nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2025-10-06 20:05:58 +08:00
Code Issues Projects Releases Packages Wiki Activity

asp handling update

Browse source
This commit is contained in:
Andris Reinman 2018-10-11 09:44:21 +03:00
parent dde325037a
commit f6797583fe
2 changed files with 444 additions and 405 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/roles.json
View file

@ -19,6 +19,12 @@
"delete:any": ["*"]
},
"asps": {
"create:any": ["*"],
"read:any": ["*"],
"delete:any": ["*"]
},
"messages": {
"create:any": ["*"],
"read:any": ["*"],
@ -58,6 +64,12 @@
"update:own": ["*", "!audit"]
},
"asps": {
"create:own": ["*"],
"read:own": ["*"],
"delete:own": ["*"]
},
"messages": {
"create:own": ["*"],
"read:own": ["*"],

837
lib/api/asps.js
View file

@ -7,8 +7,15 @@ const mobileconfig = require('mobileconfig');
const uuid = require('uuid');
const consts = require('../consts');
const certs = require('../certs').get('api.mobileconfig');
const tools = require('../tools');
const roles = require('../roles');
const util = require('util');
module.exports = (db, server, userHandler) => {
const generateASP = util.promisify(userHandler.generateASP.bind(userHandler));
const deleteASP = util.promisify(userHandler.deleteASP.bind(userHandler));
const mobileconfigGetSignedConfig = util.promisify(mobileconfig.getSignedConfig.bind(mobileconfig));
/**
* @api {get} /users/:user/asps List Application Passwords
* @apiName GetASPs
@ -63,101 +70,114 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error"
* }
*/
server.get('/users/:user/asps', (req, res, next) => {
res.charSet('utf-8');
server.get(
'/users/:user/asps',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8');
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
return next();
}
let user = new ObjectID(result.value.user);
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
db.users.collection('users').findOne(
{
_id: user
},
{
projection: {
address: true
}
},
(err, userData) => {
if (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!userData) {
res.json({
error: 'This user does not exist',
code: 'UserNotFound'
});
return next();
}
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
});
return next();
}
db.users
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).readOwn('asps'));
} else {
req.validate(roles.can(req.role).readAny('asps'));
}
let user = new ObjectID(result.value.user);
let userData;
try {
userData = await db.users.collection('users').findOne(
{
_id: user
},
{
projection: {
address: true
}
}
);
} catch (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!userData) {
res.json({
error: 'This user does not exist',
code: 'UserNotFound'
});
return next();
}
let asps;
try {
asps = await db.users
.collection('asps')
.find({
user
})
.sort({ _id: 1 })
.toArray((err, asps) => {
if (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!asps) {
asps = [];
}
res.json({
success: true,
results: asps.map(asp => ({
id: asp._id,
description: asp.description,
scopes: asp.scopes.includes('*') ? [...consts.SCOPES] : asp.scopes,
lastUse: {
time: asp.used || false,
event: asp.authEvent || false
},
created: asp.created
}))
});
return next();
});
.toArray();
} catch (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
);
});
if (!asps) {
asps = [];
}
res.json({
success: true,
results: asps.map(asp => ({
id: asp._id,
description: asp.description,
scopes: asp.scopes.includes('*') ? [...consts.SCOPES] : asp.scopes,
lastUse: {
time: asp.used || false,
event: asp.authEvent || false
},
created: asp.created
}))
});
return next();
})
);
/**
* @api {get} /users/:user/asps/:asp Request ASP information
@ -209,81 +229,90 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error"
* }
*/
server.get('/users/:user/asps/:asp', (req, res, next) => {
res.charSet('utf-8');
server.get(
'/users/:user/asps/:asp',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8');
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
asp: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
asp: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
return next();
}
let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp);
db.users.collection('asps').findOne(
{
_id: asp,
user
},
(err, asp) => {
if (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!asp) {
res.json({
error: 'Invalid or unknown ASP key',
code: 'AspNotFound'
});
return next();
}
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
if (result.error) {
res.json({
success: true,
id: asp._id,
description: asp.description,
scopes: asp.scopes.includes('*') ? [...consts.SCOPES] : asp.scopes,
lastUse: {
time: asp.used || false,
event: asp.authEvent || false
},
created: asp.created
error: result.error.message,
code: 'InputValidationError'
});
return next();
}
);
});
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).readOwn('asps'));
} else {
req.validate(roles.can(req.role).readAny('asps'));
}
let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp);
let aspData;
try {
aspData = await db.users.collection('asps').findOne({
_id: asp,
user
});
} catch (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!aspData) {
res.json({
error: 'Invalid or unknown ASP key',
code: 'AspNotFound'
});
return next();
}
res.json({
success: true,
id: aspData._id,
description: aspData.description,
scopes: aspData.scopes.includes('*') ? [...consts.SCOPES] : aspData.scopes,
lastUse: {
time: aspData.used || false,
event: aspData.authEvent || false
},
created: aspData.created
});
return next();
})
);
/**
* @api {post} /users/:user/asps Create new Application Password
@ -299,6 +328,7 @@ module.exports = (db, server, userHandler) => {
* @apiParam {String} description Description
* @apiParam {String[]} scopes List of scopes this Password applies to. Special scope "*" indicates that this password can be used for any scope except "master"
* @apiParam {Boolean} [generateMobileconfig] If true then result contains a mobileconfig formatted file with account config
* @apiParam {String} [address] E-mail address to be used as the account address in mobileconfig file. Must be one of the listed identity addresses of the user. Defaults to the main address of the user
* @apiParam {String} [sess] Session identifier for the logs
* @apiParam {String} [ip] IP address for the logs
*
@ -333,252 +363,245 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error"
* }
*/
server.post('/users/:user/asps', (req, res, next) => {
res.charSet('utf-8');
server.post(
'/users/:user/asps',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8');
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
description: Joi.string()
.trim()
.max(255)
.required(),
scopes: Joi.array()
.items(
Joi.string()
.valid(...consts.SCOPES, '*')
.required()
)
.unique(),
generateMobileconfig: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', '1', 1])
.falsy(['N', 'false', 'no', 'off', '0', 0, ''])
.default(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
if (typeof req.params.scopes === 'string') {
req.params.scopes = req.params.scopes
.split(',')
.map(scope => scope.trim())
.filter(scope => scope);
}
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
description: Joi.string()
.trim()
.max(255)
.required(),
scopes: Joi.array()
.items(
Joi.string()
.valid(...consts.SCOPES, '*')
.required()
)
.unique(),
address: Joi.string()
.empty('')
.email(),
generateMobileconfig: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', '1', 1])
.falsy(['N', 'false', 'no', 'off', '0', 0, ''])
.default(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
return next();
}
let user = new ObjectID(result.value.user);
let generateMobileconfig = result.value.generateMobileconfig;
let scopes = result.value.scopes || ['*'];
let description = result.value.description;
if (typeof req.params.scopes === 'string') {
req.params.scopes = req.params.scopes
.split(',')
.map(scope => scope.trim())
.filter(scope => scope);
}
if (scopes.includes('*')) {
scopes = ['*'];
}
if (generateMobileconfig && !scopes.includes('*') && ((!scopes.includes('imap') && !scopes.includes('pop3')) || !scopes.includes('smtp'))) {
res.json({
error: 'Profile file requires either imap or pop3 and smtp scopes',
code: 'InvalidAuthScope'
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
return next();
}
db.users.collection('users').findOne(
{
_id: user
},
{
projection: {
username: true,
name: true,
address: true
}
},
(err, userData) => {
if (err) {
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
});
return next();
}
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).createOwn('asps'));
} else {
req.validate(roles.can(req.role).createAny('asps'));
}
let user = new ObjectID(result.value.user);
let generateMobileconfig = result.value.generateMobileconfig;
let scopes = result.value.scopes || ['*'];
let description = result.value.description;
if (scopes.includes('*')) {
scopes = ['*'];
}
if (generateMobileconfig && !scopes.includes('*') && ((!scopes.includes('imap') && !scopes.includes('pop3')) || !scopes.includes('smtp'))) {
res.json({
error: 'Profile file requires either imap or pop3 and smtp scopes',
code: 'InvalidAuthScope'
});
return next();
}
let userData;
try {
userData = await db.users.collection('users').findOne(
{
_id: user
},
{
projection: {
username: true,
name: true,
address: true
}
}
);
} catch (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!userData) {
res.json({
error: 'This user does not exist',
code: 'UserNotFound'
});
return next();
}
let accountType;
let accountHost;
let accountPort;
let accountSecure;
let accountAddress;
let accountName;
if (result.value.address) {
let addressData;
try {
addressData = await db.users.collection('addresses').findOne({
addrview: tools.normalizeAddress(result.value.address, false, {
removeLabel: true,
removeDots: true
})
});
} catch (err) {
res.json({
error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
});
return next();
}
if (!userData) {
if (!addressData || !addressData.user.equals(userData._id)) {
res.json({
error: 'This user does not exist',
code: 'UserNotFound'
error: 'Invalid or unknown address',
code: 'AddressNotFound'
});
return next();
}
userHandler.generateASP(user, result.value, (err, result) => {
if (err) {
res.json({
error: err.message
});
return next();
}
accountName = addressData.name || userData.name || '';
accountAddress = addressData.address;
} else {
accountName = userData.name || '';
accountAddress = userData.address;
}
if (!generateMobileconfig) {
res.json({
success: true,
id: result.id,
password: result.password
});
return next();
}
let asp = await generateASP(user, result.value);
let profileOpts = {};
Object.keys(config.api.mobileconfig || {}).forEach(key => {
profileOpts[key] = (config.api.mobileconfig[key] || '')
.toString()
.replace(/\{email\}/g, userData.address)
.trim();
});
if (!generateMobileconfig) {
res.json({
success: true,
id: asp.id,
password: asp.password
});
return next();
}
let accountType;
let accountHost;
let accountPort;
let accountSecure;
let profileOpts = {};
Object.keys(config.api.mobileconfig || {}).forEach(key => {
profileOpts[key] = (config.api.mobileconfig[key] || '')
.toString()
.replace(/\{email\}/g, accountAddress)
.replace(/\{name\}/g, accountName)
.trim();
});
if (scopes.includes('*') || scopes.includes('imap')) {
// prefer IMAP
accountType = 'EmailTypeIMAP';
accountHost = config.imap.setup.hostname;
accountPort = config.imap.setup.port || config.imap.port;
accountSecure = !!config.imap.setup.secure;
} else {
accountType = 'EmailTypePOP';
accountHost = config.pop3.setup.hostname;
accountPort = config.pop3.setup.port || config.pop3.port;
accountSecure = !!config.pop3.setup.secure;
}
if (scopes.includes('*') || scopes.includes('imap')) {
// prefer IMAP
accountType = 'EmailTypeIMAP';
accountHost = config.imap.setup.hostname;
accountPort = config.imap.setup.port || config.imap.port;
accountSecure = !!config.imap.setup.secure;
} else {
accountType = 'EmailTypePOP';
accountHost = config.pop3.setup.hostname;
accountPort = config.pop3.setup.port || config.pop3.port;
accountSecure = !!config.pop3.setup.secure;
}
mobileconfig.getSignedConfig(
let profile = await mobileconfigGetSignedConfig(
{
PayloadType: 'Configuration',
PayloadVersion: 1,
PayloadIdentifier: profileOpts.identifier + '.' + userData._id,
PayloadUUID: uuid.v4(),
PayloadDisplayName: description || profileOpts.displayName,
PayloadDescription: profileOpts.displayDescription,
PayloadOrganization: profileOpts.organization || 'WildDuck Mail Server',
PayloadContent: [
{
PayloadType: 'Configuration',
PayloadType: 'com.apple.mail.managed',
PayloadVersion: 1,
PayloadIdentifier: profileOpts.identifier + '.' + userData._id,
PayloadUUID: uuid.v4(),
PayloadDisplayName: description || profileOpts.displayName,
PayloadDescription: profileOpts.displayDescription,
PayloadDisplayName: 'Email Account',
PayloadDescription: 'Configures email account',
PayloadOrganization: profileOpts.organization || 'WildDuck Mail Server',
PayloadContent: [
{
PayloadType: 'com.apple.mail.managed',
PayloadVersion: 1,
PayloadIdentifier: profileOpts.identifier + '.' + userData._id,
PayloadUUID: uuid.v4(),
PayloadDisplayName: 'Email Account',
PayloadDescription: 'Configures email account',
PayloadOrganization: profileOpts.organization || 'WildDuck Mail Server',
EmailAccountDescription: profileOpts.accountDescription,
EmailAccountName: userData.name || '',
EmailAccountType: accountType,
EmailAddress: userData.address,
IncomingMailServerAuthentication: 'EmailAuthPassword',
IncomingMailServerHostName: accountHost,
IncomingMailServerPortNumber: accountPort,
IncomingMailServerUseSSL: accountSecure,
IncomingMailServerUsername: userData.address,
IncomingPassword: result.password,
OutgoingPasswordSameAsIncomingPassword: true,
OutgoingMailServerAuthentication: 'EmailAuthPassword',
OutgoingMailServerHostName: config.smtp.setup.hostname,
OutgoingMailServerPortNumber: config.smtp.setup.port || config.smtp.port,
OutgoingMailServerUseSSL: 'secure' in config.smtp.setup ? !!config.smtp.setup.secure : config.smtp.secure,
OutgoingMailServerUsername: userData.address,
PreventMove: false,
PreventAppSheet: false,
SMIMEEnabled: false,
allowMailDrop: true
}
]
},
certs,
(err, data) => {
if (err) {
res.json({
error: err.message
});
return next();
}
res.json({
success: true,
id: result.id,
password: result.password,
mobileconfig: data.toString('base64')
});
return next();
EmailAccountDescription: profileOpts.accountDescription,
EmailAccountName: accountName,
EmailAccountType: accountType,
EmailAddress: accountAddress,
IncomingMailServerAuthentication: 'EmailAuthPassword',
IncomingMailServerHostName: accountHost,
IncomingMailServerPortNumber: accountPort,
IncomingMailServerUseSSL: accountSecure,
IncomingMailServerUsername: accountAddress,
IncomingPassword: asp.password,
OutgoingPasswordSameAsIncomingPassword: true,
OutgoingMailServerAuthentication: 'EmailAuthPassword',
OutgoingMailServerHostName: config.smtp.setup.hostname,
OutgoingMailServerPortNumber: config.smtp.setup.port || config.smtp.port,
OutgoingMailServerUseSSL: 'secure' in config.smtp.setup ? !!config.smtp.setup.secure : config.smtp.secure,
OutgoingMailServerUsername: accountAddress,
PreventMove: false,
PreventAppSheet: false,
SMIMEEnabled: false,
allowMailDrop: true
}
);
]
},
certs
);
/*
let options = {
displayName: description || profileOpts.displayName,
displayDescription: profileOpts.displayDescription,
accountDescription: profileOpts.accountDescription,
emailAddress: userData.address,
emailAccountName: userData.name,
identifier: profileOpts.identifier + '.' + userData.username,
imap: {
hostname: config.imap.setup.hostname,
port: config.imap.setup.port || config.imap.port,
secure: config.imap.setup.secure,
username: userData.username,
password: result.password
},
smtp: {
hostname: config.smtp.setup.hostname,
port: config.smtp.setup.port || config.smtp.port,
secure: true, //config.setup.smtp.secure,
username: userData.username,
password: false // use the same password as for IMAP
},
keys: certs
};
mobileconfig.getSignedEmailConfig(options, (err, data) => {
if (err) {
res.json({
error: err.message
});
return next();
}
res.json({
success: true,
id: result.id,
password: result.password,
mobileconfig: data.toString('base64')
});
return next();
});
*/
});
}
);
});
res.json({
success: true,
id: asp.id,
name: accountName,
address: accountAddress,
password: asp.password,
mobileconfig: profile.toString('base64')
});
return next();
})
);
/**
* @api {delete} /users/:user/asps/:asp Delete an Application Password
@ -612,54 +635,58 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error"
* }
*/
server.del('/users/:user/asps/:asp', (req, res, next) => {
res.charSet('utf-8');
server.del(
'/users/:user/asps/:asp',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8');
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
asp: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
if (result.error) {
res.json({
error: result.error.message,
code: 'InputValidationError'
const schema = Joi.object().keys({
user: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
asp: Joi.string()
.hex()
.lowercase()
.length(24)
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
return next();
}
let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp);
const result = Joi.validate(req.params, schema, {
abortEarly: false,
convert: true
});
userHandler.deleteASP(user, asp, result.value, err => {
if (err) {
if (result.error) {
res.json({
error: err.message
error: result.error.message,
code: 'InputValidationError'
});
return next();
}
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).deleteOwn('asps'));
} else {
req.validate(roles.can(req.role).deleteAny('asps'));
}
let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp);
await deleteASP(user, asp, result.value);
res.json({
success: true
});
return next();
});
});
})
);
};