loop
/
alps
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A webmail client. Forked from https://git.sr.ht/~migadu/alps
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 Commits
1 Branch
708 KiB
 
 
 
 
Tree: 8b10324ab6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8b10324ab6'
${ noResults }
alps/session.go

257 lines
5.4 KiB
Raw Blame History 

  1. package koushin

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"encoding/base64"

  6. 	"errors"

  7. 	"fmt"

  8. 	"net/http"

  9. 	"sync"

  10. 	"time"

  11. 

  12. 	imapclient "github.com/emersion/go-imap/client"

  13. 	"github.com/emersion/go-sasl"

  14. 	"github.com/emersion/go-smtp"

  15. )

  16. 

  17. // TODO: make this configurable

  18. const sessionDuration = 30 * time.Minute

  19. 

  20. func generateToken() (string, error) {

  21. 	b := make([]byte, 32)

  22. 	_, err := rand.Read(b)

  23. 	if err != nil {

  24. 		return "", err

  25. 	}

  26. 	return base64.URLEncoding.EncodeToString(b), nil

  27. }

  28. 

  29. var errSessionExpired = errors.New("session expired")

  30. 

  31. // AuthError wraps an authentication error.

  32. type AuthError struct {

  33. 	cause error

  34. }

  35. 

  36. func (err AuthError) Error() string {

  37. 	return fmt.Sprintf("authentication failed: %v", err.cause)

  38. }

  39. 

  40. // Session is an active user session. It may also hold an IMAP connection.

  41. //

  42. // The session's password is not available to plugins. Plugins should use the

  43. // session helpers to authenticate outgoing connections, for instance DoSMTP.

  44. type Session struct {

  45. 	manager            *SessionManager

  46. 	username, password string

  47. 	token              string

  48. 	closed             chan struct{}

  49. 	pings              chan struct{}

  50. 	timer              *time.Timer

  51. 

  52. 	locker   sync.Mutex

  53. 	imapConn *imapclient.Client // protected by locker, can be nil

  54. }

  55. 

  56. func (s *Session) ping() {

  57. 	s.pings <- struct{}{}

  58. }

  59. 

  60. // Username returns the session's username.

  61. func (s *Session) Username() string {

  62. 	return s.username

  63. }

  64. 

  65. // DoIMAP executes an IMAP operation on this session. The IMAP client can only

  66. // be used from inside f.

  67. func (s *Session) DoIMAP(f func(*imapclient.Client) error) error {

  68. 	s.locker.Lock()

  69. 	defer s.locker.Unlock()

  70. 

  71. 	if s.imapConn == nil {

  72. 		var err error

  73. 		s.imapConn, err = s.manager.connect(s.username, s.password)

  74. 		if err != nil {

  75. 			s.Close()

  76. 			return fmt.Errorf("failed to re-connect to IMAP server: %v", err)

  77. 		}

  78. 	}

  79. 

  80. 	return f(s.imapConn)

  81. }

  82. 

  83. // DoSMTP executes an SMTP operation on this session. The SMTP client can only

  84. // be used from inside f.

  85. func (s *Session) DoSMTP(f func(*smtp.Client) error) error {

  86. 	c, err := s.manager.dialSMTP()

  87. 	if err != nil {

  88. 		return err

  89. 	}

  90. 	defer c.Close()

  91. 

  92. 	auth := sasl.NewPlainClient("", s.username, s.password)

  93. 	if err := c.Auth(auth); err != nil {

  94. 		return AuthError{err}

  95. 	}

  96. 

  97. 	if err := f(c); err != nil {

  98. 		return err

  99. 	}

  100. 

  101. 	if err := c.Quit(); err != nil {

  102. 		return fmt.Errorf("QUIT failed: %v", err)

  103. 	}

  104. 

  105. 	return nil

  106. }

  107. 

  108. // SetHTTPBasicAuth adds an Authorization header field to the request with

  109. // this session's credentials.

  110. func (s *Session) SetHTTPBasicAuth(req *http.Request) {

  111. 	// TODO: find a way to make it harder for plugins to steal credentials

  112. 	req.SetBasicAuth(s.username, s.password)

  113. }

  114. 

  115. // Close destroys the session. This can be used to log the user out.

  116. func (s *Session) Close() {

  117. 	select {

  118. 	case <-s.closed:

  119. 		// This space is intentionally left blank

  120. 	default:

  121. 		close(s.closed)

  122. 	}

  123. }

  124. 

  125. type (

  126. 	// DialIMAPFunc connects to the upstream IMAP server.

  127. 	DialIMAPFunc func() (*imapclient.Client, error)

  128. 	// DialSMTPFunc connects to the upstream SMTP server.

  129. 	DialSMTPFunc func() (*smtp.Client, error)

  130. )

  131. 

  132. // SessionManager keeps track of active sessions. It connects and re-connects

  133. // to the upstream IMAP server as necessary. It prunes expired sessions.

  134. type SessionManager struct {

  135. 	dialIMAP DialIMAPFunc

  136. 	dialSMTP DialSMTPFunc

  137. 

  138. 	locker   sync.Mutex

  139. 	sessions map[string]*Session // protected by locker

  140. }

  141. 

  142. func newSessionManager(dialIMAP DialIMAPFunc, dialSMTP DialSMTPFunc) *SessionManager {

  143. 	return &SessionManager{

  144. 		sessions: make(map[string]*Session),

  145. 		dialIMAP: dialIMAP,

  146. 		dialSMTP: dialSMTP,

  147. 	}

  148. }

  149. 

  150. func (sm *SessionManager) connect(username, password string) (*imapclient.Client, error) {

  151. 	c, err := sm.dialIMAP()

  152. 	if err != nil {

  153. 		return nil, err

  154. 	}

  155. 

  156. 	if err := c.Login(username, password); err != nil {

  157. 		c.Logout()

  158. 		return nil, AuthError{err}

  159. 	}

  160. 

  161. 	return c, nil

  162. }

  163. 

  164. func (sm *SessionManager) get(token string) (*Session, error) {

  165. 	sm.locker.Lock()

  166. 	defer sm.locker.Unlock()

  167. 

  168. 	session, ok := sm.sessions[token]

  169. 	if !ok {

  170. 		return nil, errSessionExpired

  171. 	}

  172. 	return session, nil

  173. }

  174. 

  175. // Put connects to the IMAP server and creates a new session. If authentication

  176. // fails, the error will be of type AuthError.

  177. func (sm *SessionManager) Put(username, password string) (*Session, error) {

  178. 	c, err := sm.connect(username, password)

  179. 	if err != nil {

  180. 		return nil, err

  181. 	}

  182. 

  183. 	sm.locker.Lock()

  184. 	defer sm.locker.Unlock()

  185. 

  186. 	var token string

  187. 	for {

  188. 		var err error

  189. 		token, err = generateToken()

  190. 		if err != nil {

  191. 			c.Logout()

  192. 			return nil, err

  193. 		}

  194. 

  195. 		if _, ok := sm.sessions[token]; !ok {

  196. 			break

  197. 		}

  198. 	}

  199. 

  200. 	s := &Session{

  201. 		manager:  sm,

  202. 		closed:   make(chan struct{}),

  203. 		pings:    make(chan struct{}, 5),

  204. 		imapConn: c,

  205. 		username: username,

  206. 		password: password,

  207. 		token:    token,

  208. 	}

  209. 	sm.sessions[token] = s

  210. 

  211. 	go func() {

  212. 		timer := time.NewTimer(sessionDuration)

  213. 

  214. 		alive := true

  215. 		for alive {

  216. 			var loggedOut <-chan struct{}

  217. 			s.locker.Lock()

  218. 			if s.imapConn != nil {

  219. 				loggedOut = s.imapConn.LoggedOut()

  220. 			}

  221. 			s.locker.Unlock()

  222. 

  223. 			select {

  224. 			case <-loggedOut:

  225. 				s.locker.Lock()

  226. 				s.imapConn = nil

  227. 				s.locker.Unlock()

  228. 			case <-s.pings:

  229. 				if !timer.Stop() {

  230. 					<-timer.C

  231. 				}

  232. 				timer.Reset(sessionDuration)

  233. 			case <-timer.C:

  234. 				alive = false

  235. 			case <-s.closed:

  236. 				alive = false

  237. 			}

  238. 		}

  239. 

  240. 		if !timer.Stop() {

  241. 			<-timer.C

  242. 		}

  243. 

  244. 		s.locker.Lock()

  245. 		if s.imapConn != nil {

  246. 			s.imapConn.Logout()

  247. 		}

  248. 		s.locker.Unlock()

  249. 

  250. 		sm.locker.Lock()

  251. 		delete(sm.sessions, token)

  252. 		sm.locker.Unlock()

  253. 	}()

  254. 

  255. 	return s, nil

  256. }