From 9e8e598cce3216f862a680c2f27660da59669248 Mon Sep 17 00:00:00 2001
From: Aron Marinelli <aron@marinelli.nl>
Date: Sun, 3 Mar 2024 14:42:15 +0100
Subject: [PATCH 1/2] Add docker entrypoint file, update dockerfile, minor
 changes to initial startup

---
 .../Bitwarden.SecureSync.Application.csproj    |  4 ++++
 Bitwarden.SecureSync.Application/Program.cs    |  9 +++++++--
 Dockerfile                                     | 18 ++++++++++++------
 docker-entrypoint.sh                           |  7 +++++++
 4 files changed, 30 insertions(+), 8 deletions(-)
 create mode 100644 docker-entrypoint.sh

diff --git a/Bitwarden.SecureSync.Application/Bitwarden.SecureSync.Application.csproj b/Bitwarden.SecureSync.Application/Bitwarden.SecureSync.Application.csproj
index 1f439c5..9ef70ac 100644
--- a/Bitwarden.SecureSync.Application/Bitwarden.SecureSync.Application.csproj
+++ b/Bitwarden.SecureSync.Application/Bitwarden.SecureSync.Application.csproj
@@ -33,6 +33,10 @@
         <Content Include="..\.dockerignore">
             <Link>.dockerignore</Link>
         </Content>
+        <Content Include="..\docker-entrypoint.sh">
+          <Link>docker-entrypoint.sh</Link>
+          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+        </Content>
         <Content Include="..\Dockerfile">
             <Link>Dockerfile</Link>
         </Content>
diff --git a/Bitwarden.SecureSync.Application/Program.cs b/Bitwarden.SecureSync.Application/Program.cs
index 84d57c3..5db94a7 100644
--- a/Bitwarden.SecureSync.Application/Program.cs
+++ b/Bitwarden.SecureSync.Application/Program.cs
@@ -56,7 +56,6 @@ static async Task CheckConfigurationAvailability()
     Console.ForegroundColor = ConsoleColor.Yellow;
     Console.WriteLine(
         "No configuration file found. A default appsettings.json file will be created in the /config directory.");
-    Console.ResetColor();
 
     var bitwardenConfiguration = BitwardenConfiguration.GetSampleConfiguration();
     var syncConfiguration = SyncConfiguration.GetSampleConfiguration();
@@ -73,7 +72,13 @@ static async Task CheckConfigurationAvailability()
         }
     );
 
-    await File.WriteAllTextAsync("config/appsettings.json", serializedSampleConfig);
+    var fileInfo = new FileInfo("config/appsettings.json");
+    await using var fs = fileInfo.Open(FileMode.CreateNew, FileAccess.ReadWrite);
+    await using var sw = new StreamWriter(fs);
+    await sw.WriteAsync(serializedSampleConfig);
+    
+    Console.WriteLine($"Stopping application gracefully. Please add required configuration to {fileInfo.FullName} in order for the application to run properly on next run.");
+    Environment.Exit(0);
 }
 
 static void BindConfiguration(IServiceCollection services, IConfiguration configuration)
diff --git a/Dockerfile b/Dockerfile
index 16a0ede..0da0381 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,4 @@
 FROM mcr.microsoft.com/dotnet/runtime:8.0 AS base
-USER $APP_UID
 WORKDIR /app
 
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
@@ -20,14 +19,21 @@ RUN dotnet publish "Bitwarden.SecureSync.Application.csproj" -c $BUILD_CONFIGURA
 
 FROM base AS final
 WORKDIR /app
-COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "Bitwarden.SecureSync.Application.dll"]
+
+ENV PATH="/app:${PATH}" \
+    PUID=0 \
+    PGID=0
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y gosu; \
+	rm -rf /var/lib/apt/lists/*; \
+	gosu nobody true
 
 VOLUME ["/app/config", "/app/data"]
 
-USER root
-RUN chown -R $APP_UID /app
-USER $APP_UID
+COPY --from=publish /app/publish .
+ENTRYPOINT ["/bin/sh", "docker-entrypoint.sh"]
 
 LABEL org.opencontainers.image.authors="aron@marinelli.nl"
 LABEL org.opencontainers.image.url="https://github.com/AronMarinelli/bitwarden-secure-sync"
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100644
index 0000000..41b7c4e
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+mkdir /.config && mkdir /.config/Bitwarden\ CLI
+chown -R ${PUID}:${PGID} /.config/Bitwarden\ CLI
+
+chown -R ${PUID}:${PGID} /app
+exec gosu ${PUID}:${PGID} dotnet /app/Bitwarden.SecureSync.Application.dll
\ No newline at end of file

From 878fc8581e9492bac1887bf1e0a0739917f64425 Mon Sep 17 00:00:00 2001
From: Aron Marinelli <aron@marinelli.nl>
Date: Sun, 3 Mar 2024 14:53:17 +0100
Subject: [PATCH 2/2] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 1486f22..08a4cae 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ A simple tool that can be used to export your Bitwarden vault to a local file pe
 
 Uses the [Bitwarden CLI](https://github.com/bitwarden/clients) tool to communicate with the API, and exports your passwords using the default Bitwarden export method.
 
+> [!NOTE]  
 > I am not affiliated with Bitwarden Inc. in any way, and am providing this software as-is. This project is intended for personal use, and might receive breaking updates without notice. 
 
 ## Usage
@@ -14,6 +15,14 @@ It is important to bind both the `/app/config` and `/app/data` directories for t
 
 Upon initial run, the application shall automatically create an appsettings.json file at the /app/config path. In order for the application to function, the appsettings.json file should be configured as [described below](#configuration).
 
+> [!IMPORTANT]  
+> By default, the application is configured to run as root (UID/GID 0).
+> For security purposes, it is recommended you specify the PGID and PUID environment variables when running the container.
+> 
+> A properly formatted docker run command may look as follows:
+>
+> ```docker run --env PGID=100 --env PUID=99 -v /home/docker/bitwarden-secure-sync/config:/app/config -v /home/docker/bitwarden-secure-sync/data:/app/data aronmarinelli/bitwarden-secure-sync```
+
 ### .NET/Console app
 It is possible to run the application outside of Docker.