5 cryptorand "crypto/rand"

27 "golang.org/x/exp/maps"

29 "github.com/mjl-/bstore"

30 "github.com/mjl-/sherpa"

31 "github.com/mjl-/sherpadoc"

32 "github.com/mjl-/sherpaprom"

34 "github.com/mjl-/mox/dkim"

35 "github.com/mjl-/mox/dns"

36 "github.com/mjl-/mox/message"

37 "github.com/mjl-/mox/metrics"

38 "github.com/mjl-/mox/mox-"

39 "github.com/mjl-/mox/moxio"

40 "github.com/mjl-/mox/moxvar"

41 "github.com/mjl-/mox/mtasts"

42 "github.com/mjl-/mox/mtastsdb"

43 "github.com/mjl-/mox/queue"

44 "github.com/mjl-/mox/smtp"

45 "github.com/mjl-/mox/smtpclient"

46 "github.com/mjl-/mox/store"

47 "github.com/mjl-/mox/webauth"

50//go:embed api.json

51var webmailapiJSON []byte

53type Webmail struct {

54 maxMessageSize int64 // From listener.

55 cookiePath string // From listener.

56 isForwarded bool // From listener, whether we look at X-Forwarded-* headers.

59func mustParseAPI(api string, buf []byte) (doc sherpadoc.Section) {

60 err := json.Unmarshal(buf, &doc)

62 pkglog.Fatalx("parsing webmail api docs", err, slog.String("api", api))

67var webmailDoc = mustParseAPI("webmail", webmailapiJSON)

69var sherpaHandlerOpts *sherpa.HandlerOpts

71func makeSherpaHandler(maxMessageSize int64, cookiePath string, isForwarded bool) (http.Handler, error) {

72 return sherpa.NewHandler("/api/", moxvar.Version, Webmail{maxMessageSize, cookiePath, isForwarded}, &webmailDoc, sherpaHandlerOpts)

76 collector, err := sherpaprom.NewCollector("moxwebmail", nil)

78 pkglog.Fatalx("creating sherpa prometheus collector", err)

81 sherpaHandlerOpts = &sherpa.HandlerOpts{Collector: collector, AdjustFunctionNames: "none", NoCORS: true}

82 // Just to validate.

83 _, err = makeSherpaHandler(0, "", false)

85 pkglog.Fatalx("sherpa handler", err)

89// LoginPrep returns a login token, and also sets it as cookie. Both must be

90// present in the call to Login.

91func (w Webmail) LoginPrep(ctx context.Context) string {

92 log := pkglog.WithContext(ctx)

93 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

96 _, err := cryptorand.Read(data[:])

97 xcheckf(ctx, err, "generate token")

98 loginToken := base64.RawURLEncoding.EncodeToString(data[:])

100 webauth.LoginPrep(ctx, log, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken)

102 return loginToken

105// Login returns a session token for the credentials, or fails with error code

106// "user:badLogin". Call LoginPrep to get a loginToken.

107func (w Webmail) Login(ctx context.Context, loginToken, username, password string) store.CSRFToken {

108 log := pkglog.WithContext(ctx)

109 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

111 csrfToken, err := webauth.Login(ctx, log, webauth.Accounts, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken, username, password)

112 if _, ok := err.(*sherpa.Error); ok {

115 xcheckf(ctx, err, "login")

116 return csrfToken

119// Logout invalidates the session token.

120func (w Webmail) Logout(ctx context.Context) {

121 log := pkglog.WithContext(ctx)

122 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

124 err := webauth.Logout(ctx, log, webauth.Accounts, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, reqInfo.AccountName, reqInfo.SessionToken)

125 xcheckf(ctx, err, "logout")

128// Token returns a token to use for an SSE connection. A token can only be used for

129// a single SSE connection. Tokens are stored in memory for a maximum of 1 minute,

130// with at most 10 unused tokens (the most recently created) per account.

131func (Webmail) Token(ctx context.Context) string {

132 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

133 return sseTokens.xgenerate(ctx, reqInfo.AccountName, reqInfo.LoginAddress, reqInfo.SessionToken)

136// Requests sends a new request for an open SSE connection. Any currently active

137// request for the connection will be canceled, but this is done asynchrously, so

138// the SSE connection may still send results for the previous request. Callers

139// should take care to ignore such results. If req.Cancel is set, no new request is

141func (Webmail) Request(ctx context.Context, req Request) {

142 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

144 if !req.Cancel && req.Page.Count <= 0 {

145 xcheckuserf(ctx, errors.New("Page.Count must be >= 1"), "checking request")

148 sse, ok := sseGet(req.SSEID, reqInfo.AccountName)

150 xcheckuserf(ctx, errors.New("unknown sseid"), "looking up connection")

152 sse.Request <- req

155// ParsedMessage returns enough to render the textual body of a message. It is

156// assumed the client already has other fields through MessageItem.

157func (Webmail) ParsedMessage(ctx context.Context, msgID int64) (pm ParsedMessage) {

158 log := pkglog.WithContext(ctx)

159 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

160 acc, err := store.OpenAccount(log, reqInfo.AccountName)

161 xcheckf(ctx, err, "open account")

163 err := acc.Close()

164 log.Check(err, "closing account")

167 var m store.Message

168 xdbread(ctx, acc, func(tx *bstore.Tx) {

169 m = xmessageID(ctx, tx, msgID)

172 state := msgState{acc: acc}

173 defer state.clear()

174 pm, err = parsedMessage(log, m, &state, true, false)

175 xcheckf(ctx, err, "parsing message")

179// Attachment is a MIME part is an existing message that is not intended as

180// viewable text or HTML part.

181type Attachment struct {

182 Path []int // Indices into top-level message.Part.Parts.

184 // File name based on "name" attribute of "Content-Type", or the "filename"

185 // attribute of "Content-Disposition".

188 Part message.Part

191// SubmitMessage is an email message to be sent to one or more recipients.

192// Addresses are formatted as just email address, or with a name like "name

194type SubmitMessage struct {

201 Attachments []File

202 ForwardAttachments ForwardAttachments

204 ResponseMessageID int64 // If set, this was a reply or forward, based on IsForward.

205 ReplyTo string // If non-empty, Reply-To header to add to message.

206 UserAgent string // User-Agent header added if not empty.

207 RequireTLS *bool // For "Require TLS" extension during delivery.

208 FutureRelease *time.Time // If set, time (in the future) when message should be delivered from queue.

211// ForwardAttachments references attachments by a list of message.Part paths.

212type ForwardAttachments struct {

213 MessageID int64 // Only relevant if MessageID is not 0.

214 Paths [][]int // List of attachments, each path is a list of indices into the top-level message.Part.Parts.

217// File is a new attachment (not from an existing message that is being

218// forwarded) to send with a SubmitMessage.

219type File struct {

221 DataURI string // Full data of the attachment, with base64 encoding and including content-type.

224// parseAddress expects either a plain email address like "user@domain", or a

225// single address as used in a message header, like "name <user@domain>".

226func parseAddress(msghdr string) (message.NameAddress, error) {

227 a, err := mail.ParseAddress(msghdr)

229 return message.NameAddress{}, err

232 // todo: parse more fully according to ../rfc/5322:959

233 path, err := smtp.ParseAddress(a.Address)

235 return message.NameAddress{}, err

237 return message.NameAddress{DisplayName: a.Name, Address: path}, nil

240func xmailboxID(ctx context.Context, tx *bstore.Tx, mailboxID int64) store.Mailbox {

241 if mailboxID == 0 {

242 xcheckuserf(ctx, errors.New("invalid zero mailbox ID"), "getting mailbox")

244 mb := store.Mailbox{ID: mailboxID}

245 err := tx.Get(&mb)

246 if err == bstore.ErrAbsent {

247 xcheckuserf(ctx, err, "getting mailbox")

249 xcheckf(ctx, err, "getting mailbox")

253// xmessageID returns a non-expunged message or panics with a sherpa error.

254func xmessageID(ctx context.Context, tx *bstore.Tx, messageID int64) store.Message {

255 if messageID == 0 {

256 xcheckuserf(ctx, errors.New("invalid zero message id"), "getting message")

258 m := store.Message{ID: messageID}

259 err := tx.Get(&m)

260 if err == bstore.ErrAbsent {

261 xcheckuserf(ctx, errors.New("message does not exist"), "getting message")

262 } else if err == nil && m.Expunged {

263 xcheckuserf(ctx, errors.New("message was removed"), "getting message")

265 xcheckf(ctx, err, "getting message")

269// MessageSubmit sends a message by submitting it the outgoing email queue. The

270// message is sent to all addresses listed in the To, Cc and Bcc addresses, without

271// Bcc message header.

273// If a Sent mailbox is configured, messages are added to it after submitting

274// to the delivery queue.

275func (w Webmail) MessageSubmit(ctx context.Context, m SubmitMessage) {

276 // Similar between ../smtpserver/server.go:/submit\( and ../webmail/webmail.go:/MessageSubmit\(

278 // todo: consider making this an HTTP POST, so we can upload as regular form, which is probably more efficient for encoding for the client and we can stream the data in.

280 // Prevent any accidental control characters, or attempts at getting bare \r or \n

281 // into messages.

282 for _, l := range [][]string{m.To, m.Cc, m.Bcc, {m.From, m.Subject, m.ReplyTo, m.UserAgent}} {

283 for _, s := range l {

284 for _, c := range s {

286 xcheckuserf(ctx, errors.New("control characters not allowed"), "checking header values")

292 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

293 log := pkglog.WithContext(ctx).With(slog.String("account", reqInfo.AccountName))

294 acc, err := store.OpenAccount(log, reqInfo.AccountName)

295 xcheckf(ctx, err, "open account")

297 err := acc.Close()

298 log.Check(err, "closing account")

301 log.Debug("message submit")

303 fromAddr, err := parseAddress(m.From)

304 xcheckuserf(ctx, err, "parsing From address")

306 var replyTo *message.NameAddress

307 if m.ReplyTo != "" {

308 a, err := parseAddress(m.ReplyTo)

309 xcheckuserf(ctx, err, "parsing Reply-To address")

313 var recipients []smtp.Address

315 var toAddrs []message.NameAddress

316 for _, s := range m.To {

317 addr, err := parseAddress(s)

318 xcheckuserf(ctx, err, "parsing To address")

319 toAddrs = append(toAddrs, addr)

320 recipients = append(recipients, addr.Address)

323 var ccAddrs []message.NameAddress

324 for _, s := range m.Cc {

325 addr, err := parseAddress(s)

326 xcheckuserf(ctx, err, "parsing Cc address")

327 ccAddrs = append(ccAddrs, addr)

328 recipients = append(recipients, addr.Address)

331 for _, s := range m.Bcc {

332 addr, err := parseAddress(s)

333 xcheckuserf(ctx, err, "parsing Bcc address")

334 recipients = append(recipients, addr.Address)

337 // Check if from address is allowed for account.

338 fromAccName, _, _, err := mox.FindAccount(fromAddr.Address.Localpart, fromAddr.Address.Domain, false)

339 if err == nil && fromAccName != reqInfo.AccountName {

340 err = mox.ErrAccountNotFound

342 if err != nil && (errors.Is(err, mox.ErrAccountNotFound) || errors.Is(err, mox.ErrDomainNotFound)) {

343 metricSubmission.WithLabelValues("badfrom").Inc()

344 xcheckuserf(ctx, errors.New("address not found"), `looking up "from" address for account`)