wildduck/api.js

'use strict';

const config = require('wild-config');
const restify = require('restify');
const log = require('npmlog');
const logger = require('restify-logger');
const UserHandler = require('./lib/user-handler');
const MailboxHandler = require('./lib/mailbox-handler');
const MessageHandler = require('./lib/message-handler');
const ImapNotifier = require('./lib/imap-notifier');
const db = require('./lib/db');
const certs = require('./lib/certs');
const ObjectID = require('mongodb').ObjectID;
const rootUser = new ObjectID('0'.repeat(24));

const usersRoutes = require('./lib/api/users');
const addressesRoutes = require('./lib/api/addresses');
const mailboxesRoutes = require('./lib/api/mailboxes');
const messagesRoutes = require('./lib/api/messages');
const filtersRoutes = require('./lib/api/filters');
const aspsRoutes = require('./lib/api/asps');
const totpRoutes = require('./lib/api/2fa/totp');
const custom2faRoutes = require('./lib/api/2fa/custom');
const u2fRoutes = require('./lib/api/2fa/u2f');
const updatesRoutes = require('./lib/api/updates');
const authRoutes = require('./lib/api/auth');
const autoreplyRoutes = require('./lib/api/autoreply');
const submitRoutes = require('./lib/api/submit');
const domainaliasRoutes = require('./lib/api/domainaliases');
const dkimRoutes = require('./lib/api/dkim');

const serverOptions = {
    name: 'WildDuck API',
    strictRouting: true,
    formatters: {
        'application/json; q=0.4': (req, res, body) => {
            let data = body ? JSON.stringify(body, false, 2) + '\n' : 'null';
            res.setHeader('Content-Length', Buffer.byteLength(data));
            return data;
        }
    }
};

let certOptions = {};
certs.loadTLSOptions(certOptions, 'api');

if (config.api.secure && certOptions.key) {
    serverOptions.key = certOptions.key;
    if (certOptions.ca) {
        serverOptions.ca = certOptions.ca;
    }
    serverOptions.certificate = certOptions.cert;
}

const server = restify.createServer(serverOptions);

let userHandler;
let mailboxHandler;
let messageHandler;
let notifier;

// disable compression for EventSource response
// this needs to be called before gzipResponse
server.use((req, res, next) => {
    if (req.route.path === '/users/:user/updates') {
        req.headers['accept-encoding'] = '';
    }
    next();
});

server.use(restify.plugins.gzipResponse());

server.use(restify.plugins.queryParser());
server.use(
    restify.plugins.bodyParser({
        maxBodySize: 0,
        mapParams: true,
        mapFiles: false,
        overrideParams: false
    })
);

server.use((req, res, next) => {
    let accessToken = req.query.accessToken || req.headers['x-access-token'] || false;
    if (req.query.accessToken) {
        delete req.query.accessToken;
    }

    let tokenRequired = false;

    let fail = () => {
        res.status(403);
        res.charSet('utf-8');
        return res.json({
            error: 'Invalid accessToken value',
            code: 'InvalidToken'
        });
    };

    req.validate = permission => {
        if (!permission.granted) {
            let err = new Error('Not enough privileges');
            err.responseCode = 403;
            err.code = 'MissingPrivileges';
            throw err;
        }
    };

    // hard coded master token
    if (config.api.accessToken) {
        tokenRequired = true;
        if (config.api.accessToken === accessToken) {
            req.role = 'root';
            req.user = rootUser;
            return next();
        }
    }

    // TODO: dynamically allocated tokens

    if (tokenRequired) {
        // no valid token found
        return fail();
    }

    // allow all
    req.role = 'root';
    req.user = rootUser;
    next();
});

logger.token('user', req => (req.user && req.user.toString()) || '?'.repeat(24));
logger.token('url', req => {
    if (/\baccessToken=/.test(req.url)) {
        return req.url.replace(/\baccessToken=[^&]+/g, 'accessToken=' + 'x'.repeat(6));
    }
    return req.url;
});

server.use(
    logger(':remote-addr :user :method :url :status :time-spent :append', {
        stream: {
            write: message => {
                message = (message || '').toString();
                if (message) {
                    log.http('API', message.replace('\n', '').trim());
                }
            }
        }
    })
);

module.exports = done => {
    if (!config.api.enabled) {
        return setImmediate(() => done(null, false));
    }

    let started = false;

    notifier = new ImapNotifier({
        database: db.database,
        redis: db.redis
    });

    messageHandler = new MessageHandler({
        database: db.database,
        users: db.users,
        redis: db.redis,
        gridfs: db.gridfs,
        attachments: config.attachments
    });

    userHandler = new UserHandler({
        database: db.database,
        users: db.users,
        redis: db.redis,
        messageHandler,
        authlogExpireDays: config.log.authlogExpireDays
    });

    mailboxHandler = new MailboxHandler({
        database: db.database,
        users: db.users,
        redis: db.redis,
        notifier
    });

    usersRoutes(db, server, userHandler);
    addressesRoutes(db, server);
    mailboxesRoutes(db, server, mailboxHandler);
    messagesRoutes(db, server, messageHandler);
    filtersRoutes(db, server);
    aspsRoutes(db, server, userHandler);
    totpRoutes(db, server, userHandler);
    custom2faRoutes(db, server, userHandler);
    u2fRoutes(db, server, userHandler);
    updatesRoutes(db, server, notifier);
    authRoutes(db, server, userHandler);
    autoreplyRoutes(db, server);
    submitRoutes(db, server, messageHandler, userHandler);
    domainaliasRoutes(db, server);
    dkimRoutes(db, server);

    server.on('error', err => {
        if (!started) {
            started = true;
            return done(err);
        }

        log.error('API', err);
    });

    server.listen(config.api.port, config.api.host, () => {
        if (started) {
            return server.close();
        }
        started = true;
        log.info('API', 'Server listening on %s:%s', config.api.host || '0.0.0.0', config.api.port);
        done(null, server);
    });
};
fixed broken imap 2017-03-06 22:13:40 +08:00			`'use strict';`

Changed configuration manager 2017-07-16 19:37:33 +08:00			`const config = require('wild-config');`
fixed broken imap 2017-03-06 22:13:40 +08:00			`const restify = require('restify');`
			`const log = require('npmlog');`
added logger for API calls 2017-12-23 00:18:50 +08:00			`const logger = require('restify-logger');`
support generating application specific passwords 2017-04-21 04:32:19 +08:00			`const UserHandler = require('./lib/user-handler');`
Updated mailbox API endpoints 2017-07-21 02:33:41 +08:00			`const MailboxHandler = require('./lib/mailbox-handler');`
Added message DELETE Api call 2017-07-21 21:29:57 +08:00			`const MessageHandler = require('./lib/message-handler');`
Added API endpoint to push changes in user account 2017-07-18 22:38:05 +08:00			`const ImapNotifier = require('./lib/imap-notifier');`
Added support for QUOTA extension, all users have a maximum quota set 2017-03-27 15:36:45 +08:00			`const db = require('./lib/db');`
Allow reloading TLS certs by SIGHUP to master 2017-10-05 20:14:43 +08:00			`const certs = require('./lib/certs');`
started testing with roles 2018-08-28 19:37:06 +08:00			`const ObjectID = require('mongodb').ObjectID;`
			`const rootUser = new ObjectID('0'.repeat(24));`
refactor api 2017-07-26 16:52:55 +08:00
			`const usersRoutes = require('./lib/api/users');`
			`const addressesRoutes = require('./lib/api/addresses');`
			`const mailboxesRoutes = require('./lib/api/mailboxes');`
			`const messagesRoutes = require('./lib/api/messages');`
			`const filtersRoutes = require('./lib/api/filters');`
			`const aspsRoutes = require('./lib/api/asps');`
Support a single u2f key 2017-10-10 16:19:10 +08:00			`const totpRoutes = require('./lib/api/2fa/totp');`
Allow enabling custom 2FA that effectively disables account password for IMAP/SMTP/POP3 2018-04-13 19:32:58 +08:00			`const custom2faRoutes = require('./lib/api/2fa/custom');`
Support a single u2f key 2017-10-10 16:19:10 +08:00			`const u2fRoutes = require('./lib/api/2fa/u2f');`
refactor api 2017-07-26 16:52:55 +08:00			`const updatesRoutes = require('./lib/api/updates');`
			`const authRoutes = require('./lib/api/auth');`
added autoreply api 2017-07-30 23:07:35 +08:00			`const autoreplyRoutes = require('./lib/api/autoreply');`
Added API endpoint for sending emails 2017-11-29 19:59:58 +08:00			`const submitRoutes = require('./lib/api/submit');`
Updated address resolving 2017-12-01 21:04:32 +08:00			`const domainaliasRoutes = require('./lib/api/domainaliases');`
initial handling of DKIM keys 2017-12-28 19:45:02 +08:00			`const dkimRoutes = require('./lib/api/dkim');`
fixed broken imap 2017-03-06 22:13:40 +08:00
changed API 2017-07-17 21:32:31 +08:00			`const serverOptions = {`
Rename Wild Duck to WildDuck 2018-01-02 21:04:01 +08:00			`name: 'WildDuck API',`
added API endpoints for listing usernames and addresses 2017-07-20 18:10:43 +08:00			`strictRouting: true,`
			`formatters: {`
			`'application/json; q=0.4': (req, res, body) => {`
Emit counters 2017-07-20 21:10:36 +08:00			`let data = body ? JSON.stringify(body, false, 2) + '\n' : 'null';`
added API endpoints for listing usernames and addresses 2017-07-20 18:10:43 +08:00			`res.setHeader('Content-Length', Buffer.byteLength(data));`
			`return data;`
			`}`
			`}`
changed API 2017-07-17 21:32:31 +08:00			`};`

Allow reloading TLS certs by SIGHUP to master 2017-10-05 20:14:43 +08:00			`let certOptions = {};`
			`certs.loadTLSOptions(certOptions, 'api');`

			`if (config.api.secure && certOptions.key) {`
			`serverOptions.key = certOptions.key;`
			`if (certOptions.ca) {`
			`serverOptions.ca = certOptions.ca;`
changed API 2017-07-17 21:32:31 +08:00			`}`
Allow reloading TLS certs by SIGHUP to master 2017-10-05 20:14:43 +08:00			`serverOptions.certificate = certOptions.cert;`
changed API 2017-07-17 21:32:31 +08:00			`}`

			`const server = restify.createServer(serverOptions);`
fixed broken imap 2017-03-06 22:13:40 +08:00
support generating application specific passwords 2017-04-21 04:32:19 +08:00			`let userHandler;`
Updated mailbox API endpoints 2017-07-21 02:33:41 +08:00			`let mailboxHandler;`
Added message DELETE Api call 2017-07-21 21:29:57 +08:00			`let messageHandler;`
Added API endpoint to push changes in user account 2017-07-18 22:38:05 +08:00			`let notifier;`
fixed broken imap 2017-03-06 22:13:40 +08:00
added API endpoints for listing usernames and addresses 2017-07-20 18:10:43 +08:00			`// disable compression for EventSource response`
			`// this needs to be called before gzipResponse`
			`server.use((req, res, next) => {`
			`if (req.route.path === '/users/:user/updates') {`
			`req.headers['accept-encoding'] = '';`
			`}`
			`next();`
			`});`
added logger for API calls 2017-12-23 00:18:50 +08:00
added API endpoints for listing usernames and addresses 2017-07-20 18:10:43 +08:00			`server.use(restify.plugins.gzipResponse());`

fixed upgraded restify usage 2017-07-11 03:15:16 +08:00			`server.use(restify.plugins.queryParser());`
Use prettier for formatting 2017-06-03 14:51:58 +08:00			`server.use(`
fixed upgraded restify usage 2017-07-11 03:15:16 +08:00			`restify.plugins.bodyParser({`
Use prettier for formatting 2017-06-03 14:51:58 +08:00			`maxBodySize: 0,`
			`mapParams: true,`
			`mapFiles: false,`
			`overrideParams: false`
			`})`
			`);`
fixed broken imap 2017-03-06 22:13:40 +08:00
Added example certififcates 2017-07-25 20:50:16 +08:00			`server.use((req, res, next) => {`
started testing with roles 2018-08-28 19:37:06 +08:00			`let accessToken = req.query.accessToken \|\| req.headers['x-access-token'] \|\| false;`
			`if (req.query.accessToken) {`
			`delete req.query.accessToken;`
			`}`

			`let tokenRequired = false;`

			`let fail = () => {`
Added example certififcates 2017-07-25 20:50:16 +08:00			`res.status(403);`
			`res.charSet('utf-8');`
			`return res.json({`
started testing with roles 2018-08-28 19:37:06 +08:00			`error: 'Invalid accessToken value',`
			`code: 'InvalidToken'`
Added example certififcates 2017-07-25 20:50:16 +08:00			`});`
started testing with roles 2018-08-28 19:37:06 +08:00			`};`

			`req.validate = permission => {`
			`if (!permission.granted) {`
			`let err = new Error('Not enough privileges');`
			`err.responseCode = 403;`
			`err.code = 'MissingPrivileges';`
			`throw err;`
			`}`
			`};`

			`// hard coded master token`
			`if (config.api.accessToken) {`
			`tokenRequired = true;`
			`if (config.api.accessToken === accessToken) {`
			`req.role = 'root';`
			`req.user = rootUser;`
			`return next();`
			`}`
Added example certififcates 2017-07-25 20:50:16 +08:00			`}`
started testing with roles 2018-08-28 19:37:06 +08:00
			`// TODO: dynamically allocated tokens`

			`if (tokenRequired) {`
			`// no valid token found`
			`return fail();`
Added example certififcates 2017-07-25 20:50:16 +08:00			`}`
started testing with roles 2018-08-28 19:37:06 +08:00
			`// allow all`
			`req.role = 'root';`
			`req.user = rootUser;`
Added example certififcates 2017-07-25 20:50:16 +08:00			`next();`
			`});`

started testing with roles 2018-08-28 19:37:06 +08:00			`logger.token('user', req => (req.user && req.user.toString()) \|\| '?'.repeat(24));`
			`logger.token('url', req => {`
			`if (/\baccessToken=/.test(req.url)) {`
			`return req.url.replace(/\baccessToken=[^&]+/g, 'accessToken=' + 'x'.repeat(6));`
			`}`
			`return req.url;`
			`});`

added logger for API calls 2017-12-23 00:18:50 +08:00			`server.use(`
started testing with roles 2018-08-28 19:37:06 +08:00			`logger(':remote-addr :user :method :url :status :time-spent :append', {`
added logger for API calls 2017-12-23 00:18:50 +08:00			`stream: {`
			`write: message => {`
			`message = (message \|\| '').toString();`
			`if (message) {`
			`log.http('API', message.replace('\n', '').trim());`
			`}`
			`}`
			`}`
			`})`
			`);`

Added support for QUOTA extension, all users have a maximum quota set 2017-03-27 15:36:45 +08:00			`module.exports = done => {`
fixed api without imap 2018-06-18 21:29:10 +08:00			`if (!config.api.enabled) {`
Preprocess message in LMTP 2017-04-13 16:35:39 +08:00			`return setImmediate(() => done(null, false));`
			`}`

Added support for QUOTA extension, all users have a maximum quota set 2017-03-27 15:36:45 +08:00			`let started = false;`

Added API endpoint to push changes in user account 2017-07-18 22:38:05 +08:00			`notifier = new ImapNotifier({`
			`database: db.database,`
			`redis: db.redis`
			`});`
refactor attachment storage 2017-08-07 02:25:10 +08:00
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`messageHandler = new MessageHandler({`
			`database: db.database,`
			`users: db.users,`
allow using other storage mechanisms for attachments than gridstore 2017-08-07 16:29:29 +08:00			`redis: db.redis,`
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`gridfs: db.gridfs,`
allow using other storage mechanisms for attachments than gridstore 2017-08-07 16:29:29 +08:00			`attachments: config.attachments`
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`});`
refactor attachment storage 2017-08-07 02:25:10 +08:00
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`userHandler = new UserHandler({`
			`database: db.database,`
			`users: db.users,`
			`redis: db.redis,`
v1.0.69 2017-08-08 19:35:18 +08:00			`messageHandler,`
			`authlogExpireDays: config.log.authlogExpireDays`
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`});`
refactor attachment storage 2017-08-07 02:25:10 +08:00
Allow using external resources for default messages 2017-08-04 19:07:17 +08:00			`mailboxHandler = new MailboxHandler({`
			`database: db.database,`
			`users: db.users,`
			`redis: db.redis,`
			`notifier`
			`});`
Added support for QUOTA extension, all users have a maximum quota set 2017-03-27 15:36:45 +08:00
refactor api 2017-07-26 16:52:55 +08:00			`usersRoutes(db, server, userHandler);`
			`addressesRoutes(db, server);`
			`mailboxesRoutes(db, server, mailboxHandler);`
			`messagesRoutes(db, server, messageHandler);`
			`filtersRoutes(db, server);`
			`aspsRoutes(db, server, userHandler);`
Support a single u2f key 2017-10-10 16:19:10 +08:00			`totpRoutes(db, server, userHandler);`
Allow enabling custom 2FA that effectively disables account password for IMAP/SMTP/POP3 2018-04-13 19:32:58 +08:00			`custom2faRoutes(db, server, userHandler);`
Support a single u2f key 2017-10-10 16:19:10 +08:00			`u2fRoutes(db, server, userHandler);`
refactor api 2017-07-26 16:52:55 +08:00			`updatesRoutes(db, server, notifier);`
			`authRoutes(db, server, userHandler);`
added autoreply api 2017-07-30 23:07:35 +08:00			`autoreplyRoutes(db, server);`
Allow sending emails to self 2017-12-15 20:26:29 +08:00			`submitRoutes(db, server, messageHandler, userHandler);`
Updated address resolving 2017-12-01 21:04:32 +08:00			`domainaliasRoutes(db, server);`
initial handling of DKIM keys 2017-12-28 19:45:02 +08:00			`dkimRoutes(db, server);`
refactor api 2017-07-26 16:52:55 +08:00
Added support for QUOTA extension, all users have a maximum quota set 2017-03-27 15:36:45 +08:00			`server.on('error', err => {`
			`if (!started) {`
			`started = true;`
			`return done(err);`
			`}`

			`log.error('API', err);`
			`});`

			`server.listen(config.api.port, config.api.host, () => {`
			`if (started) {`
			`return server.close();`
			`}`
			`started = true;`
			`log.info('API', 'Server listening on %s:%s', config.api.host \|\| '0.0.0.0', config.api.port);`
			`done(null, server);`
fixed broken imap 2017-03-06 22:13:40 +08:00			`});`
			`};`