2023-01-30 16:27:06 +03:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
2023-02-13 20:04:05 +03:00
|
|
|
"archive/tar"
|
|
|
|
"archive/zip"
|
|
|
|
"compress/gzip"
|
2023-01-30 16:27:06 +03:00
|
|
|
"context"
|
|
|
|
"encoding/base64"
|
2023-02-16 11:57:27 +03:00
|
|
|
"encoding/json"
|
2023-01-30 16:27:06 +03:00
|
|
|
"errors"
|
|
|
|
"io"
|
2023-02-13 15:53:47 +03:00
|
|
|
"net"
|
2023-01-30 16:27:06 +03:00
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"strings"
|
2023-02-13 15:53:47 +03:00
|
|
|
"time"
|
2023-01-30 16:27:06 +03:00
|
|
|
|
|
|
|
_ "embed"
|
|
|
|
|
|
|
|
"github.com/mjl-/sherpa"
|
|
|
|
"github.com/mjl-/sherpaprom"
|
|
|
|
|
2023-02-11 01:47:19 +03:00
|
|
|
"github.com/mjl-/mox/config"
|
|
|
|
"github.com/mjl-/mox/dns"
|
2023-01-30 16:27:06 +03:00
|
|
|
"github.com/mjl-/mox/metrics"
|
|
|
|
"github.com/mjl-/mox/mlog"
|
|
|
|
"github.com/mjl-/mox/mox-"
|
|
|
|
"github.com/mjl-/mox/moxvar"
|
|
|
|
"github.com/mjl-/mox/store"
|
|
|
|
)
|
|
|
|
|
|
|
|
//go:embed accountapi.json
|
|
|
|
var accountapiJSON []byte
|
|
|
|
|
|
|
|
//go:embed account.html
|
|
|
|
var accountHTML []byte
|
|
|
|
|
|
|
|
var accountDoc = mustParseAPI(accountapiJSON)
|
|
|
|
|
|
|
|
var accountSherpaHandler http.Handler
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
collector, err := sherpaprom.NewCollector("moxaccount", nil)
|
|
|
|
if err != nil {
|
|
|
|
xlog.Fatalx("creating sherpa prometheus collector", err)
|
|
|
|
}
|
|
|
|
|
2023-02-13 15:53:47 +03:00
|
|
|
accountSherpaHandler, err = sherpa.NewHandler("/api/", moxvar.Version, Account{}, &accountDoc, &sherpa.HandlerOpts{Collector: collector, AdjustFunctionNames: "none"})
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
xlog.Fatalx("sherpa handler", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Account exports web API functions for the account web interface. All its
|
2023-03-12 13:52:15 +03:00
|
|
|
// methods are exported under api/. Function calls require valid HTTP
|
2023-01-30 16:27:06 +03:00
|
|
|
// Authentication credentials of a user.
|
|
|
|
type Account struct{}
|
|
|
|
|
2023-02-13 15:53:47 +03:00
|
|
|
// check http basic auth, returns account name if valid, and writes http response
|
|
|
|
// and returns empty string otherwise.
|
|
|
|
func checkAccountAuth(ctx context.Context, log *mlog.Log, w http.ResponseWriter, r *http.Request) string {
|
2023-01-30 16:27:06 +03:00
|
|
|
authResult := "error"
|
2023-02-13 15:53:47 +03:00
|
|
|
start := time.Now()
|
|
|
|
var addr *net.TCPAddr
|
2023-01-30 16:27:06 +03:00
|
|
|
defer func() {
|
|
|
|
metrics.AuthenticationInc("httpaccount", "httpbasic", authResult)
|
2023-02-13 15:53:47 +03:00
|
|
|
if authResult == "ok" && addr != nil {
|
|
|
|
mox.LimiterFailedAuth.Reset(addr.IP, start)
|
|
|
|
}
|
2023-01-30 16:27:06 +03:00
|
|
|
}()
|
2023-02-13 15:53:47 +03:00
|
|
|
|
|
|
|
var err error
|
|
|
|
addr, err = net.ResolveTCPAddr("tcp", r.RemoteAddr)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorx("parsing remote address", err, mlog.Field("addr", r.RemoteAddr))
|
|
|
|
}
|
|
|
|
if addr != nil && !mox.LimiterFailedAuth.Add(addr.IP, start, 1) {
|
|
|
|
metrics.AuthenticationRatelimitedInc("httpaccount")
|
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
|
|
|
http.Error(w, "429 - too many auth attempts", http.StatusTooManyRequests)
|
2023-02-13 15:53:47 +03:00
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
// store.OpenEmailAuth has an auth cache, so we don't bcrypt for every auth attempt.
|
2023-01-30 16:27:06 +03:00
|
|
|
if auth := r.Header.Get("Authorization"); auth == "" || !strings.HasPrefix(auth, "Basic ") {
|
|
|
|
} else if authBuf, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic ")); err != nil {
|
2023-02-13 15:53:47 +03:00
|
|
|
log.Debugx("parsing base64", err)
|
2023-01-30 16:27:06 +03:00
|
|
|
} else if t := strings.SplitN(string(authBuf), ":", 2); len(t) != 2 {
|
2023-02-13 15:53:47 +03:00
|
|
|
log.Debug("bad user:pass form")
|
2023-01-30 16:27:06 +03:00
|
|
|
} else if acc, err := store.OpenEmailAuth(t[0], t[1]); err != nil {
|
|
|
|
if errors.Is(err, store.ErrUnknownCredentials) {
|
|
|
|
authResult = "badcreds"
|
|
|
|
}
|
2023-02-13 15:53:47 +03:00
|
|
|
log.Errorx("open account", err)
|
2023-01-30 16:27:06 +03:00
|
|
|
} else {
|
|
|
|
authResult = "ok"
|
2023-02-13 15:53:47 +03:00
|
|
|
accName := acc.Name
|
2023-02-16 15:22:00 +03:00
|
|
|
err := acc.Close()
|
|
|
|
log.Check(err, "closing account")
|
2023-02-13 15:53:47 +03:00
|
|
|
return accName
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
2023-02-13 15:53:47 +03:00
|
|
|
// note: browsers don't display the realm to prevent users getting confused by malicious realm messages.
|
|
|
|
w.Header().Set("WWW-Authenticate", `Basic realm="mox account - login with email address and password"`)
|
|
|
|
http.Error(w, "http 401 - unauthorized - mox account - login with email address and password", http.StatusUnauthorized)
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
func accountHandle(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.WithValue(r.Context(), mlog.CidKey, mox.Cid())
|
|
|
|
log := xlog.WithContext(ctx).Fields(mlog.Field("userauth", ""))
|
|
|
|
|
2023-02-16 11:57:27 +03:00
|
|
|
// Without authentication. The token is unguessable.
|
|
|
|
if r.URL.Path == "/importprogress" {
|
|
|
|
if r.Method != "GET" {
|
|
|
|
http.Error(w, "405 - method not allowed - get required", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
q := r.URL.Query()
|
|
|
|
token := q.Get("token")
|
|
|
|
if token == "" {
|
|
|
|
http.Error(w, "400 - bad request - missing token", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
flusher, ok := w.(http.Flusher)
|
|
|
|
if !ok {
|
|
|
|
log.Error("internal error: ResponseWriter not a http.Flusher")
|
|
|
|
http.Error(w, "500 - internal error - cannot sync to http connection", 500)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
l := importListener{token, make(chan importEvent, 100), make(chan bool, 1)}
|
|
|
|
importers.Register <- &l
|
|
|
|
ok = <-l.Register
|
|
|
|
if !ok {
|
|
|
|
http.Error(w, "400 - bad request - unknown token, import may have finished more than a minute ago", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
importers.Unregister <- &l
|
|
|
|
}()
|
|
|
|
|
|
|
|
h := w.Header()
|
|
|
|
h.Set("Content-Type", "text/event-stream")
|
|
|
|
h.Set("Cache-Control", "no-cache")
|
|
|
|
_, err := w.Write([]byte(": keepalive\n\n"))
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
flusher.Flush()
|
|
|
|
|
2023-02-16 15:24:51 +03:00
|
|
|
cctx := r.Context()
|
2023-02-16 11:57:27 +03:00
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case e := <-l.Events:
|
|
|
|
_, err := w.Write(e.SSEMsg)
|
|
|
|
flusher.Flush()
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-02-16 15:24:51 +03:00
|
|
|
case <-cctx.Done():
|
2023-02-16 11:57:27 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-13 15:53:47 +03:00
|
|
|
accName := checkAccountAuth(ctx, log, w, r)
|
|
|
|
if accName == "" {
|
|
|
|
// Response already sent.
|
2023-01-30 16:27:06 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-02-13 20:04:05 +03:00
|
|
|
switch r.URL.Path {
|
|
|
|
case "/":
|
|
|
|
if r.Method != "GET" {
|
|
|
|
http.Error(w, "405 - method not allowed - post required", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
2023-01-30 16:27:06 +03:00
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
w.Header().Set("Cache-Control", "no-cache; max-age=0")
|
2023-02-06 17:26:24 +03:00
|
|
|
// We typically return the embedded admin.html, but during development it's handy
|
|
|
|
// to load from disk.
|
2023-01-30 16:27:06 +03:00
|
|
|
f, err := os.Open("http/account.html")
|
|
|
|
if err == nil {
|
|
|
|
defer f.Close()
|
2023-02-16 15:22:00 +03:00
|
|
|
_, _ = io.Copy(w, f)
|
2023-01-30 16:27:06 +03:00
|
|
|
} else {
|
2023-02-16 15:22:00 +03:00
|
|
|
_, _ = w.Write(accountHTML)
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
2023-02-13 20:04:05 +03:00
|
|
|
|
|
|
|
case "/mail-export-maildir.tgz", "/mail-export-maildir.zip", "/mail-export-mbox.tgz", "/mail-export-mbox.zip":
|
|
|
|
maildir := strings.Contains(r.URL.Path, "maildir")
|
|
|
|
tgz := strings.Contains(r.URL.Path, ".tgz")
|
|
|
|
|
|
|
|
acc, err := store.OpenAccount(accName)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorx("open account for export", err)
|
|
|
|
http.Error(w, "500 - internal server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
2023-02-16 15:22:00 +03:00
|
|
|
defer func() {
|
|
|
|
err := acc.Close()
|
|
|
|
log.Check(err, "closing account")
|
|
|
|
}()
|
2023-02-13 20:04:05 +03:00
|
|
|
|
|
|
|
var archiver store.Archiver
|
|
|
|
if tgz {
|
|
|
|
// Don't tempt browsers to "helpfully" decompress.
|
|
|
|
w.Header().Set("Content-Type", "application/octet-stream")
|
|
|
|
|
|
|
|
gzw := gzip.NewWriter(w)
|
|
|
|
defer func() {
|
2023-02-16 15:22:00 +03:00
|
|
|
_ = gzw.Close()
|
2023-02-13 20:04:05 +03:00
|
|
|
}()
|
|
|
|
archiver = store.TarArchiver{Writer: tar.NewWriter(gzw)}
|
|
|
|
} else {
|
|
|
|
w.Header().Set("Content-Type", "application/zip")
|
|
|
|
archiver = store.ZipArchiver{Writer: zip.NewWriter(w)}
|
|
|
|
}
|
|
|
|
defer func() {
|
2023-02-16 15:22:00 +03:00
|
|
|
err := archiver.Close()
|
|
|
|
log.Check(err, "exporting mail close")
|
2023-02-13 20:04:05 +03:00
|
|
|
}()
|
2023-05-22 15:40:36 +03:00
|
|
|
if err := store.ExportMessages(r.Context(), log, acc.DB, acc.Dir, archiver, maildir, ""); err != nil {
|
2023-02-13 20:04:05 +03:00
|
|
|
log.Errorx("exporting mail", err)
|
|
|
|
}
|
|
|
|
|
2023-02-16 11:57:27 +03:00
|
|
|
case "/import":
|
|
|
|
if r.Method != "POST" {
|
|
|
|
http.Error(w, "405 - method not allowed - post required", http.StatusMethodNotAllowed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
f, _, err := r.FormFile("file")
|
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, http.ErrMissingFile) {
|
|
|
|
http.Error(w, "400 - bad request - missing file", http.StatusBadRequest)
|
|
|
|
} else {
|
|
|
|
http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
2023-02-16 15:22:00 +03:00
|
|
|
defer func() {
|
|
|
|
err := f.Close()
|
|
|
|
log.Check(err, "closing form file")
|
|
|
|
}()
|
2023-02-16 11:57:27 +03:00
|
|
|
skipMailboxPrefix := r.FormValue("skipMailboxPrefix")
|
|
|
|
tmpf, err := os.CreateTemp("", "mox-import")
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
if tmpf != nil {
|
2023-02-16 15:22:00 +03:00
|
|
|
err := tmpf.Close()
|
|
|
|
log.Check(err, "closing uploaded file")
|
2023-02-16 11:57:27 +03:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
if err := os.Remove(tmpf.Name()); err != nil {
|
|
|
|
log.Errorx("removing temporary file", err)
|
|
|
|
http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if _, err := io.Copy(tmpf, f); err != nil {
|
|
|
|
log.Errorx("copying import to temporary file", err)
|
|
|
|
http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
token, err := importStart(log, accName, tmpf, skipMailboxPrefix)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorx("starting import", err)
|
|
|
|
http.Error(w, "500 - internal server error - "+err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
tmpf = nil // importStart is now responsible for closing.
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2023-02-16 15:22:00 +03:00
|
|
|
_ = json.NewEncoder(w).Encode(map[string]string{"ImportToken": token})
|
2023-02-16 11:57:27 +03:00
|
|
|
|
2023-02-13 20:04:05 +03:00
|
|
|
default:
|
|
|
|
if strings.HasPrefix(r.URL.Path, "/api/") {
|
|
|
|
accountSherpaHandler.ServeHTTP(w, r.WithContext(context.WithValue(ctx, authCtxKey, accName)))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
http.NotFound(w, r)
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type ctxKey string
|
|
|
|
|
|
|
|
var authCtxKey ctxKey = "account"
|
|
|
|
|
|
|
|
// SetPassword saves a new password for the account, invalidating the previous password.
|
|
|
|
// Sessions are not interrupted, and will keep working. New login attempts must use the new password.
|
|
|
|
// Password must be at least 8 characters.
|
|
|
|
func (Account) SetPassword(ctx context.Context, password string) {
|
|
|
|
if len(password) < 8 {
|
|
|
|
panic(&sherpa.Error{Code: "user:error", Message: "password must be at least 8 characters"})
|
|
|
|
}
|
|
|
|
accountName := ctx.Value(authCtxKey).(string)
|
|
|
|
acc, err := store.OpenAccount(accountName)
|
|
|
|
xcheckf(ctx, err, "open account")
|
2023-02-16 15:22:00 +03:00
|
|
|
defer func() {
|
|
|
|
err := acc.Close()
|
|
|
|
xlog.Check(err, "closing account")
|
|
|
|
}()
|
2023-01-30 16:27:06 +03:00
|
|
|
err = acc.SetPassword(password)
|
|
|
|
xcheckf(ctx, err, "setting password")
|
|
|
|
}
|
2023-02-11 01:47:19 +03:00
|
|
|
|
|
|
|
// Destinations returns the default domain, and the destinations (keys are email
|
|
|
|
// addresses, or localparts to the default domain).
|
|
|
|
// todo: replace with a function that returns the whole account, when sherpadoc understands unnamed struct fields.
|
|
|
|
func (Account) Destinations(ctx context.Context) (dns.Domain, map[string]config.Destination) {
|
|
|
|
accountName := ctx.Value(authCtxKey).(string)
|
|
|
|
accConf, ok := mox.Conf.Account(accountName)
|
|
|
|
if !ok {
|
|
|
|
xcheckf(ctx, errors.New("not found"), "looking up account")
|
|
|
|
}
|
|
|
|
return accConf.DNSDomain, accConf.Destinations
|
|
|
|
}
|
|
|
|
|
|
|
|
// DestinationSave updates a destination.
|
|
|
|
// OldDest is compared against the current destination. If it does not match, an
|
|
|
|
// error is returned. Otherwise newDest is saved and the configuration reloaded.
|
|
|
|
func (Account) DestinationSave(ctx context.Context, destName string, oldDest, newDest config.Destination) {
|
|
|
|
accountName := ctx.Value(authCtxKey).(string)
|
|
|
|
accConf, ok := mox.Conf.Account(accountName)
|
|
|
|
if !ok {
|
|
|
|
xcheckf(ctx, errors.New("not found"), "looking up account")
|
|
|
|
}
|
|
|
|
curDest, ok := accConf.Destinations[destName]
|
|
|
|
if !ok {
|
|
|
|
xcheckf(ctx, errors.New("not found"), "looking up destination")
|
|
|
|
}
|
|
|
|
|
|
|
|
if !curDest.Equal(oldDest) {
|
|
|
|
xcheckf(ctx, errors.New("modified"), "checking stored destination")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Keep fields we manage.
|
|
|
|
newDest.DMARCReports = curDest.DMARCReports
|
|
|
|
newDest.TLSReports = curDest.TLSReports
|
|
|
|
|
|
|
|
err := mox.DestinationSave(ctx, accountName, destName, newDest)
|
|
|
|
xcheckf(ctx, err, "saving destination")
|
|
|
|
}
|
2023-02-16 11:57:27 +03:00
|
|
|
|
|
|
|
// ImportAbort aborts an import that is in progress. If the import exists and isn't
|
|
|
|
// finished, no changes will have been made by the import.
|
|
|
|
func (Account) ImportAbort(ctx context.Context, importToken string) error {
|
|
|
|
req := importAbortRequest{importToken, make(chan error)}
|
|
|
|
importers.Abort <- req
|
|
|
|
return <-req.Response
|
|
|
|
}
|