1// Package webaccount provides a web app for users to view and change their account

2// settings, and to import/export email.

3package webaccount

4

5import (

6 "bytes"

7 "context"

8 cryptorand "crypto/rand"

9 "encoding/base64"

10 "encoding/json"

11 "encoding/pem"

12 "errors"

13 "fmt"

14 "io"

15 "log/slog"

16 "maps"

17 "net/http"

18 "net/url"

19 "os"

20 "path/filepath"

21 "runtime"

22 "strings"

23 "time"

24

25 _ "embed"

26

27 "github.com/mjl-/bstore"

28 "github.com/mjl-/sherpa"

29 "github.com/mjl-/sherpadoc"

30 "github.com/mjl-/sherpaprom"

31

32 "github.com/mjl-/mox/admin"

33 "github.com/mjl-/mox/config"

34 "github.com/mjl-/mox/mlog"

35 "github.com/mjl-/mox/mox-"

36 "github.com/mjl-/mox/moxvar"

37 "github.com/mjl-/mox/queue"

38 "github.com/mjl-/mox/smtp"

39 "github.com/mjl-/mox/store"

40 "github.com/mjl-/mox/webapi"

41 "github.com/mjl-/mox/webauth"

42 "github.com/mjl-/mox/webhook"

43 "github.com/mjl-/mox/webops"

44)

45

46var pkglog = mlog.New("webaccount", nil)

47

48//go:embed api.json

49var accountapiJSON []byte

50

51//go:embed account.html

52var accountHTML []byte

53

54//go:embed account.js

55var accountJS []byte

56

57var webaccountFile = &mox.WebappFile{

58 HTML: accountHTML,

59 JS: accountJS,

60 HTMLPath: filepath.FromSlash("webaccount/account.html"),

61 JSPath: filepath.FromSlash("webaccount/account.js"),

62 CustomStem: "webaccount",

63}

64

65var accountDoc = mustParseAPI("account", accountapiJSON)

66

67func mustParseAPI(api string, buf []byte) (doc sherpadoc.Section) {

68 err := json.Unmarshal(buf, &doc)

69 if err != nil {

70 pkglog.Fatalx("parsing webaccount api docs", err, slog.String("api", api))

71 }

72 return doc

73}

74

75var sherpaHandlerOpts *sherpa.HandlerOpts

76

77func makeSherpaHandler(cookiePath string, isForwarded bool) (http.Handler, error) {

78 return sherpa.NewHandler("/api/", moxvar.Version, Account{cookiePath, isForwarded}, &accountDoc, sherpaHandlerOpts)

79}

80

81func init() {

82 collector, err := sherpaprom.NewCollector("moxaccount", nil)

83 if err != nil {

84 pkglog.Fatalx("creating sherpa prometheus collector", err)

85 }

86

87 sherpaHandlerOpts = &sherpa.HandlerOpts{Collector: collector, AdjustFunctionNames: "none", NoCORS: true}

88 // Just to validate.

89 _, err = makeSherpaHandler("", false)

90 if err != nil {

91 pkglog.Fatalx("sherpa handler", err)

92 }

93

94 mox.NewWebaccountHandler = func(basePath string, isForwarded bool) http.Handler {

95 return http.HandlerFunc(Handler(basePath, isForwarded))

96 }

97}

98

99// Handler returns a handler for the webaccount endpoints, customized for the

100// cookiePath.

101func Handler(cookiePath string, isForwarded bool) func(w http.ResponseWriter, r *http.Request) {

102 sh, err := makeSherpaHandler(cookiePath, isForwarded)

103 return func(w http.ResponseWriter, r *http.Request) {

104 if err != nil {

105 http.Error(w, "500 - internal server error - cannot handle requests", http.StatusInternalServerError)

106 return

107 }

108 handle(sh, isForwarded, w, r)

109 }

110}

111

112func xcheckf(ctx context.Context, err error, format string, args ...any) {

113 if err == nil {

114 return

115 }

116 // If caller tried saving a config that is invalid, or because of a bad request, cause a user error.

117 if errors.Is(err, mox.ErrConfig) || errors.Is(err, admin.ErrRequest) {

118 xcheckuserf(ctx, err, format, args...)

119 }

120

121 msg := fmt.Sprintf(format, args...)

122 errmsg := fmt.Sprintf("%s: %s", msg, err)

123 pkglog.WithContext(ctx).Errorx(msg, err)

124 code := "server:error"

125 if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {

126 code = "user:error"

127 }

128 panic(&sherpa.Error{Code: code, Message: errmsg})

129}

130

131func xcheckuserf(ctx context.Context, err error, format string, args ...any) {

132 if err == nil {

133 return

134 }

135 msg := fmt.Sprintf(format, args...)

136 errmsg := fmt.Sprintf("%s: %s", msg, err)

137 pkglog.WithContext(ctx).Errorx(msg, err)

138 panic(&sherpa.Error{Code: "user:error", Message: errmsg})

139}

140

141// Account exports web API functions for the account web interface. All its

142// methods are exported under api/. Function calls require valid HTTP

143// Authentication credentials of a user.

144type Account struct {

145 cookiePath string // From listener, for setting authentication cookies.

146 isForwarded bool // From listener, whether we look at X-Forwarded-* headers.

147}

148

149func handle(apiHandler http.Handler, isForwarded bool, w http.ResponseWriter, r *http.Request) {

150 ctx := context.WithValue(r.Context(), mlog.CidKey, mox.Cid())

151 log := pkglog.WithContext(ctx).With(slog.String("userauth", ""))

152

153 // Without authentication. The token is unguessable.

154 if r.URL.Path == "/importprogress" {

155 if r.Method != "GET" {

156 http.Error(w, "405 - method not allowed - get required", http.StatusMethodNotAllowed)

157 return

158 }

159

160 q := r.URL.Query()

161 token := q.Get("token")

162 if token == "" {

163 http.Error(w, "400 - bad request - missing token", http.StatusBadRequest)

164 return

165 }

166

167 flusher, ok := w.(http.Flusher)

168 if !ok {

169 log.Error("internal error: ResponseWriter not a http.Flusher")

170 http.Error(w, "500 - internal error - cannot access underlying connection", 500)

171 return

172 }

173

174 l := importListener{token, make(chan importEvent, 100), make(chan bool, 1)}

175 importers.Register <- &l

176 ok = <-l.Register

177 if !ok {

178 http.Error(w, "400 - bad request - unknown token, import may have finished more than a minute ago", http.StatusBadRequest)

179 return

180 }

181 defer func() {

182 importers.Unregister <- &l

183 }()

184

185 h := w.Header()

186 h.Set("Content-Type", "text/event-stream")

187 h.Set("Cache-Control", "no-cache")

188 _, err := w.Write([]byte(": keepalive\n\n"))

189 if err != nil {

190 return

191 }

192 flusher.Flush()

193

194 cctx := r.Context()

195 for {

196 select {

197 case e := <-l.Events:

198 _, err := w.Write(e.SSEMsg)

199 flusher.Flush()

200 if err != nil {

201 return

202 }

203

204 case <-cctx.Done():

205 return

206 }

207 }

208 }

209

210 // HTML/JS can be retrieved without authentication.

211 if r.URL.Path == "/" {

212 switch r.Method {

213 case "GET", "HEAD":

214 webaccountFile.Serve(ctx, log, w, r)

215 default:

216 http.Error(w, "405 - method not allowed - use get", http.StatusMethodNotAllowed)

217 }

218 return

219 } else if r.URL.Path == "/licenses.txt" {

220 switch r.Method {

221 case "GET", "HEAD":

222 mox.LicensesWrite(w)

223 default:

224 http.Error(w, "405 - method not allowed - use get", http.StatusMethodNotAllowed)

225 }

226 return

227 }

228

229 isAPI := strings.HasPrefix(r.URL.Path, "/api/")

230 // Only allow POST for calls, they will not work cross-domain without CORS.

231 if isAPI && r.URL.Path != "/api/" && r.Method != "POST" {

232 http.Error(w, "405 - method not allowed - use post", http.StatusMethodNotAllowed)

233 return

234 }

235

236 var loginAddress, accName string

237 var sessionToken store.SessionToken

238 // All other URLs, except the login endpoint require some authentication.

239 if r.URL.Path != "/api/LoginPrep" && r.URL.Path != "/api/Login" {

240 var ok bool

241 isExport := r.URL.Path == "/export"

242 requireCSRF := isAPI || r.URL.Path == "/import" || isExport

243 accName, sessionToken, loginAddress, ok = webauth.Check(ctx, log, webauth.Accounts, "webaccount", isForwarded, w, r, isAPI, requireCSRF, isExport)

244 if !ok {

245 // Response has been written already.

246 return

247 }

248 }

249

250 if isAPI {

251 reqInfo := requestInfo{loginAddress, accName, sessionToken, w, r}

252 ctx = context.WithValue(ctx, requestInfoCtxKey, reqInfo)

253 apiHandler.ServeHTTP(w, r.WithContext(ctx))

254 return

255 }

256

257 switch r.URL.Path {

258 case "/export":

259 webops.Export(log, accName, w, r)

260

261 case "/import":

262 if r.Method != "POST" {

263 http.Error(w, "405 - method not allowed - post required", http.StatusMethodNotAllowed)

264 return

265 }

266

267 f, _, err := r.FormFile("file")

268 if err != nil {

269 if errors.Is(err, http.ErrMissingFile) {

270 http.Error(w, "400 - bad request - missing file", http.StatusBadRequest)

271 } else {

272 http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)

273 }

274 return

275 }

276 defer func() {

277 err := f.Close()

278 log.Check(err, "closing form file")

279 }()

280 skipMailboxPrefix := r.FormValue("skipMailboxPrefix")

281 tmpf, err := os.CreateTemp("", "mox-import")

282 if err != nil {

283 http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)

284 return

285 }

286 defer func() {

287 if tmpf != nil {

288 store.CloseRemoveTempFile(log, tmpf, "upload")

289 }

290 }()

291 if _, err := io.Copy(tmpf, f); err != nil {

292 log.Errorx("copying import to temporary file", err)

293 http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)

294 return

295 }

296 token, isUserError, err := importStart(log, accName, tmpf, skipMailboxPrefix)

297 if err != nil {

298 log.Errorx("starting import", err, slog.Bool("usererror", isUserError))

299 if isUserError {

300 http.Error(w, "400 - bad request - "+err.Error(), http.StatusBadRequest)

301 } else {

302 http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)

303 }

304 return

305 }

306 tmpf = nil // importStart is now responsible for cleanup.

307

308 w.Header().Set("Content-Type", "application/json")

309 _ = json.NewEncoder(w).Encode(ImportProgress{Token: token})

310

311 default:

312 http.NotFound(w, r)

313 }

314}

315

316// ImportProgress is returned after uploading a file to import.

317type ImportProgress struct {

318 // For fetching progress, or cancelling an import.

319 Token string

320}

321

322type ctxKey string

323

324var requestInfoCtxKey ctxKey = "requestInfo"

325

326type requestInfo struct {

327 LoginAddress string

328 AccountName string

329 SessionToken store.SessionToken

330 Response http.ResponseWriter

331 Request *http.Request // For Proto and TLS connection state during message submit.

332}

333

334// LoginPrep returns a login token, and also sets it as cookie. Both must be

335// present in the call to Login.

336func (w Account) LoginPrep(ctx context.Context) string {

337 log := pkglog.WithContext(ctx)

338 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

339

340 var data [8]byte

341 cryptorand.Read(data[:])

342 loginToken := base64.RawURLEncoding.EncodeToString(data[:])

343

344 webauth.LoginPrep(ctx, log, "webaccount", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken)

345

346 return loginToken

347}

348

349// Login returns a session token for the credentials, or fails with error code

350// "user:badLogin". Call LoginPrep to get a loginToken.

351func (w Account) Login(ctx context.Context, loginToken, username, password string) store.CSRFToken {

352 log := pkglog.WithContext(ctx)

353 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

354

355 csrfToken, err := webauth.Login(ctx, log, webauth.Accounts, "webaccount", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, loginToken, username, password)

356 if _, ok := err.(*sherpa.Error); ok {

357 panic(err)

358 }

359 xcheckf(ctx, err, "login")

360 return csrfToken

361}

362

363// Logout invalidates the session token.

364func (w Account) Logout(ctx context.Context) {

365 log := pkglog.WithContext(ctx)

366 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

367

368 err := webauth.Logout(ctx, log, webauth.Accounts, "webaccount", w.cookiePath, w.isForwarded, reqInfo.Response, reqInfo.Request, reqInfo.AccountName, reqInfo.SessionToken)

369 xcheckf(ctx, err, "logout")

370}

371

372// Version returns the version, goos and goarch.

373func (Account) Version(ctx context.Context) (version, goos, goarch string) {

374 return moxvar.Version, runtime.GOOS, runtime.GOARCH

375}

376

377// SetPassword saves a new password for the account, invalidating the previous

378// password.

379//

380// Sessions are not interrupted, and will keep working. New login attempts must use

381// the new password.

382//

383// Password must be at least 8 characters.

384//

385// Setting a user-supplied password is not allowed if NoCustomPassword is set

386// for the account.

387func (Account) SetPassword(ctx context.Context, password string) {

388 log := pkglog.WithContext(ctx)

389 if len(password) < 8 {

390 panic(&sherpa.Error{Code: "user:error", Message: "password must be at least 8 characters"})

391 }

392

393 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

394 acc, err := store.OpenAccount(log, reqInfo.AccountName, false)

395 xcheckf(ctx, err, "open account")

396 defer func() {

397 err := acc.Close()

398 log.Check(err, "closing account")

399 }()

400

401 accConf, _ := acc.Conf()

402 if accConf.NoCustomPassword {

403 xcheckuserf(ctx, errors.New("custom password not allowed"), "setting password")

404 }

405

406 // Retrieve session, resetting password invalidates it.

407 ls, err := store.SessionUse(ctx, log, reqInfo.AccountName, reqInfo.SessionToken, "")

408 xcheckf(ctx, err, "get session")

409

410 err = acc.SetPassword(log, password)

411 xcheckf(ctx, err, "setting password")

412

413 // Session has been invalidated. Add it again.

414 err = store.SessionAddToken(ctx, log, &ls)

415 xcheckf(ctx, err, "restoring session after password reset")

416}

417

418// GeneratePassword sets a new randomly generated password for the current account.

419// Sessions are not interrupted, and will keep working.

420func (Account) GeneratePassword(ctx context.Context) (password string) {

421 log := pkglog.WithContext(ctx)

422

423 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

424 acc, err := store.OpenAccount(log, reqInfo.AccountName, false)

425 xcheckf(ctx, err, "open account")

426 defer func() {

427 err := acc.Close()

428 log.Check(err, "closing account")

429 }()

430

431 password = mox.GeneratePassword()

432

433 // Retrieve session, resetting password invalidates it.

434 ls, err := store.SessionUse(ctx, log, reqInfo.AccountName, reqInfo.SessionToken, "")

435 xcheckf(ctx, err, "get session")

436

437 err = acc.SetPassword(log, password)

438 xcheckf(ctx, err, "setting password")

439

440 // Session has been invalidated. Add it again.

441 err = store.SessionAddToken(ctx, log, &ls)

442 xcheckf(ctx, err, "restoring session after password reset")

443

444 return

445}

446

447// Account returns information about the account.

448// StorageUsed is the sum of the sizes of all messages, in bytes.

449// StorageLimit is the maximum storage that can be used, or 0 if there is no limit.

450func (Account) Account(ctx context.Context) (account config.Account, storageUsed, storageLimit int64, suppressions []webapi.Suppression) {

451 log := pkglog.WithContext(ctx)

452 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

453

454 acc, err := store.OpenAccount(log, reqInfo.AccountName, false)

455 xcheckf(ctx, err, "open account")

456 defer func() {

457 err := acc.Close()

458 log.Check(err, "closing account")

459 }()

460

461 var accConf config.Account

462 acc.WithRLock(func() {

463 accConf, _ = acc.Conf()

464

465 storageLimit = acc.QuotaMessageSize()

466 err := acc.DB.Read(ctx, func(tx *bstore.Tx) error {

467 du := store.DiskUsage{ID: 1}

468 err := tx.Get(&du)

469 storageUsed = du.MessageSize

470 return err

471 })

472 xcheckf(ctx, err, "get disk usage")

473 })

474

475 suppressions, err = queue.SuppressionList(ctx, reqInfo.AccountName)

476 xcheckf(ctx, err, "list suppressions")

477

478 return accConf, storageUsed, storageLimit, suppressions

479}

480

481// AccountSaveFullName saves the full name (used as display name in email messages)

482// for the account.

483func (Account) AccountSaveFullName(ctx context.Context, fullName string) {

484 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

485 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

486 acc.FullName = fullName

487 })

488 xcheckf(ctx, err, "saving account full name")

489}

490

491// DestinationSave updates a destination.

492// OldDest is compared against the current destination. If it does not match, an

493// error is returned. Otherwise newDest is saved and the configuration reloaded.

494func (Account) DestinationSave(ctx context.Context, destName string, oldDest, newDest config.Destination) {

495 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

496

497 err := admin.AccountSave(ctx, reqInfo.AccountName, func(conf *config.Account) {

498 curDest, ok := conf.Destinations[destName]

499 if !ok {

500 xcheckuserf(ctx, errors.New("not found"), "looking up destination")

501 }

502 if !curDest.Equal(oldDest) {

503 xcheckuserf(ctx, errors.New("modified"), "checking stored destination")

504 }

505

506 // Keep fields we manage.

507 newDest.DMARCReports = curDest.DMARCReports

508 newDest.HostTLSReports = curDest.HostTLSReports

509 newDest.DomainTLSReports = curDest.DomainTLSReports

510

511 // Make copy of reference values.

512 nd := map[string]config.Destination{}

513 maps.Copy(nd, conf.Destinations)

514 nd[destName] = newDest

515 conf.Destinations = nd

516 })

517 xcheckf(ctx, err, "saving destination")

518}

519

520// ImportAbort aborts an import that is in progress. If the import exists and isn't

521// finished, no changes will have been made by the import.

522func (Account) ImportAbort(ctx context.Context, importToken string) error {

523 req := importAbortRequest{importToken, make(chan error)}

524 importers.Abort <- req

525 return <-req.Response

526}

527

528// Types exposes types not used in API method signatures, such as the import form upload.

529func (Account) Types() (importProgress ImportProgress) {

530 return

531}

532

533// SuppressionList lists the addresses on the suppression list of this account.

534func (Account) SuppressionList(ctx context.Context) (suppressions []webapi.Suppression) {

535 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

536 l, err := queue.SuppressionList(ctx, reqInfo.AccountName)

537 xcheckf(ctx, err, "list suppressions")

538 return l

539}

540

541// SuppressionAdd adds an email address to the suppression list.

542func (Account) SuppressionAdd(ctx context.Context, address string, manual bool, reason string) (suppression webapi.Suppression) {

543 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

544 addr, err := smtp.ParseAddress(address)

545 xcheckuserf(ctx, err, "parsing address")

546 sup := webapi.Suppression{

547 Account: reqInfo.AccountName,

548 Manual: manual,

549 Reason: reason,

550 }

551 err = queue.SuppressionAdd(ctx, addr.Path(), &sup)

552 if err != nil && errors.Is(err, bstore.ErrUnique) {

553 xcheckuserf(ctx, err, "add suppression")

554 }

555 xcheckf(ctx, err, "add suppression")

556 return sup

557}

558

559// SuppressionRemove removes the email address from the suppression list.

560func (Account) SuppressionRemove(ctx context.Context, address string) {

561 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

562 addr, err := smtp.ParseAddress(address)

563 xcheckuserf(ctx, err, "parsing address")

564 err = queue.SuppressionRemove(ctx, reqInfo.AccountName, addr.Path())

565 if err != nil && err == bstore.ErrAbsent {

566 xcheckuserf(ctx, err, "remove suppression")

567 }

568 xcheckf(ctx, err, "remove suppression")

569}

570

571// OutgoingWebhookSave saves a new webhook url for outgoing deliveries. If url

572// is empty, the webhook is disabled. If authorization is non-empty it is used for

573// the Authorization header in HTTP requests. Events specifies the outgoing events

574// to be delivered, or all if empty/nil.

575func (Account) OutgoingWebhookSave(ctx context.Context, url, authorization string, events []string) {

576 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

577 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

578 if url == "" {

579 acc.OutgoingWebhook = nil

580 } else {

581 acc.OutgoingWebhook = &config.OutgoingWebhook{URL: url, Authorization: authorization, Events: events}

582 }

583 })

584 xcheckf(ctx, err, "saving account outgoing webhook")

585}

586

587// OutgoingWebhookTest makes a test webhook call to urlStr, with optional

588// authorization. If the HTTP request is made this call will succeed also for

589// non-2xx HTTP status codes.

590func (Account) OutgoingWebhookTest(ctx context.Context, urlStr, authorization string, data webhook.Outgoing) (code int, response string, errmsg string) {

591 log := pkglog.WithContext(ctx)

592

593 xvalidURL(ctx, urlStr)

594 log.Debug("making webhook test call for outgoing message", slog.String("url", urlStr))

595

596 var b bytes.Buffer

597 enc := json.NewEncoder(&b)

598 enc.SetIndent("", "\t")

599 enc.SetEscapeHTML(false)

600 err := enc.Encode(data)

601 xcheckf(ctx, err, "encoding outgoing webhook data")

602

603 code, response, err = queue.HookPost(ctx, log, 1, 1, urlStr, authorization, b.String())

604 if err != nil {

605 errmsg = err.Error()

606 }

607 log.Debugx("result for webhook test call for outgoing message", err, slog.Int("code", code), slog.String("response", response))

608 return code, response, errmsg

609}

610

611// IncomingWebhookSave saves a new webhook url for incoming deliveries. If url is

612// empty, the webhook is disabled. If authorization is not empty, it is used in

613// the Authorization header in requests.

614func (Account) IncomingWebhookSave(ctx context.Context, url, authorization string) {

615 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

616 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

617 if url == "" {

618 acc.IncomingWebhook = nil

619 } else {

620 acc.IncomingWebhook = &config.IncomingWebhook{URL: url, Authorization: authorization}

621 }

622 })

623 xcheckf(ctx, err, "saving account incoming webhook")

624}

625

626func xvalidURL(ctx context.Context, s string) {

627 u, err := url.Parse(s)

628 xcheckuserf(ctx, err, "parsing url")

629 if u.Scheme != "http" && u.Scheme != "https" {

630 xcheckuserf(ctx, errors.New("scheme must be http or https"), "parsing url")

631 }

632}

633

634// IncomingWebhookTest makes a test webhook HTTP delivery request to urlStr,

635// with optional authorization header. If the HTTP call is made, this function

636// returns non-error regardless of HTTP status code.

637func (Account) IncomingWebhookTest(ctx context.Context, urlStr, authorization string, data webhook.Incoming) (code int, response string, errmsg string) {

638 log := pkglog.WithContext(ctx)

639

640 xvalidURL(ctx, urlStr)

641 log.Debug("making webhook test call for incoming message", slog.String("url", urlStr))

642

643 var b bytes.Buffer

644 enc := json.NewEncoder(&b)

645 enc.SetEscapeHTML(false)

646 enc.SetIndent("", "\t")

647 err := enc.Encode(data)

648 xcheckf(ctx, err, "encoding incoming webhook data")

649 code, response, err = queue.HookPost(ctx, log, 1, 1, urlStr, authorization, b.String())

650 if err != nil {

651 errmsg = err.Error()

652 }

653 log.Debugx("result for webhook test call for incoming message", err, slog.Int("code", code), slog.String("response", response))

654 return code, response, errmsg

655}

656

657// FromIDLoginAddressesSave saves new login addresses to enable unique SMTP

658// MAIL FROM addresses ("fromid") for deliveries from the queue.

659func (Account) FromIDLoginAddressesSave(ctx context.Context, loginAddresses []string) {

660 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

661 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

662 acc.FromIDLoginAddresses = loginAddresses

663 })

664 xcheckf(ctx, err, "saving account fromid login addresses")

665}

666

667// KeepRetiredPeriodsSave saves periods to save retired messages and webhooks.

668func (Account) KeepRetiredPeriodsSave(ctx context.Context, keepRetiredMessagePeriod, keepRetiredWebhookPeriod time.Duration) {

669 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

670 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

671 acc.KeepRetiredMessagePeriod = keepRetiredMessagePeriod

672 acc.KeepRetiredWebhookPeriod = keepRetiredWebhookPeriod

673 })

674 xcheckf(ctx, err, "saving account keep retired periods")

675}

676

677// AutomaticJunkFlagsSave saves settings for automatically marking messages as

678// junk/nonjunk when moved to mailboxes matching certain regular expressions.

679func (Account) AutomaticJunkFlagsSave(ctx context.Context, enabled bool, junkRegexp, neutralRegexp, notJunkRegexp string) {

680 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

681 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

682 acc.AutomaticJunkFlags = config.AutomaticJunkFlags{

683 Enabled: enabled,

684 JunkMailboxRegexp: junkRegexp,

685 NeutralMailboxRegexp: neutralRegexp,

686 NotJunkMailboxRegexp: notJunkRegexp,

687 }

688 })

689 xcheckf(ctx, err, "saving account automatic junk flags")

690}

691

692// JunkFilterSave saves junk filter settings. If junkFilter is nil, the junk filter

693// is disabled. Otherwise all fields except Threegrams are stored.

694func (Account) JunkFilterSave(ctx context.Context, junkFilter *config.JunkFilter) {

695 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

696 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

697 if junkFilter == nil {

698 acc.JunkFilter = nil

699 return

700 }

701 old := acc.JunkFilter

702 acc.JunkFilter = junkFilter

703 acc.JunkFilter.Params.Threegrams = false

704 if old != nil {

705 acc.JunkFilter.Params.Threegrams = old.Params.Threegrams

706 }

707 })

708 xcheckf(ctx, err, "saving account junk filter settings")

709}

710

711// RejectsSave saves the RejectsMailbox and KeepRejects settings.

712func (Account) RejectsSave(ctx context.Context, mailbox string, keep bool) {

713 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

714 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

715 acc.RejectsMailbox = mailbox

716 acc.KeepRejects = keep

717 })

718 xcheckf(ctx, err, "saving account rejects settings")

719}

720

721func (Account) TLSPublicKeys(ctx context.Context) ([]store.TLSPublicKey, error) {

722 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

723 return store.TLSPublicKeyList(ctx, reqInfo.AccountName)

724}

725

726func (Account) TLSPublicKeyAdd(ctx context.Context, loginAddress, name string, noIMAPPreauth bool, certPEM string) (store.TLSPublicKey, error) {

727 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

728

729 block, rest := pem.Decode([]byte(certPEM))

730 var err error

731 if block == nil {

732 err = errors.New("no pem data found")

733 } else if block.Type != "CERTIFICATE" {

734 err = fmt.Errorf("unexpected type %q, need CERTIFICATE", block.Type)

735 } else if len(rest) != 0 {

736 err = errors.New("only single pem block allowed")

737 }

738 xcheckuserf(ctx, err, "parsing pem file")

739

740 tpk, err := store.ParseTLSPublicKeyCert(block.Bytes)

741 xcheckuserf(ctx, err, "parsing certificate")

742 if name != "" {

743 tpk.Name = name

744 }

745 tpk.Account = reqInfo.AccountName

746 tpk.LoginAddress = loginAddress

747 tpk.NoIMAPPreauth = noIMAPPreauth

748 err = store.TLSPublicKeyAdd(ctx, &tpk)

749 if err != nil && errors.Is(err, bstore.ErrUnique) {

750 xcheckuserf(ctx, err, "add tls public key")

751 } else {

752 xcheckf(ctx, err, "add tls public key")

753 }

754 return tpk, nil

755}

756

757func xtlspublickey(ctx context.Context, account string, fingerprint string) store.TLSPublicKey {

758 tpk, err := store.TLSPublicKeyGet(ctx, fingerprint)

759 if err == nil && tpk.Account != account {

760 err = bstore.ErrAbsent

761 }

762 if err == bstore.ErrAbsent {

763 xcheckuserf(ctx, err, "get tls public key")

764 }

765 xcheckf(ctx, err, "get tls public key")

766 return tpk

767}

768

769func (Account) TLSPublicKeyRemove(ctx context.Context, fingerprint string) error {

770 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

771 xtlspublickey(ctx, reqInfo.AccountName, fingerprint)

772 return store.TLSPublicKeyRemove(ctx, fingerprint)

773}

774

775func (Account) TLSPublicKeyUpdate(ctx context.Context, pubKey store.TLSPublicKey) error {

776 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

777 tpk := xtlspublickey(ctx, reqInfo.AccountName, pubKey.Fingerprint)

778 log := pkglog.WithContext(ctx)

779 acc, _, _, err := store.OpenEmail(log, pubKey.LoginAddress, false)

780 if err == nil && acc.Name != reqInfo.AccountName {

781 err = store.ErrUnknownCredentials

782 }

783 if acc != nil {

784 xerr := acc.Close()

785 log.Check(xerr, "close account")

786 }

787 if err == store.ErrUnknownCredentials {

788 xcheckuserf(ctx, errors.New("unknown address"), "looking up address")

789 }

790 tpk.Name = pubKey.Name

791 tpk.LoginAddress = pubKey.LoginAddress

792 tpk.NoIMAPPreauth = pubKey.NoIMAPPreauth

793 err = store.TLSPublicKeyUpdate(ctx, &tpk)

794 xcheckf(ctx, err, "updating tls public key")

795 return nil

796}

797

798func (Account) LoginAttempts(ctx context.Context, limit int) []store.LoginAttempt {

799 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

800 l, err := store.LoginAttemptList(ctx, reqInfo.AccountName, limit)

801 xcheckf(ctx, err, "listing login attempts")

802 return l

803}

804

805func (Account) IMAPSave(ctx context.Context, capabilitiesDisabled []string) {

806 // Basic check for capabilities.

807 for _, s := range capabilitiesDisabled {

808 if strings.ToUpper(s) != s {

809 xcheckuserf(ctx, errors.New("capability must be in upper case"), "checking capabilities")

810 }

811 for _, c := range s {

812 if c <= ' ' {

813 xcheckuserf(ctx, errors.New("capability cannot contain control characters"), "checking capabilities")

814 }

815 }

816 }

817

818 reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)

819 err := admin.AccountSave(ctx, reqInfo.AccountName, func(acc *config.Account) {

820 acc.IMAPCapabilitiesDisabled = capabilitiesDisabled

821 })

822 xcheckf(ctx, err, "saving disabled imap capabilities")

823}

824