5 cryptorand "crypto/rand"

26 "golang.org/x/exp/maps"

27 "golang.org/x/exp/slog"

29 "github.com/mjl-/bstore"

30 "github.com/mjl-/sherpa"

31 "github.com/mjl-/sherpadoc"

32 "github.com/mjl-/sherpaprom"

34 "github.com/mjl-/mox/dkim"

35 "github.com/mjl-/mox/dns"

36 "github.com/mjl-/mox/message"

37 "github.com/mjl-/mox/metrics"

38 "github.com/mjl-/mox/mox-"

39 "github.com/mjl-/mox/moxio"

40 "github.com/mjl-/mox/moxvar"

41 "github.com/mjl-/mox/mtasts"

42 "github.com/mjl-/mox/mtastsdb"

43 "github.com/mjl-/mox/queue"

44 "github.com/mjl-/mox/smtp"

45 "github.com/mjl-/mox/smtpclient"

46 "github.com/mjl-/mox/store"

47 "github.com/mjl-/mox/webauth"

50//go:embed api.json

51var webmailapiJSON []byte

53type Webmail struct {

54 maxMessageSize int64 // From listener.

55 cookiePath string // From listener.

56 isForwarded bool // From listener, whether we look at X-Forwarded-* headers.

59func mustParseAPI(api string, buf []byte) (doc sherpadoc.Section) {

60 err := json.Unmarshal(buf, &doc)

62 pkglog.Fatalx("parsing webmail api docs", err, slog.String("api", api))

67var webmailDoc = mustParseAPI("webmail", webmailapiJSON)

69var sherpaHandlerOpts *sherpa.HandlerOpts

71func makeSherpaHandler(maxMessageSize int64, cookiePath string, isForwarded bool) (http.Handler, error) {

72 return sherpa.NewHandler("/api/", moxvar.Version, Webmail{maxMessageSize, cookiePath, isForwarded}, &webmailDoc, sherpaHandlerOpts)

76 collector, err := sherpaprom.NewCollector("moxwebmail", nil)

78 pkglog.Fatalx("creating sherpa prometheus collector", err)

81 sherpaHandlerOpts = &sherpa.HandlerOpts{Collector: collector, AdjustFunctionNames: "none", NoCORS: true}

82 // Just to validate.

83 _, err = makeSherpaHandler(0, "", false)

85 pkglog.Fatalx("sherpa handler", err)

89// LoginPrep returns a login token, and also sets it as cookie. Both must be

90// present in the call to Login.

91func (w Webmail) LoginPrep(ctx context.Context) string {

92 log := pkglog.WithContext(ctx)

93 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

96 _, err := cryptorand.Read(data[:])

97 xcheckf(ctx, err, "generate token")

98 loginToken := base64.RawURLEncoding.EncodeToString(data[:])

100 webauth.LoginPrep(ctx, log, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken)

102 return loginToken

105// Login returns a session token for the credentials, or fails with error code

106// "user:badLogin". Call LoginPrep to get a loginToken.

107func (w Webmail) Login(ctx context.Context, loginToken, username, password string) store.CSRFToken {

108 log := pkglog.WithContext(ctx)

109 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

111 csrfToken, err := webauth.Login(ctx, log, webauth.Accounts, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken, username, password)

112 if _, ok := err.(*sherpa.Error); ok {

115 xcheckf(ctx, err, "login")

116 return csrfToken

119// Logout invalidates the session token.

120func (w Webmail) Logout(ctx context.Context) {

121 log := pkglog.WithContext(ctx)

122 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

124 err := webauth.Logout(ctx, log, webauth.Accounts, "webmail", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, reqInfo.AccountName, reqInfo.SessionToken)

125 xcheckf(ctx, err, "logout")

128// Token returns a token to use for an SSE connection. A token can only be used for

129// a single SSE connection. Tokens are stored in memory for a maximum of 1 minute,

130// with at most 10 unused tokens (the most recently created) per account.

131func (Webmail) Token(ctx context.Context) string {

132 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

133 return sseTokens.xgenerate(ctx, reqInfo.AccountName, reqInfo.LoginAddress, reqInfo.SessionToken)

136// Requests sends a new request for an open SSE connection. Any currently active

137// request for the connection will be canceled, but this is done asynchrously, so

138// the SSE connection may still send results for the previous request. Callers

139// should take care to ignore such results. If req.Cancel is set, no new request is

141func (Webmail) Request(ctx context.Context, req Request) {

142 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

144 if !req.Cancel && req.Page.Count <= 0 {

145 xcheckuserf(ctx, errors.New("Page.Count must be >= 1"), "checking request")

148 sse, ok := sseGet(req.SSEID, reqInfo.AccountName)

150 xcheckuserf(ctx, errors.New("unknown sseid"), "looking up connection")

152 sse.Request <- req

155// ParsedMessage returns enough to render the textual body of a message. It is

156// assumed the client already has other fields through MessageItem.

157func (Webmail) ParsedMessage(ctx context.Context, msgID int64) (pm ParsedMessage) {

158 log := pkglog.WithContext(ctx)

159 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

160 acc, err := store.OpenAccount(log, reqInfo.AccountName)

161 xcheckf(ctx, err, "open account")

163 err := acc.Close()

164 log.Check(err, "closing account")

167 var m store.Message

168 xdbread(ctx, acc, func(tx *bstore.Tx) {

169 m = xmessageID(ctx, tx, msgID)

172 state := msgState{acc: acc}

173 defer state.clear()

174 pm, err = parsedMessage(log, m, &state, true, false)

175 xcheckf(ctx, err, "parsing message")

179// Attachment is a MIME part is an existing message that is not intended as

180// viewable text or HTML part.

181type Attachment struct {

182 Path []int // Indices into top-level message.Part.Parts.

184 // File name based on "name" attribute of "Content-Type", or the "filename"

185 // attribute of "Content-Disposition".

188 Part message.Part

191// SubmitMessage is an email message to be sent to one or more recipients.

192// Addresses are formatted as just email address, or with a name like "name

194type SubmitMessage struct {

201 Attachments []File

202 ForwardAttachments ForwardAttachments

204 ResponseMessageID int64 // If set, this was a reply or forward, based on IsForward.

205 ReplyTo string // If non-empty, Reply-To header to add to message.

206 UserAgent string // User-Agent header added if not empty.

207 RequireTLS *bool // For "Require TLS" extension during delivery.

210// ForwardAttachments references attachments by a list of message.Part paths.

211type ForwardAttachments struct {

212 MessageID int64 // Only relevant if MessageID is not 0.

213 Paths [][]int // List of attachments, each path is a list of indices into the top-level message.Part.Parts.

216// File is a new attachment (not from an existing message that is being

217// forwarded) to send with a SubmitMessage.

218type File struct {

220 DataURI string // Full data of the attachment, with base64 encoding and including content-type.

223// parseAddress expects either a plain email address like "user@domain", or a

224// single address as used in a message header, like "name <user@domain>".

225func parseAddress(msghdr string) (message.NameAddress, error) {

226 a, err := mail.ParseAddress(msghdr)

228 return message.NameAddress{}, nil

231 // todo: parse more fully according to ../rfc/5322:959

232 path, err := smtp.ParseAddress(a.Address)

234 return message.NameAddress{}, err

236 return message.NameAddress{DisplayName: a.Name, Address: path}, nil

239func xmailboxID(ctx context.Context, tx *bstore.Tx, mailboxID int64) store.Mailbox {

240 if mailboxID == 0 {

241 xcheckuserf(ctx, errors.New("invalid zero mailbox ID"), "getting mailbox")

243 mb := store.Mailbox{ID: mailboxID}

244 err := tx.Get(&mb)

245 if err == bstore.ErrAbsent {

246 xcheckuserf(ctx, err, "getting mailbox")

248 xcheckf(ctx, err, "getting mailbox")

252// xmessageID returns a non-expunged message or panics with a sherpa error.

253func xmessageID(ctx context.Context, tx *bstore.Tx, messageID int64) store.Message {

254 if messageID == 0 {

255 xcheckuserf(ctx, errors.New("invalid zero message id"), "getting message")

257 m := store.Message{ID: messageID}

258 err := tx.Get(&m)

259 if err == bstore.ErrAbsent {

260 xcheckuserf(ctx, errors.New("message does not exist"), "getting message")

261 } else if err == nil && m.Expunged {

262 xcheckuserf(ctx, errors.New("message was removed"), "getting message")

264 xcheckf(ctx, err, "getting message")

268// MessageSubmit sends a message by submitting it the outgoing email queue. The

269// message is sent to all addresses listed in the To, Cc and Bcc addresses, without

270// Bcc message header.

272// If a Sent mailbox is configured, messages are added to it after submitting

273// to the delivery queue.

274func (w Webmail) MessageSubmit(ctx context.Context, m SubmitMessage) {

275 // Similar between ../smtpserver/server.go:/submit\( and ../webmail/webmail.go:/MessageSubmit\(

277 // todo: consider making this an HTTP POST, so we can upload as regular form, which is probably more efficient for encoding for the client and we can stream the data in.

279 // Prevent any accidental control characters, or attempts at getting bare \r or \n

280 // into messages.

281 for _, l := range [][]string{m.To, m.Cc, m.Bcc, {m.From, m.Subject, m.ReplyTo, m.UserAgent}} {

282 for _, s := range l {

283 for _, c := range s {

285 xcheckuserf(ctx, errors.New("control characters not allowed"), "checking header values")

291 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

292 log := pkglog.WithContext(ctx).With(slog.String("account", reqInfo.AccountName))

293 acc, err := store.OpenAccount(log, reqInfo.AccountName)

294 xcheckf(ctx, err, "open account")

296 err := acc.Close()

297 log.Check(err, "closing account")

300 log.Debug("message submit")

302 fromAddr, err := parseAddress(m.From)

303 xcheckuserf(ctx, err, "parsing From address")

305 var replyTo *message.NameAddress

306 if m.ReplyTo != "" {

307 a, err := parseAddress(m.ReplyTo)

308 xcheckuserf(ctx, err, "parsing Reply-To address")

312 var recipients []smtp.Address

314 var toAddrs []message.NameAddress

315 for _, s := range m.To {

316 addr, err := parseAddress(s)

317 xcheckuserf(ctx, err, "parsing To address")

318 toAddrs = append(toAddrs, addr)

319 recipients = append(recipients, addr.Address)

322 var ccAddrs []message.NameAddress

323 for _, s := range m.Cc {

324 addr, err := parseAddress(s)

325 xcheckuserf(ctx, err, "parsing Cc address")

326 ccAddrs = append(ccAddrs, addr)

327 recipients = append(recipients, addr.Address)

330 for _, s := range m.Bcc {

331 addr, err := parseAddress(s)

332 xcheckuserf(ctx, err, "parsing Bcc address")

333 recipients = append(recipients, addr.Address)

336 // Check if from address is allowed for account.

337 fromAccName, _, _, err := mox.FindAccount(fromAddr.Address.Localpart, fromAddr.Address.Domain, false)

338 if err == nil && fromAccName != reqInfo.AccountName {

339 err = mox.ErrAccountNotFound

341 if err != nil && (errors.Is(err, mox.ErrAccountNotFound) || errors.Is(err, mox.ErrDomainNotFound)) {

342 metricSubmission.WithLabelValues("badfrom").Inc()

343 xcheckuserf(ctx, errors.New("address not found"), "looking from address for account")