2020-07-08 19:00:14 +08:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2022-07-11 21:24:38 +08:00
|
|
|
"bytes"
|
2023-11-16 16:27:00 +08:00
|
|
|
"io"
|
2020-07-08 19:00:14 +08:00
|
|
|
"net/http"
|
2020-09-20 19:01:24 +08:00
|
|
|
"regexp"
|
2023-06-24 15:37:13 +08:00
|
|
|
"runtime"
|
2020-09-20 19:01:24 +08:00
|
|
|
"strings"
|
2020-07-08 19:00:14 +08:00
|
|
|
"syscall"
|
|
|
|
"time"
|
2023-07-22 02:16:46 +08:00
|
|
|
"unicode/utf8"
|
2020-07-08 19:00:14 +08:00
|
|
|
|
2024-01-12 00:53:39 +08:00
|
|
|
"github.com/gdgvda/cron"
|
2024-01-27 23:25:50 +08:00
|
|
|
"github.com/gofrs/uuid/v5"
|
2023-06-24 15:37:13 +08:00
|
|
|
"github.com/jmoiron/sqlx/types"
|
2022-07-11 21:24:38 +08:00
|
|
|
"github.com/knadh/koanf/parsers/json"
|
|
|
|
"github.com/knadh/koanf/providers/rawbytes"
|
2023-04-10 15:15:25 +08:00
|
|
|
"github.com/knadh/koanf/v2"
|
2022-07-11 21:24:38 +08:00
|
|
|
"github.com/knadh/listmonk/internal/messenger/email"
|
2022-04-03 23:24:40 +08:00
|
|
|
"github.com/knadh/listmonk/models"
|
2021-12-09 23:21:07 +08:00
|
|
|
"github.com/labstack/echo/v4"
|
2020-07-08 19:00:14 +08:00
|
|
|
)
|
|
|
|
|
2023-07-22 02:16:46 +08:00
|
|
|
const pwdMask = "•"
|
|
|
|
|
2023-06-24 15:37:13 +08:00
|
|
|
type aboutHost struct {
|
2023-08-06 13:19:12 +08:00
|
|
|
OS string `json:"os"`
|
|
|
|
Machine string `json:"arch"`
|
|
|
|
Hostname string `json:"hostname"`
|
2023-06-24 15:37:13 +08:00
|
|
|
}
|
|
|
|
type aboutSystem struct {
|
|
|
|
NumCPU int `json:"num_cpu"`
|
|
|
|
AllocMB uint64 `json:"memory_alloc_mb"`
|
|
|
|
OSMB uint64 `json:"memory_from_os_mb"`
|
|
|
|
}
|
|
|
|
type about struct {
|
|
|
|
Version string `json:"version"`
|
|
|
|
Build string `json:"build"`
|
|
|
|
GoVersion string `json:"go_version"`
|
|
|
|
GoArch string `json:"go_arch"`
|
|
|
|
Database types.JSONText `json:"database"`
|
|
|
|
System aboutSystem `json:"system"`
|
|
|
|
Host aboutHost `json:"host"`
|
|
|
|
}
|
|
|
|
|
2020-09-20 19:01:24 +08:00
|
|
|
var (
|
|
|
|
reAlphaNum = regexp.MustCompile(`[^a-z0-9\-]`)
|
|
|
|
)
|
|
|
|
|
2020-07-08 19:00:14 +08:00
|
|
|
// handleGetSettings returns settings from the DB.
|
|
|
|
func handleGetSettings(c echo.Context) error {
|
|
|
|
app := c.Get("app").(*App)
|
|
|
|
|
2022-04-03 23:24:40 +08:00
|
|
|
s, err := app.core.GetSettings()
|
2020-07-08 19:00:14 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Empty out passwords.
|
|
|
|
for i := 0; i < len(s.SMTP); i++ {
|
2023-07-22 02:16:46 +08:00
|
|
|
s.SMTP[i].Password = strings.Repeat(pwdMask, utf8.RuneCountInString(s.SMTP[i].Password))
|
2020-07-08 19:00:14 +08:00
|
|
|
}
|
2021-05-25 01:11:48 +08:00
|
|
|
for i := 0; i < len(s.BounceBoxes); i++ {
|
2023-07-22 02:16:46 +08:00
|
|
|
s.BounceBoxes[i].Password = strings.Repeat(pwdMask, utf8.RuneCountInString(s.BounceBoxes[i].Password))
|
2021-05-25 01:11:48 +08:00
|
|
|
}
|
2020-09-20 19:01:24 +08:00
|
|
|
for i := 0; i < len(s.Messengers); i++ {
|
2023-07-22 02:16:46 +08:00
|
|
|
s.Messengers[i].Password = strings.Repeat(pwdMask, utf8.RuneCountInString(s.Messengers[i].Password))
|
2020-09-20 19:01:24 +08:00
|
|
|
}
|
2024-11-11 00:15:07 +08:00
|
|
|
|
2023-07-22 02:16:46 +08:00
|
|
|
s.UploadS3AwsSecretAccessKey = strings.Repeat(pwdMask, utf8.RuneCountInString(s.UploadS3AwsSecretAccessKey))
|
|
|
|
s.SendgridKey = strings.Repeat(pwdMask, utf8.RuneCountInString(s.SendgridKey))
|
2024-11-11 00:15:07 +08:00
|
|
|
s.BouncePostmark.Password = strings.Repeat(pwdMask, utf8.RuneCountInString(s.BouncePostmark.Password))
|
|
|
|
s.BounceForwardEmail.Key = strings.Repeat(pwdMask, utf8.RuneCountInString(s.BounceForwardEmail.Key))
|
2023-07-22 02:16:46 +08:00
|
|
|
s.SecurityCaptchaSecret = strings.Repeat(pwdMask, utf8.RuneCountInString(s.SecurityCaptchaSecret))
|
2024-04-02 12:58:07 +08:00
|
|
|
s.OIDC.ClientSecret = strings.Repeat(pwdMask, utf8.RuneCountInString(s.OIDC.ClientSecret))
|
2020-07-08 19:00:14 +08:00
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, okResp{s})
|
|
|
|
}
|
|
|
|
|
|
|
|
// handleUpdateSettings returns settings from the DB.
|
|
|
|
func handleUpdateSettings(c echo.Context) error {
|
|
|
|
var (
|
|
|
|
app = c.Get("app").(*App)
|
2022-04-03 23:24:40 +08:00
|
|
|
set models.Settings
|
2020-07-08 19:00:14 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
// Unmarshal and marshal the fields once to sanitize the settings blob.
|
|
|
|
if err := c.Bind(&set); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the existing settings.
|
2022-04-03 23:24:40 +08:00
|
|
|
cur, err := app.core.GetSettings()
|
2020-07-08 19:00:14 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// There should be at least one SMTP block that's enabled.
|
|
|
|
has := false
|
|
|
|
for i, s := range set.SMTP {
|
|
|
|
if s.Enabled {
|
|
|
|
has = true
|
|
|
|
}
|
|
|
|
|
2022-02-13 15:37:00 +08:00
|
|
|
// Assign a UUID. The frontend only sends a password when the user explicitly
|
2020-10-10 23:55:59 +08:00
|
|
|
// changes the password. In other cases, the existing password in the DB
|
|
|
|
// is copied while updating the settings and the UUID is used to match
|
|
|
|
// the incoming array of SMTP blocks with the array in the DB.
|
|
|
|
if s.UUID == "" {
|
|
|
|
set.SMTP[i].UUID = uuid.Must(uuid.NewV4()).String()
|
|
|
|
}
|
|
|
|
|
2024-02-26 17:42:50 +08:00
|
|
|
// Ensure the HOST is trimmed of any whitespace.
|
|
|
|
// This is a common mistake when copy-pasting SMTP settings.
|
|
|
|
set.SMTP[i].Host = strings.TrimSpace(s.Host)
|
|
|
|
|
2020-10-10 23:55:59 +08:00
|
|
|
// If there's no password coming in from the frontend, copy the existing
|
|
|
|
// password by matching the UUID.
|
|
|
|
if s.Password == "" {
|
|
|
|
for _, c := range cur.SMTP {
|
|
|
|
if s.UUID == c.UUID {
|
|
|
|
set.SMTP[i].Password = c.Password
|
|
|
|
}
|
2020-07-08 19:00:14 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !has {
|
2020-12-19 18:55:52 +08:00
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.T("settings.errorNoSMTP"))
|
2020-09-20 19:01:24 +08:00
|
|
|
}
|
|
|
|
|
2023-09-19 17:53:32 +08:00
|
|
|
set.AppRootURL = strings.TrimRight(set.AppRootURL, "/")
|
|
|
|
|
2021-05-25 01:11:48 +08:00
|
|
|
// Bounce boxes.
|
|
|
|
for i, s := range set.BounceBoxes {
|
2022-02-13 15:37:00 +08:00
|
|
|
// Assign a UUID. The frontend only sends a password when the user explicitly
|
2021-05-25 01:11:48 +08:00
|
|
|
// changes the password. In other cases, the existing password in the DB
|
|
|
|
// is copied while updating the settings and the UUID is used to match
|
|
|
|
// the incoming array of blocks with the array in the DB.
|
|
|
|
if s.UUID == "" {
|
|
|
|
set.BounceBoxes[i].UUID = uuid.Must(uuid.NewV4()).String()
|
|
|
|
}
|
|
|
|
|
2024-02-26 17:42:50 +08:00
|
|
|
// Ensure the HOST is trimmed of any whitespace.
|
|
|
|
// This is a common mistake when copy-pasting SMTP settings.
|
|
|
|
set.BounceBoxes[i].Host = strings.TrimSpace(s.Host)
|
|
|
|
|
2021-05-25 01:11:48 +08:00
|
|
|
if d, _ := time.ParseDuration(s.ScanInterval); d.Minutes() < 1 {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.T("settings.bounces.invalidScanInterval"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// If there's no password coming in from the frontend, copy the existing
|
|
|
|
// password by matching the UUID.
|
|
|
|
if s.Password == "" {
|
|
|
|
for _, c := range cur.BounceBoxes {
|
|
|
|
if s.UUID == c.UUID {
|
|
|
|
set.BounceBoxes[i].Password = c.Password
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-20 19:01:24 +08:00
|
|
|
// Validate and sanitize postback Messenger names. Duplicates are disallowed
|
|
|
|
// and "email" is a reserved name.
|
|
|
|
names := map[string]bool{emailMsgr: true}
|
|
|
|
|
2020-10-10 23:55:59 +08:00
|
|
|
for i, m := range set.Messengers {
|
|
|
|
// UUID to keep track of password changes similar to the SMTP logic above.
|
|
|
|
if m.UUID == "" {
|
|
|
|
set.Messengers[i].UUID = uuid.Must(uuid.NewV4()).String()
|
|
|
|
}
|
|
|
|
|
|
|
|
if m.Password == "" {
|
|
|
|
for _, c := range cur.Messengers {
|
|
|
|
if m.UUID == c.UUID {
|
|
|
|
set.Messengers[i].Password = c.Password
|
|
|
|
}
|
2020-09-20 19:01:24 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-10 23:55:59 +08:00
|
|
|
name := reAlphaNum.ReplaceAllString(strings.ToLower(m.Name), "")
|
2020-09-20 19:01:24 +08:00
|
|
|
if _, ok := names[name]; ok {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest,
|
2021-01-23 21:24:33 +08:00
|
|
|
app.i18n.Ts("settings.duplicateMessengerName", "name", name))
|
2020-09-20 19:01:24 +08:00
|
|
|
}
|
|
|
|
if len(name) == 0 {
|
2020-12-19 18:55:52 +08:00
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.T("settings.invalidMessengerName"))
|
2020-09-20 19:01:24 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
set.Messengers[i].Name = name
|
|
|
|
names[name] = true
|
2020-07-08 19:00:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// S3 password?
|
|
|
|
if set.UploadS3AwsSecretAccessKey == "" {
|
|
|
|
set.UploadS3AwsSecretAccessKey = cur.UploadS3AwsSecretAccessKey
|
|
|
|
}
|
2021-05-25 01:11:48 +08:00
|
|
|
if set.SendgridKey == "" {
|
|
|
|
set.SendgridKey = cur.SendgridKey
|
|
|
|
}
|
2023-08-31 23:57:34 +08:00
|
|
|
if set.BouncePostmark.Password == "" {
|
|
|
|
set.BouncePostmark.Password = cur.BouncePostmark.Password
|
|
|
|
}
|
2024-11-11 00:15:07 +08:00
|
|
|
if set.BounceForwardEmail.Key == "" {
|
|
|
|
set.BounceForwardEmail.Key = cur.BounceForwardEmail.Key
|
|
|
|
}
|
2023-01-24 00:20:10 +08:00
|
|
|
if set.SecurityCaptchaSecret == "" {
|
|
|
|
set.SecurityCaptchaSecret = cur.SecurityCaptchaSecret
|
|
|
|
}
|
2024-04-02 12:58:07 +08:00
|
|
|
if set.OIDC.ClientSecret == "" {
|
|
|
|
set.OIDC.ClientSecret = cur.OIDC.ClientSecret
|
|
|
|
}
|
2020-07-08 19:00:14 +08:00
|
|
|
|
2023-05-18 19:25:59 +08:00
|
|
|
for n, v := range set.UploadExtensions {
|
|
|
|
set.UploadExtensions[n] = strings.ToLower(strings.TrimPrefix(strings.TrimSpace(v), "."))
|
|
|
|
}
|
|
|
|
|
2021-09-25 15:27:55 +08:00
|
|
|
// Domain blocklist.
|
|
|
|
doms := make([]string, 0)
|
|
|
|
for _, d := range set.DomainBlocklist {
|
|
|
|
d = strings.TrimSpace(strings.ToLower(d))
|
|
|
|
if d != "" {
|
|
|
|
doms = append(doms, d)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
set.DomainBlocklist = doms
|
|
|
|
|
2024-01-12 00:53:39 +08:00
|
|
|
// Validate slow query caching cron.
|
|
|
|
if set.CacheSlowQueries {
|
|
|
|
if _, err := cron.ParseStandard(set.CacheSlowQueriesInterval); err != nil {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.Ts("globals.messages.invalidData")+": slow query cron: "+err.Error())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-08 19:00:14 +08:00
|
|
|
// Update the settings in the DB.
|
2022-04-03 23:24:40 +08:00
|
|
|
if err := app.core.UpdateSettings(set); err != nil {
|
|
|
|
return err
|
2020-07-08 19:00:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// If there are any active campaigns, don't do an auto reload and
|
|
|
|
// warn the user on the frontend.
|
|
|
|
if app.manager.HasRunningCampaigns() {
|
|
|
|
app.Lock()
|
|
|
|
app.needsRestart = true
|
|
|
|
app.Unlock()
|
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, okResp{struct {
|
|
|
|
NeedsRestart bool `json:"needs_restart"`
|
|
|
|
}{true}})
|
|
|
|
}
|
|
|
|
|
|
|
|
// No running campaigns. Reload the app.
|
|
|
|
go func() {
|
|
|
|
<-time.After(time.Millisecond * 500)
|
2023-05-27 00:37:58 +08:00
|
|
|
app.chReload <- syscall.SIGHUP
|
2020-07-08 19:00:14 +08:00
|
|
|
}()
|
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, okResp{true})
|
|
|
|
}
|
|
|
|
|
2020-10-11 02:24:03 +08:00
|
|
|
// handleGetLogs returns the log entries stored in the log buffer.
|
|
|
|
func handleGetLogs(c echo.Context) error {
|
|
|
|
app := c.Get("app").(*App)
|
|
|
|
return c.JSON(http.StatusOK, okResp{app.bufLog.Lines()})
|
|
|
|
}
|
2022-07-11 21:24:38 +08:00
|
|
|
|
|
|
|
// handleTestSMTPSettings returns the log entries stored in the log buffer.
|
|
|
|
func handleTestSMTPSettings(c echo.Context) error {
|
|
|
|
app := c.Get("app").(*App)
|
|
|
|
|
|
|
|
// Copy the raw JSON post body.
|
2023-11-16 16:27:00 +08:00
|
|
|
reqBody, err := io.ReadAll(c.Request().Body)
|
2022-07-11 21:24:38 +08:00
|
|
|
if err != nil {
|
|
|
|
app.log.Printf("error reading SMTP test: %v", err)
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.Ts("globals.messages.internalError"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Load the JSON into koanf to parse SMTP settings properly including timestrings.
|
|
|
|
ko := koanf.New(".")
|
|
|
|
if err := ko.Load(rawbytes.Provider(reqBody), json.Parser()); err != nil {
|
|
|
|
app.log.Printf("error unmarshalling SMTP test request: %v", err)
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.Ts("globals.messages.internalError"))
|
|
|
|
}
|
|
|
|
|
|
|
|
req := email.Server{}
|
|
|
|
if err := ko.UnmarshalWithConf("", &req, koanf.UnmarshalConf{Tag: "json"}); err != nil {
|
|
|
|
app.log.Printf("error scanning SMTP test request: %v", err)
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.Ts("globals.messages.internalError"))
|
|
|
|
}
|
|
|
|
|
|
|
|
to := ko.String("email")
|
|
|
|
if to == "" {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, app.i18n.Ts("globals.messages.missingFields", "name", "email"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Initialize a new SMTP pool.
|
|
|
|
req.MaxConns = 1
|
|
|
|
req.IdleTimeout = time.Second * 2
|
|
|
|
req.PoolWaitTimeout = time.Second * 2
|
|
|
|
msgr, err := email.New(req)
|
|
|
|
if err != nil {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest,
|
|
|
|
app.i18n.Ts("globals.messages.errorCreating", "name", "SMTP", "error", err.Error()))
|
|
|
|
}
|
|
|
|
|
|
|
|
var b bytes.Buffer
|
|
|
|
if err := app.notifTpls.tpls.ExecuteTemplate(&b, "smtp-test", nil); err != nil {
|
|
|
|
app.log.Printf("error compiling notification template '%s': %v", "smtp-test", err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-05-09 01:13:25 +08:00
|
|
|
m := models.Message{}
|
2022-07-11 21:24:38 +08:00
|
|
|
m.ContentType = app.notifTpls.contentType
|
|
|
|
m.From = app.constants.FromEmail
|
|
|
|
m.To = []string{to}
|
|
|
|
m.Subject = app.i18n.T("settings.smtp.testConnection")
|
|
|
|
m.Body = b.Bytes()
|
|
|
|
if err := msgr.Push(m); err != nil {
|
|
|
|
return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, okResp{app.bufLog.Lines()})
|
|
|
|
}
|
2023-06-24 15:37:13 +08:00
|
|
|
|
|
|
|
func handleGetAboutInfo(c echo.Context) error {
|
|
|
|
var (
|
2023-08-04 02:16:46 +08:00
|
|
|
app = c.Get("app").(*App)
|
|
|
|
mem runtime.MemStats
|
2023-06-24 15:37:13 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
runtime.ReadMemStats(&mem)
|
|
|
|
|
|
|
|
out := app.about
|
|
|
|
out.System.AllocMB = mem.Alloc / 1024 / 1024
|
|
|
|
out.System.OSMB = mem.Sys / 1024 / 1024
|
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, out)
|
|
|
|
}
|