Merge branch 'refactor-nginx'
commit
9dd4150e7c
@ -0,0 +1,6 @@
|
|||||||
|
from flask import Blueprint
|
||||||
|
|
||||||
|
|
||||||
|
internal = Blueprint('internal', __name__)
|
||||||
|
|
||||||
|
from mailu.internal import views
|
@ -0,0 +1,70 @@
|
|||||||
|
from mailu import db, models
|
||||||
|
|
||||||
|
import socket
|
||||||
|
|
||||||
|
|
||||||
|
SUPPORTED_AUTH_METHODS = ["none", "plain"]
|
||||||
|
|
||||||
|
STATUSES = {
|
||||||
|
"authentication": ("Authentication credentials invalid", {
|
||||||
|
"imap": "AUTHENTICATIONFAILED",
|
||||||
|
"smtp": "535 5.7.8",
|
||||||
|
"pop3": ""
|
||||||
|
}),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SERVER_MAP = {
|
||||||
|
"imap": ("imap", 143),
|
||||||
|
"smtp": ("smtp", 25)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def handle_authentication(headers):
|
||||||
|
""" Handle an HTTP nginx authentication request
|
||||||
|
See: http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
|
||||||
|
"""
|
||||||
|
method = headers["Auth-Method"]
|
||||||
|
protocol = headers["Auth-Protocol"]
|
||||||
|
server, port = get_server(headers["Auth-Protocol"])
|
||||||
|
# Incoming mail, no authentication
|
||||||
|
if method == "none" and protocol == "smtp":
|
||||||
|
return {
|
||||||
|
"Auth-Status": "OK",
|
||||||
|
"Auth-Server": server,
|
||||||
|
"Auth-Port": port
|
||||||
|
}
|
||||||
|
# Authenticated user
|
||||||
|
elif method == "plain":
|
||||||
|
user_email = headers["Auth-User"]
|
||||||
|
password = headers["Auth-Pass"]
|
||||||
|
user = models.User.query.get(user_email)
|
||||||
|
if user and user.check_password(password):
|
||||||
|
return {
|
||||||
|
"Auth-Status": "OK",
|
||||||
|
"Auth-Server": server,
|
||||||
|
"Auth-Port": port
|
||||||
|
}
|
||||||
|
else:
|
||||||
|
status, code = get_status(protocol, "authentication")
|
||||||
|
return {
|
||||||
|
"Auth-Status": status,
|
||||||
|
"Auth-Error-Code": code,
|
||||||
|
"Auth-Wait": 0
|
||||||
|
}
|
||||||
|
# Unexpected
|
||||||
|
else:
|
||||||
|
return {}
|
||||||
|
|
||||||
|
|
||||||
|
def get_status(protocol, status):
|
||||||
|
""" Return the proper error code depending on the protocol
|
||||||
|
"""
|
||||||
|
status, codes = STATUSES[status]
|
||||||
|
return status, codes[protocol]
|
||||||
|
|
||||||
|
|
||||||
|
def get_server(protocol):
|
||||||
|
hostname, port = SERVER_MAP[protocol]
|
||||||
|
address = socket.gethostbyname(hostname)
|
||||||
|
return address, port
|
@ -0,0 +1,13 @@
|
|||||||
|
from mailu import db, models
|
||||||
|
from mailu.internal import internal, nginx
|
||||||
|
|
||||||
|
import flask
|
||||||
|
|
||||||
|
|
||||||
|
@internal.route("/nginx")
|
||||||
|
def nginx_authentication():
|
||||||
|
headers = nginx.handle_authentication(flask.request.headers)
|
||||||
|
response = flask.Response()
|
||||||
|
for key, value in headers.items():
|
||||||
|
response.headers[key] = str(value)
|
||||||
|
return response
|
@ -1,68 +0,0 @@
|
|||||||
from mailu import app, scheduler, dockercli
|
|
||||||
|
|
||||||
import urllib3
|
|
||||||
import json
|
|
||||||
import os
|
|
||||||
import base64
|
|
||||||
import subprocess
|
|
||||||
|
|
||||||
|
|
||||||
def install_certs(domain):
|
|
||||||
""" Extract certificates from the given domain and install them
|
|
||||||
to the certificate path.
|
|
||||||
"""
|
|
||||||
path = app.config["CERTS_PATH"]
|
|
||||||
acme_path = os.path.join(path, "acme.json")
|
|
||||||
key_path = os.path.join(path, "key.pem")
|
|
||||||
cert_path = os.path.join(path, "cert.pem")
|
|
||||||
if not os.path.exists(acme_path):
|
|
||||||
print("Could not find traefik acme configuration")
|
|
||||||
return
|
|
||||||
with open(acme_path, "r") as handler:
|
|
||||||
data = json.loads(handler.read())
|
|
||||||
for item in data["DomainsCertificate"]["Certs"]:
|
|
||||||
if domain == item["Domains"]["Main"]:
|
|
||||||
cert = base64.b64decode(item["Certificate"]["Certificate"])
|
|
||||||
key = base64.b64decode(item["Certificate"]["PrivateKey"])
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
print("Could not find the proper certificate from traefik")
|
|
||||||
return
|
|
||||||
if os.path.exists(cert_path):
|
|
||||||
with open(cert_path, "rb") as handler:
|
|
||||||
if handler.read() == cert:
|
|
||||||
return
|
|
||||||
print("Installing the new certificate from traefik")
|
|
||||||
with open(cert_path, "wb") as handler:
|
|
||||||
handler.write(cert)
|
|
||||||
with open(key_path, "wb") as handler:
|
|
||||||
handler.write(key)
|
|
||||||
|
|
||||||
|
|
||||||
def restart_services():
|
|
||||||
print("Reloading services using TLS")
|
|
||||||
dockercli.reload("http", "smtp", "imap")
|
|
||||||
|
|
||||||
|
|
||||||
@scheduler.scheduled_job('date')
|
|
||||||
def create_dhparam():
|
|
||||||
path = app.config["CERTS_PATH"]
|
|
||||||
dhparam_path = os.path.join(path, "dhparam.pem")
|
|
||||||
if not os.path.exists(dhparam_path):
|
|
||||||
print("Creating DH params")
|
|
||||||
subprocess.call(["openssl", "dhparam", "-out", dhparam_path, "2048"])
|
|
||||||
restart_services()
|
|
||||||
|
|
||||||
|
|
||||||
@scheduler.scheduled_job('date')
|
|
||||||
@scheduler.scheduled_job('cron', day='*/4', hour=0, minute=0)
|
|
||||||
def refresh_certs():
|
|
||||||
if not app.config["TLS_FLAVOR"] == "letsencrypt":
|
|
||||||
return
|
|
||||||
if not app.config["FRONTEND"] == "traefik":
|
|
||||||
print("Letsencrypt certificates are compatible with traefik only")
|
|
||||||
return
|
|
||||||
print("Requesting traefik to make sure the certificate is fresh")
|
|
||||||
hostname = app.config["HOSTNAME"]
|
|
||||||
urllib3.PoolManager().request("GET", "https://{}".format(hostname))
|
|
||||||
install_certs(hostname)
|
|
@ -0,0 +1,6 @@
|
|||||||
|
from flask import Blueprint
|
||||||
|
|
||||||
|
|
||||||
|
ui = Blueprint('ui', __name__, static_folder='static', template_folder='templates')
|
||||||
|
|
||||||
|
from mailu.ui.views import *
|
@ -1,4 +1,5 @@
|
|||||||
from mailu import db, models, forms
|
from mailu import db, models
|
||||||
|
from mailu.ui import forms
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
import flask_login
|
import flask_login
|
Before Width: | Height: | Size: 106 KiB After Width: | Height: | Size: 106 KiB |
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue