Merge pull request #558 from lanedirt/557-prepare-0111-release

Bump version to 0.11.1

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Report a bug or unexpected behavior.
+title: "[BUG] "
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for AliasVault
+title: '[Feature Request] '
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+## Description
+
+Please include a summary of the changes and the related issue(s).
+- [ ] Bug fix
+- [ ] Feature enhancement
+- [ ] Documentation update
+- [ ] Other (please describe):
+
+## Related Issues
+
+Link to any issues that this PR addresses:
+Fixes #[issue-number]
+
+## Checklist
+
+- [ ] Code adheres to project standards and guidelines.
+- [ ] Documentation has been updated where applicable.
+
+## Additional Information
+
+Add any additional context, screenshots, or explanations here.

.github/workflows/docker-compose-pull.yml

@@ -20,8 +20,16 @@ jobs:
       - name: Get repository and branch information
         id: repo-info
         run: |
-          echo "REPO_FULL_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV
-          echo "BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
+          # Check if this is a PR from a fork
+          if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.fork }}" = "true" ]; then
+            # If PR is from a fork, use main branch from lanedirt/AliasVault
+            echo "REPO_FULL_NAME=lanedirt/AliasVault" >> $GITHUB_ENV
+            echo "BRANCH_NAME=main" >> $GITHUB_ENV
+          else
+            # Otherwise use the current repository and branch
+            echo "REPO_FULL_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
+          fi
 
       - name: Download install script from current branch
         run: |
@@ -34,10 +42,23 @@ jobs:
           echo "SMTP_PORT=2525" > .env
 
       - name: Set permissions and run install.sh
+        id: install_script
+        continue-on-error: true
         run: |
           chmod +x install.sh
           ./install.sh install --verbose
 
+      - name: Check if failure was due to version mismatch
+        if: steps.install_script.outcome == 'failure'
+        run: |
+          if grep -q "Install script needs updating to match version" <<< "$(./install.sh install --verbose 2>&1)"; then
+            echo "Test skipped: Install script version is newer than latest release version. This is expected behavior if the install script is run on a branch that is ahead of the latest release."
+            exit 0
+          else
+            echo "Test failed due to an unexpected error"
+            exit 1
+          fi
+
       - name: Set up Docker Compose
         run: docker compose -f docker-compose.yml up -d
 

.github/workflows/publish-docker-images.yml

@@ -21,6 +21,12 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Convert repository name to lowercase
         run: |
           echo "REPO_LOWER=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
@@ -43,6 +49,7 @@ jobs:
         with:
           context: .
           file: src/Databases/AliasServerDb/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:${{ github.ref_name }}
 
@@ -51,6 +58,7 @@ jobs:
         with:
           context: .
           file: src/AliasVault.Api/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:${{ github.ref_name }}
 
@@ -59,6 +67,7 @@ jobs:
         with:
           context: .
           file: src/AliasVault.Client/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:${{ github.ref_name }}
 
@@ -67,6 +76,7 @@ jobs:
         with:
           context: .
           file: src/AliasVault.Admin/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:${{ github.ref_name }}
 
@@ -75,6 +85,7 @@ jobs:
         with:
           context: .
           file: Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:${{ github.ref_name }}
 
@@ -83,6 +94,7 @@ jobs:
         with:
           context: .
           file: src/Services/AliasVault.SmtpService/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:${{ github.ref_name }}
 
@@ -91,6 +103,7 @@ jobs:
         with:
           context: .
           file: src/Services/AliasVault.TaskRunner/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:${{ github.ref_name }}
 
@@ -99,5 +112,6 @@ jobs:
         with:
           context: .
           file: src/Utilities/AliasVault.InstallCli/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:${{ github.ref_name }}

.github/workflows/sonarcloud-code-analysis.yml

@@ -1,10 +1,13 @@
-# This workflow will perform a SonarCloud code analysis on every push to the main branch or when a pull request is opened, synchronized, or reopened.
+# This workflow will perform a SonarCloud code analysis on every push to the main branch or
+# when a pull request is opened, synchronized, or reopened. The "pull_request_target" event is
+# used to ensure that the analysis is done on the source branch of the pull request which has
+# access to the SonarCloud token secret.
 name: SonarCloud code analysis
 on:
     push:
         branches:
             - main
-    pull_request:
+    pull_request_target:
         types: [opened, synchronize, reopened]
 jobs:
     build:
@@ -23,11 +26,13 @@ jobs:
               uses: actions/setup-java@v3
               with:
                   java-version: 17
-                  distribution: 'zulu' # Alternative distribution options are available.
+                  distribution: 'zulu'
 
-            - uses: actions/checkout@v3
+            - name: Checkout code of PR branch
+              uses: actions/checkout@v3
               with:
-                  fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+                ref: ${{ github.event.pull_request.head.sha }}
+                fetch-depth: 0
 
             - name: Cache SonarCloud packages
               uses: actions/cache@v3
@@ -57,7 +62,11 @@ jobs:
                   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
               shell: powershell
               run: |
-                  .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
+                  if ('${{ github.event_name }}' -eq 'pull_request_target') {
+                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
+                  } else {
+                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
+                  }
                   dotnet build
                   dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutput=coverage /p:CoverletOutputFormat=opencover --filter 'FullyQualifiedName!~AliasVault.E2ETests'
-                  .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+                  .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+contact@support.aliasvault.net.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

README.md

@@ -5,11 +5,11 @@
 <h1><img src="https://github.com/user-attachments/assets/933c8b45-a190-4df6-913e-b7c64ad9938b" width="40" /> AliasVault</h1>
 
 <p align="center">
-<a href="https://app.aliasvault.net">Live demo 🔥</a> • <a href="https://aliasvault.net?utm_source=gh-readme">Website 🌐</a> • <a href="https://docs.aliasvault.net?utm_source=gh-readme">Documentation 📚</a> • <a href="#installation">Installation ⚙️</a>
+<a href="https://app.aliasvault.net">Try cloud version 🔥</a> • <a href="https://aliasvault.net?utm_source=gh-readme">Website 🌐</a> • <a href="https://docs.aliasvault.net?utm_source=gh-readme">Documentation 📚</a> • <a href="#self-host">Self-host instructions ⚙️</a>
 </p>
 
 <p align="center">
-<strong>Open-source password and alias manager</strong>
+<strong>Open-source password and (email) alias manager</strong>
 </p>
 
 [<img src="https://img.shields.io/github/v/release/lanedirt/AliasVault?include_prereleases&logo=github">](https://github.com/lanedirt/AliasVault/releases)
@@ -27,7 +27,7 @@
 
 </div>
 
-AliasVault is an end-to-end encrypted password and alias manager that protects your privacy by creating alternative identities, passwords and email addresses for every website you use. The core of AliasVault is built with C# ASP.NET Blazor WASM technology. AliasVault can be self-hosted on your own server with Docker.
+AliasVault is an end-to-end encrypted password and (email) alias manager that protects your privacy by creating alternative identities, passwords and email addresses for every website you use. The core of AliasVault is built with C# ASP.NET Blazor WASM technology. AliasVault can be self-hosted on your own server with Docker.
 
 ### What makes AliasVault unique:
 - **Zero-knowledge architecture**: All data is end-to-end encrypted on the client and stored in encrypted state on the server. Your master password never leaves your device and the server never has access to your data.
@@ -37,43 +37,41 @@ AliasVault is an end-to-end encrypted password and alias manager that protects y
 
 > Note: AliasVault is currently in active development and some features may not yet have been (fully) implemented. If you run into any issues, please create an issue on GitHub.
 
-## Live demo
-A live demo of the app is available at the official website at [app.aliasvault.net](https://app.aliasvault.net) (up-to-date with `main` branch). You can create a free account to try it out yourself.
+## Official Cloud Version
+The official cloud version of AliasVault is freely available at [app.aliasvault.net](https://app.aliasvault.net). This fully supported platform is always up to date with our latest release. Create an account to protect your privacy today.
 
-<img width="700" alt="Screenshot of AliasVault" src="docs/assets/img/screenshot.png">
+[<img width="700" alt="Screenshot of AliasVault" src="docs/assets/img/screenshot.png">](https://app.aliasvault.net)
 
-## Installation
+## Self-host
 
-To install AliasVault, the easiest method is to use the provided install script. This will download the pre-built Docker images and start the containers.
+To self-host and install AliasVault on your own server, the easiest method is to use the provided install script. This will download the pre-built Docker images and start the containers.
 
-### 1. Install using install script
+### Install using install script
 
 This method uses pre-built Docker images and works on minimal hardware specifications:
 
-- Linux VM with root access (Ubuntu or RHEL based distros recommended)
+- Linux VM with root access (Ubuntu/AlmaLinux recommended) or Raspberry Pi
 - 1 vCPU
 - 1GB RAM
 - 16GB disk space
 - Docker installed
 
 ```bash
-# Download install script
-curl -o install.sh https://raw.githubusercontent.com/lanedirt/AliasVault/main/install.sh
+# Download install script from latest stable release
+curl -o install.sh https://raw.githubusercontent.com/lanedirt/AliasVault/0.11.1/install.sh
 
 # Make install script executable and run it. This will create the .env file, pull the Docker images, and start the AliasVault containers.
 chmod +x install.sh
 ./install.sh install
 ```
 
-### 2. Post-Installation
-
 The install script will output the URL where the app is available. By default this is:
 - Client: https://localhost
 - Admin portal: https://localhost/admin
 
 > Note: If you want to change the default AliasVault ports you can do so in the `.env` file.
 
-## Detailed documentation
+## Documentation
 For more detailed information about the installation process and other topics, please see the official documentation website:
 - [Documentation website (docs.aliasvault.net) 📚](https://docs.aliasvault.net)
 
@@ -92,21 +90,41 @@ For detailed information about our encryption implementation and security archit
 - [SECURITY.md](SECURITY.md)
 - [Security Architecture Diagram](https://docs.aliasvault.net/architecture)
 
+## Roadmap
+AliasVault is under active development with new features being added regularly. We believe in transparency and want to share our vision for the future of the platform. Here's what we've accomplished and what we're working on next:
 
+- [x] Core password & alias management
+- [x] End-to-end encryption
+- [x] Built-in email server for aliases
+- [x] Single-command Docker-based installation
+- [ ] Add support for connecting custom user domains to cloud hosted version (https://github.com/lanedirt/AliasVault/issues/485)
+- [ ] Add and associate TOTP MFA tokens to credentials (https://github.com/lanedirt/AliasVault/issues/181)
+- [ ] Browser extensions Chrome + Firefox (https://github.com/lanedirt/AliasVault/issues/541)
+- [ ] Import passwords from existing password managers (https://github.com/lanedirt/AliasVault/issues/542)
+
+### Future Plans
+- [ ] Mobile apps (iOS, Android)
+- [ ] Team / organization features (sharing passwords/aliases)
+- [ ] Disposable phone number service
+
+Want to suggest a feature? Join our [Discord](https://discord.gg/DsaXMTEtpF) or create an issue on GitHub.
 
 ## Tech stack / credits
 The following technologies, frameworks and libraries are used in this project:
 
 - [C#](https://docs.microsoft.com/en-us/dotnet/csharp/) - A simple, modern, object-oriented, and type-safe programming language.
-- [ASP.NET Core](https://dotnet.microsoft.com/apps/aspnet) - An open-source framework for building modern, cloud-based, internet-connected applications.
-- [Entity Framework Core](https://docs.microsoft.com/en-us/ef/core/) - A lightweight, extensible, open-source and cross-platform version of the popular Entity Framework data access technology.
+- [ASP.NET Core](https://dotnet.microsoft.com/apps/aspnet) - An open-source framework for building modern multi-platform web applications.
+- [Entity Framework Core](https://docs.microsoft.com/en-us/ef/core/) - Object-relational mapping framework for .NET.
 - [Blazor WASM](https://dotnet.microsoft.com/apps/aspnet/web-apps/blazor) - A framework for building interactive web UIs using C# instead of JavaScript. It's a single-page app framework that runs in the browser via WebAssembly.
-- [Playwright](https://playwright.dev/) - A Node.js library to automate Chromium, Firefox and WebKit with a single API. Used for end-to-end testing.
-- [Docker](https://www.docker.com/) - A platform for building, sharing, and running containerized applications.
-- [SQLite](https://www.sqlite.org/index.html) - A C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
+- [PostgreSQL](https://www.postgresql.org/) - An open-source object-relational database system used as the database for the server.
+- [Docker](https://www.docker.com/) - Used for containerizing the server and client apps.
+- [SQLite](https://www.sqlite.org/index.html) - A C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. Used as database engine for the encrypted user's vault.
 - [Tailwind CSS](https://tailwindcss.com/) - A utility-first CSS framework for rapidly building custom designs.
 - [Flowbite](https://flowbite.com/) - A free and open-source UI component library based on Tailwind CSS.
 - [Konscious.Security.Cryptography](https://github.com/kmaragon/Konscious.Security.Cryptography) - A .NET library that implements Argon2id, a memory-hard password hashing algorithm.
-- [SRP.net](https://github.com/secure-remote-password/srp.net) - SRP6a Secure Remote Password protocol for secure password authentication.
+- [SRP.net](https://github.com/secure-remote-password/srp.net) - SRP6a Secure Remote Password protocol for secure password authentication without sending plaintext passwords over the network.
+- [Playwright](https://playwright.dev/) - A Node.js library to automate Chromium, Firefox and WebKit with a single API. Used for end-to-end testing.
 - [SmtpServer](https://github.com/cosullivan/SmtpServer) - A SMTP server library for .NET that is used for the virtual email address feature.
 - [MimeKit](https://github.com/jstedfast/MimeKit) - A .NET MIME creation and parser library used for the virtual email address feature.
+- [StyleCop.Analyzers](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) - Static code analysis tool that enforces style and consistency rules for C# code.
+- [SonarQube Cloud](https://www.sonarqube.org/) - A platform for continuous code quality management.

docs/installation/advanced/manual-setup.md

@@ -37,7 +37,17 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    HOSTNAME=localhost
    ```
 
-4. **Generate and set JWT_KEY**
+4. **Set default ports**
+
+   Update the .env file with the ports you want to use for the AliasVault components. The values defined here are used by the docker-compose.yml file.
+   ```bash
+   HTTP_PORT=80
+   HTTPS_PORT=443
+   SMTP_PORT=25
+   SMTP_TLS_PORT=587
+   ```
+
+5. **Generate and set JWT_KEY**
 
    Generate a random 32-char string for JWT token generation:
    ```bash
@@ -49,7 +59,7 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    JWT_KEY=your_generated_key_here
    ```
 
-5. **Generate and set DATA_PROTECTION_CERT_PASS**
+6. **Generate and set DATA_PROTECTION_CERT_PASS**
 
    Generate a random password for the data protection certificate:
    ```bash
@@ -61,7 +71,7 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    DATA_PROTECTION_CERT_PASS=your_generated_password_here
    ```
 
-6. **Configure PostgreSQL Settings**
+7. **Configure PostgreSQL Settings**
 
    Set the following PostgreSQL-related variables in your .env file:
    ```bash
@@ -75,7 +85,7 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    POSTGRES_PASSWORD=$(openssl rand -base64 32)
    ```
 
-7. **Set PRIVATE_EMAIL_DOMAINS**
+8. **Set PRIVATE_EMAIL_DOMAINS**
 
    Update the .env file with allowed email domains. Use DISABLED.TLD to disable email support:
    ```bash
@@ -86,14 +96,14 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    PRIVATE_EMAIL_DOMAINS=DISABLED.TLD
    ```
 
-8. **Set SUPPORT_EMAIL (Optional)**
+9. **Set SUPPORT_EMAIL (Optional)**
 
    Add a support email address if desired:
    ```bash
    SUPPORT_EMAIL=support@yourdomain.com
    ```
 
-9. **Generate admin password**
+10. **Generate admin password**
 
    Build the Docker image for password hashing:
    ```bash
@@ -111,19 +121,25 @@ If you prefer to manually set up AliasVault, this README provides step-by-step i
    ADMIN_PASSWORD_GENERATED=2024-01-01T00:00:00Z
    ```
 
-10. **Build and start Docker containers**
+11. **Optional configuration**
+   Enable or disable public registration of new users:
+   ```bash
+   PUBLIC_REGISTRATION_ENABLED=false
+   ```
+
+12. **Build and start Docker containers**
 
     Build the Docker Compose stack:
     ```bash
-    docker compose build
+    docker compose -f docker-compose.yml -f docker-compose.build.yml build
     ```
 
     Start the Docker Compose stack:
     ```bash
-    docker compose up -d
+    docker compose -f docker-compose.yml -f docker-compose.build.yml up -d
     ```
 
-11. **Access AliasVault**
+13. **Access AliasVault**
 
     AliasVault should now be running. You can access it at:
 

docs/misc/release/create-new-release.md

@@ -13,6 +13,7 @@ Follow the steps in the checklist below to prepare a new release.
 ## Versioning
 - [ ] Update ./src/Shared/AliasVault.Shared.Core/AppInfo.cs and update major/minor/patch to the new version. This version will be shown in the client and admin app footer.
 - [ ] Update ./install.sh `@version` in header if the install script has changed. This allows the install script to self-update when running the `./install.sh update` command on default installations.
+- [ ] Update README.md install.sh download link to point to the new release version
 
 ## Docker Images
 If docker containers have been added or removed:

install.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# @version 0.10.1
+# @version 0.11.1
 
 # Repository information used for downloading files and images from GitHub
 REPO_OWNER="lanedirt"
@@ -41,6 +41,7 @@ show_usage() {
     printf "  uninstall                 Uninstall AliasVault\n"
     printf "  update                    Update AliasVault to the latest version\n"
     printf "  update-installer          Check and update install.sh script if newer version available\n"
+    printf "  configure-hostname        Configure the hostname where AliasVault can be accessed from\n"
     printf "  configure-ssl             Configure SSL certificates (Let's Encrypt or self-signed)\n"
     printf "  configure-email           Configure email domains for receiving emails\n"
     printf "  configure-registration    Configure new account registration (enable or disable)\n"
@@ -116,6 +117,10 @@ parse_args() {
             COMMAND="reset-password"
             shift
             ;;
+        configure-hostname|hostname)
+            COMMAND="configure-hostname"
+            shift
+            ;;
         configure-ssl|ssl)
             COMMAND="configure-ssl"
             shift
@@ -246,6 +251,9 @@ main() {
         "configure-registration")
             handle_registration_configuration
             ;;
+        "configure-hostname")
+            handle_hostname_configuration
+            ;;
         "start")
             handle_start
             ;;
@@ -406,13 +414,17 @@ create_env_file() {
     fi
 }
 
-# Environment setup functions
 populate_hostname() {
-    printf "${CYAN}> Checking HOSTNAME...${NC}\n"
     if ! grep -q "^HOSTNAME=" "$ENV_FILE" || [ -z "$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
-        DEFAULT_HOSTNAME="localhost"
-        read -p "Enter the hostname where AliasVault will be hosted (press Enter for default: $DEFAULT_HOSTNAME): " USER_HOSTNAME
-        HOSTNAME=${USER_HOSTNAME:-$DEFAULT_HOSTNAME}
+        while true; do
+            read -p "Enter the (public) hostname where this AliasVault instance can be accessed from (e.g. aliasvault.net): " USER_HOSTNAME
+            if [ -n "$USER_HOSTNAME" ]; then
+                HOSTNAME="$USER_HOSTNAME"
+                break
+            else
+                printf "${YELLOW}> Hostname cannot be empty. Please enter a valid hostname.${NC}\n"
+            fi
+        done
         update_env_var "HOSTNAME" "$HOSTNAME"
     else
         HOSTNAME=$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)
@@ -420,6 +432,7 @@ populate_hostname() {
     fi
 }
 
+# Environment setup functions
 populate_jwt_key() {
     printf "${CYAN}> Checking JWT_KEY...${NC}\n"
     if ! grep -q "^JWT_KEY=" "$ENV_FILE" || [ -z "$(grep "^JWT_KEY=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
@@ -490,7 +503,7 @@ set_smtp_tls_enabled() {
 set_support_email() {
     printf "${CYAN}> Checking SUPPORT_EMAIL...${NC}\n"
     if ! grep -q "^SUPPORT_EMAIL=" "$ENV_FILE"; then
-        read -p "Enter support email address (optional, press Enter to skip): " SUPPORT_EMAIL
+        read -p "Enter server admin support email address that is shown on contact page (optional, press Enter to skip): " SUPPORT_EMAIL
         update_env_var "SUPPORT_EMAIL" "$SUPPORT_EMAIL"
     else
         printf "  ${GREEN}> SUPPORT_EMAIL already exists.${NC}\n"
@@ -511,8 +524,9 @@ generate_admin_password() {
     printf "${CYAN}> Generating admin password...${NC}\n"
     PASSWORD=$(openssl rand -base64 12)
 
-    if ! docker pull ${GITHUB_CONTAINER_REGISTRY}-installcli:latest > /dev/null 2>&1; then
-        printf "${YELLOW}> Pre-built image not found, building locally...${NC}"
+    # Build locally if in build mode or if pre-built image is not available
+    if grep -q "^DEPLOYMENT_MODE=build" "$ENV_FILE" 2>/dev/null || ! docker pull ${GITHUB_CONTAINER_REGISTRY}-installcli:latest > /dev/null 2>&1; then
+        printf "${CYAN}> Building InstallCli locally...${NC}"
         if [ "$VERBOSE" = true ]; then
             docker build -t installcli -f src/Utilities/AliasVault.InstallCli/Dockerfile .
         else
@@ -533,23 +547,18 @@ generate_admin_password() {
             )
         fi
         HASH=$(docker run --rm installcli hash-password "$PASSWORD")
-        if [ -z "$HASH" ]; then
-            printf "${RED}> Error: Failed to generate password hash${NC}\n"
-            exit 1
-        fi
     else
         HASH=$(docker run --rm ${GITHUB_CONTAINER_REGISTRY}-installcli:latest hash-password "$PASSWORD")
-        if [ -z "$HASH" ]; then
-            printf "${RED}> Error: Failed to generate password hash${NC}\n"
-            exit 1
-        fi
     fi
 
-    if [ -n "$HASH" ]; then
-        update_env_var "ADMIN_PASSWORD_HASH" "$HASH"
-        update_env_var "ADMIN_PASSWORD_GENERATED" "$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
-        printf "  ==> New admin password: $PASSWORD\n"
+    if [ -z "$HASH" ]; then
+        printf "${RED}> Error: Failed to generate password hash${NC}\n"
+        exit 1
     fi
+
+    update_env_var "ADMIN_PASSWORD_HASH" "$HASH"
+    update_env_var "ADMIN_PASSWORD_GENERATED" "$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+    printf "  ==> New admin password: $PASSWORD\n"
 }
 
 # Function to set default ports
@@ -617,13 +626,13 @@ print_success_message() {
     printf "${CYAN}To configure the server, login to the admin panel:${NC}\n"
     printf "\n"
     if [ -n "$PASSWORD" ]; then
-        printf "Admin Panel: https://${HOSTNAME}/admin\n"
+        printf "Admin Panel: https://localhost/admin\n"
         printf "Username: admin\n"
         printf "Password: $PASSWORD\n"
         printf "\n"
         printf "${YELLOW}(!) Caution: Make sure to backup the above credentials in a safe place, they won't be shown again!${NC}\n"
     else
-        printf "Admin Panel: https://${HOSTNAME}/admin\n"
+        printf "Admin Panel: https://localhost/admin\n"
         printf "Username: admin\n"
         printf "Password: (Previously set. Use ./install.sh reset-password to generate new one.)\n"
     fi
@@ -632,7 +641,7 @@ print_success_message() {
     printf "\n"
     printf "${CYAN}In order to start using AliasVault, log into the client website:${NC}\n"
     printf "\n"
-    printf "Client Website: https://${HOSTNAME}/\n"
+    printf "Client Website: https://localhost/\n"
     printf "\n"
     printf "${MAGENTA}=========================================================${NC}\n"
 }
@@ -812,7 +821,6 @@ handle_build() {
 
     # Initialize environment with proper error handling
     create_env_file || { printf "${RED}> Failed to create .env file${NC}\n"; exit 1; }
-    populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
     set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
     populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
     populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
@@ -951,6 +959,8 @@ handle_ssl_configuration() {
         exit 1
     fi
 
+    populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
+
     # Get the current hostname and SSL config from .env
     CURRENT_HOSTNAME=$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)
     LETSENCRYPT_ENABLED=$(grep "^LETSENCRYPT_ENABLED=" "$ENV_FILE" | cut -d '=' -f2)
@@ -974,7 +984,7 @@ handle_ssl_configuration() {
         printf "Currently using: ${YELLOW}Self-signed certificates${NC}\n"
     fi
 
-    printf "Current hostname: ${CYAN}${CURRENT_HOSTNAME}${NC}\n"
+    printf "Current hostname: ${CYAN}${CURRENT_HOSTNAME}${NC} (To change this, run: ./install.sh configure-hostname)\n"
     printf "\n"
     printf "SSL Options:\n"
     printf "1) Activate and/or request new Let's Encrypt certificate (recommended for production)\n"
@@ -1530,7 +1540,6 @@ handle_install_version() {
 
     # Initialize environment
     create_env_file || { printf "${RED}> Failed to create .env file${NC}\n"; exit 1; }
-    populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
     set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
     populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
     populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
@@ -1755,7 +1764,7 @@ handle_migrate_db() {
     printf "${CYAN}> Stopping services to ensure database is not in use...${NC}\n"
     docker compose stop api admin task-runner smtp
 
-    if ! docker pull ${GITHUB_CONTAINER_REGISTRY}-installcli:0.10.0 > /dev/null 2>&1; then
+    if ! docker pull ${GITHUB_CONTAINER_REGISTRY}-installcli:0.10.3 > /dev/null 2>&1; then
         printf "${YELLOW}> Pre-built image not found, building locally...${NC}"
         if [ "$VERBOSE" = true ]; then
             docker build -t installcli -f src/Utilities/AliasVault.InstallCli/Dockerfile .
@@ -1991,4 +2000,38 @@ handle_db_import() {
     fi
 }
 
+# Function to handle hostname configuration
+handle_hostname_configuration() {
+    printf "${YELLOW}+++ Hostname Configuration +++${NC}\n"
+    printf "\n"
+
+    # Check if AliasVault is installed
+    if [ ! -f "docker-compose.yml" ]; then
+        printf "${RED}Error: AliasVault must be installed first.${NC}\n"
+        exit 1
+    fi
+
+    # Get current hostname
+    CURRENT_HOSTNAME=$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)
+    printf "${CYAN}Removing current hostname ${CURRENT_HOSTNAME}${NC}...\n"
+    printf "\n"
+
+    # Force hostname to be empty so populate_hostname will ask for a new one
+    sed -i.bak "/^HOSTNAME=/d" "$ENV_FILE" && rm -f "$ENV_FILE.bak"
+
+    # Reuse existing hostname population logic
+    populate_hostname
+
+    if [ $? -eq 0 ]; then
+        printf "New hostname: ${CYAN}${HOSTNAME}${NC}\n"
+        printf "\n"
+        printf "${MAGENTA}=========================================================${NC}\n"
+    else
+        printf "${RED}> Failed to update hostname. Please try again.${NC}\n"
+        printf "\n"
+        printf "${MAGENTA}=========================================================${NC}\n"
+        exit 1
+    fi
+}
+
 main "$@"

src/AliasVault.Admin/AliasVault.Admin.csproj

@@ -21,7 +21,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="9.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="9.0.1" />
         <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.0">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

src/AliasVault.Admin/Dockerfile

@@ -2,15 +2,19 @@
 WORKDIR /app
 EXPOSE 3002
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["src/AliasVault.Admin/AliasVault.Admin.csproj", "src/AliasVault.Admin/"]
-RUN dotnet restore "src/AliasVault.Admin/AliasVault.Admin.csproj"
+RUN dotnet restore "src/AliasVault.Admin/AliasVault.Admin.csproj" -a "$TARGETARCH"
 COPY . .
 
 WORKDIR "/src/src/AliasVault.Admin"
-RUN dotnet publish "AliasVault.Admin.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+RUN dotnet publish "AliasVault.Admin.csproj" -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
+    -o /app/publish \
+    /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app

src/AliasVault.Admin/Main/Layout/TopMenu.razor

@@ -3,7 +3,7 @@
 
 <header>
     <nav class="fixed z-30 w-full border-b border-gray-200 dark:bg-gray-800 dark:border-gray-700 py-3 px-4 bg-primary-100">
-        <div class="flex justify-between items-center max-w-screen-2xl mx-auto">
+        <div class="flex justify-between items-center max-w-screen-2xl mx-auto relative">
             <div class="flex justify-start items-center">
                 <a href="@NavigationService.BaseUri" class="flex mr-14 flex-shrink-0">
                     <img src="/img/logo.svg" class="mr-3 h-8" alt="AliasVault Logo">
@@ -54,7 +54,7 @@
 
                 @if (isMenuOpen)
                 {
-                    <div class="absolute top-10 right-0 z-50 my-4 w-56 text-base list-none bg-white rounded divide-y divide-gray-100 shadow dark:bg-gray-700 dark:divide-gray-600" id="userMenuDropdown" data-popper-placement="bottom">
+                    <div class="absolute top-[38px] right-0 z-50 my-4 w-56 text-base list-none bg-white rounded-b-lg divide-y divide-gray-100 shadow dark:bg-gray-700 dark:divide-gray-600" id="userMenuDropdown" data-popper-placement="bottom">
                         <div class="py-3 px-4">
                             <span class="block text-sm font-semibold text-gray-900 dark:text-white">@_username</span>
                         </div>

src/AliasVault.Admin/wwwroot/css/tailwind.css

@@ -602,6 +602,10 @@ video {
   top: 2.5rem;
 }
 
+.top-\[38px\] {
+  top: 38px;
+}
+
 .z-10 {
   z-index: 10;
 }
@@ -1091,6 +1095,11 @@ video {
   border-bottom-right-radius: 0.5rem;
 }
 
+.rounded-b-lg {
+  border-bottom-right-radius: 0.5rem;
+  border-bottom-left-radius: 0.5rem;
+}
+
 .border {
   border-width: 1px;
 }

src/AliasVault.Api/AliasVault.Api.csproj

@@ -22,9 +22,9 @@
     <ItemGroup>
         <PackageReference Include="Asp.Versioning.Mvc" Version="8.1.0" />
         <PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="8.1.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.0" />
-        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.3.0" />
-        <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.1" />
+        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.3.1" />
+        <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.1" />
         <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -34,6 +34,7 @@
 
     <ItemGroup>
       <ProjectReference Include="..\Databases\AliasServerDb\AliasServerDb.csproj" />
+      <ProjectReference Include="..\Generators\AliasVault.Generators.Identity\AliasVault.Generators.Identity.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.Shared\AliasVault.Shared.csproj" />
       <ProjectReference Include="..\Utilities\AliasVault.Auth\AliasVault.Auth.csproj" />

src/AliasVault.Api/Controllers/Email/EmailBoxController.cs

@@ -105,10 +105,10 @@ public class EmailBoxController(IAliasServerDbContextFactory dbContextFactory, U
     }
 
     /// <summary>
-    /// Returns a list of emails for the provided email address.
+    /// Returns a list of emails for the provided list of email addresses.
     /// </summary>
     /// <param name="model">The request model extracted from POST body.</param>
-    /// <returns>List of aliases in JSON format.</returns>
+    /// <returns>List of emails in JSON format.</returns>
     [HttpPost(template: "bulk", Name = "GetEmailBoxBulk")]
     public async Task<IActionResult> GetEmailBoxBulk([FromBody] MailboxBulkRequest model)
     {
@@ -154,6 +154,7 @@ public class EmailBoxController(IAliasServerDbContextFactory dbContextFactory, U
                 MessagePreview = x.MessagePreview ?? string.Empty,
                 EncryptedSymmetricKey = x.EncryptedSymmetricKey,
                 EncryptionKey = x.EncryptionKey.PublicKey,
+                HasAttachments = x.Attachments.Any(),
             })
             .OrderByDescending(x => x.DateSystem)
             .Skip((model.Page - 1) * model.PageSize)

src/AliasVault.Api/Controllers/Email/EmailController.cs

@@ -25,7 +25,7 @@ using Microsoft.EntityFrameworkCore;
 public class EmailController(ILogger<VaultController> logger, IAliasServerDbContextFactory dbContextFactory, UserManager<AliasVaultUser> userManager) : AuthenticatedRequestController(userManager)
 {
     /// <summary>
-    /// Get the newest version of the vault for the current user.
+    /// Get the email with the specified ID.
     /// </summary>
     /// <param name="id">The email ID to open.</param>
     /// <returns>List of aliases in JSON format.</returns>
@@ -105,6 +105,36 @@ public class EmailController(ILogger<VaultController> logger, IAliasServerDbCont
         }
     }
 
+    /// <summary>
+    /// Get the attachment bytes for the specified email and attachment ID.
+    /// </summary>
+    /// <param name="id">The email ID.</param>
+    /// <param name="attachmentId">The attachment ID.</param>
+    /// <returns>Attachment bytes in encrypted form.</returns>
+    [HttpGet(template: "{id}/attachments/{attachmentId}", Name = "GetEmailAttachment")]
+    public async Task<IActionResult> GetEmailAttachment(int id, int attachmentId)
+    {
+        await using var context = await dbContextFactory.CreateDbContextAsync();
+
+        var (email, errorResult) = await AuthenticateAndRetrieveEmailAsync(id, context);
+        if (errorResult != null)
+        {
+            return errorResult;
+        }
+
+        // Find the requested attachment
+        var attachment = await context.EmailAttachments
+            .FirstOrDefaultAsync(x => x.Id == attachmentId && x.EmailId == email!.Id);
+
+        if (attachment == null)
+        {
+            return NotFound("Attachment not found.");
+        }
+
+        // Return the encrypted bytes
+        return File(attachment.Bytes, attachment.MimeType, attachment.Filename);
+    }
+
     /// <summary>
     /// Authenticates the user and retrieves the requested email.
     /// </summary>

src/AliasVault.Api/Controllers/IdentityController.cs

@@ -0,0 +1,58 @@
+//-----------------------------------------------------------------------
+// <copyright file="IdentityController.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasVault.Api.Controllers;
+
+using AliasServerDb;
+using AliasVault.Api.Controllers.Abstracts;
+using AliasVault.Api.Helpers;
+using Asp.Versioning;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+/// <summary>
+/// Controller for generating identities taking into account existing information on the AliasVault server.
+/// </summary>
+/// <param name="userManager">UserManager instance.</param>
+/// <param name="dbContextFactory">DbContextFactory instance.</param>
+[ApiVersion("1")]
+public class IdentityController(UserManager<AliasVaultUser> userManager, IAliasServerDbContextFactory dbContextFactory) : AuthenticatedRequestController(userManager)
+{
+    /// <summary>
+    /// Verify that provided email address is not already taken by another user.
+    /// </summary>
+    /// <param name="email">The full email address to check.</param>
+    /// <returns>True if the email address is already taken, false otherwise.</returns>
+    [HttpPost("CheckEmail/{email}")]
+    public async Task<IActionResult> CheckEmail(string email)
+    {
+        var user = await GetCurrentUserAsync();
+        if (user == null)
+        {
+            return Unauthorized();
+        }
+
+        bool isTaken = await EmailClaimExistsAsync(email);
+        return Ok(new { isTaken });
+    }
+
+    /// <summary>
+    /// Verify that provided email address is not already taken by another user.
+    /// </summary>
+    /// <param name="email">The email address to check.</param>
+    /// <returns>True if the email address is already taken, false otherwise.</returns>
+    private async Task<bool> EmailClaimExistsAsync(string email)
+    {
+        await using var context = await dbContextFactory.CreateDbContextAsync();
+
+        var sanitizedEmail = EmailHelper.SanitizeEmail(email);
+        var claimExists = await context.UserEmailClaims.FirstOrDefaultAsync(c => c.Address == sanitizedEmail);
+
+        return claimExists != null;
+    }
+}

src/AliasVault.Api/Controllers/VaultController.cs

@@ -240,7 +240,7 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
         // Update user email claims if email addresses have been supplied.
         if (model.EmailAddressList.Count > 0)
         {
-            await UpdateUserEmailClaims(context, user.Id, model.EmailAddressList);
+            await UpdateUserEmailClaims(context, user, model.EmailAddressList);
         }
 
         // Sync user public key if supplied.
@@ -371,14 +371,14 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
     /// Updates the user's email claims based on the provided email address list.
     /// </summary>
     /// <param name="context">The database context.</param>
-    /// <param name="userId">The ID of the user.</param>
+    /// <param name="user">The user object.</param>
     /// <param name="newEmailAddresses">The list of new email addresses to claim.</param>
     /// <returns>A task representing the asynchronous operation.</returns>
-    private async Task UpdateUserEmailClaims(AliasServerDbContext context, string userId, List<string> newEmailAddresses)
+    private async Task UpdateUserEmailClaims(AliasServerDbContext context, AliasVaultUser user, List<string> newEmailAddresses)
     {
         // Get all existing user email claims.
         var existingEmailClaims = await context.UserEmailClaims
-            .Where(x => x.UserId == userId)
+            .Where(x => x.UserId == user.Id)
             .Select(x => x.Address)
             .ToListAsync();
 
@@ -386,7 +386,7 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
         foreach (var email in newEmailAddresses)
         {
             // Sanitize email address.
-            var sanitizedEmail = email.Trim().ToLower();
+            var sanitizedEmail = EmailHelper.SanitizeEmail(email);
 
             // If email address is invalid according to the EmailAddressAttribute, skip it.
             if (!new EmailAddressAttribute().IsValid(sanitizedEmail))
@@ -398,10 +398,10 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
             var existingClaim = await context.UserEmailClaims
                 .FirstOrDefaultAsync(x => x.Address == sanitizedEmail);
 
-            if (existingClaim != null && existingClaim.UserId != userId)
+            if (existingClaim != null && existingClaim.UserId != user.Id)
             {
                 // Email address is already claimed by another user. Log the error and continue.
-                logger.LogWarning("{User} tried to claim email address: {Email} but it is already claimed by another user.", userId, sanitizedEmail);
+                logger.LogWarning("{User} tried to claim email address: {Email} but it is already claimed by another user.", user.UserName, sanitizedEmail);
                 continue;
             }
 
@@ -411,7 +411,7 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
                 {
                     context.UserEmailClaims.Add(new UserEmailClaim
                     {
-                        UserId = userId,
+                        UserId = user.Id,
                         Address = sanitizedEmail,
                         AddressLocal = sanitizedEmail.Split('@')[0],
                         AddressDomain = sanitizedEmail.Split('@')[1],
@@ -422,7 +422,7 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
                 catch (DbUpdateException ex)
                 {
                     // Error while adding email claim. Log the error and continue.
-                    logger.LogWarning(ex, "Error while adding UserEmailClaim with email: {Email} for user: {UserId}.", sanitizedEmail, userId);
+                    logger.LogWarning(ex, "Error while adding UserEmailClaim with email: {Email} for user: {UserId}.", sanitizedEmail, user.UserName);
                 }
             }
         }

src/AliasVault.Api/Dockerfile

@@ -1,19 +1,22 @@
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
-WORKDIR /app
-EXPOSE 3001
-
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
-
 WORKDIR /src
+
+# Copy the project files and restore dependencies
 COPY ["src/AliasVault.Api/AliasVault.Api.csproj", "src/AliasVault.Api/"]
-RUN dotnet restore "src/AliasVault.Api/AliasVault.Api.csproj"
+RUN dotnet restore "src/AliasVault.Api/AliasVault.Api.csproj" -a "$TARGETARCH"
 COPY . .
 
+# Build and publish
 WORKDIR "/src/src/AliasVault.Api"
-RUN dotnet publish "AliasVault.Api.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+RUN dotnet publish "AliasVault.Api.csproj" -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
+    -o /app/publish \
+    /p:UseAppHost=false
 
-FROM base AS final
+# Final stage
+FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
 WORKDIR /app
 COPY --from=build /app/publish .
 

src/AliasVault.Api/Helpers/EmailHelper.cs

@@ -0,0 +1,24 @@
+//-----------------------------------------------------------------------
+// <copyright file="EmailHelper.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasVault.Api.Helpers;
+
+/// <summary>
+/// EmailHelper class which contains helper methods for email.
+/// </summary>
+public static class EmailHelper
+{
+    /// <summary>
+    /// Sanitize email address by trimming and converting to lowercase.
+    /// </summary>
+    /// <param name="email">Email address to sanitize.</param>
+    /// <returns>Sanitized email address.</returns>
+    public static string SanitizeEmail(string email)
+    {
+        return email.Trim().ToLower();
+    }
+}

src/AliasVault.Client/AliasVault.Client.csproj

@@ -49,10 +49,10 @@
 
     <ItemGroup>
         <PackageReference Include="Blazored.LocalStorage" Version="4.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.1" />
         <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="9.0.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="9.0.0" PrivateAssets="all" />
+        <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="9.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="9.0.1" PrivateAssets="all" />
         <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
         <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
           <PrivateAssets>all</PrivateAssets>

src/AliasVault.Client/Dockerfile

@@ -1,7 +1,8 @@
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
 WORKDIR /app
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
 ENV DOTNET_CLI_TELEMETRY_OPTOUT=1
 ENV MSBUILDDEBUGPATH=/src/msbuild-logs
@@ -12,26 +13,29 @@ RUN mkdir -p /src/msbuild-logs
 
 # Install Python which is required by the WebAssembly tools
 RUN apt-get update && apt-get install -y python3 && apt-get clean
-# Create the debug directory and install Python which is required by the WebAssembly tools
-RUN mkdir -p /src/msbuild-logs && apt-get update && apt-get install -y python3 && apt-get clean
 
 # Install the WebAssembly tools
 RUN dotnet workload install wasm-tools
 
 # Copy the project files and restore dependencies
 COPY ["src/AliasVault.Client/AliasVault.Client.csproj", "src/AliasVault.Client/"]
-RUN dotnet restore "src/AliasVault.Client/AliasVault.Client.csproj"
+RUN dotnet restore "src/AliasVault.Client/AliasVault.Client.csproj" -a "$TARGETARCH"
 COPY . .
 
 # Build the Client project
 WORKDIR "/src/src/AliasVault.Client"
-RUN dotnet build "AliasVault.Client.csproj" -c "$BUILD_CONFIGURATION" -o /app/build
+RUN dotnet build "AliasVault.Client.csproj" \
+    -c "$BUILD_CONFIGURATION" \
+    -o /app/build \
+    -a "$TARGETARCH"
 
 # Publish the Client project
 FROM build AS publish
 ARG BUILD_CONFIGURATION=Release
+ARG TARGETARCH
 RUN dotnet publish "AliasVault.Client.csproj" \
     -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
     --no-restore \
     -o /app/publish \
     /p:UseAppHost=false \

src/AliasVault.Client/Main/Components/Email/EmailModal.razor

@@ -3,42 +3,72 @@
 @inject JsInteropService JsInteropService
 @inject GlobalNotificationService GlobalNotificationService
 @inject IHttpClientFactory HttpClientFactory
+@inject EmailService EmailService
 @inject HttpClient HttpClient
 
 <ClickOutsideHandler OnClose="OnClose" ContentId="emailModal">
     <div class="fixed inset-0 z-50 overflow-auto bg-gray-500 bg-opacity-75 flex items-center justify-center">
-        <div id="emailModal" class="relative p-8 bg-white w-3/4 flex-col flex rounded-lg shadow-xl">
-            <div class="flex items-center justify-between">
-                <h2 class="text-2xl font-bold text-gray-900">
-                    @if (IsSpamOk)
-                    {
-                        <a target="_blank" href="https://spamok.com/@(Email!.ToLocal)/@(Email!.Id)">@Email.Subject</a>
-                    }
-                    else
-                    {
-                        <span>@Email?.Subject</span>
-                    }
-                </h2>
-                <button @onclick="Close" class="text-gray-400 hover:text-gray-500">
-                    <svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/>
-                    </svg>
-                </button>
-            </div>
-            <div class="mt-4">
-                <p class="text-sm text-gray-500 dark:text-gray-400">From: @(Email?.FromLocal)@@@(Email?.FromDomain)</p>
-                <p class="text-sm text-gray-500 dark:text-gray-400">To: @(Email?.ToLocal)@@@(Email?.ToDomain)</p>
-                <p class="text-sm text-gray-500 dark:text-gray-400">Date: @Email?.DateSystem</p>
-            </div>
-            <div class="mt-4 text-gray-700 dark:text-gray-300">
-                <div>
-                    <iframe class="w-full overscroll-y-auto" style="height:500px;" srcdoc="@EmailBody">
-                    </iframe>
+        <div id="emailModal" class="relative bg-white w-3/4 flex flex-col rounded-lg shadow-xl max-h-[90vh]">
+            <!-- Header -->
+            <div class="p-4 border-b">
+                <div class="flex items-center justify-between">
+                    <h2 class="text-2xl font-bold text-gray-900">
+                        @if (IsSpamOk)
+                        {
+                            <a target="_blank" href="https://spamok.com/@(Email!.ToLocal)/@(Email!.Id)">@Email.Subject</a>
+                        }
+                        else
+                        {
+                            <span>@Email?.Subject</span>
+                        }
+                    </h2>
+                    <button @onclick="Close" class="text-gray-400 hover:text-gray-500">
+                        <svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/>
+                        </svg>
+                    </button>
+                </div>
+                <div class="mt-2">
+                    <p class="text-sm text-gray-500 dark:text-gray-400">From: @(Email?.FromLocal)@@@(Email?.FromDomain)</p>
+                    <p class="text-sm text-gray-500 dark:text-gray-400">To: @(Email?.ToLocal)@@@(Email?.ToDomain)</p>
+                    <p class="text-sm text-gray-500 dark:text-gray-400">Date: @Email?.DateSystem</p>
                 </div>
             </div>
-            <div class="mt-6 flex justify-end space-x-4">
-                <button id="delete-email" @onclick="DeleteEmail" class="px-4 py-2 bg-red-500 text-white rounded hover:bg-red-600">Delete</button>
-                <button id="close-email-modal" @onclick="Close" class="px-4 py-2 bg-blue-500 text-white rounded hover:bg-blue-600">Close</button>
+
+            <!-- Scrollable Content -->
+            <div class="flex-1 overflow-y-auto p-4">
+                <div class="text-gray-700 dark:text-gray-300">
+                    <div>
+                        <iframe class="w-full overscroll-y-auto" style="height:500px;" srcdoc="@EmailBody">
+                        </iframe>
+                    </div>
+                </div>
+                <div class="mt-4">
+                    @if (Email?.Attachments?.Any() == true)
+                    {
+                        <div class="border-t border-gray-200 dark:border-gray-600 pt-4">
+                            <h3 class="text-sm font-medium text-gray-500 dark:text-gray-400 mb-2">Attachments:</h3>
+                            <div class="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 gap-4">
+                                @foreach (var attachment in Email.Attachments)
+                                {
+                                    <div class="flex items-center space-x-2">
+                                        <svg class="w-4 h-4 text-gray-500 dark:text-gray-400 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15.172 7l-6.586 6.586a2 2 0 102.828 2.828l6.414-6.586a4 4 0 00-5.656-5.656l-6.415 6.585a6 6 0 108.486 8.486L20.5 13"></path>
+                                        </svg>
+                                        <button @onclick="() => DownloadAttachment(attachment)"
+                                                class="text-primary hover:underline text-sm truncate attachment-link">
+                                            (@(Math.Ceiling((double)attachment.Filesize / 1024)) KB) @attachment.Filename
+                                        </button>
+                                    </div>
+                                }
+                            </div>
+                        </div>
+                    }
+                </div>
+                <div class="mt-6 flex justify-end space-x-4">
+                    <button id="delete-email" @onclick="DeleteEmail" class="px-4 py-2 bg-red-500 text-white rounded hover:bg-red-600">Delete</button>
+                    <button id="close-email-modal" @onclick="Close" class="px-4 py-2 bg-blue-500 text-white rounded hover:bg-blue-600">Close</button>
+                </div>
             </div>
         </div>
     </div>
@@ -192,4 +222,56 @@
             }
         }
     }
+
+    /// <summary>
+    /// Download an attachment.
+    /// </summary>
+    private async Task DownloadAttachment(AttachmentApiModel attachment)
+    {
+        try
+        {
+            if (IsSpamOk)
+            {
+                var client = HttpClientFactory.CreateClient("EmailClient");
+                var response = await client.GetAsync($"https://api.spamok.com/v2/Attachment/{Email!.Id}/{attachment.Id}/download");
+
+                if (response.IsSuccessStatusCode)
+                {
+                    var bytes = await response.Content.ReadAsByteArrayAsync();
+                    await JsInteropService.DownloadFileFromStream(attachment.Filename, bytes);
+                }
+                else
+                {
+                    GlobalNotificationService.AddErrorMessage("Failed to download attachment", true);
+                }
+            }
+            else
+            {
+                var response = await HttpClient.GetAsync($"v1/Email/{Email!.Id}/attachments/{attachment.Id}");
+
+                if (response.IsSuccessStatusCode)
+                {
+                    // Get attachment bytes from API.
+                    var bytes = await response.Content.ReadAsByteArrayAsync();
+
+                    // Decrypt the attachment locally with email's encryption key.
+                    var decryptedBytes = await EmailService.DecryptEmailAttachment(Email, bytes);
+
+                    // Offer the decrypted attachment as download to the user's browser.
+                    if (decryptedBytes != null)
+                    {
+                        await JsInteropService.DownloadFileFromStream(attachment.Filename, decryptedBytes);
+                    }
+                }
+                else
+                {
+                    GlobalNotificationService.AddErrorMessage("Failed to download attachment", true);
+                }
+            }
+        }
+        catch (Exception ex)
+        {
+            GlobalNotificationService.AddErrorMessage($"Error downloading attachment: {ex.Message}", true);
+        }
+    }
 }

src/AliasVault.Client/Main/Components/Email/RecentEmails.razor

@@ -61,7 +61,7 @@
                                             Subject
                                         </th>
                                         <th scope="col" class="p-4 text-xs font-medium tracking-wider text-left text-gray-500 uppercase dark:text-white">
-                                            Date &amp; Time
+                                            Date
                                         </th>
                                     </tr>
                                 </thead>

src/AliasVault.Client/Main/Layout/Footer.razor

@@ -2,7 +2,7 @@
 @using AliasVault.Shared.Core
 @implements IDisposable
 
-<footer class="relative lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "")">
+<footer class="relative -z-10 lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "")">
     <div class="container mx-auto px-4 py-4">
         <div class="flex flex-col lg:flex-row justify-between items-center">
             <p class="text-sm text-center text-gray-500 mb-4 lg:mb-0">

src/AliasVault.Client/Main/Layout/MainLayout.razor

@@ -8,8 +8,8 @@
             <ConfirmModal />
             <FullScreenLoadingIndicator @ref="LoadingIndicator" />
             <TopMenu />
-            <div class="flex pt-16 mb-4 lg:mb-16 overflow-hidden bg-gray-100 dark:bg-gray-900 relative z-20">
-                <div id="main-content" class="relative z-10 w-full max-w-screen-2xl mx-auto h-full overflow-y-auto bg-gray-100 dark:bg-gray-900">
+            <div class="flex pt-16 mb-4 lg:mb-16 overflow-hidden bg-gray-100 dark:bg-gray-900 relative">
+                <div id="main-content" class="relative w-full max-w-screen-2xl mx-auto h-full overflow-y-auto bg-gray-100 dark:bg-gray-900">
                     <main>
                         <GlobalNotificationDisplay />
                         @Body

src/AliasVault.Client/Main/Layout/TopMenu.razor

@@ -3,8 +3,8 @@
 
 <header>
     <nav class="fixed z-30 w-full bg-white border-b border-gray-200 dark:bg-gray-800 dark:border-gray-700 py-3 px-4">
-        <div class="flex justify-between items-center max-w-screen-2xl mx-auto">
-            <div class="flex flex-shrink-0 justify-start items-center">
+        <div class="flex justify-between items-center max-w-screen-2xl mx-auto relative">
+            <div class="flex flex-shrink-0 justify-start items-center relative">
                 <a href="/" class="flex mr-0 sm:mr-4 lg:mr-8">
                     <img src="/img/icon-nopadding.png" class="mr-3 h-8 w-10" alt="AliasVault Logo">
                     <span class="self-center hidden sm:flex text-2xl font-semibold content-start align-top whitespace-nowrap dark:text-white">
@@ -39,52 +39,54 @@
                     <svg class="w-6 h-6" aria-hidden="true" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M3 5a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1zM3 10a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1zM3 15a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1z" clip-rule="evenodd"></path></svg>
                 </button>
             </div>
-        </div>
-        <div class="absolute w-full md:w-64 top-12 right-0 z-50 my-4 text-base list-none bg-white rounded divide-y divide-gray-100 shadow dark:bg-gray-700 dark:divide-gray-600 @(IsMobileMenuOpen ? "block" : "hidden")" id="mobileMenuDropdown" data-popper-placement="bottom">
-            <ul class="lg:hidden py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="mobileMenuDropdownButton">
-                <li>
-                    <NavLink href="/credentials" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.Prefix">
-                        Credentials
-                    </NavLink>
-                </li>
-                <li>
-                    <NavLink href="/emails" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
-                        Emails
-                    </NavLink>
-                </li>
-            </ul>
-            <div class="py-3 px-4">
-                <span class="block text-sm font-semibold text-gray-900 dark:text-white">@Username</span>
+
+            <div class="absolute w-full md:w-64 top-[40px] md:top-[39px] right-0 z-50 my-4 text-base list-none bg-white rounded-b-lg divide-y divide-gray-100 shadow dark:bg-gray-700 dark:divide-gray-600 @(IsMobileMenuOpen ? "block" : "hidden")" id="mobileMenuDropdown" data-popper-placement="bottom">
+                <ul class="lg:hidden py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="mobileMenuDropdownButton">
+                    <li>
+                        <NavLink href="/credentials" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.Prefix">
+                            Credentials
+                        </NavLink>
+                    </li>
+                    <li>
+                        <NavLink href="/emails" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            Emails
+                        </NavLink>
+                    </li>
+                </ul>
+                <div class="py-3 px-4">
+                    <span class="block text-sm font-semibold text-gray-900 dark:text-white">@Username</span>
+                </div>
+                <ul class="py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="mobileMenuDropdownButton">
+                    <li>
+                        <NavLink href="/settings/general" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            General settings
+                        </NavLink>
+                    </li>
+                    <li>
+                        <NavLink href="/settings/security" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            Security settings
+                        </NavLink>
+                    </li>
+                    <li>
+                        <NavLink href="/settings/vault" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            Vault settings
+                        </NavLink>
+                    </li>
+                    <li>
+                        <button id="theme-toggle" data-tooltip-target="tooltip-toggle" type="button" class="w-full text-start py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white">
+                            Toggle dark mode
+                            <svg id="theme-toggle-dark-icon" class="hidden w-5 h-5 align-middle inline-block" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M17.293 13.293A8 8 0 016.707 2.707a8.001 8.001 0 1010.586 10.586z"></path></svg>
+                            <svg id="theme-toggle-light-icon" class="hidden w-5 h-5 align-middle inline-block" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M10 2a1 1 0 011 1v1a1 1 0 11-2 0V3a1 1 0 011-1zm4 8a4 4 0 11-8 0 4 4 0 018 0zm-.464 4.95l.707.707a1 1 0 001.414-1.414l-.707-.707a1 1 0 00-1.414 1.414zm2.12-10.607a1 1 0 010 1.414l-.706.707a1 1 0 11-1.414-1.414l.707-.707a1 1 0 011.414 0zM17 11a1 1 0 100-2h-1a1 1 0 100 2h1zm-7 4a1 1 0 011 1v1a1 1 0 11-2 0v-1a1 1 0 011-1zM5.05 6.464A1 1 0 106.465 5.05l-.708-.707a1 1 0 00-1.414 1.414l.707.707zm1.414 8.486l-.707.707a1 1 0 01-1.414-1.414l.707-.707a1 1 0 011.414 1.414zM4 11a1 1 0 100-2H3a1 1 0 000 2h1z" fill-rule="evenodd" clip-rule="evenodd"></path></svg>
+                        </button>
+                    </li>
+                    <li>
+                        <NavLink href="/user/logout" class="block py-2 px-4 font-bold text-sm text-primary-700 hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-primary-200 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            Log out
+                        </NavLink>
+                    </li>
+                </ul>
             </div>
-            <ul class="py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="mobileMenuDropdownButton">
-                <li>
-                    <NavLink href="/settings/general" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
-                        General settings
-                    </NavLink>
-                </li>
-                <li>
-                    <NavLink href="/settings/security" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
-                        Security settings
-                    </NavLink>
-                </li>
-                <li>
-                    <NavLink href="/settings/vault" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
-                        Vault settings
-                    </NavLink>
-                </li>
-                <li>
-                    <button id="theme-toggle" data-tooltip-target="tooltip-toggle" type="button" class="w-full text-start py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white">
-                        Toggle dark mode
-                        <svg id="theme-toggle-dark-icon" class="hidden w-5 h-5 align-middle inline-block" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M17.293 13.293A8 8 0 016.707 2.707a8.001 8.001 0 1010.586 10.586z"></path></svg>
-                        <svg id="theme-toggle-light-icon" class="hidden w-5 h-5 align-middle inline-block" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M10 2a1 1 0 011 1v1a1 1 0 11-2 0V3a1 1 0 011-1zm4 8a4 4 0 11-8 0 4 4 0 018 0zm-.464 4.95l.707.707a1 1 0 001.414-1.414l-.707-.707a1 1 0 00-1.414 1.414zm2.12-10.607a1 1 0 010 1.414l-.706.707a1 1 0 11-1.414-1.414l.707-.707a1 1 0 011.414 0zM17 11a1 1 0 100-2h-1a1 1 0 100 2h1zm-7 4a1 1 0 011 1v1a1 1 0 11-2 0v-1a1 1 0 011-1zM5.05 6.464A1 1 0 106.465 5.05l-.708-.707a1 1 0 00-1.414 1.414l.707.707zm1.414 8.486l-.707.707a1 1 0 01-1.414-1.414l.707-.707a1 1 0 011.414 1.414zM4 11a1 1 0 100-2H3a1 1 0 000 2h1z" fill-rule="evenodd" clip-rule="evenodd"></path></svg>
-                    </button>
-                </li>
-                <li>
-                    <NavLink href="/user/logout" class="block py-2 px-4 font-bold text-sm text-primary-700 hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-primary-200 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
-                        Log out
-                    </NavLink>
-                </li>
-            </ul>
+
         </div>
     </nav>
 </header>

src/AliasVault.Client/Main/Pages/Credentials/View.razor

@@ -27,8 +27,8 @@ else
         </CustomActions>
     </PageHeader>
 
-    <div class="grid grid-cols-2 px-4 pt-6 md:grid-cols-3 lg:gap-4 dark:bg-gray-900">
-        <div class="col-span-full lg:col-auto">
+    <div class="grid grid-cols-1 px-4 pt-6 md:grid-cols-2 lg:grid-cols-3 lg:gap-4 dark:bg-gray-900">
+        <div class="col-span-1 md:col-span-2 lg:col-span-1">
             <div class="p-4 mb-4 bg-white border border-gray-200 rounded-lg shadow-sm 2xl:col-span-2 dark:border-gray-700 sm:p-6 dark:bg-gray-800">
                 <div class="items-center flex space-x-4">
                     <DisplayFavicon FaviconBytes="@Alias.Service.Logo" />
@@ -53,7 +53,7 @@ else
                 <AttachmentViewer Attachments="@Alias.Attachments" />
             }
         </div>
-        <div class="col-span-2">
+        <div class="col-span-1 md:col-span-2 lg:col-span-2">
             <div class="p-4 mb-4 bg-white border border-gray-200 rounded-lg shadow-sm 2xl:col-span-2 dark:border-gray-700 sm:p-6 dark:bg-gray-800">
                 <h3 class="mb-2 text-xl font-semibold dark:text-white">Login credentials</h3>
                 <p class="mb-4 text-sm text-gray-600 dark:text-gray-400">

src/AliasVault.Client/Main/Pages/Emails/Home.razor

@@ -66,8 +66,14 @@ else
                                 <div class="flex-grow">
                                     <div class="flex items-center justify-between mb-2 mr-4">
                                         <div>
-                                            <div class="text-gray-800 dark:text-gray-200 mb-2">
+                                            <div class="text-gray-800 dark:text-gray-200 mb-2 flex items-center">
                                                 @email.Subject
+                                                @if (email.HasAttachments)
+                                                {
+                                                    <svg class="attachment-indicator w-4 h-4 ml-2 text-gray-500 dark:text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15.172 7l-6.586 6.586a2 2 0 102.828 2.828l6.414-6.586a4 4 0 00-5.656-5.656l-6.415 6.585a6 6 0 108.486 8.486L20.5 13"></path>
+                                                    </svg>
+                                                }
                                             </div>
                                             <div class="text-sm text-gray-400 dark:text-gray-100 line-clamp-2">
                                                 @email.MessagePreview
@@ -231,7 +237,8 @@ else
                 Subject = email.Subject,
                 MessagePreview = email.MessagePreview,
                 CredentialId = credentialInfo.Id,
-                CredentialName = credentialInfo.ServiceName
+                CredentialName = credentialInfo.ServiceName,
+                HasAttachments = email.HasAttachments,
             };
         }).ToList();
 

src/AliasVault.Client/Main/Pages/Emails/Models/MailListViewModel.cs

@@ -56,4 +56,9 @@ public class MailListViewModel
     /// Gets or sets the message preview.
     /// </summary>
     public string MessagePreview { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the email has attachments.
+    /// </summary>
+    public bool HasAttachments { get; set; }
 }

src/AliasVault.Client/Program.cs

@@ -19,10 +19,6 @@ builder.Configuration.AddJsonFile($"appsettings.{builder.HostEnvironment.Environ
 
 var config = new Config();
 builder.Configuration.Bind(config);
-if (string.IsNullOrEmpty(config.ApiUrl))
-{
-    throw new KeyNotFoundException("ApiUrl is not set in the configuration.");
-}
 
 if (config.PrivateEmailDomains == null || config.PrivateEmailDomains.Count == 0)
 {
@@ -56,8 +52,9 @@ builder.Services.AddScoped(sp =>
     var httpClient = httpClientFactory.CreateClient("AliasVault.Api");
     var apiConfig = sp.GetRequiredService<Config>();
 
-    // Ensure the API URL ends with a forward slash
-    var baseUrl = apiConfig.ApiUrl.TrimEnd('/') + "/";
+    // If API URL is not set, use the current base URL and append "/api" which is the default for the Docker setup.
+    // If API URL override is set (used e.g. in dev), then ensure the API URL ends with a forward slash.
+    var baseUrl = string.IsNullOrEmpty(apiConfig.ApiUrl) ? builder.HostEnvironment.BaseAddress + "api/" : apiConfig.ApiUrl.TrimEnd('/') + "/";
     httpClient.BaseAddress = new Uri(baseUrl);
     return httpClient;
 });

src/AliasVault.Client/Services/CredentialService.cs

@@ -49,20 +49,43 @@ public sealed class CredentialService(HttpClient httpClient, DbService dbService
     /// <returns>Task.</returns>
     public async Task<Credential> GenerateRandomIdentity(Credential credential)
     {
-        // Generate a random identity using the IIdentityGenerator implementation.
-        var identity = await IdentityGeneratorFactory.CreateIdentityGenerator(dbService.Settings.DefaultIdentityLanguage).GenerateRandomIdentityAsync();
+        const int MaxAttempts = 5;
+        var attempts = 0;
+        bool isEmailTaken;
 
-        // Generate random values for the Identity properties
-        credential.Username = identity.NickName;
-        credential.Alias.FirstName = identity.FirstName;
-        credential.Alias.LastName = identity.LastName;
-        credential.Alias.NickName = identity.NickName;
-        credential.Alias.Gender = identity.Gender == Gender.Male ? "Male" : "Female";
-        credential.Alias.BirthDate = identity.BirthDate;
+        do
+        {
+            // Generate a random identity using the IIdentityGenerator implementation
+            var identity = await IdentityGeneratorFactory.CreateIdentityGenerator(dbService.Settings.DefaultIdentityLanguage).GenerateRandomIdentityAsync();
 
-        // Set the email
-        var emailDomain = GetDefaultEmailDomain();
-        credential.Alias.Email = $"{identity.EmailPrefix}@{emailDomain}";
+            // Generate random values for the Identity properties
+            credential.Username = identity.NickName;
+            credential.Alias.FirstName = identity.FirstName;
+            credential.Alias.LastName = identity.LastName;
+            credential.Alias.NickName = identity.NickName;
+            credential.Alias.Gender = identity.Gender == Gender.Male ? "Male" : "Female";
+            credential.Alias.BirthDate = identity.BirthDate;
+
+            // Set the email
+            var emailDomain = GetDefaultEmailDomain();
+            credential.Alias.Email = $"{identity.EmailPrefix}@{emailDomain}";
+
+            // Check if email is already taken
+            try
+            {
+                var response = await httpClient.PostAsync($"v1/Identity/CheckEmail/{credential.Alias.Email}", null);
+                var result = await response.Content.ReadFromJsonAsync<Dictionary<string, bool>>();
+                isEmailTaken = result?["isTaken"] ?? false;
+            }
+            catch
+            {
+                // If the API call fails, assume email is not taken to allow operation to continue
+                isEmailTaken = false;
+            }
+
+            attempts++;
+        }
+        while (isEmailTaken && attempts < MaxAttempts);
 
         // Generate password
         credential.Passwords.First().Value = GenerateRandomPassword();

src/AliasVault.Client/Services/EmailService.cs

@@ -61,6 +61,31 @@ public sealed class EmailService(DbService dbService, JsInteropService jsInterop
         return emailList;
     }
 
+    /// <summary>
+    /// Decrypts an email attachment using the email's encryption key.
+    /// </summary>
+    /// <param name="email">The email containing the encryption information.</param>
+    /// <param name="encryptedBytes">The encrypted attachment bytes.</param>
+    /// <returns>Decrypted attachment bytes.</returns>
+    public async Task<byte[]?> DecryptEmailAttachment(EmailApiModel email, byte[] encryptedBytes)
+    {
+        await EnsureEncryptionKeys();
+        var privateKey = _encryptionKeys.First(x => x.PublicKey == email.EncryptionKey);
+
+        try
+        {
+            var decryptedSymmetricKey = await jsInteropService.DecryptWithPrivateKey(email.EncryptedSymmetricKey, privateKey.PrivateKey);
+            var decryptedBase64 = await jsInteropService.SymmetricDecryptBytes(encryptedBytes, Convert.ToBase64String(decryptedSymmetricKey));
+            return decryptedBase64;
+        }
+        catch (Exception ex)
+        {
+            globalNotificationService.AddErrorMessage(ex.Message, true);
+            logger.LogError(ex, "Error decrypting email attachment.");
+            return null;
+        }
+    }
+
     /// <summary>
     /// Decrypt the contents of a single email.
     /// </summary>

src/AliasVault.Client/Services/JsInteropService.cs

@@ -248,6 +248,23 @@ public sealed class JsInteropService(IJSRuntime jsRuntime)
         where TComponent : class =>
         await jsRuntime.InvokeVoidAsync("window.registerVisibilityCallback", objRef);
 
+    /// <summary>
+    /// Symmetrically decrypts a byte array using the provided encryption key.
+    /// </summary>
+    /// <param name="cipherBytes">Cipher bytes to decrypt.</param>
+    /// <param name="encryptionKey">Encryption key to use.</param>
+    /// <returns>Decrypted bytes.</returns>
+    public async Task<byte[]> SymmetricDecryptBytes(byte[] cipherBytes, string encryptionKey)
+    {
+        if (cipherBytes == null || cipherBytes.Length == 0)
+        {
+            return [];
+        }
+
+        var base64Ciphertext = Convert.ToBase64String(cipherBytes);
+        return await jsRuntime.InvokeAsync<byte[]>("cryptoInterop.decryptBytes", base64Ciphertext, encryptionKey);
+    }
+
     /// <summary>
     /// Represents the result of a WebAuthn get credential operation.
     /// </summary>

src/AliasVault.Client/entrypoint.sh

@@ -1,11 +1,9 @@
 #!/bin/sh
-# Set the default hostname for localhost debugging
-DEFAULT_HOSTNAME="localhost"
+# Set the default values
 DEFAULT_PRIVATE_EMAIL_DOMAINS="localmail.tld"
 DEFAULT_SUPPORT_EMAIL=""
 
-# Use the provided HOSTNAME environment variable if it exists, otherwise use the default
-HOSTNAME=${HOSTNAME:-$DEFAULT_HOSTNAME}
+# Use the provided environment variables if they exist, otherwise use defaults
 PRIVATE_EMAIL_DOMAINS=${PRIVATE_EMAIL_DOMAINS:-$DEFAULT_PRIVATE_EMAIL_DOMAINS}
 SUPPORT_EMAIL=${SUPPORT_EMAIL:-$DEFAULT_SUPPORT_EMAIL}
 
@@ -25,8 +23,9 @@ if [ ! -f /etc/nginx/ssl/nginx.crt ] || [ ! -f /etc/nginx/ssl/nginx.key ]; then
     chmod 600 /etc/nginx/ssl/nginx.key
 fi
 
-# Replace the default URL with the actual API URL constructed from hostname
-sed -i "s|http://localhost:5092|https://${HOSTNAME}/api|g" /usr/share/nginx/html/appsettings.json
+# Remove the default API URL as it's only used for local dev/debugging.
+# The app will use a relative URL instead (base url + "/api/" which is the default for the Docker setup).
+sed -i "s|\"ApiUrl\": \"http://localhost:5092\",||g" /usr/share/nginx/html/appsettings.json
 
 # Convert comma-separated list to JSON array
 json_array=$(echo $PRIVATE_EMAIL_DOMAINS | awk '{split($0,a,","); printf "["; for(i=1;i<=length(a);i++) {printf "\"%s\"", a[i]; if(i<length(a)) printf ","} printf "]"}')

src/AliasVault.Client/wwwroot/css/tailwind.css

@@ -674,12 +674,36 @@ video {
   top: 5rem;
 }
 
-.z-10 {
-  z-index: 10;
+.top-10 {
+  top: 2.5rem;
 }
 
-.z-20 {
-  z-index: 20;
+.top-8 {
+  top: 2rem;
+}
+
+.top-9 {
+  top: 2.25rem;
+}
+
+.top-\[317px\] {
+  top: 317px;
+}
+
+.top-\[39px\] {
+  top: 39px;
+}
+
+.top-\[40px\] {
+  top: 40px;
+}
+
+.-z-10 {
+  z-index: -10;
+}
+
+.z-10 {
+  z-index: 10;
 }
 
 .z-30 {
@@ -694,10 +718,6 @@ video {
   grid-column: span 1 / span 1;
 }
 
-.col-span-2 {
-  grid-column: span 2 / span 2;
-}
-
 .col-span-6 {
   grid-column: span 6 / span 6;
 }
@@ -837,6 +857,14 @@ video {
   margin-top: 2rem;
 }
 
+.mt-\[318px\] {
+  margin-top: 318px;
+}
+
+.mt-\[317px\] {
+  margin-top: 317px;
+}
+
 .line-clamp-2 {
   overflow: hidden;
   display: -webkit-box;
@@ -936,6 +964,10 @@ video {
   height: 100%;
 }
 
+.max-h-\[90vh\] {
+  max-height: 90vh;
+}
+
 .min-h-screen {
   min-height: 100vh;
 }
@@ -1028,6 +1060,10 @@ video {
   max-width: 36rem;
 }
 
+.flex-1 {
+  flex: 1 1 0%;
+}
+
 .flex-shrink-0 {
   flex-shrink: 0;
 }
@@ -1088,10 +1124,6 @@ video {
   grid-template-columns: repeat(1, minmax(0, 1fr));
 }
 
-.grid-cols-2 {
-  grid-template-columns: repeat(2, minmax(0, 1fr));
-}
-
 .grid-cols-4 {
   grid-template-columns: repeat(4, minmax(0, 1fr));
 }
@@ -1282,6 +1314,21 @@ video {
   border-bottom-right-radius: 0.5rem;
 }
 
+.rounded-b {
+  border-bottom-right-radius: 0.25rem;
+  border-bottom-left-radius: 0.25rem;
+}
+
+.rounded-b-xl {
+  border-bottom-right-radius: 0.75rem;
+  border-bottom-left-radius: 0.75rem;
+}
+
+.rounded-b-lg {
+  border-bottom-right-radius: 0.5rem;
+  border-bottom-left-radius: 0.5rem;
+}
+
 .border {
   border-width: 1px;
 }
@@ -2280,6 +2327,11 @@ video {
   border-color: rgb(34 197 94 / var(--tw-border-opacity));
 }
 
+.dark\:border-primary-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(244 149 65 / var(--tw-border-opacity));
+}
+
 .dark\:border-primary-700:is(.dark *) {
   --tw-border-opacity: 1;
   border-color: rgb(184 112 47 / var(--tw-border-opacity));
@@ -2300,11 +2352,6 @@ video {
   border-color: rgb(234 179 8 / var(--tw-border-opacity));
 }
 
-.dark\:border-primary-500:is(.dark *) {
-  --tw-border-opacity: 1;
-  border-color: rgb(244 149 65 / var(--tw-border-opacity));
-}
-
 .dark\:bg-blue-800:is(.dark *) {
   --tw-bg-opacity: 1;
   background-color: rgb(30 64 175 / var(--tw-bg-opacity));
@@ -2644,10 +2691,6 @@ video {
 }
 
 @media (min-width: 640px) {
-  .sm\:absolute {
-    position: absolute;
-  }
-
   .sm\:-top-2 {
     top: -0.5rem;
   }
@@ -2680,6 +2723,10 @@ video {
     width: auto;
   }
 
+  .sm\:grid-cols-2 {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
   .sm\:flex-row {
     flex-direction: row;
   }
@@ -2714,10 +2761,18 @@ video {
 }
 
 @media (min-width: 768px) {
+  .md\:top-\[39px\] {
+    top: 39px;
+  }
+
   .md\:col-span-1 {
     grid-column: span 1 / span 1;
   }
 
+  .md\:col-span-2 {
+    grid-column: span 2 / span 2;
+  }
+
   .md\:ml-2 {
     margin-left: 0.5rem;
   }
@@ -2778,10 +2833,6 @@ video {
     order: 2;
   }
 
-  .lg\:col-auto {
-    grid-column: auto;
-  }
-
   .lg\:col-span-1 {
     grid-column: span 1 / span 1;
   }

src/AliasVault.Client/wwwroot/js/crypto.js

@@ -1,6 +1,6 @@
 /**
  * AES (symmetric) encryption and decryption functions.
- * @type {{encrypt: (function(*, *): Promise<string>), decrypt: (function(*, *): Promise<string>)}}
+ * @type {{encrypt: (function(*, *): Promise<string>), decrypt: (function(*, *): Promise<string>), decryptBytes: (function(*, *): Promise<Uint8Array>)}}
  */
 window.cryptoInterop = {
     encrypt: async function (plaintext, base64Key) {
@@ -59,6 +59,30 @@ window.cryptoInterop = {
 
         const decoder = new TextDecoder();
         return decoder.decode(decrypted);
+    },
+    decryptBytes: async function (base64Ciphertext, base64Key) {
+        const key = await window.crypto.subtle.importKey(
+            "raw",
+            Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
+            {
+                name: "AES-GCM",
+                length: 256,
+            },
+            false,
+            ["decrypt"]
+        );
+
+        const ivAndCiphertext = Uint8Array.from(atob(base64Ciphertext), c => c.charCodeAt(0));
+        const iv = ivAndCiphertext.slice(0, 12);
+        const ciphertext = ivAndCiphertext.slice(12);
+
+        const decrypted = await window.crypto.subtle.decrypt(
+            { name: "AES-GCM", iv: iv },
+            key,
+            ciphertext
+        );
+
+        return new Uint8Array(decrypted);
     }
 };
 

src/Databases/AliasClientDb/AliasClientDb.csproj

@@ -25,8 +25,8 @@
       </PackageReference>
       <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="9.0.0" />
       <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.0" />
-      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.0" />
-      <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.0" />
+      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.1" />
+      <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.1" />
       <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.0" />
       <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
         <PrivateAssets>all</PrivateAssets>

src/Databases/AliasServerDb/AliasServerDb.csproj

@@ -17,7 +17,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="9.0.0" />
+      <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="9.0.1" />
       <PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="9.0.0" />
       <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="9.0.0" />
       <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.0" />
@@ -28,8 +28,8 @@
       <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="9.0.0" />
       <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.0" />
       <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.0" />
-      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.0" />
-      <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.0" />
+      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.1" />
+      <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="9.0.1" />
       <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.0" />
       <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.2" />
       <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">

src/Databases/AliasServerDb/UserEmailClaim.cs

@@ -44,13 +44,13 @@ public class UserEmailClaim
     public string Address { get; set; } = null!;
 
     /// <summary>
-    /// Gets or sets the email adress local part.
+    /// Gets or sets the email address local part.
     /// </summary>
     [StringLength(255)]
     public string AddressLocal { get; set; } = null!;
 
     /// <summary>
-    /// Gets or sets the email adress domain part.
+    /// Gets or sets the email address domain part.
     /// </summary>
     [StringLength(255)]
     public string AddressDomain { get; set; } = null!;

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_female

@@ -151,3 +151,109 @@ Juliana
 Charlie
 Lucia
 Stella
+Adriana
+Beatrice
+Bianca
+Calliope
+Carmen
+Celeste
+Dakota
+Diana
+Esther
+Florence
+Francesca
+Georgia
+Harlow
+Haven
+Holly
+Hope
+India
+Indie
+Iris
+Juniper
+Kaia
+Keira
+Lara
+Laura
+Laurel
+Luna
+Magnolia
+Maeve
+Marina
+Marlowe
+Nina
+Noelle
+Octavia
+Olive
+Ophelia
+Phoenix
+Poppy
+Primrose
+Ramona
+River
+Rosalie
+Rosemary
+Sage
+Salem
+Selena
+Sienna
+Summer
+Sylvie
+Thea
+Tessa
+Wren
+Winter
+Willa
+Ada
+Aspen
+Blair
+Brynn
+Cassidy
+Cecilia
+Daisy
+Dawn
+Daphne
+Ember
+Fiona
+Flora
+Freya
+Gemma
+Giselle
+Harmony
+Heidi
+Imogen
+Indie
+Jessie
+June
+Kaia
+Lena
+Lola
+Mabel
+Maisie
+Margot
+Matilda
+Mira
+Morgan
+Nell
+Nadia
+Odette
+Opal
+Pearl
+Phoebe
+Raven
+Reese
+Robin
+Rowan
+Ruth
+Sabrina
+Sasha
+Sierra
+Skye
+Sloane
+Talia
+Thora
+Vera
+Willa
+Winnie
+Yara
+Zara

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_male

@@ -140,3 +140,108 @@ Levi
 Alan
 Jorge
 Carson
+Felix
+Oliver
+Theodore
+Harrison
+Maxwell
+Sebastian
+Xavier
+Dominick
+Lincoln
+Elliott
+Walter
+Simon
+Dean
+Hugo
+Malcolm
+Leon
+Oscar
+Calvin
+Raymond
+Edgar
+Franklin
+Arthur
+Lawrence
+Dennis
+Russell
+Douglas
+Leonard
+Gregory
+Harold
+Frederick
+Martin
+Curtis
+Stanley
+Gilbert
+Harvey
+Francis
+Eugene
+Ralph
+Roy
+Albert
+Bruce
+Ronald
+Keith
+Craig
+Roger
+Randy
+Gary
+Dennis
+Edwin
+Don
+Glen
+Gordon
+Howard
+Earl
+Leo
+Lloyd
+Milton
+Norman
+Roland
+Vernon
+Warren
+Alfred
+Bernard
+Chester
+Clarence
+Clifford
+Clyde
+Dale
+Dan
+Darrell
+Floyd
+Herman
+Jerome
+Maurice
+Neil
+Ray
+Rodney
+Roland
+Stuart
+Wallace
+Wayne
+Wendell
+Barry
+Cecil
+Claude
+Daryl
+Edmund
+Everett
+Ferdinand
+Forrest
+Gerald
+Hugh
+Irving
+Leslie
+Marvin
+Morris
+Nelson
+Perry
+Phillip
+Roderick
+Ross
+Terrence
+Wade
+Winston
+Zachariah

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/lastnames

@@ -165,3 +165,107 @@ Shaw
 Snyder
 Mason
 Dixon
+Blackwood
+Shepherd
+Frost
+Hawkins
+Pearson
+Fleming
+Dawson
+Palmer
+Nash
+Barker
+Thornton
+Fitzgerald
+Winters
+Mckenzie
+Chandler
+Griffith
+Cunningham
+Doyle
+Fletcher
+Hicks
+Walton
+Briggs
+Pearce
+Nichols
+Blake
+Hodges
+Benson
+Marsh
+Whitaker
+Skinner
+Robbins
+Goodwin
+Kirby
+Savage
+Hensley
+Hancock
+Pratt
+Gallagher
+Yates
+Dennis
+Swanson
+Steele
+Bauer
+Holt
+Barber
+Schultz
+Foley
+Fowler
+Wise
+Malone
+Cannon
+Tate
+Stark
+Welch
+Dyer
+Booth
+Payne
+Shannon
+Harmon
+Woodward
+Morse
+Jacobson
+Knowles
+Blanchard
+Dillon
+Stokes
+Buckley
+Dickerson
+Middleton
+Sellers
+Cobb
+Stephenson
+Roach
+Moody
+Beard
+Mccarthy
+Garner
+Mcguire
+Sloan
+Ballard
+Shields
+Orr
+Savage
+Graves
+Dempsey
+Weeks
+Mckay
+Cooke
+Riddle
+Gates
+Atkins
+Farrell
+Lowery
+Huffman
+Livingston
+Davenport
+Hendricks
+Kerr
+Pollard
+Hoover
+Wolfe
+Bowman
+Underwood
+Frazier

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/nl/firstnames_female

@@ -102,3 +102,110 @@ Juul
 Lise
 Myrthe
 Veerle
+Aafke
+Alicia
+Amira
+Aniek
+Annabel
+Annelies
+Anouk
+Astrid
+Babette
+Bianca
+Britt
+Carlijn
+Chantal
+Claire
+Dagmar
+Danique
+Daphne
+Denise
+Dominique
+Doris
+Eefje
+Elena
+Eline
+Elisa
+Elisabeth
+Ellen
+Esther
+Eveline
+Fabienne
+Felice
+Fleur
+Frederique
+Gwen
+Hanna
+Heleen
+Helena
+Ilona
+Imke
+Inge
+Irene
+Iris
+Janna
+Janneke
+Jasmine
+Jennifer
+Jessica
+Joelle
+Judith
+Julia
+Karin
+Karlijn
+Kim
+Kirsten
+Kyra
+Laura
+Lena
+Lianne
+Liesbeth
+Linda
+Lisanne
+Lisette
+Louise
+Maartje
+Manon
+Margot
+Marieke
+Marijke
+Marlies
+Marloes
+Marthe
+Melissa
+Michelle
+Nadine
+Natalie
+Nicole
+Nina
+Noortje
+Paulien
+Petra
+Rachel
+Renee
+Robin
+Rosa
+Roxanne
+Sabine
+Sandra
+Saskia
+Silke
+Simone
+Suzanne
+Sylvie
+Tamara
+Tanja
+Tara
+Thea
+Thirza
+Tina
+Tineke
+Ursula
+Victoria
+Wendy
+Wilma
+Xandra
+Yasmin
+Yvette
+Yvonne
+Zara

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/nl/firstnames_male

@@ -99,3 +99,114 @@ Mijs
 Mika
 Felix
 Merlijn
+Alexander
+Aron
+Arthur
+Axel
+Bas
+Bastiaan
+Berend
+Björn
+Casper
+Cees
+Chris
+Christian
+Christiaan
+Colin
+Cornelis
+Dani
+Dennis
+Dirk
+Dominic
+Eduard
+Eelco
+Erik
+Erwin
+Ezra
+Faas
+Filip
+Florian
+Frank
+Frederik
+Freek
+Gerard
+Gerrit
+Giel
+Gijs
+Glenn
+Govert
+Harm
+Harold
+Hendrik
+Henrik
+Huub
+Ian
+Ivo
+Jacob
+Jake
+Jan
+Jarno
+Jason
+Jeffrey
+Jeremy
+Jim
+Jimmy
+Johan
+Johannes
+Jonas
+Jonathan
+Jos
+Joshua
+Justin
+Kay
+Kevin
+Kjeld
+Klaas
+Lennard
+Lennart
+Leon
+Lex
+Liam
+Loek
+Lorenzo
+Louis
+Lowie
+Maarten
+Magnus
+Maikel
+Marc
+Marcel
+Marco
+Martijn
+Mathias
+Matthijs
+Maurits
+Menno
+Michiel
+Nathan
+Nico
+Oscar
+Pascal
+Patrick
+Paul
+Peter
+Philip
+Pieter
+Pim
+Quincy
+Remco
+Rick
+Rik
+Robert
+Rogier
+Rowan
+Ruud
+Simon
+Stefan
+Steven
+Thom
+Victor
+Vincent
+Willem
+Wouter
+Yannick

src/Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/nl/lastnames

@@ -104,3 +104,104 @@ van Asselt
 Timmermans
 van Vliet
 van Rijn
+van Schaik
+Bosman
+Wolters
+van Hout
+Hermans
+van Rooij
+de Vos
+van Donselaar
+Evers
+van den Brink
+Verkerk
+Groeneveld
+van Duijn
+Schuurman
+Hoogendoorn
+van Zanten
+Koopman
+Cornelissen
+van Driel
+Teunissen
+Versteeg
+van Deursen
+Schipper
+van Kempen
+Bouwman
+van der Valk
+Nijhuis
+van der Werf
+van den Akker
+Verhoef
+Wessels
+van der Poel
+Driessen
+van Oosten
+Lambrechts
+van der Vlist
+Hoogeveen
+van Gils
+Rietveld
+Barendrecht
+van der Spek
+Stam
+van der Linde
+Boersma
+van Dijk
+Schepers
+van der Kolk
+Roelofs
+van der Velden
+van den Burg
+Westra
+van der Steen
+Pronk
+van der Veer
+Rozendaal
+van den Bos
+Konings
+van der Wiel
+Noordam
+van der Laan
+Schut
+van der Vlugt
+Witteveen
+van der Zwan
+Boogaard
+van der Waal
+Stolk
+van der Windt
+Rutten
+van der Zanden
+Spaans
+van der Zwaan
+Roos
+van der Zijl
+Schoenmaker
+van Diepen
+Romeijn
+van Doesburg
+Schippers
+van Eck
+Rijken
+van Egmond
+Schrama
+van Eijk
+Ruijter
+van Engelen
+Sanders
+van Es
+Schenk
+van Essen
+van Gaal
+van Geenen
+van Gent
+van Gestel
+van Gool
+van Grinsven
+van Gurp
+van Haaften
+van Haren
+van Hattem
+van Hees

src/Generators/AliasVault.Generators.Identity/UsernameEmailGenerator.cs

@@ -67,25 +67,55 @@ public class UsernameEmailGenerator
     {
         var parts = new List<string>();
 
-        // Use first initial + last name
-        if (_random.Next(2) == 0)
+        switch (_random.Next(4))
         {
-            parts.Add(identity.FirstName.Substring(0, 1).ToLower() + identity.LastName.ToLower());
-        }
-        else
-        {
-            // Use full name
-            parts.Add((identity.FirstName + identity.LastName).ToLower());
+            case 0:
+                // First initial + last name
+                parts.Add(identity.FirstName.Substring(0, 1).ToLower() + identity.LastName.ToLower());
+                break;
+            case 1:
+                // Full name
+                parts.Add((identity.FirstName + identity.LastName).ToLower());
+                break;
+            case 2:
+                // First name + last initial
+                parts.Add(identity.FirstName.ToLower() + identity.LastName.Substring(0, 1).ToLower());
+                break;
+            case 3:
+                // First 3 chars of first name + last name
+                parts.Add(identity.FirstName.Substring(0, Math.Min(3, identity.FirstName.Length)).ToLower() + identity.LastName.ToLower());
+                break;
         }
 
-        // Add birth year
-        if (_random.Next(2) == 0)
+        // Add birth year variations
+        if (_random.Next(3) != 0)
         {
-            parts.Add(identity.BirthDate.Year.ToString().Substring(2));
+            switch (_random.Next(2))
+            {
+                case 0:
+                    parts.Add(identity.BirthDate.Year.ToString().Substring(2));
+                    break;
+                case 1:
+                    parts.Add(identity.BirthDate.Year.ToString());
+                    break;
+            }
+        }
+        else if (_random.Next(2) == 0)
+        {
+            // Add random numbers for more uniqueness
+            parts.Add(_random.Next(10, 999).ToString());
         }
 
-        // Join parts and sanitize
+        // Join parts with random symbols, possibly multiple
         var emailPrefix = string.Join(GetRandomSymbol(), parts);
+
+        // Add extra random symbol at random position
+        if (_random.Next(2) == 0)
+        {
+            int position = _random.Next(emailPrefix.Length);
+            emailPrefix = emailPrefix.Insert(position, GetRandomSymbol());
+        }
+
         emailPrefix = SanitizeEmailPrefix(emailPrefix);
 
         // Adjust length

src/Services/AliasVault.SmtpService/Dockerfile

@@ -1,18 +1,22 @@
 FROM mcr.microsoft.com/dotnet/runtime:9.0 AS base
 WORKDIR /app
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 
 # Copy the project files and restore dependencies
 COPY ["src/Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj", "src/Services/AliasVault.SmtpService/"]
-RUN dotnet restore "./src/Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj"
+RUN dotnet restore "./src/Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj" -a "$TARGETARCH"
 COPY . .
 
 # Build and publish the application
 WORKDIR "/src/src/Services/AliasVault.SmtpService"
-RUN dotnet publish "./AliasVault.SmtpService.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+RUN dotnet publish "./AliasVault.SmtpService.csproj" -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
+    -o /app/publish \
+    /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app

src/Services/AliasVault.SmtpService/Handlers/DatabaseMessageStore.cs

@@ -334,7 +334,7 @@ public class DatabaseMessageStore(ILogger<DatabaseMessageStore> logger, Config c
 
         var insertedId = await InsertEmailIntoDatabase(message, new MailAddress(toAddress.AsAddress()), userPublicKey);
         logger.LogInformation(
-            "Email for {ToAddress} successfully saved into database with ID {insertedId}.",
+            "Email for {ToAddress} successfully saved into database with ID {InsertedId}.",
             toAddress.User + "@" + toAddress.Host,
             insertedId);
         return true;

src/Services/AliasVault.SmtpService/Scripts/sendEmailCLI.sh

@@ -1,7 +1,13 @@
 #!/bin/bash
 
 generate_random_string() {
-    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-10} | head -n 1
+    LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w ${1:-10} | head -n 1
+}
+
+generate_random_attachment() {
+    local temp_file="/tmp/test_attachment_$(generate_random_string 8).txt"
+    echo "This is a test attachment content - $(generate_random_string 32)" > "$temp_file"
+    echo "$temp_file"
 }
 
 print_logo() {
@@ -23,25 +29,54 @@ print_logo() {
 
 send_email() {
     local recipient="$1"
+    local with_attachment="$2"
     local subject_suffix=$(generate_random_string 8)
     local content_suffix=$(generate_random_string 20)
+    local boundary="boundary-$(generate_random_string 16)"
+    local attachment_content="This is a test attachment content - $(generate_random_string 32)"
+    local attachment_name="test_attachment_$(generate_random_string 8).txt"
 
-    cat > temp_email.txt << EOF
-From: sender@example.com
-To: $recipient
-Subject: Test Email - $subject_suffix
-
-This is a test email.
-
-Random content: $content_suffix
-EOF
-
-    curl --url "smtp://localhost:25" \
-         --mail-from "sender@example.com" \
-         --mail-rcpt "$recipient" \
-         --upload-file temp_email.txt
-
-    rm temp_email.txt
+    if [[ "$with_attachment" =~ ^[Yy]$ ]]; then
+        {
+            echo "From: sender@example.com"
+            echo "To: $recipient"
+            echo "Subject: Test Email with Attachment - $subject_suffix"
+            echo "MIME-Version: 1.0"
+            echo "Content-Type: multipart/mixed; boundary=$boundary"
+            echo ""
+            echo "--$boundary"
+            echo "Content-Type: text/plain; charset=utf-8"
+            echo ""
+            echo "This is a test email with attachment."
+            echo ""
+            echo "Random content: $content_suffix"
+            echo ""
+            echo "--$boundary"
+            echo "Content-Type: application/octet-stream"
+            echo "Content-Transfer-Encoding: base64"
+            echo "Content-Disposition: attachment; filename=\"$attachment_name\""
+            echo ""
+            echo "$attachment_content" | base64
+            echo ""
+            echo "--$boundary--"
+        } | curl --url "smtp://localhost:25" \
+                 --mail-from "sender@example.com" \
+                 --mail-rcpt "$recipient" \
+                 --upload-file -
+    else
+        {
+            echo "From: sender@example.com"
+            echo "To: $recipient"
+            echo "Subject: Test Email - $subject_suffix"
+            echo ""
+            echo "This is a test email."
+            echo ""
+            echo "Random content: $content_suffix"
+        } | curl --url "smtp://localhost:25" \
+                 --mail-from "sender@example.com" \
+                 --mail-rcpt "$recipient" \
+                 --upload-file -
+    fi
 }
 
 print_logo
@@ -49,19 +84,18 @@ print_logo
 while true; do
     if [[ -z "$recipient" ]]; then
         read -p "Enter the recipient's email address: " recipient
+        read -p "Do you want to send emails with attachments? (y/N): " with_attachment
     fi
 
-    send_email "$recipient"
+    send_email "$recipient" "$with_attachment"
 
-    read -p "Send another email? (Press Enter for same recipient, or type a new email, or 'q' to quit): " next_action
+    read -p "Send another email? (Press Enter for same recipient/settings, or type a new email, or 'q' to quit): " next_action
 
     if [[ "$next_action" == "q" ]]; then
         echo "Exiting the script. Goodbye!"
         exit 0
     elif [[ -n "$next_action" ]]; then
         recipient="$next_action"
-    else
-        # If next_action is empty (user pressed Enter), keep the same recipient
-        :
+        read -p "Do you want to send emails with attachments? (y/N): " with_attachment
     fi
 done

src/Services/AliasVault.TaskRunner/Dockerfile

@@ -1,20 +1,22 @@
-FROM mcr.microsoft.com/dotnet/runtime:9.0 AS base
-WORKDIR /app
-
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 
 # Copy the project files and restore dependencies
 COPY ["src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj", "src/Services/AliasVault.TaskRunner/"]
-RUN dotnet restore "./src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj"
+RUN dotnet restore "./src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj" -a "$TARGETARCH"
 COPY . .
 
 # Build and publish the application
 WORKDIR "/src/src/Services/AliasVault.TaskRunner"
-RUN dotnet publish "./AliasVault.TaskRunner.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+RUN dotnet publish "./AliasVault.TaskRunner.csproj" \
+    -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
+    -o /app/publish \
+    /p:UseAppHost=false
 
-FROM base AS final
+FROM mcr.microsoft.com/dotnet/runtime:9.0 AS final
 WORKDIR /app
 COPY --from=build /app/publish .
 ENTRYPOINT ["dotnet", "AliasVault.TaskRunner.dll"]

src/Shared/AliasVault.Shared.Core/AppInfo.cs

@@ -25,12 +25,12 @@ public static class AppInfo
     /// <summary>
     /// Gets the minor version number.
     /// </summary>
-    public const int VersionMinor = 10;
+    public const int VersionMinor = 11;
 
     /// <summary>
     /// Gets the patch version number.
     /// </summary>
-    public const int VersionPatch = 2;
+    public const int VersionPatch = 1;
 
     /// <summary>
     /// Gets the build number, typically used in CI/CD pipelines.

src/Shared/AliasVault.Shared/Models/Spamok/MailboxEmailApiModel.cs

@@ -18,4 +18,9 @@ public class MailboxEmailApiModel : EmailApiModelBase
     /// Gets or sets the preview of the email message.
     /// </summary>
     public string MessagePreview { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets a value indicating whether the email has attachments.
+    /// </summary>
+    public bool HasAttachments { get; set; }
 }

src/Tests/AliasVault.E2ETests/AliasVault.E2ETests.csproj

@@ -28,16 +28,16 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.1" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
         <PackageReference Include="NUnit" Version="4.3.2" />
         <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
-        <PackageReference Include="NUnit.Analyzers" Version="4.5.0">
+        <PackageReference Include="NUnit.Analyzers" Version="4.6.0">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="Microsoft.Playwright.NUnit" Version="1.49.0" />
-        <PackageReference Include="coverlet.collector" Version="6.0.2">
+        <PackageReference Include="coverlet.collector" Version="6.0.4">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>

src/Tests/AliasVault.E2ETests/Tests/Client/Shard1/EmailDecryptionTests.cs

@@ -7,6 +7,7 @@
 
 namespace AliasVault.E2ETests.Tests.Client.Shard1;
 
+using System.Text;
 using AliasVault.IntegrationTests.SmtpServer;
 using MailKit.Net.Smtp;
 using MailKit.Security;
@@ -46,7 +47,7 @@ public class EmailDecryptionTests : ClientPlaywrightTest
     }
 
     /// <summary>
-    /// Test if received email encrypted by server can be successfully decrypted by client
+    /// Test if received email without attachments encrypted by server can be successfully decrypted by client
     /// and then be deleted by client.
     /// </summary>
     /// <returns>Async task.</returns>
@@ -56,7 +57,7 @@ public class EmailDecryptionTests : ClientPlaywrightTest
     {
         // Create credential which should automatically create claim on server during database sync.
         const string serviceName = "Test Service";
-        const string email = "testclaim@example.tld";
+        const string email = "testclaim2@example.tld";
         await CreateCredentialEntry(new Dictionary<string, string>
         {
             { "service-name", serviceName },
@@ -72,7 +73,7 @@ public class EmailDecryptionTests : ClientPlaywrightTest
         Assert.That(publicKey, Is.Not.Null, "Public key for user not found in database. Check if public key creation is working correctly.");
         Assert.That(publicKey.PublicKey, Has.Length.GreaterThanOrEqualTo(100), "Public key exists but length does not match expected. Check if public key creation is working correctly.");
 
-        // Email the SMTP server which will save the email in encrypted form in the database..
+        // Email the SMTP server which will save the email in encrypted form in the database.
         var message = new MimeMessage();
         message.From.Add(new MailboxAddress("Test Sender", "sender@example.com"));
         message.To.Add(new MailboxAddress("Test Recipient", email));
@@ -93,6 +94,7 @@ public class EmailDecryptionTests : ClientPlaywrightTest
             HtmlBody = htmlBody,
         };
         message.Body = bodyBuilder.ToMessageBody();
+
         await SendMessageToSmtpServer(message);
 
         // Assert that email was received by the server.
@@ -138,11 +140,149 @@ public class EmailDecryptionTests : ClientPlaywrightTest
     }
 
     /// <summary>
-    /// Test that adding a credential with email domain that is not in the known list to not get added as claim.
+    /// Test if received email including attachment encrypted by server can be successfully decrypted by client
+    /// and then be deleted by client.
     /// </summary>
     /// <returns>Async task.</returns>
     [Test]
     [Order(2)]
+    public async Task EmailEncryptionDecryptionAttachmentDeleteTest()
+    {
+        // Create credential which should automatically create claim on server during database sync.
+        const string serviceName = "Test Service";
+        const string email = "testclaim@example.tld";
+        await CreateCredentialEntry(new Dictionary<string, string>
+        {
+            { "service-name", serviceName },
+            { "email", email },
+        });
+
+        // Assert that the claim was created on the server.
+        var claim = await ApiDbContext.UserEmailClaims.Where(x => x.Address == email).FirstOrDefaultAsync();
+        Assert.That(claim, Is.Not.Null, "Claim for email address not found in database. Check if credential creation and claim creation are working correctly.");
+
+        // Assert that the users public key was created on the server.
+        var publicKey = await ApiDbContext.UserEncryptionKeys.Where(x => x.UserId == claim.UserId).FirstOrDefaultAsync();
+        Assert.That(publicKey, Is.Not.Null, "Public key for user not found in database. Check if public key creation is working correctly.");
+        Assert.That(publicKey!.PublicKey, Has.Length.GreaterThanOrEqualTo(100), "Public key exists but length does not match expected. Check if public key creation is working correctly.");
+
+        // Email the SMTP server which will save the email in encrypted form in the database..
+        var message = new MimeMessage();
+        message.From.Add(new MailboxAddress("Test Sender", "sender@example.com"));
+        message.To.Add(new MailboxAddress("Test Recipient", email));
+        const string textSubject = "Encrypted Email Subject";
+        const string textBody = "This is a test email plain.";
+        const string htmlBody = @"
+        <html>
+        <body>
+            <h1>Test Email</h1>
+            <p>This is a test email with HTML content.</p>
+            <p>Sample anchor tag: <a href=""https://example.com"">Example Link</a></p>
+        </body>
+        </html>";
+        message.Subject = textSubject;
+        var bodyBuilder = new BodyBuilder
+        {
+            TextBody = textBody,
+            HtmlBody = htmlBody,
+        };
+        var attachment = new MimePart("text", "plain")
+        {
+            Content = new MimeContent(new MemoryStream(Encoding.UTF8.GetBytes("This is an attachment."))),
+            ContentDisposition = new ContentDisposition(ContentDisposition.Attachment),
+            ContentTransferEncoding = ContentEncoding.Base64,
+            FileName = "attachment.txt",
+        };
+        bodyBuilder.Attachments.Add(attachment);
+        message.Body = bodyBuilder.ToMessageBody();
+
+        await SendMessageToSmtpServer(message);
+
+        // Assert that email was received by the server.
+        var emailReceived = await ApiDbContext.Emails.FirstOrDefaultAsync(x => x.To == email);
+        Assert.That(emailReceived, Is.Not.Null, "Email not received by server. Check SMTP server and email encryption/decryption logic.");
+
+        // Assert that the attachment is stored in the database.
+        var attachmentReceived = await ApiDbContext.EmailAttachments.FirstOrDefaultAsync(x => x.EmailId == emailReceived.Id);
+        Assert.That(attachmentReceived, Is.Not.Null, "Attachment not found in database. Check email attachment encryption logic.");
+
+        // Assert that the attachment content is encrypted
+        var attachmentContent = Encoding.UTF8.GetString(attachmentReceived!.Bytes);
+        Assert.Multiple(() =>
+        {
+            Assert.That(attachmentContent, Does.Not.Contain("This is an attachment."), "Attachment content stored as plain text in database. Check attachment encryption logic.");
+            Assert.That(attachmentContent, Is.Not.Empty, "Attachment content is empty. Check attachment encryption logic.");
+        });
+
+        // Assert that subject is not stored as plain text in the database.
+        Assert.That(emailReceived!.Subject, Does.Not.Contain(textSubject), "Email subject stored as plain text in database. Check email encryption logic.");
+
+        // Attempt to click on email refresh button to get new emails.
+        await Page.Locator("id=recent-email-refresh").First.ClickAsync();
+        await WaitForUrlAsync("credentials/**", "Subject");
+
+        // Check if the email is visible on the page now.
+        var emailContent = await Page.TextContentAsync("body");
+        Assert.That(emailContent, Does.Contain(textSubject), "Email not (correctly) decrypted and displayed on the credential page. Check email decryption logic.");
+
+        // Navigate to the email index page and ensure that the decrypted email is also readable there.
+        await NavigateUsingBlazorRouter("emails");
+        await WaitForUrlAsync("emails", "Inbox");
+
+        // Check if the email is visible on the page now.
+        emailContent = await Page.TextContentAsync("body");
+        Assert.That(emailContent, Does.Contain(textSubject), "Email not (correctly) decrypted and displayed on the emails page. Check email decryption logic.");
+
+        // Assert that the attachment indicator is visible on the page.
+        var attachmentIndicator = await Page.Locator(".attachment-indicator").First.GetAttributeAsync("class");
+        Assert.That(attachmentIndicator, Is.Not.Null, "Attachment indicator not visible on email page. Check email attachment decryption logic.");
+
+        // Attempt to click on the email subject to open the modal.
+        await Page.Locator("text=" + textSubject).First.ClickAsync();
+        await WaitForUrlAsync("emails**", "Delete");
+
+        // Assert that the anchor tag in the email iframe has target="_blank" attribute.
+        var anchorTag = await Page.Locator("iframe").First.GetAttributeAsync("srcdoc");
+        Assert.That(anchorTag, Does.Contain("target=\"_blank\""), "Anchor tag in email iframe does not have target=\"_blank\" attribute. Check email decryption logic.");
+
+        // Assert that email attachment metadata is visible in the modal.
+        var body = await Page.TextContentAsync("body");
+        Assert.That(body, Does.Contain("attachment.txt"), "Attachment metadata not visible in email modal. Check email attachment parse logic.");
+
+        // Assert that clicking on the attachment link downloads it.
+        await Page.Locator(".attachment-link").First.ClickAsync();
+        var download = await Page.WaitForDownloadAsync();
+
+        // Get the path of the downloaded file
+        var downloadedFilePath = await download.PathAsync();
+
+        // Read the content of the downloaded file
+        var downloadedContent = await File.ReadAllBytesAsync(downloadedFilePath);
+
+        // Compare with the original attachment content
+        var originalContent = Encoding.UTF8.GetBytes("This is an attachment.");
+        Assert.That(downloadedContent, Is.EqualTo(originalContent), "Downloaded attachment content does not match the original content.");
+
+        // Clean up: delete the downloaded file
+        File.Delete(downloadedFilePath);
+
+        // Click the delete button to delete the email.
+        await Page.Locator("id=delete-email").First.ClickAsync();
+
+        // Wait for the email delete confirm message to show up.
+        await WaitForUrlAsync("emails**", "Email deleted successfully");
+
+        // Assert that the email is no longer visible on the page.
+        body = await Page.TextContentAsync("body");
+        Assert.That(body, Does.Not.Contain(textSubject), "Email not deleted from page after deletion. Check email deletion logic.");
+    }
+
+    /// <summary>
+    /// Test that adding a credential with email domain that is not in the known list to not get added as claim.
+    /// </summary>
+    /// <returns>Async task.</returns>
+    [Test]
+    [Order(3)]
     public async Task EmailUnknownDomainNoClaimTest()
     {
         // Create credential which should automatically create claim on server during database sync.
@@ -165,7 +305,7 @@ public class EmailDecryptionTests : ClientPlaywrightTest
     /// </summary>
     /// <returns>Async task.</returns>
     [Test]
-    [Order(3)]
+    [Order(4)]
     public async Task EmailDuplicateClaimTest()
     {
         // Create credential which should automatically create claim on server during database sync.

src/Tests/AliasVault.IntegrationTests/AliasVault.IntegrationTests.csproj

@@ -20,11 +20,11 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="coverlet.collector" Version="6.0.2"/>
+        <PackageReference Include="coverlet.collector" Version="6.0.4"/>
         <PackageReference Include="MailKit" Version="4.9.0" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0"/>
         <PackageReference Include="NUnit" Version="4.3.2"/>
-        <PackageReference Include="NUnit.Analyzers" Version="4.5.0"/>
+        <PackageReference Include="NUnit.Analyzers" Version="4.6.0"/>
         <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
         <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
           <PrivateAssets>all</PrivateAssets>

src/Tests/AliasVault.UnitTests/AliasVault.UnitTests.csproj

@@ -27,18 +27,18 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="coverlet.msbuild" Version="6.0.2">
+        <PackageReference Include="coverlet.msbuild" Version="6.0.3">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
         <PackageReference Include="NUnit" Version="4.3.2" />
         <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
-        <PackageReference Include="NUnit.Analyzers" Version="4.5.0">
+        <PackageReference Include="NUnit.Analyzers" Version="4.6.0">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="coverlet.collector" Version="6.0.2">
+        <PackageReference Include="coverlet.collector" Version="6.0.4">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>

src/Utilities/AliasVault.InstallCli/Dockerfile

@@ -1,21 +1,25 @@
 FROM mcr.microsoft.com/dotnet/runtime:9.0 AS base
 WORKDIR /app
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG TARGETARCH
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 
 # Copy csproj files and restore as distinct layers
 COPY ["src/Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj", "src/Utilities/AliasVault.InstallCli/"]
 COPY ["src/Databases/AliasServerDb/AliasServerDb.csproj", "src/Databases/AliasServerDb/"]
-RUN dotnet restore "src/Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj"
+RUN dotnet restore "src/Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj" -a "$TARGETARCH"
 
 # Copy the entire source code
 COPY . .
 
 # Build and publish in one step
 RUN dotnet publish "src/Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj" \
-    -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+    -c "$BUILD_CONFIGURATION" \
+    -a "$TARGETARCH" \
+    -o /app/publish \
+    /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app

src/Utilities/AliasVault.Logging/AliasVault.Logging.csproj

@@ -18,7 +18,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.0" />
+      <PackageReference Include="Microsoft.Extensions.Configuration" Version="9.0.1" />
       <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="9.0.0" />
       <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.0" />
       <PackageReference Include="Microsoft.Extensions.Hosting" Version="9.0.0" />