455 lines
13 KiB
Go
455 lines
13 KiB
Go
package mail
|
|
|
|
import (
|
|
"errors"
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/jackc/pgx/v5/pgxpool"
|
|
|
|
"github.com/ultisuite/ulti-backend/internal/api/apiresponse"
|
|
"github.com/ultisuite/ulti-backend/internal/api/apivalidate"
|
|
"github.com/ultisuite/ulti-backend/internal/api/middleware"
|
|
"github.com/ultisuite/ulti-backend/internal/api/query"
|
|
"github.com/ultisuite/ulti-backend/internal/mail/credentials"
|
|
"github.com/ultisuite/ulti-backend/internal/securityaudit"
|
|
)
|
|
|
|
type Handler struct {
|
|
svc *Service
|
|
logger *slog.Logger
|
|
}
|
|
|
|
func NewHandler(db *pgxpool.Pool, audit *securityaudit.Logger, credentialManager *credentials.Manager) *Handler {
|
|
return &Handler{
|
|
svc: NewService(db, audit, credentialManager),
|
|
logger: slog.Default().With("component", "mail-api"),
|
|
}
|
|
}
|
|
|
|
func (h *Handler) Routes() chi.Router {
|
|
r := chi.NewRouter()
|
|
|
|
r.Get("/accounts", h.ListAccounts)
|
|
r.Post("/accounts", h.CreateAccount)
|
|
r.Get("/accounts/{accountID}", h.GetAccount)
|
|
r.Delete("/accounts/{accountID}", h.DeleteAccount)
|
|
|
|
r.Get("/messages", h.ListMessages)
|
|
r.Get("/messages/{messageID}", h.GetMessage)
|
|
r.Put("/messages/{messageID}/labels", h.UpdateLabels)
|
|
r.Put("/messages/{messageID}/flags", h.UpdateFlags)
|
|
r.Delete("/messages/{messageID}", h.DeleteMessage)
|
|
|
|
r.Get("/threads/{threadID}", h.GetThread)
|
|
|
|
r.Post("/send", h.SendMessage)
|
|
|
|
r.Get("/rules", h.ListRules)
|
|
r.Post("/rules", h.CreateRule)
|
|
r.Put("/rules/{ruleID}", h.UpdateRule)
|
|
r.Delete("/rules/{ruleID}", h.DeleteRule)
|
|
|
|
r.Get("/webhooks", h.ListWebhooks)
|
|
r.Post("/webhooks", h.CreateWebhook)
|
|
r.Delete("/webhooks/{webhookID}", h.DeleteWebhook)
|
|
|
|
return r
|
|
}
|
|
|
|
func (h *Handler) ListAccounts(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
params, err := query.ParseListRequest(r)
|
|
if err != nil {
|
|
apivalidate.WriteQueryError(w, r, err)
|
|
return
|
|
}
|
|
|
|
result, err := h.svc.ListAccounts(r.Context(), claims.Sub, params)
|
|
if err != nil {
|
|
h.logger.Error("list accounts", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) CreateAccount(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
|
|
var req createAccountRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxAccountRequestBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateCreateAccount(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
id, err := h.svc.CreateAccount(r.Context(), claims.Sub, &req)
|
|
if err != nil {
|
|
if errors.Is(err, ErrCredentialsUnavailable) {
|
|
apiresponse.WriteError(w, r, http.StatusInternalServerError, apiresponse.CodeInternal, "credentials encryption unavailable", nil)
|
|
return
|
|
}
|
|
h.logger.Error("create account", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusCreated, map[string]string{"id": id})
|
|
}
|
|
|
|
func (h *Handler) GetAccount(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
account, err := h.svc.GetAccount(r.Context(), claims.Sub, chi.URLParam(r, "accountID"))
|
|
if err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("get account", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, account)
|
|
}
|
|
|
|
func (h *Handler) DeleteAccount(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
if err := h.svc.DeleteAccount(r.Context(), claims.Sub, chi.URLParam(r, "accountID")); err != nil {
|
|
if errors.Is(err, ErrUserNotProvisioned) {
|
|
apiresponse.WriteError(w, r, http.StatusUnauthorized, apiresponse.CodeAuthUnauthorized, "user not provisioned", nil)
|
|
return
|
|
}
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("delete account", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) ListMessages(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
params, err := query.ParseListRequest(r)
|
|
if err != nil {
|
|
apivalidate.WriteQueryError(w, r, err)
|
|
return
|
|
}
|
|
|
|
filter := MessageListFilter{
|
|
Folder: r.URL.Query().Get("folder"),
|
|
AccountID: r.URL.Query().Get("account_id"),
|
|
}
|
|
|
|
result, err := h.svc.ListMessages(r.Context(), claims.Sub, filter, params)
|
|
if err != nil {
|
|
h.logger.Error("list messages", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) GetMessage(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
msg, err := h.svc.GetMessage(r.Context(), claims.Sub, chi.URLParam(r, "messageID"))
|
|
if err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("get message", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, msg)
|
|
}
|
|
|
|
func (h *Handler) UpdateLabels(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
var req updateLabelsRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxFlagsLabelsBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateUpdateLabels(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.UpdateLabels(r.Context(), userID, chi.URLParam(r, "messageID"), req.Labels); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("update labels", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) UpdateFlags(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
var req updateFlagsRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxFlagsLabelsBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateUpdateFlags(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.UpdateFlags(r.Context(), userID, chi.URLParam(r, "messageID"), req.Flags); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("update flags", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) DeleteMessage(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.DeleteMessage(r.Context(), claims.Sub, userID, chi.URLParam(r, "messageID")); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("delete message", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) GetThread(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
result, err := h.svc.GetThread(r.Context(), claims.Sub, chi.URLParam(r, "threadID"))
|
|
if err != nil {
|
|
h.logger.Error("get thread", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) SendMessage(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
var req sendMessageRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxSendRequestBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateSendMessage(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
id, status, err := h.svc.SendMessage(r.Context(), userID, &req)
|
|
if err != nil {
|
|
if errors.Is(err, ErrAccountNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "account not found")
|
|
return
|
|
}
|
|
h.logger.Error("send message", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusAccepted, map[string]string{"id": id, "status": status})
|
|
}
|
|
|
|
func (h *Handler) ListRules(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
params, err := query.ParseListRequest(r)
|
|
if err != nil {
|
|
apivalidate.WriteQueryError(w, r, err)
|
|
return
|
|
}
|
|
|
|
result, err := h.svc.ListRules(r.Context(), claims.Sub, params)
|
|
if err != nil {
|
|
h.logger.Error("list rules", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) CreateRule(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
var req createRuleRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxRulesRequestBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateCreateRule(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
id, err := h.svc.CreateRule(r.Context(), userID, &req)
|
|
if err != nil {
|
|
if errors.Is(err, ErrAccountNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "account not found")
|
|
return
|
|
}
|
|
h.logger.Error("create rule", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusCreated, map[string]string{"id": id})
|
|
}
|
|
|
|
func (h *Handler) UpdateRule(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
var req updateRuleRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxRulesRequestBody, &req); err != nil {
|
|
return
|
|
}
|
|
if verr := validateUpdateRule(&req); verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.UpdateRule(r.Context(), userID, chi.URLParam(r, "ruleID"), &req); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("update rule", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) DeleteRule(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.DeleteRule(r.Context(), claims.Sub, userID, chi.URLParam(r, "ruleID")); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("delete rule", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) ListWebhooks(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
params, err := query.ParseListRequest(r)
|
|
if err != nil {
|
|
apivalidate.WriteQueryError(w, r, err)
|
|
return
|
|
}
|
|
|
|
result, err := h.svc.ListWebhooks(r.Context(), claims.Sub, params)
|
|
if err != nil {
|
|
h.logger.Error("list webhooks", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) CreateWebhook(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
|
|
var req createWebhookRequest
|
|
if err := apivalidate.DecodeJSON(w, r, maxWebhookRequestBody, &req); err != nil {
|
|
return
|
|
}
|
|
method, verr := validateCreateWebhook(&req)
|
|
if verr != nil {
|
|
apivalidate.WriteValidationError(w, r, verr)
|
|
return
|
|
}
|
|
|
|
id, err := h.svc.CreateWebhook(r.Context(), claims.Sub, &req, method)
|
|
if err != nil {
|
|
h.logger.Error("create webhook", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusCreated, map[string]string{"id": id})
|
|
}
|
|
|
|
func (h *Handler) DeleteWebhook(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
userID, err := h.svc.ResolveUserID(r.Context(), claims.Sub)
|
|
if err != nil {
|
|
h.writeUserResolveError(w, r, err)
|
|
return
|
|
}
|
|
|
|
if err := h.svc.DeleteWebhook(r.Context(), claims.Sub, userID, chi.URLParam(r, "webhookID")); err != nil {
|
|
if errors.Is(err, ErrNotFound) {
|
|
apivalidate.WriteNotFound(w, r, "not found")
|
|
return
|
|
}
|
|
h.logger.Error("delete webhook", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) writeUserResolveError(w http.ResponseWriter, r *http.Request, err error) {
|
|
if errors.Is(err, ErrUserNotProvisioned) {
|
|
apiresponse.WriteError(w, r, http.StatusUnauthorized, apiresponse.CodeAuthUnauthorized, "user not provisioned", nil)
|
|
return
|
|
}
|
|
h.logger.Error("resolve user id", "error", err)
|
|
apivalidate.WriteInternal(w, r)
|
|
}
|