate::{
    api::{ApiResult, EmptyResult, UpdateType},
-    db::models::{Cipher, Device, Folder, Send, User},
+    db::models::{Cipher, Device, DeviceId, Folder, Send, User, UserId},
    http_client::make_http_request,
    util::format_date,
    CONFIG,
@ -126,15 +126,15 @@ pub async fn register_push_device(device: &mut Device, conn: &mut crate::db::DbC
    Ok(())
 }

-pub async fn unregister_push_device(push_uuid: Option<String>) -> EmptyResult {
-    if !CONFIG.push_enabled() || push_uuid.is_none() {
+pub async fn unregister_push_device(push_id: Option<String>) -> EmptyResult {
+    if !CONFIG.push_enabled() || push_id.is_none() {
        return Ok(());
    }
    let auth_push_token = get_auth_push_token().await?;

    let auth_header = format!("Bearer {}", &auth_push_token);

-    match make_http_request(Method::DELETE, &(CONFIG.push_relay_uri() + "/push/" + &push_uuid.unwrap()))?
+    match make_http_request(Method::DELETE, &(CONFIG.push_relay_uri() + "/push/" + &push_id.unwrap()))?
        .header(AUTHORIZATION, auth_header)
        .send()
        .await
@ -148,24 +148,24 @@ pub async fn unregister_push_device(push_uuid: Option<String>) -> EmptyResult {
 pub async fn push_cipher_update(
    ut: UpdateType,
    cipher: &Cipher,
-    acting_device_uuid: &String,
+    acting_device_id: &DeviceId,
    conn: &mut crate::db::DbConn,
 ) {
    // We shouldn't send a push notification on cipher update if the cipher belongs to an organization, this isn't implemented in the upstream server too.
    if cipher.organization_uuid.is_some() {
        return;
    };
-    let Some(user_uuid) = &cipher.user_uuid else {
+    let Some(user_id) = &cipher.user_uuid else {
        debug!("Cipher has no uuid");
        return;
    };

-    if Device::check_user_has_push_device(user_uuid, conn).await {
+    if Device::check_user_has_push_device(user_id, conn).await {
        send_to_push_relay(json!({
-            "userId": user_uuid,
+            "userId": user_id,
            "organizationId": (),
-            "deviceId": acting_device_uuid,
-            "identifier": acting_device_uuid,
+            "deviceId": acting_device_id,
+            "identifier": acting_device_id,
            "type": ut as i32,
            "payload": {
                "Id": cipher.uuid,
@ -178,14 +178,14 @@ pub async fn push_cipher_update(
    }
 }

-pub fn push_logout(user: &User, acting_device_uuid: Option<String>) {
-    let acting_device_uuid: Value = acting_device_uuid.map(|v| v.into()).unwrap_or_else(|| Value::Null);
+pub fn push_logout(user: &User, acting_device_id: Option<DeviceId>) {
+    let acting_device_id: Value = acting_device_id.map(|v| v.to_string().into()).unwrap_or_else(|| Value::Null);

    tokio::task::spawn(send_to_push_relay(json!({
        "userId": user.uuid,
        "organizationId": (),
-        "deviceId": acting_device_uuid,
-        "identifier": acting_device_uuid,
+        "deviceId": acting_device_id,
+        "identifier": acting_device_id,
        "type": UpdateType::LogOut as i32,
        "payload": {
            "UserId": user.uuid,
@ -211,15 +211,15 @@ pub fn push_user_update(ut: UpdateType, user: &User) {
 pub async fn push_folder_update(
    ut: UpdateType,
    folder: &Folder,
-    acting_device_uuid: &String,
+    acting_device_id: &DeviceId,
    conn: &mut crate::db::DbConn,
 ) {
    if Device::check_user_has_push_device(&folder.user_uuid, conn).await {
        tokio::task::spawn(send_to_push_relay(json!({
            "userId": folder.user_uuid,
            "organizationId": (),
-            "deviceId": acting_device_uuid,
-            "identifier": acting_device_uuid,
+            "deviceId": acting_device_id,
+            "identifier": acting_device_id,
            "type": ut as i32,
            "payload": {
                "Id": folder.uuid,
@ -230,14 +230,14 @@ pub async fn push_folder_update(
    }
 }

-pub async fn push_send_update(ut: UpdateType, send: &Send, acting_device_uuid: &String, conn: &mut crate::db::DbConn) {
+pub async fn push_send_update(ut: UpdateType, send: &Send, acting_device_id: &DeviceId, conn: &mut crate::db::DbConn) {
    if let Some(s) = &send.user_uuid {
        if Device::check_user_has_push_device(s, conn).await {
            tokio::task::spawn(send_to_push_relay(json!({
                "userId": send.user_uuid,
                "organizationId": (),
-                "deviceId": acting_device_uuid,
-                "identifier": acting_device_uuid,
+                "deviceId": acting_device_id,
+                "identifier": acting_device_id,
                "type": ut as i32,
                "payload": {
                    "Id": send.uuid,
@ -284,38 +284,38 @@ async fn send_to_push_relay(notification_data: Value) {
    };
 }

-pub async fn push_auth_request(user_uuid: String, auth_request_uuid: String, conn: &mut crate::db::DbConn) {
-    if Device::check_user_has_push_device(user_uuid.as_str(), conn).await {
+pub async fn push_auth_request(user_id: UserId, auth_request_id: String, conn: &mut crate::db::DbConn) {
+    if Device::check_user_has_push_device(&user_id, conn).await {
        tokio::task::spawn(send_to_push_relay(json!({
-            "userId": user_uuid,
+            "userId": user_id,
            "organizationId": (),
            "deviceId": null,
            "identifier": null,
            "type": UpdateType::AuthRequest as i32,
            "payload": {
-                "Id": auth_request_uuid,
-                "UserId": user_uuid,
+                "Id": auth_request_id,
+                "UserId": user_id,
            }
        })));
    }
 }

 pub async fn push_auth_response(
-    user_uuid: String,
-    auth_request_uuid: String,
-    approving_device_uuid: String,
+    user_id: UserId,
+    auth_request_id: String,
+    approving_device_id: DeviceId,
    conn: &mut crate::db::DbConn,
 ) {
-    if Device::check_user_has_push_device(user_uuid.as_str(), conn).await {
+    if Device::check_user_has_push_device(&user_id, conn).await {
        tokio::task::spawn(send_to_push_relay(json!({
-            "userId": user_uuid,
+            "userId": user_id,
            "organizationId": (),
-            "deviceId": approving_device_uuid,
-            "identifier": approving_device_uuid,
+            "deviceId": approving_device_id,
+            "identifier": approving_device_id,
            "type": UpdateType::AuthRequestResponse as i32,
            "payload": {
-                "Id": auth_request_uuid,
-                "UserId": user_uuid,
+                "Id": auth_request_id,
+                "UserId": user_id,
            }
        })));
    }
--- a/src/api/web.rs
+++ b/src/api/web.rs
@ -12,8 +12,9 @@ use serde_json::Value;
 use crate::{
    api::{core::now, ApiResult, EmptyResult},
    auth::decode_file_download,
+    db::models::{AttachmentId, CipherId},
    error::Error,
-    util::{Cached, SafeString},
+    util::Cached,
    CONFIG,
 };

@ -158,16 +159,16 @@ async fn web_files(p: PathBuf) -> Cached<Option<NamedFile>> {
    Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).await.ok(), true)
 }

-#[get("/attachments/<uuid>/<file_id>?<token>")]
-async fn attachments(uuid: SafeString, file_id: SafeString, token: String) -> Option<NamedFile> {
+#[get("/attachments/<cipher_id>/<file_id>?<token>")]
+async fn attachments(cipher_id: CipherId, file_id: AttachmentId, token: String) -> Option<NamedFile> {
    let Ok(claims) = decode_file_download(&token) else {
        return None;
    };
-    if claims.sub != *uuid || claims.file_id != *file_id {
+    if claims.sub != cipher_id || claims.file_id != file_id {
        return None;
    }

-    NamedFile::open(Path::new(&CONFIG.attachments_folder()).join(uuid).join(file_id)).await.ok()
+    NamedFile::open(Path::new(&CONFIG.attachments_folder()).join(cipher_id.as_ref()).join(file_id.as_ref())).await.ok()
 }

 // We use DbConn here to let the alive healthcheck also verify the database connection.
--- a/src/auth.rs
+++ b/src/auth.rs
--- a/Show More
+++ b/Show More