Example #1
0
func newRestServerAPI(datasource *datasource.DataSource) *restServerAPI {
	rest := grest.NewApi()
	rest.Use(grest.DefaultDevStack...)

	rest.Use(&grest.CorsMiddleware{
		RejectNonCorsRequests: false,
		OriginValidator: func(origin string, request *grest.Request) bool {
			// TODO Origin check
			return true
		},
		AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
		AllowedHeaders: []string{
			"Accept", "Content-Type", "X-Custom-Header", "Origin", "Authorization"},
		AccessControlAllowCredentials: true,
		AccessControlMaxAge:           3600,
	})

	var bearerAuthMiddleware = &AuthBearerMiddleware{
		Realm: "RestAuthentication",
		Authenticator: func(token string) string {
			parsedToken, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
					return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
				}
				return datasource.ConfigByteArray("TOKEN_SIGN_KEY"), nil
			})

			if err == nil && parsedToken.Valid {
				return parsedToken.Claims["email"].(string)
			} else {
				return ""
			}
		},
		Authorizer: func(request *grest.Request, userID string) bool {
			user, err := datasource.UserByEmail(userID)
			if err != nil {
				logging.Log(debugTag, "Couldn't fetch user for userID=%s", userID)
				return false
			}
			request.Env["REMOTE_USER_OBJECT"] = user

			return true
		},
	}
	rest.Use(&grest.IfMiddleware{
		Condition: func(request *grest.Request) bool {
			return request.URL.Path != "/login"
		},
		IfTrue: bearerAuthMiddleware,
	})

	return &restServerAPI{
		rest: rest,
		ds:   datasource,
	}
}
Example #2
0
func procMsg(msg ClientMessage, datasource *datasource.DataSource) {
	rcpt := make([]string, 0, 100)

	toHost := strings.Split(msg.To, "@")[1]
	if isAllowedHost(toHost) {
		user, err := datasource.UserByEmail(msg.To)
		if err == nil {
			rcpt = append(rcpt, user.InboxAddr)
		} else {
			group, err := datasource.GroupByEmail(msg.To)
			if err == nil {
				for _, member := range group.Members {
					user, err = datasource.UserByEmail(member)
					if err == nil {
						rcpt = append(rcpt, user.InboxAddr)
					}
				}
			} else {
				logln(1, "Can't find such user or group")
				return
			}
		}
	}

	logln(1, fmt.Sprintf("%s", msg.From))
	fromHost := strings.Split(msg.From, "@")[1]
	if isAllowedHost(fromHost) {
		if msg.Auth == false || msg.Username != msg.From {
			logln(1, fmt.Sprintf("%s %s", msg.Username, msg.From))
			logln(1, "Not authenticated")
			return
		}
	}

	for _, email := range rcpt {
		logln(1, email)
		host := strings.Split(email, "@")[1]

		nss, err := net.LookupMX(host)
		if err == nil {
			for _, ns := range nss {
				logln(1, fmt.Sprintf("%s %d", ns.Host, ns.Pref))
			}
			curMsg := msg
			curMsg.To = email
			sendMsg(nss[0], curMsg)
		} else {
			logln(1, "Error in lookup MX")
		}
	}
}
Example #3
0
func clientAuth(client *Client, datasource *datasource.DataSource) string {
	succ := "235 Authentication succeeded"
	fail := "535 Authentication failed"

	user, err := datasource.UserByEmail(client.username)
	if err != nil {
		return fail
	}

	logln(1, user.Email)
	if user.AcceptsPassword(client.password, datasource.ConfigByteArray("PASSWORD_SALT")) {
		client.auth = true
		return succ
	}
	return fail
}