Merge branch 'master' into update-self-hosted

.dockerignore

@@ -1,3 +1,3 @@
-*
-!build/*
-!entrypoint.sh
+**/bin
+**/obj
+**/node_modules

.github/workflows/build.yml

@@ -218,7 +218,7 @@ jobs:
         run: |
           echo -e "\nBuilding Docker image"
           docker --version
-          docker build -t bitwarden/web .
+          docker build -t bitwarden/web -f docker/Dockerfile .
 
       - name: Tag rc branch
         if: github.ref == 'refs/heads/rc'
@@ -340,7 +340,7 @@ jobs:
 
           echo -e "\nBuilding Docker image"
           docker --version
-          docker build -t bitwardenqa.azurecr.io/web .
+          docker build -t bitwardenqa.azurecr.io/web -f docker/Dockerfile-QA .
 
       - name: Get image tag
         id: image-tag

.github/workflows/version-bump.yml

@@ -38,6 +38,12 @@ jobs:
           version: ${{ github.event.inputs.version_number }}
           file_path: "./package-lock.json"
 
+      - name: Bump Version - csproj
+        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+        with:
+          version: ${{ github.event.inputs.version_number }}
+          file_path: "./dotnet-src/Web/Web.csproj"
+
       - name: Commit files
         run: |
           git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"

.gitignore

@@ -13,3 +13,15 @@ dist/
 build/
 !dev-server.shared.pem
 config/local.json
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+build/
+bld/
+[Bb]in/
+[Oo]bj/

Dockerfile

@@ -1,20 +0,0 @@
-FROM bitwarden/server
-
-LABEL com.bitwarden.product="bitwarden"
-
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        gosu \
-        curl \
-&& rm -rf /var/lib/apt/lists/*
-
-ENV ASPNETCORE_URLS http://+:5000
-WORKDIR /app
-EXPOSE 5000
-COPY ./build .
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
-
-ENTRYPOINT ["/entrypoint.sh"]

bitwarden-web.sln

@@ -0,0 +1,16 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Web", "dotnet-src\Web\Web.csproj", "{D0B6D8EB-21F0-400A-91E5-2C4722B9D170}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D0B6D8EB-21F0-400A-91E5-2C4722B9D170}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D0B6D8EB-21F0-400A-91E5-2C4722B9D170}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D0B6D8EB-21F0-400A-91E5-2C4722B9D170}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D0B6D8EB-21F0-400A-91E5-2C4722B9D170}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal

docker/Dockerfile

@@ -0,0 +1,84 @@
+###############################################
+#                 Build stage                 #
+###############################################
+FROM node:16-slim AS node-build
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /source
+COPY . .
+
+RUN npm ci
+RUN npm run dist:bit:selfhost
+
+###############################################
+#                 Build stage                 #
+###############################################
+FROM mcr.microsoft.com/dotnet/sdk:5.0-alpine AS dotnet-build
+
+# Add packages
+RUN apk add --update-cache \
+    npm \
+    && rm -rf /var/cache/apk/*
+
+# Copy csproj files as distinct layers
+WORKDIR /source
+COPY dotnet-src/Web/*.csproj ./src/Web/
+#COPY Directory.Build.props .
+
+# Restore project dependencies and tools
+WORKDIR /source/src/Web
+RUN dotnet restore
+
+# Copy required project files
+WORKDIR /source
+COPY dotnet-src/Web/. ./src/Web/
+
+# Build app
+WORKDIR /source/src/Web
+RUN dotnet publish -c release -o /app --no-restore
+
+###############################################
+#                  App stage                  #
+###############################################
+FROM mcr.microsoft.com/dotnet/aspnet:5.0-alpine
+LABEL com.bitwarden.product="bitwarden"
+LABEL com.bitwarden.project="web"
+ENV ASPNETCORE_ENVIRONMENT=Production
+ENV ASPNETCORE_URLS http://+:5000
+EXPOSE 5000
+
+# Add packages
+RUN apk add --update-cache \
+    curl \
+    && rm -rf /var/cache/apk/*
+
+# Create required directories
+RUN mkdir -p /etc/bitwarden/web
+
+COPY docker/confd/app-id.toml /etc/confd/conf.d/
+COPY docker/confd/app-id.conf.tmpl /etc/confd/templates/
+
+ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd
+RUN chmod +x /usr/local/bin/confd
+
+# Copy Web server from dotnet-build stage
+COPY --from=dotnet-build /app /server
+
+# Copy app from build stage
+WORKDIR /app
+COPY --from=node-build /source/build ./
+
+# Copy entrypoint script and make it executable
+COPY docker/entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+# Create non-root user to run app
+RUN adduser -s /bin/false -D bitwarden && chown -R bitwarden:bitwarden /app /server /etc/bitwarden
+
+USER bitwarden:bitwarden
+HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+ENTRYPOINT ["/entrypoint.sh"]

docker/Dockerfile-QA

@@ -0,0 +1,87 @@
+###############################################
+#                 Build stage                 #
+###############################################
+FROM node:16-slim AS node-build
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /source
+COPY . .
+
+RUN npm ci
+# TODO: Make sure version is correct when building QA image.
+# RUN jq --arg version "$VERSION - ${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp
+# RUN mv package.json.tmp package.json
+RUN npm run build:bit:qa
+
+###############################################
+#                 Build stage                 #
+###############################################
+FROM mcr.microsoft.com/dotnet/sdk:5.0-alpine AS dotnet-build
+
+# Add packages
+RUN apk add --update-cache \
+    npm \
+    && rm -rf /var/cache/apk/*
+
+# Copy csproj files as distinct layers
+WORKDIR /source
+COPY dotnet-src/Web/*.csproj ./src/Web/
+#COPY Directory.Build.props .
+
+# Restore project dependencies and tools
+WORKDIR /source/src/Web
+RUN dotnet restore
+
+# Copy required project files
+WORKDIR /source
+COPY dotnet-src/Web/. ./src/Web/
+
+# Build app
+WORKDIR /source/src/Web
+RUN dotnet publish -c release -o /app --no-restore
+
+###############################################
+#                  App stage                  #
+###############################################
+FROM mcr.microsoft.com/dotnet/aspnet:5.0-alpine
+LABEL com.bitwarden.product="bitwarden"
+LABEL com.bitwarden.project="web"
+ENV ASPNETCORE_ENVIRONMENT=Production
+ENV ASPNETCORE_URLS http://+:5000
+EXPOSE 5000
+
+# Add packages
+RUN apk add --update-cache \
+    curl \
+    && rm -rf /var/cache/apk/*
+
+# Create required directories
+RUN mkdir -p /etc/bitwarden/web
+
+COPY docker/confd/app-id.toml /etc/confd/conf.d/
+COPY docker/confd/app-id.conf.tmpl /etc/confd/templates/
+
+ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd
+RUN chmod +x /usr/local/bin/confd
+
+# Copy Web server from dotnet-build stage
+COPY --from=dotnet-build /app /server
+
+# Copy app from build stage
+WORKDIR /app
+COPY --from=node-build /source/build ./
+
+# Copy entrypoint script and make it executable
+COPY docker/entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+# Create non-root user to run app
+RUN adduser -s /bin/false -D bitwarden && chown -R bitwarden:bitwarden /app /server /etc/bitwarden
+
+USER bitwarden:bitwarden
+HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+ENTRYPOINT ["/entrypoint.sh"]

docker/confd/app-id.conf.tmpl

@@ -0,0 +1,15 @@
+{
+  "trustedFacets": [
+    {
+      "version": {
+        "major": 1,
+        "minor": 0
+      },
+      "ids": [
+        "{{ getenv "globalSettings__baseServiceUri__vault" "https://localhost" }}",
+        "ios:bundle-id:com.8bit.bitwarden",
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+      ]
+    }
+  ]
+}

docker/confd/app-id.toml

@@ -0,0 +1,6 @@
+[template]
+src = "app-id.conf.tmpl"
+dest = "/etc/bitwarden/web/app-id.json"
+keys = [
+  "globalSettings__baseServiceUri__vault"
+]

docker/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/local/bin/confd -onetime -backend env
+
+cp /etc/bitwarden/web/app-id.json /app/app-id.json
+
+exec dotnet /server/Web.dll /contentRoot=/app /webRoot=.

dotnet-src/Web/Program.cs

@@ -0,0 +1,46 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+
+namespace Bit.Web
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder()
+                .AddCommandLine(args)
+                .Build();
+
+            var builder = new WebHostBuilder()
+                .UseConfiguration(config)
+                .UseKestrel()
+                .UseStartup<Startup>()
+                .ConfigureLogging((hostingContext, logging) =>
+                {
+                    logging.AddConsole().AddDebug();
+                })
+                .ConfigureKestrel((context, options) => { });
+
+            var contentRoot = config.GetValue<string>("contentRoot");
+            if (!string.IsNullOrWhiteSpace(contentRoot))
+            {
+                builder.UseContentRoot(contentRoot);
+            }
+            else
+            {
+                builder.UseContentRoot(Directory.GetCurrentDirectory());
+            }
+            
+            var webRoot = config.GetValue<string>("webRoot");
+            if (string.IsNullOrWhiteSpace(webRoot))
+            {
+                builder.UseWebRoot(webRoot);
+            }
+
+            var host = builder.Build();
+            host.Run();
+        }
+    }
+}

dotnet-src/Web/Properties/launchSettings.json

@@ -0,0 +1,12 @@
+{
+  "profiles": {
+    "Server": {
+      "commandName": "Project",
+      "launchBrowser": false,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "http://localhost:53910/"
+    }
+  }
+}

dotnet-src/Web/Startup.cs

@@ -0,0 +1,79 @@
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Reflection;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.StaticFiles;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Web
+{
+    public class Startup
+    {
+        private readonly List<string> _longCachedPaths = new List<string>
+        {
+            "/app/", "/locales/", "/fonts/", "/connectors/", "/scripts/"
+        };
+        private readonly List<string> _mediumCachedPaths = new List<string>
+        {
+            "/images/"
+        };
+
+        public Startup()
+        {
+            CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US");
+        }
+
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddRouting();
+        }
+
+        public void Configure(
+            IApplicationBuilder app,
+            IConfiguration configuration)
+        {
+            // TODO: This should be removed when asp.net natively support avif
+            var provider = new FileExtensionContentTypeProvider { Mappings = { [".avif"] = "image/avif" } };
+
+            var options = new DefaultFilesOptions();
+            options.DefaultFileNames.Clear();
+            options.DefaultFileNames.Add("index.html");
+            app.UseDefaultFiles(options);
+            app.UseStaticFiles(new StaticFileOptions
+            {
+                ContentTypeProvider = provider,
+                OnPrepareResponse = ctx =>
+                {
+                    if (!ctx.Context.Request.Path.HasValue ||
+                        ctx.Context.Response.Headers.ContainsKey("Cache-Control"))
+                    {
+                        return;
+                    }
+                    var path = ctx.Context.Request.Path.Value;
+                    if (_longCachedPaths.Any(ext => path.StartsWith(ext)))
+                    {
+                        // 14 days
+                        ctx.Context.Response.Headers.Append("Cache-Control", "max-age=1209600");
+                    }
+                    if (_mediumCachedPaths.Any(ext => path.StartsWith(ext)))
+                    {
+                        // 7 days
+                        ctx.Context.Response.Headers.Append("Cache-Control", "max-age=604800");
+                    }
+                }
+            });
+            app.UseRouting();
+            app.UseEndpoints(endpoints =>
+            {
+                endpoints.MapGet("/alive",
+                    async context => await context.Response.WriteAsJsonAsync(System.DateTime.UtcNow));
+                endpoints.MapGet("/version",
+                    async context => await context.Response.WriteAsJsonAsync(Assembly.GetEntryAssembly()
+                        .GetCustomAttribute<AssemblyInformationalVersionAttribute>().InformationalVersion));
+            });
+        }
+    }
+}

dotnet-src/Web/Web.csproj

@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <MvcRazorCompileOnPublish>false</MvcRazorCompileOnPublish>
+    <TargetFramework>net5.0</TargetFramework>
+    <Version>2.27.0</Version>
+    <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
+    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
+  </PropertyGroup>
+
+</Project>

dotnet-src/Web/build.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -e
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+echo -e "\n## Building Web"
+
+echo -e "\nBuilding app"
+echo ".NET Core version $(dotnet --version)"
+echo "Restore"
+dotnet restore "$DIR/Web.csproj"
+echo "Clean"
+dotnet clean "$DIR/Web.csproj" -c "Release" -o "$DIR/obj/build-output/publish"
+echo "Publish"
+dotnet publish "$DIR/Web.csproj" -c "Release" -o "$DIR/obj/build-output/publish"

dotnet-src/Web/packages.lock.json

@@ -0,0 +1,6 @@
+{
+  "version": 1,
+  "dependencies": {
+    ".NETCoreApp,Version=v5.0": {}
+  }
+}

entrypoint.sh

@@ -1,38 +0,0 @@
-#!/bin/bash
-
-# Setup
-
-GROUPNAME="bitwarden"
-USERNAME="bitwarden"
-
-LUID=${LOCAL_UID:-0}
-LGID=${LOCAL_GID:-0}
-
-# Step down from host root to well-known nobody/nogroup user
-
-if [ $LUID -eq 0 ]
-then
-    LUID=65534
-fi
-if [ $LGID -eq 0 ]
-then
-    LGID=65534
-fi
-
-# Create user and group
-
-groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-mkhomedir_helper $USERNAME
-
-# The rest...
-
-chown -R $USERNAME:$GROUPNAME /etc/bitwarden
-cp /etc/bitwarden/web/app-id.json /app/app-id.json
-chown -R $USERNAME:$GROUPNAME /app
-chown -R $USERNAME:$GROUPNAME /bitwarden_server
-
-exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true