package koushin import ( "fmt" "io/ioutil" "mime" "net/http" "net/url" "strings" "time" "github.com/emersion/go-imap" imapclient "github.com/emersion/go-imap/client" "github.com/emersion/go-message" "github.com/emersion/go-sasl" "github.com/labstack/echo/v4" ) const cookieName = "koushin_session" type Server struct { imap struct { host string tls bool insecure bool pool *ConnPool } smtp struct { host string tls bool insecure bool } } func (s *Server) parseIMAPURL(imapURL string) error { u, err := url.Parse(imapURL) if err != nil { return fmt.Errorf("failed to parse IMAP server URL: %v", err) } s.imap.host = u.Host switch u.Scheme { case "imap": // This space is intentionally left blank case "imaps": s.imap.tls = true case "imap+insecure": s.imap.insecure = true default: return fmt.Errorf("unrecognized IMAP URL scheme: %s", u.Scheme) } return nil } func (s *Server) parseSMTPURL(smtpURL string) error { u, err := url.Parse(smtpURL) if err != nil { return fmt.Errorf("failed to parse SMTP server URL: %v", err) } s.smtp.host = u.Host switch u.Scheme { case "smtp": // This space is intentionally left blank case "smtps": s.smtp.tls = true case "smtp+insecure": s.smtp.insecure = true default: return fmt.Errorf("unrecognized SMTP URL scheme: %s", u.Scheme) } return nil } func NewServer(imapURL, smtpURL string) (*Server, error) { s := &Server{} if err := s.parseIMAPURL(imapURL); err != nil { return nil, err } s.imap.pool = NewConnPool() if smtpURL != "" { if err := s.parseSMTPURL(smtpURL); err != nil { return nil, err } } return s, nil } type context struct { echo.Context server *Server session *Session } var aLongTimeAgo = time.Unix(233431200, 0) func (c *context) setToken(token string) { cookie := http.Cookie{ Name: cookieName, Value: token, HttpOnly: true, // TODO: domain, secure } if token == "" { cookie.Expires = aLongTimeAgo // unset the cookie } c.SetCookie(&cookie) } func handleLogin(ectx echo.Context) error { ctx := ectx.(*context) username := ctx.FormValue("username") password := ctx.FormValue("password") if username != "" && password != "" { conn, err := ctx.server.connectIMAP() if err != nil { return err } if err := conn.Login(username, password); err != nil { conn.Logout() return ctx.Render(http.StatusOK, "login.html", nil) } token, err := ctx.server.imap.pool.Put(conn, username, password) if err != nil { return fmt.Errorf("failed to put connection in pool: %v", err) } ctx.setToken(token) return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } return ctx.Render(http.StatusOK, "login.html", nil) } func handleGetPart(ctx *context, raw bool) error { mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } partPathString := ctx.QueryParam("part") partPath, err := parsePartPath(partPathString) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var msg *imapMessage var part *message.Entity var mbox *imap.MailboxStatus err = ctx.session.Do(func(c *imapclient.Client) error { var err error msg, part, err = getMessagePart(c, mboxName, uid, partPath) mbox = c.Mailbox() return err }) if err != nil { return err } mimeType, _, err := part.Header.ContentType() if err != nil { return fmt.Errorf("failed to parse part Content-Type: %v", err) } if len(partPath) == 0 { mimeType = "message/rfc822" } if raw { disp, dispParams, _ := part.Header.ContentDisposition() filename := dispParams["filename"] // TODO: set Content-Length if possible if !strings.EqualFold(mimeType, "text/plain") || strings.EqualFold(disp, "attachment") { dispParams := make(map[string]string) if filename != "" { dispParams["filename"] = filename } disp := mime.FormatMediaType("attachment", dispParams) ctx.Response().Header().Set("Content-Disposition", disp) } return ctx.Stream(http.StatusOK, mimeType, part.Body) } var body string if strings.HasPrefix(strings.ToLower(mimeType), "text/") { b, err := ioutil.ReadAll(part.Body) if err != nil { return fmt.Errorf("failed to read part body: %v", err) } body = string(b) } return ctx.Render(http.StatusOK, "message.html", map[string]interface{}{ "Mailbox": mbox, "Message": msg, "Body": body, "PartPath": partPathString, }) } func handleCompose(ectx echo.Context) error { ctx := ectx.(*context) var msg OutgoingMessage if strings.ContainsRune(ctx.session.username, '@') { msg.From = ctx.session.username } if ctx.Request().Method == http.MethodGet && ctx.Param("uid") != "" { // This is a reply mboxName, uid, err := parseMboxAndUid(ctx.Param("mbox"), ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } partPath, err := parsePartPath(ctx.QueryParam("part")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var inReplyTo *imapMessage var part *message.Entity err = ctx.session.Do(func(c *imapclient.Client) error { var err error inReplyTo, part, err = getMessagePart(c, mboxName, uid, partPath) return err }) if err != nil { return err } mimeType, _, err := part.Header.ContentType() if err != nil { return fmt.Errorf("failed to parse part Content-Type: %v", err) } if !strings.HasPrefix(strings.ToLower(mimeType), "text/") { err := fmt.Errorf("cannot reply to \"%v\" part", mimeType) return echo.NewHTTPError(http.StatusBadRequest, err) } msg.Text, err = quote(part.Body) if err != nil { return err } msg.InReplyTo = inReplyTo.Envelope.MessageId // TODO: populate From from known user addresses and inReplyTo.Envelope.To replyTo := inReplyTo.Envelope.ReplyTo if len(replyTo) == 0 { replyTo = inReplyTo.Envelope.From } if len(replyTo) > 0 { msg.To = make([]string, len(replyTo)) for i, to := range replyTo { msg.To[i] = to.MailboxName + "@" + to.HostName } } msg.Subject = inReplyTo.Envelope.Subject if !strings.HasPrefix(strings.ToLower(msg.Subject), "re:") { msg.Subject = "Re: " + msg.Subject } } if ctx.Request().Method == http.MethodPost { // TODO: parse address lists from := ctx.FormValue("from") to := ctx.FormValue("to") subject := ctx.FormValue("subject") text := ctx.FormValue("text") c, err := ctx.server.connectSMTP() if err != nil { return err } defer c.Close() auth := sasl.NewPlainClient("", ctx.session.username, ctx.session.password) if err := c.Auth(auth); err != nil { return echo.NewHTTPError(http.StatusForbidden, err) } msg.From = from msg.To = []string{to} msg.Subject = subject msg.Text = text if err := sendMessage(c, &msg); err != nil { return err } if err := c.Quit(); err != nil { return fmt.Errorf("QUIT failed: %v", err) } // TODO: append to IMAP Sent mailbox return ctx.Redirect(http.StatusFound, "/mailbox/INBOX") } return ctx.Render(http.StatusOK, "compose.html", map[string]interface{}{ "Message": &msg, }) } func New(imapURL, smtpURL string) *echo.Echo { e := echo.New() s, err := NewServer(imapURL, smtpURL) if err != nil { e.Logger.Fatal(err) } e.HTTPErrorHandler = func(err error, c echo.Context) { code := http.StatusInternalServerError if he, ok := err.(*echo.HTTPError); ok { code = he.Code } else { c.Logger().Error(err) } // TODO: hide internal errors c.String(code, err.Error()) } e.Use(func(next echo.HandlerFunc) echo.HandlerFunc { return func(ectx echo.Context) error { ctx := &context{Context: ectx, server: s} cookie, err := ctx.Cookie(cookieName) if err == http.ErrNoCookie { // Require auth for all pages except /login if ctx.Path() == "/login" || strings.HasPrefix(ctx.Path(), "/assets/") { return next(ctx) } else { return ctx.Redirect(http.StatusFound, "/login") } } else if err != nil { return err } ctx.session, err = ctx.server.imap.pool.Get(cookie.Value) if err == ErrSessionExpired { ctx.setToken("") return ctx.Redirect(http.StatusFound, "/login") } else if err != nil { return err } return next(ctx) } }) e.Renderer, err = loadTemplates() if err != nil { e.Logger.Fatal("Failed to load templates:", err) } e.GET("/mailbox/:mbox", func(ectx echo.Context) error { ctx := ectx.(*context) mboxName, err := url.PathUnescape(ctx.Param("mbox")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) } var mailboxes []*imap.MailboxInfo var msgs []imapMessage var mbox *imap.MailboxStatus err = ctx.session.Do(func(c *imapclient.Client) error { var err error if mailboxes, err = listMailboxes(c); err != nil { return err } if msgs, err = listMessages(c, mboxName); err != nil { return err } mbox = c.Mailbox() return nil }) if err != nil { return err } return ctx.Render(http.StatusOK, "mailbox.html", map[string]interface{}{ "Mailbox": mbox, "Mailboxes": mailboxes, "Messages": msgs, }) }) e.GET("/message/:mbox/:uid", func(ectx echo.Context) error { ctx := ectx.(*context) return handleGetPart(ctx, false) }) e.GET("/message/:mbox/:uid/raw", func(ectx echo.Context) error { ctx := ectx.(*context) return handleGetPart(ctx, true) }) e.GET("/login", handleLogin) e.POST("/login", handleLogin) e.GET("/logout", func(ectx echo.Context) error { ctx := ectx.(*context) err := ctx.session.Do(func(c *imapclient.Client) error { return c.Logout() }) if err != nil { return fmt.Errorf("failed to logout: %v", err) } ctx.setToken("") return ctx.Redirect(http.StatusFound, "/login") }) e.GET("/compose", handleCompose) e.POST("/compose", handleCompose) e.GET("/message/:mbox/:uid/reply", handleCompose) e.POST("/message/:mbox/:uid/reply", handleCompose) e.Static("/assets", "public/assets") return e }