مراية لـ
https://github.com/postalserver/postal.git
تم المزامنة 2025-11-30 21:32:30 +00:00
refactor: move lib/postal/smtp_server to app/lib/smtp_server
هذا الالتزام موجود في:
Adam Cooke
@@ -1,6 +0,0 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Postal
|
||||
module SMTPServer
|
||||
end
|
||||
end
|
||||
@@ -1,510 +0,0 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require "resolv"
|
||||
require "nifty/utils/random_string"
|
||||
|
||||
module Postal
|
||||
module SMTPServer
|
||||
class Client
|
||||
|
||||
CRAM_MD5_DIGEST = OpenSSL::Digest.new("md5")
|
||||
LOG_REDACTION_STRING = "[redacted]"
|
||||
|
||||
attr_reader :logging_enabled
|
||||
attr_reader :credential
|
||||
attr_reader :ip_address
|
||||
attr_reader :recipients
|
||||
attr_reader :headers
|
||||
attr_reader :state
|
||||
attr_reader :helo_name
|
||||
|
||||
def initialize(ip_address)
|
||||
@logging_enabled = true
|
||||
@ip_address = ip_address
|
||||
if @ip_address
|
||||
check_ip_address
|
||||
@state = :welcome
|
||||
else
|
||||
@state = :preauth
|
||||
end
|
||||
transaction_reset
|
||||
end
|
||||
|
||||
def check_ip_address
|
||||
return unless @ip_address && Postal.config.smtp_server.log_exclude_ips && @ip_address =~ Regexp.new(Postal.config.smtp_server.log_exclude_ips)
|
||||
|
||||
@logging_enabled = false
|
||||
end
|
||||
|
||||
def transaction_reset
|
||||
@recipients = []
|
||||
@mail_from = nil
|
||||
@data = nil
|
||||
@headers = nil
|
||||
end
|
||||
|
||||
def id
|
||||
@id ||= Nifty::Utils::RandomString.generate(length: 6).upcase
|
||||
end
|
||||
|
||||
def handle(data)
|
||||
Postal.logger.tagged(id: id) do
|
||||
if @state == :preauth
|
||||
return proxy(data)
|
||||
end
|
||||
|
||||
log "\e[32m<= #{sanitize_input_for_log(data.strip)}\e[0m"
|
||||
if @proc
|
||||
@proc.call(data)
|
||||
|
||||
else
|
||||
handle_command(data)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def finished?
|
||||
@finished || false
|
||||
end
|
||||
|
||||
def start_tls?
|
||||
@start_tls || false
|
||||
end
|
||||
|
||||
attr_writer :start_tls
|
||||
|
||||
def handle_command(data)
|
||||
case data
|
||||
when /^QUIT/i then quit
|
||||
when /^STARTTLS/i then starttls
|
||||
when /^EHLO/i then ehlo(data)
|
||||
when /^HELO/i then helo(data)
|
||||
when /^RSET/i then rset
|
||||
when /^NOOP/i then noop
|
||||
when /^AUTH PLAIN/i then auth_plain(data)
|
||||
when /^AUTH LOGIN/i then auth_login(data)
|
||||
when /^AUTH CRAM-MD5/i then auth_cram_md5(data)
|
||||
when /^MAIL FROM/i then mail_from(data)
|
||||
when /^RCPT TO/i then rcpt_to(data)
|
||||
when /^DATA/i then data(data)
|
||||
else
|
||||
"502 Invalid/unsupported command"
|
||||
end
|
||||
end
|
||||
|
||||
def log(text)
|
||||
return false unless @logging_enabled
|
||||
|
||||
Postal.logger.debug(text, id: id)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def proxy(data)
|
||||
if m = data.match(/\APROXY (.+) (.+) (.+) (.+) (.+)\z/)
|
||||
@ip_address = m[2]
|
||||
check_ip_address
|
||||
@state = :welcome
|
||||
log "\e[35m Client identified as #{@ip_address}\e[0m"
|
||||
"220 #{Postal.config.dns.smtp_server_hostname} ESMTP Postal/#{id}"
|
||||
else
|
||||
@finished = true
|
||||
"502 Proxy Error"
|
||||
end
|
||||
end
|
||||
|
||||
def quit
|
||||
@finished = true
|
||||
"221 Closing Connection"
|
||||
end
|
||||
|
||||
def starttls
|
||||
if Postal.config.smtp_server.tls_enabled?
|
||||
@start_tls = true
|
||||
@tls = true
|
||||
"220 Ready to start TLS"
|
||||
else
|
||||
"502 TLS not available"
|
||||
end
|
||||
end
|
||||
|
||||
def ehlo(data)
|
||||
@helo_name = data.strip.split(" ", 2)[1]
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
[
|
||||
"250-My capabilities are",
|
||||
Postal.config.smtp_server.tls_enabled? && !@tls ? "250-STARTTLS" : nil,
|
||||
"250 AUTH CRAM-MD5 PLAIN LOGIN"
|
||||
].compact
|
||||
end
|
||||
|
||||
def helo(data)
|
||||
@helo_name = data.strip.split(" ", 2)[1]
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
"250 #{Postal.config.dns.smtp_server_hostname}"
|
||||
end
|
||||
|
||||
def rset
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
def noop
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
def auth_plain(data)
|
||||
handler = proc do |idata|
|
||||
@proc = nil
|
||||
idata = Base64.decode64(idata)
|
||||
parts = idata.split("\0")
|
||||
username = parts[-2]
|
||||
password = parts[-1]
|
||||
unless username && password
|
||||
next "535 Authenticated failed - protocol error"
|
||||
end
|
||||
|
||||
authenticate(password)
|
||||
end
|
||||
|
||||
data = data.gsub(/AUTH PLAIN ?/i, "")
|
||||
if data.strip == ""
|
||||
@proc = handler
|
||||
@password_expected_next = true
|
||||
"334"
|
||||
else
|
||||
handler.call(data)
|
||||
end
|
||||
end
|
||||
|
||||
def auth_login(data)
|
||||
password_handler = proc do |idata|
|
||||
@proc = nil
|
||||
password = Base64.decode64(idata)
|
||||
authenticate(password)
|
||||
end
|
||||
|
||||
username_handler = proc do
|
||||
@proc = password_handler
|
||||
@password_expected_next = true
|
||||
"334 UGFzc3dvcmQ6" # "Password:"
|
||||
end
|
||||
|
||||
data = data.gsub(/AUTH LOGIN ?/i, "")
|
||||
if data.strip == ""
|
||||
@proc = username_handler
|
||||
"334 VXNlcm5hbWU6" # "Username:"
|
||||
else
|
||||
username_handler.call(nil)
|
||||
end
|
||||
end
|
||||
|
||||
def authenticate(password)
|
||||
if @credential = Credential.where(type: "SMTP", key: password).first
|
||||
@credential.use
|
||||
"235 Granted for #{@credential.server.organization.permalink}/#{@credential.server.permalink}"
|
||||
else
|
||||
log "\e[33m WARN: AUTH failure for #{@ip_address}\e[0m"
|
||||
"535 Invalid credential"
|
||||
end
|
||||
end
|
||||
|
||||
def auth_cram_md5(data)
|
||||
challenge = Digest::SHA1.hexdigest(Time.now.to_i.to_s + rand(100_000).to_s)
|
||||
challenge = "<#{challenge[0, 20]}@#{Postal.config.dns.smtp_server_hostname}>"
|
||||
|
||||
handler = proc do |idata|
|
||||
@proc = nil
|
||||
username, password = Base64.decode64(idata).split(" ", 2).map { |a| a.chomp }
|
||||
org_permlink, server_permalink = username.split(/[\/_]/, 2)
|
||||
server = ::Server.includes(:organization).where(organizations: { permalink: org_permlink }, permalink: server_permalink).first
|
||||
if server.nil?
|
||||
log "\e[33m WARN: AUTH failure for #{@ip_address}\e[0m"
|
||||
next "535 Denied"
|
||||
end
|
||||
|
||||
grant = nil
|
||||
server.credentials.where(type: "SMTP").each do |credential|
|
||||
correct_response = OpenSSL::HMAC.hexdigest(CRAM_MD5_DIGEST, credential.key, challenge)
|
||||
next unless password == correct_response
|
||||
|
||||
@credential = credential
|
||||
@credential.use
|
||||
grant = "235 Granted for #{credential.server.organization.permalink}/#{credential.server.permalink}"
|
||||
break
|
||||
end
|
||||
|
||||
if grant.nil?
|
||||
log "\e[33m WARN: AUTH failure for #{@ip_address}\e[0m"
|
||||
next "535 Denied"
|
||||
end
|
||||
|
||||
grant
|
||||
end
|
||||
|
||||
@proc = handler
|
||||
"334 " + Base64.encode64(challenge).gsub(/[\r\n]/, "")
|
||||
end
|
||||
|
||||
def mail_from(data)
|
||||
unless in_state(:welcomed, :mail_from_received)
|
||||
return "503 EHLO/HELO first please"
|
||||
end
|
||||
|
||||
@state = :mail_from_received
|
||||
transaction_reset
|
||||
if data =~ /AUTH=/
|
||||
# Discard AUTH= parameter and anything that follows.
|
||||
# We don't need this parameter as we don't trust any client to set it
|
||||
mail_from_line = data.sub(/ *AUTH=.*/, "")
|
||||
else
|
||||
mail_from_line = data
|
||||
end
|
||||
@mail_from = mail_from_line.gsub(/MAIL FROM\s*:\s*/i, "").gsub(/.*</, "").gsub(/>.*/, "").strip
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
def rcpt_to(data)
|
||||
unless in_state(:mail_from_received, :rcpt_to_received)
|
||||
return "503 EHLO/HELO and MAIL FROM first please"
|
||||
end
|
||||
|
||||
rcpt_to = data.gsub(/RCPT TO\s*:\s*/i, "").gsub(/.*</, "").gsub(/>.*/, "").strip
|
||||
|
||||
if rcpt_to.blank?
|
||||
return "501 RCPT TO should not be empty"
|
||||
end
|
||||
|
||||
uname, domain = rcpt_to.split("@", 2)
|
||||
|
||||
if domain.blank?
|
||||
return "501 Invalid RCPT TO"
|
||||
end
|
||||
|
||||
uname, tag = uname.split("+", 2)
|
||||
|
||||
if domain == Postal.config.dns.return_path || domain =~ /\A#{Regexp.escape(Postal.config.dns.custom_return_path_prefix)}\./
|
||||
# This is a return path
|
||||
@state = :rcpt_to_received
|
||||
if server = ::Server.where(token: uname).first
|
||||
if server.suspended?
|
||||
"535 Mail server has been suspended"
|
||||
else
|
||||
log "Added bounce on server #{server.id}"
|
||||
@recipients << [:bounce, rcpt_to, server]
|
||||
"250 OK"
|
||||
end
|
||||
else
|
||||
"550 Invalid server token"
|
||||
end
|
||||
|
||||
elsif domain == Postal.config.dns.route_domain
|
||||
# This is an email direct to a route. This isn't actually supported yet.
|
||||
@state = :rcpt_to_received
|
||||
if route = Route.where(token: uname).first
|
||||
if route.server.suspended?
|
||||
"535 Mail server has been suspended"
|
||||
elsif route.mode == "Reject"
|
||||
"550 Route does not accept incoming messages"
|
||||
else
|
||||
log "Added route #{route.id} to recipients (tag: #{tag.inspect})"
|
||||
actual_rcpt_to = "#{route.name}#{tag ? "+#{tag}" : ''}@#{route.domain.name}"
|
||||
@recipients << [:route, actual_rcpt_to, route.server, { route: route }]
|
||||
"250 OK"
|
||||
end
|
||||
else
|
||||
"550 Invalid route token"
|
||||
end
|
||||
|
||||
elsif @credential
|
||||
# This is outgoing mail for an authenticated user
|
||||
@state = :rcpt_to_received
|
||||
if @credential.server.suspended?
|
||||
"535 Mail server has been suspended"
|
||||
else
|
||||
log "Added external address '#{rcpt_to}'"
|
||||
@recipients << [:credential, rcpt_to, @credential.server]
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
elsif uname && domain && route = Route.find_by_name_and_domain(uname, domain)
|
||||
# This is incoming mail for a route
|
||||
@state = :rcpt_to_received
|
||||
if route.server.suspended?
|
||||
"535 Mail server has been suspended"
|
||||
elsif route.mode == "Reject"
|
||||
"550 Route does not accept incoming messages"
|
||||
else
|
||||
log "Added route #{route.id} to recipients (tag: #{tag.inspect})"
|
||||
@recipients << [:route, rcpt_to, route.server, { route: route }]
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
else
|
||||
# User is trying to relay but is not authenticated. Try to authenticate by IP address
|
||||
@credential = Credential.where(type: "SMTP-IP").all.sort_by { |c| c.ipaddr&.prefix || 0 }.reverse.find do |credential|
|
||||
credential.ipaddr.include?(@ip_address) || (credential.ipaddr.ipv4? && credential.ipaddr.ipv4_mapped.include?(@ip_address))
|
||||
end
|
||||
|
||||
if @credential
|
||||
# Retry with credential
|
||||
@credential.use
|
||||
rcpt_to(data)
|
||||
else
|
||||
"530 Authentication required"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def data(_data)
|
||||
unless in_state(:rcpt_to_received)
|
||||
return "503 HELO/EHLO, MAIL FROM and RCPT TO before sending data"
|
||||
end
|
||||
|
||||
@data = String.new.force_encoding("BINARY")
|
||||
@headers = {}
|
||||
@receiving_headers = true
|
||||
|
||||
received_header = Postal::ReceivedHeader.generate(@credential&.server, @helo_name, @ip_address, :smtp)
|
||||
.force_encoding("BINARY")
|
||||
|
||||
@data << "Received: #{received_header}\r\n"
|
||||
@headers["received"] = [received_header]
|
||||
|
||||
handler = proc do |idata|
|
||||
if idata == "."
|
||||
@logging_enabled = true
|
||||
@proc = nil
|
||||
finished
|
||||
else
|
||||
idata = idata.to_s.sub(/\A\.\./, ".")
|
||||
|
||||
if @credential&.server&.log_smtp_data?
|
||||
# We want to log if enabled
|
||||
else
|
||||
log "Not logging further message data."
|
||||
@logging_enabled = false
|
||||
end
|
||||
|
||||
if @receiving_headers
|
||||
if idata.blank?
|
||||
@receiving_headers = false
|
||||
elsif idata.to_s =~ /^\s/
|
||||
# This is a continuation of a header
|
||||
if @header_key && @headers[@header_key.downcase] && @headers[@header_key.downcase].last
|
||||
@headers[@header_key.downcase].last << idata.to_s
|
||||
end
|
||||
else
|
||||
@header_key, value = idata.split(/:\s*/, 2)
|
||||
@headers[@header_key.downcase] ||= []
|
||||
@headers[@header_key.downcase] << value
|
||||
end
|
||||
end
|
||||
@data << idata
|
||||
@data << "\r\n"
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
@proc = handler
|
||||
"354 Go ahead"
|
||||
end
|
||||
|
||||
def finished
|
||||
if @data.bytesize > Postal.config.smtp_server.max_message_size.megabytes.to_i
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
return format("552 Message too large (maximum size %dMB)", Postal.config.smtp_server.max_message_size)
|
||||
end
|
||||
|
||||
if @headers["received"].grep(/by #{Postal.config.dns.smtp_server_hostname}/).count > 4
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
return "550 Loop detected"
|
||||
end
|
||||
|
||||
authenticated_domain = nil
|
||||
if @credential
|
||||
authenticated_domain = @credential.server.find_authenticated_domain_from_headers(@headers)
|
||||
if authenticated_domain.nil?
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
return "530 From/Sender name is not valid"
|
||||
end
|
||||
end
|
||||
|
||||
@recipients.each do |recipient|
|
||||
type, rcpt_to, server, options = recipient
|
||||
|
||||
case type
|
||||
when :credential
|
||||
# Outgoing messages are just inserted
|
||||
message = server.message_db.new_message
|
||||
message.rcpt_to = rcpt_to
|
||||
message.mail_from = @mail_from
|
||||
message.raw_message = @data
|
||||
message.received_with_ssl = @tls
|
||||
message.scope = "outgoing"
|
||||
message.domain_id = authenticated_domain&.id
|
||||
message.credential_id = @credential.id
|
||||
message.save
|
||||
|
||||
when :bounce
|
||||
if rp_route = server.routes.where(name: "__returnpath__").first
|
||||
# If there's a return path route, we can use this to create the message
|
||||
rp_route.create_messages do |msg|
|
||||
msg.rcpt_to = rcpt_to
|
||||
msg.mail_from = @mail_from
|
||||
msg.raw_message = @data
|
||||
msg.received_with_ssl = @tls
|
||||
msg.bounce = 1
|
||||
end
|
||||
else
|
||||
# There's no return path route, we just need to insert the mesage
|
||||
# without going through the route.
|
||||
message = server.message_db.new_message
|
||||
message.rcpt_to = rcpt_to
|
||||
message.mail_from = @mail_from
|
||||
message.raw_message = @data
|
||||
message.received_with_ssl = @tls
|
||||
message.scope = "incoming"
|
||||
message.bounce = 1
|
||||
message.save
|
||||
end
|
||||
when :route
|
||||
options[:route].create_messages do |message|
|
||||
message.rcpt_to = rcpt_to
|
||||
message.mail_from = @mail_from
|
||||
message.raw_message = @data
|
||||
message.received_with_ssl = @tls
|
||||
end
|
||||
end
|
||||
end
|
||||
transaction_reset
|
||||
@state = :welcomed
|
||||
"250 OK"
|
||||
end
|
||||
|
||||
def in_state(*states)
|
||||
states.include?(@state)
|
||||
end
|
||||
|
||||
def sanitize_input_for_log(data)
|
||||
if @password_expected_next
|
||||
@password_expected_next = false
|
||||
if data =~ /\A[a-z0-9]{3,}=*\z/i
|
||||
return LOG_REDACTION_STRING
|
||||
end
|
||||
end
|
||||
|
||||
data = data.dup
|
||||
data.gsub!(/(.*AUTH \w+) (.*)\z/i) { "#{::Regexp.last_match(1)} #{LOG_REDACTION_STRING}" }
|
||||
data
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -1,274 +0,0 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require "ipaddr"
|
||||
require "nio"
|
||||
|
||||
module Postal
|
||||
module SMTPServer
|
||||
class Server
|
||||
|
||||
def initialize(options = {})
|
||||
@options = options
|
||||
@options[:debug] ||= false
|
||||
prepare_environment
|
||||
end
|
||||
|
||||
def run
|
||||
logger.tagged(component: "smtp-server") do
|
||||
listen
|
||||
run_event_loop
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def prepare_environment
|
||||
$\ = "\r\n"
|
||||
BasicSocket.do_not_reverse_lookup = true
|
||||
|
||||
trap("TERM") do
|
||||
$stdout.puts "Received TERM signal, shutting down."
|
||||
unlisten
|
||||
end
|
||||
|
||||
trap("INT") do
|
||||
$stdout.puts "Received INT signal, shutting down."
|
||||
unlisten
|
||||
end
|
||||
end
|
||||
|
||||
def ssl_context
|
||||
@ssl_context ||= begin
|
||||
ssl_context = OpenSSL::SSL::SSLContext.new
|
||||
ssl_context.cert = Postal.smtp_certificates[0]
|
||||
ssl_context.extra_chain_cert = Postal.smtp_certificates[1..]
|
||||
ssl_context.key = Postal.smtp_private_key
|
||||
ssl_context.ssl_version = Postal.config.smtp_server.ssl_version if Postal.config.smtp_server.ssl_version
|
||||
ssl_context.ciphers = Postal.config.smtp_server.tls_ciphers if Postal.config.smtp_server.tls_ciphers
|
||||
ssl_context
|
||||
end
|
||||
end
|
||||
|
||||
def listen
|
||||
@server = TCPServer.open(Postal.config.smtp_server.bind_address, Postal.config.smtp_server.port)
|
||||
@server.autoclose = false
|
||||
@server.close_on_exec = false
|
||||
if defined?(Socket::SOL_SOCKET) && defined?(Socket::SO_KEEPALIVE)
|
||||
@server.setsockopt(Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, true)
|
||||
end
|
||||
if defined?(Socket::SOL_TCP) && defined?(Socket::TCP_KEEPIDLE) && defined?(Socket::TCP_KEEPINTVL) && defined?(Socket::TCP_KEEPCNT)
|
||||
@server.setsockopt(Socket::SOL_TCP, Socket::TCP_KEEPIDLE, 50)
|
||||
@server.setsockopt(Socket::SOL_TCP, Socket::TCP_KEEPINTVL, 10)
|
||||
@server.setsockopt(Socket::SOL_TCP, Socket::TCP_KEEPCNT, 5)
|
||||
end
|
||||
logger.info "Listening on #{Postal.config.smtp_server.bind_address}:#{Postal.config.smtp_server.port}"
|
||||
end
|
||||
|
||||
def unlisten
|
||||
# Instruct the nio loop to unlisten and wake it
|
||||
@unlisten = true
|
||||
@io_selector.wakeup
|
||||
end
|
||||
|
||||
def run_event_loop
|
||||
# Set up an instance of nio4r to monitor for connections and data
|
||||
@io_selector = NIO::Selector.new
|
||||
# Register the SMTP listener
|
||||
@io_selector.register(@server, :r)
|
||||
# Create a hash to contain a buffer for each client.
|
||||
buffers = Hash.new { |h, k| h[k] = String.new.force_encoding("BINARY") }
|
||||
loop do
|
||||
# Wait for an event to occur
|
||||
@io_selector.select do |monitor|
|
||||
# Get the IO from the nio monitor
|
||||
io = monitor.io
|
||||
# Is this event an incoming connection?
|
||||
if io.is_a?(TCPServer)
|
||||
begin
|
||||
# Accept the connection
|
||||
new_io = io.accept
|
||||
if Postal.config.smtp_server.proxy_protocol
|
||||
# If we are using the haproxy proxy protocol, we will be sent the
|
||||
# client's IP later. Delay the welcome process.
|
||||
client = Client.new(nil)
|
||||
if Postal.config.smtp_server.log_connect
|
||||
logger.debug "[#{client.id}] \e[35m Connection opened from #{new_io.remote_address.ip_address}\e[0m"
|
||||
end
|
||||
else
|
||||
# We're not using the proxy protocol so we already know the client's IP
|
||||
client = Client.new(new_io.remote_address.ip_address)
|
||||
if Postal.config.smtp_server.log_connect
|
||||
logger.debug "[#{client.id}] \e[35m Connection opened from #{new_io.remote_address.ip_address}\e[0m"
|
||||
end
|
||||
# We know who the client is, welcome them.
|
||||
client.log "\e[35m Client identified as #{new_io.remote_address.ip_address}\e[0m"
|
||||
new_io.print("220 #{Postal.config.dns.smtp_server_hostname} ESMTP Postal/#{client.id}")
|
||||
end
|
||||
# Register the client and its socket with nio4r
|
||||
monitor = @io_selector.register(new_io, :r)
|
||||
monitor.value = client
|
||||
rescue StandardError => e
|
||||
# If something goes wrong, log as appropriate and disconnect the client
|
||||
if defined?(Sentry)
|
||||
Sentry.capture_exception(e, extra: { log_id: begin
|
||||
client.id
|
||||
rescue StandardError
|
||||
nil
|
||||
end })
|
||||
end
|
||||
logger.error "An error occurred while accepting a new client."
|
||||
logger.error "#{e.class}: #{e.message}"
|
||||
e.backtrace.each do |line|
|
||||
logger.error line
|
||||
end
|
||||
begin
|
||||
new_io.close
|
||||
rescue StandardError
|
||||
nil
|
||||
end
|
||||
end
|
||||
else
|
||||
# This event is not an incoming connection so it must be data from a client
|
||||
begin
|
||||
# Get the client from the nio monitor
|
||||
client = monitor.value
|
||||
# For now we assume the connection isn't closed
|
||||
eof = false
|
||||
# Is the client negotiating a TLS handshake?
|
||||
if client.start_tls?
|
||||
begin
|
||||
# Can we accept the TLS connection at this time?
|
||||
io.accept_nonblock
|
||||
# We were able to accept the connection, the client is no longer handshaking
|
||||
client.start_tls = false
|
||||
rescue IO::WaitReadable, IO::WaitWritable => e
|
||||
# Could not accept without blocking
|
||||
# We will try again later
|
||||
next
|
||||
rescue OpenSSL::SSL::SSLError => e
|
||||
client.log "SSL Negotiation Failed: #{e.message}"
|
||||
eof = true
|
||||
end
|
||||
else
|
||||
# The client is not negotiating a TLS handshake at this time
|
||||
begin
|
||||
# Read 10kiB of data at a time from the socket.
|
||||
buffers[io] << io.readpartial(10_240)
|
||||
|
||||
# There is an extra step for SSL sockets
|
||||
if io.is_a?(OpenSSL::SSL::SSLSocket)
|
||||
buffers[io] << io.readpartial(10_240) while io.pending.positive?
|
||||
end
|
||||
rescue EOFError, Errno::ECONNRESET, Errno::ETIMEDOUT
|
||||
# Client went away
|
||||
eof = true
|
||||
end
|
||||
|
||||
# Normalize all \r\n and \n to \r\n, but ignore only \r.
|
||||
# A \r\n may be split in 2 buffers (\n in one buffer and \r in the other)
|
||||
buffers[io] = buffers[io].gsub(/\r/, "").encode(buffers[io].encoding, crlf_newline: true)
|
||||
|
||||
# We line buffer, so look to see if we have received a newline
|
||||
# and keep doing so until all buffered lines have been processed.
|
||||
while buffers[io].index("\r\n")
|
||||
# Extract the line
|
||||
line, buffers[io] = buffers[io].split("\r\n", 2)
|
||||
|
||||
# Send the received line to the client object for processing
|
||||
result = client.handle(line)
|
||||
# If the client object returned some data, write it back to the client
|
||||
next if result.nil?
|
||||
|
||||
result = [result] unless result.is_a?(Array)
|
||||
result.compact.each do |iline|
|
||||
client.log "\e[34m=> #{iline.strip}\e[0m"
|
||||
begin
|
||||
io.write(iline.to_s + "\r\n")
|
||||
io.flush
|
||||
rescue Errno::ECONNRESET
|
||||
# Client disconnected before we could write response
|
||||
eof = true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Did the client request STARTTLS?
|
||||
if !eof && client.start_tls?
|
||||
# Deregister the unencrypted IO
|
||||
@io_selector.deregister(io)
|
||||
buffers.delete(io)
|
||||
io = OpenSSL::SSL::SSLSocket.new(io, ssl_context)
|
||||
# Close the underlying IO when the TLS socket is closed
|
||||
io.sync_close = true
|
||||
# Register the new TLS socket with nio
|
||||
monitor = @io_selector.register(io, :r)
|
||||
monitor.value = client
|
||||
end
|
||||
end
|
||||
|
||||
# Has the client requested we close the connection?
|
||||
if client.finished? || eof
|
||||
client.log "\e[35m Connection closed\e[0m"
|
||||
# Deregister the socket and close it
|
||||
@io_selector.deregister(io)
|
||||
buffers.delete(io)
|
||||
io.close
|
||||
# If we have no more clients or listeners left, exit the process
|
||||
if @io_selector.empty?
|
||||
Process.exit(0)
|
||||
end
|
||||
end
|
||||
rescue StandardError => e
|
||||
# Something went wrong, log as appropriate
|
||||
client_id = client ? client.id : "------"
|
||||
if defined?(Sentry)
|
||||
Sentry.capture_exception(e, extra: { log_id: begin
|
||||
client.id
|
||||
rescue StandardError
|
||||
nil
|
||||
end })
|
||||
end
|
||||
logger.error "[#{client_id}] An error occurred while processing data from a client."
|
||||
logger.error "[#{client_id}] #{e.class}: #{e.message}"
|
||||
e.backtrace.each do |iline|
|
||||
logger.error "[#{client_id}] #{iline}"
|
||||
end
|
||||
# Close all IO and forget this client
|
||||
begin
|
||||
@io_selector.deregister(io)
|
||||
rescue StandardError
|
||||
nil
|
||||
end
|
||||
buffers.delete(io)
|
||||
begin
|
||||
io.close
|
||||
rescue StandardError
|
||||
nil
|
||||
end
|
||||
if @io_selector.empty?
|
||||
Process.exit(0)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
# If unlisten has been called, stop listening
|
||||
next unless @unlisten
|
||||
|
||||
@io_selector.deregister(@server)
|
||||
@server.close
|
||||
# If there's nothing left to do, shut down the process
|
||||
if @io_selector.empty?
|
||||
Process.exit(0)
|
||||
end
|
||||
# Clear the request
|
||||
@unlisten = false
|
||||
end
|
||||
end
|
||||
|
||||
def logger
|
||||
Postal.logger
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
المرجع في مشكلة جديدة
حظر مستخدم