aboutsummaryrefslogtreecommitdiffstats
path: root/services/mailer/incoming
diff options
context:
space:
mode:
Diffstat (limited to 'services/mailer/incoming')
-rw-r--r--services/mailer/incoming/incoming.go375
-rw-r--r--services/mailer/incoming/incoming_handler.go171
-rw-r--r--services/mailer/incoming/incoming_test.go138
-rw-r--r--services/mailer/incoming/payload/payload.go70
4 files changed, 754 insertions, 0 deletions
diff --git a/services/mailer/incoming/incoming.go b/services/mailer/incoming/incoming.go
new file mode 100644
index 0000000000..2653e80586
--- /dev/null
+++ b/services/mailer/incoming/incoming.go
@@ -0,0 +1,375 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package incoming
+
+import (
+ "context"
+ "crypto/tls"
+ "fmt"
+ net_mail "net/mail"
+ "regexp"
+ "strings"
+ "time"
+
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/process"
+ "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/services/mailer/token"
+
+ "github.com/dimiro1/reply"
+ "github.com/emersion/go-imap"
+ "github.com/emersion/go-imap/client"
+ "github.com/jhillyerd/enmime"
+)
+
+var (
+ addressTokenRegex *regexp.Regexp
+ referenceTokenRegex *regexp.Regexp
+)
+
+func Init(ctx context.Context) error {
+ if !setting.IncomingEmail.Enabled {
+ return nil
+ }
+
+ var err error
+ addressTokenRegex, err = regexp.Compile(
+ fmt.Sprintf(
+ `\A%s\z`,
+ strings.Replace(regexp.QuoteMeta(setting.IncomingEmail.ReplyToAddress), regexp.QuoteMeta(setting.IncomingEmail.TokenPlaceholder), "(.+)", 1),
+ ),
+ )
+ if err != nil {
+ return err
+ }
+ referenceTokenRegex, err = regexp.Compile(fmt.Sprintf(`\Areply-(.+)@%s\z`, regexp.QuoteMeta(setting.Domain)))
+ if err != nil {
+ return err
+ }
+
+ go func() {
+ ctx, _, finished := process.GetManager().AddTypedContext(ctx, "Incoming Email", process.SystemProcessType, true)
+ defer finished()
+
+ // This background job processes incoming emails. It uses the IMAP IDLE command to get notified about incoming emails.
+ // The following loop restarts the processing logic after errors until ctx indicates to stop.
+
+ for {
+ select {
+ case <-ctx.Done():
+ return
+ default:
+ if err := processIncomingEmails(ctx); err != nil {
+ log.Error("Error while processing incoming emails: %v", err)
+ }
+ select {
+ case <-ctx.Done():
+ return
+ case <-time.NewTimer(10 * time.Second).C:
+ }
+ }
+ }
+ }()
+
+ return nil
+}
+
+// processIncomingEmails is the "main" method with the wait/process loop
+func processIncomingEmails(ctx context.Context) error {
+ server := fmt.Sprintf("%s:%d", setting.IncomingEmail.Host, setting.IncomingEmail.Port)
+
+ var c *client.Client
+ var err error
+ if setting.IncomingEmail.UseTLS {
+ c, err = client.DialTLS(server, &tls.Config{InsecureSkipVerify: setting.IncomingEmail.SkipTLSVerify})
+ } else {
+ c, err = client.Dial(server)
+ }
+ if err != nil {
+ return fmt.Errorf("could not connect to server '%s': %w", server, err)
+ }
+
+ if err := c.Login(setting.IncomingEmail.Username, setting.IncomingEmail.Password); err != nil {
+ return fmt.Errorf("could not login: %w", err)
+ }
+ defer func() {
+ if err := c.Logout(); err != nil {
+ log.Error("Logout from incoming email server failed: %v", err)
+ }
+ }()
+
+ if _, err := c.Select(setting.IncomingEmail.Mailbox, false); err != nil {
+ return fmt.Errorf("selecting box '%s' failed: %w", setting.IncomingEmail.Mailbox, err)
+ }
+
+ // The following loop processes messages. If there are no messages available, IMAP IDLE is used to wait for new messages.
+ // This process is repeated until an IMAP error occurs or ctx indicates to stop.
+
+ for {
+ select {
+ case <-ctx.Done():
+ return nil
+ default:
+ if err := processMessages(ctx, c); err != nil {
+ return fmt.Errorf("could not process messages: %w", err)
+ }
+ if err := waitForUpdates(ctx, c); err != nil {
+ return fmt.Errorf("wait for updates failed: %w", err)
+ }
+ select {
+ case <-ctx.Done():
+ return nil
+ case <-time.NewTimer(time.Second).C:
+ }
+ }
+ }
+}
+
+// waitForUpdates uses IMAP IDLE to wait for new emails
+func waitForUpdates(ctx context.Context, c *client.Client) error {
+ updates := make(chan client.Update, 1)
+
+ c.Updates = updates
+ defer func() {
+ c.Updates = nil
+ }()
+
+ errs := make(chan error, 1)
+ stop := make(chan struct{})
+ go func() {
+ errs <- c.Idle(stop, nil)
+ }()
+
+ stopped := false
+ for {
+ select {
+ case update := <-updates:
+ switch update.(type) {
+ case *client.MailboxUpdate:
+ if !stopped {
+ close(stop)
+ stopped = true
+ }
+ default:
+ }
+ case err := <-errs:
+ if err != nil {
+ return fmt.Errorf("imap idle failed: %w", err)
+ }
+ return nil
+ case <-ctx.Done():
+ return nil
+ }
+ }
+}
+
+// processMessages searches unread mails and processes them.
+func processMessages(ctx context.Context, c *client.Client) error {
+ criteria := imap.NewSearchCriteria()
+ criteria.WithoutFlags = []string{imap.SeenFlag}
+ criteria.Smaller = setting.IncomingEmail.MaximumMessageSize
+ ids, err := c.Search(criteria)
+ if err != nil {
+ return fmt.Errorf("imap search failed: %w", err)
+ }
+
+ if len(ids) == 0 {
+ return nil
+ }
+
+ seqset := new(imap.SeqSet)
+ seqset.AddNum(ids...)
+ messages := make(chan *imap.Message, 10)
+
+ section := &imap.BodySectionName{}
+
+ errs := make(chan error, 1)
+ go func() {
+ errs <- c.Fetch(
+ seqset,
+ []imap.FetchItem{section.FetchItem()},
+ messages,
+ )
+ }()
+
+ handledSet := new(imap.SeqSet)
+loop:
+ for {
+ select {
+ case <-ctx.Done():
+ break loop
+ case msg, ok := <-messages:
+ if !ok {
+ if setting.IncomingEmail.DeleteHandledMessage && !handledSet.Empty() {
+ if err := c.Store(
+ handledSet,
+ imap.FormatFlagsOp(imap.AddFlags, true),
+ []interface{}{imap.DeletedFlag},
+ nil,
+ ); err != nil {
+ return fmt.Errorf("imap store failed: %w", err)
+ }
+
+ if err := c.Expunge(nil); err != nil {
+ return fmt.Errorf("imap expunge failed: %w", err)
+ }
+ }
+ return nil
+ }
+
+ err := func() error {
+ r := msg.GetBody(section)
+ if r == nil {
+ return fmt.Errorf("could not get body from message: %w", err)
+ }
+
+ env, err := enmime.ReadEnvelope(r)
+ if err != nil {
+ return fmt.Errorf("could not read envelope: %w", err)
+ }
+
+ if isAutomaticReply(env) {
+ log.Debug("Skipping automatic email reply")
+ return nil
+ }
+
+ t := searchTokenInHeaders(env)
+ if t == "" {
+ log.Debug("Incoming email token not found in headers")
+ return nil
+ }
+
+ handlerType, user, payload, err := token.ExtractToken(ctx, t)
+ if err != nil {
+ if _, ok := err.(*token.ErrToken); ok {
+ log.Info("Invalid incoming email token: %v", err)
+ return nil
+ }
+ return err
+ }
+
+ handler, ok := handlers[handlerType]
+ if !ok {
+ return fmt.Errorf("unexpected handler type: %v", handlerType)
+ }
+
+ content := getContentFromMailReader(env)
+
+ if err := handler.Handle(ctx, content, user, payload); err != nil {
+ return fmt.Errorf("could not handle message: %w", err)
+ }
+
+ handledSet.AddNum(msg.SeqNum)
+
+ return nil
+ }()
+ if err != nil {
+ log.Error("Error while processing incoming email[%v]: %v", msg.Uid, err)
+ }
+ }
+ }
+
+ if err := <-errs; err != nil {
+ return fmt.Errorf("imap fetch failed: %w", err)
+ }
+
+ return nil
+}
+
+// isAutomaticReply tests if the headers indicate an automatic reply
+func isAutomaticReply(env *enmime.Envelope) bool {
+ autoSubmitted := env.GetHeader("Auto-Submitted")
+ if autoSubmitted != "" && autoSubmitted != "no" {
+ return true
+ }
+ autoReply := env.GetHeader("X-Autoreply")
+ if autoReply == "yes" {
+ return true
+ }
+ autoRespond := env.GetHeader("X-Autorespond")
+ return autoRespond != ""
+}
+
+// searchTokenInHeaders looks for the token in To, Delivered-To and References
+func searchTokenInHeaders(env *enmime.Envelope) string {
+ if addressTokenRegex != nil {
+ to, _ := env.AddressList("To")
+
+ token := searchTokenInAddresses(to)
+ if token != "" {
+ return token
+ }
+
+ deliveredTo, _ := env.AddressList("Delivered-To")
+
+ token = searchTokenInAddresses(deliveredTo)
+ if token != "" {
+ return token
+ }
+ }
+
+ references := env.GetHeader("References")
+ for {
+ begin := strings.IndexByte(references, '<')
+ if begin == -1 {
+ break
+ }
+ begin++
+
+ end := strings.IndexByte(references, '>')
+ if end == -1 || begin > end {
+ break
+ }
+
+ match := referenceTokenRegex.FindStringSubmatch(references[begin:end])
+ if len(match) == 2 {
+ return match[1]
+ }
+
+ references = references[end+1:]
+ }
+
+ return ""
+}
+
+// searchTokenInAddresses looks for the token in an address
+func searchTokenInAddresses(addresses []*net_mail.Address) string {
+ for _, address := range addresses {
+ match := addressTokenRegex.FindStringSubmatch(address.Address)
+ if len(match) != 2 {
+ continue
+ }
+
+ return match[1]
+ }
+
+ return ""
+}
+
+type MailContent struct {
+ Content string
+ Attachments []*Attachment
+}
+
+type Attachment struct {
+ Name string
+ Content []byte
+}
+
+// getContentFromMailReader grabs the plain content and the attachments from the mail.
+// A potential reply/signature gets stripped from the content.
+func getContentFromMailReader(env *enmime.Envelope) *MailContent {
+ attachments := make([]*Attachment, 0, len(env.Attachments))
+ for _, attachment := range env.Attachments {
+ attachments = append(attachments, &Attachment{
+ Name: attachment.FileName,
+ Content: attachment.Content,
+ })
+ }
+
+ return &MailContent{
+ Content: reply.FromText(env.Text),
+ Attachments: attachments,
+ }
+}
diff --git a/services/mailer/incoming/incoming_handler.go b/services/mailer/incoming/incoming_handler.go
new file mode 100644
index 0000000000..173b362a55
--- /dev/null
+++ b/services/mailer/incoming/incoming_handler.go
@@ -0,0 +1,171 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package incoming
+
+import (
+ "bytes"
+ "context"
+ "fmt"
+
+ issues_model "code.gitea.io/gitea/models/issues"
+ access_model "code.gitea.io/gitea/models/perm/access"
+ repo_model "code.gitea.io/gitea/models/repo"
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/upload"
+ "code.gitea.io/gitea/modules/util"
+ attachment_service "code.gitea.io/gitea/services/attachment"
+ issue_service "code.gitea.io/gitea/services/issue"
+ incoming_payload "code.gitea.io/gitea/services/mailer/incoming/payload"
+ "code.gitea.io/gitea/services/mailer/token"
+ pull_service "code.gitea.io/gitea/services/pull"
+)
+
+type MailHandler interface {
+ Handle(ctx context.Context, content *MailContent, doer *user_model.User, payload []byte) error
+}
+
+var handlers = map[token.HandlerType]MailHandler{
+ token.ReplyHandlerType: &ReplyHandler{},
+ token.UnsubscribeHandlerType: &UnsubscribeHandler{},
+}
+
+// ReplyHandler handles incoming emails to create a reply from them
+type ReplyHandler struct{}
+
+func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *user_model.User, payload []byte) error {
+ if doer == nil {
+ return util.NewInvalidArgumentErrorf("doer can't be nil")
+ }
+
+ ref, err := incoming_payload.GetReferenceFromPayload(ctx, payload)
+ if err != nil {
+ return err
+ }
+
+ var issue *issues_model.Issue
+
+ switch r := ref.(type) {
+ case *issues_model.Issue:
+ issue = r
+ case *issues_model.Comment:
+ comment := r
+
+ if err := comment.LoadIssue(ctx); err != nil {
+ return err
+ }
+
+ issue = comment.Issue
+ default:
+ return util.NewInvalidArgumentErrorf("unsupported reply reference: %v", ref)
+ }
+
+ if err := issue.LoadRepo(ctx); err != nil {
+ return err
+ }
+
+ perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
+ if err != nil {
+ return err
+ }
+
+ if !perm.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsLocked && !doer.IsAdmin {
+ log.Debug("can't write issue or pull")
+ return nil
+ }
+
+ switch r := ref.(type) {
+ case *issues_model.Issue:
+ attachmentIDs := make([]string, 0, len(content.Attachments))
+ if setting.Attachment.Enabled {
+ for _, attachment := range content.Attachments {
+ a, err := attachment_service.UploadAttachment(bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, &repo_model.Attachment{
+ Name: attachment.Name,
+ UploaderID: doer.ID,
+ RepoID: issue.Repo.ID,
+ })
+ if err != nil {
+ if upload.IsErrFileTypeForbidden(err) {
+ log.Info("Skipping disallowed attachment type: %s", attachment.Name)
+ continue
+ }
+ return err
+ }
+ attachmentIDs = append(attachmentIDs, a.UUID)
+ }
+ }
+
+ if content.Content == "" && len(attachmentIDs) == 0 {
+ return nil
+ }
+
+ _, err = issue_service.CreateIssueComment(ctx, doer, issue.Repo, issue, content.Content, attachmentIDs)
+ if err != nil {
+ return fmt.Errorf("CreateIssueComment failed: %w", err)
+ }
+ case *issues_model.Comment:
+ comment := r
+
+ if content.Content == "" {
+ return nil
+ }
+
+ if comment.Type == issues_model.CommentTypeCode {
+ _, err := pull_service.CreateCodeComment(
+ ctx,
+ doer,
+ nil,
+ issue,
+ comment.Line,
+ content.Content,
+ comment.TreePath,
+ false,
+ comment.ReviewID,
+ "",
+ )
+ if err != nil {
+ return fmt.Errorf("CreateCodeComment failed: %w", err)
+ }
+ }
+ }
+ return nil
+}
+
+// UnsubscribeHandler handles unwatching issues/pulls
+type UnsubscribeHandler struct{}
+
+func (h *UnsubscribeHandler) Handle(ctx context.Context, _ *MailContent, doer *user_model.User, payload []byte) error {
+ if doer == nil {
+ return util.NewInvalidArgumentErrorf("doer can't be nil")
+ }
+
+ ref, err := incoming_payload.GetReferenceFromPayload(ctx, payload)
+ if err != nil {
+ return err
+ }
+
+ switch r := ref.(type) {
+ case *issues_model.Issue:
+ issue := r
+
+ if err := issue.LoadRepo(ctx); err != nil {
+ return err
+ }
+
+ perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
+ if err != nil {
+ return err
+ }
+
+ if !perm.CanReadIssuesOrPulls(issue.IsPull) {
+ log.Debug("can't read issue or pull")
+ return nil
+ }
+
+ return issues_model.CreateOrUpdateIssueWatch(doer.ID, issue.ID, false)
+ }
+
+ return fmt.Errorf("unsupported unsubscribe reference: %v", ref)
+}
diff --git a/services/mailer/incoming/incoming_test.go b/services/mailer/incoming/incoming_test.go
new file mode 100644
index 0000000000..5d84848e3f
--- /dev/null
+++ b/services/mailer/incoming/incoming_test.go
@@ -0,0 +1,138 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package incoming
+
+import (
+ "strings"
+ "testing"
+
+ "github.com/jhillyerd/enmime"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestIsAutomaticReply(t *testing.T) {
+ cases := []struct {
+ Headers map[string]string
+ Expected bool
+ }{
+ {
+ Headers: map[string]string{},
+ Expected: false,
+ },
+ {
+ Headers: map[string]string{
+ "Auto-Submitted": "no",
+ },
+ Expected: false,
+ },
+ {
+ Headers: map[string]string{
+ "Auto-Submitted": "yes",
+ },
+ Expected: true,
+ },
+ {
+ Headers: map[string]string{
+ "X-Autoreply": "no",
+ },
+ Expected: false,
+ },
+ {
+ Headers: map[string]string{
+ "X-Autoreply": "yes",
+ },
+ Expected: true,
+ },
+ {
+ Headers: map[string]string{
+ "X-Autorespond": "yes",
+ },
+ Expected: true,
+ },
+ }
+
+ for _, c := range cases {
+ b := enmime.Builder().
+ From("Dummy", "dummy@gitea.io").
+ To("Dummy", "dummy@gitea.io")
+ for k, v := range c.Headers {
+ b = b.Header(k, v)
+ }
+ root, err := b.Build()
+ assert.NoError(t, err)
+ env, err := enmime.EnvelopeFromPart(root)
+ assert.NoError(t, err)
+
+ assert.Equal(t, c.Expected, isAutomaticReply(env))
+ }
+}
+
+func TestGetContentFromMailReader(t *testing.T) {
+ mailString := "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
+ "\r\n" +
+ "--message-boundary\r\n" +
+ "Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
+ "\r\n" +
+ "--text-boundary\r\n" +
+ "Content-Type: text/plain\r\n" +
+ "Content-Disposition: inline\r\n" +
+ "\r\n" +
+ "mail content\r\n" +
+ "--text-boundary--\r\n" +
+ "--message-boundary\r\n" +
+ "Content-Type: text/plain\r\n" +
+ "Content-Disposition: attachment; filename=attachment.txt\r\n" +
+ "\r\n" +
+ "attachment content\r\n" +
+ "--message-boundary--\r\n"
+
+ env, err := enmime.ReadEnvelope(strings.NewReader(mailString))
+ assert.NoError(t, err)
+ content := getContentFromMailReader(env)
+ assert.Equal(t, "mail content", content.Content)
+ assert.Len(t, content.Attachments, 1)
+ assert.Equal(t, "attachment.txt", content.Attachments[0].Name)
+ assert.Equal(t, []byte("attachment content"), content.Attachments[0].Content)
+
+ mailString = "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
+ "\r\n" +
+ "--message-boundary\r\n" +
+ "Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
+ "\r\n" +
+ "--text-boundary\r\n" +
+ "Content-Type: text/html\r\n" +
+ "Content-Disposition: inline\r\n" +
+ "\r\n" +
+ "<p>mail content</p>\r\n" +
+ "--text-boundary--\r\n" +
+ "--message-boundary--\r\n"
+
+ env, err = enmime.ReadEnvelope(strings.NewReader(mailString))
+ assert.NoError(t, err)
+ content = getContentFromMailReader(env)
+ assert.Equal(t, "mail content", content.Content)
+ assert.Empty(t, content.Attachments)
+
+ mailString = "Content-Type: multipart/mixed; boundary=message-boundary\r\n" +
+ "\r\n" +
+ "--message-boundary\r\n" +
+ "Content-Type: multipart/alternative; boundary=text-boundary\r\n" +
+ "\r\n" +
+ "--text-boundary\r\n" +
+ "Content-Type: text/plain\r\n" +
+ "Content-Disposition: inline\r\n" +
+ "\r\n" +
+ "mail content without signature\r\n" +
+ "--\r\n" +
+ "signature\r\n" +
+ "--text-boundary--\r\n" +
+ "--message-boundary--\r\n"
+
+ env, err = enmime.ReadEnvelope(strings.NewReader(mailString))
+ assert.NoError(t, err)
+ content = getContentFromMailReader(env)
+ assert.NoError(t, err)
+ assert.Equal(t, "mail content without signature", content.Content)
+ assert.Empty(t, content.Attachments)
+}
diff --git a/services/mailer/incoming/payload/payload.go b/services/mailer/incoming/payload/payload.go
new file mode 100644
index 0000000000..eb82f5c3ed
--- /dev/null
+++ b/services/mailer/incoming/payload/payload.go
@@ -0,0 +1,70 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package payload
+
+import (
+ "context"
+
+ issues_model "code.gitea.io/gitea/models/issues"
+ "code.gitea.io/gitea/modules/util"
+)
+
+const replyPayloadVersion1 byte = 1
+
+type payloadReferenceType byte
+
+const (
+ payloadReferenceIssue payloadReferenceType = iota
+ payloadReferenceComment
+)
+
+// CreateReferencePayload creates data which GetReferenceFromPayload resolves to the reference again.
+func CreateReferencePayload(reference interface{}) ([]byte, error) {
+ var refType payloadReferenceType
+ var refID int64
+
+ switch r := reference.(type) {
+ case *issues_model.Issue:
+ refType = payloadReferenceIssue
+ refID = r.ID
+ case *issues_model.Comment:
+ refType = payloadReferenceComment
+ refID = r.ID
+ default:
+ return nil, util.NewInvalidArgumentErrorf("unsupported reference type: %T", r)
+ }
+
+ payload, err := util.PackData(refType, refID)
+ if err != nil {
+ return nil, err
+ }
+
+ return append([]byte{replyPayloadVersion1}, payload...), nil
+}
+
+// GetReferenceFromPayload resolves the reference from the payload
+func GetReferenceFromPayload(ctx context.Context, payload []byte) (interface{}, error) {
+ if len(payload) < 1 {
+ return nil, util.NewInvalidArgumentErrorf("payload to small")
+ }
+
+ if payload[0] != replyPayloadVersion1 {
+ return nil, util.NewInvalidArgumentErrorf("unsupported payload version")
+ }
+
+ var ref payloadReferenceType
+ var id int64
+ if err := util.UnpackData(payload[1:], &ref, &id); err != nil {
+ return nil, err
+ }
+
+ switch ref {
+ case payloadReferenceIssue:
+ return issues_model.GetIssueByID(ctx, id)
+ case payloadReferenceComment:
+ return issues_model.GetCommentByID(ctx, id)
+ default:
+ return nil, util.NewInvalidArgumentErrorf("unsupported reference type: %T", ref)
+ }
+}