230 lines
6.7 KiB
Go
230 lines
6.7 KiB
Go
package cli
|
|
|
|
import (
|
|
"errors"
|
|
"io"
|
|
"time"
|
|
|
|
"git.dcglab.co.uk/steve/emcli/internal/mail"
|
|
"git.dcglab.co.uk/steve/emcli/internal/policy"
|
|
"git.dcglab.co.uk/steve/emcli/internal/store"
|
|
)
|
|
|
|
// errCommandFailed signals that a command emitted an error envelope, so the
|
|
// process should exit non-zero. The JSON envelope is the authoritative detail.
|
|
var errCommandFailed = errors.New("command reported error")
|
|
|
|
// Mailer is the subset of the IMAP client the agent commands use.
|
|
type Mailer interface {
|
|
SelectFolder(folder string) (uint32, uint32, error)
|
|
FetchHeaders(folder string, uids []uint32) ([]mail.Header, error)
|
|
FetchHeadersRange(folder string, since, before uint32, limit int) ([]mail.Header, error)
|
|
FetchFull(folder string, uid uint32) (mail.Message, error)
|
|
Search(folder string, sc mail.SearchCriteria, limit int) ([]mail.Header, error)
|
|
Logout() error
|
|
}
|
|
|
|
type Deps struct {
|
|
Store *store.Store
|
|
Dial func(store.Account) (Mailer, error)
|
|
Now func() time.Time
|
|
Out io.Writer
|
|
}
|
|
|
|
func (d Deps) emit(e Envelope) error {
|
|
if err := e.Write(d.Out); err != nil {
|
|
return err // write failure (rare) — propagate as-is
|
|
}
|
|
if e.Error {
|
|
return errCommandFailed
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (d Deps) audit(account, action, target, result, reason string) {
|
|
_ = d.Store.Audit(d.Now(), store.AuditEntry{
|
|
Account: account, Action: action, Target: target, Result: result, Reason: reason,
|
|
})
|
|
}
|
|
|
|
// setup loads the account, builds the inbound rule, dials IMAP, and selects the
|
|
// folder (establishing the baseline). Returns a cleanup func.
|
|
func (d Deps) setup(account, folder string) (store.Account, policy.InboundRule, Mailer, uint32, func(), *Envelope) {
|
|
acc, err := d.Store.GetAccount(account)
|
|
if err != nil {
|
|
e := Failure(CodeNotFound, "account not found: "+account)
|
|
return acc, policy.InboundRule{}, nil, 0, nil, &e
|
|
}
|
|
re, err := policy.CompileSubject(acc.SubjectRegex)
|
|
if err != nil {
|
|
e := Failure(CodeConfig, "invalid subject_regex: "+err.Error())
|
|
return acc, policy.InboundRule{}, nil, 0, nil, &e
|
|
}
|
|
wlIn, _ := d.Store.ListWhitelist(account, store.DirIn)
|
|
rule := policy.InboundRule{
|
|
WhitelistInEnabled: acc.WhitelistInEnabled,
|
|
WhitelistIn: wlIn,
|
|
SubjectRegex: re,
|
|
}
|
|
m, err := d.Dial(acc)
|
|
if err != nil {
|
|
e := Failure(CodeNetwork, "imap connect failed: "+err.Error())
|
|
return acc, rule, nil, 0, nil, &e
|
|
}
|
|
uidv, maxUID, err := m.SelectFolder(folder)
|
|
if err != nil {
|
|
m.Logout()
|
|
e := Failure(CodeNetwork, "select folder failed: "+err.Error())
|
|
return acc, rule, nil, 0, nil, &e
|
|
}
|
|
if err := d.Store.EnsureFolderBaseline(account, folder, uidv, maxUID); err != nil {
|
|
m.Logout()
|
|
e := Failure(CodeDB, err.Error())
|
|
return acc, rule, nil, 0, nil, &e
|
|
}
|
|
return acc, rule, m, uidv, func() { m.Logout() }, nil
|
|
}
|
|
|
|
func headerMap(h mail.Header) map[string]any {
|
|
return map[string]any{
|
|
"uid": h.UID, "from": h.From, "to": h.To, "subject": h.Subject,
|
|
"date": h.Date, "message_id": h.MessageID, "has_attachments": h.HasAttachments,
|
|
}
|
|
}
|
|
|
|
func ListCmd(d Deps, account, folder string, onlyNew bool, beforeUID, sinceUID uint32, limit int) error {
|
|
_, rule, m, _, done, fail := d.setup(account, folder)
|
|
if fail != nil {
|
|
return d.emit(*fail)
|
|
}
|
|
defer done()
|
|
|
|
var headers []mail.Header
|
|
var err error
|
|
if beforeUID > 0 || sinceUID > 0 {
|
|
headers, err = m.FetchHeadersRange(folder, sinceUID, beforeUID, limit)
|
|
} else {
|
|
headers, err = m.FetchHeaders(folder, nil)
|
|
}
|
|
if err != nil {
|
|
d.audit(account, "list", folder, "blocked", "imap_error")
|
|
return d.emit(Failure(CodeNetwork, err.Error()))
|
|
}
|
|
|
|
out := make([]map[string]any, 0, len(headers))
|
|
for _, h := range headers {
|
|
if !rule.Allows(h.From, h.Subject) {
|
|
continue // invisible
|
|
}
|
|
if onlyNew {
|
|
isNew, err := d.Store.IsNew(account, folder, h.UID)
|
|
if err != nil {
|
|
return d.emit(Failure(CodeDB, err.Error()))
|
|
}
|
|
if !isNew {
|
|
continue
|
|
}
|
|
}
|
|
out = append(out, headerMap(h))
|
|
if limit > 0 && len(out) >= limit {
|
|
break
|
|
}
|
|
}
|
|
d.audit(account, "list", folder, "allowed", "")
|
|
return d.emit(Success(map[string]any{"messages": out}))
|
|
}
|
|
|
|
// visible fetches a UID's header and reports whether policy allows it.
|
|
func (d Deps) visible(m Mailer, rule policy.InboundRule, folder string, uid uint32) (bool, error) {
|
|
hs, err := m.FetchHeaders(folder, []uint32{uid})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if len(hs) == 0 {
|
|
return false, nil
|
|
}
|
|
return rule.Allows(hs[0].From, hs[0].Subject), nil
|
|
}
|
|
|
|
func GetCmd(d Deps, account, folder string, uid uint32) error {
|
|
_, rule, m, _, done, fail := d.setup(account, folder)
|
|
if fail != nil {
|
|
return d.emit(*fail)
|
|
}
|
|
defer done()
|
|
|
|
ok, err := d.visible(m, rule, folder, uid)
|
|
if err != nil {
|
|
return d.emit(Failure(CodeNetwork, err.Error()))
|
|
}
|
|
if !ok {
|
|
d.audit(account, "get", uitoa(uid), "blocked", "filtered")
|
|
return d.emit(Failure(CodeNotFound, "message not found"))
|
|
}
|
|
msg, err := m.FetchFull(folder, uid)
|
|
if err != nil {
|
|
return d.emit(Failure(CodeNetwork, err.Error()))
|
|
}
|
|
atts := make([]map[string]any, 0, len(msg.Attachments))
|
|
for _, a := range msg.Attachments {
|
|
atts = append(atts, map[string]any{
|
|
"name": a.Name, "size": a.Size, "mime": a.MIME,
|
|
"content_b64": b64(a.Content),
|
|
})
|
|
}
|
|
d.audit(account, "get", uitoa(uid), "allowed", "")
|
|
return d.emit(Success(map[string]any{
|
|
"uid": msg.Header.UID, "from": msg.Header.From, "to": msg.Header.To,
|
|
"subject": msg.Header.Subject, "date": msg.Header.Date,
|
|
"message_id": msg.Header.MessageID, "body_text": msg.BodyText,
|
|
"attachments": atts,
|
|
}))
|
|
}
|
|
|
|
func SearchCmd(d Deps, account, folder string, sc mail.SearchCriteria, limit int) error {
|
|
_, rule, m, _, done, fail := d.setup(account, folder)
|
|
if fail != nil {
|
|
return d.emit(*fail)
|
|
}
|
|
defer done()
|
|
headers, err := m.Search(folder, sc, limit)
|
|
if err != nil {
|
|
return d.emit(Failure(CodeNetwork, err.Error()))
|
|
}
|
|
out := make([]map[string]any, 0, len(headers))
|
|
for _, h := range headers {
|
|
if !rule.Allows(h.From, h.Subject) {
|
|
continue
|
|
}
|
|
out = append(out, headerMap(h))
|
|
if limit > 0 && len(out) >= limit {
|
|
break
|
|
}
|
|
}
|
|
d.audit(account, "search", folder, "allowed", "")
|
|
return d.emit(Success(map[string]any{"messages": out}))
|
|
}
|
|
|
|
func AckCmd(d Deps, account, folder string, uids []uint32) error {
|
|
_, rule, m, uidv, done, fail := d.setup(account, folder)
|
|
if fail != nil {
|
|
return d.emit(*fail)
|
|
}
|
|
defer done()
|
|
for _, uid := range uids {
|
|
ok, err := d.visible(m, rule, folder, uid)
|
|
if err != nil {
|
|
return d.emit(Failure(CodeNetwork, err.Error()))
|
|
}
|
|
if !ok {
|
|
d.audit(account, "ack", uitoa(uid), "blocked", "filtered")
|
|
return d.emit(Failure(CodeNotFound, "message not found"))
|
|
}
|
|
}
|
|
if err := d.Store.Ack(account, folder, uidv, uids...); err != nil {
|
|
return d.emit(Failure(CodeDB, err.Error()))
|
|
}
|
|
d.audit(account, "ack", folder, "allowed", "")
|
|
return d.emit(Success(map[string]any{"acked": uintSlice(uids)}))
|
|
}
|