loop
/
alps
1
0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
A webmail client. Forked from https://git.sr.ht/~migadu/alps
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 Ревизии
1 Клон
708 KiB
 
 
 
 
ИН на ревизия: 01983eb7b5
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '01983eb7b5'
${ noResults }
alps/server.go

362 lines
8.2 KiB
Директен файл Blame История 

  1. package koushin

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/http"

  6. 	"net/url"

  7. 	"strings"

  8. 	"sync"

  9. 	"time"

  10. 

  11. 	"github.com/labstack/echo/v4"

  12. )

  13. 

  14. const cookieName = "koushin_session"

  15. 

  16. // Server holds all the koushin server state.

  17. type Server struct {

  18. 	e        *echo.Echo

  19. 	Sessions *SessionManager

  20. 

  21. 	mutex      sync.RWMutex // used for server reload

  22. 	plugins    []Plugin

  23. 	luaPlugins []Plugin

  24. 

  25. 	// maps protocols to URLs (protocol can be empty for auto-discovery)

  26. 	upstreams map[string]*url.URL

  27. 

  28. 	imap struct {

  29. 		host     string

  30. 		tls      bool

  31. 		insecure bool

  32. 	}

  33. 	smtp struct {

  34. 		host     string

  35. 		tls      bool

  36. 		insecure bool

  37. 	}

  38. 	defaultTheme string

  39. }

  40. 

  41. func newServer(e *echo.Echo, options *Options) (*Server, error) {

  42. 	s := &Server{e: e, defaultTheme: options.Theme}

  43. 

  44. 	s.upstreams = make(map[string]*url.URL, len(options.Upstreams))

  45. 	for _, upstream := range options.Upstreams {

  46. 		u, err := parseUpstream(upstream)

  47. 		if err != nil {

  48. 			return nil, fmt.Errorf("failed to parse upstream %q: %v", upstream, err)

  49. 		}

  50. 		if _, ok := s.upstreams[u.Scheme]; ok {

  51. 			return nil, fmt.Errorf("found two upstream servers for scheme %q", u.Scheme)

  52. 		}

  53. 		s.upstreams[u.Scheme] = u

  54. 	}

  55. 

  56. 	if err := s.parseIMAPUpstream(); err != nil {

  57. 		return nil, err

  58. 	}

  59. 	if err := s.parseSMTPUpstream(); err != nil {

  60. 		return nil, err

  61. 	}

  62. 

  63. 	s.Sessions = newSessionManager(s.dialIMAP, s.dialSMTP)

  64. 

  65. 	return s, nil

  66. }

  67. 

  68. func parseUpstream(s string) (*url.URL, error) {

  69. 	if !strings.ContainsAny(s, ":/") {

  70. 		// This is a raw domain name, make it an URL with an empty scheme

  71. 		s = "//" + s

  72. 	}

  73. 	return url.Parse(s)

  74. }

  75. 

  76. type NoUpstreamError struct {

  77. 	schemes []string

  78. }

  79. 

  80. func (err *NoUpstreamError) Error() string {

  81. 	return fmt.Sprintf("no upstream server configured for schemes %v", err.schemes)

  82. }

  83. 

  84. // Upstream retrieves the configured upstream server URL for the provided

  85. // schemes. If no configured upstream server matches, a *NoUpstreamError is

  86. // returned. An empty URL.Scheme means that the caller needs to perform

  87. // auto-discovery with URL.Host.

  88. func (s *Server) Upstream(schemes ...string) (*url.URL, error) {

  89. 	var urls []*url.URL

  90. 	for _, scheme := range append(schemes, "") {

  91. 		u, ok := s.upstreams[scheme]

  92. 		if ok {

  93. 			urls = append(urls, u)

  94. 		}

  95. 	}

  96. 	if len(urls) == 0 {

  97. 		return nil, &NoUpstreamError{schemes}

  98. 	}

  99. 	if len(urls) > 1 {

  100. 		return nil, fmt.Errorf("multiple upstream servers are configured for schemes %v", schemes)

  101. 	}

  102. 	return urls[0], nil

  103. }

  104. 

  105. func (s *Server) parseIMAPUpstream() error {

  106. 	u, err := s.Upstream("imap", "imaps", "imap+insecure")

  107. 	if err != nil {

  108. 		return fmt.Errorf("failed to parse upstream IMAP server: %v", err)

  109. 	}

  110. 

  111. 	if u.Scheme == "" {

  112. 		u, err = discoverIMAP(u.Host)

  113. 		if err != nil {

  114. 			return fmt.Errorf("failed to discover IMAP server: %v", err)

  115. 		}

  116. 	}

  117. 

  118. 	s.imap.host = u.Host

  119. 	switch u.Scheme {

  120. 	case "imap":

  121. 		// This space is intentionally left blank

  122. 	case "imaps":

  123. 		s.imap.tls = true

  124. 	case "imap+insecure":

  125. 		s.imap.insecure = true

  126. 	default:

  127. 		panic("unreachable")

  128. 	}

  129. 

  130. 	c, err := s.dialIMAP()

  131. 	if err != nil {

  132. 		return fmt.Errorf("failed to connect to IMAP server: %v", err)

  133. 	}

  134. 	c.Close()

  135. 

  136. 	s.e.Logger.Printf("Configured upstream IMAP server: %v", u)

  137. 	return nil

  138. }

  139. 

  140. func (s *Server) parseSMTPUpstream() error {

  141. 	u, err := s.Upstream("smtp", "smtps", "smtp+insecure")

  142. 	if _, ok := err.(*NoUpstreamError); ok {

  143. 		return nil

  144. 	} else if err != nil {

  145. 		return fmt.Errorf("failed to parse upstream SMTP server: %v", err)

  146. 	}

  147. 

  148. 	if u.Scheme == "" {

  149. 		u, err = discoverSMTP(u.Host)

  150. 		if err != nil {

  151. 			s.e.Logger.Printf("Failed to discover SMTP server: %v", err)

  152. 			return nil

  153. 		}

  154. 	}

  155. 

  156. 	s.smtp.host = u.Host

  157. 	switch u.Scheme {

  158. 	case "smtp":

  159. 		// This space is intentionally left blank

  160. 	case "smtps":

  161. 		s.smtp.tls = true

  162. 	case "smtp+insecure":

  163. 		s.smtp.insecure = true

  164. 	default:

  165. 		panic("unreachable")

  166. 	}

  167. 

  168. 	c, err := s.dialSMTP()

  169. 	if err != nil {

  170. 		return fmt.Errorf("failed to connect to SMTP server: %v", err)

  171. 	}

  172. 	c.Close()

  173. 

  174. 	s.e.Logger.Printf("Configured upstream SMTP server: %v", u)

  175. 	return nil

  176. }

  177. 

  178. func (s *Server) load() error {

  179. 	var plugins []Plugin

  180. 	for _, load := range pluginLoaders {

  181. 		l, err := load(s)

  182. 		if err != nil {

  183. 			return fmt.Errorf("failed to load plugins: %v", err)

  184. 		}

  185. 		for _, p := range l {

  186. 			s.e.Logger.Printf("Loaded plugin %q", p.Name())

  187. 		}

  188. 		plugins = append(plugins, l...)

  189. 	}

  190. 

  191. 	luaPlugins, err := loadAllLuaPlugins(s.e.Logger)

  192. 	if err != nil {

  193. 		return fmt.Errorf("failed to load plugins: %v", err)

  194. 	}

  195. 	plugins = append(plugins, luaPlugins...)

  196. 

  197. 	renderer := newRenderer(s.e.Logger, s.defaultTheme)

  198. 	if err := renderer.Load(plugins); err != nil {

  199. 		return fmt.Errorf("failed to load templates: %v", err)

  200. 	}

  201. 

  202. 	// Once we've loaded plugins and templates from disk (which can take time),

  203. 	// swap them in the Server struct

  204. 	s.mutex.Lock()

  205. 	defer s.mutex.Unlock()

  206. 

  207. 	// Close previous Lua plugins

  208. 	for _, p := range s.luaPlugins {

  209. 		if err := p.Close(); err != nil {

  210. 			s.e.Logger.Printf("Failed to unload plugin '%v': %v", p.Name(), err)

  211. 		}

  212. 	}

  213. 

  214. 	s.plugins = plugins

  215. 	s.luaPlugins = luaPlugins

  216. 	s.e.Renderer = renderer

  217. 

  218. 	for _, p := range plugins {

  219. 		p.SetRoutes(s.e.Group(""))

  220. 	}

  221. 

  222. 	return nil

  223. }

  224. 

  225. // Reload loads Lua plugins and templates from disk.

  226. func (s *Server) Reload() error {

  227. 	s.e.Logger.Printf("Reloading server")

  228. 	return s.load()

  229. }

  230. 

  231. // Context is the context used by HTTP handlers.

  232. //

  233. // Use a type assertion to get it from a echo.Context:

  234. //

  235. //     ctx := ectx.(*koushin.Context)

  236. type Context struct {

  237. 	echo.Context

  238. 	Server  *Server

  239. 	Session *Session // nil if user isn't logged in

  240. }

  241. 

  242. var aLongTimeAgo = time.Unix(233431200, 0)

  243. 

  244. // SetSession sets a cookie for the provided session. Passing a nil session

  245. // unsets the cookie.

  246. func (ctx *Context) SetSession(s *Session) {

  247. 	cookie := http.Cookie{

  248. 		Name:     cookieName,

  249. 		HttpOnly: true,

  250. 		// TODO: domain, secure

  251. 	}

  252. 	if s != nil {

  253. 		cookie.Value = s.token

  254. 	} else {

  255. 		cookie.Expires = aLongTimeAgo // unset the cookie

  256. 	}

  257. 	ctx.SetCookie(&cookie)

  258. }

  259. 

  260. func isPublic(path string) bool {

  261. 	if strings.HasPrefix(path, "/plugins/") {

  262. 		parts := strings.Split(path, "/")

  263. 		return len(parts) >= 4 && parts[3] == "assets"

  264. 	}

  265. 	return path == "/login" || strings.HasPrefix(path, "/themes/")

  266. }

  267. 

  268. func redirectToLogin(ctx *Context) error {

  269. 	path := ctx.Request().URL.Path

  270. 	to := "/login"

  271. 	if path != "/" && path != "/login" {

  272. 		to += "?next=" + url.QueryEscape(ctx.Request().URL.String())

  273. 	}

  274. 	return ctx.Redirect(http.StatusFound, to)

  275. }

  276. 

  277. func handleUnauthenticated(next echo.HandlerFunc, ctx *Context) error {

  278. 	// Require auth for all requests except /login and assets

  279. 	if isPublic(ctx.Request().URL.Path) {

  280. 		return next(ctx)

  281. 	} else {

  282. 		return redirectToLogin(ctx)

  283. 	}

  284. }

  285. 

  286. type Options struct {

  287. 	Upstreams []string

  288. 	Theme     string

  289. }

  290. 

  291. // New creates a new server.

  292. func New(e *echo.Echo, options *Options) (*Server, error) {

  293. 	s, err := newServer(e, options)

  294. 	if err != nil {

  295. 		return nil, err

  296. 	}

  297. 

  298. 	if err := s.load(); err != nil {

  299. 		return nil, err

  300. 	}

  301. 

  302. 	e.HTTPErrorHandler = func(err error, c echo.Context) {

  303. 		code := http.StatusInternalServerError

  304. 		if he, ok := err.(*echo.HTTPError); ok {

  305. 			code = he.Code

  306. 		} else {

  307. 			c.Logger().Error(err)

  308. 		}

  309. 		// TODO: hide internal errors

  310. 		c.String(code, err.Error())

  311. 	}

  312. 

  313. 	e.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {

  314. 		return func(ectx echo.Context) error {

  315. 			s.mutex.RLock()

  316. 			err := next(ectx)

  317. 			s.mutex.RUnlock()

  318. 			return err

  319. 		}

  320. 	})

  321. 

  322. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  323. 		return func(ectx echo.Context) error {

  324. 			// `style-src 'unsafe-inline'` is required for e-mails with

  325. 			// embedded stylesheets

  326. 			ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'")

  327. 			// DNS prefetching has privacy implications

  328. 			ectx.Response().Header().Set("X-DNS-Prefetch-Control", "off")

  329. 			return next(ectx)

  330. 		}

  331. 	})

  332. 

  333. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  334. 		return func(ectx echo.Context) error {

  335. 			ctx := &Context{Context: ectx, Server: s}

  336. 			ctx.Set("context", ctx)

  337. 

  338. 			cookie, err := ctx.Cookie(cookieName)

  339. 			if err == http.ErrNoCookie {

  340. 				return handleUnauthenticated(next, ctx)

  341. 			} else if err != nil {

  342. 				return err

  343. 			}

  344. 

  345. 			ctx.Session, err = ctx.Server.Sessions.get(cookie.Value)

  346. 			if err == errSessionExpired {

  347. 				ctx.SetSession(nil)

  348. 				return handleUnauthenticated(next, ctx)

  349. 			} else if err != nil {

  350. 				return err

  351. 			}

  352. 			ctx.Session.ping()

  353. 

  354. 			return next(ctx)

  355. 		}

  356. 	})

  357. 

  358. 	e.Static("/themes", "themes")

  359. 

  360. 	return s, nil

  361. }