mox/http/mtasts.go

package http

import (
	"net"
	"net/http"
	"strings"
	"time"

	"golang.org/x/exp/slog"

	"github.com/mjl-/mox/dns"
	"github.com/mjl-/mox/mlog"
	"github.com/mjl-/mox/mox-"
	"github.com/mjl-/mox/mtasts"
)

func mtastsPolicyHandle(w http.ResponseWriter, r *http.Request) {
	log := func() mlog.Log {
		return pkglog.WithContext(r.Context())
	}

	host := strings.ToLower(r.Host)
	if !strings.HasPrefix(host, "mta-sts.") {
		http.NotFound(w, r)
		return
	}
	host = strings.TrimPrefix(host, "mta-sts.")
	nhost, _, err := net.SplitHostPort(host)
	if err == nil {
		// Only relevant for when host has a port.
		host = nhost
	}
	domain, err := dns.ParseDomain(host)
	if err != nil {
		log().Errorx("mtasts policy request: bad domain", err, slog.String("host", host))
		http.NotFound(w, r)
		return
	}

	conf, _ := mox.Conf.Domain(domain)
	sts := conf.MTASTS
	if sts == nil {
		http.NotFound(w, r)
		return
	}

	var mxs []mtasts.STSMX
	for _, s := range sts.MX {
		var mx mtasts.STSMX
		if strings.HasPrefix(s, "*.") {
			mx.Wildcard = true
			s = s[2:]
		}
		d, err := dns.ParseDomain(s)
		if err != nil {
			log().Errorx("bad domain in mtasts config", err, slog.String("domain", s))
			http.Error(w, "500 - internal server error - invalid domain in configuration", http.StatusInternalServerError)
			return
		}
		mx.Domain = d
		mxs = append(mxs, mx)
	}
	if len(mxs) == 0 {
		mxs = []mtasts.STSMX{{Domain: mox.Conf.Static.HostnameDomain}}
	}

	policy := mtasts.Policy{
		Version:       "STSv1",
		Mode:          sts.Mode,
		MaxAgeSeconds: int(sts.MaxAge / time.Second),
		MX:            mxs,
	}
	w.Header().Set("Content-Type", "text/plain")
	w.Header().Set("Cache-Control", "no-cache, max-age=0")
	_, _ = w.Write([]byte(policy.String()))
}
mox! 2023-01-30 16:27:06 +03:00			`package http`

			`import (`
add option to handle autoconfig and mta-sts requests without TLS, for when it is reverse proxied for #5 with hints from belst & idnovic 2023-02-25 13:28:15 +03:00			`"net"`
mox! 2023-01-30 16:27:06 +03:00			`"net/http"`
			`"strings"`
			`"time"`

switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`"golang.org/x/exp/slog"`

mox! 2023-01-30 16:27:06 +03:00			`"github.com/mjl-/mox/dns"`
			`"github.com/mjl-/mox/mlog"`
			`"github.com/mjl-/mox/mox-"`
			`"github.com/mjl-/mox/mtasts"`
			`)`

			`func mtastsPolicyHandle(w http.ResponseWriter, r *http.Request) {`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`log := func() mlog.Log {`
			`return pkglog.WithContext(r.Context())`
add basic webserver that can do most of what i need - serve static files, serving index.html or optionally listings for directories - redirects - reverse-proxy, forwarding requests to a backend these are configurable through the config file. a domain and path regexp have to be configured. path prefixes can be stripped. configured domains are added to the autotls allowlist, so acme automatically fetches certificates for them. all webserver requests now have (access) logging, metrics, rate limiting. on http errors, the error message prints an encrypted cid for relating with log files. this also adds a new mechanism for example config files. 2023-03-01 00:12:27 +03:00			`}`
mox! 2023-01-30 16:27:06 +03:00
fix serving mta-sts policy files i broke it 3 days ago when adding support for serving it through external reverse proxy. report by mteege, thanks! 2023-02-28 22:40:52 +03:00			`host := strings.ToLower(r.Host)`
			`if !strings.HasPrefix(host, "mta-sts.") {`
mox! 2023-01-30 16:27:06 +03:00			`http.NotFound(w, r)`
			`return`
			`}`
fix serving mta-sts policy files i broke it 3 days ago when adding support for serving it through external reverse proxy. report by mteege, thanks! 2023-02-28 22:40:52 +03:00			`host = strings.TrimPrefix(host, "mta-sts.")`
			`nhost, _, err := net.SplitHostPort(host)`
			`if err == nil {`
			`// Only relevant for when host has a port.`
			`host = nhost`
add option to handle autoconfig and mta-sts requests without TLS, for when it is reverse proxied for #5 with hints from belst & idnovic 2023-02-25 13:28:15 +03:00			`}`
			`domain, err := dns.ParseDomain(host)`
			`if err != nil {`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`log().Errorx("mtasts policy request: bad domain", err, slog.String("host", host))`
mox! 2023-01-30 16:27:06 +03:00			`http.NotFound(w, r)`
			`return`
			`}`

			`conf, _ := mox.Conf.Domain(domain)`
			`sts := conf.MTASTS`
			`if sts == nil {`
			`http.NotFound(w, r)`
			`return`
			`}`

			`var mxs []mtasts.STSMX`
			`for _, s := range sts.MX {`
			`var mx mtasts.STSMX`
			`if strings.HasPrefix(s, "*.") {`
			`mx.Wildcard = true`
			`s = s[2:]`
			`}`
			`d, err := dns.ParseDomain(s)`
			`if err != nil {`
switch to slog.Logger for logging, for easier reuse of packages by external software we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog. 2023-12-05 15:35:58 +03:00			`log().Errorx("bad domain in mtasts config", err, slog.String("domain", s))`
mox! 2023-01-30 16:27:06 +03:00			`http.Error(w, "500 - internal server error - invalid domain in configuration", http.StatusInternalServerError)`
			`return`
			`}`
			`mx.Domain = d`
			`mxs = append(mxs, mx)`
			`}`
			`if len(mxs) == 0 {`
			`mxs = []mtasts.STSMX{{Domain: mox.Conf.Static.HostnameDomain}}`
			`}`

			`policy := mtasts.Policy{`
			`Version: "STSv1",`
			`Mode: sts.Mode,`
			`MaxAgeSeconds: int(sts.MaxAge / time.Second),`
			`MX: mxs,`
			`}`
			`w.Header().Set("Content-Type", "text/plain")`
			`w.Header().Set("Cache-Control", "no-cache, max-age=0")`
consistently use log.Check for logging errors that "should not happen", don't influence application flow sooner or later, someone will notice one of these messages, which will lead us to a bug. 2023-02-16 15:22:00 +03:00			`_, _ = w.Write([]byte(policy.String()))`
mox! 2023-01-30 16:27:06 +03:00			`}`