Merge de632facc8 into a2ad1dc7c3

.env.template

@@ -63,6 +63,12 @@
 ## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
+## When using CockroachDB, specify in the same way you would with PostgreSQL
+## with protocol either "cockroachdb" or "cockroach"
+## Details:
+## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html
+## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
+# DATABASE_URL=cockroachdb://user:password@host[:port]/database_name
 
 ## Enable WAL for the DB
 ## Set to false to avoid enabling WAL during startup.
@@ -99,6 +105,7 @@
 ## - SQLite: "PRAGMA busy_timeout = 5000; PRAGMA synchronous = NORMAL;"
 ## - MySQL: ""
 ## - PostgreSQL: ""
+## - CockroachDB: ""
 # DATABASE_CONN_INIT=""
 
 #################

.envrc

@@ -0,0 +1,2 @@
+use flake . --show-trace
+dotenv_if_exists .env

.github/workflows/build.yml

@@ -77,8 +77,6 @@ jobs:
           fi
           echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
       # End Determine rust-toolchain version
-
-
       # Only install the clippy and rustfmt components on the default rust-toolchain
       - name: "Install rust-toolchain version"
         uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master @ Aug 23, 2025, 3:20 AM GMT+2
@@ -88,7 +86,6 @@ jobs:
           components: clippy, rustfmt
       # End Uses the rust-toolchain file to determine version
 
-
       # Install the any other channel to be used for which we do not execute clippy and rustfmt
       - name: "Install MSRV version"
         uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master @ Aug 23, 2025, 3:20 AM GMT+2
@@ -113,7 +110,6 @@ jobs:
           rustc -vV
           cargo -vV
       # End Show environment
-
       # Enable Rust Caching
       - name: Rust Caching
         uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
@@ -126,23 +122,23 @@ jobs:
 
       # Run cargo tests
       # First test all features together, afterwards test them separately.
-      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc,query_logger"
-        id: test_sqlite_mysql_postgresql_mimalloc_logger
+      - name: "test features: sqlite,mysql,postgresql,cockroachdb,enable_mimalloc,query_logger"
+        id: test_sqlite_mysql_postgresql_cockroachdb_mimalloc_logger
         if: ${{ !cancelled() }}
         run: |
-          cargo test --features sqlite,mysql,postgresql,enable_mimalloc,query_logger
+          cargo test --features sqlite,mysql,postgresql,cockroachdb,enable_mimalloc,query_logger
 
-      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
-        id: test_sqlite_mysql_postgresql_mimalloc
+      - name: "test features: sqlite,mysql,postgresql,cockroachdb,enable_mimalloc"
+        id: test_sqlite_mysql_postgresql_cockroachdb_mimalloc
         if: ${{ !cancelled() }}
         run: |
-          cargo test --features sqlite,mysql,postgresql,enable_mimalloc
+          cargo test --features sqlite,mysql,postgresql,cockroachdb,enable_mimalloc
 
       - name: "test features: sqlite,mysql,postgresql"
-        id: test_sqlite_mysql_postgresql
+        id: test_sqlite_mysql_postgresql_cockroachdb
         if: ${{ !cancelled() }}
         run: |
-          cargo test --features sqlite,mysql,postgresql
+          cargo test --features sqlite,mysql,postgresql,cockroachdb
 
       - name: "test features: sqlite"
         id: test_sqlite
@@ -161,18 +157,20 @@ jobs:
         if: ${{ !cancelled() }}
         run: |
           cargo test --features postgresql
-      # End Run cargo tests
-
 
+      - name: "test features: cockroachdb"
+        id: test_cockroachdb
+        if: ${{ !cancelled() }}
+        run: |
+          cargo test --features cockroachdb
+      # End Run cargo tests
       # Run cargo clippy, and fail on warnings
-      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
+      - name: "clippy features: sqlite,mysql,postgresql,cockroachdb,enable_mimalloc"
         id: clippy
         if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }}
         run: |
-          cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc
+          cargo clippy --features sqlite,mysql,postgresql,cockroachdb,enable_mimalloc
       # End Run cargo clippy
-
-
       # Run cargo fmt (Only run on rust-toolchain defined version)
       - name: "check formatting"
         id: formatting
@@ -180,19 +178,18 @@ jobs:
         run: |
           cargo fmt --all -- --check
       # End Run cargo fmt
-
-
       # Check for any previous failures, if there are stop, else continue.
       # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
       - name: "Some checks failed"
         if: ${{ failure() }}
         env:
-          TEST_DB_M_L: ${{ steps.test_sqlite_mysql_postgresql_mimalloc_logger.outcome }}
-          TEST_DB_M: ${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}
-          TEST_DB: ${{ steps.test_sqlite_mysql_postgresql.outcome }}
+          TEST_DB_M_L: ${{ steps.test_sqlite_mysql_postgresql_cockroachdb_mimalloc_logger.outcome }}
+          TEST_DB_M: ${{ steps.test_sqlite_mysql_postgresql_cockroachdb_mimalloc.outcome }}
+          TEST_DB: ${{ steps.test_sqlite_mysql_postgresql_cockroachdb.outcome }}
           TEST_SQLITE: ${{ steps.test_sqlite.outcome }}
           TEST_MYSQL: ${{ steps.test_mysql.outcome }}
           TEST_POSTGRESQL: ${{ steps.test_postgresql.outcome }}
+          TEST_COCKROACHDB: ${{ steps.test_cockroachdb.outcome }}
           CLIPPY: ${{ steps.clippy.outcome }}
           FMT: ${{ steps.formatting.outcome }}
         run: |
@@ -200,20 +197,20 @@ jobs:
           echo "" >> "${GITHUB_STEP_SUMMARY}"
           echo "|Job|Status|" >> "${GITHUB_STEP_SUMMARY}"
           echo "|---|------|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql,enable_mimalloc,query_logger)|${TEST_DB_M_L}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${TEST_DB_M}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql)|${TEST_DB}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|test (sqlite,mysql,postgresql,cockroachdb,enable_mimalloc,query_logger)|${TEST_DB_M_L}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|test (sqlite,mysql,postgresql,cockroachdb,enable_mimalloc)|${TEST_DB_M}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|test (sqlite,mysql,postgresql,cockroachdb)|${TEST_DB}|" >> "${GITHUB_STEP_SUMMARY}"
           echo "|test (sqlite)|${TEST_SQLITE}|" >> "${GITHUB_STEP_SUMMARY}"
           echo "|test (mysql)|${TEST_MYSQL}|" >> "${GITHUB_STEP_SUMMARY}"
           echo "|test (postgresql)|${TEST_POSTGRESQL}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc)|${CLIPPY}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|test (cockroachdb)|${TEST_COCKROACHDB}|" >> "${GITHUB_STEP_SUMMARY}"
+          echo "|clippy (sqlite,mysql,postgresql,cockroachdb,enable_mimalloc)|${CLIPPY}|" >> "${GITHUB_STEP_SUMMARY}"
           echo "|fmt|${FMT}|" >> "${GITHUB_STEP_SUMMARY}"
           echo "" >> "${GITHUB_STEP_SUMMARY}"
           echo "Please check the failed jobs and fix where needed." >> "${GITHUB_STEP_SUMMARY}"
           echo "" >> "${GITHUB_STEP_SUMMARY}"
           exit 1
 
-
       # Check for any previous failures, if there are stop, else continue.
       # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
       - name: "All checks passed"

.gitignore

@@ -14,3 +14,6 @@ data
 
 # Web vault
 web-vault
+
+# Direnv
+.direnv/

.helix/languages.toml

@@ -0,0 +1,56 @@
+[language-server]
+nil = { command = "nil" }
+taplo = { command = "taplo", args = ["lsp", "stdio"] }
+yaml-language-server = { command = "yaml-language-server", args = ["--stdio"] }
+marksman = { command = "marksman", args = ["server"] }
+vscode-json-language-server = { command = "vscode-json-language-server", args = [
+  "--stdio",
+], config = { json = { validate = { enable = true } } } }
+
+[language-server.rust-analyzer]
+command = "rust-analyzer"
+
+[language-server.rust-analyzer.config]
+inlayHints.bindingModeHints.enable = false
+inlayHints.closingBraceHints.minLines = 10
+inlayHints.closureReturnTypeHints.enable = "with_block"
+inlayHints.discriminantHints.enable = "fieldless"
+inlayHints.lifetimeElisionHints.enable = "skip_trivial"
+inlayHints.typeHints.hideClosureInitialization = false
+procMacro.enable = true
+cargo.features = "rust-analyzer-stable"
+check.features = "rust-analyzer-stable"
+
+[[language]]
+name = "nix"
+auto-format = true
+formatter = { command = "nixpkgs-fmt" }
+language-servers = ["nil"]
+
+[[language]]
+name = "toml"
+auto-format = true
+language-servers = ["taplo"]
+
+[[language]]
+name = "yaml"
+auto-format = true
+formatter = { command = "prettier", args = ["--parser", "yaml"] }
+language-servers = ["yaml-language-server"]
+
+[[language]]
+name = "json"
+auto-format = true
+formatter = { command = "prettier", args = ["--parser", "json"] }
+language-servers = ["vscode-json-language-server"]
+
+[[language]]
+name = "markdown"
+auto-format = true
+formatter = { command = "prettier", args = ["--parser", "markdown"] }
+language-servers = ["marksman"]
+
+[[language]]
+name = "rust"
+auto-format = true
+language-servers = ["rust-analyzer"]

.pre-commit-config.yaml

@@ -1,52 +1,64 @@
 ---
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v6.0.0
     hooks:
-    - id: check-yaml
-    - id: check-json
-    - id: check-toml
-    - id: mixed-line-ending
-      args: ["--fix=no"]
-    - id: end-of-file-fixer
-      exclude: "(.*js$|.*css$)"
-    - id: check-case-conflict
-    - id: check-merge-conflict
-    - id: detect-private-key
-    - id: check-symlinks
-    - id: forbid-submodules
--   repo: local
+      - id: check-yaml
+      - id: check-json
+      - id: check-toml
+      - id: mixed-line-ending
+        args: ["--fix=no"]
+      - id: end-of-file-fixer
+        exclude: "(.*js$|.*css$)"
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: check-symlinks
+      - id: forbid-submodules
+  - repo: local
     hooks:
-    - id: fmt
-      name: fmt
-      description: Format files with cargo fmt.
-      entry: cargo fmt
-      language: system
-      types: [rust]
-      args: ["--", "--check"]
-    - id: cargo-test
-      name: cargo test
-      description: Test the package for errors.
-      entry: cargo test
-      language: system
-      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--"]
-      types_or: [rust, file]
-      files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
-      pass_filenames: false
-    - id: cargo-clippy
-      name: cargo clippy
-      description: Lint Rust sources
-      entry: cargo clippy
-      language: system
-      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"]
-      types_or: [rust, file]
-      files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
-      pass_filenames: false
-    - id: check-docker-templates
-      name: check docker templates
-      description: Check if the Docker templates are updated
-      language: system
-      entry: sh
-      args:
-        - "-c"
-        - "cd docker && make"
+      - id: fmt
+        name: fmt
+        description: Format files with cargo fmt.
+        entry: cargo fmt
+        language: system
+        types: [rust]
+        args: ["--", "--check"]
+      - id: cargo-test
+        name: cargo test
+        description: Test the package for errors.
+        entry: cargo test
+        language: system
+        args:
+          [
+            "--features",
+            "sqlite,mysql,postgresql,cockroachdb,enable_mimalloc",
+            "--",
+          ]
+        types_or: [rust, file]
+        files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
+        pass_filenames: false
+      - id: cargo-clippy
+        name: cargo clippy
+        description: Lint Rust sources
+        entry: cargo clippy
+        language: system
+        args:
+          [
+            "--features",
+            "sqlite,mysql,postgresql,cockroachdb,enable_mimalloc",
+            "--",
+            "-D",
+            "warnings",
+          ]
+        types_or: [rust, file]
+        files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
+        pass_filenames: false
+      - id: check-docker-templates
+        name: check docker templates
+        description: Check if the Docker templates are updated
+        language: system
+        entry: sh
+        args:
+          - "-c"
+          - "cd docker && make"

Cargo.toml

@@ -21,6 +21,7 @@ build = "build.rs"
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
 postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
+cockroachdb = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "dep:libsqlite3-sys"]
 # Enable to use a vendored and statically linked openssl
 vendored_openssl = ["openssl/vendored"]
@@ -32,7 +33,15 @@ enable_mimalloc = ["dep:mimalloc"]
 # You also need to set an env variable `QUERY_LOGGER=1` to fully activate this so you do not have to re-compile
 # if you want to turn off the logging for a specific run.
 query_logger = ["dep:diesel_logger"]
-s3 = ["opendal/services-s3", "dep:aws-config", "dep:aws-credential-types", "dep:aws-smithy-runtime-api", "dep:anyhow", "dep:http", "dep:reqsign"]
+s3 = [
+  "opendal/services-s3",
+  "dep:aws-config",
+  "dep:aws-credential-types",
+  "dep:aws-smithy-runtime-api",
+  "dep:anyhow",
+  "dep:http",
+  "dep:reqsign",
+]
 
 # OIDC specific features
 oidc-accept-rfc3339-timestamps = ["openidconnect/accept-rfc3339-timestamps"]
@@ -42,6 +51,21 @@ oidc-accept-string-booleans = ["openidconnect/accept-string-booleans"]
 # Currently only used to enable rusts official ip support
 unstable = []
 
+# Aggregator feature that has everything except unstable so nightly is not needed for most development
+rust-analyzer-stable = [
+  "enable_syslog",
+  "mysql",
+  "postgresql",
+  "cockroachdb",
+  "sqlite",
+  "vendored_openssl",
+  "enable_mimalloc",
+  "query_logger",
+  "s3",
+  "oidc-accept-rfc3339-timestamps",
+  "oidc-accept-string-booleans",
+]
+
 [target."cfg(unix)".dependencies]
 # Logging
 syslog = "7.0.0"
@@ -52,7 +76,9 @@ macros = { path = "./macros" }
 # Logging
 log = "0.4.27"
 fern = { version = "0.7.1", features = ["syslog-7", "reopen-1"] }
-tracing = { version = "0.1.41", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+tracing = { version = "0.1.41", features = [
+  "log",
+] } # Needed to have lettre and webauthn-rs trace logging to work
 
 # A `dotenv` implementation for Rust
 dotenvy = { version = "0.15.7", default-features = false }
@@ -66,8 +92,11 @@ num-derive = "0.4.2"
 bigdecimal = "0.4.8"
 
 # Web framework
-rocket = { version = "0.5.1", features = ["tls", "json"], default-features = false }
-rocket_ws = { version ="0.1.1" }
+rocket = { version = "0.5.1", features = [
+  "tls",
+  "json",
+], default-features = false }
+rocket_ws = { version = "0.1.1" }
 
 # WebSockets libraries
 rmpv = "1.3.0" # MessagePack library
@@ -77,8 +106,16 @@ dashmap = "6.1.0"
 
 # Async futures
 futures = "0.3.31"
-tokio = { version = "1.47.1", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] }
-tokio-util = { version = "0.7.16", features = ["compat"]}
+tokio = { version = "1.47.1", features = [
+  "rt-multi-thread",
+  "fs",
+  "io-util",
+  "parking_lot",
+  "time",
+  "signal",
+  "net",
+] }
+tokio-util = { version = "0.7.16", features = ["compat"] }
 
 # A generic serialization/deserialization framework
 serde = { version = "1.0.219", features = ["derive"] }
@@ -89,7 +126,13 @@ diesel = { version = "2.2.12", features = ["chrono", "r2d2", "numeric"] }
 diesel_migrations = "2.2.0"
 diesel_logger = { version = "0.4.0", optional = true }
 
-derive_more = { version = "2.0.1", features = ["from", "into", "as_ref", "deref", "display"] }
+derive_more = { version = "2.0.1", features = [
+  "from",
+  "into",
+  "as_ref",
+  "deref",
+  "display",
+] }
 diesel-derive-newtype = "2.1.2"
 
 # Bundled/Static SQLite
@@ -104,7 +147,10 @@ subtle = "2.6.1"
 uuid = { version = "1.18.0", features = ["v4"] }
 
 # Date and time libraries
-chrono = { version = "0.4.41", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.41", features = [
+  "clock",
+  "serde",
+], default-features = false }
 chrono-tz = "0.10.4"
 time = "0.3.41"
 
@@ -121,12 +167,17 @@ jsonwebtoken = "9.3.1"
 totp-lite = "2.0.1"
 
 # Yubico Library
-yubico = { package = "yubico_ng", version = "0.14.1", features = ["online-tokio"], default-features = false }
+yubico = { package = "yubico_ng", version = "0.14.1", features = [
+  "online-tokio",
+], default-features = false }
 
 # WebAuthn libraries
 # danger-allow-state-serialisation is needed to save the state in the db
 # danger-credential-internals is needed to support U2F to Webauthn migration
-webauthn-rs = { version = "0.5.2", features = ["danger-allow-state-serialisation", "danger-credential-internals"] }
+webauthn-rs = { version = "0.5.2", features = [
+  "danger-allow-state-serialisation",
+  "danger-credential-internals",
+] }
 webauthn-rs-proto = "0.5.2"
 webauthn-rs-core = "0.5.2"
 
@@ -134,7 +185,17 @@ webauthn-rs-core = "0.5.2"
 url = "2.5.7"
 
 # Email libraries
-lettre = { version = "0.11.18", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "hostname", "tracing", "tokio1-rustls", "ring", "rustls-native-certs"], default-features = false }
+lettre = { version = "0.11.18", features = [
+  "smtp-transport",
+  "sendmail-transport",
+  "builder",
+  "serde",
+  "hostname",
+  "tracing",
+  "tokio1-rustls",
+  "ring",
+  "rustls-native-certs",
+], default-features = false }
 percent-encoding = "2.3.2" # URL encoding library used for URL's in the emails
 email_address = "0.2.9"
 
@@ -142,12 +203,30 @@ email_address = "0.2.9"
 handlebars = { version = "6.3.2", features = ["dir_source"] }
 
 # HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.12.23", features = ["rustls-tls", "rustls-tls-native-roots", "stream", "json", "deflate", "gzip", "brotli", "zstd", "socks", "cookies", "charset", "http2", "system-proxy"], default-features = false}
+reqwest = { version = "0.12.23", features = [
+  "rustls-tls",
+  "rustls-tls-native-roots",
+  "stream",
+  "json",
+  "deflate",
+  "gzip",
+  "brotli",
+  "zstd",
+  "socks",
+  "cookies",
+  "charset",
+  "http2",
+  "system-proxy",
+], default-features = false }
 hickory-resolver = "0.25.2"
 
 # Favicon extraction libraries
 html5gum = "0.8.0"
-regex = { version = "1.11.2", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.11.2", features = [
+  "std",
+  "perf",
+  "unicode-perl",
+], default-features = false }
 data-url = "0.3.2"
 bytes = "1.10.1"
 svg-hush = "0.9.5"
@@ -159,7 +238,7 @@ cached = { version = "0.56.0", features = ["async"] }
 cookie = "0.18.1"
 cookie_store = "0.21.1"
 
-# Used by U2F, JWT and PostgreSQL
+# Used by U2F, JWT, PostgreSQL and CockroachDB
 openssl = "0.10.73"
 
 # CLI argument parsing
@@ -178,7 +257,9 @@ semver = "1.0.26"
 
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
-mimalloc = { version = "0.1.48", features = ["secure"], default-features = false, optional = true }
+mimalloc = { version = "0.1.48", features = [
+  "secure",
+], default-features = false, optional = true }
 
 which = "8.0.0"
 
@@ -192,11 +273,18 @@ rpassword = "7.4.0"
 grass_compiler = { version = "0.13.4", default-features = false }
 
 # File are accessed through Apache OpenDAL
-opendal = { version = "0.54.0", features = ["services-fs"], default-features = false }
+opendal = { version = "0.54.0", features = [
+  "services-fs",
+], default-features = false }
 
 # For retrieving AWS credentials, including temporary SSO credentials
 anyhow = { version = "1.0.99", optional = true }
-aws-config = { version = "1.8.5", features = ["behavior-version-latest", "rt-tokio", "credentials-process", "sso"], default-features = false, optional = true }
+aws-config = { version = "1.8.5", features = [
+  "behavior-version-latest",
+  "rt-tokio",
+  "credentials-process",
+  "sso",
+], default-features = false, optional = true }
 aws-credential-types = { version = "1.2.5", optional = true }
 aws-smithy-runtime-api = { version = "1.9.0", optional = true }
 http = { version = "1.3.1", optional = true }
@@ -253,7 +341,7 @@ refining_impl_trait = { level = "deny", priority = -1 }
 rust_2018_idioms = { level = "deny", priority = -1 }
 rust_2021_compatibility = { level = "deny", priority = -1 }
 rust_2024_compatibility = { level = "deny", priority = -1 }
-edition_2024_expr_fragment_specifier = "allow" # Once changed to Rust 2024 this should be removed and macro's should be validated again
+edition_2024_expr_fragment_specifier = "allow"              # Once changed to Rust 2024 this should be removed and macro's should be validated again
 single_use_lifetimes = "deny"
 trivial_casts = "deny"
 trivial_numeric_casts = "deny"

build.rs

@@ -9,12 +9,14 @@ fn main() {
     println!("cargo:rustc-cfg=mysql");
     #[cfg(feature = "postgresql")]
     println!("cargo:rustc-cfg=postgresql");
+    #[cfg(feature = "cockroachdb")]
+    println!("cargo:rustc-cfg=cockroachdb");
     #[cfg(feature = "query_logger")]
     println!("cargo:rustc-cfg=query_logger");
     #[cfg(feature = "s3")]
     println!("cargo:rustc-cfg=s3");
 
-    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
+    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql", feature = "cockroachdb")))]
     compile_error!(
         "You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite"
     );
@@ -24,6 +26,7 @@ fn main() {
     println!("cargo::rustc-check-cfg=cfg(sqlite)");
     println!("cargo::rustc-check-cfg=cfg(mysql)");
     println!("cargo::rustc-check-cfg=cfg(postgresql)");
+    println!("cargo::rustc-check-cfg=cfg(cockroachdb)");
     println!("cargo::rustc-check-cfg=cfg(query_logger)");
     println!("cargo::rustc-check-cfg=cfg(s3)");
 

docker/Dockerfile.alpine

@@ -82,7 +82,7 @@ ARG CARGO_PROFILE=release
 
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
+ARG DB=sqlite,mysql,postgresql,cockroachdb,enable_mimalloc
 
 # Builds your dependencies and removes the
 # dummy project, except the target folder

docker/Dockerfile.debian

@@ -117,7 +117,7 @@ COPY ./macros ./macros
 ARG CARGO_PROFILE=release
 
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
+ARG DB=sqlite,mysql,postgresql,cockroachdb
 
 # Builds your dependencies and removes the
 # dummy project, except the target folder

docker/Dockerfile.j2

@@ -145,10 +145,10 @@ ARG CARGO_PROFILE=release
 
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 {% if base == "debian" %}
-ARG DB=sqlite,mysql,postgresql
+ARG DB=sqlite,mysql,postgresql,cockroachdb
 {% elif base == "alpine" %}
 # Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
+ARG DB=sqlite,mysql,postgresql,cockroachdb,enable_mimalloc
 {% endif %}
 
 # Builds your dependencies and removes the

flake.lock

@@ -0,0 +1,60 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1757746433,
+        "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixpkgs-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,55 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixpkgs-unstable";
+    utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      utils,
+    }:
+    utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = import nixpkgs.outPath {
+          inherit system;
+        };
+      in
+      {
+        devShells.default = pkgs.mkShell rec {
+          RUST_BACKTRACE = "full";
+          LD_LIBRARY_PATH = "${pkgs.lib.makeLibraryPath buildInputs}";
+
+          buildInputs = with pkgs; [
+            pkg-config
+            openssl
+            libpq
+            libmysqlclient
+          ];
+
+          packages = with pkgs; [
+            git
+
+            nil
+            nixfmt-rfc-style
+
+            rustc
+            cargo
+            clippy
+            rustfmt
+            rust-analyzer
+
+            nodePackages.prettier
+            nodePackages.yaml-language-server
+            nodePackages.vscode-langservers-extracted
+            markdownlint-cli
+            nodePackages.markdown-link-check
+            marksman
+            taplo
+          ];
+        };
+      }
+    );
+}

migrations/cockroachdb/2019-09-12-100000_create_tables/down.sql

@@ -0,0 +1,13 @@
+DROP TABLE devices;
+DROP TABLE attachments;
+DROP TABLE users_collections;
+DROP TABLE users_organizations;
+DROP TABLE folders_ciphers;
+DROP TABLE ciphers_collections;
+DROP TABLE twofactor;
+DROP TABLE invitations;
+DROP TABLE collections;
+DROP TABLE folders;
+DROP TABLE ciphers;
+DROP TABLE users;
+DROP TABLE organizations;

migrations/cockroachdb/2019-09-12-100000_create_tables/up.sql

@@ -0,0 +1,121 @@
+CREATE TABLE users (
+  uuid                CHAR(36) NOT NULL PRIMARY KEY,
+  created_at          TIMESTAMP NOT NULL,
+  updated_at          TIMESTAMP NOT NULL,
+  email               VARCHAR(255) NOT NULL UNIQUE,
+  name                TEXT     NOT NULL,
+  password_hash       BYTEA     NOT NULL,
+  salt                BYTEA     NOT NULL,
+  password_iterations INT4  NOT NULL,
+  password_hint       TEXT,
+  akey                TEXT     NOT NULL,
+  private_key         TEXT,
+  public_key          TEXT,
+  totp_secret         TEXT,
+  totp_recover        TEXT,
+  security_stamp      TEXT     NOT NULL,
+  equivalent_domains  TEXT     NOT NULL,
+  excluded_globals    TEXT     NOT NULL,
+  client_kdf_type     INT4 NOT NULL DEFAULT 0,
+  client_kdf_iter INT4 NOT NULL DEFAULT 100000
+);
+
+CREATE TABLE devices (
+  uuid          CHAR(36) NOT NULL PRIMARY KEY,
+  created_at    TIMESTAMP NOT NULL,
+  updated_at    TIMESTAMP NOT NULL,
+  user_uuid     CHAR(36) NOT NULL REFERENCES users (uuid),
+  name          TEXT     NOT NULL,
+  atype         INT4  NOT NULL,
+  push_token    TEXT,
+  refresh_token TEXT     NOT NULL,
+  twofactor_remember TEXT
+);
+
+CREATE TABLE organizations (
+  uuid          VARCHAR(40) NOT NULL PRIMARY KEY,
+  name          TEXT NOT NULL,
+  billing_email TEXT NOT NULL
+);
+
+CREATE TABLE ciphers (
+  uuid              CHAR(36) NOT NULL PRIMARY KEY,
+  created_at        TIMESTAMP NOT NULL,
+  updated_at        TIMESTAMP NOT NULL,
+  user_uuid         CHAR(36) REFERENCES users (uuid),
+  organization_uuid CHAR(36) REFERENCES organizations (uuid),
+  atype             INT4  NOT NULL,
+  name              TEXT     NOT NULL,
+  notes             TEXT,
+  fields            TEXT,
+  data              TEXT     NOT NULL,
+  favorite          BOOLEAN  NOT NULL,
+  password_history  TEXT
+);
+
+CREATE TABLE attachments (
+  id          CHAR(36) NOT NULL PRIMARY KEY,
+  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
+  file_name   TEXT    NOT NULL,
+  file_size   INT4 NOT NULL,
+  akey        TEXT
+);
+
+CREATE TABLE folders (
+  uuid       CHAR(36) NOT NULL PRIMARY KEY,
+  created_at TIMESTAMP NOT NULL,
+  updated_at TIMESTAMP NOT NULL,
+  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
+  name       TEXT     NOT NULL
+);
+
+CREATE TABLE collections (
+  uuid     VARCHAR(40) NOT NULL PRIMARY KEY,
+  org_uuid VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
+  name     TEXT NOT NULL
+);
+
+CREATE TABLE users_collections (
+  user_uuid       CHAR(36) NOT NULL REFERENCES users (uuid),
+  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
+  read_only       BOOLEAN NOT NULL DEFAULT false,
+  PRIMARY KEY (user_uuid, collection_uuid)
+);
+
+CREATE TABLE users_organizations (
+  uuid       CHAR(36) NOT NULL PRIMARY KEY,
+  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
+  org_uuid   CHAR(36) NOT NULL REFERENCES organizations (uuid),
+
+  access_all BOOLEAN NOT NULL,
+  akey       TEXT    NOT NULL,
+  status     INT4 NOT NULL,
+  atype      INT4 NOT NULL,
+
+  UNIQUE (user_uuid, org_uuid)
+);
+
+CREATE TABLE folders_ciphers (
+  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
+  folder_uuid CHAR(36) NOT NULL REFERENCES folders (uuid),
+  PRIMARY KEY (cipher_uuid, folder_uuid)
+);
+
+CREATE TABLE ciphers_collections (
+  cipher_uuid       CHAR(36) NOT NULL REFERENCES ciphers (uuid),
+  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
+  PRIMARY KEY (cipher_uuid, collection_uuid)
+);
+
+CREATE TABLE twofactor (
+  uuid      CHAR(36) NOT NULL PRIMARY KEY,
+  user_uuid CHAR(36) NOT NULL REFERENCES users (uuid),
+  atype     INT4  NOT NULL,
+  enabled   BOOLEAN  NOT NULL,
+  data      TEXT     NOT NULL,
+  UNIQUE (user_uuid, atype)
+);
+
+CREATE TABLE invitations (
+    email   VARCHAR(255) NOT NULL PRIMARY KEY
+);

migrations/cockroachdb/2019-09-16-150000_fix_attachments/down.sql

@@ -0,0 +1,26 @@
+ALTER TABLE attachments ALTER COLUMN id TYPE CHAR(36);
+ALTER TABLE attachments ALTER COLUMN cipher_uuid TYPE CHAR(36);
+ALTER TABLE users ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE users ALTER COLUMN email TYPE VARCHAR(255);
+ALTER TABLE devices ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE devices ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE organizations ALTER COLUMN uuid TYPE CHAR(40);
+ALTER TABLE ciphers ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE ciphers ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE ciphers ALTER COLUMN organization_uuid TYPE CHAR(36);
+ALTER TABLE folders ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE folders ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE collections ALTER COLUMN uuid TYPE CHAR(40);
+ALTER TABLE collections ALTER COLUMN org_uuid TYPE CHAR(40);
+ALTER TABLE users_collections ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE users_collections ALTER COLUMN collection_uuid TYPE CHAR(36);
+ALTER TABLE users_organizations ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE users_organizations ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE users_organizations ALTER COLUMN org_uuid TYPE CHAR(36);
+ALTER TABLE folders_ciphers ALTER COLUMN cipher_uuid TYPE CHAR(36);
+ALTER TABLE folders_ciphers ALTER COLUMN folder_uuid TYPE CHAR(36);
+ALTER TABLE ciphers_collections ALTER COLUMN cipher_uuid TYPE CHAR(36);
+ALTER TABLE ciphers_collections ALTER COLUMN collection_uuid TYPE CHAR(36);
+ALTER TABLE twofactor ALTER COLUMN uuid TYPE CHAR(36);
+ALTER TABLE twofactor ALTER COLUMN user_uuid TYPE CHAR(36);
+ALTER TABLE invitations ALTER COLUMN email TYPE VARCHAR(255);

migrations/cockroachdb/2019-09-16-150000_fix_attachments/up.sql

@@ -0,0 +1,27 @@
+-- Switch from CHAR() types to VARCHAR() types to avoid padding issues.
+ALTER TABLE attachments ALTER COLUMN id TYPE TEXT;
+ALTER TABLE attachments ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
+ALTER TABLE users ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE users ALTER COLUMN email TYPE TEXT;
+ALTER TABLE devices ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE devices ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE organizations ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE ciphers ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE ciphers ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE ciphers ALTER COLUMN organization_uuid TYPE VARCHAR(40);
+ALTER TABLE folders ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE folders ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE collections ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE collections ALTER COLUMN org_uuid TYPE VARCHAR(40);
+ALTER TABLE users_collections ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE users_collections ALTER COLUMN collection_uuid TYPE VARCHAR(40);
+ALTER TABLE users_organizations ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE users_organizations ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE users_organizations ALTER COLUMN org_uuid TYPE VARCHAR(40);
+ALTER TABLE folders_ciphers ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
+ALTER TABLE folders_ciphers ALTER COLUMN folder_uuid TYPE VARCHAR(40);
+ALTER TABLE ciphers_collections ALTER COLUMN cipher_uuid TYPE VARCHAR(40);
+ALTER TABLE ciphers_collections ALTER COLUMN collection_uuid TYPE VARCHAR(40);
+ALTER TABLE twofactor ALTER COLUMN uuid TYPE VARCHAR(40);
+ALTER TABLE twofactor ALTER COLUMN user_uuid TYPE VARCHAR(40);
+ALTER TABLE invitations ALTER COLUMN email TYPE TEXT;

migrations/cockroachdb/2019-10-10-083032_add_column_to_twofactor/up.sql

@@ -0,0 +1 @@
+ALTER TABLE twofactor ADD COLUMN last_used INT4 NOT NULL DEFAULT 0;

migrations/cockroachdb/2019-11-17-011009_add_email_verification/down.sql

@@ -0,0 +1 @@
+

migrations/cockroachdb/2019-11-17-011009_add_email_verification/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE users ADD COLUMN verified_at TIMESTAMP DEFAULT NULL;
+ALTER TABLE users ADD COLUMN last_verifying_at TIMESTAMP DEFAULT NULL;
+ALTER TABLE users ADD COLUMN login_verify_count INT4 NOT NULL DEFAULT 0;
+ALTER TABLE users ADD COLUMN email_new VARCHAR(255) DEFAULT NULL;
+ALTER TABLE users ADD COLUMN email_new_token VARCHAR(16) DEFAULT NULL;

migrations/cockroachdb/2020-03-13-205045_add_policy_table/down.sql

@@ -0,0 +1 @@
+DROP TABLE org_policies;

migrations/cockroachdb/2020-03-13-205045_add_policy_table/up.sql

@@ -0,0 +1,9 @@
+CREATE TABLE org_policies (
+  uuid      CHAR(36) NOT NULL PRIMARY KEY,
+  org_uuid  CHAR(36) NOT NULL REFERENCES organizations (uuid),
+  atype     INT4  NOT NULL,
+  enabled   BOOLEAN  NOT NULL,
+  data      TEXT     NOT NULL,
+  
+  UNIQUE (org_uuid, atype)
+);

migrations/cockroachdb/2020-04-09-235005_add_cipher_delete_date/down.sql

@@ -0,0 +1 @@
+

migrations/cockroachdb/2020-04-09-235005_add_cipher_delete_date/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE ciphers
+    ADD COLUMN
+    deleted_at TIMESTAMP;

migrations/cockroachdb/2020-07-01-214531_add_hide_passwords/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users_collections
+ADD COLUMN hide_passwords BOOLEAN NOT NULL DEFAULT FALSE;

migrations/cockroachdb/2020-08-02-025025_add_favorites_table/down.sql

@@ -0,0 +1 @@
+DROP TABLE favorites;

migrations/cockroachdb/2020-08-02-025025_add_favorites_table/up.sql

@@ -0,0 +1,6 @@
+CREATE TABLE favorites (
+  user_uuid   VARCHAR(40) NOT NULL REFERENCES users(uuid),
+  cipher_uuid VARCHAR(40) NOT NULL REFERENCES ciphers(uuid),
+
+  PRIMARY KEY (user_uuid, cipher_uuid)
+);

migrations/cockroachdb/2020-08-02-025026_add_favorites_table_fix/down.sql

@@ -0,0 +1,11 @@
+ALTER TABLE ciphers
+ADD COLUMN favorite BOOLEAN NOT NULL DEFAULT FALSE;
+
+-- Transfer favorite status for user-owned ciphers.
+UPDATE ciphers
+SET favorite = TRUE
+WHERE EXISTS (
+  SELECT * FROM favorites
+  WHERE favorites.user_uuid = ciphers.user_uuid
+    AND favorites.cipher_uuid = ciphers.uuid
+);

migrations/cockroachdb/2020-08-02-025026_add_favorites_table_fix/up.sql

@@ -0,0 +1,9 @@
+-- Transfer favorite status for user-owned ciphers.
+INSERT INTO favorites(user_uuid, cipher_uuid)
+SELECT user_uuid, uuid
+FROM ciphers
+WHERE favorite = TRUE
+  AND user_uuid IS NOT NULL;
+
+ALTER TABLE ciphers
+DROP COLUMN favorite;

migrations/cockroachdb/2020-11-30-224000_add_user_enabled/up.sql

@@ -0,0 +1 @@
+ALTER TABLE users ADD COLUMN enabled BOOLEAN NOT NULL DEFAULT true;

migrations/cockroachdb/2020-12-09-173101_add_stamp_exception/up.sql

@@ -0,0 +1 @@
+ALTER TABLE users ADD COLUMN stamp_exception TEXT DEFAULT NULL;

migrations/cockroachdb/2021-03-11-190243_add_sends/down.sql

@@ -0,0 +1 @@
+DROP TABLE sends;

migrations/cockroachdb/2021-03-11-190243_add_sends/up.sql

@@ -0,0 +1,25 @@
+CREATE TABLE sends (
+  uuid              CHAR(36) NOT NULL   PRIMARY KEY,
+  user_uuid         CHAR(36)            REFERENCES users (uuid),
+  organization_uuid CHAR(36)            REFERENCES organizations (uuid),
+
+  name              TEXT    NOT NULL,
+  notes             TEXT,
+
+  atype             INT4 NOT NULL,
+  data              TEXT    NOT NULL,
+  key               TEXT    NOT NULL,
+  password_hash     BYTEA,
+  password_salt     BYTEA,
+  password_iter     INT4,
+
+  max_access_count  INT4,
+  access_count      INT4 NOT NULL,
+
+  creation_date     TIMESTAMP NOT NULL,
+  revision_date     TIMESTAMP NOT NULL,
+  expiration_date   TIMESTAMP,
+  deletion_date     TIMESTAMP NOT NULL,
+
+  disabled          BOOLEAN NOT NULL
+);

migrations/cockroachdb/2021-03-15-163412_rename_send_key/up.sql

@@ -0,0 +1 @@
+ALTER TABLE sends RENAME COLUMN key TO akey;

migrations/cockroachdb/2021-04-30-233251_add_reprompt/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN reprompt INT4;

migrations/cockroachdb/2021-05-11-205202_add_hide_email/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE sends
+ADD COLUMN hide_email BOOLEAN;

migrations/cockroachdb/2021-07-01-203140_add_password_reset_keys/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE organizations
+  ADD COLUMN private_key TEXT;
+
+ALTER TABLE organizations
+  ADD COLUMN public_key TEXT;

migrations/cockroachdb/2021-08-30-193501_create_emergency_access/down.sql

@@ -0,0 +1 @@
+DROP TABLE emergency_access;

migrations/cockroachdb/2021-08-30-193501_create_emergency_access/up.sql

@@ -0,0 +1,14 @@
+CREATE TABLE emergency_access (
+  uuid                      CHAR(36)     NOT NULL PRIMARY KEY,
+  grantor_uuid              CHAR(36)     REFERENCES users (uuid),
+  grantee_uuid              CHAR(36)     REFERENCES users (uuid),
+  email                     VARCHAR(255),
+  key_encrypted             TEXT,
+  atype                     INT4  NOT NULL,
+  status                    INT4  NOT NULL,
+  wait_time_days            INT4  NOT NULL,
+  recovery_initiated_at     TIMESTAMP,
+  last_notification_at      TIMESTAMP,
+  updated_at                TIMESTAMP NOT NULL,
+  created_at                TIMESTAMP NOT NULL
+);

migrations/cockroachdb/2021-10-24-164321_add_2fa_incomplete/down.sql

@@ -0,0 +1 @@
+DROP TABLE twofactor_incomplete;

migrations/cockroachdb/2021-10-24-164321_add_2fa_incomplete/up.sql

@@ -0,0 +1,9 @@
+CREATE TABLE twofactor_incomplete (
+  user_uuid   VARCHAR(40) NOT NULL REFERENCES users(uuid),
+  device_uuid VARCHAR(40) NOT NULL,
+  device_name TEXT        NOT NULL,
+  login_time  TIMESTAMP   NOT NULL,
+  ip_address  TEXT        NOT NULL,
+
+  PRIMARY KEY (user_uuid, device_uuid)
+);

migrations/cockroachdb/2022-01-17-234911_add_api_key/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users
+ADD COLUMN api_key TEXT;

migrations/cockroachdb/2022-03-02-210038_update_devices_primary_key/up.sql

@@ -0,0 +1,4 @@
+-- First remove the previous primary key
+ALTER TABLE devices DROP CONSTRAINT devices_pkey;
+-- Add a new combined one
+ALTER TABLE devices ADD PRIMARY KEY (uuid, user_uuid);

migrations/cockroachdb/2022-07-27-110000_add_group_support/down.sql

@@ -0,0 +1,3 @@
+DROP TABLE groups;
+DROP TABLE groups_users;
+DROP TABLE collections_groups;

migrations/cockroachdb/2022-07-27-110000_add_group_support/up.sql

@@ -0,0 +1,23 @@
+CREATE TABLE groups (
+  uuid                              CHAR(36) NOT NULL PRIMARY KEY,
+  organizations_uuid                 VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
+  name                              VARCHAR(100) NOT NULL,
+  access_all                        BOOLEAN NOT NULL,
+  external_id                       VARCHAR(300) NULL,
+  creation_date                     TIMESTAMP NOT NULL,
+  revision_date                     TIMESTAMP NOT NULL
+);
+
+CREATE TABLE groups_users (
+  groups_uuid                       CHAR(36) NOT NULL REFERENCES groups (uuid),
+  users_organizations_uuid          VARCHAR(36) NOT NULL REFERENCES users_organizations (uuid),
+  PRIMARY KEY (groups_uuid, users_organizations_uuid)
+);
+
+CREATE TABLE collections_groups (
+  collections_uuid                  VARCHAR(40) NOT NULL REFERENCES collections (uuid),
+  groups_uuid                       CHAR(36) NOT NULL REFERENCES groups (uuid),
+  read_only                         BOOLEAN NOT NULL,
+  hide_passwords                    BOOLEAN NOT NULL,
+  PRIMARY KEY (collections_uuid, groups_uuid)
+);

migrations/cockroachdb/2022-10-18-170602_add_events/down.sql

@@ -0,0 +1 @@
+DROP TABLE event;

migrations/cockroachdb/2022-10-18-170602_add_events/up.sql

@@ -0,0 +1,19 @@
+CREATE TABLE event (
+  uuid               CHAR(36)        NOT NULL PRIMARY KEY,
+  event_type         INT4     NOT NULL,
+  user_uuid          CHAR(36),
+  org_uuid           CHAR(36),
+  cipher_uuid        CHAR(36),
+  collection_uuid    CHAR(36),
+  group_uuid         CHAR(36),
+  org_user_uuid      CHAR(36),
+  act_user_uuid      CHAR(36),
+  device_type        INT4,
+  ip_address         TEXT,
+  event_date         TIMESTAMP    NOT NULL,
+  policy_uuid        CHAR(36),
+  provider_uuid      CHAR(36),
+  provider_user_uuid CHAR(36),
+  provider_org_uuid  CHAR(36),
+  UNIQUE (uuid)
+);

migrations/cockroachdb/2023-01-06-151600_add_reset_password_support/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users_organizations
+ADD COLUMN reset_password_key TEXT;

migrations/cockroachdb/2023-01-11-205851_add_avatar_color/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users
+ADD COLUMN avatar_color TEXT;

migrations/cockroachdb/2023-01-31-222222_add_argon2/up.sql

@@ -0,0 +1,7 @@
+ALTER TABLE users
+    ADD COLUMN
+    client_kdf_memory INT4 DEFAULT NULL;
+
+ALTER TABLE users
+    ADD COLUMN
+    client_kdf_parallelism INT4 DEFAULT NULL;

migrations/cockroachdb/2023-02-18-125735_push_uuid_table/up.sql

@@ -0,0 +1 @@
+ALTER TABLE devices ADD COLUMN push_uuid TEXT;

migrations/cockroachdb/2023-06-02-200424_create_organization_api_key/up.sql

@@ -0,0 +1,10 @@
+CREATE TABLE organization_api_key (
+	uuid			CHAR(36) NOT NULL,
+	org_uuid		CHAR(36) NOT NULL REFERENCES organizations(uuid),
+	atype			INT4 NOT NULL,
+	api_key			VARCHAR(255),
+	revision_date	TIMESTAMP NOT NULL,
+	PRIMARY KEY(uuid, org_uuid)
+);
+
+ALTER TABLE users ADD COLUMN external_id TEXT;

migrations/cockroachdb/2023-06-17-200424_create_auth_requests_table/up.sql

@@ -0,0 +1,19 @@
+CREATE TABLE auth_requests (
+	uuid            CHAR(36) NOT NULL PRIMARY KEY,
+	user_uuid	    CHAR(36) NOT NULL,
+	organization_uuid           CHAR(36),
+	request_device_identifier         CHAR(36) NOT NULL,
+	device_type         INT4 NOT NULL,
+	request_ip         TEXT NOT NULL,
+	response_device_id         CHAR(36),
+	access_code         TEXT NOT NULL,
+	public_key         TEXT NOT NULL,
+	enc_key         TEXT NOT NULL,
+	master_password_hash         TEXT NOT NULL,
+	approved         BOOLEAN,
+	creation_date         TIMESTAMP NOT NULL,
+	response_date         TIMESTAMP,
+	authentication_date         TIMESTAMP,
+	FOREIGN KEY(user_uuid) REFERENCES users(uuid),
+	FOREIGN KEY(organization_uuid) REFERENCES organizations(uuid)
+);

migrations/cockroachdb/2023-06-28-133700_add_collection_external_id/up.sql

@@ -0,0 +1 @@
+ALTER TABLE collections ADD COLUMN external_id TEXT;

migrations/cockroachdb/2023-09-01-170620_update_auth_request_table/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE auth_requests
+ALTER COLUMN master_password_hash DROP NOT NULL;
+
+ALTER TABLE auth_requests
+ALTER COLUMN enc_key DROP NOT NULL;

migrations/cockroachdb/2023-09-02-212336_move_user_external_id/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users_organizations
+ADD COLUMN external_id TEXT;

migrations/cockroachdb/2023-09-10-133000_add_sso/down.sql

@@ -0,0 +1 @@
+DROP TABLE sso_nonce;

migrations/cockroachdb/2023-09-10-133000_add_sso/up.sql

@@ -0,0 +1,4 @@
+CREATE TABLE sso_nonce (
+  nonce               CHAR(36) NOT NULL PRIMARY KEY,
+  created_at          TIMESTAMP NOT NULL DEFAULT now()
+);

migrations/cockroachdb/2023-09-14-133000_add_users_organizations_invited_by_email/down.sql

@@ -0,0 +1 @@
+ALTER TABLE users_organizations DROP COLUMN invited_by_email;

migrations/cockroachdb/2023-09-14-133000_add_users_organizations_invited_by_email/up.sql

@@ -0,0 +1 @@
+ALTER TABLE users_organizations ADD COLUMN invited_by_email TEXT DEFAULT NULL;

migrations/cockroachdb/2023-10-21-221242_add_cipher_key/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;

migrations/cockroachdb/2024-01-12-210182_change_attachment_size/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE attachments
+ALTER COLUMN file_size TYPE BIGINT,
+ALTER COLUMN file_size SET NOT NULL;

migrations/cockroachdb/2024-02-14-135953_change_time_stamp_data_type/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE twofactor
+ALTER COLUMN last_used TYPE BIGINT,
+ALTER COLUMN last_used SET NOT NULL;

migrations/cockroachdb/2024-02-14-170000_add_state_to_sso_nonce/down.sql

@@ -0,0 +1,6 @@
+DROP TABLE sso_nonce;
+
+CREATE TABLE sso_nonce (
+  nonce               CHAR(36) NOT NULL PRIMARY KEY,
+  created_at          TIMESTAMP NOT NULL DEFAULT now()
+);

migrations/cockroachdb/2024-02-14-170000_add_state_to_sso_nonce/up.sql

@@ -0,0 +1,8 @@
+DROP TABLE sso_nonce;
+
+CREATE TABLE sso_nonce (
+	state               TEXT NOT NULL PRIMARY KEY,
+  	nonce               TEXT NOT NULL,
+  	redirect_uri 		TEXT NOT NULL,
+  	created_at          TIMESTAMP NOT NULL DEFAULT now()
+);

migrations/cockroachdb/2024-02-26-170000_add_pkce_to_sso_nonce/down.sql

@@ -0,0 +1,8 @@
+DROP TABLE IF EXISTS sso_nonce;
+
+CREATE TABLE sso_nonce (
+    state               TEXT NOT NULL PRIMARY KEY,
+    nonce               TEXT NOT NULL,
+    redirect_uri        TEXT NOT NULL,
+    created_at          TIMESTAMP NOT NULL DEFAULT now()
+);

migrations/cockroachdb/2024-02-26-170000_add_pkce_to_sso_nonce/up.sql

@@ -0,0 +1,9 @@
+DROP TABLE IF EXISTS sso_nonce;
+
+CREATE TABLE sso_nonce (
+    state               TEXT NOT NULL PRIMARY KEY,
+    nonce               TEXT NOT NULL,
+    verifier            TEXT,
+    redirect_uri        TEXT NOT NULL,
+    created_at          TIMESTAMP NOT NULL DEFAULT now()
+);

migrations/cockroachdb/2024-03-06-170000_add_sso_users/down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS sso_users;

migrations/cockroachdb/2024-03-06-170000_add_sso_users/up.sql

@@ -0,0 +1,7 @@
+CREATE TABLE sso_users (
+  user_uuid           CHAR(36) NOT NULL PRIMARY KEY,
+  identifier          TEXT NOT NULL UNIQUE,
+  created_at          TIMESTAMP NOT NULL DEFAULT now(),
+
+  FOREIGN KEY(user_uuid) REFERENCES users(uuid)
+);

migrations/cockroachdb/2024-03-13-170000_sso_users_cascade/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE sso_users
+  DROP CONSTRAINT "sso_users_user_uuid_fkey",
+  ADD CONSTRAINT "sso_users_user_uuid_fkey" FOREIGN KEY(user_uuid) REFERENCES users(uuid) ON UPDATE CASCADE ON DELETE CASCADE;

migrations/cockroachdb/2024-06-05-131359_add_2fa_duo_store/down.sql

@@ -0,0 +1 @@
+DROP TABLE twofactor_duo_ctx;

migrations/cockroachdb/2024-06-05-131359_add_2fa_duo_store/up.sql

@@ -0,0 +1,8 @@
+CREATE TABLE twofactor_duo_ctx (
+    state      VARCHAR(64) NOT NULL,
+    user_email VARCHAR(255)  NOT NULL,
+    nonce      VARCHAR(64) NOT NULL,
+    exp        BIGINT        NOT NULL,
+
+    PRIMARY KEY (state)
+);

migrations/cockroachdb/2024-09-04-091351_use_device_type_for_mails/down.sql

@@ -0,0 +1 @@
+ALTER TABLE twofactor_incomplete DROP COLUMN device_type;

migrations/cockroachdb/2024-09-04-091351_use_device_type_for_mails/up.sql

@@ -0,0 +1 @@
+ALTER TABLE twofactor_incomplete ADD COLUMN device_type INT4 NOT NULL DEFAULT 14; -- 14 = Unknown Browser

migrations/cockroachdb/2025-01-09-172300_add_manage/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE users_collections
+ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;
+
+ALTER TABLE collections_groups
+ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;

playwright/.env.template

@@ -62,3 +62,4 @@ SMTP_FROM_NAME=Vaultwarden
 MARIADB_PORT=3305
 MYSQL_PORT=3307
 POSTGRES_PORT=5432
+COCKROACH_PORT=26257