-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhandler.go
More file actions
98 lines (82 loc) · 2.8 KB
/
Copy pathhandler.go
File metadata and controls
98 lines (82 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package main
import (
"crypto/subtle"
"encoding/json"
"log/slog"
"net/http"
"strings"
"unicode"
)
const maxBodySize = 1024 // 1 KiB — more than enough for the tiny JSON payload
func registerHandlers(mux *http.ServeMux, client *MailxClient) {
mux.HandleFunc("GET /health", handleHealth)
mux.HandleFunc("POST /api/v1/aliases", handleCreateAlias(client))
}
func handleHealth(w http.ResponseWriter, _ *http.Request) {
w.Header().Set("Content-Type", "application/json")
_ = json.NewEncoder(w).Encode(map[string]string{"status": "ok"})
}
func writeJSON(w http.ResponseWriter, status int, v any) {
w.WriteHeader(status)
_ = json.NewEncoder(w).Encode(v)
}
func handleCreateAlias(client *MailxClient) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
token, ok := strings.CutPrefix(r.Header.Get("Authorization"), "Bearer ")
if !ok || token == "" {
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
return
}
if subtle.ConstantTimeCompare([]byte(token), []byte(client.cfg.BridgeKey)) != 1 {
writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
return
}
// Bitwarden (addy.io mode) sends:
// { "domain": "<user input from Email domain field>",
// "description": "Generated by Bitwarden." }
// We use the "domain" value as the alias description in Mailx so users
// can identify which alias belongs to which service.
r.Body = http.MaxBytesReader(w, r.Body, maxBodySize)
var body struct {
Domain string `json:"domain"`
Description string `json:"description"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid request body"})
return
}
if body.Domain == "" {
writeJSON(w, http.StatusUnprocessableEntity, map[string]string{"error": "domain is required"})
return
}
description := sanitize(body.Domain, 200)
slog.Info("creating alias", "description", description)
alias, err := client.CreateAlias(r.Context(), description)
if err != nil {
slog.Error("failed to create alias", "description", description, "error", err)
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "failed to create alias"})
return
}
slog.Info("alias created", "description", description, "alias", alias)
writeJSON(w, http.StatusCreated, map[string]any{
"data": map[string]string{
"email": alias,
},
})
}
}
// sanitize truncates s to maxLen runes and replaces control characters
// with '?' to prevent log injection.
func sanitize(s string, maxLen int) string {
runes := []rune(s)
if len(runes) > maxLen {
runes = runes[:maxLen]
}
for i, r := range runes {
if unicode.IsControl(r) {
runes[i] = '?'
}
}
return string(runes)
}