Exemplo n.º 1
0
func tokensList(c *cli.Context) int {
	// Connect to RethinkDB
	_, session, connected := connectToRethinkDB(c)
	if !connected {
		return 1
	}

	// Get tokens from database
	cursor, err := r.Table("tokens").Map(func(row r.Term) r.Term {
		return r.Branch(
			row.HasFields("client_id"),
			row.Merge(map[string]interface{}{
				"owners_address": r.Table("accounts").Get(row.Field("owner")).Field("main_address"),
				"client_name":    r.Table("applications").Get(row.Field("client_id")).Field("name"),
			}),
			row.Merge(map[string]interface{}{
				"owners_address": r.Table("accounts").Get(row.Field("owner")).Field("main_address"),
			}),
		)
	}).Run(session)
	if err != nil {
		writeError(c, err)
		return 1
	}
	var tokens []struct {
		models.Token
		OwnersAddress string `gorethink:"owners_address" json:"owners_address"`
		ClientName    string `gorethink:"client_name" json:"client_name,omitempty"`
	}
	if err := cursor.All(&tokens); err != nil {
		writeError(c, err)
		return 1
	}

	// Write the output
	if c.Bool("json") {
		if err := json.NewEncoder(c.App.Writer).Encode(tokens); err != nil {
			writeError(c, err)
			return 1
		}

		fmt.Fprint(c.App.Writer, "\n")
	} else {
		table := termtables.CreateTable()
		table.AddHeaders("id", "type", "owner", "client_name", "expired", "date_created")
		for _, token := range tokens {
			table.AddRow(
				token.ID,
				token.Type,
				token.OwnersAddress,
				token.ClientName,
				!token.ExpiryDate.IsZero() && token.ExpiryDate.Before(time.Now()),
				token.DateCreated.Format(time.RubyDate),
			)
		}
		fmt.Fprintln(c.App.Writer, table.Render())
	}

	return 0
}
Exemplo n.º 2
0
func getDatabaseVersion(opts *r.ConnectOpts, session *r.Session) (int, error) {
	cursor, err := r.Branch(
		r.DB(opts.Database).TableList().Contains("migration_status"),
		r.DB(opts.Database).Table("migration_status").Get("revision").Field("value"),
		r.DB(opts.Database).TableCreate("migration_status").Do(func() r.Term {
			return r.DB(opts.Database).Table("migration_status").Insert(map[string]interface{}{
				"id":    "revision",
				"value": -1,
			}).Do(func() int {
				return -1
			})
		}),
	).Run(session)
	if err != nil {
		return -1, err
	}
	defer cursor.Close()
	var result int
	if err := cursor.One(&result); err != nil {
		return -1, err
	}

	return result, nil
}
Exemplo n.º 3
0
func (a *API) oauthToken(c *gin.Context) {
	// Decode the input
	var input struct {
		GrantType    string `json:"grant_type"`
		Code         string `json:"code"`
		ClientID     string `json:"client_id"`
		ClientSecret string `json:"client_secret"`
		Address      string `json:"address"`
		Password     string `json:"password"`
		ExpiryTime   int64  `json:"expiry_time"`
	}
	if err := c.Bind(&input); err != nil {
		c.JSON(422, &gin.H{
			"code":    CodeGeneralInvalidInput,
			"message": err.Error(),
		})
		return
	}

	// Switch the action
	switch input.GrantType {
	case "authorization_code":
		// Parameters:
		//  - code          - authorization code from the app
		//  - client_id     - id of the client app
		//  - client_secret - secret of the client app

		// Fetch the application from database
		cursor, err := r.Table("applications").Get(input.ClientID).Default(map[string]interface{}{}).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var application *models.Application
		if err := cursor.One(&application); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}
		if application.ID == "" {
			c.JSON(422, &gin.H{
				"code":    CodeOAuthInvalidApplication,
				"message": "No such client ID.",
			})
			return
		}
		if application.Secret != input.ClientSecret {
			c.JSON(422, &gin.H{
				"code":    CodeOAuthInvalidSecret,
				"message": "Invalid client secret.",
			})
			return
		}

		// Fetch the code from the database
		cursor, err = r.Table("tokens").Get(input.Code).Default(map[string]interface{}{}).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var codeToken *models.Token
		if err := cursor.One(&codeToken); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}

		// Ensure token type and matching client id
		if codeToken.ID == "" || codeToken.Type != "code" || codeToken.ClientID != input.ClientID {
			c.JSON(422, &gin.H{
				"code":    CodeOAuthInvalidCode,
				"message": "Invalid code",
			})
			return
		}

		// Create a new authentication code
		token := &models.Token{
			ID:           uniuri.NewLen(uniuri.UUIDLen),
			DateCreated:  time.Now(),
			DateModified: time.Now(),
			Owner:        codeToken.Owner,
			ExpiryDate:   codeToken.ExpiryDate,
			Type:         "auth",
			Scope:        codeToken.Scope,
			ClientID:     input.ClientID,
		}

		// Remove code token
		if err := r.Table("tokens").Get(codeToken.ID).Delete().Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}

		// Insert it into database
		if err := r.Table("tokens").Insert(token).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}

		// Write the token into the response
		c.JSON(201, token)
		return
	case "password":
		// Parameters:
		//  - address     - address in the system
		//  - password    - sha256 of the account's password
		//  - client_id   - id of the client app used for stats
		//  - expiry_time - seconds until token expires

		// If there's no domain, append default domain
		if strings.Index(input.Address, "@") == -1 {
			input.Address += "@" + a.Options.DefaultDomain
		}

		// Normalize the username
		na := utils.RemoveDots(utils.NormalizeAddress(input.Address))

		// Validate input
		errors := []string{}
		if !govalidator.IsEmail(na) {
			errors = append(errors, "Invalid address format.")
		}
		var dp []byte
		if len(input.Password) != 64 {
			errors = append(errors, "Invalid password length.")
		} else {
			var err error
			dp, err = hex.DecodeString(input.Password)
			if err != nil {
				errors = append(errors, "Invalid password format.")
			}
		}
		if input.ExpiryTime == 0 {
			input.ExpiryTime = 86400 // 24 hours
		} else if input.ExpiryTime < 0 {
			errors = append(errors, "Invalid expiry time.")
		}
		if input.ClientID == "" {
			errors = append(errors, "Missing client ID.")
		} else {
			cursor, err := r.Table("applications").Get(input.ClientID).Ne(nil).Run(a.Rethink)
			if err != nil {
				c.JSON(500, &gin.H{
					"code":    CodeGeneralDatabaseError,
					"message": err.Error(),
				})
				return
			}
			defer cursor.Close()
			var appExists bool
			if err := cursor.One(&appExists); err != nil {
				c.JSON(500, &gin.H{
					"code":    CodeGeneralDatabaseError,
					"message": err.Error(),
				})
				return
			}
			if !appExists {
				errors = append(errors, "Invalid client ID.")
			}
		}
		if len(errors) > 0 {
			c.JSON(422, &gin.H{
				"code":    CodeOAuthValidationFailed,
				"message": "Validation failed.",
				"errors":  errors,
			})
			return
		}

		// Fetch the address from the database
		cursor, err := r.Table("addresses").Get(na).Default(map[string]interface{}{}).Do(func(address r.Term) map[string]interface{} {
			return map[string]interface{}{
				"address": address,
				"account": r.Branch(
					address.HasFields("id"),
					r.Table("accounts").Get(address.Field("owner")),
					nil,
				),
			}
		}).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var result struct {
			Address *models.Address `gorethink:"address"`
			Account *models.Account `gorethink:"account"`
		}
		if err := cursor.One(&result); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}

		// Verify that both address and account exist
		if result.Address == nil || result.Address.ID == "" || result.Account == nil || result.Account.ID == "" {
			c.JSON(401, &gin.H{
				"code":    CodeOAuthInvalidAddress,
				"message": "No such address exists",
			})
			return
		}

		// Verify the password
		valid, update, err := result.Account.VerifyPassword(dp)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeOAuthInvalidPassword,
				"message": err.Error(),
			})
			return
		}
		if update {
			result.Account.DateModified = time.Now()
			if err := r.Table("accounts").Get(result.Account.ID).Update(result.Account).Exec(a.Rethink); err != nil {
				c.JSON(500, &gin.H{
					"code":    CodeGeneralDatabaseError,
					"message": err.Error(),
				})
				return
			}
		}
		if !valid {
			c.JSON(401, &gin.H{
				"code":    CodeOAuthInvalidPassword,
				"message": "Invalid password",
			})
			return
		}

		// Create a new token
		token := &models.Token{
			ID:           uniuri.NewLen(uniuri.UUIDLen),
			DateCreated:  time.Now(),
			DateModified: time.Now(),
			Owner:        result.Account.ID,
			ExpiryDate:   time.Now().Add(time.Duration(input.ExpiryTime) * time.Second),
			Type:         "auth",
			Scope:        []string{"password_grant"},
			ClientID:     input.ClientID,
		}

		if result.Account.Subscription == "admin" {
			token.Scope = append(token.Scope, "admin")
		}

		// Insert it into database
		if err := r.Table("tokens").Insert(token).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    CodeGeneralDatabaseError,
				"message": err.Error(),
			})
			return
		}

		// Write the token into the response
		c.JSON(201, token)
		return
	case "client_credentials":
		// Parameters:
		//  - client_id     - id of the application
		//  - client_secret - secret of the application

		c.JSON(501, &gin.H{
			"code":    CodeGeneralUnimplemented,
			"message": "Client credentials flow is not implemented.",
		})
	}

	// Same as default in the switch
	c.JSON(422, &gin.H{
		"code":    CodeGeneralInvalidAction,
		"message": "Validation failed",
		"errors":  []string{"Invalid action"},
	})
	return
}
Exemplo n.º 4
0
func (m *Mailer) HandleRecipient(next func(conn *smtpd.Connection)) func(conn *smtpd.Connection) {
	return func(conn *smtpd.Connection) {
		// Prepare the context
		if conn.Environment == nil {
			conn.Environment = map[string]interface{}{}
		}
		if _, ok := conn.Environment["recipients"]; !ok {
			conn.Environment["recipients"] = []recipient{}
		}
		recipients := conn.Environment["recipients"].([]recipient)

		// Get the most recently added recipient and parse it
		addr, err := mail.ParseAddress(
			conn.Envelope.Recipients[len(conn.Envelope.Recipients)-1],
		)
		if err != nil {
			m.Error(conn, err)
			return
		}

		// Normalize the address
		addr.Address = utils.RemoveDots(utils.NormalizeAddress(addr.Address))

		// Fetch the address and account from database
		cursor, err := r.Table("addresses").Get(addr.Address).Default(map[string]interface{}{}).Do(func(address r.Term) map[string]interface{} {
			return map[string]interface{}{
				"address": address,
				"account": r.Branch(
					address.HasFields("id"),
					r.Table("accounts").Get(address.Field("owner")),
					nil,
				),
				"key": r.Branch(
					address.HasFields("public_key").And(address.Field("public_key").Ne("")),
					r.Table("keys").Get(address.Field("public_key")).Without("identities"),
					r.Branch(
						address.HasFields("id"),
						r.Table("keys").GetAllByIndex("owner", address.Field("owner")).OrderBy("date_created").CoerceTo("array").Do(func(keys r.Term) r.Term {
							return r.Branch(
								keys.Count().Gt(0),
								keys.Nth(-1).Without("identities"),
								nil,
							)
						}),
						nil,
					),
				),
			}
		}).Do(func(data r.Term) r.Term {
			return data.Merge(map[string]interface{}{
				"labels": r.Branch(
					data.Field("account").HasFields("id"),
					r.Table("labels").GetAllByIndex("nameOwnerSystem", []interface{}{
						"Inbox",
						data.Field("account").Field("id"),
						true,
					}, []interface{}{
						"Spam",
						data.Field("account").Field("id"),
						true,
					}).CoerceTo("array").Do(func(result r.Term) r.Term {
						return r.Branch(
							result.Count().Eq(2),
							map[string]interface{}{
								"inbox": result.Nth(0).Field("id"),
								"spam":  result.Nth(1).Field("id"),
							},
							nil,
						)
					}),
					nil,
				),
			})
		}).Run(m.Rethink)
		if err != nil {
			m.Error(conn, err)
			return
		}
		defer cursor.Close()
		var result recipient
		if err := cursor.One(&result); err != nil {
			m.Error(conn, err)
			return
		}

		// Check if anything got matched
		if result.Address == nil || result.Address.ID == "" || result.Account == nil || result.Account.ID == "" {
			conn.Error(errors.New("No such address"))
			return
		}
		if result.Key == nil || result.Labels.Inbox == "" || result.Labels.Spam == "" {
			conn.Error(errors.New("Account is not configured"))
			return
		}

		// Append the result to the recipients
		conn.Environment["recipients"] = append(recipients, result)

		// Run the next handler
		next(conn)
	}
}
Exemplo n.º 5
0
func (m *Mailer) HandleDelivery(next func(conn *smtpd.Connection)) func(conn *smtpd.Connection) {
	return func(conn *smtpd.Connection) {
		// Context variables
		var (
			isSpam = false
			ctxID  = uniuri.NewLen(uniuri.UUIDLen)
		)

		// Check for spam
		spamReply, err := m.Spam.Report(string(conn.Envelope.Data))
		if err != nil {
			m.Log.WithFields(logrus.Fields{
				"ctx_id": ctxID,
				"err":    err,
			}).Error("Unable to check an email in spamd")
		}
		if spamReply != nil && spamReply.Code == spamc.EX_OK {
			if spam, ok := spamReply.Vars["isSpam"]; ok && spam.(bool) {
				isSpam = true
			}
		}

		// Trim the spaces from the input
		conn.Envelope.Data = bytes.TrimSpace(conn.Envelope.Data)

		// First run the analysis algorithm to generate an email description
		node := &models.EmailNode{}
		if err := analyzeEmail(node, conn.Envelope.Data); err != nil {
			m.Error(conn, err)
			return
		}

		// Calculate message ID
		messageID := node.Headers.Get("Message-ID")
		x1i := strings.Index(messageID, "<")
		if x1i != -1 {
			x2i := strings.Index(messageID[x1i+1:], ">")
			if x2i != -1 {
				messageID = messageID[x1i+1 : x1i+x2i+1]
			}
		}
		if messageID == "" {
			messageID = uniuri.NewLen(uniuri.UUIDLen) + "@invalid-incoming.pgp.st"
		}

		// Generate the members field
		fromHeader, err := mail.ParseAddress(node.Headers.Get("From"))
		if err != nil {
			m.Error(conn, err)
			return
		}
		members := []string{fromHeader.Address}

		toHeader, err := node.Headers.AddressList("From")
		if err != nil {
			m.Error(conn, err)
			return
		}
		for _, to := range toHeader {
			members = append(members, to.Address)
		}

		if x := node.Headers.Get("CC"); x != "" {
			ccHeader, err := node.Headers.AddressList("CC")
			if err != nil {
				m.Error(conn, err)
				return
			}
			for _, cc := range ccHeader {
				members = append(members, cc.Address)
			}
		}

		// Get the recipients list from the scope
		recipients := conn.Environment["recipients"].([]recipient)
		for _, recipient := range recipients {
			// Parse the found key
			keyring, err := openpgp.ReadKeyRing(bytes.NewReader(recipient.Key.Body))
			if err != nil {
				m.Error(conn, err)
				return
			}

			// Prepare a new email object
			email := &models.Email{
				ID:           uniuri.NewLen(uniuri.UUIDLen),
				DateCreated:  time.Now(),
				DateModified: time.Now(),
				Owner:        recipient.Account.ID,
				MessageID:    messageID,
				Status:       "received",
			}

			// Generate a new key
			key := make([]byte, 32)
			if _, err := io.ReadFull(rand.Reader, key); err != nil {
				m.Error(conn, err)
				return
			}
			akey := [32]byte{}
			copy(akey[:], key)

			// Generate a new nonce
			nonce := make([]byte, 8)
			if _, err = rand.Read(nonce); err != nil {
				m.Error(conn, err)
				return
			}

			// Set up a new stream
			stream, err := chacha20.New(key, nonce)
			if err != nil {
				m.Error(conn, err)
				return
			}

			// Prepare output
			ciphertext := make(
				[]byte,
				len(conn.Envelope.Data)+
					chacha20.NonceSize+
					(len(conn.Envelope.Data)/1024+1)*16,
			)

			// First write the nonce
			copy(ciphertext[:chacha20.NonceSize], nonce)

			// Then write the authenticated encrypted stream
			oi := chacha20.NonceSize
			for i := 0; i < len(conn.Envelope.Data); i += 1024 {
				// Get the chunk
				max := i + 1024
				if max > len(conn.Envelope.Data) {
					max = len(conn.Envelope.Data)
				}
				chunk := conn.Envelope.Data[i:max]

				// Encrypt the block
				stream.XORKeyStream(ciphertext[oi:oi+len(chunk)], chunk)

				// Authenticate it
				var out [16]byte
				poly1305.Sum(&out, ciphertext[oi:oi+len(chunk)], &akey)

				// Write it into the result
				copy(ciphertext[oi+len(chunk):oi+len(chunk)+poly1305.TagSize], out[:])

				// Increase the counter
				oi += 1024 + poly1305.TagSize
			}

			// Save it to the body
			email.Body = ciphertext

			// Create a manifest and encrypt it
			manifest, err := json.Marshal(models.Manifest{
				Key:         key,
				Nonce:       nonce,
				Description: node,
			})
			if err != nil {
				m.Error(conn, err)
				return
			}
			encryptedManifest, err := utils.PGPEncrypt(manifest, keyring)
			if err != nil {
				m.Error(conn, err)
				return
			}
			email.Manifest = encryptedManifest

			// Match the thread
			var thread *models.Thread

			// Get the References header
			var references string
			if x := node.Headers.Get("In-Reply-To"); x != "" {
				references = x
			} else if x := node.Headers.Get("References"); x != "" {
				references = x
			}

			// Match by Message-ID
			if references != "" {
				// As specified in http://www.jwz.org/doc/threading.html, first thing <> is the msg id
				// We support both <message-id> and message-id format.
				x1i := strings.Index(references, "<")
				if x1i != -1 {
					x2i := strings.Index(references[x1i+1:], ">")
					if x2i != -1 {
						references = references[x1i+1 : x1i+x2i+1]
					}
				}

				// Look up the message ID in the database
				cursor, err := r.Table("emails").GetAllByIndex("messageIDOwner", []interface{}{
					references,
					recipient.Account.ID,
				}).CoerceTo("array").Do(func(emails r.Term) r.Term {
					return r.Branch(
						emails.Count().Eq(1),
						r.Table("threads").Get(emails.Nth(0).Field("thread")).Default(map[string]interface{}{}),
						map[string]interface{}{},
					)
				}).Run(m.Rethink)
				if err != nil {
					m.Error(conn, err)
					return
				}
				defer cursor.Close()
				if err := cursor.One(&thread); err != nil {
					m.Error(conn, err)
					return
				}

				// Check if we've found it, clear it if it's invalid
				if thread.ID == "" {
					thread = nil
				}
			}

			// We can't match it by subject, so proceed to create a new thread
			if thread == nil {
				var secure string
				if findEncrypted(node) {
					secure = "all"
				} else {
					secure = "none"
				}

				labels := []string{recipient.Labels.Inbox}
				if isSpam {
					labels = append(labels, recipient.Labels.Spam)
				}

				thread = &models.Thread{
					ID:           uniuri.NewLen(uniuri.UUIDLen),
					DateCreated:  time.Now(),
					DateModified: time.Now(),
					Owner:        recipient.Account.ID,
					Labels:       labels,
					Members:      members,
					Secure:       secure,
				}

				if err := r.Table("threads").Insert(thread).Exec(m.Rethink); err != nil {
					m.Error(conn, err)
					return
				}
			} else {
				// Modify the existing thread
				foundInbox := false
				foundSpam := false
				for _, label := range thread.Labels {
					if label == recipient.Labels.Inbox {
						foundInbox = true
					}

					if isSpam {
						if label == recipient.Labels.Spam {
							foundSpam = true
						}

						if foundInbox && foundSpam {
							break
						}
					} else {
						if foundInbox {
							break
						}
					}
				}

				// Append to thread.Labels
				if !foundInbox {
					thread.Labels = append(thread.Labels, recipient.Labels.Inbox)
				}
				if !foundSpam && isSpam {
					thread.Labels = append(thread.Labels, recipient.Labels.Spam)
				}

				// Members update
				membersHash := map[string]struct{}{}
				for _, member := range thread.Members {
					membersHash[member] = struct{}{}
				}
				for _, member := range members {
					if _, ok := membersHash[member]; !ok {
						membersHash[member] = struct{}{}
					}
				}
				thread.Members = []string{}
				for member := range membersHash {
					thread.Members = append(thread.Members, member)
				}

				update := map[string]interface{}{
					"date_modified": time.Now(),
					"is_read":       false,
					"labels":        thread.Labels,
					"members":       thread.Members,
				}

				secure := findEncrypted(node)
				if (thread.Secure == "all" && !secure) ||
					(thread.Secure == "none" && secure) {
					thread.Secure = "some"
				}

				if err := r.Table("threads").Get(thread.ID).Update(update).Exec(m.Rethink); err != nil {
					m.Error(conn, err)
					return
				}
			}

			email.Thread = thread.ID
			if err := r.Table("emails").Insert(email).Exec(m.Rethink); err != nil {
				m.Error(conn, err)
				return
			}

			m.Log.WithFields(logrus.Fields{
				"address": recipient.Address.ID,
				"account": recipient.Account.MainAddress,
			}).Info("Email received")
		}

		next(conn)
	}
}
Exemplo n.º 6
0
func (a *API) getLabelThreads(c *gin.Context) {
	// Token and account from context
	var (
		account = c.MustGet("account").(*models.Account)
		token   = c.MustGet("token").(*models.Token)
	)

	// Resolve the ID from the URL
	id := c.Param("id")

	// Get label from the database
	cursor, err := r.Table("labels").Get(id).Run(a.Rethink)
	if err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}
	var label *models.Label
	if err := cursor.One(&label); err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}

	// Check the ownership and scope
	if label.Owner == account.ID {
		if !models.InScope(token.Scope, []string{"labels:read"}) {
			c.JSON(403, &gin.H{
				"code":  0,
				"error": "Your token has insufficient scope",
			})
			return
		}
	} else {
		if !models.InScope(token.Scope, []string{"admin"}) {
			c.JSON(403, &gin.H{
				"code":  0,
				"error": "Your token has insufficient scope",
			})
			return
		}
	}

	// Get threads from the database
	cursor, err = r.Table("threads").GetAllByIndex("labels", label.ID).OrderBy(r.Desc("date_modified")).Map(func(thread r.Term) r.Term {
		return thread.Merge(map[string]interface{}{
			"manifest": r.Table("emails").GetAllByIndex("thread", thread.Field("id")).OrderBy("date_modified").CoerceTo("array"),
		}).Do(func(thread r.Term) r.Term {
			return r.Branch(
				thread.Field("manifest").Count().Gt(0),
				thread.Merge(map[string]interface{}{
					"manifest": thread.Field("manifest").Nth(0).Field("manifest"),
				}),
				thread.Without("manifest"),
			)
		})
	}).Run(a.Rethink)
	if err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}
	var threads []*extendedThread
	if err := cursor.All(&threads); err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}
	if threads == nil {
		threads = []*extendedThread{}
	}

	// Write the response
	c.JSON(200, threads)
	return
}
Exemplo n.º 7
0
func (a *API) readAccount(c *gin.Context) {
	// Get token and account info from the context
	var (
		ownAccount = c.MustGet("account").(*models.Account)
		token      = c.MustGet("token").(*models.Token)
	)

	// Resolve the account ID and check scope accordingly
	id := c.Param("id")
	if id == "me" {
		// Swap the ID to own account's ID
		id = ownAccount.ID
	}

	if id == ownAccount.ID {
		// Check the scope
		if !models.InScope(token.Scope, []string{"account:read"}) {
			c.JSON(403, &gin.H{
				"code":  0,
				"error": "Your token has insufficient scope",
			})
			return
		}

		// Get addresses from database
		cursor, err := r.Table("addresses").GetAllByIndex("owner", id).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":  0,
				"error": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var addresses []*models.Address
		if err := cursor.All(&addresses); err != nil {
			c.JSON(500, &gin.H{
				"code":  0,
				"error": err.Error(),
			})
			return
		}

		ownAccount.Password = nil

		// Write the response
		c.JSON(200, struct {
			*models.Account
			Addresses []*models.Address `json:"addresses"`
		}{
			Account:   ownAccount,
			Addresses: addresses,
		})
		return
	}
	// Check the scope
	if !models.InScope(token.Scope, []string{"admin"}) {
		c.JSON(403, &gin.H{
			"code":  0,
			"error": "Your token has insufficient scope",
		})
		return
	}

	// Fetch the account
	cursor, err := r.Table("accounts").Get(id).Do(func(account r.Term) r.Term {
		return r.Branch(
			account.Eq(nil),
			map[string]interface{}{},
			account.Without("password").Merge(map[string]interface{}{
				"addresses": r.Table("addresses").GetAllByIndex("owner", account.Field("id")),
			}),
		)
	}).Run(a.Rethink)
	if err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}
	defer cursor.Close()
	var result struct {
		models.Account
		Addresses []*models.Address `json:"addresses"`
	}
	if err := cursor.One(&result); err != nil {
		c.JSON(500, &gin.H{
			"code":  0,
			"error": err.Error(),
		})
		return
	}

	if result.ID == "" {
		c.JSON(404, &gin.H{
			"code":  0,
			"error": "Account not found",
		})
		return
	}

	c.JSON(200, result)
}
Exemplo n.º 8
0
func (a *API) createAccount(c *gin.Context) {
	// Decode the input
	var input struct {
		Action   string `json:"action"`
		Username string `json:"username"`
		AltEmail string `json:"alt_email"`
		Token    string `json:"token"`
		Password string `json:"password"`
		Address  string `json:"address"`
	}
	if err := c.Bind(&input); err != nil {
		c.JSON(422, &gin.H{
			"code":    0,
			"message": err.Error(),
		})
		return
	}

	// Switch the action
	switch input.Action {
	case "reserve":
		// Parameters:
		//  - username  - desired username
		//  - alt_email - desired email

		// Normalize the username
		styledID := utils.NormalizeUsername(input.Username)
		nu := utils.RemoveDots(styledID)

		// Validate input:
		// - len(username) >= 3 && len(username) <= 32
		// - email.match(alt_email)
		errors := []string{}
		if len(nu) < 3 {
			errors = append(errors, "Username too short. It must be 3-32 characters long.")
		}
		if len(nu) > 32 {
			errors = append(errors, "Username too long. It must be 3-32 characters long.")
		}
		if !govalidator.IsEmail(input.AltEmail) {
			errors = append(errors, "Invalid alternative e-mail format.")
		}
		if len(errors) > 0 {
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Validation failed.",
				"errors":  errors,
			})
			return
		}

		// Check in the database whether you can register such account
		cursor, err := r.Table("addresses").Get(nu + "@pgp.st").Ne(nil).Do(func(left r.Term) map[string]interface{} {
			return map[string]interface{}{
				"username":  left,
				"alt_email": r.Table("accounts").GetAllByIndex("alt_email", input.AltEmail).Count().Eq(1),
			}
		}).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var result struct {
			Username bool `gorethink:"username"`
			AltEmail bool `gorethink:"alt_email"`
		}
		if err := cursor.One(&result); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}
		if result.Username || result.AltEmail {
			errors := []string{}
			if result.Username {
				errors = append(errors, "This username is taken.")
			}
			if result.AltEmail {
				errors = append(errors, "This email address is used.")
			}
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Naming conflict",
				"errors":  errors,
			})
			return
		}

		// Create an account and an address
		address := &models.Address{
			ID:          nu + "@pgp.st",
			StyledID:    styledID + "@pgp.st",
			DateCreated: time.Now(),
			Owner:       "", // we set it later
		}
		account := &models.Account{
			ID:           uniuri.NewLen(uniuri.UUIDLen),
			DateCreated:  time.Now(),
			MainAddress:  address.ID,
			Subscription: "beta",
			AltEmail:     input.AltEmail,
			Status:       "inactive",
		}
		address.Owner = account.ID

		// Insert them into the database
		if err := r.Table("addresses").Insert(address).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}
		if err := r.Table("accounts").Insert(account).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}

		// Write a response
		c.JSON(201, account)
		return
	case "activate":
		// Parameters:
		//  - address - expected address
		//  - token   - relevant token for address

		errors := []string{}

		if !govalidator.IsEmail(input.Address) {
			errors = append(errors, "Invalid address format")
		}
		if input.Token == "" {
			errors = append(errors, "Token is missing")
		}
		if len(errors) > 0 {
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Validation failed",
				"errors":  errors,
			})
			return
		}

		// Normalise input.Address
		input_address := utils.RemoveDots(utils.NormalizeAddress(input.Address))

		// Check in the database whether these both exist
		cursor, err := r.Table("tokens").Get(input.Token).Do(func(left r.Term) r.Term {
			return r.Branch(
				left.Ne(nil).And(left.Field("type").Eq("activate")),
				map[string]interface{}{
					"token":   left,
					"account": r.Table("accounts").Get(left.Field("owner")),
				},
				map[string]interface{}{
					"token":   nil,
					"account": nil,
				},
			)
		}).Run(a.Rethink)
		if err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}
		defer cursor.Close()
		var result struct {
			Token   *models.Token   `gorethink:"token"`
			Account *models.Account `gorethink:"account"`
		}
		if err := cursor.One(&result); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}
		if result.Token == nil {
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Activation failed",
				"errors":  []string{"Invalid token"},
			})
			return
		}
		if result.Account.MainAddress != input_address {
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Activation failed",
				"errors":  []string{"Address does not match token"},
			})
			return
		}

		// Everything seems okay, let's go ahead and delete the token
		if err := r.Table("tokens").Get(result.Token.ID).Delete().Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}

		// token has been deleted now, let's do some post deletion checks
		if result.Token.IsExpired() {
			errors = append(errors, "Token expired")
		}
		if result.Account.Status != "inactive" {
			errors = append(errors, "Account already active")
		}
		if len(errors) > 0 {
			c.JSON(422, &gin.H{
				"code":    0,
				"message": "Activation failed",
				"errors":  errors,
			})
			return
		}

		// make the account active, welcome to pgp.st, new guy!
		if err := r.Table("accounts").Get(result.Account.ID).Update(map[string]interface{}{
			"status":        "active",
			"date_modified": time.Now(),
		}).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}

		// Create labels for that user
		if err := r.Table("labels").Insert([]*models.Label{
			&models.Label{
				ID:           uniuri.NewLen(uniuri.UUIDLen),
				DateCreated:  time.Now(),
				DateModified: time.Now(),
				Owner:        result.Account.ID,
				Name:         "Inbox",
				System:       true,
			},
			&models.Label{
				ID:           uniuri.NewLen(uniuri.UUIDLen),
				DateCreated:  time.Now(),
				DateModified: time.Now(),
				Owner:        result.Account.ID,
				Name:         "Spam",
				System:       true,
			},
			&models.Label{
				ID:           uniuri.NewLen(uniuri.UUIDLen),
				DateCreated:  time.Now(),
				DateModified: time.Now(),
				Owner:        result.Account.ID,
				Name:         "Sent",
				System:       true,
			},
			&models.Label{
				ID:           uniuri.NewLen(uniuri.UUIDLen),
				DateCreated:  time.Now(),
				DateModified: time.Now(),
				Owner:        result.Account.ID,
				Name:         "Starred",
				System:       true,
			},
		}).Exec(a.Rethink); err != nil {
			c.JSON(500, &gin.H{
				"code":    0,
				"message": err.Error(),
			})
			return
		}

		// Temporary response...
		c.JSON(201, &gin.H{
			"id":      result.Account.ID,
			"message": "Activation successful",
		})
		return
	}

	// Same as default in the switch
	c.JSON(422, &gin.H{
		"code":    0,
		"message": "Validation failed",
		"errors":  []string{"Invalid action"},
	})
	return
}