loop
/
alps
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
A webmail client. Forked from https://git.sr.ht/~migadu/alps
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
132 提交
1 分支
708 KiB
 
 
 
 
目录树: 3340fcd63d
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '3340fcd63d'
${ noResults }
alps/server.go

355 行
8.1 KiB
原始文件 Blame 文件历史 

  1. package koushin

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/http"

  6. 	"net/url"

  7. 	"strings"

  8. 	"sync"

  9. 	"time"

  10. 

  11. 	"github.com/labstack/echo/v4"

  12. )

  13. 

  14. const cookieName = "koushin_session"

  15. 

  16. // Server holds all the koushin server state.

  17. type Server struct {

  18. 	e        *echo.Echo

  19. 	Sessions *SessionManager

  20. 

  21. 	mutex      sync.RWMutex // used for server reload

  22. 	plugins    []Plugin

  23. 	luaPlugins []Plugin

  24. 

  25. 	// maps protocols to URLs (protocol can be empty for auto-discovery)

  26. 	upstreams map[string]*url.URL

  27. 

  28. 	imap struct {

  29. 		host     string

  30. 		tls      bool

  31. 		insecure bool

  32. 	}

  33. 	smtp struct {

  34. 		host     string

  35. 		tls      bool

  36. 		insecure bool

  37. 	}

  38. 	defaultTheme string

  39. }

  40. 

  41. func newServer(e *echo.Echo, options *Options) (*Server, error) {

  42. 	s := &Server{e: e, defaultTheme: options.Theme}

  43. 

  44. 	s.upstreams = make(map[string]*url.URL, len(options.Upstreams))

  45. 	for _, upstream := range options.Upstreams {

  46. 		u, err := parseUpstream(upstream)

  47. 		if err != nil {

  48. 			return nil, fmt.Errorf("failed to parse upstream %q: %v", upstream, err)

  49. 		}

  50. 		if _, ok := s.upstreams[u.Scheme]; ok {

  51. 			return nil, fmt.Errorf("found two upstream servers for scheme %q", u.Scheme)

  52. 		}

  53. 		s.upstreams[u.Scheme] = u

  54. 	}

  55. 

  56. 	if err := s.parseIMAPUpstream(); err != nil {

  57. 		return nil, err

  58. 	}

  59. 	if err := s.parseSMTPUpstream(); err != nil {

  60. 		return nil, err

  61. 	}

  62. 

  63. 	s.Sessions = newSessionManager(s.dialIMAP, s.dialSMTP)

  64. 

  65. 	return s, nil

  66. }

  67. 

  68. func parseUpstream(s string) (*url.URL, error) {

  69. 	if !strings.ContainsAny(s, ":/") {

  70. 		// This is a raw domain name, make it an URL with an empty scheme

  71. 		s = "//" + s

  72. 	}

  73. 	return url.Parse(s)

  74. }

  75. 

  76. type NoUpstreamError struct {

  77. 	schemes []string

  78. }

  79. 

  80. func (err *NoUpstreamError) Error() string {

  81. 	return fmt.Sprintf("no upstream server configured for schemes %v", err.schemes)

  82. }

  83. 

  84. // Upstream retrieves the configured upstream server URL for the provided

  85. // schemes. If no configured upstream server matches, a *NoUpstreamError is

  86. // returned. An empty URL.Scheme means that the caller needs to perform

  87. // auto-discovery with URL.Host.

  88. func (s *Server) Upstream(schemes ...string) (*url.URL, error) {

  89. 	var urls []*url.URL

  90. 	for _, scheme := range append(schemes, "") {

  91. 		u, ok := s.upstreams[scheme]

  92. 		if ok {

  93. 			urls = append(urls, u)

  94. 		}

  95. 	}

  96. 	if len(urls) == 0 {

  97. 		return nil, &NoUpstreamError{schemes}

  98. 	}

  99. 	if len(urls) > 1 {

  100. 		return nil, fmt.Errorf("multiple upstream servers are configured for schemes %v", schemes)

  101. 	}

  102. 	return urls[0], nil

  103. }

  104. 

  105. func (s *Server) parseIMAPUpstream() error {

  106. 	u, err := s.Upstream("imap", "imaps", "imap+insecure")

  107. 	if err != nil {

  108. 		return fmt.Errorf("failed to parse upstream IMAP server: %v", err)

  109. 	}

  110. 

  111. 	if u.Scheme == "" {

  112. 		u, err = discoverIMAP(u.Host)

  113. 		if err != nil {

  114. 			return fmt.Errorf("failed to discover IMAP server: %v", err)

  115. 		}

  116. 	}

  117. 

  118. 	s.imap.host = u.Host

  119. 	switch u.Scheme {

  120. 	case "imap":

  121. 		// This space is intentionally left blank

  122. 	case "imaps":

  123. 		s.imap.tls = true

  124. 	case "imap+insecure":

  125. 		s.imap.insecure = true

  126. 	default:

  127. 		panic("unreachable")

  128. 	}

  129. 

  130. 	c, err := s.dialIMAP()

  131. 	if err != nil {

  132. 		return fmt.Errorf("failed to connect to IMAP server: %v", err)

  133. 	}

  134. 	c.Close()

  135. 

  136. 	s.e.Logger.Printf("Configured upstream IMAP server: %v", u)

  137. 	return nil

  138. }

  139. 

  140. func (s *Server) parseSMTPUpstream() error {

  141. 	u, err := s.Upstream("smtp", "smtps", "smtp+insecure")

  142. 	if _, ok := err.(*NoUpstreamError); ok {

  143. 		return nil

  144. 	} else if err != nil {

  145. 		return fmt.Errorf("failed to parse upstream SMTP server: %v", err)

  146. 	}

  147. 

  148. 	if u.Scheme == "" {

  149. 		u, err = discoverSMTP(u.Host)

  150. 		if err != nil {

  151. 			s.e.Logger.Printf("Failed to discover SMTP server: %v", err)

  152. 			return nil

  153. 		}

  154. 	}

  155. 

  156. 	s.smtp.host = u.Host

  157. 	switch u.Scheme {

  158. 	case "smtp":

  159. 		// This space is intentionally left blank

  160. 	case "smtps":

  161. 		s.smtp.tls = true

  162. 	case "smtp+insecure":

  163. 		s.smtp.insecure = true

  164. 	default:

  165. 		panic("unreachable")

  166. 	}

  167. 

  168. 	c, err := s.dialSMTP()

  169. 	if err != nil {

  170. 		return fmt.Errorf("failed to connect to SMTP server: %v", err)

  171. 	}

  172. 	c.Close()

  173. 

  174. 	s.e.Logger.Printf("Configured upstream SMTP server: %v", u)

  175. 	return nil

  176. }

  177. 

  178. func (s *Server) load() error {

  179. 	plugins := append([]Plugin(nil), plugins...)

  180. 	for _, p := range plugins {

  181. 		s.e.Logger.Printf("Registered plugin '%v'", p.Name())

  182. 	}

  183. 

  184. 	luaPlugins, err := loadAllLuaPlugins(s.e.Logger)

  185. 	if err != nil {

  186. 		return fmt.Errorf("failed to load plugins: %v", err)

  187. 	}

  188. 	plugins = append(plugins, luaPlugins...)

  189. 

  190. 	renderer := newRenderer(s.e.Logger, s.defaultTheme)

  191. 	if err := renderer.Load(plugins); err != nil {

  192. 		return fmt.Errorf("failed to load templates: %v", err)

  193. 	}

  194. 

  195. 	// Once we've loaded plugins and templates from disk (which can take time),

  196. 	// swap them in the Server struct

  197. 	s.mutex.Lock()

  198. 	defer s.mutex.Unlock()

  199. 

  200. 	// Close previous Lua plugins

  201. 	for _, p := range s.luaPlugins {

  202. 		if err := p.Close(); err != nil {

  203. 			s.e.Logger.Printf("Failed to unload plugin '%v': %v", p.Name(), err)

  204. 		}

  205. 	}

  206. 

  207. 	s.plugins = plugins

  208. 	s.luaPlugins = luaPlugins

  209. 	s.e.Renderer = renderer

  210. 

  211. 	for _, p := range plugins {

  212. 		p.SetRoutes(s.e.Group(""))

  213. 	}

  214. 

  215. 	return nil

  216. }

  217. 

  218. // Reload loads Lua plugins and templates from disk.

  219. func (s *Server) Reload() error {

  220. 	s.e.Logger.Printf("Reloading server")

  221. 	return s.load()

  222. }

  223. 

  224. // Context is the context used by HTTP handlers.

  225. //

  226. // Use a type assertion to get it from a echo.Context:

  227. //

  228. //     ctx := ectx.(*koushin.Context)

  229. type Context struct {

  230. 	echo.Context

  231. 	Server  *Server

  232. 	Session *Session // nil if user isn't logged in

  233. }

  234. 

  235. var aLongTimeAgo = time.Unix(233431200, 0)

  236. 

  237. // SetSession sets a cookie for the provided session. Passing a nil session

  238. // unsets the cookie.

  239. func (ctx *Context) SetSession(s *Session) {

  240. 	cookie := http.Cookie{

  241. 		Name:     cookieName,

  242. 		HttpOnly: true,

  243. 		// TODO: domain, secure

  244. 	}

  245. 	if s != nil {

  246. 		cookie.Value = s.token

  247. 	} else {

  248. 		cookie.Expires = aLongTimeAgo // unset the cookie

  249. 	}

  250. 	ctx.SetCookie(&cookie)

  251. }

  252. 

  253. func isPublic(path string) bool {

  254. 	if strings.HasPrefix(path, "/plugins/") {

  255. 		parts := strings.Split(path, "/")

  256. 		return len(parts) >= 4 && parts[3] == "assets"

  257. 	}

  258. 	return path == "/login" || strings.HasPrefix(path, "/themes/")

  259. }

  260. 

  261. func redirectToLogin(ctx *Context) error {

  262. 	path := ctx.Request().URL.Path

  263. 	to := "/login"

  264. 	if path != "/" && path != "/login" {

  265. 		to += "?next=" + url.QueryEscape(ctx.Request().URL.String())

  266. 	}

  267. 	return ctx.Redirect(http.StatusFound, to)

  268. }

  269. 

  270. func handleUnauthenticated(next echo.HandlerFunc, ctx *Context) error {

  271. 	// Require auth for all requests except /login and assets

  272. 	if isPublic(ctx.Request().URL.Path) {

  273. 		return next(ctx)

  274. 	} else {

  275. 		return redirectToLogin(ctx)

  276. 	}

  277. }

  278. 

  279. type Options struct {

  280. 	Upstreams []string

  281. 	Theme     string

  282. }

  283. 

  284. // New creates a new server.

  285. func New(e *echo.Echo, options *Options) (*Server, error) {

  286. 	s, err := newServer(e, options)

  287. 	if err != nil {

  288. 		return nil, err

  289. 	}

  290. 

  291. 	if err := s.load(); err != nil {

  292. 		return nil, err

  293. 	}

  294. 

  295. 	e.HTTPErrorHandler = func(err error, c echo.Context) {

  296. 		code := http.StatusInternalServerError

  297. 		if he, ok := err.(*echo.HTTPError); ok {

  298. 			code = he.Code

  299. 		} else {

  300. 			c.Logger().Error(err)

  301. 		}

  302. 		// TODO: hide internal errors

  303. 		c.String(code, err.Error())

  304. 	}

  305. 

  306. 	e.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {

  307. 		return func(ectx echo.Context) error {

  308. 			s.mutex.RLock()

  309. 			err := next(ectx)

  310. 			s.mutex.RUnlock()

  311. 			return err

  312. 		}

  313. 	})

  314. 

  315. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  316. 		return func(ectx echo.Context) error {

  317. 			// `style-src 'unsafe-inline'` is required for e-mails with

  318. 			// embedded stylesheets

  319. 			ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'")

  320. 			// DNS prefetching has privacy implications

  321. 			ectx.Response().Header().Set("X-DNS-Prefetch-Control", "off")

  322. 			return next(ectx)

  323. 		}

  324. 	})

  325. 

  326. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  327. 		return func(ectx echo.Context) error {

  328. 			ctx := &Context{Context: ectx, Server: s}

  329. 			ctx.Set("context", ctx)

  330. 

  331. 			cookie, err := ctx.Cookie(cookieName)

  332. 			if err == http.ErrNoCookie {

  333. 				return handleUnauthenticated(next, ctx)

  334. 			} else if err != nil {

  335. 				return err

  336. 			}

  337. 

  338. 			ctx.Session, err = ctx.Server.Sessions.get(cookie.Value)

  339. 			if err == errSessionExpired {

  340. 				ctx.SetSession(nil)

  341. 				return handleUnauthenticated(next, ctx)

  342. 			} else if err != nil {

  343. 				return err

  344. 			}

  345. 			ctx.Session.ping()

  346. 

  347. 			return next(ctx)

  348. 		}

  349. 	})

  350. 

  351. 	e.Static("/themes", "themes")

  352. 

  353. 	return s, nil

  354. }