lotus/api/api.go

package api

import (
	"encoding/json"
	"github.com/1f349/lotus/imap"
	"github.com/gorilla/websocket"
	"github.com/julienschmidt/httprouter"
	"log"
	"net/http"
	"time"
)

var upgrader = websocket.Upgrader{}

func SetupApiServer(listen string, auth *AuthChecker, send Smtp, recv Imap) *http.Server {
	r := httprouter.New()

	// === ACCOUNT ===
	r.GET("/identities", auth.Middleware(func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
		// TODO(melon): find users aliases and other account data
	}))

	// === SMTP ===
	r.POST("/smtp", auth.Middleware(MessageSender(send)))

	r.Handle(http.MethodConnect, "/imap", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		// upgrade to websocket conn and defer close
		c, err := upgrader.Upgrade(rw, req, nil)
		if err != nil {
			log.Println("[Imap] Failed to upgrade to websocket:", err)
			return
		}
		defer c.Close()

		// set a really short deadline to refuse unauthenticated clients
		deadline := time.Now().Add(5 * time.Second)
		_ = c.SetReadDeadline(deadline)
		_ = c.SetWriteDeadline(deadline)

		// close on all possible errors, assume we are being attacked
		mt, msg, err := c.ReadMessage()
		if err != nil {
			return
		}
		if mt != websocket.TextMessage {
			return
		}
		if len(msg) >= 2000 {
			return
		}

		// get a "possible" auth token value
		authToken := string(msg)

		// wait for authToken or error
		// exit on empty reply
		if authToken == "" {
			return
		}

		// check the token
		authUser, err := auth.Check(authToken)
		if err != nil {
			// exit on error
			return
		}

		_ = authUser

		client, err := recv.MakeClient(authUser.Subject)
		if err != nil {
			_ = c.WriteJSON(map[string]string{"Error": "Making client failed"})
			return
		}

		for {
			// authenticated users get longer to reply
			// a simple ping/pong setup bypasses this
			d := time.Now().Add(5 * time.Minute)
			_ = c.SetReadDeadline(d)
			_ = c.SetWriteDeadline(d)

			// read incoming message
			var m struct {
				Action string   `json:"action"`
				Args   []string `json:"args"`
			}
			err := c.ReadJSON(&m)
			if err != nil {
				// errors should close the connection
				return
			}

			// handle action
			j, err := client.HandleWS(m.Action, m.Args)
			if err != nil {
				// errors should close the connection
				return
			}

			// write outgoing message
			err = c.WriteJSON(j)
			if err != nil {
				// errors should close the connection
				return
			}
		}
	})

	return &http.Server{
		Addr:              listen,
		Handler:           r,
		ReadTimeout:       time.Minute,
		ReadHeaderTimeout: time.Minute,
		WriteTimeout:      time.Minute,
		IdleTimeout:       time.Minute,
		MaxHeaderBytes:    2500,
	}
}

// apiError outputs a generic JSON error message
func apiError(rw http.ResponseWriter, code int, m string) {
	rw.WriteHeader(code)
	_ = json.NewEncoder(rw).Encode(map[string]string{
		"error": m,
	})
}

type IcCallback[T any] func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, cli *imap.Client, t T) error

func imapClient[T any](recv Imap, cb IcCallback[T]) AuthCallback {
	return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
		if req.Body == nil {
			rw.WriteHeader(http.StatusBadRequest)
			return
		}
		var t T
		if json.NewDecoder(req.Body).Decode(&t) != nil {
			rw.WriteHeader(http.StatusBadRequest)
			return
		}
		cli, err := recv.MakeClient(b.Subject)
		if err != nil {
			rw.WriteHeader(http.StatusInternalServerError)
			return
		}
		err = cb(rw, req, params, cli, t)
		if err != nil {
			log.Println("[ImapClient] Error:", err)
		}
	}
}
Start coding the mailbox api 2023-08-13 03:04:16 +01:00			`package api`

			`import (`
			`"encoding/json"`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`"github.com/1f349/lotus/imap"`
Try websockets 2023-09-11 17:23:44 +01:00			`"github.com/gorilla/websocket"`
Start coding the mailbox api 2023-08-13 03:04:16 +01:00			`"github.com/julienschmidt/httprouter"`
Better list messages encoding 2023-09-11 11:55:52 +01:00			`"log"`
Start coding the mailbox api 2023-08-13 03:04:16 +01:00			`"net/http"`
			`"time"`
			`)`

Try websockets 2023-09-11 17:23:44 +01:00			`var upgrader = websocket.Upgrader{}`

			`func SetupApiServer(listen string, auth AuthChecker, send Smtp, recv Imap) http.Server {`
Start coding the mailbox api 2023-08-13 03:04:16 +01:00			`r := httprouter.New()`

Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`// === ACCOUNT ===`
Try websockets 2023-09-11 17:23:44 +01:00			`r.GET("/identities", auth.Middleware(func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`// TODO(melon): find users aliases and other account data`
			`}))`

			`// === SMTP ===`
Try websockets 2023-09-11 17:23:44 +01:00			`r.POST("/smtp", auth.Middleware(MessageSender(send)))`
Save before recoding imap to use websockets 2023-09-11 14:55:12 +01:00
Try websockets 2023-09-11 17:23:44 +01:00			`r.Handle(http.MethodConnect, "/imap", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`// upgrade to websocket conn and defer close`
			`c, err := upgrader.Upgrade(rw, req, nil)`
Save before recoding imap to use websockets 2023-09-11 14:55:12 +01:00			`if err != nil {`
Try websockets 2023-09-11 17:23:44 +01:00			`log.Println("[Imap] Failed to upgrade to websocket:", err)`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00			`defer c.Close()`

			`// set a really short deadline to refuse unauthenticated clients`
			`deadline := time.Now().Add(5 * time.Second)`
			`_ = c.SetReadDeadline(deadline)`
			`_ = c.SetWriteDeadline(deadline)`

			`// close on all possible errors, assume we are being attacked`
			`mt, msg, err := c.ReadMessage()`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`if err != nil {`
			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00			`if mt != websocket.TextMessage {`
			`return`
Better list messages encoding 2023-09-11 11:55:52 +01:00			`}`
Try websockets 2023-09-11 17:23:44 +01:00			`if len(msg) >= 2000 {`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00
			`// get a "possible" auth token value`
			`authToken := string(msg)`

			`// wait for authToken or error`
			`// exit on empty reply`
			`if authToken == "" {`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00
			`// check the token`
			`authUser, err := auth.Check(authToken)`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`if err != nil {`
Try websockets 2023-09-11 17:23:44 +01:00			`// exit on error`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00
			`_ = authUser`

			`client, err := recv.MakeClient(authUser.Subject)`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`if err != nil {`
Try websockets 2023-09-11 17:23:44 +01:00			`_ = c.WriteJSON(map[string]string{"Error": "Making client failed"})`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return`
			`}`
Try websockets 2023-09-11 17:23:44 +01:00
			`for {`
			`// authenticated users get longer to reply`
			`// a simple ping/pong setup bypasses this`
			`d := time.Now().Add(5 * time.Minute)`
			`_ = c.SetReadDeadline(d)`
			`_ = c.SetWriteDeadline(d)`

			`// read incoming message`
			`var m struct {`
			Action string `json:"action"`
			Args []string `json:"args"`
			`}`
			`err := c.ReadJSON(&m)`
			`if err != nil {`
			`// errors should close the connection`
			`return`
			`}`

			`// handle action`
			`j, err := client.HandleWS(m.Action, m.Args)`
			`if err != nil {`
			`// errors should close the connection`
			`return`
			`}`

			`// write outgoing message`
			`err = c.WriteJSON(j)`
			`if err != nil {`
			`// errors should close the connection`
			`return`
			`}`
			`}`
			`})`
Start coding the mailbox api 2023-08-13 03:04:16 +01:00
			`return &http.Server{`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`Addr: listen,`
Start coding the mailbox api 2023-08-13 03:04:16 +01:00			`Handler: r,`
			`ReadTimeout: time.Minute,`
			`ReadHeaderTimeout: time.Minute,`
			`WriteTimeout: time.Minute,`
			`IdleTimeout: time.Minute,`
			`MaxHeaderBytes: 2500,`
			`}`
			`}`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00
			`// apiError outputs a generic JSON error message`
			`func apiError(rw http.ResponseWriter, code int, m string) {`
			`rw.WriteHeader(code)`
			`_ = json.NewEncoder(rw).Encode(map[string]string{`
			`"error": m,`
			`})`
			`}`

Save before recoding imap to use websockets 2023-09-11 14:55:12 +01:00			`type IcCallback[T any] func(rw http.ResponseWriter, req http.Request, params httprouter.Params, cli imap.Client, t T) error`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00
Replace postfix config parser with query command 2023-08-23 16:17:01 +01:00			`func imapClient[T any](recv Imap, cb IcCallback[T]) AuthCallback {`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {`
			`if req.Body == nil {`
			`rw.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`var t T`
			`if json.NewDecoder(req.Body).Decode(&t) != nil {`
			`rw.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`cli, err := recv.MakeClient(b.Subject)`
			`if err != nil {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`
Save before recoding imap to use websockets 2023-09-11 14:55:12 +01:00			`err = cb(rw, req, params, cli, t)`
			`if err != nil {`
			`log.Println("[ImapClient] Error:", err)`
			`}`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`}`
			`}`