Macro recursion decrease and other optimizations

- Decreased `recursion_limit` from 512 to 87
  Mainly done by optimizing the config macro's.
  This fixes an issue with the rust-analyzer which doesn't go beyond 128
- Removed Regex for masking sensitive values and replaced it with a map()
  This is much faster then using a Regex.
- Refactored the get_support_json macro's
- All items above also lowered the binary size and possibly compile-time
- Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all
- Decreased json response for `/plans`
- Updated libraries and where needed some code changes
  This also fixes some rare issues with SMTP lettre/lettre#678
- Using Rust 2021 instead of 2018
- Updated rust nightly

Cargo.toml

@@ -2,7 +2,7 @@
 name = "vaultwarden"
 version = "1.0.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
-edition = "2018"
+edition = "2021"
 rust-version = "1.57"
 resolver = "2"
 
@@ -46,7 +46,7 @@ url = "2.2.2"
 multipart = { version = "0.18.0", features = ["server"], default-features = false }
 
 # WebSockets library
-ws = { version = "0.11.0", package = "parity-ws" }
+ws = { version = "0.11.1", package = "parity-ws" }
 
 # MessagePack library
 rmpv = "1.0.0"
@@ -112,7 +112,7 @@ num-derive = "0.3.3"
 
 # Email libraries
 tracing = { version = "0.1.29", features = ["log"] } # Needed to have lettre trace logging used when SMTP_DEBUG is enabled.
-lettre = { version = "0.10.0-rc.3", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
+lettre = { version = "0.10.0-rc.4", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
 
 # Template library
 handlebars = { version = "4.1.3", features = ["dir_source"] }
@@ -124,7 +124,7 @@ regex = { version = "1.5.4", features = ["std", "perf", "unicode-perl"], default
 data-url = "0.1.0"
 
 # Used by U2F, JWT and Postgres
-openssl = "0.10.36"
+openssl = "0.10.38"
 
 # URL encoding library
 percent-encoding = "2.1.0"
@@ -135,7 +135,7 @@ idna = "0.2.3"
 pico-args = "0.4.2"
 
 # Logging panics to logfile instead stderr only
-backtrace = "0.3.62"
+backtrace = "0.3.63"
 
 # Macro ident concatenation
 paste = "1.0.5"

docker/Dockerfile.j2

@@ -6,7 +6,7 @@
 {% set build_stage_base_image = "rust:1.55-buster" %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "clux/muslrust:nightly-2021-10-06" %}
+{%     set build_stage_base_image = "clux/muslrust:nightly-2021-10-23" %}
 {%     set runtime_stage_base_image = "alpine:3.14" %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}

docker/amd64/Dockerfile.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:0e8daf80abb73ebca69d1971847450d24da45a74a525fd643246ee1dfa02108b as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM clux/muslrust:nightly-2021-10-06 as build
+FROM clux/muslrust:nightly-2021-10-23 as build
 
 # Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
 ARG DB=sqlite,postgresql

docker/amd64/Dockerfile.buildx.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:0e8daf80abb73ebca69d1971847450d24da45a74a525fd643246ee1dfa02108b as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM clux/muslrust:nightly-2021-10-06 as build
+FROM clux/muslrust:nightly-2021-10-23 as build
 
 # Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
 ARG DB=sqlite,postgresql

rust-toolchain

@@ -1 +1 @@
-nightly-2021-10-14
+nightly-2021-11-05

src/api/admin.rs

@@ -236,7 +236,7 @@ impl AdminTemplateData {
 }
 
 #[get("/", rank = 1)]
-fn admin_page(_token: AdminToken, _conn: DbConn) -> ApiResult<Html<String>> {
+fn admin_page(_token: AdminToken) -> ApiResult<Html<String>> {
     let text = AdminTemplateData::new().render()?;
     Ok(Html(text))
 }
@@ -494,7 +494,6 @@ fn diagnostics(_token: AdminToken, ip_header: IpHeader, conn: DbConn) -> ApiResu
 
     // Execute some environment checks
     let running_within_docker = is_running_in_docker();
-    let docker_base_image = docker_base_image();
     let has_http_access = has_http_access();
     let uses_proxy = env::var_os("HTTP_PROXY").is_some()
         || env::var_os("http_proxy").is_some()
@@ -552,7 +551,7 @@ fn diagnostics(_token: AdminToken, ip_header: IpHeader, conn: DbConn) -> ApiResu
         "web_vault_version": web_vault_version.version,
         "latest_web_build": latest_web_build,
         "running_within_docker": running_within_docker,
-        "docker_base_image": docker_base_image,
+        "docker_base_image": docker_base_image(),
         "has_http_access": has_http_access,
         "ip_header_exists": &ip_header.0.is_some(),
         "ip_header_match": ip_header_name == CONFIG.ip_header(),

src/api/core/accounts.rs

@@ -454,7 +454,7 @@ fn post_email(data: JsonUpcase<ChangeEmailData>, headers: Headers, conn: DbConn)
 }
 
 #[post("/accounts/verify-email")]
-fn post_verify_email(headers: Headers, _conn: DbConn) -> EmptyResult {
+fn post_verify_email(headers: Headers) -> EmptyResult {
     let user = headers.user;
 
     if !CONFIG.mail_enabled() {
@@ -654,7 +654,7 @@ struct VerifyPasswordData {
 }
 
 #[post("/accounts/verify-password", data = "<data>")]
-fn verify_password(data: JsonUpcase<VerifyPasswordData>, headers: Headers, _conn: DbConn) -> EmptyResult {
+fn verify_password(data: JsonUpcase<VerifyPasswordData>, headers: Headers) -> EmptyResult {
     let data: VerifyPasswordData = data.into_inner().data;
     let user = headers.user;
 

src/api/core/organizations.rs

@@ -1294,71 +1294,43 @@ fn put_policy(
 
 #[allow(unused_variables)]
 #[get("/organizations/<org_id>/tax")]
-fn get_organization_tax(org_id: String, _headers: Headers, _conn: DbConn) -> EmptyResult {
+fn get_organization_tax(org_id: String, _headers: Headers) -> Json<Value> {
     // Prevent a 404 error, which also causes Javascript errors.
-    err!("Only allowed when not self hosted.")
+    // Upstream sends "Only allowed when not self hosted." As an error message.
+    // If we do the same it will also output this to the log, which is overkill.
+    // An empty list/data also works fine.
+    Json(_empty_data_json())
 }
 
 #[get("/plans")]
-fn get_plans(_headers: Headers, _conn: DbConn) -> Json<Value> {
+fn get_plans(_headers: Headers) -> Json<Value> {
+    // Respond with a minimal json just enough to allow the creation of an new organization.
     Json(json!({
         "Object": "list",
-        "Data": [
-        {
+        "Data": [{
             "Object": "plan",
             "Type": 0,
             "Product": 0,
             "Name": "Free",
-            "IsAnnual": false,
             "NameLocalizationKey": "planNameFree",
-            "DescriptionLocalizationKey": "planDescFree",
-            "CanBeUsedByBusiness": false,
-            "BaseSeats": 2,
-            "BaseStorageGb": null,
-            "MaxCollections": 2,
-            "MaxUsers": 2,
-            "HasAdditionalSeatsOption": false,
-            "MaxAdditionalSeats": null,
-            "HasAdditionalStorageOption": false,
-            "MaxAdditionalStorage": null,
-            "HasPremiumAccessOption": false,
-            "TrialPeriodDays": null,
-            "HasSelfHost": false,
-            "HasPolicies": false,
-            "HasGroups": false,
-            "HasDirectory": false,
-            "HasEvents": false,
-            "HasTotp": false,
-            "Has2fa": false,
-            "HasApi": false,
-            "HasSso": false,
-            "UsersGetPremium": false,
-            "UpgradeSortOrder": -1,
-            "DisplaySortOrder": -1,
-            "LegacyYear": null,
-            "Disabled": false,
-            "StripePlanId": null,
-            "StripeSeatPlanId": null,
-            "StripeStoragePlanId": null,
-            "StripePremiumAccessPlanId": null,
-            "BasePrice": 0.0,
-            "SeatPrice": 0.0,
-            "AdditionalStoragePricePerGb": 0.0,
-            "PremiumAccessOptionPrice": 0.0
-            }
-        ],
+            "DescriptionLocalizationKey": "planDescFree"
+        }],
         "ContinuationToken": null
     }))
 }
 
 #[get("/plans/sales-tax-rates")]
-fn get_plans_tax_rates(_headers: Headers, _conn: DbConn) -> Json<Value> {
+fn get_plans_tax_rates(_headers: Headers) -> Json<Value> {
     // Prevent a 404 error, which also causes Javascript errors.
-    Json(json!({
+    Json(_empty_data_json())
+}
+
+fn _empty_data_json() -> Value {
+    json!({
         "Object": "list",
         "Data": [],
         "ContinuationToken": null
-    }))
+    })
 }
 
 #[derive(Deserialize, Debug)]

src/api/notifications.rs

@@ -4,7 +4,7 @@ use rocket::Route;
 use rocket_contrib::json::Json;
 use serde_json::Value as JsonValue;
 
-use crate::{api::EmptyResult, auth::Headers, db::DbConn, Error, CONFIG};
+use crate::{api::EmptyResult, auth::Headers, Error, CONFIG};
 
 pub fn routes() -> Vec<Route> {
     routes![negotiate, websockets_err]
@@ -30,7 +30,7 @@ fn websockets_err() -> EmptyResult {
 }
 
 #[post("/hub/negotiate")]
-fn negotiate(_headers: Headers, _conn: DbConn) -> Json<JsonValue> {
+fn negotiate(_headers: Headers) -> Json<JsonValue> {
     use crate::crypto;
     use data_encoding::BASE64URL;
 

src/auth.rs

@@ -165,7 +165,6 @@ pub fn generate_invite_claims(
     }
 }
 
-//           var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}");
 #[derive(Debug, Serialize, Deserialize)]
 pub struct EmergencyAccessInviteJwtClaims {
     // Not before