from __future__ import annotations from fastapi import APIRouter, Depends, HTTPException, Query, status from sqlalchemy import func, or_ from sqlalchemy.orm import Session from govoplan_mail.backend.schemas import ( MailConnectionTestResponse, MailImapFolderListResponse, MailImapFolderResponse, MailImapTestRequest, MailMailboxAttachmentResponse, MailMailboxMessageDetailResponse, MailMailboxMessageListResponse, MailMailboxMessageResponse, MailMailboxMessageSummaryResponse, MailProfilePolicyResponse, MailProfilePolicyUpdateRequest, MailSettingsDeltaResponse, MailServerProfileCreateRequest, MailServerProfileListResponse, MailServerProfileResponse, MailServerProfileUpdateRequest, MailSmtpTestRequest, ) from govoplan_core.auth import ApiPrincipal, get_api_principal, has_scope from govoplan_core.api.v1.schemas import DeltaDeletedItem from govoplan_core.core.change_sequence import ( ChangeSequenceEntry, decode_sequence_watermark, encode_sequence_watermark, record_change, sequence_watermark_is_expired, ) from govoplan_core.core.pagination import KeysetCursorError, decode_keyset_cursor, encode_keyset_cursor, keyset_query_fingerprint from govoplan_core.db.session import get_session from govoplan_mail.backend.mail_profiles import ( MailProfileError, create_mail_server_profile, effective_mail_profile_policy_for_scope, get_mail_profile_policy, get_mail_server_profile, imap_config_from_profile, list_mail_server_profiles, parent_mail_profile_policy, profile_response_payload, set_mail_profile_policy, smtp_config_from_profile, update_mail_server_profile, ) from govoplan_mail.backend.config import ImapConfig, SmtpConfig from govoplan_mail.backend.sending.imap import ImapAppendError, ImapConfigurationError, get_imap_message, list_imap_folders, list_imap_messages, test_imap_login from govoplan_mail.backend.sending.smtp import test_smtp_login router = APIRouter(prefix="/mail", tags=["mail"]) MAIL_MODULE_ID = "mail" MAIL_PROFILES_COLLECTION = "mail.profiles" MAIL_POLICIES_COLLECTION = "mail.profile_policies" MAIL_SETTINGS_COLLECTIONS = (MAIL_PROFILES_COLLECTION, MAIL_POLICIES_COLLECTION) MAIL_PROFILE_RESOURCE = "mail_profile" MAIL_POLICY_RESOURCE = "mail_profile_policy" MAILBOX_MESSAGES_CURSOR_SCOPE = "mail.mailbox.messages.v1" DEFAULT_MAILBOX_MESSAGE_LIMIT = 50 def _require_scope(principal: ApiPrincipal, scope: str) -> None: if not has_scope(principal, scope): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail=f"Missing scope: {scope}") def _require_any_scope(principal: ApiPrincipal, *scopes: str) -> None: if not any(has_scope(principal, scope) for scope in scopes): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Requires one of: " + ", ".join(scopes)) def _require_profile_write_scope(principal: ApiPrincipal, scope_type: str) -> None: if scope_type == "system": _require_scope(principal, "system:settings:write") else: _require_scope(principal, "mail:profile:write") def _require_profile_credentials_scope(principal: ApiPrincipal, scope_type: str) -> None: if scope_type == "system": _require_scope(principal, "system:settings:write") else: _require_scope(principal, "mail:secret:manage") def _require_mailbox_read_scope(principal: ApiPrincipal) -> None: _require_scope(principal, "mail:mailbox:read") _require_scope(principal, "mail:profile:use") def _require_policy_read_scope(principal: ApiPrincipal, scope_type: str) -> None: if scope_type == "system": _require_scope(principal, "system:settings:read") elif scope_type == "tenant": _require_any_scope(principal, "admin:policies:read", "mail:profile:read") else: _require_any_scope(principal, "admin:policies:read", "mail:profile:read", "campaigns:campaign:read") def _require_policy_write_scope(principal: ApiPrincipal, scope_type: str) -> None: if scope_type == "system": _require_scope(principal, "system:settings:write") elif scope_type == "tenant": _require_scope(principal, "admin:policies:write") else: _require_any_scope(principal, "admin:policies:write", "mail:profile:write") def _profile_response(profile) -> MailServerProfileResponse: return MailServerProfileResponse.model_validate(profile_response_payload(profile)) def _policy_response( session: Session, *, tenant_id: str, scope_type: str, scope_id: str | None, campaign_id: str | None = None, ) -> MailProfilePolicyResponse: policy = get_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id) effective_policy = effective_mail_profile_policy_for_scope( session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id, campaign_id=campaign_id, ) effective = effective_policy.as_dict() effective_sources = effective_policy.source_policies parent_policy = parent_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id) if scope_type != "system" else None parent = parent_policy.as_dict() if parent_policy else None parent_sources = parent_policy.source_policies if parent_policy else [] return MailProfilePolicyResponse( scope_type=scope_type, scope_id=scope_id, policy=policy, effective_policy=effective, parent_policy=parent, effective_policy_sources=effective_sources, parent_policy_sources=parent_sources, ) def _record_mail_change( session: Session, *, collection: str, resource_type: str, resource_id: str | None, operation: str, principal: ApiPrincipal, tenant_id: str | None, payload: dict[str, object] | None = None, ) -> None: if not resource_id: return record_change( session, module_id=MAIL_MODULE_ID, collection=collection, resource_type=resource_type, resource_id=resource_id, operation=operation, tenant_id=tenant_id, actor_type="user", actor_id=principal.user.id, payload=payload or {}, ) def _mail_delta_query(session: Session, *, tenant_id: str, since_sequence: int): return session.query(ChangeSequenceEntry).filter( ChangeSequenceEntry.id > since_sequence, ChangeSequenceEntry.module_id == MAIL_MODULE_ID, ChangeSequenceEntry.collection.in_(MAIL_SETTINGS_COLLECTIONS), or_(ChangeSequenceEntry.tenant_id == tenant_id, ChangeSequenceEntry.tenant_id.is_(None)), ) def _mail_settings_watermark(session: Session, *, tenant_id: str) -> str: sequence_id = _mail_delta_query(session, tenant_id=tenant_id, since_sequence=0).with_entities(func.max(ChangeSequenceEntry.id)).scalar() return encode_sequence_watermark(int(sequence_id or 0)) def _mail_settings_entries(session: Session, *, tenant_id: str, since: str, limit: int): try: since_sequence = decode_sequence_watermark(since) except ValueError as exc: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc)) from exc expired_for_tenant = sequence_watermark_is_expired( session, since=since_sequence, tenant_id=tenant_id, module_id=MAIL_MODULE_ID, collections=MAIL_SETTINGS_COLLECTIONS, ) expired_for_system = sequence_watermark_is_expired( session, since=since_sequence, tenant_id=None, module_id=MAIL_MODULE_ID, collections=MAIL_SETTINGS_COLLECTIONS, ) if expired_for_tenant or expired_for_system: return None, False entries_plus_one = _mail_delta_query( session, tenant_id=tenant_id, since_sequence=since_sequence, ).order_by(ChangeSequenceEntry.id.asc()).limit(limit + 1).all() has_more = len(entries_plus_one) > limit return entries_plus_one[:limit], has_more def _mail_settings_response_watermark(session: Session, *, tenant_id: str, entries, has_more: bool) -> str: return encode_sequence_watermark(entries[-1].id) if has_more and entries else _mail_settings_watermark(session, tenant_id=tenant_id) def _mail_deleted_item(entry) -> DeltaDeletedItem: return DeltaDeletedItem( id=entry.resource_id, resource_type=entry.resource_type, revision=encode_sequence_watermark(entry.id), deleted_at=entry.created_at if entry.operation == "deleted" else None, ) def _mailbox_summary_response(message) -> MailMailboxMessageSummaryResponse: return MailMailboxMessageSummaryResponse( uid=message.uid, folder=message.folder, subject=message.subject, from_header=message.from_header, to_header=message.to_header, cc_header=message.cc_header, date=message.date, message_id=message.message_id, flags=message.flags, size_bytes=message.size_bytes, body_preview=message.body_preview, attachment_count=message.attachment_count, ) def _mailbox_detail_response(message) -> MailMailboxMessageDetailResponse: return MailMailboxMessageDetailResponse( uid=message.uid, folder=message.folder, subject=message.subject, from_header=message.from_header, to_header=message.to_header, cc_header=message.cc_header, date=message.date, message_id=message.message_id, flags=message.flags, size_bytes=message.size_bytes, body_preview=message.body_preview, body_text=message.body_text, body_html=message.body_html, headers=message.headers, attachments=[MailMailboxAttachmentResponse(filename=item.filename, content_type=item.content_type, size_bytes=item.size_bytes) for item in message.attachments], ) def _mailbox_cursor_fingerprint(*, tenant_id: str, profile_id: str, folder: str, limit: int) -> str: return keyset_query_fingerprint( MAILBOX_MESSAGES_CURSOR_SCOPE, {"tenant_id": tenant_id, "profile_id": profile_id, "folder": folder, "limit": limit, "sort": "imap.uid.desc"}, ) def _mailbox_cursor_values(cursor: str | None, *, fingerprint: str | None = None) -> dict[str, object] | None: try: return decode_keyset_cursor(MAILBOX_MESSAGES_CURSOR_SCOPE, cursor, fingerprint=fingerprint) except KeysetCursorError as exc: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc)) from exc def _mailbox_cursor_limit(cursor: str | None, explicit_limit: int | None) -> int: if explicit_limit is not None: return explicit_limit values = _mailbox_cursor_values(cursor) if cursor else None raw_limit = values.get("limit") if values else DEFAULT_MAILBOX_MESSAGE_LIMIT if not isinstance(raw_limit, int) or raw_limit < 1 or raw_limit > 100: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor") return raw_limit def _mailbox_cursor_position(cursor: str | None, *, fingerprint: str, offset: int) -> tuple[int, str | None, str | None, dict[str, object] | None]: values = _mailbox_cursor_values(cursor, fingerprint=fingerprint) if cursor else None if values is None: return offset, None, None, None raw_offset = values.get("offset") if not isinstance(raw_offset, int) or raw_offset < 0: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor") after_uid = values.get("after_uid") or values.get("anchor_uid") uidvalidity = values.get("uidvalidity") if not isinstance(after_uid, str) or not after_uid: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor") if uidvalidity is not None and not isinstance(uidvalidity, str): raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor") return raw_offset, after_uid, uidvalidity, values def _next_mailbox_cursor( *, tenant_id: str, profile_id: str, folder: str, limit: int, offset: int, total_count: int, uidvalidity: str | None, messages, ) -> tuple[str | None, bool]: cursor_stable = bool(uidvalidity) next_offset = offset + len(messages) if not cursor_stable or next_offset >= total_count or not messages: return None, cursor_stable return ( encode_keyset_cursor( MAILBOX_MESSAGES_CURSOR_SCOPE, fingerprint=_mailbox_cursor_fingerprint(tenant_id=tenant_id, profile_id=profile_id, folder=folder, limit=limit), values={ "offset": next_offset, "limit": limit, "uidvalidity": uidvalidity, "after_uid": messages[-1].uid, }, ), cursor_stable, ) def _imap_config_for_profile(session: Session, *, tenant_id: str, profile_id: str): profile = get_mail_server_profile(session, tenant_id=tenant_id, profile_id=profile_id, require_active=True) imap = imap_config_from_profile(profile) if imap is None: raise MailProfileError("Mail-server profile has no IMAP configuration") return imap def _parent_mail_profile_policy_payload(session: Session, *, tenant_id: str, scope_type: str, scope_id: str | None): if scope_type == "system": return None return parent_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id).as_dict() def _full_mail_settings_delta_response( session: Session, *, tenant_id: str, scope_type: str, scope_id: str | None, include_inactive: bool, campaign_id: str | None, ) -> MailSettingsDeltaResponse: profiles = list_mail_server_profiles( session, tenant_id=tenant_id, include_inactive=include_inactive, campaign_id=campaign_id, ) return MailSettingsDeltaResponse( profiles=[_profile_response(profile) for profile in profiles], policy=_policy_response(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id, campaign_id=campaign_id), changed_sections=["profiles", "policy"], deleted=[], watermark=_mail_settings_watermark(session, tenant_id=tenant_id), has_more=False, full=True, ) @router.get("/settings/delta", response_model=MailSettingsDeltaResponse) def mail_settings_delta( scope_type: str = Query(default="tenant"), scope_id: str | None = Query(default=None), include_inactive: bool = False, campaign_id: str | None = Query(default=None), since: str | None = None, limit: int = Query(default=100, ge=1, le=500), principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): clean_scope_type = scope_type.strip().casefold() _require_any_scope(principal, "mail:profile:read", "system:settings:read") _require_policy_read_scope(principal, clean_scope_type) if since is None: return _full_mail_settings_delta_response( session, tenant_id=principal.tenant_id, scope_type=clean_scope_type, scope_id=scope_id, include_inactive=include_inactive, campaign_id=campaign_id, ) entries, has_more = _mail_settings_entries(session, tenant_id=principal.tenant_id, since=since, limit=limit) if entries is None: return _full_mail_settings_delta_response( session, tenant_id=principal.tenant_id, scope_type=clean_scope_type, scope_id=scope_id, include_inactive=include_inactive, campaign_id=campaign_id, ) changed_profile_ids = { entry.resource_id for entry in entries if entry.collection == MAIL_PROFILES_COLLECTION and entry.resource_type == MAIL_PROFILE_RESOURCE } visible_profiles = { profile.id: profile for profile in list_mail_server_profiles( session, tenant_id=principal.tenant_id, include_inactive=include_inactive, campaign_id=campaign_id, ) if profile.id in changed_profile_ids } policy_changed = any(entry.collection == MAIL_POLICIES_COLLECTION for entry in entries) changed_sections = [] if changed_profile_ids: changed_sections.append("profiles") if policy_changed: changed_sections.append("policy") deleted = [ _mail_deleted_item(entry) for entry in entries if entry.collection == MAIL_PROFILES_COLLECTION and entry.resource_type == MAIL_PROFILE_RESOURCE and entry.resource_id not in visible_profiles ] return MailSettingsDeltaResponse( profiles=[_profile_response(profile) for profile in visible_profiles.values()], policy=_policy_response(session, tenant_id=principal.tenant_id, scope_type=clean_scope_type, scope_id=scope_id, campaign_id=campaign_id) if policy_changed else None, changed_sections=changed_sections, deleted=deleted, watermark=_mail_settings_response_watermark(session, tenant_id=principal.tenant_id, entries=entries, has_more=has_more), has_more=has_more, full=False, ) @router.get("/profiles", response_model=MailServerProfileListResponse) def list_profiles( include_inactive: bool = False, campaign_id: str | None = Query(default=None), principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_any_scope(principal, "mail:profile:read", "system:settings:read") try: profiles = list_mail_server_profiles( session, tenant_id=principal.tenant_id, include_inactive=include_inactive, campaign_id=campaign_id, ) return MailServerProfileListResponse(profiles=[_profile_response(profile) for profile in profiles]) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc @router.post("/profiles", response_model=MailServerProfileResponse, status_code=status.HTTP_201_CREATED) def create_profile( payload: MailServerProfileCreateRequest, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_profile_write_scope(principal, payload.scope_type) if payload.credentials_supplied(): _require_profile_credentials_scope(principal, payload.scope_type) try: profile = create_mail_server_profile( session, tenant_id=principal.tenant_id, user_id=principal.user.id, name=payload.name, slug=payload.slug, description=payload.description, smtp=payload.smtp_config(), imap=payload.imap_config(), is_active=payload.is_active, scope_type=payload.scope_type, scope_id=payload.scope_id, ) _record_mail_change( session, collection=MAIL_PROFILES_COLLECTION, resource_type=MAIL_PROFILE_RESOURCE, resource_id=profile.id, operation="created", principal=principal, tenant_id=profile.tenant_id or principal.tenant_id, payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id}, ) session.commit() session.refresh(profile) return _profile_response(profile) except MailProfileError as exc: session.rollback() raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc @router.get("/profiles/{profile_id}", response_model=MailServerProfileResponse) def get_profile( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_any_scope(principal, "mail:profile:read", "system:settings:read") try: return _profile_response(get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc @router.patch("/profiles/{profile_id}", response_model=MailServerProfileResponse) def update_profile( profile_id: str, payload: MailServerProfileUpdateRequest, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): try: profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id) _require_profile_write_scope(principal, profile.scope_type or "tenant") if payload.credentials_supplied() or payload.clear_imap: _require_profile_credentials_scope(principal, profile.scope_type or "tenant") smtp_config = payload.smtp_config() if payload.smtp is None and "smtp" in payload.credentials.model_fields_set: smtp_data = dict(profile.smtp_config or {}) smtp_data.update(payload.credentials.smtp.model_dump(mode="json", exclude_unset=True)) smtp_config = SmtpConfig.model_validate(smtp_data) imap_config = payload.imap_config() if payload.imap is None and "imap" in payload.credentials.model_fields_set and profile.imap_config: imap_data = dict(profile.imap_config or {}) imap_data.update(payload.credentials.imap.model_dump(mode="json", exclude_unset=True)) imap_config = ImapConfig.model_validate(imap_data) update_mail_server_profile( session, profile, tenant_id=principal.tenant_id, user_id=principal.user.id, name=payload.name, slug=payload.slug, description=payload.description if "description" in payload.model_fields_set else None, is_active=payload.is_active, smtp=smtp_config, imap=imap_config, clear_imap=payload.clear_imap, ) _record_mail_change( session, collection=MAIL_PROFILES_COLLECTION, resource_type=MAIL_PROFILE_RESOURCE, resource_id=profile.id, operation="updated", principal=principal, tenant_id=profile.tenant_id or principal.tenant_id, payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id}, ) session.commit() session.refresh(profile) return _profile_response(profile) except MailProfileError as exc: session.rollback() raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc @router.delete("/profiles/{profile_id}", response_model=MailServerProfileResponse) def deactivate_profile( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): try: profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id) _require_profile_write_scope(principal, profile.scope_type or "tenant") profile.is_active = False session.add(profile) _record_mail_change( session, collection=MAIL_PROFILES_COLLECTION, resource_type=MAIL_PROFILE_RESOURCE, resource_id=profile.id, operation="deleted", principal=principal, tenant_id=profile.tenant_id or principal.tenant_id, payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id}, ) session.commit() session.refresh(profile) return _profile_response(profile) except MailProfileError as exc: session.rollback() raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc @router.get("/policies/{scope_type}", response_model=MailProfilePolicyResponse) def read_mail_profile_policy( scope_type: str, scope_id: str | None = Query(default=None), campaign_id: str | None = Query(default=None), principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): scope_type = scope_type.strip().casefold() _require_policy_read_scope(principal, scope_type) try: return _policy_response(session, tenant_id=principal.tenant_id, scope_type=scope_type, scope_id=scope_id, campaign_id=campaign_id) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc @router.put("/policies/{scope_type}", response_model=MailProfilePolicyResponse) def write_mail_profile_policy( scope_type: str, payload: MailProfilePolicyUpdateRequest, scope_id: str | None = Query(default=None), principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): scope_type = scope_type.strip().casefold() _require_policy_write_scope(principal, scope_type) try: policy = set_mail_profile_policy( session, tenant_id=principal.tenant_id, scope_type=scope_type, scope_id=scope_id, policy=payload.policy.model_dump(mode="json"), ) _record_mail_change( session, collection=MAIL_POLICIES_COLLECTION, resource_type=MAIL_POLICY_RESOURCE, resource_id=f"{scope_type}:{scope_id or ''}", operation="updated", principal=principal, tenant_id=None if scope_type == "system" else principal.tenant_id, payload={"scope_type": scope_type, "scope_id": scope_id}, ) session.commit() return _policy_response(session, tenant_id=principal.tenant_id, scope_type=scope_type, scope_id=scope_id) except MailProfileError as exc: session.rollback() raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc @router.post("/profiles/{profile_id}/test-smtp", response_model=MailConnectionTestResponse) def test_profile_smtp( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_scope(principal, "mail:profile:test") _require_scope(principal, "mail:profile:use") try: profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True) smtp = smtp_config_from_profile(profile) result = test_smtp_login(smtp_config=smtp) return MailConnectionTestResponse(ok=True, protocol="smtp", host=result.host, port=result.port, security=result.security, message="SMTP connection successful.", details={"authenticated": result.authenticated}) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except Exception as exc: return MailConnectionTestResponse(ok=False, protocol="smtp", message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__}) @router.post("/profiles/{profile_id}/test-imap", response_model=MailConnectionTestResponse) def test_profile_imap( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_scope(principal, "mail:profile:test") _require_scope(principal, "mail:profile:use") try: profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True) imap = imap_config_from_profile(profile) if imap is None: raise MailProfileError("Mail-server profile has no IMAP configuration") result = test_imap_login(imap_config=imap) return MailConnectionTestResponse(ok=True, protocol="imap", host=result.host, port=result.port, security=result.security, message="IMAP connection successful.", details={"authenticated": result.authenticated}) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except Exception as exc: return MailConnectionTestResponse(ok=False, protocol="imap", message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__}) @router.post("/profiles/{profile_id}/list-imap-folders", response_model=MailImapFolderListResponse) def list_profile_imap_folders( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_scope(principal, "mail:profile:test") _require_scope(principal, "mail:profile:use") try: profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True) imap = imap_config_from_profile(profile) if imap is None: raise MailProfileError("Mail-server profile has no IMAP configuration") result = list_imap_folders(imap_config=imap) folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders] return MailImapFolderListResponse(ok=True, host=result.host, port=result.port, security=result.security, message=f"Found {len(folders)} IMAP folder(s).", folders=folders, detected_sent_folder=result.detected_sent_folder) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except Exception as exc: return MailImapFolderListResponse(ok=False, message=_safe_error_message(exc), folders=[], detected_sent_folder=None, details={"error_type": exc.__class__.__name__}) @router.get("/profiles/{profile_id}/mailbox/folders", response_model=MailImapFolderListResponse) def list_profile_mailbox_folders( profile_id: str, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_mailbox_read_scope(principal) try: imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id) result = list_imap_folders(imap_config=imap) folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders] return MailImapFolderListResponse(ok=True, host=result.host, port=result.port, security=result.security, message=f"Found {len(folders)} IMAP folder(s).", folders=folders, detected_sent_folder=result.detected_sent_folder) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except ImapConfigurationError as exc: raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc except ImapAppendError as exc: raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc @router.get("/profiles/{profile_id}/mailbox/messages", response_model=MailMailboxMessageListResponse) def list_profile_mailbox_messages( profile_id: str, folder: str = Query(default="INBOX", min_length=1, max_length=255), limit: int | None = Query(default=None, ge=1, le=100), offset: int = Query(default=0, ge=0, le=100000), cursor: str | None = None, principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_mailbox_read_scope(principal) try: imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id) effective_limit = _mailbox_cursor_limit(cursor, limit) fingerprint = _mailbox_cursor_fingerprint(tenant_id=principal.tenant_id, profile_id=profile_id, folder=folder, limit=effective_limit) effective_offset, after_uid, expected_uidvalidity, cursor_values = _mailbox_cursor_position(cursor, fingerprint=fingerprint, offset=offset) result = list_imap_messages( imap_config=imap, folder=folder, limit=effective_limit, offset=effective_offset, after_uid=after_uid, expected_uidvalidity=expected_uidvalidity, ) full = bool(cursor_values is not None and result.cursor_reset) next_cursor, cursor_stable = _next_mailbox_cursor( tenant_id=principal.tenant_id, profile_id=profile_id, folder=result.folder, limit=result.limit, offset=result.offset, total_count=result.total_count, uidvalidity=result.uidvalidity, messages=result.messages, ) return MailMailboxMessageListResponse( profile_id=profile_id, folder=result.folder, host=result.host, port=result.port, security=result.security, total_count=result.total_count, offset=result.offset, limit=result.limit, cursor=cursor, next_cursor=next_cursor, cursor_stable=cursor_stable, full=full or not cursor_stable, messages=[_mailbox_summary_response(message) for message in result.messages], ) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except ImapConfigurationError as exc: raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc except ImapAppendError as exc: raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc @router.get("/profiles/{profile_id}/mailbox/messages/{message_uid}", response_model=MailMailboxMessageResponse) def get_profile_mailbox_message( profile_id: str, message_uid: str, folder: str = Query(default="INBOX", min_length=1, max_length=255), principal: ApiPrincipal = Depends(get_api_principal), session: Session = Depends(get_session), ): _require_mailbox_read_scope(principal) try: imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id) result = get_imap_message(imap_config=imap, folder=folder, uid=message_uid) return MailMailboxMessageResponse( profile_id=profile_id, folder=result.folder, host=result.host, port=result.port, security=result.security, message=_mailbox_detail_response(result.message), ) except MailProfileError as exc: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc except ImapConfigurationError as exc: raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc except ImapAppendError as exc: status_code = status.HTTP_404_NOT_FOUND if "not found" in str(exc).casefold() else status.HTTP_502_BAD_GATEWAY raise HTTPException(status_code=status_code, detail=str(exc)) from exc def _safe_error_message(exc: Exception) -> str: text = str(exc).strip() return text or exc.__class__.__name__ @router.post("/test-smtp", response_model=MailConnectionTestResponse) def test_smtp_settings( payload: MailSmtpTestRequest, principal: ApiPrincipal = Depends(get_api_principal), ): """Test SMTP connectivity/login without sending any message.""" if not has_scope(principal, "mail:profile:test"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test") if not has_scope(principal, "mail:secret:manage"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials") try: result = test_smtp_login(smtp_config=payload) return MailConnectionTestResponse( ok=True, protocol="smtp", host=result.host, port=result.port, security=result.security, message="SMTP connection successful.", details={"authenticated": result.authenticated}, ) except Exception as exc: return MailConnectionTestResponse( ok=False, protocol="smtp", host=payload.host, port=payload.port, security=payload.security.value, message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__}, ) @router.post("/test-imap", response_model=MailConnectionTestResponse) def test_imap_settings( payload: MailImapTestRequest, principal: ApiPrincipal = Depends(get_api_principal), ): """Test IMAP connectivity/login without selecting or appending messages.""" if not has_scope(principal, "mail:profile:test"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test") if not has_scope(principal, "mail:secret:manage"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials") try: result = test_imap_login(imap_config=payload) return MailConnectionTestResponse( ok=True, protocol="imap", host=result.host, port=result.port, security=result.security, message="IMAP connection successful.", details={"authenticated": result.authenticated}, ) except Exception as exc: return MailConnectionTestResponse( ok=False, protocol="imap", host=payload.host, port=payload.port, security=payload.security.value, message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__}, ) @router.post("/list-imap-folders", response_model=MailImapFolderListResponse) def list_imap_folder_settings( payload: MailImapTestRequest, principal: ApiPrincipal = Depends(get_api_principal), ): """List visible IMAP folders and return the best Sent-folder guess.""" if not has_scope(principal, "mail:profile:test"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test") if not has_scope(principal, "mail:secret:manage"): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials") try: result = list_imap_folders(imap_config=payload) folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders] return MailImapFolderListResponse( ok=True, host=result.host, port=result.port, security=result.security, message=f"Found {len(folders)} IMAP folder(s).", folders=folders, detected_sent_folder=result.detected_sent_folder, ) except Exception as exc: return MailImapFolderListResponse( ok=False, host=payload.host, port=payload.port, security=payload.security.value, message=_safe_error_message(exc), folders=[], detected_sent_folder=None, details={"error_type": exc.__class__.__name__}, )