936 lines
39 KiB
Python
936 lines
39 KiB
Python
from __future__ import annotations
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query, status
|
|
from sqlalchemy import func, or_
|
|
from sqlalchemy.orm import Session
|
|
|
|
from govoplan_mail.backend.schemas import (
|
|
MailConnectionTestResponse,
|
|
MailImapFolderListResponse,
|
|
MailImapFolderResponse,
|
|
MailImapTestRequest,
|
|
MailMailboxAttachmentResponse,
|
|
MailMailboxMessageDetailResponse,
|
|
MailMailboxMessageListResponse,
|
|
MailMailboxMessageResponse,
|
|
MailMailboxMessageSummaryResponse,
|
|
MailProfilePolicyResponse,
|
|
MailProfilePolicyUpdateRequest,
|
|
MailSettingsDeltaResponse,
|
|
MailServerProfileCreateRequest,
|
|
MailServerProfileListResponse,
|
|
MailServerProfileResponse,
|
|
MailServerProfileUpdateRequest,
|
|
MailSmtpTestRequest,
|
|
)
|
|
from govoplan_core.auth import ApiPrincipal, get_api_principal, has_scope
|
|
from govoplan_core.api.v1.schemas import DeltaDeletedItem
|
|
from govoplan_core.core.change_sequence import (
|
|
ChangeSequenceEntry,
|
|
decode_sequence_watermark,
|
|
encode_sequence_watermark,
|
|
record_change,
|
|
sequence_watermark_is_expired,
|
|
)
|
|
from govoplan_core.core.pagination import KeysetCursorError, decode_keyset_cursor, encode_keyset_cursor, keyset_query_fingerprint
|
|
from govoplan_core.db.session import get_session
|
|
from govoplan_mail.backend.mail_profiles import (
|
|
MailProfileError,
|
|
create_mail_server_profile,
|
|
effective_mail_profile_policy_for_scope,
|
|
get_mail_profile_policy,
|
|
get_mail_server_profile,
|
|
imap_config_from_profile,
|
|
list_mail_server_profiles,
|
|
parent_mail_profile_policy,
|
|
profile_response_payload,
|
|
set_mail_profile_policy,
|
|
smtp_config_from_profile,
|
|
update_mail_server_profile,
|
|
)
|
|
from govoplan_mail.backend.config import ImapConfig, SmtpConfig
|
|
from govoplan_mail.backend.sending.imap import ImapAppendError, ImapConfigurationError, get_imap_message, list_imap_folders, list_imap_messages, test_imap_login
|
|
from govoplan_mail.backend.sending.smtp import test_smtp_login
|
|
|
|
router = APIRouter(prefix="/mail", tags=["mail"])
|
|
|
|
MAIL_MODULE_ID = "mail"
|
|
MAIL_PROFILES_COLLECTION = "mail.profiles"
|
|
MAIL_POLICIES_COLLECTION = "mail.profile_policies"
|
|
MAIL_SETTINGS_COLLECTIONS = (MAIL_PROFILES_COLLECTION, MAIL_POLICIES_COLLECTION)
|
|
MAIL_PROFILE_RESOURCE = "mail_profile"
|
|
MAIL_POLICY_RESOURCE = "mail_profile_policy"
|
|
MAILBOX_MESSAGES_CURSOR_SCOPE = "mail.mailbox.messages.v1"
|
|
DEFAULT_MAILBOX_MESSAGE_LIMIT = 50
|
|
|
|
|
|
def _require_scope(principal: ApiPrincipal, scope: str) -> None:
|
|
if not has_scope(principal, scope):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail=f"Missing scope: {scope}")
|
|
|
|
|
|
def _require_any_scope(principal: ApiPrincipal, *scopes: str) -> None:
|
|
if not any(has_scope(principal, scope) for scope in scopes):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Requires one of: " + ", ".join(scopes))
|
|
|
|
|
|
def _require_profile_write_scope(principal: ApiPrincipal, scope_type: str) -> None:
|
|
if scope_type == "system":
|
|
_require_scope(principal, "system:settings:write")
|
|
else:
|
|
_require_scope(principal, "mail:profile:write")
|
|
|
|
|
|
def _require_profile_credentials_scope(principal: ApiPrincipal, scope_type: str) -> None:
|
|
if scope_type == "system":
|
|
_require_scope(principal, "system:settings:write")
|
|
else:
|
|
_require_scope(principal, "mail:secret:manage")
|
|
|
|
|
|
def _require_mailbox_read_scope(principal: ApiPrincipal) -> None:
|
|
_require_scope(principal, "mail:mailbox:read")
|
|
_require_scope(principal, "mail:profile:use")
|
|
|
|
|
|
def _require_policy_read_scope(principal: ApiPrincipal, scope_type: str) -> None:
|
|
if scope_type == "system":
|
|
_require_scope(principal, "system:settings:read")
|
|
elif scope_type == "tenant":
|
|
_require_any_scope(principal, "admin:policies:read", "mail:profile:read")
|
|
else:
|
|
_require_any_scope(principal, "admin:policies:read", "mail:profile:read", "campaigns:campaign:read")
|
|
|
|
|
|
def _require_policy_write_scope(principal: ApiPrincipal, scope_type: str) -> None:
|
|
if scope_type == "system":
|
|
_require_scope(principal, "system:settings:write")
|
|
elif scope_type == "tenant":
|
|
_require_scope(principal, "admin:policies:write")
|
|
else:
|
|
_require_any_scope(principal, "admin:policies:write", "mail:profile:write")
|
|
|
|
|
|
def _profile_response(profile) -> MailServerProfileResponse:
|
|
return MailServerProfileResponse.model_validate(profile_response_payload(profile))
|
|
|
|
|
|
def _policy_response(
|
|
session: Session,
|
|
*,
|
|
tenant_id: str,
|
|
scope_type: str,
|
|
scope_id: str | None,
|
|
campaign_id: str | None = None,
|
|
) -> MailProfilePolicyResponse:
|
|
policy = get_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id)
|
|
effective_policy = effective_mail_profile_policy_for_scope(
|
|
session,
|
|
tenant_id=tenant_id,
|
|
scope_type=scope_type,
|
|
scope_id=scope_id,
|
|
campaign_id=campaign_id,
|
|
)
|
|
effective = effective_policy.as_dict()
|
|
effective_sources = effective_policy.source_policies
|
|
parent_policy = parent_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id) if scope_type != "system" else None
|
|
parent = parent_policy.as_dict() if parent_policy else None
|
|
parent_sources = parent_policy.source_policies if parent_policy else []
|
|
return MailProfilePolicyResponse(
|
|
scope_type=scope_type,
|
|
scope_id=scope_id,
|
|
policy=policy,
|
|
effective_policy=effective,
|
|
parent_policy=parent,
|
|
effective_policy_sources=effective_sources,
|
|
parent_policy_sources=parent_sources,
|
|
)
|
|
|
|
|
|
def _record_mail_change(
|
|
session: Session,
|
|
*,
|
|
collection: str,
|
|
resource_type: str,
|
|
resource_id: str | None,
|
|
operation: str,
|
|
principal: ApiPrincipal,
|
|
tenant_id: str | None,
|
|
payload: dict[str, object] | None = None,
|
|
) -> None:
|
|
if not resource_id:
|
|
return
|
|
record_change(
|
|
session,
|
|
module_id=MAIL_MODULE_ID,
|
|
collection=collection,
|
|
resource_type=resource_type,
|
|
resource_id=resource_id,
|
|
operation=operation,
|
|
tenant_id=tenant_id,
|
|
actor_type="user",
|
|
actor_id=principal.user.id,
|
|
payload=payload or {},
|
|
)
|
|
|
|
|
|
def _mail_delta_query(session: Session, *, tenant_id: str, since_sequence: int):
|
|
return session.query(ChangeSequenceEntry).filter(
|
|
ChangeSequenceEntry.id > since_sequence,
|
|
ChangeSequenceEntry.module_id == MAIL_MODULE_ID,
|
|
ChangeSequenceEntry.collection.in_(MAIL_SETTINGS_COLLECTIONS),
|
|
or_(ChangeSequenceEntry.tenant_id == tenant_id, ChangeSequenceEntry.tenant_id.is_(None)),
|
|
)
|
|
|
|
|
|
def _mail_settings_watermark(session: Session, *, tenant_id: str) -> str:
|
|
sequence_id = _mail_delta_query(session, tenant_id=tenant_id, since_sequence=0).with_entities(func.max(ChangeSequenceEntry.id)).scalar()
|
|
return encode_sequence_watermark(int(sequence_id or 0))
|
|
|
|
|
|
def _mail_settings_entries(session: Session, *, tenant_id: str, since: str, limit: int):
|
|
try:
|
|
since_sequence = decode_sequence_watermark(since)
|
|
except ValueError as exc:
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc)) from exc
|
|
expired_for_tenant = sequence_watermark_is_expired(
|
|
session,
|
|
since=since_sequence,
|
|
tenant_id=tenant_id,
|
|
module_id=MAIL_MODULE_ID,
|
|
collections=MAIL_SETTINGS_COLLECTIONS,
|
|
)
|
|
expired_for_system = sequence_watermark_is_expired(
|
|
session,
|
|
since=since_sequence,
|
|
tenant_id=None,
|
|
module_id=MAIL_MODULE_ID,
|
|
collections=MAIL_SETTINGS_COLLECTIONS,
|
|
)
|
|
if expired_for_tenant or expired_for_system:
|
|
return None, False
|
|
entries_plus_one = _mail_delta_query(
|
|
session,
|
|
tenant_id=tenant_id,
|
|
since_sequence=since_sequence,
|
|
).order_by(ChangeSequenceEntry.id.asc()).limit(limit + 1).all()
|
|
has_more = len(entries_plus_one) > limit
|
|
return entries_plus_one[:limit], has_more
|
|
|
|
|
|
def _mail_settings_response_watermark(session: Session, *, tenant_id: str, entries, has_more: bool) -> str:
|
|
return encode_sequence_watermark(entries[-1].id) if has_more and entries else _mail_settings_watermark(session, tenant_id=tenant_id)
|
|
|
|
|
|
def _mail_deleted_item(entry) -> DeltaDeletedItem:
|
|
return DeltaDeletedItem(
|
|
id=entry.resource_id,
|
|
resource_type=entry.resource_type,
|
|
revision=encode_sequence_watermark(entry.id),
|
|
deleted_at=entry.created_at if entry.operation == "deleted" else None,
|
|
)
|
|
|
|
|
|
def _mailbox_summary_response(message) -> MailMailboxMessageSummaryResponse:
|
|
return MailMailboxMessageSummaryResponse(
|
|
uid=message.uid,
|
|
folder=message.folder,
|
|
subject=message.subject,
|
|
from_header=message.from_header,
|
|
to_header=message.to_header,
|
|
cc_header=message.cc_header,
|
|
date=message.date,
|
|
message_id=message.message_id,
|
|
flags=message.flags,
|
|
size_bytes=message.size_bytes,
|
|
body_preview=message.body_preview,
|
|
attachment_count=message.attachment_count,
|
|
)
|
|
|
|
|
|
def _mailbox_detail_response(message) -> MailMailboxMessageDetailResponse:
|
|
return MailMailboxMessageDetailResponse(
|
|
uid=message.uid,
|
|
folder=message.folder,
|
|
subject=message.subject,
|
|
from_header=message.from_header,
|
|
to_header=message.to_header,
|
|
cc_header=message.cc_header,
|
|
date=message.date,
|
|
message_id=message.message_id,
|
|
flags=message.flags,
|
|
size_bytes=message.size_bytes,
|
|
body_preview=message.body_preview,
|
|
body_text=message.body_text,
|
|
body_html=message.body_html,
|
|
headers=message.headers,
|
|
attachments=[MailMailboxAttachmentResponse(filename=item.filename, content_type=item.content_type, size_bytes=item.size_bytes) for item in message.attachments],
|
|
)
|
|
|
|
|
|
def _mailbox_cursor_fingerprint(*, tenant_id: str, profile_id: str, folder: str, limit: int) -> str:
|
|
return keyset_query_fingerprint(
|
|
MAILBOX_MESSAGES_CURSOR_SCOPE,
|
|
{"tenant_id": tenant_id, "profile_id": profile_id, "folder": folder, "limit": limit, "sort": "imap.uid.desc"},
|
|
)
|
|
|
|
|
|
def _mailbox_cursor_values(cursor: str | None, *, fingerprint: str | None = None) -> dict[str, object] | None:
|
|
try:
|
|
return decode_keyset_cursor(MAILBOX_MESSAGES_CURSOR_SCOPE, cursor, fingerprint=fingerprint)
|
|
except KeysetCursorError as exc:
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc)) from exc
|
|
|
|
|
|
def _mailbox_cursor_limit(cursor: str | None, explicit_limit: int | None) -> int:
|
|
if explicit_limit is not None:
|
|
return explicit_limit
|
|
values = _mailbox_cursor_values(cursor) if cursor else None
|
|
raw_limit = values.get("limit") if values else DEFAULT_MAILBOX_MESSAGE_LIMIT
|
|
if not isinstance(raw_limit, int) or raw_limit < 1 or raw_limit > 100:
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor")
|
|
return raw_limit
|
|
|
|
|
|
def _mailbox_cursor_position(cursor: str | None, *, fingerprint: str, offset: int) -> tuple[int, str | None, str | None, dict[str, object] | None]:
|
|
values = _mailbox_cursor_values(cursor, fingerprint=fingerprint) if cursor else None
|
|
if values is None:
|
|
return offset, None, None, None
|
|
raw_offset = values.get("offset")
|
|
if not isinstance(raw_offset, int) or raw_offset < 0:
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor")
|
|
after_uid = values.get("after_uid") or values.get("anchor_uid")
|
|
uidvalidity = values.get("uidvalidity")
|
|
if not isinstance(after_uid, str) or not after_uid:
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor")
|
|
if uidvalidity is not None and not isinstance(uidvalidity, str):
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid pagination cursor")
|
|
return raw_offset, after_uid, uidvalidity, values
|
|
|
|
|
|
def _next_mailbox_cursor(
|
|
*,
|
|
tenant_id: str,
|
|
profile_id: str,
|
|
folder: str,
|
|
limit: int,
|
|
offset: int,
|
|
total_count: int,
|
|
uidvalidity: str | None,
|
|
messages,
|
|
) -> tuple[str | None, bool]:
|
|
cursor_stable = bool(uidvalidity)
|
|
next_offset = offset + len(messages)
|
|
if not cursor_stable or next_offset >= total_count or not messages:
|
|
return None, cursor_stable
|
|
return (
|
|
encode_keyset_cursor(
|
|
MAILBOX_MESSAGES_CURSOR_SCOPE,
|
|
fingerprint=_mailbox_cursor_fingerprint(tenant_id=tenant_id, profile_id=profile_id, folder=folder, limit=limit),
|
|
values={
|
|
"offset": next_offset,
|
|
"limit": limit,
|
|
"uidvalidity": uidvalidity,
|
|
"after_uid": messages[-1].uid,
|
|
},
|
|
),
|
|
cursor_stable,
|
|
)
|
|
|
|
|
|
def _imap_config_for_profile(session: Session, *, tenant_id: str, profile_id: str):
|
|
profile = get_mail_server_profile(session, tenant_id=tenant_id, profile_id=profile_id, require_active=True)
|
|
imap = imap_config_from_profile(profile)
|
|
if imap is None:
|
|
raise MailProfileError("Mail-server profile has no IMAP configuration")
|
|
return imap
|
|
|
|
|
|
def _parent_mail_profile_policy_payload(session: Session, *, tenant_id: str, scope_type: str, scope_id: str | None):
|
|
if scope_type == "system":
|
|
return None
|
|
return parent_mail_profile_policy(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id).as_dict()
|
|
|
|
|
|
def _full_mail_settings_delta_response(
|
|
session: Session,
|
|
*,
|
|
tenant_id: str,
|
|
scope_type: str,
|
|
scope_id: str | None,
|
|
include_inactive: bool,
|
|
campaign_id: str | None,
|
|
) -> MailSettingsDeltaResponse:
|
|
profiles = list_mail_server_profiles(
|
|
session,
|
|
tenant_id=tenant_id,
|
|
include_inactive=include_inactive,
|
|
campaign_id=campaign_id,
|
|
)
|
|
return MailSettingsDeltaResponse(
|
|
profiles=[_profile_response(profile) for profile in profiles],
|
|
policy=_policy_response(session, tenant_id=tenant_id, scope_type=scope_type, scope_id=scope_id, campaign_id=campaign_id),
|
|
changed_sections=["profiles", "policy"],
|
|
deleted=[],
|
|
watermark=_mail_settings_watermark(session, tenant_id=tenant_id),
|
|
has_more=False,
|
|
full=True,
|
|
)
|
|
|
|
|
|
@router.get("/settings/delta", response_model=MailSettingsDeltaResponse)
|
|
def mail_settings_delta(
|
|
scope_type: str = Query(default="tenant"),
|
|
scope_id: str | None = Query(default=None),
|
|
include_inactive: bool = False,
|
|
campaign_id: str | None = Query(default=None),
|
|
since: str | None = None,
|
|
limit: int = Query(default=100, ge=1, le=500),
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
clean_scope_type = scope_type.strip().casefold()
|
|
_require_any_scope(principal, "mail:profile:read", "system:settings:read")
|
|
_require_policy_read_scope(principal, clean_scope_type)
|
|
if since is None:
|
|
return _full_mail_settings_delta_response(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
scope_type=clean_scope_type,
|
|
scope_id=scope_id,
|
|
include_inactive=include_inactive,
|
|
campaign_id=campaign_id,
|
|
)
|
|
entries, has_more = _mail_settings_entries(session, tenant_id=principal.tenant_id, since=since, limit=limit)
|
|
if entries is None:
|
|
return _full_mail_settings_delta_response(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
scope_type=clean_scope_type,
|
|
scope_id=scope_id,
|
|
include_inactive=include_inactive,
|
|
campaign_id=campaign_id,
|
|
)
|
|
changed_profile_ids = {
|
|
entry.resource_id
|
|
for entry in entries
|
|
if entry.collection == MAIL_PROFILES_COLLECTION and entry.resource_type == MAIL_PROFILE_RESOURCE
|
|
}
|
|
visible_profiles = {
|
|
profile.id: profile
|
|
for profile in list_mail_server_profiles(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
include_inactive=include_inactive,
|
|
campaign_id=campaign_id,
|
|
)
|
|
if profile.id in changed_profile_ids
|
|
}
|
|
policy_changed = any(entry.collection == MAIL_POLICIES_COLLECTION for entry in entries)
|
|
changed_sections = []
|
|
if changed_profile_ids:
|
|
changed_sections.append("profiles")
|
|
if policy_changed:
|
|
changed_sections.append("policy")
|
|
deleted = [
|
|
_mail_deleted_item(entry)
|
|
for entry in entries
|
|
if entry.collection == MAIL_PROFILES_COLLECTION
|
|
and entry.resource_type == MAIL_PROFILE_RESOURCE
|
|
and entry.resource_id not in visible_profiles
|
|
]
|
|
return MailSettingsDeltaResponse(
|
|
profiles=[_profile_response(profile) for profile in visible_profiles.values()],
|
|
policy=_policy_response(session, tenant_id=principal.tenant_id, scope_type=clean_scope_type, scope_id=scope_id, campaign_id=campaign_id) if policy_changed else None,
|
|
changed_sections=changed_sections,
|
|
deleted=deleted,
|
|
watermark=_mail_settings_response_watermark(session, tenant_id=principal.tenant_id, entries=entries, has_more=has_more),
|
|
has_more=has_more,
|
|
full=False,
|
|
)
|
|
|
|
|
|
@router.get("/profiles", response_model=MailServerProfileListResponse)
|
|
def list_profiles(
|
|
include_inactive: bool = False,
|
|
campaign_id: str | None = Query(default=None),
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_any_scope(principal, "mail:profile:read", "system:settings:read")
|
|
try:
|
|
profiles = list_mail_server_profiles(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
include_inactive=include_inactive,
|
|
campaign_id=campaign_id,
|
|
)
|
|
return MailServerProfileListResponse(profiles=[_profile_response(profile) for profile in profiles])
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
|
|
|
|
@router.post("/profiles", response_model=MailServerProfileResponse, status_code=status.HTTP_201_CREATED)
|
|
def create_profile(
|
|
payload: MailServerProfileCreateRequest,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_profile_write_scope(principal, payload.scope_type)
|
|
if payload.credentials_supplied():
|
|
_require_profile_credentials_scope(principal, payload.scope_type)
|
|
try:
|
|
profile = create_mail_server_profile(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
user_id=principal.user.id,
|
|
name=payload.name,
|
|
slug=payload.slug,
|
|
description=payload.description,
|
|
smtp=payload.smtp_config(),
|
|
imap=payload.imap_config(),
|
|
is_active=payload.is_active,
|
|
scope_type=payload.scope_type,
|
|
scope_id=payload.scope_id,
|
|
)
|
|
_record_mail_change(
|
|
session,
|
|
collection=MAIL_PROFILES_COLLECTION,
|
|
resource_type=MAIL_PROFILE_RESOURCE,
|
|
resource_id=profile.id,
|
|
operation="created",
|
|
principal=principal,
|
|
tenant_id=profile.tenant_id or principal.tenant_id,
|
|
payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id},
|
|
)
|
|
session.commit()
|
|
session.refresh(profile)
|
|
return _profile_response(profile)
|
|
except MailProfileError as exc:
|
|
session.rollback()
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
|
|
|
|
@router.get("/profiles/{profile_id}", response_model=MailServerProfileResponse)
|
|
def get_profile(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_any_scope(principal, "mail:profile:read", "system:settings:read")
|
|
try:
|
|
return _profile_response(get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id))
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
|
|
|
|
@router.patch("/profiles/{profile_id}", response_model=MailServerProfileResponse)
|
|
def update_profile(
|
|
profile_id: str,
|
|
payload: MailServerProfileUpdateRequest,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
try:
|
|
profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)
|
|
_require_profile_write_scope(principal, profile.scope_type or "tenant")
|
|
if payload.credentials_supplied() or payload.clear_imap:
|
|
_require_profile_credentials_scope(principal, profile.scope_type or "tenant")
|
|
smtp_config = payload.smtp_config()
|
|
if payload.smtp is None and "smtp" in payload.credentials.model_fields_set:
|
|
smtp_data = dict(profile.smtp_config or {})
|
|
smtp_data.update(payload.credentials.smtp.model_dump(mode="json", exclude_unset=True))
|
|
smtp_config = SmtpConfig.model_validate(smtp_data)
|
|
imap_config = payload.imap_config()
|
|
if payload.imap is None and "imap" in payload.credentials.model_fields_set and profile.imap_config:
|
|
imap_data = dict(profile.imap_config or {})
|
|
imap_data.update(payload.credentials.imap.model_dump(mode="json", exclude_unset=True))
|
|
imap_config = ImapConfig.model_validate(imap_data)
|
|
update_mail_server_profile(
|
|
session,
|
|
profile,
|
|
tenant_id=principal.tenant_id,
|
|
user_id=principal.user.id,
|
|
name=payload.name,
|
|
slug=payload.slug,
|
|
description=payload.description if "description" in payload.model_fields_set else None,
|
|
is_active=payload.is_active,
|
|
smtp=smtp_config,
|
|
imap=imap_config,
|
|
clear_imap=payload.clear_imap,
|
|
)
|
|
_record_mail_change(
|
|
session,
|
|
collection=MAIL_PROFILES_COLLECTION,
|
|
resource_type=MAIL_PROFILE_RESOURCE,
|
|
resource_id=profile.id,
|
|
operation="updated",
|
|
principal=principal,
|
|
tenant_id=profile.tenant_id or principal.tenant_id,
|
|
payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id},
|
|
)
|
|
session.commit()
|
|
session.refresh(profile)
|
|
return _profile_response(profile)
|
|
except MailProfileError as exc:
|
|
session.rollback()
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
|
|
|
|
@router.delete("/profiles/{profile_id}", response_model=MailServerProfileResponse)
|
|
def deactivate_profile(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
try:
|
|
profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)
|
|
_require_profile_write_scope(principal, profile.scope_type or "tenant")
|
|
profile.is_active = False
|
|
session.add(profile)
|
|
_record_mail_change(
|
|
session,
|
|
collection=MAIL_PROFILES_COLLECTION,
|
|
resource_type=MAIL_PROFILE_RESOURCE,
|
|
resource_id=profile.id,
|
|
operation="deleted",
|
|
principal=principal,
|
|
tenant_id=profile.tenant_id or principal.tenant_id,
|
|
payload={"scope_type": profile.scope_type, "scope_id": profile.scope_id},
|
|
)
|
|
session.commit()
|
|
session.refresh(profile)
|
|
return _profile_response(profile)
|
|
except MailProfileError as exc:
|
|
session.rollback()
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
|
|
|
|
@router.get("/policies/{scope_type}", response_model=MailProfilePolicyResponse)
|
|
def read_mail_profile_policy(
|
|
scope_type: str,
|
|
scope_id: str | None = Query(default=None),
|
|
campaign_id: str | None = Query(default=None),
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
scope_type = scope_type.strip().casefold()
|
|
_require_policy_read_scope(principal, scope_type)
|
|
try:
|
|
return _policy_response(session, tenant_id=principal.tenant_id, scope_type=scope_type, scope_id=scope_id, campaign_id=campaign_id)
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
|
|
|
|
@router.put("/policies/{scope_type}", response_model=MailProfilePolicyResponse)
|
|
def write_mail_profile_policy(
|
|
scope_type: str,
|
|
payload: MailProfilePolicyUpdateRequest,
|
|
scope_id: str | None = Query(default=None),
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
scope_type = scope_type.strip().casefold()
|
|
_require_policy_write_scope(principal, scope_type)
|
|
try:
|
|
policy = set_mail_profile_policy(
|
|
session,
|
|
tenant_id=principal.tenant_id,
|
|
scope_type=scope_type,
|
|
scope_id=scope_id,
|
|
policy=payload.policy.model_dump(mode="json"),
|
|
)
|
|
_record_mail_change(
|
|
session,
|
|
collection=MAIL_POLICIES_COLLECTION,
|
|
resource_type=MAIL_POLICY_RESOURCE,
|
|
resource_id=f"{scope_type}:{scope_id or ''}",
|
|
operation="updated",
|
|
principal=principal,
|
|
tenant_id=None if scope_type == "system" else principal.tenant_id,
|
|
payload={"scope_type": scope_type, "scope_id": scope_id},
|
|
)
|
|
session.commit()
|
|
return _policy_response(session, tenant_id=principal.tenant_id, scope_type=scope_type, scope_id=scope_id)
|
|
except MailProfileError as exc:
|
|
session.rollback()
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
|
|
|
|
@router.post("/profiles/{profile_id}/test-smtp", response_model=MailConnectionTestResponse)
|
|
def test_profile_smtp(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_scope(principal, "mail:profile:test")
|
|
_require_scope(principal, "mail:profile:use")
|
|
try:
|
|
profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True)
|
|
smtp = smtp_config_from_profile(profile)
|
|
result = test_smtp_login(smtp_config=smtp)
|
|
return MailConnectionTestResponse(ok=True, protocol="smtp", host=result.host, port=result.port, security=result.security, message="SMTP connection successful.", details={"authenticated": result.authenticated})
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except Exception as exc:
|
|
return MailConnectionTestResponse(ok=False, protocol="smtp", message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__})
|
|
|
|
|
|
@router.post("/profiles/{profile_id}/test-imap", response_model=MailConnectionTestResponse)
|
|
def test_profile_imap(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_scope(principal, "mail:profile:test")
|
|
_require_scope(principal, "mail:profile:use")
|
|
try:
|
|
profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True)
|
|
imap = imap_config_from_profile(profile)
|
|
if imap is None:
|
|
raise MailProfileError("Mail-server profile has no IMAP configuration")
|
|
result = test_imap_login(imap_config=imap)
|
|
return MailConnectionTestResponse(ok=True, protocol="imap", host=result.host, port=result.port, security=result.security, message="IMAP connection successful.", details={"authenticated": result.authenticated})
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except Exception as exc:
|
|
return MailConnectionTestResponse(ok=False, protocol="imap", message=_safe_error_message(exc), details={"error_type": exc.__class__.__name__})
|
|
|
|
|
|
@router.post("/profiles/{profile_id}/list-imap-folders", response_model=MailImapFolderListResponse)
|
|
def list_profile_imap_folders(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_scope(principal, "mail:profile:test")
|
|
_require_scope(principal, "mail:profile:use")
|
|
try:
|
|
profile = get_mail_server_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id, require_active=True)
|
|
imap = imap_config_from_profile(profile)
|
|
if imap is None:
|
|
raise MailProfileError("Mail-server profile has no IMAP configuration")
|
|
result = list_imap_folders(imap_config=imap)
|
|
folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders]
|
|
return MailImapFolderListResponse(ok=True, host=result.host, port=result.port, security=result.security, message=f"Found {len(folders)} IMAP folder(s).", folders=folders, detected_sent_folder=result.detected_sent_folder)
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except Exception as exc:
|
|
return MailImapFolderListResponse(ok=False, message=_safe_error_message(exc), folders=[], detected_sent_folder=None, details={"error_type": exc.__class__.__name__})
|
|
|
|
|
|
@router.get("/profiles/{profile_id}/mailbox/folders", response_model=MailImapFolderListResponse)
|
|
def list_profile_mailbox_folders(
|
|
profile_id: str,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_mailbox_read_scope(principal)
|
|
try:
|
|
imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)
|
|
result = list_imap_folders(imap_config=imap)
|
|
folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders]
|
|
return MailImapFolderListResponse(ok=True, host=result.host, port=result.port, security=result.security, message=f"Found {len(folders)} IMAP folder(s).", folders=folders, detected_sent_folder=result.detected_sent_folder)
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except ImapConfigurationError as exc:
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
except ImapAppendError as exc:
|
|
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc
|
|
|
|
|
|
@router.get("/profiles/{profile_id}/mailbox/messages", response_model=MailMailboxMessageListResponse)
|
|
def list_profile_mailbox_messages(
|
|
profile_id: str,
|
|
folder: str = Query(default="INBOX", min_length=1, max_length=255),
|
|
limit: int | None = Query(default=None, ge=1, le=100),
|
|
offset: int = Query(default=0, ge=0, le=100000),
|
|
cursor: str | None = None,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_mailbox_read_scope(principal)
|
|
try:
|
|
imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)
|
|
effective_limit = _mailbox_cursor_limit(cursor, limit)
|
|
fingerprint = _mailbox_cursor_fingerprint(tenant_id=principal.tenant_id, profile_id=profile_id, folder=folder, limit=effective_limit)
|
|
effective_offset, after_uid, expected_uidvalidity, cursor_values = _mailbox_cursor_position(cursor, fingerprint=fingerprint, offset=offset)
|
|
result = list_imap_messages(
|
|
imap_config=imap,
|
|
folder=folder,
|
|
limit=effective_limit,
|
|
offset=effective_offset,
|
|
after_uid=after_uid,
|
|
expected_uidvalidity=expected_uidvalidity,
|
|
)
|
|
full = bool(cursor_values is not None and result.cursor_reset)
|
|
next_cursor, cursor_stable = _next_mailbox_cursor(
|
|
tenant_id=principal.tenant_id,
|
|
profile_id=profile_id,
|
|
folder=result.folder,
|
|
limit=result.limit,
|
|
offset=result.offset,
|
|
total_count=result.total_count,
|
|
uidvalidity=result.uidvalidity,
|
|
messages=result.messages,
|
|
)
|
|
return MailMailboxMessageListResponse(
|
|
profile_id=profile_id,
|
|
folder=result.folder,
|
|
host=result.host,
|
|
port=result.port,
|
|
security=result.security,
|
|
total_count=result.total_count,
|
|
offset=result.offset,
|
|
limit=result.limit,
|
|
cursor=cursor,
|
|
next_cursor=next_cursor,
|
|
cursor_stable=cursor_stable,
|
|
full=full or not cursor_stable,
|
|
messages=[_mailbox_summary_response(message) for message in result.messages],
|
|
)
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except ImapConfigurationError as exc:
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
except ImapAppendError as exc:
|
|
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc
|
|
|
|
|
|
@router.get("/profiles/{profile_id}/mailbox/messages/{message_uid}", response_model=MailMailboxMessageResponse)
|
|
def get_profile_mailbox_message(
|
|
profile_id: str,
|
|
message_uid: str,
|
|
folder: str = Query(default="INBOX", min_length=1, max_length=255),
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
session: Session = Depends(get_session),
|
|
):
|
|
_require_mailbox_read_scope(principal)
|
|
try:
|
|
imap = _imap_config_for_profile(session, tenant_id=principal.tenant_id, profile_id=profile_id)
|
|
result = get_imap_message(imap_config=imap, folder=folder, uid=message_uid)
|
|
return MailMailboxMessageResponse(
|
|
profile_id=profile_id,
|
|
folder=result.folder,
|
|
host=result.host,
|
|
port=result.port,
|
|
security=result.security,
|
|
message=_mailbox_detail_response(result.message),
|
|
)
|
|
except MailProfileError as exc:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=str(exc)) from exc
|
|
except ImapConfigurationError as exc:
|
|
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, detail=str(exc)) from exc
|
|
except ImapAppendError as exc:
|
|
status_code = status.HTTP_404_NOT_FOUND if "not found" in str(exc).casefold() else status.HTTP_502_BAD_GATEWAY
|
|
raise HTTPException(status_code=status_code, detail=str(exc)) from exc
|
|
|
|
|
|
def _safe_error_message(exc: Exception) -> str:
|
|
text = str(exc).strip()
|
|
return text or exc.__class__.__name__
|
|
|
|
|
|
@router.post("/test-smtp", response_model=MailConnectionTestResponse)
|
|
def test_smtp_settings(
|
|
payload: MailSmtpTestRequest,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
):
|
|
"""Test SMTP connectivity/login without sending any message."""
|
|
|
|
if not has_scope(principal, "mail:profile:test"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test")
|
|
if not has_scope(principal, "mail:secret:manage"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials")
|
|
try:
|
|
result = test_smtp_login(smtp_config=payload)
|
|
return MailConnectionTestResponse(
|
|
ok=True,
|
|
protocol="smtp",
|
|
host=result.host,
|
|
port=result.port,
|
|
security=result.security,
|
|
message="SMTP connection successful.",
|
|
details={"authenticated": result.authenticated},
|
|
)
|
|
except Exception as exc:
|
|
return MailConnectionTestResponse(
|
|
ok=False,
|
|
protocol="smtp",
|
|
host=payload.host,
|
|
port=payload.port,
|
|
security=payload.security.value,
|
|
message=_safe_error_message(exc),
|
|
details={"error_type": exc.__class__.__name__},
|
|
)
|
|
|
|
|
|
@router.post("/test-imap", response_model=MailConnectionTestResponse)
|
|
def test_imap_settings(
|
|
payload: MailImapTestRequest,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
):
|
|
"""Test IMAP connectivity/login without selecting or appending messages."""
|
|
|
|
if not has_scope(principal, "mail:profile:test"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test")
|
|
if not has_scope(principal, "mail:secret:manage"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials")
|
|
try:
|
|
result = test_imap_login(imap_config=payload)
|
|
return MailConnectionTestResponse(
|
|
ok=True,
|
|
protocol="imap",
|
|
host=result.host,
|
|
port=result.port,
|
|
security=result.security,
|
|
message="IMAP connection successful.",
|
|
details={"authenticated": result.authenticated},
|
|
)
|
|
except Exception as exc:
|
|
return MailConnectionTestResponse(
|
|
ok=False,
|
|
protocol="imap",
|
|
host=payload.host,
|
|
port=payload.port,
|
|
security=payload.security.value,
|
|
message=_safe_error_message(exc),
|
|
details={"error_type": exc.__class__.__name__},
|
|
)
|
|
|
|
|
|
@router.post("/list-imap-folders", response_model=MailImapFolderListResponse)
|
|
def list_imap_folder_settings(
|
|
payload: MailImapTestRequest,
|
|
principal: ApiPrincipal = Depends(get_api_principal),
|
|
):
|
|
"""List visible IMAP folders and return the best Sent-folder guess."""
|
|
|
|
if not has_scope(principal, "mail:profile:test"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Missing scope: mail_servers:test")
|
|
if not has_scope(principal, "mail:secret:manage"):
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Testing raw credentials requires mail_servers:manage_credentials")
|
|
try:
|
|
result = list_imap_folders(imap_config=payload)
|
|
folders = [MailImapFolderResponse(name=item.name, flags=item.flags, message_count=item.message_count, unseen_count=item.unseen_count) for item in result.folders]
|
|
return MailImapFolderListResponse(
|
|
ok=True,
|
|
host=result.host,
|
|
port=result.port,
|
|
security=result.security,
|
|
message=f"Found {len(folders)} IMAP folder(s).",
|
|
folders=folders,
|
|
detected_sent_folder=result.detected_sent_folder,
|
|
)
|
|
except Exception as exc:
|
|
return MailImapFolderListResponse(
|
|
ok=False,
|
|
host=payload.host,
|
|
port=payload.port,
|
|
security=payload.security.value,
|
|
message=_safe_error_message(exc),
|
|
folders=[],
|
|
detected_sent_folder=None,
|
|
details={"error_type": exc.__class__.__name__},
|
|
)
|