package koushinbase import ( "bytes" "fmt" "io" "io/ioutil" "mime" "net/http" "net/url" "strconv" "strings" "git.sr.ht/~emersion/koushin" "github.com/emersion/go-imap" imapmove "github.com/emersion/go-imap-move" imapclient "github.com/emersion/go-imap/client" "github.com/emersion/go-message" "github.com/emersion/go-message/mail" "github.com/emersion/go-smtp" "github.com/labstack/echo/v4" ) func registerRoutes(p *koushin.GoPlugin) { p.GET("/", func(ctx *koushin.Context) error { return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") }) p.GET("/mailbox/:mbox", handleGetMailbox) p.POST("/mailbox/:mbox", handleGetMailbox) p.GET("/message/:mbox/:uid", func(ctx *koushin.Context) error { return handleGetPart(ctx, false) }) p.GET("/message/:mbox/:uid/raw", func(ctx *koushin.Context) error { return handleGetPart(ctx, true) }) p.GET("/login", handleLogin) p.POST("/login", handleLogin) p.GET("/logout", handleLogout) p.GET("/compose", handleComposeNew) p.POST("/compose", handleComposeNew) p.GET("/message/:mbox/:uid/reply", handleReply) p.POST("/message/:mbox/:uid/reply", handleReply) p.GET("/message/:mbox/:uid/edit", handleEdit) p.POST("/message/:mbox/:uid/edit", handleEdit) p.POST("/message/:mbox/:uid/move", handleMove) p.POST("/message/:mbox/:uid/delete", handleDelete) p.POST("/message/:mbox/:uid/flag", handleSetFlags) p.GET("/settings", handleSettings) p.POST("/settings", handleSettings) } type MailboxRenderData struct { koushin.BaseRenderData Mailbox *imap.MailboxStatus Mailboxes []*imap.MailboxInfo Messages []IMAPMessage PrevPage, NextPage int Query string } func handleGetMailbox(ctx *koushin.Context) error { mboxName, err := url.PathUnescape(ctx.Param("mbox")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } page := 0 if pageStr := ctx.QueryParam("page"); pageStr != "" { var err error if page, err = strconv.Atoi(pageStr); err != nil || page < 0 { return echo.NewHTTPError(http.StatusBadRequest, "invalid page index") } } settings, err := loadSettings(ctx.Session.Store()) if err != nil { return err } messagesPerPage := settings.MessagesPerPage query := ctx.QueryParam("query") var mailboxes []*imap.MailboxInfo var msgs []IMAPMessage var mbox *imap.MailboxStatus var total int err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { var err error if mailboxes, err = listMailboxes(c); err != nil { return err } if query != "" { msgs, total, err = searchMessages(c, mboxName, query, page, messagesPerPage) } else { msgs, err = listMessages(c, mboxName, page, messagesPerPage) } if err != nil { return err } mbox = c.Mailbox() return nil }) if err != nil { return err } prevPage, nextPage := -1, -1 if query != "" { if page > 0 { prevPage = page - 1 } if (page+1)*messagesPerPage <= total { nextPage = page + 1 } } else { if page > 0 { prevPage = page - 1 } if (page+1)*messagesPerPage < int(mbox.Messages) { nextPage = page + 1 } } return ctx.Render(http.StatusOK, "mailbox.html", &MailboxRenderData{ BaseRenderData: *koushin.NewBaseRenderData(ctx), Mailbox: mbox, Mailboxes: mailboxes, Messages: msgs, PrevPage: prevPage, NextPage: nextPage, Query: query, }) } func handleLogin(ctx *koushin.Context) error { username := ctx.FormValue("username") password := ctx.FormValue("password") if username != "" && password != "" { s, err := ctx.Server.Sessions.Put(username, password) if err != nil { if _, ok := err.(koushin.AuthError); ok { return ctx.Render(http.StatusOK, "login.html", nil) } return fmt.Errorf("failed to put connection in pool: %v", err) } ctx.SetSession(s) if path := ctx.QueryParam("next"); path != "" && path[0] == '/' && path != "/login" { return ctx.Redirect(http.StatusFound, path) } return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } return ctx.Render(http.StatusOK, "login.html", koushin.NewBaseRenderData(ctx)) } func handleLogout(ctx *koushin.Context) error { ctx.Session.Close() ctx.SetSession(nil) return ctx.Redirect(http.StatusFound, "/login") } type MessageRenderData struct { koushin.BaseRenderData Mailboxes []*imap.MailboxInfo Mailbox *imap.MailboxStatus Message *IMAPMessage Body string IsHTML bool PartPath string MailboxPage int Flags map[string]bool } func handleGetPart(ctx *koushin.Context, raw bool) error { mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } partPathString := ctx.QueryParam("part") partPath, err := parsePartPath(partPathString) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } settings, err := loadSettings(ctx.Session.Store()) if err != nil { return err } messagesPerPage := settings.MessagesPerPage var mailboxes []*imap.MailboxInfo var msg *IMAPMessage var part *message.Entity var mbox *imap.MailboxStatus err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { var err error if mailboxes, err = listMailboxes(c); err != nil { return err } if msg, part, err = getMessagePart(c, mboxName, uid, partPath); err != nil { return err } mbox = c.Mailbox() return nil }) if err != nil { return err } mimeType, _, err := part.Header.ContentType() if err != nil { return fmt.Errorf("failed to parse part Content-Type: %v", err) } if len(partPath) == 0 { mimeType = "message/rfc822" } if raw { ctx.Response().Header().Set("Content-Type", mimeType) disp, dispParams, _ := part.Header.ContentDisposition() filename := dispParams["filename"] if len(partPath) == 0 { filename = msg.Envelope.Subject + ".eml" } // TODO: set Content-Length if possible // Be careful not to serve types like text/html as inline if !strings.EqualFold(mimeType, "text/plain") || strings.EqualFold(disp, "attachment") { dispParams := make(map[string]string) if filename != "" { dispParams["filename"] = filename } disp := mime.FormatMediaType("attachment", dispParams) ctx.Response().Header().Set("Content-Disposition", disp) } if len(partPath) == 0 { return part.WriteTo(ctx.Response()) } else { return ctx.Stream(http.StatusOK, mimeType, part.Body) } } var body []byte if strings.HasPrefix(strings.ToLower(mimeType), "text/") { body, err = ioutil.ReadAll(part.Body) if err != nil { return fmt.Errorf("failed to read part body: %v", err) } } isHTML := false if strings.EqualFold(mimeType, "text/html") { body, err = sanitizeHTML(body) if err != nil { return fmt.Errorf("failed to sanitize HTML part: %v", err) } isHTML = true } flags := make(map[string]bool) for _, f := range mbox.PermanentFlags { f = imap.CanonicalFlag(f) if f == imap.TryCreateFlag { continue } flags[f] = msg.HasFlag(f) } return ctx.Render(http.StatusOK, "message.html", &MessageRenderData{ BaseRenderData: *koushin.NewBaseRenderData(ctx), Mailboxes: mailboxes, Mailbox: mbox, Message: msg, Body: string(body), IsHTML: isHTML, PartPath: partPathString, MailboxPage: int(mbox.Messages-msg.SeqNum) / messagesPerPage, Flags: flags, }) } type ComposeRenderData struct { koushin.BaseRenderData Message *OutgoingMessage } type messagePath struct { Mailbox string Uid uint32 } // Send message, append it to the Sent mailbox, mark the original message as // answered func submitCompose(ctx *koushin.Context, msg *OutgoingMessage, draft *messagePath, inReplyTo *messagePath) error { err := ctx.Session.DoSMTP(func(c *smtp.Client) error { return sendMessage(c, msg) }) if err != nil { if _, ok := err.(koushin.AuthError); ok { return echo.NewHTTPError(http.StatusForbidden, err) } return fmt.Errorf("failed to send message: %v", err) } if inReplyTo != nil { err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { return markMessageAnswered(c, inReplyTo.Mailbox, inReplyTo.Uid) }) if err != nil { return fmt.Errorf("failed to mark original message as answered: %v", err) } } err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { if _, err := appendMessage(c, msg, mailboxSent); err != nil { return err } if draft != nil { if err := deleteMessage(c, draft.Mailbox, draft.Uid); err != nil { return err } } return nil }) if err != nil { return fmt.Errorf("failed to save message to Sent mailbox: %v", err) } return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } func handleCompose(ctx *koushin.Context, msg *OutgoingMessage, draft *messagePath, inReplyTo *messagePath) error { if msg.From == "" && strings.ContainsRune(ctx.Session.Username(), '@') { msg.From = ctx.Session.Username() } if ctx.Request().Method == http.MethodPost { formParams, err := ctx.FormParams() if err != nil { return fmt.Errorf("failed to parse form: %v", err) } _, saveAsDraft := formParams["save_as_draft"] msg.From = ctx.FormValue("from") msg.To = parseAddressList(ctx.FormValue("to")) msg.Subject = ctx.FormValue("subject") msg.Text = ctx.FormValue("text") msg.InReplyTo = ctx.FormValue("in_reply_to") form, err := ctx.MultipartForm() if err != nil { return fmt.Errorf("failed to get multipart form: %v", err) } // Fetch previous attachments from draft if draft != nil { for _, s := range form.Value["prev_attachments"] { path, err := parsePartPath(s) if err != nil { return fmt.Errorf("failed to parse draft attachment path: %v", err) } var part *message.Entity err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { var err error _, part, err = getMessagePart(c, draft.Mailbox, draft.Uid, path) return err }) if err != nil { return fmt.Errorf("failed to fetch attachment from draft: %v", err) } var buf bytes.Buffer if _, err := io.Copy(&buf, part.Body); err != nil { return fmt.Errorf("failed to copy attachment from draft: %v", err) } h := mail.AttachmentHeader{part.Header} mimeType, _, _ := h.ContentType() filename, _ := h.Filename() msg.Attachments = append(msg.Attachments, &imapAttachment{ Mailbox: draft.Mailbox, Uid: draft.Uid, Node: &IMAPPartNode{ Path: path, MIMEType: mimeType, Filename: filename, }, Body: buf.Bytes(), }) } } else if len(form.Value["prev_attachments"]) > 0 { return fmt.Errorf("previous attachments specified but no draft available") } for _, fh := range form.File["attachments"] { msg.Attachments = append(msg.Attachments, &formAttachment{fh}) } if saveAsDraft { err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { copied, err := appendMessage(c, msg, mailboxDrafts) if err != nil { return err } if !copied { return fmt.Errorf("no Draft mailbox found") } if draft != nil { if err := deleteMessage(c, draft.Mailbox, draft.Uid); err != nil { return err } } return nil }) if err != nil { return fmt.Errorf("failed to save message to Draft mailbox: %v", err) } return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } else { return submitCompose(ctx, msg, draft, inReplyTo) } } return ctx.Render(http.StatusOK, "compose.html", &ComposeRenderData{ BaseRenderData: *koushin.NewBaseRenderData(ctx), Message: msg, }) } func handleComposeNew(ctx *koushin.Context) error { // These are common mailto URL query parameters return handleCompose(ctx, &OutgoingMessage{ To: strings.Split(ctx.QueryParam("to"), ","), Subject: ctx.QueryParam("subject"), Text: ctx.QueryParam("body"), InReplyTo: ctx.QueryParam("in-reply-to"), }, nil, nil) } func unwrapIMAPAddressList(addrs []*imap.Address) []string { l := make([]string, len(addrs)) for i, addr := range addrs { l[i] = addr.Address() } return l } func handleReply(ctx *koushin.Context) error { var inReplyToPath messagePath var err error inReplyToPath.Mailbox, inReplyToPath.Uid, err = parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var msg OutgoingMessage if ctx.Request().Method == http.MethodGet { // Populate fields from original message partPath, err := parsePartPath(ctx.QueryParam("part")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var inReplyTo *IMAPMessage var part *message.Entity err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { var err error inReplyTo, part, err = getMessagePart(c, inReplyToPath.Mailbox, inReplyToPath.Uid, partPath) return err }) if err != nil { return err } mimeType, _, err := part.Header.ContentType() if err != nil { return fmt.Errorf("failed to parse part Content-Type: %v", err) } if !strings.HasPrefix(strings.ToLower(mimeType), "text/") { err := fmt.Errorf("cannot reply to %q part", mimeType) return echo.NewHTTPError(http.StatusBadRequest, err) } // TODO: strip HTML tags if text/html msg.Text, err = quote(part.Body) if err != nil { return err } msg.InReplyTo = inReplyTo.Envelope.MessageId // TODO: populate From from known user addresses and inReplyTo.Envelope.To replyTo := inReplyTo.Envelope.ReplyTo if len(replyTo) == 0 { replyTo = inReplyTo.Envelope.From } msg.To = unwrapIMAPAddressList(replyTo) msg.Subject = inReplyTo.Envelope.Subject if !strings.HasPrefix(strings.ToLower(msg.Subject), "re:") { msg.Subject = "Re: " + msg.Subject } } return handleCompose(ctx, &msg, nil, &inReplyToPath) } func handleEdit(ctx *koushin.Context) error { var sourcePath messagePath var err error sourcePath.Mailbox, sourcePath.Uid, err = parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } // TODO: somehow get the path to the In-Reply-To message (with a search?) var msg OutgoingMessage if ctx.Request().Method == http.MethodGet { // Populate fields from source message partPath, err := parsePartPath(ctx.QueryParam("part")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var source *IMAPMessage var part *message.Entity err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { var err error source, part, err = getMessagePart(c, sourcePath.Mailbox, sourcePath.Uid, partPath) return err }) if err != nil { return err } mimeType, _, err := part.Header.ContentType() if err != nil { return fmt.Errorf("failed to parse part Content-Type: %v", err) } if !strings.EqualFold(mimeType, "text/plain") { err := fmt.Errorf("cannot edit %q part", mimeType) return echo.NewHTTPError(http.StatusBadRequest, err) } b, err := ioutil.ReadAll(part.Body) if err != nil { return fmt.Errorf("failed to read part body: %v", err) } msg.Text = string(b) if len(source.Envelope.From) > 0 { msg.From = source.Envelope.From[0].Address() } msg.To = unwrapIMAPAddressList(source.Envelope.To) msg.Subject = source.Envelope.Subject msg.InReplyTo = source.Envelope.InReplyTo // TODO: preserve Message-Id attachments := source.Attachments() for i := range attachments { att := &attachments[i] // No need to populate attachment body here, we just need the // metadata msg.Attachments = append(msg.Attachments, &imapAttachment{ Mailbox: sourcePath.Mailbox, Uid: sourcePath.Uid, Node: att, }) } } return handleCompose(ctx, &msg, &sourcePath, nil) } func handleMove(ctx *koushin.Context) error { mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } to := ctx.FormValue("to") err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { mc := imapmove.NewClient(c) if err := ensureMailboxSelected(c, mboxName); err != nil { return err } var seqSet imap.SeqSet seqSet.AddNum(uid) if err := mc.UidMoveWithFallback(&seqSet, to); err != nil { return fmt.Errorf("failed to move message: %v", err) } // TODO: get the UID of the message in the destination mailbox with UIDPLUS return nil }) if err != nil { return err } return ctx.Redirect(http.StatusFound, fmt.Sprintf("/mailbox/%v", url.PathEscape(to))) } func handleDelete(ctx *koushin.Context) error { mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { if err := ensureMailboxSelected(c, mboxName); err != nil { return err } var seqSet imap.SeqSet seqSet.AddNum(uid) item := imap.FormatFlagsOp(imap.AddFlags, true) flags := []interface{}{imap.DeletedFlag} if err := c.UidStore(&seqSet, item, flags, nil); err != nil { return fmt.Errorf("failed to add deleted flag: %v", err) } if err := c.Expunge(nil); err != nil { return fmt.Errorf("failed to expunge mailbox: %v", err) } // Deleting a message invalidates our cached message count // TODO: listen to async updates instead if _, err := c.Select(mboxName, false); err != nil { return fmt.Errorf("failed to select mailbox: %v", err) } return nil }) if err != nil { return err } return ctx.Redirect(http.StatusFound, fmt.Sprintf("/mailbox/%v", url.PathEscape(mboxName))) } func handleSetFlags(ctx *koushin.Context) error { mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } form, err := ctx.FormParams() if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } flags, ok := form["flags"] if !ok { return echo.NewHTTPError(http.StatusBadRequest, "missing 'flags' form values") } err = ctx.Session.DoIMAP(func(c *imapclient.Client) error { if err := ensureMailboxSelected(c, mboxName); err != nil { return err } var seqSet imap.SeqSet seqSet.AddNum(uid) storeItems := make([]interface{}, len(flags)) for i, f := range flags { storeItems[i] = f } item := imap.FormatFlagsOp(imap.SetFlags, true) if err := c.UidStore(&seqSet, item, storeItems, nil); err != nil { return fmt.Errorf("failed to add deleted flag: %v", err) } return nil }) if err != nil { return err } return ctx.Redirect(http.StatusFound, fmt.Sprintf("/message/%v/%v", url.PathEscape(mboxName), uid)) } const settingsKey = "base.settings" const maxMessagesPerPage = 100 type Settings struct { MessagesPerPage int } func loadSettings(s koushin.Store) (*Settings, error) { settings := &Settings{ MessagesPerPage: 50, } if err := s.Get(settingsKey, settings); err != nil && err != koushin.ErrNoStoreEntry { return nil, err } if err := settings.check(); err != nil { return nil, err } return settings, nil } func (s *Settings) check() error { if s.MessagesPerPage <= 0 || s.MessagesPerPage > maxMessagesPerPage { return fmt.Errorf("messages per page out of bounds: %v", s.MessagesPerPage) } return nil } type SettingsRenderData struct { koushin.BaseRenderData Settings *Settings } func handleSettings(ctx *koushin.Context) error { settings, err := loadSettings(ctx.Session.Store()) if err != nil { return fmt.Errorf("failed to load settings: %v", err) } if ctx.Request().Method == http.MethodPost { settings.MessagesPerPage, err = strconv.Atoi(ctx.FormValue("messages_per_page")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, "invalid messages per page: %v", err) } if err := settings.check(); err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } if err := ctx.Session.Store().Put(settingsKey, settings); err != nil { return fmt.Errorf("failed to save settings: %v", err) } return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } return ctx.Render(http.StatusOK, "settings.html", &SettingsRenderData{ BaseRenderData: *koushin.NewBaseRenderData(ctx), Settings: settings, }) }