aboutsummaryrefslogblamecommitdiff
path: root/plugins/base/routes.go
blob: a5c6c2140c26200015c31192697961e351512806 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
                   









                   
                                     
                                     
                                                   
                                                       
                                        
                                     
                                     
                                            

 
                                          

                                                                       

          


                                                  
                                                                       

                                                
                                                                           




















                                                          
                               
                              

                                              
                                        
                              
                                 

 
                                                   












                                                                                             
                                        
 
                                         
                              
                                    
                     
                                                                   



                                                                  
                                
                                                                                   



                                                                   









                                    







                                                      





                                                                  

         
                                                                            
                                                                





                                          


          
                                              


                                             
                                                                     
                               
                                                                 

                                                                                   

                                                                                      
                                 
 


                                                                                                     


                                                                       
                                                                                      

 
                                               
                           
                           


                                                       
                               
                              
                                       
                                       
                                
                          
                        

                          
                                   

 
                                                          









                                                                                  
                                         
                            

                                    
                                                                   
                             





                                                                                            
                                  
                          













                                                                               

                                                                     

                                                                       


                                                                


                                                       
                                                                         







                                                                                                        





                                                                             










                                                                              


                                                     


                                        
                                                           



                                       








                                               
                                                                            




                                                                
                                       


                                                                                


          
                               
                              
                                

 
                                                
                               

                                                              

         




                                                         










                                                                                          
                                          
                                        
                                                                           































                                                                                          
                                                        














                                                                            






                                                                                  

                                                   
                               


                                                                                   

                                  
 
                                                    
                                                                    



                                                                       
                                                                            
                                                                
                                     

          
 
                                             


























                                                                                           
                                                                                             
 
 
                                               


































                                                                                  
                                                                                                   
 
 
                                                 



                                                                                  
 

                                     

                                                                    
                                  


                                                                                              
 



                                                                          
 

                                      
 



                                                             
 



                                                                                  
 






                                                                                                           
 
package koushinbase

import (
	"fmt"
	"io/ioutil"
	"mime"
	"net/http"
	"net/url"
	"strconv"
	"strings"

	"git.sr.ht/~emersion/koushin"
	"github.com/emersion/go-imap"
	imapmove "github.com/emersion/go-imap-move"
	imapclient "github.com/emersion/go-imap/client"
	"github.com/emersion/go-message"
	"github.com/emersion/go-smtp"
	"github.com/labstack/echo/v4"
	"github.com/microcosm-cc/bluemonday"
)

func registerRoutes(p *koushin.GoPlugin) {
	p.GET("/", func(ctx *koushin.Context) error {
		return ctx.Redirect(http.StatusFound, "/mailbox/INBOX")
	})

	p.GET("/mailbox/:mbox", handleGetMailbox)
	p.POST("/mailbox/:mbox", handleGetMailbox)

	p.GET("/message/:mbox/:uid", func(ctx *koushin.Context) error {
		return handleGetPart(ctx, false)
	})
	p.GET("/message/:mbox/:uid/raw", func(ctx *koushin.Context) error {
		return handleGetPart(ctx, true)
	})

	p.GET("/login", handleLogin)
	p.POST("/login", handleLogin)

	p.GET("/logout", handleLogout)

	p.GET("/compose", handleCompose)
	p.POST("/compose", handleCompose)

	p.GET("/message/:mbox/:uid/reply", handleCompose)
	p.POST("/message/:mbox/:uid/reply", handleCompose)

	p.POST("/message/:mbox/:uid/move", handleMove)

	p.POST("/message/:mbox/:uid/delete", handleDelete)

	p.POST("/message/:mbox/:uid/flag", handleSetFlags)
}

type MailboxRenderData struct {
	koushin.BaseRenderData
	Mailbox            *imap.MailboxStatus
	Mailboxes          []*imap.MailboxInfo
	Messages           []IMAPMessage
	PrevPage, NextPage int
	Query              string
}

func handleGetMailbox(ctx *koushin.Context) error {
	mboxName, err := url.PathUnescape(ctx.Param("mbox"))
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}

	page := 0
	if pageStr := ctx.QueryParam("page"); pageStr != "" {
		var err error
		if page, err = strconv.Atoi(pageStr); err != nil || page < 0 {
			return echo.NewHTTPError(http.StatusBadRequest, "invalid page index")
		}
	}

	query := ctx.QueryParam("query")

	var mailboxes []*imap.MailboxInfo
	var msgs []IMAPMessage
	var mbox *imap.MailboxStatus
	var total int
	err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
		var err error
		if mailboxes, err = listMailboxes(c); err != nil {
			return err
		}
		if query != "" {
			msgs, total, err = searchMessages(c, mboxName, query, page)
		} else {
			msgs, err = listMessages(c, mboxName, page)
		}
		if err != nil {
			return err
		}
		mbox = c.Mailbox()
		return nil
	})
	if err != nil {
		return err
	}

	prevPage, nextPage := -1, -1
	if query != "" {
		if page > 0 {
			prevPage = page - 1
		}
		if (page+1)*messagesPerPage <= total {
			nextPage = page + 1
		}
	} else {
		if page > 0 {
			prevPage = page - 1
		}
		if (page+1)*messagesPerPage < int(mbox.Messages) {
			nextPage = page + 1
		}
	}

	return ctx.Render(http.StatusOK, "mailbox.html", &MailboxRenderData{
		BaseRenderData: *koushin.NewBaseRenderData(ctx),
		Mailbox:        mbox,
		Mailboxes:      mailboxes,
		Messages:       msgs,
		PrevPage:       prevPage,
		NextPage:       nextPage,
		Query:          query,
	})
}

func handleLogin(ctx *koushin.Context) error {
	username := ctx.FormValue("username")
	password := ctx.FormValue("password")
	if username != "" && password != "" {
		s, err := ctx.Server.Sessions.Put(username, password)
		if err != nil {
			if _, ok := err.(koushin.AuthError); ok {
				return ctx.Render(http.StatusOK, "login.html", nil)
			}
			return fmt.Errorf("failed to put connection in pool: %v", err)
		}
		ctx.SetSession(s)

		if path := ctx.QueryParam("next"); path != "" && path[0] == '/' && path != "/login" {
			return ctx.Redirect(http.StatusFound, path)
		}
		return ctx.Redirect(http.StatusFound, "/mailbox/INBOX")
	}

	return ctx.Render(http.StatusOK, "login.html", koushin.NewBaseRenderData(ctx))
}

func handleLogout(ctx *koushin.Context) error {
	ctx.Session.Close()
	ctx.SetSession(nil)
	return ctx.Redirect(http.StatusFound, "/login")
}

type MessageRenderData struct {
	koushin.BaseRenderData
	Mailboxes   []*imap.MailboxInfo
	Mailbox     *imap.MailboxStatus
	Message     *IMAPMessage
	Body        string
	IsHTML      bool
	PartPath    string
	MailboxPage int
	Flags       map[string]bool
}

func handleGetPart(ctx *koushin.Context, raw bool) error {
	mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid"))
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}
	partPathString := ctx.QueryParam("part")
	partPath, err := parsePartPath(partPathString)
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}

	var mailboxes []*imap.MailboxInfo
	var msg *IMAPMessage
	var part *message.Entity
	var mbox *imap.MailboxStatus
	err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
		var err error
		if mailboxes, err = listMailboxes(c); err != nil {
			return err
		}
		if msg, part, err = getMessagePart(c, mboxName, uid, partPath); err != nil {
			return err
		}
		mbox = c.Mailbox()
		return nil
	})
	if err != nil {
		return err
	}

	mimeType, _, err := part.Header.ContentType()
	if err != nil {
		return fmt.Errorf("failed to parse part Content-Type: %v", err)
	}
	if len(partPath) == 0 {
		mimeType = "message/rfc822"
	}

	if raw {
		ctx.Response().Header().Set("Content-Type", mimeType)

		disp, dispParams, _ := part.Header.ContentDisposition()
		filename := dispParams["filename"]
		if len(partPath) == 0 {
			filename = msg.Envelope.Subject + ".eml"
		}

		// TODO: set Content-Length if possible

		// Be careful not to serve types like text/html as inline
		if !strings.EqualFold(mimeType, "text/plain") || strings.EqualFold(disp, "attachment") {
			dispParams := make(map[string]string)
			if filename != "" {
				dispParams["filename"] = filename
			}
			disp := mime.FormatMediaType("attachment", dispParams)
			ctx.Response().Header().Set("Content-Disposition", disp)
		}

		if len(partPath) == 0 {
			return part.WriteTo(ctx.Response())
		} else {
			return ctx.Stream(http.StatusOK, mimeType, part.Body)
		}
	}

	var body string
	if strings.HasPrefix(strings.ToLower(mimeType), "text/") {
		b, err := ioutil.ReadAll(part.Body)
		if err != nil {
			return fmt.Errorf("failed to read part body: %v", err)
		}
		body = string(b)
	}

	isHTML := false
	if strings.EqualFold(mimeType, "text/html") {
		p := bluemonday.UGCPolicy()
		// TODO: be more strict
		p.AllowElements("style")
		p.AllowAttrs("style")
		p.AddTargetBlankToFullyQualifiedLinks(true)
		body = p.Sanitize(body)
		isHTML = true
	}

	flags := make(map[string]bool)
	for _, f := range mbox.PermanentFlags {
		f = imap.CanonicalFlag(f)
		if f == imap.TryCreateFlag {
			continue
		}
		flags[f] = msg.HasFlag(f)
	}

	return ctx.Render(http.StatusOK, "message.html", &MessageRenderData{
		BaseRenderData: *koushin.NewBaseRenderData(ctx),
		Mailboxes:      mailboxes,
		Mailbox:        mbox,
		Message:        msg,
		Body:           body,
		IsHTML:         isHTML,
		PartPath:       partPathString,
		MailboxPage:    int(mbox.Messages-msg.SeqNum) / messagesPerPage,
		Flags:          flags,
	})
}

type ComposeRenderData struct {
	koushin.BaseRenderData
	Message *OutgoingMessage
}

func handleCompose(ctx *koushin.Context) error {
	var msg OutgoingMessage
	if strings.ContainsRune(ctx.Session.Username(), '@') {
		msg.From = ctx.Session.Username()
	}

	msg.To = strings.Split(ctx.QueryParam("to"), ",")
	msg.Subject = ctx.QueryParam("subject")
	msg.Text = ctx.QueryParam("body")
	msg.InReplyTo = ctx.QueryParam("in-reply-to")

	if ctx.Request().Method == http.MethodGet && ctx.Param("uid") != "" {
		// This is a reply
		mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid"))
		if err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, err)
		}
		partPath, err := parsePartPath(ctx.QueryParam("part"))
		if err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, err)
		}

		var inReplyTo *IMAPMessage
		var part *message.Entity
		err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
			var err error
			inReplyTo, part, err = getMessagePart(c, mboxName, uid, partPath)
			return err
		})
		if err != nil {
			return err
		}

		mimeType, _, err := part.Header.ContentType()
		if err != nil {
			return fmt.Errorf("failed to parse part Content-Type: %v", err)
		}

		if !strings.HasPrefix(strings.ToLower(mimeType), "text/") {
			err := fmt.Errorf("cannot reply to \"%v\" part", mimeType)
			return echo.NewHTTPError(http.StatusBadRequest, err)
		}

		msg.Text, err = quote(part.Body)
		if err != nil {
			return err
		}

		msg.InReplyTo = inReplyTo.Envelope.MessageId
		// TODO: populate From from known user addresses and inReplyTo.Envelope.To
		replyTo := inReplyTo.Envelope.ReplyTo
		if len(replyTo) == 0 {
			replyTo = inReplyTo.Envelope.From
		}
		if len(replyTo) > 0 {
			msg.To = make([]string, len(replyTo))
			for i, to := range replyTo {
				msg.To[i] = to.Address()
			}
		}
		msg.Subject = inReplyTo.Envelope.Subject
		if !strings.HasPrefix(strings.ToLower(msg.Subject), "re:") {
			msg.Subject = "Re: " + msg.Subject
		}
	}

	if ctx.Request().Method == http.MethodPost {
		msg.From = ctx.FormValue("from")
		msg.To = parseAddressList(ctx.FormValue("to"))
		msg.Subject = ctx.FormValue("subject")
		msg.Text = ctx.FormValue("text")
		msg.InReplyTo = ctx.FormValue("in_reply_to")

		form, err := ctx.MultipartForm()
		if err != nil {
			return fmt.Errorf("failed to get multipart form: %v", err)
		}
		msg.Attachments = form.File["attachments"]

		err = ctx.Session.DoSMTP(func(c *smtp.Client) error {
			return sendMessage(c, &msg)
		})
		if err != nil {
			if _, ok := err.(koushin.AuthError); ok {
				return echo.NewHTTPError(http.StatusForbidden, err)
			}
			return err
		}

		// TODO: append to IMAP Sent mailbox
		// TODO: add \Answered flag to original IMAP message

		return ctx.Redirect(http.StatusFound, "/mailbox/INBOX")
	}

	return ctx.Render(http.StatusOK, "compose.html", &ComposeRenderData{
		BaseRenderData: *koushin.NewBaseRenderData(ctx),
		Message:        &msg,
	})
}

func handleMove(ctx *koushin.Context) error {
	mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid"))
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}

	to := ctx.FormValue("to")

	err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
		mc := imapmove.NewClient(c)

		if err := ensureMailboxSelected(c, mboxName); err != nil {
			return err
		}

		var seqSet imap.SeqSet
		seqSet.AddNum(uid)
		if err := mc.UidMoveWithFallback(&seqSet, to); err != nil {
			return fmt.Errorf("failed to move message: %v", err)
		}

		// TODO: get the UID of the message in the destination mailbox with UIDPLUS
		return nil
	})
	if err != nil {
		return err
	}

	return ctx.Redirect(http.StatusFound, fmt.Sprintf("/mailbox/%v", url.PathEscape(to)))
}

func handleDelete(ctx *koushin.Context) error {
	mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid"))
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}

	err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
		if err := ensureMailboxSelected(c, mboxName); err != nil {
			return err
		}

		var seqSet imap.SeqSet
		seqSet.AddNum(uid)

		item := imap.FormatFlagsOp(imap.AddFlags, true)
		flags := []interface{}{imap.DeletedFlag}
		if err := c.UidStore(&seqSet, item, flags, nil); err != nil {
			return fmt.Errorf("failed to add deleted flag: %v", err)
		}

		if err := c.Expunge(nil); err != nil {
			return fmt.Errorf("failed to expunge mailbox: %v", err)
		}

		// Deleting a message invalidates our cached message count
		// TODO: listen to async updates instead
		if _, err := c.Select(mboxName, false); err != nil {
			return fmt.Errorf("failed to select mailbox: %v", err)
		}

		return nil
	})
	if err != nil {
		return err
	}

	return ctx.Redirect(http.StatusFound, fmt.Sprintf("/mailbox/%v", url.PathEscape(mboxName)))
}

func handleSetFlags(ctx *koushin.Context) error {
	mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid"))
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}

	form, err := ctx.FormParams()
	if err != nil {
		return echo.NewHTTPError(http.StatusBadRequest, err)
	}
	flags, ok := form["flags"]
	if !ok {
		return echo.NewHTTPError(http.StatusBadRequest, "missing 'flags' form values")
	}

	err = ctx.Session.DoIMAP(func(c *imapclient.Client) error {
		if err := ensureMailboxSelected(c, mboxName); err != nil {
			return err
		}

		var seqSet imap.SeqSet
		seqSet.AddNum(uid)

		storeItems := make([]interface{}, len(flags))
		for i, f := range flags {
			storeItems[i] = f
		}

		item := imap.FormatFlagsOp(imap.SetFlags, true)
		if err := c.UidStore(&seqSet, item, storeItems, nil); err != nil {
			return fmt.Errorf("failed to add deleted flag: %v", err)
		}

		return nil
	})
	if err != nil {
		return err
	}

	return ctx.Redirect(http.StatusFound, fmt.Sprintf("/message/%v/%v", url.PathEscape(mboxName), uid))
}