349 lines
7.3 KiB
Go
349 lines
7.3 KiB
Go
package alps
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"os"
|
|
"sync"
|
|
"time"
|
|
|
|
imapclient "github.com/emersion/go-imap/client"
|
|
"github.com/emersion/go-sasl"
|
|
"github.com/emersion/go-smtp"
|
|
"github.com/google/uuid"
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
// TODO: make this configurable
|
|
const sessionDuration = 30 * time.Minute
|
|
const maxAttachmentSize = 32 << 20 // 32 MiB
|
|
|
|
func generateToken() (string, error) {
|
|
b := make([]byte, 32)
|
|
if _, err := rand.Read(b); err != nil {
|
|
return "", err
|
|
}
|
|
return base64.URLEncoding.EncodeToString(b), nil
|
|
}
|
|
|
|
var (
|
|
ErrSessionExpired = errors.New("session expired")
|
|
ErrAttachmentCacheSize = errors.New("Attachments on session exceed maximum file size")
|
|
)
|
|
|
|
// AuthError wraps an authentication error.
|
|
type AuthError struct {
|
|
cause error
|
|
}
|
|
|
|
func (err AuthError) Error() string {
|
|
return fmt.Sprintf("authentication failed: %v", err.cause)
|
|
}
|
|
|
|
// Session is an active user session. It may also hold an IMAP connection.
|
|
//
|
|
// The session's password is not available to plugins. Plugins should use the
|
|
// session helpers to authenticate outgoing connections, for instance DoSMTP.
|
|
type Session struct {
|
|
manager *SessionManager
|
|
username, password string
|
|
token string
|
|
closed chan struct{}
|
|
pings chan struct{}
|
|
store Store
|
|
notice string
|
|
|
|
imapLocker sync.Mutex
|
|
imapConn *imapclient.Client // protected by locker, can be nil
|
|
|
|
attachmentsLocker sync.Mutex
|
|
attachments map[string]*Attachment // protected by attachmentsLocker
|
|
}
|
|
|
|
type Attachment struct {
|
|
File *multipart.FileHeader
|
|
Form *multipart.Form
|
|
}
|
|
|
|
func (s *Session) ping() {
|
|
s.pings <- struct{}{}
|
|
}
|
|
|
|
// Username returns the session's username.
|
|
func (s *Session) Username() string {
|
|
return s.username
|
|
}
|
|
|
|
// DoIMAP executes an IMAP operation on this session. The IMAP client can only
|
|
// be used from inside f.
|
|
func (s *Session) DoIMAP(f func(*imapclient.Client) error) error {
|
|
s.imapLocker.Lock()
|
|
defer s.imapLocker.Unlock()
|
|
|
|
if s.imapConn == nil {
|
|
var err error
|
|
s.imapConn, err = s.manager.connectIMAP(s.username, s.password)
|
|
if err != nil {
|
|
s.Close()
|
|
return fmt.Errorf("failed to re-connect to IMAP server: %v", err)
|
|
}
|
|
}
|
|
|
|
return f(s.imapConn)
|
|
}
|
|
|
|
// DoSMTP executes an SMTP operation on this session. The SMTP client can only
|
|
// be used from inside f.
|
|
func (s *Session) DoSMTP(f func(*smtp.Client) error) error {
|
|
c, err := s.manager.dialSMTP()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer c.Close()
|
|
|
|
auth := sasl.NewPlainClient("", s.username, s.password)
|
|
if err := c.Auth(auth); err != nil {
|
|
return AuthError{err}
|
|
}
|
|
|
|
if err := f(c); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := c.Quit(); err != nil {
|
|
return fmt.Errorf("QUIT failed: %v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// SetHTTPBasicAuth adds an Authorization header field to the request with
|
|
// this session's credentials.
|
|
func (s *Session) SetHTTPBasicAuth(req *http.Request) {
|
|
// TODO: find a way to make it harder for plugins to steal credentials
|
|
req.SetBasicAuth(s.username, s.password)
|
|
}
|
|
|
|
// Close destroys the session. This can be used to log the user out.
|
|
func (s *Session) Close() {
|
|
s.attachmentsLocker.Lock()
|
|
defer s.attachmentsLocker.Unlock()
|
|
|
|
for _, f := range s.attachments {
|
|
f.Form.RemoveAll()
|
|
}
|
|
|
|
select {
|
|
case <-s.closed:
|
|
// This space is intentionally left blank
|
|
default:
|
|
close(s.closed)
|
|
}
|
|
}
|
|
|
|
// Puts an attachment and returns a generated UUID
|
|
func (s *Session) PutAttachment(in *multipart.FileHeader,
|
|
form *multipart.Form) (string, error) {
|
|
id := uuid.New()
|
|
s.attachmentsLocker.Lock()
|
|
|
|
var size int64
|
|
for _, a := range s.attachments {
|
|
size += a.File.Size
|
|
}
|
|
if size+in.Size > maxAttachmentSize {
|
|
return "", ErrAttachmentCacheSize
|
|
}
|
|
|
|
s.attachments[id.String()] = &Attachment{
|
|
File: in,
|
|
Form: form,
|
|
}
|
|
s.attachmentsLocker.Unlock()
|
|
return id.String(), nil
|
|
}
|
|
|
|
// Removes an attachment from the session. Returns nil if there was no such
|
|
// attachment.
|
|
func (s *Session) PopAttachment(uuid string) *Attachment {
|
|
s.attachmentsLocker.Lock()
|
|
defer s.attachmentsLocker.Unlock()
|
|
|
|
a, ok := s.attachments[uuid]
|
|
if !ok {
|
|
return nil
|
|
}
|
|
delete(s.attachments, uuid)
|
|
|
|
return a
|
|
}
|
|
|
|
func (s *Session) PutNotice(n string) {
|
|
s.notice = n
|
|
}
|
|
|
|
func (s *Session) PopNotice() string {
|
|
n := s.notice
|
|
s.notice = ""
|
|
return n
|
|
}
|
|
|
|
// Store returns a store suitable for storing persistent user data.
|
|
func (s *Session) Store() Store {
|
|
return s.store
|
|
}
|
|
|
|
type (
|
|
// DialIMAPFunc connects to the upstream IMAP server.
|
|
DialIMAPFunc func() (*imapclient.Client, error)
|
|
// DialSMTPFunc connects to the upstream SMTP server.
|
|
DialSMTPFunc func() (*smtp.Client, error)
|
|
)
|
|
|
|
// SessionManager keeps track of active sessions. It connects and re-connects
|
|
// to the upstream IMAP server as necessary. It prunes expired sessions.
|
|
type SessionManager struct {
|
|
dialIMAP DialIMAPFunc
|
|
dialSMTP DialSMTPFunc
|
|
logger echo.Logger
|
|
debug bool
|
|
|
|
locker sync.Mutex
|
|
sessions map[string]*Session // protected by locker
|
|
}
|
|
|
|
func newSessionManager(dialIMAP DialIMAPFunc, dialSMTP DialSMTPFunc, logger echo.Logger, debug bool) *SessionManager {
|
|
return &SessionManager{
|
|
sessions: make(map[string]*Session),
|
|
dialIMAP: dialIMAP,
|
|
dialSMTP: dialSMTP,
|
|
logger: logger,
|
|
debug: debug,
|
|
}
|
|
}
|
|
|
|
func (sm *SessionManager) Close() {
|
|
for _, s := range sm.sessions {
|
|
s.Close()
|
|
}
|
|
}
|
|
|
|
func (sm *SessionManager) connectIMAP(username, password string) (*imapclient.Client, error) {
|
|
c, err := sm.dialIMAP()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := c.Login(username, password); err != nil {
|
|
c.Logout()
|
|
return nil, AuthError{err}
|
|
}
|
|
|
|
if sm.debug {
|
|
c.SetDebug(os.Stderr)
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
func (sm *SessionManager) get(token string) (*Session, error) {
|
|
sm.locker.Lock()
|
|
defer sm.locker.Unlock()
|
|
|
|
session, ok := sm.sessions[token]
|
|
if !ok {
|
|
return nil, ErrSessionExpired
|
|
}
|
|
return session, nil
|
|
}
|
|
|
|
// Put connects to the IMAP server and creates a new session. If authentication
|
|
// fails, the error will be of type AuthError.
|
|
func (sm *SessionManager) Put(username, password string) (*Session, error) {
|
|
c, err := sm.connectIMAP(username, password)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
sm.locker.Lock()
|
|
defer sm.locker.Unlock()
|
|
|
|
var token string
|
|
for {
|
|
token, err = generateToken()
|
|
if err != nil {
|
|
c.Logout()
|
|
return nil, err
|
|
}
|
|
|
|
if _, ok := sm.sessions[token]; !ok {
|
|
break
|
|
}
|
|
}
|
|
|
|
s := &Session{
|
|
manager: sm,
|
|
closed: make(chan struct{}),
|
|
pings: make(chan struct{}, 5),
|
|
imapConn: c,
|
|
username: username,
|
|
password: password,
|
|
token: token,
|
|
attachments: make(map[string]*Attachment),
|
|
}
|
|
|
|
s.store, err = newStore(s, sm.logger)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
sm.sessions[token] = s
|
|
|
|
go func() {
|
|
timer := time.NewTimer(sessionDuration)
|
|
|
|
alive := true
|
|
for alive {
|
|
var loggedOut <-chan struct{}
|
|
s.imapLocker.Lock()
|
|
if s.imapConn != nil {
|
|
loggedOut = s.imapConn.LoggedOut()
|
|
}
|
|
s.imapLocker.Unlock()
|
|
|
|
select {
|
|
case <-loggedOut:
|
|
s.imapLocker.Lock()
|
|
s.imapConn = nil
|
|
s.imapLocker.Unlock()
|
|
case <-s.pings:
|
|
if !timer.Stop() {
|
|
<-timer.C
|
|
}
|
|
timer.Reset(sessionDuration)
|
|
case <-timer.C:
|
|
alive = false
|
|
case <-s.closed:
|
|
alive = false
|
|
}
|
|
}
|
|
|
|
timer.Stop()
|
|
|
|
s.imapLocker.Lock()
|
|
if s.imapConn != nil {
|
|
s.imapConn.Logout()
|
|
}
|
|
s.imapLocker.Unlock()
|
|
|
|
sm.locker.Lock()
|
|
delete(sm.sessions, token)
|
|
sm.locker.Unlock()
|
|
}()
|
|
|
|
return s, nil
|
|
}
|