loop
/
alps
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
A webmail client. Forked from https://git.sr.ht/~migadu/alps
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
137 Commits
1 Branch
708 KiB
 
 
 
 
Struktur: b58c15d121
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „b58c15d121“
${ noResults }
alps/server.go

359 Zeilen
8.1 KiB
Originalformat Blame Verlauf 

  1. package koushin

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/http"

  6. 	"net/url"

  7. 	"strings"

  8. 	"sync"

  9. 	"time"

  10. 

  11. 	"github.com/labstack/echo/v4"

  12. )

  13. 

  14. const cookieName = "koushin_session"

  15. 

  16. // Server holds all the koushin server state.

  17. type Server struct {

  18. 	e        *echo.Echo

  19. 	Sessions *SessionManager

  20. 

  21. 	mutex   sync.RWMutex // used for server reload

  22. 	plugins []Plugin

  23. 

  24. 	// maps protocols to URLs (protocol can be empty for auto-discovery)

  25. 	upstreams map[string]*url.URL

  26. 

  27. 	imap struct {

  28. 		host     string

  29. 		tls      bool

  30. 		insecure bool

  31. 	}

  32. 	smtp struct {

  33. 		host     string

  34. 		tls      bool

  35. 		insecure bool

  36. 	}

  37. 	defaultTheme string

  38. }

  39. 

  40. func newServer(e *echo.Echo, options *Options) (*Server, error) {

  41. 	s := &Server{e: e, defaultTheme: options.Theme}

  42. 

  43. 	s.upstreams = make(map[string]*url.URL, len(options.Upstreams))

  44. 	for _, upstream := range options.Upstreams {

  45. 		u, err := parseUpstream(upstream)

  46. 		if err != nil {

  47. 			return nil, fmt.Errorf("failed to parse upstream %q: %v", upstream, err)

  48. 		}

  49. 		if _, ok := s.upstreams[u.Scheme]; ok {

  50. 			return nil, fmt.Errorf("found two upstream servers for scheme %q", u.Scheme)

  51. 		}

  52. 		s.upstreams[u.Scheme] = u

  53. 	}

  54. 

  55. 	if err := s.parseIMAPUpstream(); err != nil {

  56. 		return nil, err

  57. 	}

  58. 	if err := s.parseSMTPUpstream(); err != nil {

  59. 		return nil, err

  60. 	}

  61. 

  62. 	s.Sessions = newSessionManager(s.dialIMAP, s.dialSMTP)

  63. 

  64. 	return s, nil

  65. }

  66. 

  67. func parseUpstream(s string) (*url.URL, error) {

  68. 	if !strings.ContainsAny(s, ":/") {

  69. 		// This is a raw domain name, make it an URL with an empty scheme

  70. 		s = "//" + s

  71. 	}

  72. 	return url.Parse(s)

  73. }

  74. 

  75. type NoUpstreamError struct {

  76. 	schemes []string

  77. }

  78. 

  79. func (err *NoUpstreamError) Error() string {

  80. 	return fmt.Sprintf("no upstream server configured for schemes %v", err.schemes)

  81. }

  82. 

  83. // Upstream retrieves the configured upstream server URL for the provided

  84. // schemes. If no configured upstream server matches, a *NoUpstreamError is

  85. // returned. An empty URL.Scheme means that the caller needs to perform

  86. // auto-discovery with URL.Host.

  87. func (s *Server) Upstream(schemes ...string) (*url.URL, error) {

  88. 	var urls []*url.URL

  89. 	for _, scheme := range append(schemes, "") {

  90. 		u, ok := s.upstreams[scheme]

  91. 		if ok {

  92. 			urls = append(urls, u)

  93. 		}

  94. 	}

  95. 	if len(urls) == 0 {

  96. 		return nil, &NoUpstreamError{schemes}

  97. 	}

  98. 	if len(urls) > 1 {

  99. 		return nil, fmt.Errorf("multiple upstream servers are configured for schemes %v", schemes)

  100. 	}

  101. 	return urls[0], nil

  102. }

  103. 

  104. func (s *Server) parseIMAPUpstream() error {

  105. 	u, err := s.Upstream("imap", "imaps", "imap+insecure")

  106. 	if err != nil {

  107. 		return fmt.Errorf("failed to parse upstream IMAP server: %v", err)

  108. 	}

  109. 

  110. 	if u.Scheme == "" {

  111. 		u, err = discoverIMAP(u.Host)

  112. 		if err != nil {

  113. 			return fmt.Errorf("failed to discover IMAP server: %v", err)

  114. 		}

  115. 	}

  116. 

  117. 	s.imap.host = u.Host

  118. 	switch u.Scheme {

  119. 	case "imap":

  120. 		// This space is intentionally left blank

  121. 	case "imaps":

  122. 		s.imap.tls = true

  123. 	case "imap+insecure":

  124. 		s.imap.insecure = true

  125. 	default:

  126. 		panic("unreachable")

  127. 	}

  128. 

  129. 	c, err := s.dialIMAP()

  130. 	if err != nil {

  131. 		return fmt.Errorf("failed to connect to IMAP server: %v", err)

  132. 	}

  133. 	c.Close()

  134. 

  135. 	s.e.Logger.Printf("Configured upstream IMAP server: %v", u)

  136. 	return nil

  137. }

  138. 

  139. func (s *Server) parseSMTPUpstream() error {

  140. 	u, err := s.Upstream("smtp", "smtps", "smtp+insecure")

  141. 	if _, ok := err.(*NoUpstreamError); ok {

  142. 		return nil

  143. 	} else if err != nil {

  144. 		return fmt.Errorf("failed to parse upstream SMTP server: %v", err)

  145. 	}

  146. 

  147. 	if u.Scheme == "" {

  148. 		u, err = discoverSMTP(u.Host)

  149. 		if err != nil {

  150. 			s.e.Logger.Printf("Failed to discover SMTP server: %v", err)

  151. 			return nil

  152. 		}

  153. 	}

  154. 

  155. 	s.smtp.host = u.Host

  156. 	switch u.Scheme {

  157. 	case "smtp":

  158. 		// This space is intentionally left blank

  159. 	case "smtps":

  160. 		s.smtp.tls = true

  161. 	case "smtp+insecure":

  162. 		s.smtp.insecure = true

  163. 	default:

  164. 		panic("unreachable")

  165. 	}

  166. 

  167. 	c, err := s.dialSMTP()

  168. 	if err != nil {

  169. 		return fmt.Errorf("failed to connect to SMTP server: %v", err)

  170. 	}

  171. 	c.Close()

  172. 

  173. 	s.e.Logger.Printf("Configured upstream SMTP server: %v", u)

  174. 	return nil

  175. }

  176. 

  177. func (s *Server) load() error {

  178. 	var plugins []Plugin

  179. 	for _, load := range pluginLoaders {

  180. 		l, err := load(s)

  181. 		if err != nil {

  182. 			return fmt.Errorf("failed to load plugins: %v", err)

  183. 		}

  184. 		for _, p := range l {

  185. 			s.e.Logger.Printf("Loaded plugin %q", p.Name())

  186. 		}

  187. 		plugins = append(plugins, l...)

  188. 	}

  189. 

  190. 	renderer := newRenderer(s.e.Logger, s.defaultTheme)

  191. 	if err := renderer.Load(plugins); err != nil {

  192. 		return fmt.Errorf("failed to load templates: %v", err)

  193. 	}

  194. 

  195. 	// Once we've loaded plugins and templates from disk (which can take time),

  196. 	// swap them in the Server struct

  197. 	s.mutex.Lock()

  198. 	defer s.mutex.Unlock()

  199. 

  200. 	// Close previous plugins

  201. 	for _, p := range s.plugins {

  202. 		if err := p.Close(); err != nil {

  203. 			s.e.Logger.Printf("Failed to unload plugin %q: %v", p.Name(), err)

  204. 		}

  205. 	}

  206. 

  207. 	s.plugins = plugins

  208. 	s.e.Renderer = renderer

  209. 

  210. 	for _, p := range plugins {

  211. 		p.SetRoutes(s.e.Group(""))

  212. 	}

  213. 

  214. 	return nil

  215. }

  216. 

  217. // Reload loads Lua plugins and templates from disk.

  218. func (s *Server) Reload() error {

  219. 	s.e.Logger.Printf("Reloading server")

  220. 	return s.load()

  221. }

  222. 

  223. // Logger returns this server's logger.

  224. func (s *Server) Logger() echo.Logger {

  225. 	return s.e.Logger

  226. }

  227. 

  228. // Context is the context used by HTTP handlers.

  229. //

  230. // Use a type assertion to get it from a echo.Context:

  231. //

  232. //     ctx := ectx.(*koushin.Context)

  233. type Context struct {

  234. 	echo.Context

  235. 	Server  *Server

  236. 	Session *Session // nil if user isn't logged in

  237. }

  238. 

  239. var aLongTimeAgo = time.Unix(233431200, 0)

  240. 

  241. // SetSession sets a cookie for the provided session. Passing a nil session

  242. // unsets the cookie.

  243. func (ctx *Context) SetSession(s *Session) {

  244. 	cookie := http.Cookie{

  245. 		Name:     cookieName,

  246. 		HttpOnly: true,

  247. 		// TODO: domain, secure

  248. 	}

  249. 	if s != nil {

  250. 		cookie.Value = s.token

  251. 	} else {

  252. 		cookie.Expires = aLongTimeAgo // unset the cookie

  253. 	}

  254. 	ctx.SetCookie(&cookie)

  255. }

  256. 

  257. func isPublic(path string) bool {

  258. 	if strings.HasPrefix(path, "/plugins/") {

  259. 		parts := strings.Split(path, "/")

  260. 		return len(parts) >= 4 && parts[3] == "assets"

  261. 	}

  262. 	return path == "/login" || strings.HasPrefix(path, "/themes/")

  263. }

  264. 

  265. func redirectToLogin(ctx *Context) error {

  266. 	path := ctx.Request().URL.Path

  267. 	to := "/login"

  268. 	if path != "/" && path != "/login" {

  269. 		to += "?next=" + url.QueryEscape(ctx.Request().URL.String())

  270. 	}

  271. 	return ctx.Redirect(http.StatusFound, to)

  272. }

  273. 

  274. func handleUnauthenticated(next echo.HandlerFunc, ctx *Context) error {

  275. 	// Require auth for all requests except /login and assets

  276. 	if isPublic(ctx.Request().URL.Path) {

  277. 		return next(ctx)

  278. 	} else {

  279. 		return redirectToLogin(ctx)

  280. 	}

  281. }

  282. 

  283. type Options struct {

  284. 	Upstreams []string

  285. 	Theme     string

  286. }

  287. 

  288. // New creates a new server.

  289. func New(e *echo.Echo, options *Options) (*Server, error) {

  290. 	s, err := newServer(e, options)

  291. 	if err != nil {

  292. 		return nil, err

  293. 	}

  294. 

  295. 	if err := s.load(); err != nil {

  296. 		return nil, err

  297. 	}

  298. 

  299. 	e.HTTPErrorHandler = func(err error, c echo.Context) {

  300. 		code := http.StatusInternalServerError

  301. 		if he, ok := err.(*echo.HTTPError); ok {

  302. 			code = he.Code

  303. 		} else {

  304. 			c.Logger().Error(err)

  305. 		}

  306. 		// TODO: hide internal errors

  307. 		c.String(code, err.Error())

  308. 	}

  309. 

  310. 	e.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {

  311. 		return func(ectx echo.Context) error {

  312. 			s.mutex.RLock()

  313. 			err := next(ectx)

  314. 			s.mutex.RUnlock()

  315. 			return err

  316. 		}

  317. 	})

  318. 

  319. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  320. 		return func(ectx echo.Context) error {

  321. 			// `style-src 'unsafe-inline'` is required for e-mails with

  322. 			// embedded stylesheets

  323. 			ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'")

  324. 			// DNS prefetching has privacy implications

  325. 			ectx.Response().Header().Set("X-DNS-Prefetch-Control", "off")

  326. 			return next(ectx)

  327. 		}

  328. 	})

  329. 

  330. 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {

  331. 		return func(ectx echo.Context) error {

  332. 			ctx := &Context{Context: ectx, Server: s}

  333. 			ctx.Set("context", ctx)

  334. 

  335. 			cookie, err := ctx.Cookie(cookieName)

  336. 			if err == http.ErrNoCookie {

  337. 				return handleUnauthenticated(next, ctx)

  338. 			} else if err != nil {

  339. 				return err

  340. 			}

  341. 

  342. 			ctx.Session, err = ctx.Server.Sessions.get(cookie.Value)

  343. 			if err == errSessionExpired {

  344. 				ctx.SetSession(nil)

  345. 				return handleUnauthenticated(next, ctx)

  346. 			} else if err != nil {

  347. 				return err

  348. 			}

  349. 			ctx.Session.ping()

  350. 

  351. 			return next(ctx)

  352. 		}

  353. 	})

  354. 

  355. 	e.Static("/themes", "themes")

  356. 

  357. 	return s, nil

  358. }