Merge pull request #448 from lanedirt/447-prepare-090-release

Update version to 0.9.0

.github/workflows/docker-compose-build.yml

@@ -1,4 +1,3 @@
-# This workflow will test if building the Docker Compose containers from scratch works.
 name: Docker Compose Build
 
 on:
@@ -18,83 +17,87 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
+
+      - name: Create .env file with custom SMTP port as port 25 is not allowed in GitHub Actions
+        run: |
+          echo "SMTP_PORT=2525" > .env
+
       - name: Set permissions and run install.sh
         run: |
           chmod +x install.sh
           ./install.sh build --verbose
 
-      - name: Set up Docker Compose
-        run: |
-            # Change the exposed host port of the SmtpService from 25 to 2525 because port 25 is not allowed in GitHub Actions
-            sed -i 's/25\:25/2525\:25/g' docker-compose.yml
-            docker compose -f docker-compose.yml up -d
+      - name: Test if services are responding
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: |
+            sleep 15
 
-      - name: Wait for services to be up
-        run: |
-            # Wait for a few seconds
-            sleep 10
-      -   name: Test if localhost:443 (WASM app) responds
-          uses: nick-fields/retry@v3
-          with:
-              timeout_minutes: 2
-              max_attempts: 3
-              command: |
-                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443)
-                  if [ "$http_code" -ne 200 ]; then
-                    echo "Service did not respond with 200 OK. Check if client app and/or nginx is configured correctly."
-                    exit 1
-                  else
-                    echo "Service responded with 200 OK"
-                  fi
+            # Array of endpoints to test
+            declare -A endpoints=(
+              ["WASM"]="https://localhost:443"
+              ["WebApi"]="https://localhost:443/api"
+              ["Admin"]="https://localhost:443/admin/user/login"
+            )
 
-      -   name: Test if localhost:443/api (WebApi) responds
-          uses: nick-fields/retry@v3
-          with:
-              timeout_minutes: 2
-              max_attempts: 3
-              command: |
-                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443/api)
-                  if [ "$http_code" -ne 200 ]; then
-                    echo "Service did not respond with expected 200 OK. Check if WebApi and/or nginx is configured correctly."
-                    exit 1
-                  else
-                    echo "Service responded with $http_code"
-                  fi
+            failed=false
 
-      -   name: Test if localhost:443/admin (Admin) responds
-          uses: nick-fields/retry@v3
-          with:
-              timeout_minutes: 2
-              max_attempts: 3
-              command: |
-                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443/admin/user/login)
-                  if [ "$http_code" -ne 200 ]; then
-                    echo "Service did not respond with expected 200 OK. Check if admin app and/or nginx is configured correctly."
-                    exit 1
-                  else
-                    echo "Service responded with $http_code"
-                  fi
+            # Test HTTP endpoints
+            for name in "${!endpoints[@]}"; do
+              url="${endpoints[$name]}"
+              echo "Testing $name at $url"
 
-      -   name: Test if localhost:2525 (SmtpService) responds
-          uses: nick-fields/retry@v3
-          with:
-              timeout_minutes: 2
-              max_attempts: 3
-              command: |
-                  if ! nc -zv localhost 2525 2>&1 | grep -q 'succeeded'; then
-                    echo "SmtpService did not respond on port 2525. Check if the SmtpService service is running."
-                    exit 1
-                  else
-                    echo "SmtpService responded on port 2525"
-                  fi
+              # Store both response body and HTTP code
+              response=$(curl -k -s -w "\nHTTP_CODE=%{http_code}" "$url")
+              http_code=$(echo "$response" | grep "HTTP_CODE=" | cut -d= -f2)
+              body=$(echo "$response" | sed '$d')  # Remove the last line (HTTP_CODE)
+
+              if [ "$http_code" -ne 200 ]; then
+                echo "❌ $name failed with HTTP $http_code at $url"
+                echo "Response body:"
+                echo "$body"
+                failed=true
+              else
+                echo "✅ $name responded with HTTP 200"
+              fi
+            done
+
+            # Test SMTP
+            echo "Testing SmtpService at localhost:2525"
+            if ! nc -zv localhost 2525 2>&1 | grep -q 'succeeded'; then
+              echo "❌ SmtpService failed to respond on port 2525"
+              failed=true
+            else
+              echo "✅ SmtpService responded successfully"
+            fi
+
+            # Exit with error if any service failed
+            if [ "$failed" = true ]; then
+              # Get container logs
+              echo "Container Logs admin:"
+              docker compose logs admin
+              echo "Container Logs api:"
+              docker compose logs api
+              echo "Container Logs client:"
+              docker compose logs client
+              echo "Container Logs smtp:"
+              docker compose logs smtp
+              echo "Container Logs reverse-proxy:"
+              docker compose logs reverse-proxy
+
+              # Restart containers for next test in case of failure
+              docker compose restart
+              exit 1
+            fi
 
       - name: Test install.sh reset-password output
         run: |
           output=$(./install.sh reset-password)
           if ! echo "$output" | grep -E '.*New admin password: [A-Za-z0-9+/=]{8,}.*'; then
-            echo "Password reset output format is incorrect. Expected format: 'New admin password: <at least 8 base64 chars>'"
-            echo "Actual output: $output"
+            echo "Password reset output format is incorrect"
+            echo "Expected: 'New admin password: <at least 8 base64 chars>'"
+            echo "Actual: $output"
             exit 1
-          else
-            echo "Password reset output format is correct"
           fi

.github/workflows/docker-compose-pull.yml

@@ -17,17 +17,29 @@ jobs:
         options: --privileged
 
     steps:
-      - uses: actions/checkout@v2
+      - name: Get repository and branch information
+        id: repo-info
+        run: |
+          echo "REPO_FULL_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV
+          echo "BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
+
+      - name: Download install script from current branch
+        run: |
+          INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/$REPO_FULL_NAME/$BRANCH_NAME/install.sh"
+          echo "Downloading install script from: $INSTALL_SCRIPT_URL"
+          curl -f -o install.sh "$INSTALL_SCRIPT_URL"
+
+      - name: Create .env file with custom SMTP port as port 25 is not allowed in GitHub Actions
+        run: |
+          echo "SMTP_PORT=2525" > .env
+
       - name: Set permissions and run install.sh
         run: |
           chmod +x install.sh
           ./install.sh install --verbose
 
       - name: Set up Docker Compose
-        run: |
-            # Change the exposed host port of the SmtpService from 25 to 2525 because port 25 is not allowed in GitHub Actions
-            sed -i 's/25\:25/2525\:25/g' docker-compose.yml
-            docker compose -f docker-compose.yml up -d
+        run: docker compose -f docker-compose.yml up -d
 
       - name: Wait for services to be up
         run: |

.gitignore

@@ -390,6 +390,9 @@ src/Tests/AliasVault.E2ETests/appsettings.Development.json
 # .env is generated by install.sh and therefore should be ignored
 .env
 
+# install.sh backup files are generated by install.sh self-update and therefore should be ignored
+install.sh.backup
+
 # Draw.io diagram temp files
 *.drawio.*
 
@@ -399,3 +402,8 @@ certificates/**/*.key
 certificates/**/*.pfx
 certificates/**/*.pem
 certificates/letsencrypt/**
+
+# Docs
+docs/_site
+docs/vendor
+docs/.bundle

README.md

@@ -3,7 +3,7 @@
 <h1><img src="https://github.com/user-attachments/assets/933c8b45-a190-4df6-913e-b7c64ad9938b" width="40" /> AliasVault</h1>
 
 <p align="center">
-<a href="https://app.aliasvault.net">Live demo 🚀</a> • <a href="https://aliasvault.net?utm_source=gh-readme">Website 🏠</a> • <a href="#installation">Installation 📦</a>
+<a href="https://app.aliasvault.net">Live demo 🔥</a> • <a href="https://aliasvault.net?utm_source=gh-readme">Website 🌐</a> • <a href="https://docs.aliasvault.net?utm_source=gh-readme">Documentation 📚</a> • <a href="#installation">Installation ⚙️</a>
 </p>
 
 <h3 align="center">
@@ -19,6 +19,12 @@ Open-source password and alias manager
 [<img src="https://img.shields.io/sonar/quality_gate/lanedirt_AliasVault?server=https%3A%2F%2Fsonarcloud.io&label=sonarcloud&logo=sonarcloud">](https://sonarcloud.io/summary/new_code?id=lanedirt_AliasVault)
 </div>
 
+<div align="center">
+
+[<img alt="Discord" src="https://img.shields.io/discord/1309300619026235422?logo=discord&logoColor=%237289da&label=join%20discord%20chat&color=%237289da">](https://discord.gg/DsaXMTEtpF)
+
+</div>
+
 AliasVault is an open-source password and alias manager built with C# ASP.NET technology. AliasVault can be self-hosted on your own server with Docker, providing a secure and private solution for managing your online identities and passwords.
 
 ### What makes AliasVault unique:
@@ -32,19 +38,20 @@ AliasVault is an open-source password and alias manager built with C# ASP.NET te
 ## Live demo
 A live demo of the app is available at the official website at [app.aliasvault.net](https://app.aliasvault.net) (up-to-date with `main` branch). You can create a free account to try it out yourself.
 
-<img width="700" alt="Screenshot of AliasVault" src="docs/img/screenshot.png">
+<img width="700" alt="Screenshot of AliasVault" src="docs/assets/img/screenshot.png">
 
 ## Installation
 
-Choose one of the following installation methods:
+To install AliasVault, the easiest method is to use the provided install script. This will download the pre-built Docker images and start the containers.
 
-### Option 1: Quick Install (Pre-built Images)
+### 1. Install using install script
 
 This method uses pre-built Docker images and works on minimal hardware specifications:
-- Linux (Ubuntu or RHEL based distros recommended)
-- 512MB RAM
+
+- Linux VM with root access (Ubuntu or RHEL based distros recommended)
 - 1 vCPU
-- At least 16GB disk space
+- 512MB RAM
+- 16GB disk space
 - Docker installed
 
 ```bash
@@ -56,46 +63,23 @@ chmod +x install.sh
 ./install.sh install
 ```
 
-### Option 2: Build from Source
-
-Building from source requires more resources:
-- Minimum 2GB RAM (more RAM will speed up build time)
-- At least 1 vCPU
-- 40GB+ disk space (for dependencies and build artifacts)
-- Docker installed
-- Git installed
-
-```bash
-# Clone the repository
-git clone https://github.com/lanedirt/AliasVault.git
-cd AliasVault
-
-# Make build script executable and run it. This will create the .env file, build the Docker images from source, and start the AliasVault containers.
-chmod +x install.sh
-./install.sh build
-```
-
-Note: If you do not wish to run the script, you can set up the environment variables and build the Docker image and containers manually instead. See the [manual setup instructions](docs/install/1-manually-setup-docker.md) for more information.
-
-### Post-Installation
+### 2. Post-Installation
 
 The install script will output the URL where the app is available. By default this is:
 - Client: https://localhost
 - Admin portal: https://localhost/admin
 
-> Note: If you want to change the default AliasVault ports you can do so in the `docker-compose.yml` file for the `nginx` (reverse-proxy) container.
+> Note: If you want to change the default AliasVault ports you can do so in the `.env` file.
 
-#### First Time Setup Notes:
-- When building from source for the first time, it may take several minutes for Docker to download and compile all dependencies. Subsequent builds will be faster.
-- A SQLite database file will be created in `./database/AliasServerDb.sqlite`. This file will store all (encrypted) password vaults. It should be kept secure and not shared.
+## Detailed documentation
+For more detailed information about the installation process and other topics, please see the official documentation website:
+- [Documentation website (docs.aliasvault.net) 📚](https://docs.aliasvault.net)
 
-#### Useful Commands:
-- To reset the admin password: `./install.sh reset-password`
-- To uninstall AliasVault: `./install.sh uninstall`
-  This will remove all containers, images, and volumes related to AliasVault while keeping configuration files intact for future reinstallation.
-- If something goes wrong you can run the install script in verbose mode to get more information: `./install.sh [command] --verbose`
+Here you can also find step-by-step instructions on how to install AliasVault to e.g. Azure, AWS and other popular cloud providers.
 
 ## Security Architecture
+<a href="https://docs.aliasvault.net/architecture"><img alt="AliasVault Security Architecture Diagram" src="docs/assets/diagrams/security-architecture/aliasvault-security-architecture-thumb.jpg" width="343"></a>
+
 AliasVault takes security seriously and implements various measures to protect your data:
 
 - All sensitive user data is encrypted end-to-end using industry-standard encryption algorithms. This includes the complete vault contents and all received emails.
@@ -104,7 +88,9 @@ AliasVault takes security seriously and implements various measures to protect y
 
 For detailed information about our encryption implementation and security architecture, see the following documents:
 - [SECURITY.md](SECURITY.md)
-- [Security Architecture Diagram](docs/security-architecture.md)
+- [Security Architecture Diagram](https://docs.aliasvault.net/architecture)
+
+
 
 ## Tech stack / credits
 The following technologies, frameworks and libraries are used in this project:

SECURITY.md

@@ -19,7 +19,7 @@ The following encryption algorithms are used by AliasVault:
 
 Below is a detailed explanation of each encryption algorithm.
 
-For more information about how these algorithms are specifically used in AliasVault, see the [Security Architecture](docs/security-architecture.md) document.
+For more information about how these algorithms are specifically used in AliasVault, see the [Architecture Documentation](https://docs.aliasvault.net/architecture) section on the documentation site.
 
 ### Argon2id
 To derive a key from the master password, AliasVault uses the Argon2id key derivation function. Argon2id is a memory-hard

aliasvault.sln

@@ -67,6 +67,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Shared", "Shared", "{DD359F
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Shared.Core", "src\Shared\AliasVault.Shared.Core\AliasVault.Shared.Core.csproj", "{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.TaskRunner", "src\Services\AliasVault.TaskRunner\AliasVault.TaskRunner.csproj", "{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Shared.Server", "src\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj", "{34FADEB6-4B56-463B-B359-F844B43D76D9}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -169,6 +173,14 @@ Global
 		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -197,6 +209,8 @@ Global
 		{59642CEF-D90A-4A6B-AD3F-9C6300D1E3FC} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
 		{15EFE0D0-F41B-47D7-86B7-8F840335CB82} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
 		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1} = {8A477241-B96C-4174-968D-D40CB77F1ECD}
+		{34FADEB6-4B56-463B-B359-F844B43D76D9} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {FEE82475-C009-4762-8113-A6563D9DC49E}

docker-compose.build.yml

@@ -27,4 +27,10 @@ services:
         image: aliasvault-smtp
         build:
             context: .
-            dockerfile: src/Services/AliasVault.SmtpService/Dockerfile
+            dockerfile: src/Services/AliasVault.SmtpService/Dockerfile
+
+    task-runner:
+        image: aliasvault-task-runner
+        build:
+            context: .
+            dockerfile: src/Services/AliasVault.TaskRunner/Dockerfile

docker-compose.yml

@@ -2,8 +2,8 @@ services:
     reverse-proxy:
         image: ghcr.io/lanedirt/aliasvault-reverse-proxy:latest
         ports:
-            - "80:80"
-            - "443:443"
+            - "${HTTP_PORT:-80}:80"
+            - "${HTTPS_PORT:-443}:443"
         volumes:
             - ./certificates/ssl:/etc/nginx/ssl:rw
             - ./certificates/letsencrypt:/etc/nginx/ssl-letsencrypt:rw
@@ -35,9 +35,9 @@ services:
             - ./database:/database:rw
             - ./certificates/app:/certificates/app:rw
             - ./logs:/logs:rw
+        restart: always
         env_file:
             - .env
-        restart: always
 
     admin:
         image: ghcr.io/lanedirt/aliasvault-admin:latest
@@ -54,15 +54,17 @@ services:
     smtp:
         image: ghcr.io/lanedirt/aliasvault-smtp:latest
         ports:
-            - "25:25"
-            - "587:587"
+            - "${SMTP_PORT:-25}:25"
+            - "${SMTP_TLS_PORT:-587}:587"
         volumes:
             - ./database:/database:rw
             - ./logs:/logs:rw
+        restart: always
         env_file:
             - .env
-        restart: always
 
-networks:
-    aliasvault:
-        name: aliasvault_default
+    task-runner:
+        image: ghcr.io/lanedirt/aliasvault-task-runner:latest
+        restart: always
+        env_file:
+            - .env

docs/.gitignore

@@ -0,0 +1 @@
+!release

docs/CNAME

@@ -0,0 +1 @@
+docs.aliasvault.net

docs/Dockerfile

@@ -0,0 +1,8 @@
+FROM jekyll/jekyll:4.2.2
+
+WORKDIR /srv/jekyll
+COPY . .
+RUN chown -R jekyll:jekyll /srv/jekyll
+
+# Install the theme and dependencies
+RUN bundle install

docs/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# gem "jekyll", "~> 4.3.2"
+gem "just-the-docs"
+
+# If you want to use GitHub Pages, remove the "gem "jekyll"" above and
+# uncomment the line below. To upgrade, run `bundle update github-pages`.
+gem "github-pages", group: :jekyll_plugins

docs/Gemfile.lock

@@ -0,0 +1,286 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.2.2)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    base64 (0.2.0)
+    benchmark (0.4.0)
+    bigdecimal (3.1.8)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    colorator (1.1.0)
+    commonmarker (0.23.11)
+    concurrent-ruby (1.3.4)
+    connection_pool (2.4.1)
+    csv (3.3.0)
+    dnsruby (1.72.3)
+      base64 (~> 0.2.0)
+      simpleidn (~> 0.2.1)
+    drb (2.2.1)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    ethon (0.16.0)
+      ffi (>= 1.15.0)
+    eventmachine (1.2.7)
+    execjs (2.10.0)
+    faraday (2.12.1)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.0)
+      net-http (>= 0.5.0)
+    ffi (1.17.0-x86_64-linux-musl)
+    forwardable-extended (2.6.0)
+    gemoji (4.1.0)
+    github-pages (232)
+      github-pages-health-check (= 1.18.2)
+      jekyll (= 3.10.0)
+      jekyll-avatar (= 0.8.0)
+      jekyll-coffeescript (= 1.2.2)
+      jekyll-commonmark-ghpages (= 0.5.1)
+      jekyll-default-layout (= 0.1.5)
+      jekyll-feed (= 0.17.0)
+      jekyll-gist (= 1.5.0)
+      jekyll-github-metadata (= 2.16.1)
+      jekyll-include-cache (= 0.2.1)
+      jekyll-mentions (= 1.6.0)
+      jekyll-optional-front-matter (= 0.3.2)
+      jekyll-paginate (= 1.1.0)
+      jekyll-readme-index (= 0.3.0)
+      jekyll-redirect-from (= 0.16.0)
+      jekyll-relative-links (= 0.6.1)
+      jekyll-remote-theme (= 0.4.3)
+      jekyll-sass-converter (= 1.5.2)
+      jekyll-seo-tag (= 2.8.0)
+      jekyll-sitemap (= 1.4.0)
+      jekyll-swiss (= 1.0.0)
+      jekyll-theme-architect (= 0.2.0)
+      jekyll-theme-cayman (= 0.2.0)
+      jekyll-theme-dinky (= 0.2.0)
+      jekyll-theme-hacker (= 0.2.0)
+      jekyll-theme-leap-day (= 0.2.0)
+      jekyll-theme-merlot (= 0.2.0)
+      jekyll-theme-midnight (= 0.2.0)
+      jekyll-theme-minimal (= 0.2.0)
+      jekyll-theme-modernist (= 0.2.0)
+      jekyll-theme-primer (= 0.6.0)
+      jekyll-theme-slate (= 0.2.0)
+      jekyll-theme-tactile (= 0.2.0)
+      jekyll-theme-time-machine (= 0.2.0)
+      jekyll-titles-from-headings (= 0.5.3)
+      jemoji (= 0.13.0)
+      kramdown (= 2.4.0)
+      kramdown-parser-gfm (= 1.1.0)
+      liquid (= 4.0.4)
+      mercenary (~> 0.3)
+      minima (= 2.5.1)
+      nokogiri (>= 1.16.2, < 2.0)
+      rouge (= 3.30.0)
+      terminal-table (~> 1.4)
+      webrick (~> 1.8)
+    github-pages-health-check (1.18.2)
+      addressable (~> 2.3)
+      dnsruby (~> 1.60)
+      octokit (>= 4, < 8)
+      public_suffix (>= 3.0, < 6.0)
+      typhoeus (~> 1.3)
+    html-pipeline (2.14.3)
+      activesupport (>= 2)
+      nokogiri (>= 1.4)
+    http_parser.rb (0.8.0)
+    i18n (1.14.6)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.10.0)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      csv (~> 3.0)
+      em-websocket (~> 0.5)
+      i18n (>= 0.7, < 2)
+      jekyll-sass-converter (~> 1.0)
+      jekyll-watch (~> 2.0)
+      kramdown (>= 1.17, < 3)
+      liquid (~> 4.0)
+      mercenary (~> 0.3.3)
+      pathutil (~> 0.9)
+      rouge (>= 1.7, < 4)
+      safe_yaml (~> 1.0)
+      webrick (>= 1.0)
+    jekyll-avatar (0.8.0)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-coffeescript (1.2.2)
+      coffee-script (~> 2.2)
+      coffee-script-source (~> 1.12)
+    jekyll-commonmark (1.4.0)
+      commonmarker (~> 0.22)
+    jekyll-commonmark-ghpages (0.5.1)
+      commonmarker (>= 0.23.7, < 1.1.0)
+      jekyll (>= 3.9, < 4.0)
+      jekyll-commonmark (~> 1.4.0)
+      rouge (>= 2.0, < 5.0)
+    jekyll-default-layout (0.1.5)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-feed (0.17.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-gist (1.5.0)
+      octokit (~> 4.2)
+    jekyll-github-metadata (2.16.1)
+      jekyll (>= 3.4, < 5.0)
+      octokit (>= 4, < 7, != 4.4.0)
+    jekyll-include-cache (0.2.1)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-mentions (1.6.0)
+      html-pipeline (~> 2.3)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-optional-front-matter (0.3.2)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-paginate (1.1.0)
+    jekyll-readme-index (0.3.0)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-redirect-from (0.16.0)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-relative-links (0.6.1)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-remote-theme (0.4.3)
+      addressable (~> 2.0)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0)
+      rubyzip (>= 1.3.0, < 3.0)
+    jekyll-sass-converter (1.5.2)
+      sass (~> 3.4)
+    jekyll-seo-tag (2.8.0)
+      jekyll (>= 3.8, < 5.0)
+    jekyll-sitemap (1.4.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-swiss (1.0.0)
+    jekyll-theme-architect (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-cayman (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-dinky (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-hacker (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-leap-day (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-merlot (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-midnight (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-minimal (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-modernist (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-primer (0.6.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-github-metadata (~> 2.9)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-slate (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-tactile (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-theme-time-machine (0.2.0)
+      jekyll (> 3.5, < 5.0)
+      jekyll-seo-tag (~> 2.0)
+    jekyll-titles-from-headings (0.5.3)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    jemoji (0.13.0)
+      gemoji (>= 3, < 5)
+      html-pipeline (~> 2.2)
+      jekyll (>= 3.0, < 5.0)
+    json (2.8.2)
+    just-the-docs (0.10.0)
+      jekyll (>= 3.8.5)
+      jekyll-include-cache
+      jekyll-seo-tag (>= 2.0)
+      rake (>= 12.3.1)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.4)
+    listen (3.9.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    logger (1.6.1)
+    mercenary (0.3.6)
+    minima (2.5.1)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-feed (~> 0.9)
+      jekyll-seo-tag (~> 2.1)
+    minitest (5.25.1)
+    net-http (0.5.0)
+      uri
+    nokogiri (1.16.7-x86_64-linux)
+      racc (~> 1.4)
+    octokit (4.25.1)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (5.1.1)
+    racc (1.8.1)
+    rake (13.2.1)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
+    rexml (3.3.9)
+    rouge (3.30.0)
+    rubyzip (2.3.2)
+    safe_yaml (1.0.5)
+    sass (3.7.4)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+    securerandom (0.3.2)
+    simpleidn (0.2.3)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    typhoeus (1.4.1)
+      ethon (>= 0.9.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (1.8.0)
+    uri (1.0.2)
+    webrick (1.9.0)
+
+PLATFORMS
+  x86_64-linux-musl
+
+DEPENDENCIES
+  github-pages
+  just-the-docs
+
+BUNDLED WITH
+   2.3.25

docs/README.md

@@ -1,5 +0,0 @@
-# Documentation
-This is the documentation for the AliasVault project.
-
-## Description
-TODO: Work in progress.

docs/_config.yml

@@ -0,0 +1,40 @@
+remote_theme: just-the-docs/just-the-docs
+title: AliasVault
+description: Documentation for the AliasVault password manager
+
+logo: "/assets/img/logo.svg"
+favicon_ico: "/assets/img/favicon.png"
+
+# Navigation settings
+aux_links:
+  "AliasVault on GitHub":
+    - "https://github.com/lanedirt/AliasVault"
+  "AliasVault Website":
+    - "https://aliasvault.net"
+aux_links_new_tab: true
+
+# Search settings
+search_enabled: true
+heading_anchors: true
+
+# Theme settings
+color_scheme: aliasvault
+
+# Enable copy code button
+enable_copy_code_button: true
+
+# Footer "Edit this page on GitHub" link text
+gh_edit_link: true # show or hide edit this page link
+gh_edit_link_text: "Edit this page on GitHub."
+gh_edit_repository: "https://github.com/lanedirt/AliasVault" # the github URL for your repo
+gh_edit_branch: "main" # the branch that your docs is served from
+gh_edit_source: docs # the source that your files originate from
+gh_edit_view_mode: "tree" # "tree" or "edit" if you want the user to jump into the editor immediately
+
+callouts:
+  warning:
+    title: Warning
+    color: red
+  note:
+    title: Note
+    color: purple

docs/_includes/nav_footer_custom.html

@@ -0,0 +1 @@
+ 

docs/_sass/color_schemes/aliasvault.scss

@@ -0,0 +1,42 @@
+@import "./color_schemes/dark";
+
+// Base theme colors
+$link-color: #f49541;
+$btn-primary-color: #d68338;
+
+// Main colors
+$body-background-color: #1f2937;
+$sidebar-color: #111827;
+$border-color: #374151;
+$body-text-color: #f8f9fa;
+
+// Navigation
+$nav-child-link-color: #fdde85;
+$search-result-preview-color: #e9ecef;
+
+// Content elements
+$feedback-color: #2d3748;
+$table-background-color: #374151;
+$search-background-color: #374151;
+
+// Code blocks
+$code-background-color: #2d3748;
+$code-linenumber-color: #9ca3af;
+
+// Tables
+$table-border-color: #4b5563;
+
+// Search
+$search-result-preview-color: #d1d5db;
+
+// Buttons
+$btn-primary-color-dark: #d68338;
+
+// Base Colors (kept for compatibility)
+$purple-000: #f8b963;
+$purple-100: #ffd5a8;
+$purple-200: #f49541;
+$purple-300: #d68338;
+
+// Navigation additional
+$nav-button-color: #f49541;

docs/architecture/index.md

@@ -1,4 +1,11 @@
-# Security Architecture
+---
+layout: default
+title: Architecture
+has_children: true
+nav_order: 3
+---
+
+# Architecture
 
 AliasVault implements a zero-knowledge architecture where sensitive user data and passwords never leave the client device in unencrypted form. Below is a detailed explanation of how the system secures user data and communications.
 
@@ -6,12 +13,12 @@ AliasVault implements a zero-knowledge architecture where sensitive user data an
 The security architecture diagram below illustrates all encryption and authentication processes used in AliasVault to secure user data and communications.
 
 <picture>
-  <source media="(prefers-color-scheme: dark)" srcset="diagrams/security-architecture/aliasvault-security-architecture-dark.svg">
-  <source media="(prefers-color-scheme: light)" srcset="diagrams/security-architecture/aliasvault-security-architecture-light.svg">
-  <img alt="AliasVault Security Architecture Diagram" src="diagrams/security-architecture/aliasvault-security-architecture-light.svg">
+  <source media="(prefers-color-scheme: dark)" srcset="../assets/diagrams/security-architecture/aliasvault-security-architecture-dark.svg">
+  <source media="(prefers-color-scheme: light)" srcset="../assets/diagrams/security-architecture/aliasvault-security-architecture-light.svg">
+  <img alt="AliasVault Security Architecture Diagram" src="../assets/diagrams/security-architecture/aliasvault-security-architecture-light.svg">
 </picture>
 
-You can also view the diagram in a browser-friendly HTML format: [AliasVault Security Architecture](diagrams/security-architecture/aliasvault-security-architecture.html)
+You can also view the diagram in a browser-friendly HTML format: [AliasVault Security Architecture](https://lanedirt.github.io/AliasVault/assets/diagrams/security-architecture/aliasvault-security-architecture.html)
 
 ## Key Components and Process Flow
 

docs/assets/diagrams/_README.md

@@ -1,3 +1,5 @@
+
+
 # Diagrams
 
 This folder contains architecture and flow diagrams for AliasVault in various formats.

docs/assets/img/logo.svg

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg enable-background="new 0 0 800 500" version="1.1" viewBox="-1.84 7.892 1822.253 474.315" xmlns="http://www.w3.org/2000/svg" xmlns:bx="https://boxy-svg.com" width="1822.253px" height="474.315px"><defs><bx:export><bx:file format="svg"/></bx:export></defs><path d="m459.87 294.95c0.016205 5.4005 0.03241 10.801-0.35022 16.873-1.111 6.3392-1.1941 12.173-2.6351 17.649-10.922 41.508-36.731 69.481-77.351 83.408-7.2157 2.4739-14.972 3.3702-22.479 4.995-23.629 0.042205-47.257 0.11453-70.886 0.12027-46.762 0.011322-93.523-0.01416-140.95-0.43411-8.59-2.0024-16.766-2.8352-24.398-5.3326-21.595-7.0666-39.523-19.656-53.708-37.552-10.227-12.903-17.579-27.17-21.28-43.221-1.475-6.3967-2.4711-12.904-3.6852-19.361-0.051849-5.747-0.1037-11.494 0.26915-17.886 4.159-42.973 27.68-71.638 63.562-92.153 0-0.70761-0.001961-1.6988 3.12e-4 -2.69 0.022484-9.8293-1.3071-19.894 0.35664-29.438 3.2391-18.579 11.08-35.272 23.763-49.773 12.098-13.832 26.457-23.989 43.609-30.029 7.813-2.7512 16.14-4.0417 24.234-5.9948 7.392-0.025734 14.784-0.05146 22.835 0.32253 4.1959 0.95392 7.7946 1.2538 11.258 2.1053 17.16 4.2192 32.287 12.176 45.469 24.104 2.2558 2.0411 4.372 6.6241 9.621 3.868 16.839-8.8419 34.718-11.597 53.603-8.594 16.791 2.6699 31.602 9.4308 44.236 20.636 11.531 10.227 19.84 22.841 25.393 37.236 6.3436 16.445 10.389 33.163 6.0798 49.389 7.9587 8.9321 15.807 16.704 22.421 25.414 9.162 12.065 15.33 25.746 18.144 40.776 0.97046 5.1848 1.9111 10.375 2.8654 15.563m-71.597 71.012c5.5615-5.2284 12.002-9.7986 16.508-15.817 10.474-13.992 14.333-29.916 11.288-47.446-2.2496-12.95-8.1973-24.076-17.243-33.063-12.746-12.663-28.865-18.614-46.786-18.569-69.912 0.17712-139.82 0.56831-209.74 0.96176-15.922 0.089599-29.168 7.4209-39.685 18.296-14.45 14.944-20.408 33.343-16.655 54.368 2.2763 12.754 8.2167 23.748 17.158 32.66 13.299 13.255 30.097 18.653 48.728 18.651 59.321-0.005188 118.64 0.042358 177.96-0.046601 9.5912-0.014374 19.181-0.86588 28.773-0.88855 10.649-0.025146 19.978-3.825 29.687-9.1074z" fill="#EEC170"/><path d="m162.77 293c15.654 4.3883 20.627 22.967 10.304 34.98-5.3104 6.1795-14.817 8.3208-24.278 5.0472-7.0723-2.4471-12.332-10.362-12.876-17.933-1.0451-14.542 11.089-23.176 21.705-23.046 1.5794 0.019287 3.1517 0.61566 5.1461 0.95184z" fill="#EEC170"/><path d="m227.18 293.64c7.8499 2.3973 11.938 8.2143 13.524 15.077 1.8591 8.0439-0.44817 15.706-7.1588 21.121-6.7633 5.4572-14.417 6.8794-22.578 3.1483-8.2972-3.7933-12.836-10.849-12.736-19.438 0.1687-14.497 14.13-25.368 28.948-19.908z" fill="#EEC170"/><path d="m261.57 319.07c-2.495-14.418 4.6853-22.603 14.596-26.108 9.8945-3.4995 23.181 3.4303 26.267 13.779 4.6504 15.591-7.1651 29.064-21.665 28.161-8.5254-0.53088-17.202-6.5094-19.198-15.831z" fill="#EEC170"/><path d="m336.91 333.41c-9.0175-4.2491-15.337-14.349-13.829-21.682 3.0825-14.989 13.341-20.304 23.018-19.585 10.653 0.79141 17.93 7.407 19.765 17.547 1.9588 10.824-4.1171 19.939-13.494 23.703-5.272 2.1162-10.091 1.5086-15.46 0.017883z" fill="#EEC170"/><text style="fill: rgb(255, 255, 255); font-family: Arial, sans-serif; font-size: 268.3px; font-weight: 700; white-space: pre;" x="531.151" y="358.747">AliasVault</text></svg>

docs/contact/index.md

@@ -0,0 +1,14 @@
+---
+layout: default
+title: Help and Support
+has_children: true
+nav_order: 100
+---
+
+# Help and Support
+
+If you need help or have any questions about installing or using AliasVault, you can reach us on [AliasVault Discord](https://discord.gg/DsaXMTEtpF).
+
+If you have found a bug or have a feature request, please open an issue on [AliasVault GitHub](https://github.com/lanedirt/AliasVault/issues).
+
+If you have any other questions or feedback, please use the contact form on the [AliasVault website](https://aliasvault.net/contact).

docs/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+    jekyll:
+        build: .
+        volumes:
+            - .:/srv/jekyll
+        ports:
+            - "4000:4000"
+        command: bundle exec jekyll serve --host 0.0.0.0 --watch --force_polling --livereload
+        environment:
+            - JEKYLL_ENV=development
+            - JEKYLL_NO_CACHE=true
+            - DISABLE_DISK_CACHE=true

docs/index.md

@@ -0,0 +1,45 @@
+---
+layout: home
+title: Home
+nav_order: 1
+description: "AliasVault Documentation - Open-source password and identity manager"
+permalink: /
+---
+
+# AliasVault Documentation
+{: .fs-9 }
+
+Open-source password and identity manager with email alias generation and zero-knowledge architecture.
+{: .fs-6 .fw-300 }
+
+[Installation](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[View on GitHub](https://github.com/lanedirt/AliasVault){: .btn .fs-5 .mb-4 .mb-md-0 }
+
+---
+
+## What is AliasVault?
+
+AliasVault is a self-hosted password and identity manager that helps you:
+
+- 🔐 **Secure Passwords** - Store and manage passwords with zero-knowledge encryption
+- 📧 **Email Aliases** - Generate unique email addresses for each service
+- 🎭 **Identity Management** - Create and manage separate online identities
+- 🏠 **Self-Hosted** - Run on your own infrastructure using Docker
+- 🔓 **Open Source** - Transparent, auditable, and free to use
+
+## Key Features
+
+### Zero-Knowledge Architecture
+All data is end-to-end encrypted on the client. Your master password never leaves your device, and the server never has access to your data.
+
+### Built-in Email Server
+Generate virtual email addresses for each identity. Emails sent to these addresses are instantly visible in the AliasVault app.
+
+### Virtual Identities
+Create separate identities for different purposes, each with its own email aliases and credentials.
+
+---
+
+## Getting Started
+
+Ready to get started with AliasVault? Check out the [installation guide](./installation).

docs/installation/advanced/build-from-source.md

@@ -0,0 +1,33 @@
+---
+layout: default
+title: Build from Source
+parent: Advanced
+nav_order: 1
+---
+
+# Build from Source
+Instead of using the pre-built Docker images, you can also build the images from source yourself. This allows you to build a specific version of AliasVault and/or to make changes to the source code.
+
+Building from source requires more resources:
+- Minimum 2GB RAM (more RAM will speed up build time)
+- At least 1 vCPU
+- 40GB+ disk space (for dependencies and build artifacts)
+- Docker installed
+- Git installed
+
+## Steps
+1. Clone the repository
+```bash
+git clone https://github.com/lanedirt/AliasVault.git
+cd AliasVault
+```
+2. Make the build script executable and run it. This will create the .env file, build the Docker images locally from source, and start the AliasVault containers. Follow the on-screen prompts to configure AliasVault.
+```bash
+chmod +x install.sh
+./install.sh build
+```
+> **Note:** The build process can take a while depending on your hardware (5-15 minutes).
+
+3.  After the script completes, you can access AliasVault at:
+  - Client: `https://localhost`
+  - Admin: `https://localhost/admin`

docs/installation/advanced/index.md

@@ -0,0 +1,9 @@
+---
+layout: default
+title: Advanced
+parent: Installation Guide
+nav_order: 2
+---
+
+# Advanced Installation
+The following guides provide more advanced installation options for AliasVault. These options are not required for the basic installation, but may be useful for advanced users.

docs/installation/advanced/manual-setup.md

@@ -1,6 +1,13 @@
-# Manual Setup Instructions for AliasVault
+---
+layout: default
+title: Manual Setup
+parent: Advanced
+nav_order: 2
+---
 
-This README provides step-by-step instructions for manually setting up AliasVault without using the `install.sh` script. Follow these steps if you prefer to execute all statements yourself.
+# Manual Setup
+
+If you prefer to manually set up AliasVault, this README provides step-by-step instructions. Follow these steps if you prefer to execute all statements yourself.
 
 ## Prerequisites
 

docs/installation/index.md

@@ -0,0 +1,8 @@
+---
+layout: default
+title: Installation Guide
+nav_order: 2
+---
+
+# Installation Guide
+The following guide will walk you through the steps to install AliasVault on your own server. Minimum experience with Docker and Linux is required.

docs/installation/install.md

@@ -0,0 +1,150 @@
+---
+layout: default
+title: Basic Install
+parent: Installation Guide
+nav_order: 1
+---
+
+# Basic Install
+The following guide will walk you through the steps to install AliasVault on your own server. Minimum experience with Docker and Linux is required.
+
+{: .toc }
+* TOC
+{:toc}
+
+---
+
+## 1. Basic Installation
+To get AliasVault up and running quickly, run the install script to pull pre-built Docker images. The install script will also configure the .env file and start the AliasVault containers. You can get up and running in less than 5 minutes.
+
+### Hardware requirements
+- Linux VM with root access (Ubuntu or RHEL based distros recommended)
+- 1 vCPU
+- 512MB RAM
+- 16GB disk space
+- Docker installed
+
+### Installation steps
+1. Download the install script to a directory of your choice. All AliasVault files and directories will be created in this directory.
+```bash
+curl -o install.sh https://raw.githubusercontent.com/lanedirt/AliasVault/main/install.sh
+```
+2. Make the install script executable.
+```bash
+chmod +x install.sh
+```
+3. Run the install script. This will create the .env file, pull the Docker images, and start the AliasVault containers. Follow the on-screen prompts to configure AliasVault.
+```bash
+./install.sh install
+```
+> **Note**: AliasVault binds to ports 80 and 443 by default. If you want to change the default AliasVault ports you can do so in the `.env` file. Afterwards re-run the `./install.sh install` command to restart the containers with the new port settings.
+
+3. After the script completes, you can access AliasVault at:
+  - Client: `https://localhost`
+  - Admin: `https://localhost/admin`
+
+---
+
+## 2. SSL configuration
+The default installation will create a self-signed SSL certificate and configure Nginx to use it.
+
+You can however also use Let's Encrypt to generate valid SSL certificates and configure Nginx to use it. In order to make this work you will need the following:
+
+- A public IPv4 address assigned to your server
+- Port 80 and 443 on your server must be open and accessible from the internet
+- A registered domain name with an A record pointing to your server's public IP address (e.g. mydomain.com)
+
+### Steps
+
+1. Run the install script with the `configure-ssl` option
+```bash
+./install.sh configure-ssl
+```
+2. Follow the prompts to configure Let's Encrypt.
+
+### Reverting to self-signed SSL
+If at any point you would like to revert to the self-signed SSL certificate, run the install script again with the `configure-ssl` option
+and then in the prompt choose option 2.
+
+---
+
+## 3. Email Server Setup
+
+AliasVault includes a built-in email server that can handle multiple custom domains for your aliases.
+
+To set up the email server, you need the following:
+- Public IPv4 address
+- Open ports (25 and 587) in server firewall for SMTP traffic
+- Access to DNS record management for your domain
+
+### a) DNS Configuration
+Configure the following DNS records for your domain:
+
+| Name | Type | Priority | Content                   | TTL |
+|------|------|----------|---------------------------|-----|
+| mail | A    |          | `<your-server-public-ip>` | 3600 |
+| @    | MX   | 10       | `mail.<your-domain>`      | 3600 |
+
+> Note: Replace `<your-server-public-ip>` and `<your-domain>` with your actual values.
+
+### b) Port Configuration
+The email server requires the following ports to be open:
+- Port 25: Standard SMTP (unencrypted)
+- Port 587: SMTP with STARTTLS (encrypted)
+
+#### Verifying Port Access
+You can test if the SMTP ports are correctly configured using telnet:
+
+```bash
+# Test standard SMTP port
+telnet <your-server-public-ip> 25
+
+# Test secure SMTP port
+telnet <your-server-public-ip> 587
+```
+
+If successful, you'll see a connection establishment message. Press Ctrl+C to exit the telnet session.
+
+### c) Setting Up Email Domains
+
+1. Run the email configuration script:
+  ```bash
+  ./install.sh configure-email
+  ````
+2. Follow the interactive prompts to:
+    - Configure your domain(s)
+    - Restart required services
+
+3. Once configured, you can:
+   - Create new aliases in the AliasVault client
+   - Use your custom domain(s) for email addresses
+     - Note: you can configure the default domain for new aliases in the AliasVault client in Menu > Settings > Email Settings > Default Email Domain
+   - Start receiving emails on your aliases
+
+{: .note }
+Important: DNS propagation can take up to 24-48 hours. During this time, email delivery might be inconsistent.
+
+If you encounter any issues, feel free to open an issue on the [GitHub repository](https://github.com/lanedirt/AliasVault/issues).
+
+---
+
+## 4. Troubleshooting
+
+### Resetting the admin password
+If you have lost your admin password, you can reset it by running the install script with the `reset-password` option. This will generate a new random password and update the .env file with it. After that it will restart the AliasVault containers to apply the changes.
+```bash
+./install.sh reset-password
+```
+
+### Verbose output
+If you need more detailed output from the install script, you can run it with the `--verbose` option. This will print more information to the console.
+```bash
+./install.sh install --verbose
+```
+
+### No emails being received
+If you are not receiving emails on your aliases, check the following:
+- Verify DNS records are correctly configured
+- Ensure ports 25 and 587 are accessible
+- Check your server's firewall settings
+- Verify that your ISP/hosting provider allows SMTP traffic

docs/installation/start-stop.md

@@ -0,0 +1,30 @@
+---
+layout: default
+title: Start/stop
+parent: Installation Guide
+nav_order: 2
+---
+
+# Starting and stopping AliasVault
+You can start and stop AliasVault easily by using the install script.
+
+## Stop
+To stop AliasVault, run the install script with the `stop` option. This will stop all running AliasVault containers.
+
+```bash
+./install.sh stop
+```
+
+## Start
+To start AliasVault, run the install script with the `start` option. This will start all AliasVault containers.
+
+```bash
+./install.sh start
+```
+
+## Restart
+To restart AliasVault, run the install script with the `restart` option. This will restart all AliasVault containers.
+
+```bash
+./install.sh restart
+```

docs/installation/uninstall.md

@@ -0,0 +1,19 @@
+---
+layout: default
+title: Uninstall
+parent: Installation Guide
+nav_order: 4
+---
+
+# Uninstall
+
+To uninstall AliasVault, run the install script with the `uninstall` option. This will stop and remove the AliasVault containers, remove the Docker images, and delete the .env file.
+
+{: .note }
+This will not delete any data stored in the database. If you wish to delete all data, you should manually delete the `database` directory and the other directories created by AliasVault.
+
+### Steps
+1. Run the install script with the `uninstall` option
+```bash
+./install.sh uninstall
+```

docs/installation/update.md

@@ -0,0 +1,43 @@
+---
+layout: default
+title: Update
+parent: Installation Guide
+nav_order: 3
+---
+
+# Updating AliasVault
+To update AliasVault to the latest version, run the install script with the `update` option. This will pull the latest version of AliasVault from GitHub and restart all containers.
+
+You can see the latest available version of AliasVault on [GitHub](https://github.com/lanedirt/AliasVault/releases).
+
+{: .warning }
+Before updating, it's recommended to backup your database and other important data. You can do this by making
+a copy of the `database` and `certificates` directories.
+
+## Updating to the latest available version
+To update to the latest version, run the install script with the `update` option. The script will check for the latest version and prompt you to confirm the update. Follow the prompts to complete the update.
+
+```bash
+./install.sh update
+```
+
+> Tip: to skip the confirmation prompts and automatically proceed with the update, use the `-y` flag: `./install.sh update -y`
+
+## Updating the installer script
+The installer script can check for and apply updates to itself. This is done as part of the `update` command. However you can also update the installer script separately with the `update-installer` command. This is useful if you want to update the installer script without updating AliasVault itself, e.g. as a separate step during CI/CD pipeline.
+
+```bash
+./install.sh update-installer
+```
+
+> Tip: to skip the confirmation prompts and automatically proceed with the update, use the `-y` flag: `./install.sh update-installer -y`
+
+## Installing a specific version
+To install a specific version and skip the automatic version checks, run the install script with the `install` option and specify the version you want to install.
+
+```bash
+./install.sh install <version>
+
+# Example:
+./install.sh install 0.7.0
+```

docs/misc/dev/configure-sqlite-wasm.md

@@ -1,3 +1,12 @@
+---
+layout: default
+title: Configure SQLite for use with WebAssembly
+parent: Development
+grand_parent: Miscellaneous
+nav_order: 2
+---
+
+# Configure SQLite for use with WebAssembly
 To configure SQLite for use with WebAssembly follow these steps:
 
 1. Add NuGet package

docs/misc/dev/enable-webauthn-pfr-chrome.md

@@ -1,3 +1,12 @@
+---
+layout: default
+title: Enable WebAuthn
+parent: Development
+grand_parent: Miscellaneous
+nav_order: 1
+---
+
+# WebAuthn
 The webauthn implementation in order to quick unlock the vault requires the use of a FIDO2 authenticator.
 
 This can be either the built-in browser authenticator or an external authenticator like a Yubikey.

docs/misc/dev/index.md

@@ -0,0 +1,6 @@
+---
+layout: default
+title: Development
+parent: Miscellaneous
+nav_order: 1
+---

docs/misc/dev/run-github-actions-locally.md

@@ -1,3 +1,11 @@
+---
+layout: default
+title: 1. Run GitHub Actions Locally
+parent: Development
+grand_parent: Miscellaneous
+nav_order: 1
+---
+
 # Run GitHub Actions Locally
 
 This guide will help you set up and run GitHub Actions locally on Linux, which can be useful for debugging and testing your workflows without pushing changes to the repository.

docs/misc/dev/upgrade-ef-client-model.md

@@ -1,3 +1,13 @@
+---
+layout: default
+title: Upgrade the AliasClientDb EF model
+parent: Development
+grand_parent: Miscellaneous
+nav_order: 3
+---
+
+# Upgrade the AliasClientDb EF model
+
 To upgrade the AliasClientDb EF model, follow these steps:
 
 1. Make changes to the AliasClientDb EF model in the `AliasClientDb` project.

docs/misc/index.md

@@ -0,0 +1,10 @@
+---
+layout: default
+title: Miscellaneous
+has_children: true
+nav_order: 99
+---
+
+# Miscellaneous
+
+Miscellaneous guides and documentation.

docs/misc/release/create-new-release.md

@@ -0,0 +1,19 @@
+---
+layout: default
+title: Create a new release
+parent: Release
+grand_parent: Miscellaneous
+nav_order: 1
+---
+
+# Release Preparation Checklist
+
+Follow the steps in the checklist below to prepare a new release.
+
+- [ ] Update ./src/Shared/AliasVault.Shared.Core/AppInfo.cs and update major/minor/patch to the new version. This version will be shown in the client and admin app footer.
+- [ ] Update ./install.sh `@version` in header if the install script has changed. This allows the install script to self-update when running ./install.sh update command on default installations.
+- [ ] Update README screenshots if applicable
+- [ ] Update README current/upcoming features
+
+Optional steps:
+- [ ] Update /docs instructions if any changes have been made to the setup process

docs/misc/release/index.md

@@ -0,0 +1,6 @@
+---
+layout: default
+title: Release
+parent: Miscellaneous
+nav_order: 1
+---

install.sh

@@ -1,10 +1,12 @@
 #!/bin/bash
+# @version 0.9.0
 
 # Repository information used for downloading files and images from GitHub
 REPO_OWNER="lanedirt"
 REPO_NAME="AliasVault"
 REPO_BRANCH="main"
-GITHUB_RAW_URL="https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}/${REPO_BRANCH}"
+GITHUB_RAW_URL_REPO="https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}"
+GITHUB_RAW_URL_REPO_BRANCH="$GITHUB_RAW_URL_REPO/$REPO_BRANCH"
 GITHUB_CONTAINER_REGISTRY="ghcr.io/$(echo "$REPO_OWNER" | tr '[:upper:]' '[:lower:]')/$(echo "$REPO_NAME" | tr '[:upper:]' '[:lower:]')"
 
 # Required files and directories
@@ -22,7 +24,6 @@ REQUIRED_DIRS=(
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
 MAGENTA='\033[0;35m'
 CYAN='\033[0;36m'
 NC='\033[0m'
@@ -37,11 +38,17 @@ show_usage() {
     printf "Usage: $0 [COMMAND] [OPTIONS]\n"
     printf "\n"
     printf "Commands:\n"
-    printf "  install           Install AliasVault by pulling pre-built images from GitHub Container Registry (default)\n"
-    printf "  build             Build AliasVault from source (takes longer and requires sufficient specs)\n"
-    printf "  reset-password    Reset admin password\n"
-    printf "  uninstall         Uninstall AliasVault\n"
-    printf "  configure-ssl     Configure SSL certificates (Let's Encrypt or self-signed)\n"
+    printf "  install               Install AliasVault by pulling pre-built images from GitHub Container Registry (recommended)\n"
+    printf "  uninstall             Uninstall AliasVault\n"
+    printf "  update                Update AliasVault to the latest version\n"
+    printf "  update-installer      Check and update install.sh script if newer version available\n"
+    printf "  configure-ssl         Configure SSL certificates (Let's Encrypt or self-signed)\n"
+    printf "  configure-email       Configure email domains for receiving emails\n"
+    printf "  start                 Start AliasVault containers\n"
+    printf "  stop                  Stop AliasVault containers\n"
+    printf "  restart               Restart AliasVault containers\n"
+    printf "  reset-password        Reset admin password\n"
+    printf "  build                 Build AliasVault from source (takes longer and requires sufficient specs)\n"
 
     printf "\n"
     printf "Options:\n"
@@ -52,38 +59,82 @@ show_usage() {
 
 # Function to parse command line arguments
 parse_args() {
-    COMMAND=""  # Remove default command
+    COMMAND=""
     VERBOSE=false
     FORCE_YES=false
+    COMMAND_ARG=""
 
-    # Show usage if no arguments provided
     if [ $# -eq 0 ]; then
         show_usage
         exit 0
     fi
 
+    # First argument is always the command
+    case $1 in
+        install|i)
+            COMMAND="install"
+            shift
+            # Check for version argument
+            if [ $# -gt 0 ] && [[ ! "$1" =~ ^- ]]; then
+                COMMAND_ARG="$1"
+                shift
+            fi
+            ;;
+        # Other commands remain unchanged
+        build|b)
+            COMMAND="build"
+            shift
+            ;;
+        uninstall|u)
+            COMMAND="uninstall"
+            shift
+            ;;
+        reset-password|reset-admin-password|rp)
+            COMMAND="reset-password"
+            shift
+            ;;
+        configure-ssl|ssl)
+            COMMAND="configure-ssl"
+            shift
+            ;;
+        configure-email|email)
+            COMMAND="configure-email"
+            shift
+            ;;
+        start|s)
+            COMMAND="start"
+            shift
+            ;;
+        stop|st)
+            COMMAND="stop"
+            shift
+            ;;
+        restart|r)
+            COMMAND="restart"
+            shift
+            ;;
+        update|up)
+            COMMAND="update"
+            shift
+            ;;
+        update-installer|cs)
+            COMMAND="update-installer"
+            shift
+            ;;
+        --help)
+            show_usage
+            exit 0
+            ;;
+        *)
+            echo "Unknown option: $1"
+            show_usage
+            exit 1
+            ;;
+    esac
+
+    # Parse remaining flags
     while [[ $# -gt 0 ]]; do
         case $1 in
-            install|i)
-                COMMAND="install"
-                shift
-                ;;
-            build|b)
-                COMMAND="build"
-                shift
-                ;;
-            uninstall|u)
-                COMMAND="uninstall"
-                shift
-                ;;
-            reset-password|reset-admin-password|rp)
-                COMMAND="reset-password"
-                shift
-                ;;
-            configure-ssl|ssl)
-                COMMAND="configure-ssl"
-                shift
-                ;;
             --verbose)
                 VERBOSE=true
                 shift
@@ -92,10 +143,6 @@ parse_args() {
                 FORCE_YES=true
                 shift
                 ;;
-            --help)
-                show_usage
-                exit 0
-                ;;
             *)
                 echo "Unknown option: $1"
                 show_usage
@@ -118,7 +165,7 @@ main() {
     print_logo
     case $COMMAND in
         "install")
-            handle_install
+            handle_install "$COMMAND_ARG"
             ;;
         "build")
             handle_build
@@ -136,6 +183,25 @@ main() {
         "configure-ssl")
             handle_ssl_configuration
             ;;
+        "configure-email")
+            handle_email_configuration
+            ;;
+        "start")
+            handle_start
+            ;;
+        "stop")
+            handle_stop
+            ;;
+        "restart")
+            handle_restart
+            ;;
+        "update")
+            handle_update
+            ;;
+        "update-installer")
+            check_install_script_update
+            exit $?
+            ;;
     esac
 }
 
@@ -168,26 +234,39 @@ create_directories() {
 # Function to initialize workspace
 initialize_workspace() {
     create_directories
-    handle_docker_compose
 }
 
 # Function to handle docker-compose.yml
 handle_docker_compose() {
-    printf "${CYAN}> Checking docker-compose.yml...${NC}\n"
+    local version_tag="$1"
+    printf "${CYAN}> Downloading latest docker-compose files...${NC}\n"
 
-    if [ -f "docker-compose.yml" ]; then
-        printf "  ${GREEN}> docker-compose.yml already exists.${NC}\n"
-        return 0
-    fi
-
-    printf "  ${CYAN}> Downloading docker-compose.yml...${NC}"
-    if curl -sSf "${GITHUB_RAW_URL}/docker-compose.yml" -o "docker-compose.yml" > /dev/null 2>&1; then
-        printf "\n  ${GREEN}> docker-compose.yml downloaded successfully.${NC}\n"
-        return 0
+    # Download and overwrite docker-compose.yml
+    printf "  ${GREEN}> Downloading docker-compose.yml for version ${version_tag}...${NC}"
+    if curl -sSf "${GITHUB_RAW_URL_REPO}/${version_tag}/docker-compose.yml" -o "docker-compose.yml.tmp" > /dev/null 2>&1; then
+        # Replace the :latest tag with the specific version if provided
+        if [ -n "$version_tag" ] && [ "$version_tag" != "latest" ]; then
+            sed "s/:latest/:$version_tag/g" docker-compose.yml.tmp > docker-compose.yml
+            rm docker-compose.yml.tmp
+        else
+            mv docker-compose.yml.tmp docker-compose.yml
+        fi
+        printf "\n  ${CYAN}> docker-compose.yml downloaded successfully.${NC}\n"
     else
-        printf "\n  ${YELLOW}> Failed to download docker-compose.yml, please check your internet connection and try again. Alternatively, you can download it manually from https://github.com/${REPO_OWNER}/${REPO_NAME}/blob/main/docker-compose.yml and place it in the root directory of AliasVault.${NC}\n"
+        printf "\n  ${YELLOW}> Failed to download docker-compose.yml, please check your internet connection and try again. Alternatively, you can download it manually from ${GITHUB_RAW_URL_REPO}/blob/${version_tag}/docker-compose.yml and place it in the root directory of AliasVault.${NC}\n"
         exit 1
     fi
+
+    # Download and overwrite docker-compose.letsencrypt.yml
+    printf "  ${GREEN}> Downloading docker-compose.letsencrypt.yml for version ${version_tag}...${NC}"
+    if curl -sSf "${GITHUB_RAW_URL_REPO}/${version_tag}/docker-compose.letsencrypt.yml" -o "docker-compose.letsencrypt.yml" > /dev/null 2>&1; then
+        printf "\n  ${CYAN}> docker-compose.letsencrypt.yml downloaded successfully.${NC}\n"
+    else
+        printf "\n  ${YELLOW}> Failed to download docker-compose.letsencrypt.yml, please check your internet connection and try again. Alternatively, you can download it manually from ${GITHUB_RAW_URL_REPO}/blob/${version_tag}/docker-compose.letsencrypt.yml and place it in the root directory of AliasVault.${NC}\n"
+        exit 1
+    fi
+
+    return 0
 }
 
 # Function to print the logo
@@ -196,8 +275,8 @@ print_logo() {
     printf "    _    _ _           __      __         _ _   \n"
     printf "   / \  | (_) __ _ ___ \ \    / /_ _ _   _| | |_\n"
     printf "  / _ \ | | |/ _\` / __| \ \/\/ / _\` | | | | | __|\n"
-    printf " / ___ \| | | (_| \__ \  \  /  (_| | |_| | | |_ \n"
-    printf "/_/   \_\_|_|\__,_|___/   \/  \__,_|\__,_|_|\__|\n"
+    printf " / ___ \| | | (_| \__ \  \  / / (_| | |_| | | |_ \n"
+    printf "/_/   \_\_|_|\__,_|___/   \/  \__,__|\__,_|_|\__|\n"
     printf "${NC}\n"
 }
 
@@ -254,22 +333,14 @@ populate_data_protection_cert_pass() {
 set_private_email_domains() {
     printf "${CYAN}> Checking PRIVATE_EMAIL_DOMAINS...${NC}\n"
     if ! grep -q "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" || [ -z "$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
-        printf "Please enter the domains that should be allowed to receive email, separated by commas (press Enter to disable email support): "
-        read -r private_email_domains
+        update_env_var "PRIVATE_EMAIL_DOMAINS" "DISABLED.TLD"
+    fi
 
-        private_email_domains=${private_email_domains:-"DISABLED.TLD"}
-        update_env_var "PRIVATE_EMAIL_DOMAINS" "$private_email_domains"
-
-        if [ "$private_email_domains" = "DISABLED.TLD" ]; then
-            printf "  ${RED}SMTP is disabled.${NC}\n"
-        fi
+    private_email_domains=$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)
+    if [ "$private_email_domains" = "DISABLED.TLD" ]; then
+        printf "  ${RED}Email server is disabled.${NC} To enable use ./install.sh configure-email command.\n"
     else
-        private_email_domains=$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)
-        if [ "$private_email_domains" = "DISABLED.TLD" ]; then
-            printf "  ${GREEN}> PRIVATE_EMAIL_DOMAINS already exists.${NC} ${RED}Private email domains are disabled.${NC}\n"
-        else
-            printf "  ${GREEN}> PRIVATE_EMAIL_DOMAINS already exists.${NC}\n"
-        fi
+        printf "  ${GREEN}> PRIVATE_EMAIL_DOMAINS already exists. Email server is enabled.${NC}\n"
     fi
 }
 
@@ -338,6 +409,37 @@ generate_admin_password() {
     fi
 }
 
+# Function to set default ports
+set_default_ports() {
+    printf "${CYAN}> Checking default ports...${NC}\n"
+
+    # Web ports
+    if ! grep -q "^HTTP_PORT=" "$ENV_FILE" || [ -z "$(grep "^HTTP_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        update_env_var "HTTP_PORT" "80"
+    else
+        printf "  ${GREEN}> HTTP_PORT already exists.${NC}\n"
+    fi
+
+    if ! grep -q "^HTTPS_PORT=" "$ENV_FILE" || [ -z "$(grep "^HTTPS_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        update_env_var "HTTPS_PORT" "443"
+    else
+        printf "  ${GREEN}> HTTPS_PORT already exists.${NC}\n"
+    fi
+
+    # SMTP ports
+    if ! grep -q "^SMTP_PORT=" "$ENV_FILE" || [ -z "$(grep "^SMTP_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        update_env_var "SMTP_PORT" "25"
+    else
+        printf "  ${GREEN}> SMTP_PORT already exists.${NC}\n"
+    fi
+
+    if ! grep -q "^SMTP_TLS_PORT=" "$ENV_FILE" || [ -z "$(grep "^SMTP_TLS_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        update_env_var "SMTP_TLS_PORT" "587"
+    else
+        printf "  ${GREEN}> SMTP_TLS_PORT already exists.${NC}\n"
+    fi
+}
+
 # Helper function to update environment variables
 update_env_var() {
     local key=$1
@@ -351,6 +453,17 @@ update_env_var() {
     printf "  ${GREEN}> $key has been set in $ENV_FILE.${NC}\n"
 }
 
+
+# Helper function to delete environment variables
+delete_env_var() {
+    local key=$1
+
+    if [ -f "$ENV_FILE" ]; then
+        sed -i.bak "/^${key}=/d" "$ENV_FILE" && rm -f "$ENV_FILE.bak"
+        printf "  ${GREEN}> $key has been removed from $ENV_FILE.${NC}\n"
+    fi
+}
+
 # Function to print success message
 print_success_message() {
     printf "\n"
@@ -420,60 +533,38 @@ get_docker_compose_command() {
     echo "$base_command"
 }
 
-# Function to handle installation
+# Function to handle initial installation or reinstallation
 handle_install() {
-    printf "${YELLOW}+++ Installing AliasVault +++${NC}\n"
-    printf "\n"
+    local specified_version="$1"
 
-    # Initialize workspace which makes sure all required directories and files exist
-    initialize_workspace
-
-    # Initialize environment
-    create_env_file || { printf "${RED}> Failed to create .env file${NC}\n"; exit 1; }
-    populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
-    populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
-    populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
-    set_private_email_domains || { printf "${RED}> Failed to set email domains${NC}\n"; exit 1; }
-    set_smtp_tls_enabled || { printf "${RED}> Failed to set SMTP TLS${NC}\n"; exit 1; }
-    set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
-
-    # Only generate admin password if not already set
-    if ! grep -q "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" || [ -z "$(grep "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
-        generate_admin_password || { printf "${RED}> Failed to generate admin password${NC}\n"; exit 1; }
+    # If version specified, install that version directly
+    if [ -n "$specified_version" ]; then
+        handle_install_version "$specified_version"
+        return
     fi
 
-    # Pull images from GitHub Container Registry
-    printf "\n${YELLOW}+++ Pulling Docker images +++${NC}\n"
-    printf "\n"
+    # Check if .env exists before reading
+    if [ -f "$ENV_FILE" ]; then
+        if grep -q "^ALIASVAULT_VERSION=" "$ENV_FILE"; then
+            current_version=$(grep "^ALIASVAULT_VERSION=" "$ENV_FILE" | cut -d '=' -f2)
+            printf "${CYAN}> Current AliasVault version: ${current_version}${NC}\n"
+            printf "${YELLOW}> AliasVault is already installed.${NC}\n"
+            printf "1. To reinstall the current version (${current_version}), continue with this script\n"
+            printf "2. To check for updates and to install the latest version, use: ./install.sh update\n"
+            printf "3. To install a specific version, use: ./install.sh install <version>\n\n"
 
-    images=(
-        "${GITHUB_CONTAINER_REGISTRY}-reverse-proxy:latest"
-        "${GITHUB_CONTAINER_REGISTRY}-api:latest"
-        "${GITHUB_CONTAINER_REGISTRY}-client:latest"
-        "${GITHUB_CONTAINER_REGISTRY}-admin:latest"
-        "${GITHUB_CONTAINER_REGISTRY}-smtp:latest"
-    )
+            read -p "Would you like to reinstall the current version? [y/N]: " REPLY
+            if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+                printf "${YELLOW}> Installation cancelled.${NC}\n"
+                exit 0
+            fi
 
-    for image in "${images[@]}"; do
-        printf "${CYAN}> Pulling $image...${NC}\n"
-        if [ "$VERBOSE" = true ]; then
-            docker pull $image || { printf "${RED}> Failed to pull image: $image${NC}\n"; exit 1; }
-        else
-            docker pull $image > /dev/null 2>&1 || { printf "${RED}> Failed to pull image: $image${NC}\n"; exit 1; }
+            handle_install_version "$current_version"
+            return
         fi
-    done
-
-    # Start containers
-    printf "\n${YELLOW}+++ Starting services +++${NC}\n"
-    printf "\n"
-    if [ "$VERBOSE" = true ]; then
-        $(get_docker_compose_command) up -d || { printf "${RED}> Failed to start Docker containers${NC}\n"; exit 1; }
-    else
-        $(get_docker_compose_command) up -d > /dev/null 2>&1 || { printf "${RED}> Failed to start Docker containers${NC}\n"; exit 1; }
     fi
 
-    # Only show success message if we made it here without errors
-    print_success_message
+    handle_install_version "latest"
 }
 
 # Function to handle build
@@ -492,7 +583,7 @@ handle_build() {
         printf "Please clone the complete repository using:\n"
         printf "git clone https://github.com/${REPO_OWNER}/${REPO_NAME}.git\n"
         printf "\n"
-        printf "Alternatively, you can use '/install' to pull pre-built images.\n"
+        printf "Alternatively, you can use './install.sh install' to pull pre-built images.\n"
         exit 1
     fi
 
@@ -504,6 +595,7 @@ handle_build() {
     set_private_email_domains || { printf "${RED}> Failed to set email domains${NC}\n"; exit 1; }
     set_smtp_tls_enabled || { printf "${RED}> Failed to set SMTP TLS${NC}\n"; exit 1; }
     set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
+    set_default_ports || { printf "${RED}> Failed to set default ports${NC}\n"; exit 1; }
 
     # Only generate admin password if not already set
     if ! grep -q "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" || [ -z "$(grep "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
@@ -539,12 +631,12 @@ handle_build() {
 
     printf "${CYAN}> Starting Docker Compose stack...${NC}\n"
     if [ "$VERBOSE" = true ]; then
-        $(get_docker_compose_command "build") up -d || {
+        $(get_docker_compose_command "build") up -d --force-recreate || {
             printf "${RED}> Failed to start Docker Compose stack${NC}\n"
             exit 1
         }
     else
-        $(get_docker_compose_command "build") up -d > /dev/null 2>&1 || {
+        $(get_docker_compose_command "build") up -d --force-recreate > /dev/null 2>&1 || {
             printf "${RED}> Failed to start Docker Compose stack${NC}\n"
             exit 1
         }
@@ -584,6 +676,9 @@ handle_uninstall() {
     fi
     printf "${GREEN}> Docker containers stopped and removed.${NC}\n"
 
+    # Remove version from .env
+    delete_env_var "ALIASVAULT_VERSION" ""
+
     printf "${CYAN}> Removing Docker images...${NC}\n"
     if [ "$VERBOSE" = true ]; then
         docker compose -f docker-compose.yml down --rmi all || {
@@ -690,6 +785,147 @@ handle_ssl_configuration() {
     esac
 }
 
+# Function to handle email server configuration
+# Function to handle email server configuration
+handle_email_configuration() {
+    # Setup trap for Ctrl+C and other interrupts
+    trap 'printf "\n${YELLOW}Configuration cancelled by user.${NC}\n"; exit 1' INT TERM
+
+    printf "${YELLOW}+++ Email Server Configuration +++${NC}\n"
+    printf "\n"
+
+    # Check if AliasVault is installed
+    if [ ! -f "docker-compose.yml" ]; then
+        printf "${RED}Error: AliasVault must be installed first.${NC}\n"
+        exit 1
+    fi
+
+    # Get current email domains from .env
+    CURRENT_DOMAINS=$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)
+
+    printf "${CYAN}About Email Server:${NC}\n"
+    printf "AliasVault includes a built-in email server for handling virtual email addresses.\n"
+    printf "When enabled, it can receive emails for one or more configured domains.\n"
+    printf "Each domain must have an MX record in DNS configuration pointing to this server's hostname.\n"
+    printf "\n"
+    printf "${CYAN}Current Configuration:${NC}\n"
+
+    if [ "$CURRENT_DOMAINS" = "DISABLED.TLD" ]; then
+        printf "Email Server Status: ${RED}Disabled${NC}\n"
+    else
+        printf "Email Server Status: ${GREEN}Enabled${NC}\n"
+        printf "Active Domains: ${CYAN}${CURRENT_DOMAINS}${NC}\n"
+    fi
+
+    printf "\n"
+    printf "Email Server Options:\n"
+    printf "1) Enable email server / Update domains\n"
+    printf "2) Disable email server\n"
+    printf "3) Cancel\n"
+    printf "\n"
+
+    read -p "Select an option [1-3]: " email_option
+
+    case $email_option in
+        1)
+            while true; do
+                printf "\n${CYAN}Enter domain(s) for email server${NC}\n"
+                printf "For multiple domains, separate with commas (e.g. domain1.com,domain2.com)\n"
+                printf "IMPORTANT: Each domain must have an MX record in DNS pointing to this server.\n"
+                read -p "Domains: " new_domains
+
+                if [ -z "$new_domains" ]; then
+                    printf "${RED}Error: Domains cannot be empty${NC}\n"
+                    continue
+                fi
+
+                printf "\n${CYAN}You entered the following domains:${NC}\n"
+                IFS=',' read -ra DOMAIN_ARRAY <<< "$new_domains"
+                for domain in "${DOMAIN_ARRAY[@]}"; do
+                    printf "  - ${GREEN}${domain}${NC}\n"
+                done
+                printf "\n"
+
+                read -p "Are these domains correct? (y/n): " confirm
+                if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
+                    break
+                fi
+            done
+
+            printf "\n${YELLOW}Warning: Docker containers need to be restarted to apply these changes.${NC}\n"
+            read -p "Continue with restart? (y/n): " restart_confirm
+
+            if [ "$restart_confirm" != "y" ] && [ "$restart_confirm" != "Y" ]; then
+                printf "${YELLOW}Configuration cancelled.${NC}\n"
+                exit 0
+            fi
+
+            # Update .env file and restart
+            if ! update_env_var "PRIVATE_EMAIL_DOMAINS" "$new_domains"; then
+                printf "${RED}Failed to update configuration.${NC}\n"
+                exit 1
+            fi
+
+            printf "${GREEN}Email server configuration updated${NC}\n"
+            printf "Restarting AliasVault services...\n"
+
+            if ! handle_restart; then
+                printf "${RED}Failed to restart services.${NC}\n"
+                exit 1
+            fi
+
+            # Only show next steps if everything succeeded
+            printf "\n${CYAN}The email server is now succesfully configured.${NC}\n"
+            printf "\n"
+            printf "To test the email server:\n"
+            printf "   a. Log in to your AliasVault account\n"
+            printf "   b. Create a new alias using one of your configured private domains\n"
+            printf "   c. Send a test email from an external email service (e.g., Gmail)\n"
+            printf "   d. Check if the email appears in your AliasVault inbox\n"
+            printf "\n"
+            printf "If emails don't arrive, please verify:\n"
+            printf "   > DNS MX records are correctly configured\n"
+            printf "   > Your server's firewall allows incoming traffic on port 25 and 587\n"
+            printf "   > Your ISP/hosting provider doesn't block SMTP traffic\n"
+            printf "\n"
+            ;;
+        2)
+            printf "${YELLOW}Warning: Docker containers need to be restarted after disabling the email server.${NC}\n"
+            read -p "Continue with disable and restart? (y/n): " disable_confirm
+
+            if [ "$disable_confirm" != "y" ] && [ "$disable_confirm" != "Y" ]; then
+                printf "${YELLOW}Configuration cancelled.${NC}\n"
+                exit 0
+            fi
+
+            # Disable email server
+            if ! update_env_var "PRIVATE_EMAIL_DOMAINS" "DISABLED.TLD"; then
+                printf "${RED}Failed to update configuration.${NC}\n"
+                exit 1
+            fi
+
+            printf "${YELLOW}Email server disabled${NC}\n"
+            printf "Restarting AliasVault services...\n"
+
+            if ! handle_restart; then
+                printf "${RED}Failed to restart services.${NC}\n"
+                exit 1
+            fi
+            ;;
+        3)
+            printf "${YELLOW}Email configuration cancelled.${NC}\n"
+            exit 0
+            ;;
+        *)
+            printf "${RED}Invalid option selected.${NC}\n"
+            exit 1
+            ;;
+    esac
+
+    # Remove the trap before normal exit
+    trap - INT TERM
+}
+
 # Function to configure Let's Encrypt
 configure_letsencrypt() {
     printf "${CYAN}> Configuring Let's Encrypt SSL certificate...${NC}\n"
@@ -746,7 +982,6 @@ configure_letsencrypt() {
     # Request certificate using a temporary certbot container
     printf "${CYAN}> Requesting Let's Encrypt certificate...${NC}\n"
     docker run --rm \
-        --network aliasvault_default \
         -v ./certificates/letsencrypt:/etc/letsencrypt:rw \
         -v ./certificates/letsencrypt/www:/var/www/certbot:rw \
         certbot/certbot certonly \
@@ -776,7 +1011,11 @@ configure_letsencrypt() {
 
     # Restart only the reverse proxy with new configuration so it loads the new certificate
     printf "${CYAN}> Restarting reverse proxy with Let's Encrypt configuration...${NC}\n"
-    $(get_docker_compose_command) up -d reverse-proxy
+    $(get_docker_compose_command) up -d reverse-proxy --force-recreate
+
+    # Starting certbot container to renew certificates automatically
+    printf "${CYAN}> Starting new certbot container to renew certificates automatically...${NC}\n"
+    $(get_docker_compose_command) up -d certbot
 
     printf "${GREEN}> Let's Encrypt SSL certificate has been configured successfully!${NC}\n"
 }
@@ -805,4 +1044,278 @@ generate_self_signed_cert() {
     printf "${GREEN}> New self-signed certificate has been generated successfully!${NC}\n"
 }
 
+# New functions to handle container lifecycle:
+handle_start() {
+    printf "${CYAN}> Starting AliasVault containers...${NC}\n"
+    $(get_docker_compose_command) up -d
+    printf "${GREEN}> AliasVault containers started successfully.${NC}\n"
+}
+
+handle_stop() {
+    printf "${CYAN}> Stopping AliasVault containers...${NC}\n"
+    if ! docker compose ps --quiet 2>/dev/null | grep -q .; then
+        printf "${YELLOW}> No containers are currently running.${NC}\n"
+        exit 0
+    fi
+
+    $(get_docker_compose_command) down
+    printf "${GREEN}> AliasVault containers stopped successfully.${NC}\n"
+}
+
+handle_restart() {
+    printf "${CYAN}> Restarting AliasVault containers...${NC}\n"
+    $(get_docker_compose_command) down
+    $(get_docker_compose_command) up -d
+    printf "${GREEN}> AliasVault containers restarted successfully.${NC}\n"
+}
+
+# Function to handle updates
+handle_update() {
+    printf "${YELLOW}+++ Checking for AliasVault updates +++${NC}\n"
+    printf "\n"
+
+    # First check for install.sh updates
+    check_install_script_update || true
+
+    # Check current version
+    if ! grep -q "^ALIASVAULT_VERSION=" "$ENV_FILE"; then
+        printf "${YELLOW}> No version information found. Running first-time update check...${NC}\n"
+        handle_install_version "latest"
+        return
+    fi
+
+    current_version=$(grep "^ALIASVAULT_VERSION=" "$ENV_FILE" | cut -d '=' -f2)
+    latest_version=$(curl -s "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+
+    if [ -z "$latest_version" ]; then
+        printf "${RED}> Failed to check for updates. Please try again later.${NC}\n"
+        exit 1
+    fi
+
+    printf "${CYAN}> Current AliasVault version: ${current_version}${NC}\n"
+    printf "${CYAN}> Latest AliasVault version: ${latest_version}${NC}\n"
+    printf "\n"
+
+    if [ "$current_version" = "$latest_version" ]; then
+        printf "${GREEN}> You are already running the latest version of AliasVault!${NC}\n"
+        exit 0
+    fi
+
+    if [ "$FORCE_YES" = true ]; then
+        printf "${CYAN}> Updating AliasVault to the latest version...${NC}\n"
+        handle_install_version "$latest_version"
+        printf "${GREEN}> Update completed successfully!${NC}\n"
+        return
+    fi
+
+    printf "${YELLOW}> A new version of AliasVault is available!${NC}\n"
+    printf "\n"
+    printf "${MAGENTA}Important:${NC}\n"
+    printf "1. It's recommended to backup your database before updating\n"
+    printf "2. The update process will restart all containers\n"
+    printf "\n"
+
+    read -p "Would you like to update to the latest version? [y/N]: " REPLY
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        printf "${YELLOW}> Update cancelled.${NC}\n"
+        exit 0
+    fi
+
+    printf "${CYAN}> Updating AliasVault...${NC}\n"
+    handle_install_version "$latest_version"
+
+    printf "${GREEN}> Update completed successfully!${NC}\n"
+}
+
+# Function to extract version
+extract_version() {
+    local file="$1"
+    local version=$(head -n 2 "$file" | grep '@version' | cut -d' ' -f3)
+    echo "$version"
+}
+
+# Function to compare semantic versions
+compare_versions() {
+    local version1="$1"
+    local version2="$2"
+
+    # Split versions into arrays
+    IFS='.' read -ra v1_parts <<< "$version1"
+    IFS='.' read -ra v2_parts <<< "$version2"
+
+    # Compare each part numerically
+    for i in {0..2}; do
+        # Default to 0 if part doesn't exist
+        local v1_part=${v1_parts[$i]:-0}
+        local v2_part=${v2_parts[$i]:-0}
+
+        # Compare numerically
+        if [ "$v1_part" -gt "$v2_part" ]; then
+            echo "1"  # version1 is greater
+            return
+        elif [ "$v1_part" -lt "$v2_part" ]; then
+            echo "-1"  # version1 is lesser
+            return
+        fi
+    done
+
+    echo "0"  # versions are equal
+}
+
+# Function to check if install.sh needs updating
+check_install_script_update() {
+    printf "${CYAN}> Checking for install script updates...${NC}\n"
+
+    # Download latest install.sh to temporary file
+    if ! curl -sSf "${GITHUB_RAW_URL_REPO_BRANCH}/install.sh" -o "install.sh.tmp"; then
+        printf "${RED}> Failed to check for install script updates. Continuing with current version.${NC}\n"
+        rm -f install.sh.tmp
+        return 1
+    fi
+
+    # Get versions
+    local current_version=$(extract_version "install.sh")
+    local new_version=$(extract_version "install.sh.tmp")
+
+    # Check if versions could be extracted
+    if [ -z "$current_version" ] || [ -z "$new_version" ]; then
+        printf "${YELLOW}> Could not determine script versions. Falling back to file comparison...${NC}\n"
+        # Fall back to file comparison
+        if ! cmp -s "install.sh" "install.sh.tmp"; then
+            printf "${YELLOW}> Changes detected in install script.${NC}\n"
+        else
+            printf "${GREEN}> Install script is up to date.${NC}\n"
+            rm -f install.sh.tmp
+            return 0
+        fi
+    else
+        printf "${CYAN}> Current install script version: ${current_version}${NC}\n"
+        printf "${CYAN}> Latest install script version: ${new_version}${NC}\n"
+
+        # Compare versions using semver comparison
+        if [ "$current_version" = "$new_version" ]; then
+            printf "${GREEN}> Install script is up to date.${NC}\n"
+            rm -f install.sh.tmp
+            return 0
+        else
+            local compare_result=$(compare_versions "$current_version" "$new_version")
+
+            if [ "$compare_result" -ge "0" ]; then
+                printf "${GREEN}> Install script is up to date.${NC}\n"
+                rm -f install.sh.tmp
+                return 0
+            fi
+        fi
+    fi
+
+    # If we get here, an update is available
+    if [ "$FORCE_YES" = true ]; then
+        printf "${CYAN}> Updating install script...${NC}\n"
+        cp "install.sh" "install.sh.backup"
+        mv "install.sh.tmp" "install.sh"
+        chmod +x "install.sh"
+        printf "${GREEN}> Install script updated successfully.${NC}\n"
+        printf "${GREEN}> Backup of previous version saved as install.sh.backup${NC}\n"
+        exit 0
+    fi
+
+    printf "${YELLOW}> A new version of the install script is available.${NC}\n"
+    printf "Would you like to update the install script before proceeding? [Y/n]: "
+    read -r reply
+
+    if [[ ! $reply =~ ^[Nn]$ ]]; then
+        # Create backup of current script
+        cp "install.sh" "install.sh.backup"
+
+        if mv "install.sh.tmp" "install.sh"; then
+            chmod +x "install.sh"
+            printf "${GREEN}> Install script updated successfully.${NC}\n"
+            printf "${GREEN}> Backup of previous version saved as install.sh.backup${NC}\n"
+            printf "${YELLOW}> Please run the update command again to continue with the update process.${NC}\n"
+            exit 0
+        else
+            printf "${RED}> Failed to update install script. Continuing with current version.${NC}\n"
+            # Restore from backup if update failed
+            mv "install.sh.backup" "install.sh"
+            rm -f install.sh.tmp
+            return 1
+        fi
+    else
+        printf "${YELLOW}> Continuing with current install script version.${NC}\n"
+        rm -f install.sh.tmp
+        return 0
+    fi
+}
+
+# Function to perform the actual installation with specific version
+handle_install_version() {
+    local target_version="$1"
+
+    # If latest, get actual version number from GitHub API
+    if [ "$target_version" = "latest" ]; then
+        local actual_version=$(curl -s "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+        if [ -n "$actual_version" ]; then
+            target_version="$actual_version"
+        fi
+    fi
+
+    printf "${YELLOW}+++ Installing AliasVault ${target_version} +++${NC}\n"
+    printf "\n"
+
+    # Initialize workspace which makes sure all required directories and files exist
+    initialize_workspace
+
+    # Update docker-compose files with correct version so we pull the correct images
+    handle_docker_compose "$target_version"
+
+    # Initialize environment
+    create_env_file || { printf "${RED}> Failed to create .env file${NC}\n"; exit 1; }
+    populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
+    populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
+    populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
+    set_private_email_domains || { printf "${RED}> Failed to set email domains${NC}\n"; exit 1; }
+    set_smtp_tls_enabled || { printf "${RED}> Failed to set SMTP TLS${NC}\n"; exit 1; }
+    set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
+    set_default_ports || { printf "${RED}> Failed to set default ports${NC}\n"; exit 1; }
+
+    # Only generate admin password if not already set
+    if ! grep -q "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" || [ -z "$(grep "^ADMIN_PASSWORD_HASH=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        generate_admin_password || { printf "${RED}> Failed to generate admin password${NC}\n"; exit 1; }
+    fi
+
+    # Pull images from GitHub Container Registry
+    printf "\n${YELLOW}+++ Pulling Docker images +++${NC}\n"
+    printf "\n"
+
+    printf "${CYAN}> Installing version: ${target_version}${NC}\n"
+
+    images=(
+        "${GITHUB_CONTAINER_REGISTRY}-reverse-proxy:${target_version}"
+        "${GITHUB_CONTAINER_REGISTRY}-api:${target_version}"
+        "${GITHUB_CONTAINER_REGISTRY}-client:${target_version}"
+        "${GITHUB_CONTAINER_REGISTRY}-admin:${target_version}"
+        "${GITHUB_CONTAINER_REGISTRY}-smtp:${target_version}"
+    )
+
+    for image in "${images[@]}"; do
+        printf "${CYAN}> Pulling $image...${NC}\n"
+        if [ "$VERBOSE" = true ]; then
+            docker pull $image || { printf "${RED}> Failed to pull image: $image${NC}\n"; exit 1; }
+        else
+            docker pull $image > /dev/null 2>&1 || { printf "${RED}> Failed to pull image: $image${NC}\n"; exit 1; }
+        fi
+    done
+
+    # Save version to .env
+    update_env_var "ALIASVAULT_VERSION" "$target_version"
+
+    # Start containers
+    printf "\n${YELLOW}+++ Starting services +++${NC}\n"
+    printf "\n"
+    recreate_docker_containers
+
+    # Only show success message if we made it here without errors
+    print_success_message
+}
+
 main "$@"

src/AliasVault.Admin/AliasVault.Admin.csproj

@@ -46,6 +46,7 @@
       <ProjectReference Include="..\Databases\AliasServerDb\AliasServerDb.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.RazorComponents\AliasVault.RazorComponents.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.Shared.Core\AliasVault.Shared.Core.csproj" />
+      <ProjectReference Include="..\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj" />
       <ProjectReference Include="..\Utilities\AliasVault.Auth\AliasVault.Auth.csproj" />
       <ProjectReference Include="..\Utilities\AliasVault.Logging\AliasVault.Logging.csproj" />
       <ProjectReference Include="..\Utilities\Cryptography\AliasVault.Cryptography.Server\AliasVault.Cryptography.Server.csproj" />

src/AliasVault.Admin/Dockerfile

@@ -4,22 +4,17 @@ EXPOSE 3002
 
 FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
 ARG BUILD_CONFIGURATION=Release
-
 WORKDIR /src
 COPY ["src/AliasVault.Admin/AliasVault.Admin.csproj", "src/AliasVault.Admin/"]
 RUN dotnet restore "src/AliasVault.Admin/AliasVault.Admin.csproj"
 COPY . .
 
 WORKDIR "/src/src/AliasVault.Admin"
-RUN dotnet build "AliasVault.Admin.csproj" -c "$BUILD_CONFIGURATION" -o /app/build
-
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
 RUN dotnet publish "AliasVault.Admin.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app
-COPY --from=publish /app/publish .
+COPY --from=build /app/publish .
 
 ENV ASPNETCORE_URLS=http://+:3002
 ENV ASPNETCORE_PATHBASE=/admin

src/AliasVault.Admin/Main/Components/WorkerStatus/ServiceControl.razor

@@ -0,0 +1,240 @@
+@using AliasVault.WorkerStatus.Database
+@inherits MainBase
+
+@foreach (var service in Services)
+{
+    <button @onclick="() => ServiceClick(service.Name)"
+            class="@GetServiceButtonClasses(service) mx-3 inline-flex items-center justify-center rounded-xl px-8 py-2 text-white"
+            disabled="@(!IsHeartbeatValid(service.LastHeartbeat))"
+            title="@GetButtonTooltip(service.LastHeartbeat)">
+        <span>@service.DisplayName</span>
+        @if (service.IsPending)
+        {
+            <svg class="animate-spin ml-2 h-5 w-5 text-white" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+                <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+            </svg>
+        }
+    </button>
+}
+
+@code {
+    /// <summary>
+    /// The names of the services to display.
+    /// </summary>
+    [Parameter]
+    public List<string> ServiceNames { get; set; } = ["AliasVault.SmtpService", "AliasVault.TaskRunner"];
+
+    /// <summary>
+    /// The display names of the services to display.
+    /// </summary>
+    [Parameter]
+    public Dictionary<string, string> ServiceDisplayNames { get; set; } = new();
+
+    /// <summary>
+    /// The statuses of the services.
+    /// </summary>
+    private List<WorkerServiceStatus> ServiceStatus = [];
+
+    /// <summary>
+    /// Whether the page is initializing.
+    /// </summary>
+    private bool InitInProgress;
+
+    /// <summary>
+    /// The interval to refresh the page.
+    /// </summary>
+    private readonly int AutoRefreshInterval = 5000;
+    private CancellationTokenSource? _timerCancellationTokenSource;
+
+    /// <summary>
+    /// The state of a service.
+    /// </summary>
+    private sealed class ServiceState
+    {
+        public string Name { get; set; } = "";
+        public string DisplayName { get; set; } = "";
+        public bool Status { get; set; }
+        public bool IsPending { get; set; }
+        public DateTime LastHeartbeat { get; set; }
+    }
+
+    private List<ServiceState> Services { get; set; } = [];
+
+    /// <inheritdoc />
+    protected override async Task OnInitializedAsync()
+    {
+        Services = ServiceNames.Select(name => new ServiceState
+        {
+            Name = name,
+            DisplayName = ServiceDisplayNames.GetValueOrDefault(name, name)
+        }).ToList();
+
+        await base.OnInitializedAsync();
+    }
+
+    /// <inheritdoc />
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        await base.OnAfterRenderAsync(firstRender);
+
+        if (firstRender)
+        {
+            _timerCancellationTokenSource = new CancellationTokenSource();
+            _ = RunPeriodicRefreshAsync(_timerCancellationTokenSource.Token);
+        }
+    }
+
+    /// <inheritdoc />
+    protected override void Dispose(bool disposing)
+    {
+        base.Dispose(disposing);
+
+        if (disposing)
+        {
+            _timerCancellationTokenSource?.Cancel();
+            _timerCancellationTokenSource?.Dispose();
+        }
+    }
+
+    /// <summary>
+    /// Checks if the heartbeat is valid (within the last 5 minutes).
+    /// </summary>
+    private static bool IsHeartbeatValid(DateTime lastHeartbeat)
+    {
+        return DateTime.Now <= lastHeartbeat.AddMinutes(5);
+    }
+
+    /// <summary>
+    /// Gets the CSS classes for a service button based on its current state.
+    /// </summary>
+    private static string GetServiceButtonClasses(ServiceState service)
+    {
+        string buttonClass = "cursor-pointer ";
+
+        if (!IsHeartbeatValid(service.LastHeartbeat))
+        {
+            buttonClass += "bg-gray-600";
+        }
+        else if (service.Status)
+        {
+            buttonClass += "bg-green-600";
+        }
+        else
+        {
+            buttonClass += "bg-red-600";
+        }
+
+        return buttonClass;
+    }
+
+    /// <summary>
+    /// Gets the tooltip text for a service button based on its last heartbeat.
+    /// </summary>
+    private static string GetButtonTooltip(DateTime lastHeartbeat)
+    {
+        return IsHeartbeatValid(lastHeartbeat) ? "" : "Heartbeat offline";
+    }
+
+    /// <summary>
+    /// Handles a click on a service button.
+    /// </summary>
+    private async Task ServiceClick(string serviceName)
+    {
+        var service = Services.First(s => s.Name == serviceName);
+
+        if (!IsHeartbeatValid(service.LastHeartbeat))
+        {
+            return;
+        }
+
+        service.IsPending = true;
+        StateHasChanged();
+
+        service.Status = !service.Status;
+        await UpdateServiceStatus(serviceName, service.Status);
+
+        service.IsPending = false;
+        StateHasChanged();
+    }
+
+    /// <summary>
+    /// Initializes the page.
+    /// </summary>
+    private async Task InitPage()
+    {
+        if (InitInProgress || Services.Any(s => s.IsPending))
+        {
+            return;
+        }
+
+        try
+        {
+            InitInProgress = true;
+            var dbContext = await DbContextFactory.CreateDbContextAsync();
+            ServiceStatus = await dbContext.WorkerServiceStatuses.ToListAsync();
+
+            foreach (var service in Services)
+            {
+                var entry = ServiceStatus.Find(x => x.ServiceName == service.Name);
+                if (entry != null)
+                {
+                    service.LastHeartbeat = entry.Heartbeat;
+                    service.Status = IsHeartbeatValid(service.LastHeartbeat) && entry.CurrentStatus == "Started";
+                }
+            }
+
+            await InvokeAsync(StateHasChanged);
+        }
+        finally
+        {
+            InitInProgress = false;
+        }
+    }
+
+    /// <summary>
+    /// Updates the status of a service.
+    /// </summary>
+    private async Task<bool> UpdateServiceStatus(string serviceName, bool newStatus)
+    {
+        var dbContext = await DbContextFactory.CreateDbContextAsync();
+        var entry = await dbContext.WorkerServiceStatuses.Where(x => x.ServiceName == serviceName).FirstOrDefaultAsync();
+        if (entry != null)
+        {
+            string newDesiredStatus = newStatus ? "Started" : "Stopped";
+            entry.DesiredStatus = newDesiredStatus;
+            await dbContext.SaveChangesAsync();
+
+            var timeout = DateTime.Now.AddSeconds(30);
+            while (true)
+            {
+                if (DateTime.Now > timeout)
+                {
+                    return false;
+                }
+
+                dbContext = await DbContextFactory.CreateDbContextAsync();
+                var check = await dbContext.WorkerServiceStatuses.Where(x => x.ServiceName == serviceName).FirstAsync();
+                if (check.CurrentStatus == newDesiredStatus)
+                {
+                    return true;
+                }
+                await Task.Delay(1000);
+            }
+        }
+
+        return false;
+    }
+
+    /// <summary>
+    /// Refreshes the service status periodically.
+    /// </summary>
+    private async Task RunPeriodicRefreshAsync(CancellationToken cancellationToken)
+    {
+        while (!cancellationToken.IsCancellationRequested)
+        {
+            await InitPage();
+            await Task.Delay(AutoRefreshInterval, cancellationToken);
+        }
+    }
+}

src/AliasVault.Admin/Main/Components/WorkerStatus/Services.razor

@@ -1,209 +0,0 @@
-@using AliasVault.WorkerStatus.Database
-@inherits MainBase
-
-<button @onclick="SmtpClick"
-        class="@GetSmtpButtonClasses() mx-3 inline-flex items-center justify-center rounded-xl px-8 py-2 text-white"
-        disabled="@(!IsHeartbeatValid())"
-        title="@GetButtonTooltip()">
-    <span>SmtpService</span>
-    @if (SmtpPending)
-    {
-    <svg class="animate-spin ml-2 h-5 w-5 text-white" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
-        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
-        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
-    </svg>
-    }
-</button>
-
-@code {
-    private List<WorkerServiceStatus> ServiceStatus = [];
-    private bool InitInProgress;
-    private bool SmtpStatus;
-    private bool SmtpPending;
-    private DateTime LastHeartbeat;
-
-    /// <summary>
-    /// The interval in milliseconds for refreshing the service status.
-    /// </summary>
-    private readonly int AutoRefreshInterval = 5000;
-
-    /// <summary>
-    /// CancellationTokenSource for the timer.
-    /// </summary>
-    private CancellationTokenSource? _timerCancellationTokenSource;
-
-    /// <inheritdoc />
-    protected override async Task OnAfterRenderAsync(bool firstRender)
-    {
-        await base.OnAfterRenderAsync(firstRender);
-
-        if (firstRender)
-        {
-            _timerCancellationTokenSource = new CancellationTokenSource();
-            _ = RunPeriodicRefreshAsync(_timerCancellationTokenSource.Token);
-        }
-    }
-
-    /// <summary>
-    /// Refreshes the service status periodically while waiting for specified amount of ms in between.
-    /// </summary>
-    private async Task RunPeriodicRefreshAsync(CancellationToken cancellationToken)
-    {
-        while (!cancellationToken.IsCancellationRequested)
-        {
-            await InitPage();
-            await Task.Delay(AutoRefreshInterval, cancellationToken);
-        }
-    }
-
-    /// <inheritdoc />
-    protected override void Dispose(bool disposing)
-    {
-        base.Dispose(disposing);
-
-        if (disposing)
-        {
-            _timerCancellationTokenSource?.Cancel();
-            _timerCancellationTokenSource?.Dispose();
-        }
-    }
-
-    /// <summary>
-    /// Gets the CSS classes for the SMTP button based on its current state.
-    /// </summary>
-    /// <returns>A string containing the CSS classes for the button.</returns>
-    private string GetSmtpButtonClasses()
-    {
-        string buttonClass = "cursor-pointer ";
-
-        if (!IsHeartbeatValid())
-        {
-            buttonClass += "bg-gray-600";
-        }
-        else if (SmtpStatus)
-        {
-            buttonClass += "bg-green-600";
-        }
-        else
-        {
-            buttonClass += "bg-red-600";
-        }
-
-        return buttonClass;
-    }
-
-    /// <summary>
-    /// Gets the tooltip text for the SMTP button.
-    /// </summary>
-    /// <returns>A string containing the tooltip text.</returns>
-    private string GetButtonTooltip()
-    {
-        return IsHeartbeatValid() ? "" : "Heartbeat offline";
-    }
-
-    /// <summary>
-    /// Checks if the heartbeat is valid (within the last 5 minutes).
-    /// </summary>
-    /// <returns>True if the heartbeat is valid, false otherwise.</returns>
-    private bool IsHeartbeatValid()
-    {
-        return DateTime.Now <= LastHeartbeat.AddMinutes(5);
-    }
-
-    /// <summary>
-    /// Handles the click event for the SMTP button.
-    /// </summary>
-    private async void SmtpClick()
-    {
-        if (!IsHeartbeatValid())
-        {
-            return;
-        }
-
-        SmtpPending = true;
-        StateHasChanged();
-
-        SmtpStatus = !SmtpStatus;
-        await UpdateSmtpStatus(SmtpStatus);
-
-        SmtpPending = false;
-        StateHasChanged();
-    }
-
-    /// <summary>
-    /// Initializes the page by fetching service statuses and updating the SMTP status.
-    /// </summary>
-    private async Task InitPage()
-    {
-        if (InitInProgress || SmtpPending)
-        {
-            return;
-        }
-
-        try
-        {
-            InitInProgress = true;
-            var dbContext = await DbContextFactory.CreateDbContextAsync();
-            ServiceStatus = await dbContext.WorkerServiceStatuses.ToListAsync();
-
-            var smtpEntry = ServiceStatus.Find(x => x.ServiceName == "AliasVault.SmtpService");
-            if (smtpEntry != null)
-            {
-                LastHeartbeat = smtpEntry.Heartbeat;
-                SmtpStatus = IsHeartbeatValid() && smtpEntry.CurrentStatus == "Started";
-            }
-
-            await InvokeAsync(StateHasChanged);
-        }
-        finally
-        {
-            InitInProgress = false;
-        }
-    }
-
-    /// <summary>
-    /// Update the service statuses.
-    /// </summary>
-    public async Task<bool> UpdateServiceStatus(string serviceName, bool newStatus)
-    {
-        // Refresh the DbContext to ensure we get the latest data.
-        var dbContext = await DbContextFactory.CreateDbContextAsync();
-        var entry = await dbContext.WorkerServiceStatuses.Where(x => x.ServiceName == serviceName).FirstOrDefaultAsync();
-        if (entry != null)
-        {
-            string newDesiredStatus = newStatus ? "Started" : "Stopped";
-            entry.DesiredStatus = newDesiredStatus;
-            await dbContext.SaveChangesAsync();
-
-            // Wait for service to have updated its status.
-            var timeout = DateTime.Now.AddSeconds(30);
-            while (true)
-            {
-                if (DateTime.Now > timeout)
-                {
-                    // Timeout
-                    return false;
-                }
-
-                dbContext = await DbContextFactory.CreateDbContextAsync();
-                var check = await dbContext.WorkerServiceStatuses.Where(x => x.ServiceName == serviceName).FirstAsync();
-                if (check.CurrentStatus == newDesiredStatus)
-                {
-                    // Done
-                    return true;
-                }
-                await Task.Delay(1000);
-            }
-        }
-
-        return false;
-    }
-
-    /// <summary>
-    /// Update the SMTP service status.
-    /// </summary>
-    public async Task<bool> UpdateSmtpStatus(bool newStatus)
-    {
-        return await UpdateServiceStatus("AliasVault.SmtpService", newStatus);
-    }
-}

src/AliasVault.Admin/Main/Layout/TopMenu.razor

@@ -25,12 +25,20 @@
                         <NavLink href="logging/auth" class="block text-gray-700 hover:text-primary-700 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
                             Auth logs
                         </NavLink>
+                        <NavLink href="settings/server" class="block text-gray-700 hover:text-primary-700 dark:text-gray-400 dark:hover:text-white" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                            Server settings
+                        </NavLink>
                     </ul>
                 </div>
             </div>
             <div class="flex justify-end items-center lg:order-2">
-                <Services />
-                <button id="theme-toggle" data-tooltip-target="tooltip-toggle" type="button" class="text-gray-500 dark:text-gray-400 hover:bg-gray-100 dark:hover:bg-gray-700 focus:outline-none focus:ring-4 focus:ring-gray-200 dark:focus:ring-gray-700 rounded-lg text-sm p-2.5">
+                    <ServiceControl ServiceNames="@(new List<string> { "AliasVault.SmtpService", "AliasVault.TaskRunner" })"
+                            ServiceDisplayNames="@(new Dictionary<string, string>
+                            {
+                                { "AliasVault.SmtpService", "Smtp" },
+                                { "AliasVault.TaskRunner", "Tasks" }
+                            })" />
+                    <button id="theme-toggle" data-tooltip-target="tooltip-toggle" type="button" class="text-gray-500 dark:text-gray-400 hover:bg-gray-100 dark:hover:bg-gray-700 focus:outline-none focus:ring-4 focus:ring-gray-200 dark:focus:ring-gray-700 rounded-lg text-sm p-2.5">
                     <svg id="theme-toggle-dark-icon" class="hidden w-5 h-5" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M17.293 13.293A8 8 0 016.707 2.707a8.001 8.001 0 1010.586 10.586z"></path></svg>
                     <svg id="theme-toggle-light-icon" class="hidden w-5 h-5" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M10 2a1 1 0 011 1v1a1 1 0 11-2 0V3a1 1 0 011-1zm4 8a4 4 0 11-8 0 4 4 0 018 0zm-.464 4.95l.707.707a1 1 0 001.414-1.414l-.707-.707a1 1 0 00-1.414 1.414zm2.12-10.607a1 1 0 010 1.414l-.706.707a1 1 0 11-1.414-1.414l.707-.707a1 1 0 011.414 0zM17 11a1 1 0 100-2h-1a1 1 0 100 2h1zm-7 4a1 1 0 011 1v1a1 1 0 11-2 0v-1a1 1 0 011-1zM5.05 6.464A1 1 0 106.465 5.05l-.708-.707a1 1 0 00-1.414 1.414l.707.707zm1.414 8.486l-.707.707a1 1 0 01-1.414-1.414l.707-.707a1 1 0 011.414 1.414zM4 11a1 1 0 100-2H3a1 1 0 000 2h1z" fill-rule="evenodd" clip-rule="evenodd"></path></svg>
                 </button>
@@ -52,7 +60,7 @@
                         </div>
                         <ul class="py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="userMenuDropdownButton">
                             <li>
-                                <a href="account/manage" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white">Account settings</a>
+                                <a href="account/manage/change-password" class="block py-2 px-4 text-sm hover:bg-gray-100 dark:hover:bg-gray-600 dark:text-gray-400 dark:hover:text-white">Account settings</a>
                             </li>
                         </ul>
                         <ul class="py-1 font-light text-gray-500 dark:text-gray-400" aria-labelledby="dropdown">
@@ -99,6 +107,11 @@
                         Auth logs
                     </NavLink>
                 </li>
+                <li class="block border-b dark:border-gray-700">
+                    <NavLink href="settings/server" class="block py-3 px-4 text-gray-900 lg:py-0 dark:text-white lg:hover:underline lg:px-0" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">
+                        Server settings
+                    </NavLink>
+                </li>
             </ul>
         </nav>
     }

src/AliasVault.Admin/Main/Models/UserEmailClaimWithCount.cs

@@ -0,0 +1,49 @@
+//-----------------------------------------------------------------------
+// <copyright file="UserEmailClaimWithCount.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasVault.Admin.Main.Models;
+
+/// <summary>
+/// User email claim view model with count.
+/// </summary>
+public class UserEmailClaimWithCount
+{
+    /// <summary>
+    /// Gets or sets the id.
+    /// </summary>
+    public Guid Id { get; set; }
+
+    /// <summary>
+    /// Gets or sets the address.
+    /// </summary>
+    public string Address { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets the address local.
+    /// </summary>
+    public string AddressLocal { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets the address domain.
+    /// </summary>
+    public string AddressDomain { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets the created at timestamp.
+    /// </summary>
+    public DateTime CreatedAt { get; set; }
+
+    /// <summary>
+    /// Gets or sets the updated at timestamp.
+    /// </summary>
+    public DateTime UpdatedAt { get; set; }
+
+    /// <summary>
+    /// Gets or sets the email count.
+    /// </summary>
+    public int EmailCount { get; set; }
+}

src/AliasVault.Admin/Main/Pages/Account/Manage/ChangePassword.razor

@@ -8,7 +8,7 @@
 
 <LayoutPageTitle>Change password</LayoutPageTitle>
 
-<div class="max-w-2xl mx-auto">
+<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
     <h3 class="text-2xl font-bold text-gray-900 dark:text-white mb-6">Change password</h3>
     <EditForm Model="Input" FormName="change-password" OnValidSubmit="OnValidSubmitAsync" method="post" class="space-y-6">
         <DataAnnotationsValidator/>

src/AliasVault.Admin/Main/Pages/Account/Manage/Index.razor

@@ -1,67 +0,0 @@
-@page "/account/manage"
-@using System.ComponentModel.DataAnnotations
-@using Microsoft.AspNetCore.Identity
-
-@inject UserManager<AdminUser> UserManager
-
-<LayoutPageTitle>Profile</LayoutPageTitle>
-
-<div class="max-w-2xl mx-auto">
-    <h3 class="text-2xl font-bold text-gray-900 dark:text-white mb-6">Profile</h3>
-
-    <EditForm Model="Input" FormName="profile" OnValidSubmit="OnValidSubmitAsync" class="space-y-6">
-        <DataAnnotationsValidator/>
-        <ValidationSummary class="text-red-600 dark:text-red-400" role="alert"/>
-        <div>
-            <label for="username" class="block mb-2 text-sm font-medium text-gray-700 dark:text-gray-200">Username</label>
-            <input type="text" value="@username" id="username" class="w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-primary-500 focus:border-primary-500 bg-gray-100 cursor-not-allowed dark:bg-gray-700 dark:border-gray-600 dark:text-gray-400" placeholder="Please choose your username." disabled/>
-        </div>
-        <div>
-            <label for="phone-number" class="block mb-2 text-sm font-medium text-gray-700 dark:text-gray-200">Phone number</label>
-            <InputText @bind-Value="Input.PhoneNumber" id="phone-number" class="w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-primary-500 focus:border-primary-500 sm:text-sm dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white" placeholder="Please enter your phone number."/>
-            <ValidationMessage For="() => Input.PhoneNumber" class="mt-1 text-sm text-red-600 dark:text-red-400"/>
-        </div>
-        <div>
-            <SubmitButton>Save</SubmitButton>
-        </div>
-    </EditForm>
-</div>
-
-@code {
-    private string? username;
-    private string? phoneNumber;
-
-    [SupplyParameterFromForm] private InputModel Input { get; set; } = new();
-
-    /// <inheritdoc />
-    protected override async Task OnInitializedAsync()
-    {
-        await base.OnInitializedAsync();
-        username = await UserManager.GetUserNameAsync(UserService.User());
-        phoneNumber = await UserManager.GetPhoneNumberAsync(UserService.User());
-
-        Input.PhoneNumber ??= phoneNumber;
-    }
-
-    private async Task OnValidSubmitAsync()
-    {
-        if (Input.PhoneNumber != phoneNumber)
-        {
-            var setPhoneResult = await UserManager.SetPhoneNumberAsync(UserService.User(), Input.PhoneNumber);
-            if (!setPhoneResult.Succeeded)
-            {
-                GlobalNotificationService.AddErrorMessage("Phone number could not be set", true);
-            }
-        }
-
-        GlobalNotificationService.AddSuccessMessage("Your profile has been updated", true);
-    }
-
-    private sealed class InputModel
-    {
-        [Phone]
-        [Display(Name = "Phone number")]
-        public string? PhoneNumber { get; set; }
-    }
-
-}

src/AliasVault.Admin/Main/Pages/Account/Manage/TwoFactorAuthentication.razor

@@ -1,15 +1,13 @@
 @page "/account/manage/2fa"
 
 @using Microsoft.AspNetCore.Identity
-
 @inject UserManager<AdminUser> UserManager
-@inject SignInManager<AdminUser> SignInManager
 
 <LayoutPageTitle>Two-factor authentication (2FA)</LayoutPageTitle>
 
 @if (is2FaEnabled)
 {
-    <div class="mx-auto mt-8 p-6 bg-white dark:bg-gray-800 rounded-lg shadow-md">
+    <div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
         <h3 class="text-xl font-bold text-gray-900 dark:text-white mb-4">Two-factor authentication (2FA)</h3>
 
         @if (recoveryCodesLeft == 0)
@@ -41,7 +39,7 @@
     </div>
 }
 
-<div class="mt-6 p-4 bg-gray-100 dark:bg-gray-700 rounded-lg">
+<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
     <h4 class="text-lg font-semibold text-gray-900 dark:text-white mb-4">Authenticator app</h4>
     <div class="flex flex-col sm:flex-row space-y-2 sm:space-y-0 sm:space-x-2">
         @if (!hasAuthenticator)

src/AliasVault.Admin/Main/Pages/Account/ManageLayout.razor

@@ -5,11 +5,10 @@
 <PageHeader
     BreadcrumbItems="@BreadcrumbItems"
     Title="Manage account"
-    Description="Manage your profile here.">
+    Description="Manage security settings for the admin account here.">
 </PageHeader>
 
-<div class="container mx-auto px-4 py-8">
-    <hr class="mb-6 border-t border-gray-300"/>
+<div class="mx-auto px-4 py-8">
     <div class="flex flex-col md:flex-row">
         <div class="w-full md:w-1/4 mb-6 md:mb-0">
             <ManageNavMenu/>

src/AliasVault.Admin/Main/Pages/Account/ManageNavMenu.razor

@@ -4,12 +4,9 @@
 
 <ul class="flex flex-col space-y-1">
     <li>
-        <NavLink href="account/manage" Match="NavLinkMatch.All" class="block px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-200 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 hover:text-gray-900 dark:hover:text-white transition-colors duration-150">Profile</NavLink>
+        <NavLink href="account/manage/change-password" class="block px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-200 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 hover:text-gray-900 dark:hover:text-white transition-colors duration-150" ActiveClass="text-primary-700 dark:text-primary-500" Match="NavLinkMatch.All">Password</NavLink>
     </li>
     <li>
-        <NavLink href="account/manage/change-password" class="block px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-200 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 hover:text-gray-900 dark:hover:text-white transition-colors duration-150">Password</NavLink>
-    </li>
-    <li>
-        <NavLink href="account/manage/2fa" class="block px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-200 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 hover:text-gray-900 dark:hover:text-white transition-colors duration-150">Two-factor authentication</NavLink>
+        <NavLink href="account/manage/2fa" class="block px-4 py-2 text-sm font-medium text-gray-700 dark:text-gray-200 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 hover:text-gray-900 dark:hover:text-white transition-colors duration-150" ActiveClass="text-primary-700 dark:text-primary-500"  Match="NavLinkMatch.All">Two-factor authentication</NavLink>
     </li>
 </ul>

src/AliasVault.Admin/Main/Pages/Dashboard/Components/ActiveUsersCard.razor

@@ -0,0 +1,137 @@
+<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
+    <div class="flex items-center justify-between mb-4">
+        <h3 class="text-lg font-semibold text-gray-900 dark:text-white">Active users</h3>
+        <button
+            @onclick="ToggleUserNames"
+            class="text-sm text-gray-500 hover:text-gray-700 dark:text-gray-400 dark:hover:text-gray-300">
+            @(ShowUserNames ? "Hide names" : "Show names")
+        </button>
+    </div>
+    @if (IsLoading)
+    {
+        <LoadingIndicator />
+    }
+    else
+    {
+        <div class="grid grid-cols-1 md:grid-cols-3 gap-8">
+            <div class="bg-green-50 dark:bg-green-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 24 hours</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@UserStats.Last24Hours</h4>
+                @if (ShowUserNames)
+                {
+                    <div class="mt-2 text-sm text-gray-600 dark:text-gray-300">
+                        <ul>
+                            @foreach (var user in UserStats.Last24HourUsers)
+                            {
+                                <li>@user</li>
+                            }
+                        </ul>
+                    </div>
+                }
+            </div>
+            <div class="bg-green-50 dark:bg-green-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 7 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@UserStats.Last7Days</h4>
+                @if (ShowUserNames)
+                {
+                    <div class="mt-2 text-sm text-gray-600 dark:text-gray-300">
+                        <ul>
+                            @foreach (var user in UserStats.Last7DayUsers)
+                            {
+                                <li>@user</li>
+                            }
+                        </ul>
+                    </div>
+                }
+            </div>
+            <div class="bg-green-50 dark:bg-green-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 14 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@UserStats.Last14Days</h4>
+                @if (ShowUserNames)
+                {
+                    <div class="mt-2 text-sm text-gray-600 dark:text-gray-300">
+                        <ul>
+                            @foreach (var user in UserStats.Last14DayUsers)
+                            {
+                                <li>@user</li>
+                            }
+                        </ul>
+                    </div>
+                }
+            </div>
+        </div>
+    }
+</div>
+
+@code {
+    private bool IsLoading { get; set; } = true;
+    private UserStatistics UserStats { get; set; } = new();
+    private bool ShowUserNames { get; set; }
+
+    /// <summary>
+    /// Refreshes the data displayed on the card.
+    /// </summary>
+    public async Task RefreshData()
+    {
+        IsLoading = true;
+        StateHasChanged();
+
+        var now = DateTime.UtcNow;
+        var last24Hours = now.AddHours(-24);
+        var last7Days = now.AddDays(-7);
+        var last14Days = now.AddDays(-14);
+
+        // Get user statistics
+        var (count24h, users24h) = await GetActiveUserCount(last24Hours);
+        var (count7d, users7d) = await GetActiveUserCount(last7Days);
+        var (count14d, users14d) = await GetActiveUserCount(last14Days);
+
+        UserStats = new UserStatistics
+        {
+            Last24Hours = count24h,
+            Last7Days = count7d,
+            Last14Days = count14d,
+            Last24HourUsers = users24h,
+            Last7DayUsers = users7d,
+            Last14DayUsers = users14d
+        };
+
+        IsLoading = false;
+        StateHasChanged();
+    }
+
+    private async Task<(int count, List<string> users)> GetActiveUserCount(DateTime since)
+    {
+        // Get unique users who either:
+        // 1. Have successful auth logs
+        // 2. Have updated their vault
+        var activeUsers = await DbContext.AuthLogs
+            .Where(l => l.Timestamp >= since && l.IsSuccess)
+            .Select(l => l.Username)
+            .Union(
+                DbContext.Vaults
+                    .Where(v => v.UpdatedAt >= since)
+                    .Select(v => v.User.UserName!)
+            )
+            .Distinct()
+            .ToListAsync();
+
+        return (activeUsers.Count, activeUsers);
+    }
+
+    private void ToggleUserNames()
+    {
+        ShowUserNames = !ShowUserNames;
+        StateHasChanged();
+    }
+
+    private sealed class UserStatistics
+    {
+        public int Last24Hours { get; set; }
+        public int Last7Days { get; set; }
+        public int Last14Days { get; set; }
+        public List<string> Last24HourUsers { get; set; } = new();
+        public List<string> Last7DayUsers { get; set; } = new();
+        public List<string> Last14DayUsers { get; set; } = new();
+    }
+}

src/AliasVault.Admin/Main/Pages/Dashboard/Components/EmailStatisticsCard.razor

@@ -0,0 +1,64 @@
+<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
+    <div class="flex items-center justify-between mb-4">
+        <h3 class="text-lg font-semibold text-gray-900 dark:text-white">Recent emails received</h3>
+    </div>
+    @if (IsLoading)
+    {
+        <LoadingIndicator />
+    }
+    else
+    {
+        <div class="grid grid-cols-1 md:grid-cols-3 gap-8">
+            <div class="bg-primary-50 dark:bg-gray-700/50 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 24 hours</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@EmailStats.Last24Hours</h4>
+            </div>
+            <div class="bg-primary-50 dark:bg-gray-700/50 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 7 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@EmailStats.Last7Days</h4>
+            </div>
+            <div class="bg-primary-50 dark:bg-gray-700/50 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 14 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@EmailStats.Last14Days</h4>
+            </div>
+        </div>
+    }
+</div>
+
+@code {
+    private bool IsLoading { get; set; } = true;
+    private EmailStatistics EmailStats { get; set; } = new();
+
+    /// <summary>
+    /// Refreshes the data displayed on the card.
+    /// </summary>
+    public async Task RefreshData()
+    {
+        IsLoading = true;
+        StateHasChanged();
+
+        var now = DateTime.UtcNow;
+        var last24Hours = now.AddHours(-24);
+        var last7Days = now.AddDays(-7);
+        var last14Days = now.AddDays(-14);
+
+        // Get email statistics
+        var emailQuery = DbContext.Emails.AsQueryable();
+        EmailStats = new EmailStatistics
+        {
+            Last24Hours = await emailQuery.CountAsync(e => e.DateSystem >= last24Hours),
+            Last7Days = await emailQuery.CountAsync(e => e.DateSystem >= last7Days),
+            Last14Days = await emailQuery.CountAsync(e => e.DateSystem >= last14Days)
+        };
+
+        IsLoading = false;
+        StateHasChanged();
+    }
+
+    private sealed class EmailStatistics
+    {
+        public int Last24Hours { get; set; }
+        public int Last7Days { get; set; }
+        public int Last14Days { get; set; }
+    }
+}

src/AliasVault.Admin/Main/Pages/Dashboard/Components/RegistrationStatisticsCard.razor

@@ -0,0 +1,64 @@
+<div class="p-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
+    <div class="flex items-center justify-between mb-4">
+        <h3 class="text-lg font-semibold text-gray-900 dark:text-white">User registrations</h3>
+    </div>
+    @if (IsLoading)
+    {
+        <LoadingIndicator />
+    }
+    else
+    {
+        <div class="grid grid-cols-1 md:grid-cols-3 gap-8">
+            <div class="bg-blue-50 dark:bg-blue-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 24 hours</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@RegistrationStats.Last24Hours</h4>
+            </div>
+            <div class="bg-blue-50 dark:bg-blue-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 7 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@RegistrationStats.Last7Days</h4>
+            </div>
+            <div class="bg-blue-50 dark:bg-blue-900/30 p-4 rounded-lg">
+                <p class="text-sm font-medium text-gray-500 dark:text-gray-400">Last 14 days</p>
+                <h4 class="text-2xl font-bold text-gray-900 dark:text-white">@RegistrationStats.Last14Days</h4>
+            </div>
+        </div>
+    }
+</div>
+
+@code {
+    private bool IsLoading { get; set; } = true;
+    private RegistrationStatistics RegistrationStats { get; set; } = new();
+
+    /// <summary>
+    /// Refreshes the data displayed on the card.
+    /// </summary>
+    public async Task RefreshData()
+    {
+        IsLoading = true;
+        StateHasChanged();
+
+        var now = DateTime.UtcNow;
+        var last24Hours = now.AddHours(-24);
+        var last7Days = now.AddDays(-7);
+        var last14Days = now.AddDays(-14);
+
+        // Get registration statistics
+        var registrationQuery = DbContext.AliasVaultUsers.AsQueryable();
+        RegistrationStats = new RegistrationStatistics
+        {
+            Last24Hours = await registrationQuery.CountAsync(u => u.CreatedAt >= last24Hours),
+            Last7Days = await registrationQuery.CountAsync(u => u.CreatedAt >= last7Days),
+            Last14Days = await registrationQuery.CountAsync(u => u.CreatedAt >= last14Days)
+        };
+
+        IsLoading = false;
+        StateHasChanged();
+    }
+
+    private sealed class RegistrationStatistics
+    {
+        public int Last24Hours { get; set; }
+        public int Last7Days { get; set; }
+        public int Last14Days { get; set; }
+    }
+}

src/AliasVault.Admin/Main/Pages/Dashboard/Index.razor

@@ -0,0 +1,60 @@
+@page "/"
+@using AliasVault.Admin.Main.Pages.Dashboard.Components
+@inherits MainBase
+
+<LayoutPageTitle>Home</LayoutPageTitle>
+
+<PageHeader
+    BreadcrumbItems="@BreadcrumbItems"
+    Title="AliasVault Admin"
+    Description="Welcome to the AliasVault admin portal. Below you can find statistics about recent email activity and active users.">
+    <CustomActions>
+        <RefreshButton OnClick="RefreshData" ButtonText="Refresh" />
+    </CustomActions>
+</PageHeader>
+
+<div class="px-4">
+    <div class="grid grid-cols-1 md:grid-cols-2 gap-4 mb-4">
+        <ActiveUsersCard @ref="_activeUsersCard" />
+        <RegistrationStatisticsCard @ref="_registrationStatisticsCard" />
+        <EmailStatisticsCard @ref="_emailStatisticsCard" />
+    </div>
+</div>
+
+@code {
+    private ActiveUsersCard? _activeUsersCard;
+    private RegistrationStatisticsCard? _registrationStatisticsCard;
+    private EmailStatisticsCard? _emailStatisticsCard;
+
+    /// <inheritdoc />
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        if (firstRender)
+        {
+            // Check if 2FA is enabled. If not, show a one-time warning on the dashboard.
+            if (!UserService.User().TwoFactorEnabled)
+            {
+                GlobalNotificationService.AddWarningMessage("Two-factor authentication is not enabled. It is recommended to enable it in Account Settings for better security.", true);
+            }
+
+            await RefreshData();
+        }
+    }
+
+    /// <summary>
+    /// Refreshes the data displayed on the cards.
+    /// </summary>
+    private async Task RefreshData()
+    {
+        if (_activeUsersCard != null &&
+            _registrationStatisticsCard != null &&
+            _emailStatisticsCard != null)
+        {
+            await Task.WhenAll(
+                _activeUsersCard.RefreshData(),
+                _registrationStatisticsCard.RefreshData(),
+                _emailStatisticsCard.RefreshData()
+            );
+        }
+    }
+}

src/AliasVault.Admin/Main/Pages/Home.razor

@@ -1,21 +0,0 @@
-@page "/"
-@inherits MainBase
-
-<LayoutPageTitle>Home</LayoutPageTitle>
-
-<PageHeader
-    BreadcrumbItems="@BreadcrumbItems"
-    Title="AliasVault Admin"
-    Description="Welcome to the AliasVault admin portal.">
-</PageHeader>
-
-@code {
-    /// <inheritdoc />
-    protected override void OnInitialized()
-    {
-        base.OnInitialized();
-
-        // Redirect to users page.
-        NavigationService.RedirectTo("users");
-    }
-}

src/AliasVault.Admin/Main/Pages/MainBase.cs

@@ -23,7 +23,7 @@ using Microsoft.JSInterop;
 /// Also, a default set of breadcrumbs is added in the parent OnInitialized method.
 /// </summary>
 [Authorize]
-public class MainBase : OwningComponentBase
+public abstract class MainBase : OwningComponentBase
 {
     /// <summary>
     /// Gets or sets the NavigationService instance responsible for handling navigation, replaces the default NavigationManager.
@@ -102,18 +102,6 @@ public class MainBase : OwningComponentBase
         BreadcrumbItems.Add(new BreadcrumbItem { DisplayName = "Home", Url = NavigationService.BaseUri });
     }
 
-    /// <inheritdoc />
-    protected override async Task OnAfterRenderAsync(bool firstRender)
-    {
-        await base.OnAfterRenderAsync(firstRender);
-
-        // Check if 2FA is enabled. If not, show a persistent notification.
-        if (!UserService.User().TwoFactorEnabled)
-        {
-            GlobalNotificationService.AddWarningMessage("Two-factor authentication is not enabled. Please enable it in Account Settings for better security.");
-        }
-    }
-
     /// <summary>
     /// Gets the username from the authentication state asynchronously.
     /// </summary>

src/AliasVault.Admin/Main/Pages/Settings/Server.razor

@@ -0,0 +1,99 @@
+@page "/settings/server"
+@inject ServerSettingsService SettingsService
+@using AliasVault.Shared.Server.Models
+@using AliasVault.Shared.Server.Services
+@inherits MainBase
+
+<LayoutPageTitle>Server settings</LayoutPageTitle>
+
+<PageHeader
+    BreadcrumbItems="@BreadcrumbItems"
+    Title="Server settings"
+    Description="Configure AliasVault server settings.">
+    <CustomActions>
+        <ConfirmButton OnClick="SaveSettings">Save changes</ConfirmButton>
+    </CustomActions>
+</PageHeader>
+
+<div class="px-4">
+    <div class="p-4 mb-4 mx-4 bg-white border border-gray-200 rounded-lg shadow-sm dark:border-gray-700 sm:p-6 dark:bg-gray-800">
+        <h3 class="mb-4 text-lg font-medium text-gray-900 dark:text-white">Data Retention</h3>
+        <div class="grid gap-4 mb-4 sm:grid-cols-2 sm:gap-6 sm:mb-5">
+            <div>
+                <label for="generalLogRetention" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">General Log Retention (days)</label>
+                <input type="number" @bind="Settings.GeneralLogRetentionDays" id="generalLogRetention" class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-primary-500 dark:focus:border-primary-500">
+                <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Set to 0 to disable automatic cleanup</p>
+            </div>
+            <div>
+                <label for="authLogRetention" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">Auth Log Retention (days)</label>
+                <input type="number" @bind="Settings.AuthLogRetentionDays" id="authLogRetention" class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-primary-500 dark:focus:border-primary-500">
+                <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Set to 0 to disable automatic cleanup</p>
+            </div>
+            <div>
+                <label for="emailRetention" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">Email Retention (days)</label>
+                <input type="number" @bind="Settings.EmailRetentionDays" id="emailRetention" class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-primary-500 dark:focus:border-primary-500">
+                <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Set to 0 to disable automatic cleanup</p>
+            </div>
+            <div>
+                <label for="maxEmails" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">Max Emails per User</label>
+                <input type="number" @bind="Settings.MaxEmailsPerUser" id="maxEmails" class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-primary-500 dark:focus:border-primary-500">
+                <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Set to 0 for unlimited emails</p>
+            </div>
+        </div>
+
+        <h3 class="mb-4 text-lg font-medium text-gray-900 dark:text-white">Maintenance Schedule</h3>
+        <div class="mb-4">
+            <label for="schedule" class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">Time (24h format)</label>
+            <input type="time" @bind="Settings.MaintenanceTime" id="schedule" class="bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-600 focus:border-primary-600 block w-full p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white dark:focus:ring-primary-500 dark:focus:border-primary-500">
+            <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Time when maintenance tasks are run</p>
+        </div>
+        <div class="mb-4">
+            <label class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">Run on Days</label>
+            <div class="flex flex-wrap gap-4">
+                @foreach (var day in DaysOfWeek)
+                {
+                    var isSelected = Settings.TaskRunnerDays.Contains(day.Key);
+                    <div class="flex items-center">
+                        <input type="checkbox" checked="@isSelected" @onchange="@(e => ToggleDay(day.Key))" id="@($"day_{day.Key}")" class="w-4 h-4 text-blue-600 bg-gray-100 border-gray-300 rounded focus:ring-blue-500 dark:focus:ring-blue-600 dark:ring-offset-gray-800 focus:ring-2 dark:bg-gray-700 dark:border-gray-600">
+                        <label for="@($"day_{day.Key}")" class="ml-2 text-sm font-medium text-gray-900 dark:text-gray-300">@day.Value</label>
+                    </div>
+                }
+            </div>
+        </div>
+    </div>
+</div>
+
+@code {
+    private ServerSettingsModel Settings { get; set; } = new();
+
+    private readonly Dictionary<int, string> DaysOfWeek = new()
+    {
+        { 1, "Monday" },
+        { 2, "Tuesday" },
+        { 3, "Wednesday" },
+        { 4, "Thursday" },
+        { 5, "Friday" },
+        { 6, "Saturday" },
+        { 7, "Sunday" }
+    };
+
+    /// <inheritdoc/>
+    protected override async Task OnInitializedAsync()
+    {
+        Settings = await SettingsService.GetAllSettingsAsync();
+    }
+
+    private void ToggleDay(int day)
+    {
+        if (Settings.TaskRunnerDays.Contains(day))
+            Settings.TaskRunnerDays.Remove(day);
+        else
+            Settings.TaskRunnerDays.Add(day);
+    }
+
+    private async Task SaveSettings()
+    {
+        await SettingsService.SaveSettingsAsync(Settings);
+        GlobalNotificationService.AddSuccessMessage("Settings saved successfully", true);
+    }
+}

src/AliasVault.Admin/Main/Pages/Users/View/Components/EmailClaimTable.razor

@@ -7,6 +7,7 @@
             <SortableTableColumn IsPrimary="true">@entry.Id</SortableTableColumn>
             <SortableTableColumn>@entry.CreatedAt.ToString("yyyy-MM-dd HH:mm")</SortableTableColumn>
             <SortableTableColumn>@entry.Address</SortableTableColumn>
+            <SortableTableColumn>@entry.EmailCount</SortableTableColumn>
         </SortableTableRow>
     }
 </SortableTable>
@@ -16,7 +17,7 @@
     /// Gets or sets the list of email claims to display.
     /// </summary>
     [Parameter]
-    public List<UserEmailClaim> EmailClaimList { get; set; } = [];
+    public List<UserEmailClaimWithCount> EmailClaimList { get; set; } = [];
 
     private string SortColumn { get; set; } = "CreatedAt";
     private SortDirection SortDirection { get; set; } = SortDirection.Descending;
@@ -25,9 +26,10 @@
         new TableColumn { Title = "ID", PropertyName = "Id" },
         new TableColumn { Title = "Created", PropertyName = "CreatedAt" },
         new TableColumn { Title = "Email", PropertyName = "Address" },
+        new TableColumn { Title = "Email Count", PropertyName = "EmailCount" },
     ];
 
-    private IEnumerable<UserEmailClaim> SortedEmailClaimList => SortList(EmailClaimList, SortColumn, SortDirection);
+    private IEnumerable<UserEmailClaimWithCount> SortedEmailClaimList => SortList(EmailClaimList, SortColumn, SortDirection);
 
     private void HandleSortChanged((string column, SortDirection direction) sort)
     {
@@ -36,13 +38,14 @@
         StateHasChanged();
     }
 
-    private static IEnumerable<UserEmailClaim> SortList(List<UserEmailClaim> emailClaims, string sortColumn, SortDirection sortDirection)
+    private static IEnumerable<UserEmailClaimWithCount> SortList(List<UserEmailClaimWithCount> emailClaims, string sortColumn, SortDirection sortDirection)
     {
         return sortColumn switch
         {
             "Id" => SortableTable.SortListByProperty(emailClaims, e => e.Id, sortDirection),
             "CreatedAt" => SortableTable.SortListByProperty(emailClaims, e => e.CreatedAt, sortDirection),
             "Address" => SortableTable.SortListByProperty(emailClaims, e => e.Address, sortDirection),
+            "EmailCount" => SortableTable.SortListByProperty(emailClaims, e => e.EmailCount, sortDirection),
             _ => emailClaims
         };
     }

src/AliasVault.Admin/Main/Pages/Users/View/Index.razor

@@ -97,7 +97,7 @@ else
     private int TwoFactorKeysCount { get; set; }
     private List<AliasVaultUserRefreshToken> RefreshTokenList { get; set; } = [];
     private List<Vault> VaultList { get; set; } = [];
-    private List<UserEmailClaim> EmailClaimList { get; set; } = [];
+    private List<UserEmailClaimWithCount> EmailClaimList { get; set; } = [];
 
     /// <inheritdoc />
     protected override async Task OnInitializedAsync()
@@ -171,7 +171,18 @@ else
             .ToListAsync();
 
         // Load all email claims for this user.
-        EmailClaimList = await DbContext.UserEmailClaims.Where(x => x.UserId == User.Id)
+        EmailClaimList = await DbContext.UserEmailClaims
+            .Where(x => x.UserId == User.Id)
+            .Select(x => new UserEmailClaimWithCount
+            {
+                Id = x.Id,
+                Address = x.Address,
+                AddressLocal = x.AddressLocal,
+                AddressDomain = x.AddressDomain,
+                CreatedAt = x.CreatedAt,
+                UpdatedAt = x.UpdatedAt,
+                EmailCount = DbContext.Emails.Count(e => e.To == x.Address)
+            })
             .OrderBy(x => x.CreatedAt)
             .ToListAsync();
 

src/AliasVault.Admin/Main/_Imports.razor

@@ -12,6 +12,7 @@
 @using AliasVault.Admin
 @using AliasVault.Admin.Auth.Components
 @using AliasVault.Admin.Main
+@using AliasVault.Admin.Main.Layout
 @using AliasVault.Admin.Main.Components
 @using AliasVault.Admin.Main.Components.Alerts
 @using AliasVault.Admin.Main.Components.Layout
@@ -27,4 +28,3 @@
 @using AliasVault.Admin.Services
 @using AliasServerDb
 @using Microsoft.AspNetCore.Authorization
-

src/AliasVault.Admin/Program.cs

@@ -17,6 +17,7 @@ using AliasVault.Auth;
 using AliasVault.Cryptography.Server;
 using AliasVault.Logging;
 using AliasVault.RazorComponents.Services;
+using AliasVault.Shared.Server.Services;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Identity;
@@ -37,6 +38,8 @@ config.LastPasswordChanged = DateTime.Parse(lastPasswordChanged, CultureInfo.Inv
 
 builder.Services.AddSingleton(config);
 
+builder.Services.AddAliasVaultDataProtection("AliasVault.Api");
+
 // Add services to the container.
 builder.Services.AddRazorComponents()
     .AddInteractiveServerComponents();
@@ -51,6 +54,7 @@ builder.Services.AddScoped<AuthenticationStateProvider, RevalidatingAuthenticati
 builder.Services.AddHttpContextAccessor();
 builder.Services.AddScoped<AuthLoggingService>();
 builder.Services.AddScoped<ConfirmModalService>();
+builder.Services.AddScoped<ServerSettingsService>();
 builder.Services.AddSingleton(new VersionedContentService(Directory.GetCurrentDirectory() + "/wwwroot"));
 
 builder.Services.AddAuthentication(options =>
@@ -85,7 +89,6 @@ builder.Services.AddIdentityCore<AdminUser>(options =>
     .AddSignInManager()
     .AddDefaultTokenProviders();
 
-builder.Services.AddAliasVaultDataProtection("AliasVault.Admin");
 builder.Services.Configure<DataProtectionTokenProviderOptions>(options =>
 {
     options.TokenLifespan = TimeSpan.FromDays(30);

src/AliasVault.Admin/Services/GlobalNotificationService.cs

@@ -139,10 +139,7 @@ public class GlobalNotificationService
             messages.Add(new KeyValuePair<string, string>("error", message));
         }
 
-        // Clear messages
-        SuccessMessages.Clear();
-        InfoMessages.Clear();
-        ErrorMessages.Clear();
+        ClearMessages();
 
         return messages;
     }

src/AliasVault.Admin/wwwroot/css/tailwind.css

@@ -988,6 +988,14 @@ video {
   justify-content: space-between;
 }
 
+.gap-4 {
+  gap: 1rem;
+}
+
+.gap-8 {
+  gap: 2rem;
+}
+
 .space-x-1 > :not([hidden]) ~ :not([hidden]) {
   --tw-space-x-reverse: 0;
   margin-right: calc(0.25rem * var(--tw-space-x-reverse));
@@ -1258,6 +1266,11 @@ video {
   background-color: rgb(251 203 116 / var(--tw-bg-opacity));
 }
 
+.bg-primary-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 224 150 / var(--tw-bg-opacity));
+}
+
 .bg-primary-500 {
   --tw-bg-opacity: 1;
   background-color: rgb(244 149 65 / var(--tw-bg-opacity));
@@ -1757,6 +1770,11 @@ video {
   color: rgb(154 93 38 / var(--tw-text-opacity));
 }
 
+.hover\:text-gray-700:hover {
+  --tw-text-opacity: 1;
+  color: rgb(55 65 81 / var(--tw-text-opacity));
+}
+
 .hover\:underline:hover {
   text-decoration-line: underline;
 }
@@ -1952,6 +1970,30 @@ video {
   background-color: rgb(113 63 18 / var(--tw-bg-opacity));
 }
 
+.dark\:bg-blue-900\/30:is(.dark *) {
+  background-color: rgb(30 58 138 / 0.3);
+}
+
+.dark\:bg-gray-700\/50:is(.dark *) {
+  background-color: rgb(55 65 81 / 0.5);
+}
+
+.dark\:bg-green-900\/30:is(.dark *) {
+  background-color: rgb(20 83 45 / 0.3);
+}
+
+.dark\:bg-blue-950\/80:is(.dark *) {
+  background-color: rgb(23 37 84 / 0.8);
+}
+
+.dark\:bg-gray-800\/80:is(.dark *) {
+  background-color: rgb(31 41 55 / 0.8);
+}
+
+.dark\:bg-green-950\/80:is(.dark *) {
+  background-color: rgb(5 46 22 / 0.8);
+}
+
 .dark\:bg-opacity-80:is(.dark *) {
   --tw-bg-opacity: 0.8;
 }
@@ -2085,6 +2127,11 @@ video {
   color: rgb(255 255 255 / var(--tw-text-opacity));
 }
 
+.dark\:hover\:text-gray-300:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(209 213 219 / var(--tw-text-opacity));
+}
+
 .dark\:focus\:border-blue-500:focus:is(.dark *) {
   --tw-border-opacity: 1;
   border-color: rgb(59 130 246 / var(--tw-border-opacity));
@@ -2227,6 +2274,10 @@ video {
     width: 75%;
   }
 
+  .md\:grid-cols-2 {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
   .md\:grid-cols-3 {
     grid-template-columns: repeat(3, minmax(0, 1fr));
   }
@@ -2268,6 +2319,10 @@ video {
     order: 2;
   }
 
+  .lg\:mb-0 {
+    margin-bottom: 0px;
+  }
+
   .lg\:mt-0 {
     margin-top: 0px;
   }

src/AliasVault.Api/AliasVault.Api.csproj

@@ -23,13 +23,13 @@
         <PackageReference Include="Asp.Versioning.Mvc" Version="8.1.0" />
         <PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="8.1.0" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.0" />
-        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.0" />
+        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.1" />
         <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.2.1" />
         <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="7.0.0" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="7.1.0" />
     </ItemGroup>
 
     <ItemGroup>

src/AliasVault.Api/Controllers/AuthController.cs

@@ -137,8 +137,6 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
             return Ok(new ValidateLoginResponse(true, string.Empty, null));
         }
 
-        // If 2FA is not required, then it means the user is successfully authenticated at this point.
-
         // Reset failed login attempts.
         await userManager.ResetAccessFailedCountAsync(user);
 
@@ -246,6 +244,12 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
     {
         await using var context = await dbContextFactory.CreateDbContextAsync();
 
+        // If the token is not provided, return bad request.
+        if (string.IsNullOrWhiteSpace(tokenModel.RefreshToken))
+        {
+            return BadRequest("Refresh token is required.");
+        }
+
         var principal = GetPrincipalFromToken(tokenModel.Token);
         if (principal.FindFirst(ClaimTypes.NameIdentifier)?.Value == null)
         {
@@ -258,16 +262,14 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
             return Unauthorized("User not found (name-2)");
         }
 
-        // Check if the refresh token is valid.
-        var existingToken = await context.AliasVaultUserRefreshTokens.FirstOrDefaultAsync(t => t.UserId == user.Id && t.Value == tokenModel.RefreshToken);
-        if (existingToken == null || existingToken.ExpireDate < timeProvider.UtcNow)
+        // Generate new tokens for the user.
+        var token = await GenerateNewTokensForUser(user, tokenModel.RefreshToken);
+        if (token == null)
         {
             await authLoggingService.LogAuthEventFailAsync(user.UserName!, AuthEventType.TokenRefresh, AuthFailureReason.InvalidRefreshToken);
-            return Unauthorized("Refresh token expired");
+            return Unauthorized("Invalid refresh token");
         }
 
-        // Generate new tokens for the user.
-        var token = await GenerateNewTokensForUser(user, existingToken);
         await context.SaveChangesAsync();
 
         await authLoggingService.LogAuthEventSuccessAsync(user.UserName!, AuthEventType.TokenRefresh);
@@ -284,6 +286,12 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
     {
         await using var context = await dbContextFactory.CreateDbContextAsync();
 
+        // If the token is not provided, return bad request.
+        if (string.IsNullOrWhiteSpace(model.RefreshToken))
+        {
+            return BadRequest("Refresh token is required.");
+        }
+
         var principal = GetPrincipalFromToken(model.Token);
         if (principal.FindFirst(ClaimTypes.NameIdentifier)?.Value == null)
         {
@@ -297,16 +305,18 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
         }
 
         // Check if the refresh token is valid.
-        var deviceIdentifier = GenerateDeviceIdentifier(Request);
-        var existingToken = await context.AliasVaultUserRefreshTokens.FirstOrDefaultAsync(t => t.UserId == user.Id && t.DeviceIdentifier == deviceIdentifier);
-        if (existingToken == null || existingToken.Value != model.RefreshToken)
+        var providedTokenExists = await context.AliasVaultUserRefreshTokens.AnyAsync(t => t.UserId == user.Id && t.Value == model.RefreshToken);
+        if (!providedTokenExists)
         {
             await authLoggingService.LogAuthEventFailAsync(user.UserName!, AuthEventType.Logout, AuthFailureReason.InvalidRefreshToken);
             return Unauthorized("Invalid refresh token");
         }
 
-        // Remove the existing refresh token.
-        context.AliasVaultUserRefreshTokens.Remove(existingToken);
+        // Remove the provided refresh token and any other existing refresh tokens that are issued to the current device ID.
+        // This to make sure all tokens are revoked for this device that user is "logging out" from.
+        var deviceIdentifier = GenerateDeviceIdentifier(Request);
+        var allDeviceTokens = await context.AliasVaultUserRefreshTokens.Where(t => t.UserId == user.Id && (t.Value == model.RefreshToken || t.DeviceIdentifier == deviceIdentifier)).ToListAsync();
+        context.AliasVaultUserRefreshTokens.RemoveRange(allDeviceTokens);
         await context.SaveChangesAsync();
 
         await authLoggingService.LogAuthEventSuccessAsync(user.UserName!, AuthEventType.Logout);
@@ -333,7 +343,7 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
             UserName = model.Username,
             CreatedAt = timeProvider.UtcNow,
             UpdatedAt = timeProvider.UtcNow,
-            PasswordChangedAt = DateTime.UtcNow,
+            PasswordChangedAt = timeProvider.UtcNow,
         };
 
         user.Vaults.Add(new AliasServerDb.Vault
@@ -447,6 +457,7 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
     private static (bool IsValid, string ErrorMessage) ValidateUsername(string username)
     {
         const int minimumUsernameLength = 3;
+        const int maximumUsernameLength = 40;
         const string adminUsername = "admin";
 
         if (string.IsNullOrWhiteSpace(username))
@@ -456,7 +467,12 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
 
         if (username.Length < minimumUsernameLength)
         {
-            return (false, $"Username must be at least {minimumUsernameLength} characters long.");
+            return (false, $"Username too short: must be at least {minimumUsernameLength} characters long.");
+        }
+
+        if (username.Length > maximumUsernameLength)
+        {
+            return (false, $"Username too long: cannot be longer than {maximumUsernameLength} characters.");
         }
 
         if (string.Equals(username, adminUsername, StringComparison.OrdinalIgnoreCase))
@@ -666,9 +682,9 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
     /// to the database.
     /// </summary>
     /// <param name="user">The user to generate the tokens for.</param>
-    /// <param name="existingToken">The existing token that is being replaced (optional).</param>
-    /// <returns>TokenModel which includes new access and refresh token.</returns>
-    private async Task<TokenModel> GenerateNewTokensForUser(AliasVaultUser user, AliasVaultUserRefreshToken existingToken)
+    /// <param name="existingTokenValue">The existing token value that is being replaced (optional).</param>
+    /// <returns>TokenModel which includes new access and refresh token. Returns null if provided refresh token is invalid.</returns>
+    private async Task<TokenModel?> GenerateNewTokensForUser(AliasVaultUser user, string existingTokenValue)
     {
         await using var context = await dbContextFactory.CreateDbContextAsync();
         await Semaphore.WaitAsync();
@@ -681,7 +697,7 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
             var existingTokenReuseWindow = timeProvider.UtcNow.AddSeconds(-30);
             var existingTokenReuse = await context.AliasVaultUserRefreshTokens
                 .FirstOrDefaultAsync(t => t.UserId == user.Id &&
-                                            t.PreviousTokenValue == existingToken.Value &&
+                                            t.PreviousTokenValue == existingTokenValue &&
                                             t.CreatedAt > existingTokenReuseWindow);
 
             if (existingTokenReuse is not null)
@@ -692,21 +708,26 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
                 return new TokenModel { Token = accessToken, RefreshToken = existingTokenReuse.Value };
             }
 
-            // Remove the existing refresh token.
-            var tokenToDelete = await context.AliasVaultUserRefreshTokens.FirstOrDefaultAsync(t => t.Id == existingToken.Id);
-            if (tokenToDelete is null)
+            // Check if the refresh token still exists and is not expired.
+            var existingToken = await context.AliasVaultUserRefreshTokens.FirstOrDefaultAsync(t => t.UserId == user.Id && t.Value == existingTokenValue);
+            if (existingToken == null || existingToken.ExpireDate < timeProvider.UtcNow)
             {
-                await authLoggingService.LogAuthEventFailAsync(user.UserName!, AuthEventType.TokenRefresh, AuthFailureReason.InvalidRefreshToken);
-                throw new InvalidOperationException("Refresh token does not exist (anymore).");
+                return null;
             }
 
-            context.AliasVaultUserRefreshTokens.Remove(tokenToDelete);
+            context.AliasVaultUserRefreshTokens.Remove(existingToken);
 
             // New refresh token lifetime is the same as the existing one.
             var existingTokenLifetime = existingToken.ExpireDate - existingToken.CreatedAt;
 
+            // Retrieve new refresh token.
+            var newRefreshToken = await GenerateRefreshToken(user, existingTokenLifetime, existingToken.Value);
+
+            // After successfully retrieving new refresh token, remove the existing one by saving changes.
+            await context.SaveChangesAsync();
+
             // Return new refresh token.
-            return await GenerateRefreshToken(user, existingTokenLifetime, existingToken.Value);
+            return newRefreshToken;
         }
         finally
         {

src/AliasVault.Api/Controllers/Email/EmailController.cs

@@ -89,11 +89,8 @@ public class EmailController(ILogger<VaultController> logger, IDbContextFactory<
             return errorResult;
         }
 
-        // Delete associated attachments
-        context.EmailAttachments.RemoveRange(email!.Attachments);
-
-        // Delete the email
-        context.Emails.Remove(email);
+        // Delete the email - attachments will be cascade deleted
+        context.Emails.Remove(email!);
 
         try
         {

src/AliasVault.Api/Controllers/Security/SecurityController.cs

@@ -48,6 +48,7 @@ public class SecurityController(IDbContextFactory<AliasServerDbContext> dbContex
                 ExpireDate = x.ExpireDate,
                 CreatedAt = x.CreatedAt,
             })
+            .Where(x => x.ExpireDate > DateTime.UtcNow)
             .OrderByDescending(x => x.CreatedAt)
             .ToListAsync();
 

src/AliasVault.Api/Dockerfile

@@ -11,15 +11,11 @@ RUN dotnet restore "src/AliasVault.Api/AliasVault.Api.csproj"
 COPY . .
 
 WORKDIR "/src/src/AliasVault.Api"
-RUN dotnet build "AliasVault.Api.csproj" -c "$BUILD_CONFIGURATION" -o /app/build
-
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
 RUN dotnet publish "AliasVault.Api.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app
-COPY --from=publish /app/publish .
+COPY --from=build /app/publish .
 
 ENV ASPNETCORE_URLS=http://+:3001
 ENV ASPNETCORE_PATHBASE=/api

src/AliasVault.Api/Program.cs

@@ -26,6 +26,7 @@ builder.Configuration.AddJsonFile("appsettings.json", optional: false, reloadOnC
 builder.Configuration.AddJsonFile($"appsettings.{builder.Environment.EnvironmentName}.json", optional: true, reloadOnChange: true);
 builder.Services.ConfigureLogging(builder.Configuration, Assembly.GetExecutingAssembly().GetName().Name!, "../../logs");
 
+builder.Services.AddAliasVaultDataProtection("AliasVault.Api");
 builder.Services.AddSingleton<ITimeProvider, SystemTimeProvider>();
 builder.Services.AddScoped<TimeValidationJwtBearerEvents>();
 builder.Services.AddScoped<AuthLoggingService>();
@@ -40,8 +41,6 @@ builder.Services.AddLogging(logging =>
 });
 
 builder.Services.AddAliasVaultSqliteConfiguration();
-builder.Services.AddAliasVaultDataProtection("AliasVault.Api");
-
 builder.Services.AddIdentity<AliasVaultUser, AliasVaultRole>(options =>
     {
         options.Password.RequireDigit = false;

src/AliasVault.Client/Auth/Pages/Setup/Setup.razor

@@ -10,7 +10,7 @@
             <div class="flex-grow p-6 pt-4 lg:pt-6 pb-28 lg:pb-4">
                 <div class="flex justify-between items-center mb-4">
                     <div>
-                        <button @onclick="GoBack" class="text-gray-500 hover:text-gray-800 dark:text-gray-400 dark:hover:text-gray-200">
+                        <button @onclick="GoBack" class="text-gray-500 hover:text-gray-800 dark:text-gray-400 dark:hover:text-gray-200 @(_currentStep == SetupStep.TermsAndConditions ? "invisible" : "")">
                             <svg class="w-8 h-8" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
                                 <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 19l-7-7m0 0l7-7m-7 7h18"></path>
                             </svg>

src/AliasVault.Client/Dockerfile

@@ -18,19 +18,14 @@ COPY ["src/AliasVault.Client/AliasVault.Client.csproj", "src/AliasVault.Client/"
 RUN dotnet restore "src/AliasVault.Client/AliasVault.Client.csproj"
 COPY . .
 
-# Build the Client project
+# Build and publish
 WORKDIR "/src/src/AliasVault.Client"
-RUN dotnet build "AliasVault.Client.csproj" -c "$BUILD_CONFIGURATION" -o /app/build
-
-# Publish the Client project
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
 RUN dotnet publish "AliasVault.Client.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
 
 # Final stage
 FROM nginx:1.24.0 AS final
 WORKDIR /usr/share/nginx/html
-COPY --from=publish /app/publish/wwwroot .
+COPY --from=build /app/publish/wwwroot .
 COPY /src/AliasVault.Client/nginx.conf /etc/nginx/nginx.conf
 COPY /src/AliasVault.Client/entrypoint.sh /app/entrypoint.sh
 

src/AliasVault.Client/Main/Components/Email/RecentEmails.razor

@@ -26,7 +26,7 @@
                 <h3 class="mb-4 text-xl font-semibold dark:text-white">Email</h3>
             </div>
             <div class="flex justify-end items-center space-x-2">
-                @if (RefreshTimer is not null)
+                @if (DbService.Settings.AutoEmailRefresh)
                 {
                     <div class="w-3 h-3 mr-2 rounded-full bg-primary-300 border-2 border-primary-100 animate-pulse" title="Auto-refresh enabled"></div>
                 }
@@ -56,27 +56,27 @@
                         <div class="overflow-hidden shadow sm:rounded-lg">
                             <table class="min-w-full divide-y divide-gray-200 dark:divide-gray-600">
                                 <thead class="bg-gray-50 dark:bg-gray-700">
-                                <tr>
-                                    <th scope="col" class="p-4 text-xs font-medium tracking-wider text-left text-gray-500 uppercase dark:text-white">
-                                        Subject
-                                    </th>
-                                    <th scope="col" class="p-4 text-xs font-medium tracking-wider text-left text-gray-500 uppercase dark:text-white">
-                                        Date &amp; Time
-                                    </th>
-                                </tr>
+                                    <tr>
+                                        <th scope="col" class="p-4 text-xs font-medium tracking-wider text-left text-gray-500 uppercase dark:text-white">
+                                            Subject
+                                        </th>
+                                        <th scope="col" class="p-4 text-xs font-medium tracking-wider text-left text-gray-500 uppercase dark:text-white">
+                                            Date &amp; Time
+                                        </th>
+                                    </tr>
                                 </thead>
                                 <tbody class="bg-white dark:bg-gray-800">
-                                @foreach (var mail in MailboxEmails)
-                                {
-                                    <tr class="hover:bg-gray-50 dark:hover:bg-gray-600">
-                                        <td class="p-4 text-sm font-normal text-gray-900 whitespace-nowrap dark:text-white">
-                                            <span class="cursor-pointer" @onclick="() => OpenEmail(mail.Id)">@(mail.Subject.Substring(0, mail.Subject.Length > 30 ? 30 : mail.Subject.Length))...</span>
-                                        </td>
-                                        <td class="p-4 text-sm font-normal text-gray-500 whitespace-nowrap dark:text-gray-400">
-                                            <span class="cursor-pointer" @onclick="() => OpenEmail(mail.Id)">@mail.DateSystem</span>
-                                        </td>
-                                    </tr>
-                                }
+                                    @foreach (var mail in MailboxEmails)
+                                    {
+                                        <tr class="hover:bg-gray-50 dark:hover:bg-gray-600">
+                                            <td class="p-4 text-sm font-normal text-gray-900 whitespace-nowrap dark:text-white">
+                                                <span class="cursor-pointer" @onclick="() => OpenEmail(mail.Id)">@(mail.Subject.Substring(0, mail.Subject.Length > 30 ? 30 : mail.Subject.Length))...</span>
+                                            </td>
+                                            <td class="p-4 text-sm font-normal text-gray-500 whitespace-nowrap dark:text-gray-400">
+                                                <span class="cursor-pointer" @onclick="() => OpenEmail(mail.Id)">@mail.DateSystem</span>
+                                            </td>
+                                        </tr>
+                                    }
                                 </tbody>
                             </table>
                         </div>
@@ -99,13 +99,56 @@
     private EmailApiModel Email { get; set; } = new();
     private bool EmailModalVisible { get; set; }
     private string Error { get; set; } = string.Empty;
-    private Timer? RefreshTimer { get; set; }
 
     private bool IsRefreshing { get; set; } = true;
     private bool IsLoading { get; set; } = true;
 
     private bool IsSpamOk { get; set; } = false;
 
+    private bool IsPageVisible { get; set; } = true;
+    private CancellationTokenSource? PollingCancellationTokenSource { get; set; }
+    private const int ACTIVE_TAB_REFRESH_INTERVAL = 2000; // 2 seconds
+    private readonly SemaphoreSlim RefreshSemaphore = new(1, 1);
+    private DateTime LastRefreshTime = DateTime.MinValue;
+
+    /// <summary>
+    /// Callback invoked by JavaScript when the page visibility changes.
+    /// </summary>
+    /// <param name="isVisible">Boolean whether the page is visible or not.</param>
+    /// <returns>Task.</returns>
+    [JSInvokable]
+    public async Task OnVisibilityChange(bool isVisible)
+    {
+        IsPageVisible = isVisible;
+        if (isVisible)
+        {
+            // Only enable auto-refresh if the setting is enabled.
+            if (DbService.Settings.AutoEmailRefresh)
+            {
+                await StartPolling();
+            }
+
+            // Refresh immediately when tab becomes visible
+            await ManualRefresh();
+        }
+        else
+        {
+            // Cancel polling.
+            if (PollingCancellationTokenSource is not null)
+            {
+                await PollingCancellationTokenSource.CancelAsync();
+            }
+        }
+        StateHasChanged();
+    }
+
+    /// <inheritdoc />
+    public void Dispose()
+    {
+        PollingCancellationTokenSource?.Cancel();
+        PollingCancellationTokenSource?.Dispose();
+        RefreshSemaphore.Dispose();
+    }
 
     /// <inheritdoc />
     protected override async Task OnInitializedAsync()
@@ -124,12 +167,29 @@
         }
         IsSpamOk = IsSpamOkDomain(EmailAddress);
 
+        // Set up visibility change detection
+        await JsInteropService.RegisterVisibilityCallback(DotNetObjectReference.Create(this));
+
         // Only enable auto-refresh if the setting is enabled.
         if (DbService.Settings.AutoEmailRefresh)
         {
-            RefreshTimer = new Timer(2000);
-            RefreshTimer.Elapsed += async (sender, e) => await TimerRefresh();
-            RefreshTimer.Start();
+            await StartPolling();
+        }
+    }
+
+    /// <inheritdoc />
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        await base.OnAfterRenderAsync(firstRender);
+
+        if (!ShowComponent)
+        {
+            return;
+        }
+
+        if (firstRender)
+        {
+            await ManualRefresh();
         }
     }
 
@@ -146,25 +206,62 @@
         IsSpamOk = IsSpamOkDomain(EmailAddress);
     }
 
-    /// <inheritdoc />
-    public void Dispose()
+    /// <summary>
+    /// Start the polling for new emails.
+    /// </summary>
+    /// <returns>Task.</returns>
+    private async Task StartPolling()
     {
-        RefreshTimer?.Dispose();
+        if (PollingCancellationTokenSource is not null)
+        {
+            await PollingCancellationTokenSource.CancelAsync();
+        }
+
+        PollingCancellationTokenSource = new CancellationTokenSource();
+
+        try
+        {
+            while (!PollingCancellationTokenSource.Token.IsCancellationRequested)
+            {
+                if (IsPageVisible)
+                {
+                    // Only auto refresh when the tab is visible.
+                    await RefreshWithThrottling();
+                    await Task.Delay(ACTIVE_TAB_REFRESH_INTERVAL, PollingCancellationTokenSource.Token);
+                }
+            }
+        }
+        catch (OperationCanceledException)
+        {
+            // Normal cancellation, ignore
+        }
     }
 
-    /// <inheritdoc />
-    protected override async Task OnAfterRenderAsync(bool firstRender)
+    /// <summary>
+    /// Refresh the emails with throttling to prevent multiple refreshes at the same time.
+    /// </summary>
+    /// <returns></returns>
+    private async Task RefreshWithThrottling()
     {
-        await base.OnAfterRenderAsync(firstRender);
-
-        if (!ShowComponent)
+        if (!await RefreshSemaphore.WaitAsync(0)) // Don't wait if a refresh is in progress
         {
             return;
         }
 
-        if (firstRender)
+        try
         {
-            await ManualRefresh();
+            var timeSinceLastRefresh = DateTime.UtcNow - LastRefreshTime;
+            if (timeSinceLastRefresh.TotalMilliseconds < ACTIVE_TAB_REFRESH_INTERVAL)
+            {
+                return;
+            }
+
+            await LoadRecentEmailsAsync();
+            LastRefreshTime = DateTime.UtcNow;
+        }
+        finally
+        {
+            RefreshSemaphore.Release();
         }
     }
 
@@ -184,15 +281,10 @@
         return Config.PrivateEmailDomains.Exists(x => email.EndsWith(x));
     }
 
-    private async Task TimerRefresh()
-    {
-        IsRefreshing = true;
-        StateHasChanged();
-        await LoadRecentEmailsAsync();
-        IsRefreshing = false;
-        StateHasChanged();
-    }
-
+    /// <summary>
+    /// Manually refresh the emails.
+    /// </summary>
+    /// <returns></returns>
     private async Task ManualRefresh()
     {
         IsLoading = true;
@@ -202,6 +294,10 @@
         StateHasChanged();
     }
 
+    /// <summary>
+    /// (Re)load recent emails by making an API call to the server.
+    /// </summary>
+    /// <returns>Task.</returns>
     private async Task LoadRecentEmailsAsync()
     {
         if (!ShowComponent || EmailAddress is null)

src/AliasVault.Client/Main/Layout/MainLayout.razor

@@ -8,7 +8,7 @@
             <ConfirmModal />
             <FullScreenLoadingIndicator @ref="LoadingIndicator" />
             <TopMenu />
-            <div class="flex pt-16 pb-4 lg:pb-16 overflow-hidden bg-gray-100 dark:bg-gray-900">
+            <div class="flex pt-16 mb-4 lg:mb-16 overflow-hidden bg-gray-100 dark:bg-gray-900 relative z-20">
                 <div id="main-content" class="relative z-10 w-full max-w-screen-2xl mx-auto h-full overflow-y-auto bg-gray-100 dark:bg-gray-900">
                     <main>
                         <GlobalNotificationDisplay />

src/AliasVault.Client/Main/Pages/MainBase.cs

@@ -19,7 +19,7 @@ using Microsoft.AspNetCore.Components.Authorization;
 /// All pages that inherit from this class will receive default injected components that are used globally.
 /// Also, a default set of breadcrumbs is added in the parent OnInitialized method.
 /// </summary>
-public class MainBase : OwningComponentBase
+public abstract class MainBase : OwningComponentBase
 {
     private const string ReturnUrlKey = "returnUrl";
     private bool _parametersInitialSet;

src/AliasVault.Client/Main/Pages/Settings/Security/Components/QuickVaultUnlockSection.razor

@@ -85,7 +85,7 @@
     /// </summary>
     public async Task DisableWebAuthn()
     {
-        await AuthService.SetWebAuthnEnabledAsync(false, string.Empty, string.Empty, string.Empty);
+        await AuthService.SetWebAuthnEnabledAsync(false);
         GlobalNotificationService.AddSuccessMessage("Quick Vault Unlock is successfully disabled.", true);
         await LoadData();
     }

src/AliasVault.Client/Services/Auth/AuthService.cs

@@ -194,7 +194,7 @@ public sealed class AuthService(HttpClient httpClient, ILocalStorageService loca
     /// <param name="webauthSalt">WebAuthn salt.</param>
     /// <param name="webauthCredentialDerivedKey">WebAuthn credential derived key.</param>
     /// <returns>Task.</returns>
-    public async Task SetWebAuthnEnabledAsync(bool enabled, string? webauthCredentialId, string? webauthSalt, string? webauthCredentialDerivedKey)
+    public async Task SetWebAuthnEnabledAsync(bool enabled, string? webauthCredentialId = null, string? webauthSalt = null, string? webauthCredentialDerivedKey = null)
     {
         await localStorage.SetItemAsStringAsync("webAuthnEnabled", enabled.ToString().ToLower());
 
@@ -311,7 +311,7 @@ public sealed class AuthService(HttpClient httpClient, ILocalStorageService loca
     private async Task RevokeTokenAsync()
     {
         // Remove webauthn enabled flag.
-        await SetWebAuthnEnabledAsync(false, null, null, null);
+        await SetWebAuthnEnabledAsync(false);
 
         var tokenInput = new TokenModel
         {

src/AliasVault.Client/Services/JsInteropService.cs

@@ -9,6 +9,7 @@ namespace AliasVault.Client.Services;
 
 using System.Security.Cryptography;
 using System.Text.Json;
+using Microsoft.EntityFrameworkCore.Metadata.Internal;
 using Microsoft.JSInterop;
 
 /// <summary>
@@ -237,6 +238,16 @@ public sealed class JsInteropService(IJSRuntime jsRuntime)
         await jsRuntime.InvokeVoidAsync("window.scrollTo", 0, 0);
     }
 
+    /// <summary>
+    /// Registers a visibility callback which is invoked when the visibility of component changes in client.
+    /// </summary>
+    /// <typeparam name="TComponent">Component type.</typeparam>
+    /// <param name="objRef">DotNetObjectReference.</param>
+    /// <returns>Task.</returns>
+    public async Task RegisterVisibilityCallback<TComponent>(DotNetObjectReference<TComponent> objRef)
+        where TComponent : class =>
+        await jsRuntime.InvokeVoidAsync("window.registerVisibilityCallback", objRef);
+
     /// <summary>
     /// Represents the result of a WebAuthn get credential operation.
     /// </summary>

src/AliasVault.Client/wwwroot/css/app.css

@@ -1,10 +1,8 @@
 #blazor-error-ui {
-    background: lightyellow;
     bottom: 0;
     box-shadow: 0 -1px 2px rgba(0, 0, 0, 0.2);
     display: none;
     left: 0;
-    padding: 0.6rem 1.25rem 0.7rem 1.25rem;
     position: fixed;
     width: 100%;
     z-index: 1000;
@@ -18,7 +16,6 @@
 }
 
 .blazor-error-boundary {
-    background: url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTYiIGhlaWdodD0iNDkiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIG92ZXJmbG93PSJoaWRkZW4iPjxkZWZzPjxjbGlwUGF0aCBpZD0iY2xpcDAiPjxyZWN0IHg9IjIzNSIgeT0iNTEiIHdpZHRoPSI1NiIgaGVpZ2h0PSI0OSIvPjwvY2xpcFBhdGg+PC9kZWZzPjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMCkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yMzUgLTUxKSI+PHBhdGggZD0iTTI2My41MDYgNTFDMjY0LjcxNyA1MSAyNjUuODEzIDUxLjQ4MzcgMjY2LjYwNiA1Mi4yNjU4TDI2Ny4wNTIgNTIuNzk4NyAyNjcuNTM5IDUzLjYyODMgMjkwLjE4NSA5Mi4xODMxIDI5MC41NDUgOTIuNzk1IDI5MC42NTYgOTIuOTk2QzI5MC44NzcgOTMuNTEzIDI5MSA5NC4wODE1IDI5MSA5NC42NzgyIDI5MSA5Ny4wNjUxIDI4OS4wMzggOTkgMjg2LjYxNyA5OUwyNDAuMzgzIDk5QzIzNy45NjMgOTkgMjM2IDk3LjA2NTEgMjM2IDk0LjY3ODIgMjM2IDk0LjM3OTkgMjM2LjAzMSA5NC4wODg2IDIzNi4wODkgOTMuODA3MkwyMzYuMzM4IDkzLjAxNjIgMjM2Ljg1OCA5Mi4xMzE0IDI1OS40NzMgNTMuNjI5NCAyNTkuOTYxIDUyLjc5ODUgMjYwLjQwNyA1Mi4yNjU4QzI2MS4yIDUxLjQ4MzcgMjYyLjI5NiA1MSAyNjMuNTA2IDUxWk0yNjMuNTg2IDY2LjAxODNDMjYwLjczNyA2Ni4wMTgzIDI1OS4zMTMgNjcuMTI0NSAyNTkuMzEzIDY5LjMzNyAyNTkuMzEzIDY5LjYxMDIgMjU5LjMzMiA2OS44NjA4IDI1OS4zNzEgNzAuMDg4N0wyNjEuNzk1IDg0LjAxNjEgMjY1LjM4IDg0LjAxNjEgMjY3LjgyMSA2OS43NDc1QzI2Ny44NiA2OS43MzA5IDI2Ny44NzkgNjkuNTg3NyAyNjcuODc5IDY5LjMxNzkgMjY3Ljg3OSA2Ny4xMTgyIDI2Ni40NDggNjYuMDE4MyAyNjMuNTg2IDY2LjAxODNaTTI2My41NzYgODYuMDU0N0MyNjEuMDQ5IDg2LjA1NDcgMjU5Ljc4NiA4Ny4zMDA1IDI1OS43ODYgODkuNzkyMSAyNTkuNzg2IDkyLjI4MzcgMjYxLjA0OSA5My41Mjk1IDI2My41NzYgOTMuNTI5NSAyNjYuMTE2IDkzLjUyOTUgMjY3LjM4NyA5Mi4yODM3IDI2Ny4zODcgODkuNzkyMSAyNjcuMzg3IDg3LjMwMDUgMjY2LjExNiA4Ni4wNTQ3IDI2My41NzYgODYuMDU0N1oiIGZpbGw9IiNGRkU1MDAiIGZpbGwtcnVsZT0iZXZlbm9kZCIvPjwvZz48L3N2Zz4=) no-repeat 1rem/1.8rem, #b32121;
     padding: 1rem 1rem 1rem 3.7rem;
     color: white;
 }

src/AliasVault.Client/wwwroot/css/tailwind.css

@@ -690,6 +690,10 @@ video {
   z-index: 50;
 }
 
+.z-20 {
+  z-index: 20;
+}
+
 .col-span-1 {
   grid-column: span 1 / span 1;
 }
@@ -1024,6 +1028,10 @@ video {
   max-width: 36rem;
 }
 
+.max-w-screen-xl {
+  max-width: 1280px;
+}
+
 .flex-shrink-0 {
   flex-shrink: 0;
 }
@@ -1350,6 +1358,11 @@ video {
   border-color: rgb(214 131 56 / var(--tw-border-opacity));
 }
 
+.border-red-500 {
+  --tw-border-opacity: 1;
+  border-color: rgb(239 68 68 / var(--tw-border-opacity));
+}
+
 .bg-amber-50 {
   --tw-bg-opacity: 1;
   background-color: rgb(255 251 235 / var(--tw-bg-opacity));
@@ -1895,6 +1908,11 @@ video {
   color: rgb(133 77 14 / var(--tw-text-opacity));
 }
 
+.text-amber-500 {
+  --tw-text-opacity: 1;
+  color: rgb(245 158 11 / var(--tw-text-opacity));
+}
+
 .opacity-0 {
   opacity: 0;
 }
@@ -2070,6 +2088,11 @@ video {
   background-color: rgb(153 27 27 / var(--tw-bg-opacity));
 }
 
+.hover\:bg-red-700:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(185 28 28 / var(--tw-bg-opacity));
+}
+
 .hover\:from-primary-600:hover {
   --tw-gradient-from: #d68338 var(--tw-gradient-from-position);
   --tw-gradient-to: rgb(214 131 56 / 0) var(--tw-gradient-to-position);
@@ -2125,6 +2148,11 @@ video {
   color: rgb(255 255 255 / var(--tw-text-opacity));
 }
 
+.hover\:text-red-200:hover {
+  --tw-text-opacity: 1;
+  color: rgb(254 202 202 / var(--tw-text-opacity));
+}
+
 .hover\:underline:hover {
   text-decoration-line: underline;
 }
@@ -2280,6 +2308,11 @@ video {
   border-color: rgb(234 179 8 / var(--tw-border-opacity));
 }
 
+.dark\:border-red-800:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(153 27 27 / var(--tw-border-opacity));
+}
+
 .dark\:bg-blue-800:is(.dark *) {
   --tw-bg-opacity: 1;
   background-color: rgb(30 64 175 / var(--tw-bg-opacity));
@@ -2360,6 +2393,11 @@ video {
   background-color: rgb(113 63 18 / var(--tw-bg-opacity));
 }
 
+.dark\:bg-red-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(127 29 29 / var(--tw-bg-opacity));
+}
+
 .dark\:bg-opacity-80:is(.dark *) {
   --tw-bg-opacity: 0.8;
 }
@@ -2638,6 +2676,10 @@ video {
     width: auto;
   }
 
+  .sm\:flex-row {
+    flex-direction: row;
+  }
+
   .sm\:rounded-lg {
     border-radius: 0.5rem;
   }
@@ -2764,6 +2806,10 @@ video {
     margin-top: 4rem;
   }
 
+  .lg\:mb-16 {
+    margin-bottom: 4rem;
+  }
+
   .lg\:block {
     display: block;
   }

src/AliasVault.Client/wwwroot/index.template.html

@@ -70,10 +70,30 @@
     <div id="app">
     </div>
 
-    <div id="blazor-error-ui">
-        An unhandled error has occurred.
-        <a href="" class="reload">Reload</a>
-        <a class="dismiss">🗙</a>
+    <div id="blazor-error-ui" class="text-white bg-red-700 dark:bg-red-900 p-6 border-t-2 border-red-500 dark:border-red-800">
+        <div class="container mx-auto max-w-screen-xl px-4">
+            <div class="flex flex-col sm:flex-row items-center justify-between gap-4">
+                <div class="flex items-center">
+                    <svg class="w-8 h-8 text-white mr-4 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
+                    </svg>
+                    <span>An unhandled error has occurred. Please try reloading the page. If the issue persists, please contact support.</span>
+                </div>
+                <div class="flex items-center gap-4">
+                    <a href="" class="reload flex items-center px-4 py-2 bg-red-600 hover:bg-red-700 rounded-md transition-colors duration-150">
+                        <svg class="w-4 h-4 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"/>
+                        </svg>
+                        Reload Page
+                    </a>
+                    <a class="dismiss hover:text-red-200">
+                        <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/>
+                        </svg>
+                    </a>
+                </div>
+            </div>
+        </div>
     </div>
 
     <script>

src/AliasVault.Client/wwwroot/js/utilities.js

@@ -298,3 +298,9 @@ async function createWebAuthnCredentialAndDeriveKey(username) {
         return { Error: "WEBAUTHN_CREATE_ERROR", Message: createError.message };
     }
 }
+
+window.registerVisibilityCallback = function (dotnetHelper) {
+    document.addEventListener("visibilitychange", function () {
+        dotnetHelper.invokeMethodAsync('OnVisibilityChange', !document.hidden);
+    });
+};

src/Databases/AliasServerDb/AliasServerDbContext.cs

@@ -126,6 +126,11 @@ public class AliasServerDbContext : WorkerStatusDbContext, IDataProtectionKeyCon
     /// </summary>
     public DbSet<AuthLog> AuthLogs { get; set; }
 
+    /// <summary>
+    /// Gets or sets the ServerSettings DbSet.
+    /// </summary>
+    public DbSet<ServerSetting> ServerSettings { get; set; } = null!;
+
     /// <summary>
     /// The OnModelCreating method.
     /// </summary>
@@ -237,30 +242,25 @@ public class AliasServerDbContext : WorkerStatusDbContext, IDataProtectionKeyCon
     /// <param name="optionsBuilder">DbContextOptionsBuilder instance.</param>
     protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
     {
-        // If the options are not already configured, use the appsettings.json file.
-        if (!optionsBuilder.IsConfigured)
+        if (optionsBuilder.IsConfigured)
         {
-            var configuration = new ConfigurationBuilder()
+            return;
+        }
+
+        var configuration = new ConfigurationBuilder()
                 .SetBasePath(Directory.GetCurrentDirectory())
                 .AddJsonFile("appsettings.json")
                 .Build();
 
-            optionsBuilder
-                .UseSqlite(configuration.GetConnectionString("AliasServerDbContext"))
-                .UseLazyLoadingProxies();
+        // Add SQLite connection with enhanced settings
+        var connectionString = configuration.GetConnectionString("AliasServerDbContext") +
+            ";Mode=ReadWriteCreate;Cache=Shared" +
+            ";Journal Mode=WAL" +
+            ";Synchronous=Normal" +
+            ";Busy Timeout=30000";
 
-            // Set busy timeout using PRAGMA to avoid "The database file is locked" error.
-            var connection = Database.GetDbConnection();
-            if (connection.State != System.Data.ConnectionState.Open)
-            {
-                connection.Open();
-            }
-
-            using (var command = connection.CreateCommand())
-            {
-                command.CommandText = "PRAGMA busy_timeout = 5000;";
-                command.ExecuteNonQuery();
-            }
-        }
+        optionsBuilder
+            .UseSqlite(connectionString, options => options.CommandTimeout(60))
+            .UseLazyLoadingProxies();
     }
 }

src/Databases/AliasServerDb/Migrations/20241204121218_AddServerSettingsTable.Designer.cs

@@ -0,0 +1,848 @@
+// <auto-generated />
+using System;
+using AliasServerDb;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+#nullable disable
+
+namespace AliasServerDb.Migrations
+{
+    [DbContext(typeof(AliasServerDbContext))]
+    [Migration("20241204121218_AddServerSettingsTable")]
+    partial class AddServerSettingsTable
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.0")
+                .HasAnnotation("Proxies:ChangeTracking", false)
+                .HasAnnotation("Proxies:CheckEquality", false)
+                .HasAnnotation("Proxies:LazyLoading", true);
+
+            modelBuilder.Entity("AliasServerDb.AdminRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("AdminRoles");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AdminUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime?>("LastPasswordChanged")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("AdminUsers");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AliasVaultRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("AliasVaultRoles");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AliasVaultUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("PasswordChangedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("AliasVaultUsers");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AliasVaultUserRefreshToken", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceIdentifier")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("ExpireDate")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("IpAddress")
+                        .HasMaxLength(45)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PreviousTokenValue")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AliasVaultUserRefreshTokens");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AuthLog", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("AdditionalInfo")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Browser")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Country")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceType")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("EventType")
+                        .HasColumnType("nvarchar(50)");
+
+                    b.Property<int?>("FailureReason")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("IpAddress")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("IsSuccess")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("IsSuspiciousActivity")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("OperatingSystem")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RequestPath")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("Timestamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserAgent")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Username")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex(new[] { "EventType" }, "IX_EventType");
+
+                    b.HasIndex(new[] { "IpAddress" }, "IX_IpAddress");
+
+                    b.HasIndex(new[] { "Timestamp" }, "IX_Timestamp");
+
+                    b.HasIndex(new[] { "Username", "IsSuccess", "Timestamp" }, "IX_Username_IsSuccess_Timestamp")
+                        .IsDescending(false, false, true);
+
+                    b.HasIndex(new[] { "Username", "Timestamp" }, "IX_Username_Timestamp")
+                        .IsDescending(false, true);
+
+                    b.ToTable("AuthLogs");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Email", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime>("Date")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateSystem")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("EncryptedSymmetricKey")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("From")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("FromDomain")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("FromLocal")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("MessageHtml")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("MessagePlain")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("MessagePreview")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("MessageSource")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PushNotificationSent")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("To")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ToDomain")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ToLocal")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid>("UserEncryptionKeyId")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("Visible")
+                        .HasColumnType("INTEGER");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Date");
+
+                    b.HasIndex("DateSystem");
+
+                    b.HasIndex("PushNotificationSent");
+
+                    b.HasIndex("ToLocal");
+
+                    b.HasIndex("UserEncryptionKeyId");
+
+                    b.HasIndex("Visible");
+
+                    b.ToTable("Emails");
+                });
+
+            modelBuilder.Entity("AliasServerDb.EmailAttachment", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<byte[]>("Bytes")
+                        .IsRequired()
+                        .HasColumnType("BLOB");
+
+                    b.Property<DateTime>("Date")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("EmailId")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Filename")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("Filesize")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("MimeType")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("EmailId");
+
+                    b.ToTable("EmailAttachments");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Log", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Application")
+                        .IsRequired()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Exception")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Level")
+                        .IsRequired()
+                        .HasMaxLength(128)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("LogEvent")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasColumnName("LogEvent");
+
+                    b.Property<string>("Message")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("MessageTemplate")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Properties")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("SourceContext")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("TimeStamp")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Application");
+
+                    b.HasIndex("TimeStamp");
+
+                    b.ToTable("Logs", (string)null);
+                });
+
+            modelBuilder.Entity("AliasServerDb.ServerSetting", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Key");
+
+                    b.ToTable("ServerSettings");
+                });
+
+            modelBuilder.Entity("AliasServerDb.UserEmailClaim", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Address")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AddressDomain")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AddressLocal")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Address")
+                        .IsUnique();
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("UserEmailClaims");
+                });
+
+            modelBuilder.Entity("AliasServerDb.UserEncryptionKey", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("IsPrimary")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("PublicKey")
+                        .IsRequired()
+                        .HasMaxLength(2000)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("UserEncryptionKeys");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Vault", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("CredentialsCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("EmailClaimsCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("EncryptionSettings")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("EncryptionType")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("FileSize")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<long>("RevisionNumber")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Salt")
+                        .IsRequired()
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("VaultBlob")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Verifier")
+                        .IsRequired()
+                        .HasMaxLength(1000)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Version")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("Vaults");
+                });
+
+            modelBuilder.Entity("AliasVault.WorkerStatus.Database.WorkerServiceStatus", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("CurrentStatus")
+                        .IsRequired()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DesiredStatus")
+                        .IsRequired()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("Heartbeat")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ServiceName")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("varchar");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("WorkerServiceStatuses");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("FriendlyName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Xml")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("DataProtectionKeys");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("RoleClaims", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("UserClaims", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.ToTable("UserLogins", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.ToTable("UserRoles", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("UserTokens", (string)null);
+                });
+
+            modelBuilder.Entity("AliasServerDb.AliasVaultUserRefreshToken", b =>
+                {
+                    b.HasOne("AliasServerDb.AliasVaultUser", "User")
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Email", b =>
+                {
+                    b.HasOne("AliasServerDb.UserEncryptionKey", "EncryptionKey")
+                        .WithMany("Emails")
+                        .HasForeignKey("UserEncryptionKeyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("EncryptionKey");
+                });
+
+            modelBuilder.Entity("AliasServerDb.EmailAttachment", b =>
+                {
+                    b.HasOne("AliasServerDb.Email", "Email")
+                        .WithMany("Attachments")
+                        .HasForeignKey("EmailId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Email");
+                });
+
+            modelBuilder.Entity("AliasServerDb.UserEmailClaim", b =>
+                {
+                    b.HasOne("AliasServerDb.AliasVaultUser", "User")
+                        .WithMany("EmailClaims")
+                        .HasForeignKey("UserId");
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("AliasServerDb.UserEncryptionKey", b =>
+                {
+                    b.HasOne("AliasServerDb.AliasVaultUser", "User")
+                        .WithMany("EncryptionKeys")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Vault", b =>
+                {
+                    b.HasOne("AliasServerDb.AliasVaultUser", "User")
+                        .WithMany("Vaults")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("AliasServerDb.AliasVaultUser", b =>
+                {
+                    b.Navigation("EmailClaims");
+
+                    b.Navigation("EncryptionKeys");
+
+                    b.Navigation("Vaults");
+                });
+
+            modelBuilder.Entity("AliasServerDb.Email", b =>
+                {
+                    b.Navigation("Attachments");
+                });
+
+            modelBuilder.Entity("AliasServerDb.UserEncryptionKey", b =>
+                {
+                    b.Navigation("Emails");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

src/Databases/AliasServerDb/Migrations/20241204121218_AddServerSettingsTable.cs

@@ -0,0 +1,36 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace AliasServerDb.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddServerSettingsTable : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "ServerSettings",
+                columns: table => new
+                {
+                    Key = table.Column<string>(type: "TEXT", maxLength: 255, nullable: false),
+                    Value = table.Column<string>(type: "TEXT", nullable: true),
+                    CreatedAt = table.Column<DateTime>(type: "TEXT", nullable: false),
+                    UpdatedAt = table.Column<DateTime>(type: "TEXT", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_ServerSettings", x => x.Key);
+                });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "ServerSettings");
+        }
+    }
+}

src/Databases/AliasServerDb/Migrations/AliasServerDbContextModelSnapshot.cs

@@ -16,7 +16,7 @@ namespace AliasServerDb.Migrations
         {
 #pragma warning disable 612, 618
             modelBuilder
-                .HasAnnotation("ProductVersion", "8.0.10")
+                .HasAnnotation("ProductVersion", "9.0.0")
                 .HasAnnotation("Proxies:ChangeTracking", false)
                 .HasAnnotation("Proxies:CheckEquality", false)
                 .HasAnnotation("Proxies:LazyLoading", true);
@@ -464,6 +464,26 @@ namespace AliasServerDb.Migrations
                     b.ToTable("Logs", (string)null);
                 });
 
+            modelBuilder.Entity("AliasServerDb.ServerSetting", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("UpdatedAt")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Key");
+
+                    b.ToTable("ServerSettings");
+                });
+
             modelBuilder.Entity("AliasServerDb.UserEmailClaim", b =>
                 {
                     b.Property<Guid>("Id")

src/Databases/AliasServerDb/ServerSetting.cs

@@ -0,0 +1,39 @@
+//-----------------------------------------------------------------------
+// <copyright file="ServerSetting.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasServerDb;
+
+using System;
+using System.ComponentModel.DataAnnotations;
+
+/// <summary>
+/// Represents a server setting in the AliasServerDb.
+/// </summary>
+public class ServerSetting
+{
+    /// <summary>
+    /// Gets or sets the key of the server setting.
+    /// </summary>
+    [Key]
+    [MaxLength(255)]
+    public string Key { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Gets or sets the value of the server setting.
+    /// </summary>
+    public string? Value { get; set; }
+
+    /// <summary>
+    /// Gets or sets the creation date of the server setting.
+    /// </summary>
+    public DateTime CreatedAt { get; set; }
+
+    /// <summary>
+    /// Gets or sets the update date of the server setting.
+    /// </summary>
+    public DateTime UpdatedAt { get; set; }
+}

src/Services/AliasVault.SmtpService/Dockerfile

@@ -10,16 +10,11 @@ COPY ["src/Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj", "src/
 RUN dotnet restore "./src/Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj"
 COPY . .
 
-# Build the SmtpService project
+# Build and publish the application
 WORKDIR "/src/src/Services/AliasVault.SmtpService"
-RUN dotnet build "./AliasVault.SmtpService.csproj" -c $BUILD_CONFIGURATION -o /app/build
-
-# Publish the application to the /app/publish directory in the container
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
-RUN dotnet publish "./AliasVault.SmtpService.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
+RUN dotnet publish "./AliasVault.SmtpService.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app
-COPY --from=publish /app/publish .
+COPY --from=build /app/publish .
 ENTRYPOINT ["dotnet", "AliasVault.SmtpService.dll"]

src/Services/AliasVault.SmtpService/Handlers/DatabaseMessageStore.cs

@@ -73,7 +73,7 @@ public class DatabaseMessageStore(ILogger<DatabaseMessageStore> logger, Config c
                 if (toAddressesFailCount == toAddressesCount)
                 {
                     // No valid recipients given.
-                    logger.LogWarning("No valid recipients in email, returning error to sender.");
+                    logger.LogInformation("No valid recipients in email, returning error to sender.");
                     return SmtpResponse.NoValidRecipientsGiven;
                 }
             }
@@ -291,14 +291,14 @@ public class DatabaseMessageStore(ILogger<DatabaseMessageStore> logger, Config c
         if (toAddress is null || !config.AllowedToDomains.Contains(toAddress.Host.ToLowerInvariant()))
         {
             // ToAddress domain is not allowed.
-            logger.LogWarning(
+            logger.LogInformation(
                 "Rejected email: email for {ToAddress} is not allowed. Domain not in allowed domain list.",
                 toAddress?.User + "@" + toAddress?.Host);
             return false;
         }
 
         // Check if the local part of the toAddress is a known alias (claimed by a user)
-        var dbContext = await dbContextFactory.CreateDbContextAsync(CancellationToken.None);
+        await using var dbContext = await dbContextFactory.CreateDbContextAsync(CancellationToken.None);
         var toAddressLocal = toAddress.User.ToLowerInvariant();
         var toAddressDomain = toAddress.Host.ToLowerInvariant();
         var userEmailClaim = await dbContext.UserEmailClaims
@@ -348,7 +348,7 @@ public class DatabaseMessageStore(ILogger<DatabaseMessageStore> logger, Config c
     /// <param name="userEncryptionKey">The public key of the user to encrypt the mail contents with.</param>
     private async Task<int> InsertEmailIntoDatabase(MimeMessage message, MailAddress toAddress, UserEncryptionKey userEncryptionKey)
     {
-        var dbContext = await dbContextFactory.CreateDbContextAsync();
+        await using var dbContext = await dbContextFactory.CreateDbContextAsync();
 
         var newEmail = ConvertMimeMessageToEmail(message, toAddress);
         newEmail = EmailEncryption.EncryptEmail(newEmail, userEncryptionKey);

src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj

@@ -0,0 +1,42 @@
+<Project Sdk="Microsoft.NET.Sdk.Worker">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <UserSecretsId>dotnet-AliasVault.TaskRunner-eaac287e-32a7-4ff9-bbf9-1925c446ef73</UserSecretsId>
+    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+    <DockerfileContext>..\..\..</DockerfileContext>
+    <LangVersion>13</LangVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <DocumentationFile>bin\Debug\net9.0\AliasVault.TaskRunner.xml</DocumentationFile>
+  </PropertyGroup>
+
+  <PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <DocumentationFile>bin\Release\net9.0\AliasVault.TaskRunner.xml</DocumentationFile>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <AdditionalFiles Include="..\..\stylecop.json" Link="stylecop.json" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="9.0.0" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Databases\AliasServerDb\AliasServerDb.csproj" />
+    <ProjectReference Include="..\..\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj" />
+    <ProjectReference Include="..\..\Utilities\AliasVault.Logging\AliasVault.Logging.csproj" />
+    <ProjectReference Include="..\..\Utilities\Cryptography\AliasVault.Cryptography.Server\AliasVault.Cryptography.Server.csproj" />
+  </ItemGroup>
+</Project>

src/Services/AliasVault.TaskRunner/Dockerfile

@@ -0,0 +1,20 @@
+FROM mcr.microsoft.com/dotnet/runtime:9.0 AS base
+WORKDIR /app
+
+FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+ARG BUILD_CONFIGURATION=Release
+WORKDIR /src
+
+# Copy the project files and restore dependencies
+COPY ["src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj", "src/Services/AliasVault.TaskRunner/"]
+RUN dotnet restore "./src/Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj"
+COPY . .
+
+# Build and publish the application
+WORKDIR "/src/src/Services/AliasVault.TaskRunner"
+RUN dotnet publish "./AliasVault.TaskRunner.csproj" -c "$BUILD_CONFIGURATION" -o /app/publish /p:UseAppHost=false
+
+FROM base AS final
+WORKDIR /app
+COPY --from=build /app/publish .
+ENTRYPOINT ["dotnet", "AliasVault.TaskRunner.dll"]