mirror of https://github.com/h44z/wg-portal.git
add ssl/tls option for email encryption (#13)
This commit is contained in:
Christoph Haas
parent
7042523c54
commit
926733dea4
|
|
@ -124,7 +124,8 @@ The following configuration options are available:
|
||||||
| DATABASE_PASSWORD | password | database | | The mysql password. |
|
| DATABASE_PASSWORD | password | database | | The mysql password. |
|
||||||
| EMAIL_HOST | host | email | 127.0.0.1 | The email server address. |
|
| EMAIL_HOST | host | email | 127.0.0.1 | The email server address. |
|
||||||
| EMAIL_PORT | port | email | 25 | The email server port. |
|
| EMAIL_PORT | port | email | 25 | The email server port. |
|
||||||
| EMAIL_TLS | tls | email | false | Use STARTTLS. |
|
| EMAIL_TLS | tls | email | false | Use STARTTLS. DEPRECATED: use EMAIL_ENCRYPTION instead. |
|
||||||
|
| EMAIL_ENCRYPTION | encryption | email | none | Either none, tls or starttls. |
|
||||||
| EMAIL_CERT_VALIDATION | certcheck | email | false | Validate the email server certificate. |
|
| EMAIL_CERT_VALIDATION | certcheck | email | false | Validate the email server certificate. |
|
||||||
| EMAIL_USERNAME | user | email | | An optional username for SMTP authentication. |
|
| EMAIL_USERNAME | user | email | | An optional username for SMTP authentication. |
|
||||||
| EMAIL_PASSWORD | pass | email | | An optional password for SMTP authentication. |
|
| EMAIL_PASSWORD | pass | email | | An optional password for SMTP authentication. |
|
||||||
|
|
|
||||||
|
|
@ -7,13 +7,24 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
|
||||||
"github.com/jordan-wright/email"
|
"github.com/jordan-wright/email"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type MailEncryption string
|
||||||
|
|
||||||
|
const (
|
||||||
|
MailEncryptionNone MailEncryption = "none"
|
||||||
|
MailEncryptionTLS MailEncryption = "tls"
|
||||||
|
MailEncryptionStartTLS MailEncryption = "starttls"
|
||||||
|
)
|
||||||
|
|
||||||
type MailConfig struct {
|
type MailConfig struct {
|
||||||
Host string `yaml:"host" envconfig:"EMAIL_HOST"`
|
Host string `yaml:"host" envconfig:"EMAIL_HOST"`
|
||||||
Port int `yaml:"port" envconfig:"EMAIL_PORT"`
|
Port int `yaml:"port" envconfig:"EMAIL_PORT"`
|
||||||
TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"`
|
TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"` // Deprecated, use MailConfig.Encryption instead.
|
||||||
|
Encryption MailEncryption `yaml:"encryption" envconfig:"EMAIL_ENCRYPTION"`
|
||||||
CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"`
|
CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"`
|
||||||
Username string `yaml:"user" envconfig:"EMAIL_USERNAME"`
|
Username string `yaml:"user" envconfig:"EMAIL_USERNAME"`
|
||||||
Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"`
|
Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"`
|
||||||
|
|
@ -64,16 +75,24 @@ func SendEmailWithAttachments(cfg MailConfig, sender, replyTo, subject, body str
|
||||||
for _, attachment := range attachments {
|
for _, attachment := range attachments {
|
||||||
a, err := e.Attach(attachment.Data, attachment.Name, attachment.ContentType)
|
a, err := e.Attach(attachment.Data, attachment.Name, attachment.ContentType)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return errors.Wrapf(err, "failed to attach %s to mailbody", attachment.Name)
|
||||||
}
|
}
|
||||||
if attachment.Embedded {
|
if attachment.Embedded {
|
||||||
a.HTMLRelated = true
|
a.HTMLRelated = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: remove this once the deprecated MailConfig.TLS config option has been removed
|
||||||
if cfg.TLS {
|
if cfg.TLS {
|
||||||
|
cfg.Encryption = MailEncryptionStartTLS
|
||||||
|
}
|
||||||
|
|
||||||
|
switch cfg.Encryption {
|
||||||
|
case MailEncryptionTLS:
|
||||||
|
return e.SendWithTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation})
|
||||||
|
case MailEncryptionStartTLS:
|
||||||
return e.SendWithStartTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation})
|
return e.SendWithStartTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation})
|
||||||
} else {
|
default: // MailEncryptionNone
|
||||||
return e.Send(hostname, auth)
|
return e.Send(hostname, auth)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -112,6 +112,7 @@ func NewConfig() *Config {
|
||||||
cfg.WG.ManageIPAddresses = true
|
cfg.WG.ManageIPAddresses = true
|
||||||
cfg.Email.Host = "127.0.0.1"
|
cfg.Email.Host = "127.0.0.1"
|
||||||
cfg.Email.Port = 25
|
cfg.Email.Port = 25
|
||||||
|
cfg.Email.Encryption = common.MailEncryptionNone
|
||||||
|
|
||||||
// Load config from file and environment
|
// Load config from file and environment
|
||||||
cfgFile, ok := os.LookupEnv("CONFIG_FILE")
|
cfgFile, ok := os.LookupEnv("CONFIG_FILE")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue