StephanRichter
/
Widerhall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Java-basierte Mailinglisten-Anwendung, die auf IMAP+SMTP aufsetzt, und damit (fast) jede Mailbox in eine Mailingliste verwandeln kann.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 Commits
4 Branches
0 Tags
3.0 MiB
 
 
 
 
Tree: 9177851150
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9177851150'
${ noResults }
Widerhall/src/main/java/de/srsoftware/widerhall/web/Web.java

609 lines
25 KiB
Raw Blame History

package de.srsoftware.widerhall.web;
import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList;
import de.srsoftware.widerhall.data.Post;
import de.srsoftware.widerhall.data.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.mail.MessagingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.HEAD;
import java.io.IOException;
import java.nio.file.Files;
import java.security.InvalidKeyException;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Map;
import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t;
import static de.srsoftware.widerhall.data.MailingList.*;
import static de.srsoftware.widerhall.data.User.PERMISSION_ADMIN;
public class Web extends TemplateServlet {
public static final String WEB_ROOT = "/web";
private static final String ADD_LIST = "add_list";
private static final String CONFIRM = "confirm";
private static final String CSS = "css";
private static final Logger LOG = LoggerFactory.getLogger(Web.class);
private static final String ADMIN = "admin";
private static final String EDIT_LIST = "edit_list";
private static final String INSPECT = "inspect";
private static final String LOGIN = "login";
private static final String LOGOUT = "logout";
private static final String POST = "post";
private static final String REGISTER = "register";
private static final String RELOAD = "reload";
private static final String SUBSCRIBE = "subscribe";
private static final String UNSUBSCRIBE = "unsubscribe";
private static final String IMAP_HOST = "imap_host";
private static final String IMAP_PORT = "imap_port";
private static final String IMAP_USER = "imap_user";
private static final String IMAP_PASS = "imap_pass";
private static final String SMTP_HOST = "smtp_host";
private static final String SMTP_PORT = "smtp_port";
private static final String SMTP_USER = "smtp_user";
private static final String SMTP_PASS = "smtp_pass";
private static final int PRIMARY_KEY_CONSTRAINT = 19;
private String addList(HttpServletRequest req, HttpServletResponse resp) {
var user = Util.getUser(req);
if (user == null) return redirectTo(LOGIN,resp);
var data = new HashMap<String, Object>();
data.put(USER, user.safeMap());
if (!user.hashPermission(User.PERMISSION_CREATE_LISTS)){
data.put(ERROR,t("Ihnen ist es nicht gestattet, neue Mailinglisten anzulegen!"));
return loadTemplate(ADMIN,data,resp);
}
var name = req.getParameter(NAME);
data.put(NAME, name);
var email = req.getParameter(EMAIL);
data.put(EMAIL, email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST, imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER, imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var inbox = req.getParameter(INBOX);
if (inbox == null || inbox.isBlank()) inbox = DEFAULT_INBOX;
data.put(INBOX, inbox);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST, smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER, smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT, imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT, smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR, "Name und Adresse der Liste sind notwendige Felder!");
return loadTemplate(ADD_LIST, data, resp);
}
if (!Util.isEmail(email)) {
data.put(ERROR, t("Listen-E-Mail-Adresse ({}) ist keine gültige E-Mail-Adresse!", email));
return loadTemplate(ADD_LIST, data, resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR, "IMAP-Zugangsdaten sind erforderlich!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT, imapPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR, "SMTP-Zugangsdaten sind erforderlich!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT, smtpPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
try {
var list = MailingList.create(email, name, imapHost, imapPort, imapUser, imapPass, inbox, smtpHost, smtpPort, smtpUser, smtpPass);
ListMember.create(list, user, ListMember.STATE_OWNER);
return redirectTo(ADMIN, resp);
} catch (SQLException e) {
return t("Erzeugen der Liste '{}' fehlgeschlagen: {}", name, e.getMessage());
}
}
private String archive(HttpServletRequest req, HttpServletResponse resp) {
var map = new HashMap<String,Object>();
var list = Util.getMailingList(req);
map.put(LIST,list.email());
var month = req.getParameter(MONTH);
if (month != null && !month.isBlank())map.put(MONTH,month);
return loadTemplate(ARCHIVE,map,resp);
}
private String confirm(HttpServletRequest req, HttpServletResponse resp) {
try {
var token = req.getParameter(TOKEN);
if (token== null || token.isBlank()) return t("Ungültiger oder fehlender Token!");
var listMember = ListMember.confirm(token);
if (listMember != null) {
listMember.sendConfirmationMail(getTemplate("confirmation_mail"));
return loadTemplate(INDEX,Map.of(USER,listMember.user().safeMap(),NOTES,"Listen-Mitgliedschaft bestätigt!"),resp);
}
return t("Nutzer oder Token unbekannt");
} catch (Exception e) {
LOG.debug("Bestätigung des Listen-Abonnements fehlgeschlagen:",e);
return t("Bestätigung des Listen-Abonnements fehlgeschlagen!");
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String error = handleGet(req, resp);
if (error != null) resp.sendError(400,error);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String error = handlePost(req, resp);
if (error != null) resp.sendError(400,error);
}
public String editList(HttpServletRequest req, HttpServletResponse resp) {
var user = Util.getUser(req);
if (user == null) return redirectTo(LOGIN,resp);
var data = new HashMap<String, Object>();
data.put(USER,user.safeMap());
var list = Util.getMailingList(req);
data.put(LIST,list.safeMap());
try {
var allowed = user.hashPermission(PERMISSION_ADMIN) || ListMember.load(list,user).isOwner();
if (!allowed) return loadTemplate(ADMIN,data,resp);
var name = req.getParameter(NAME);
data.put(NAME, name);
var email = req.getParameter(EMAIL);
data.put(EMAIL, email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST, imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER, imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var inbox = req.getParameter(INBOX);
if (inbox == null || inbox.isBlank()) inbox = DEFAULT_INBOX;
data.put(INBOX, inbox);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST, smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER, smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT, imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT, smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR, "Listen-Name und -adresse sind erforderlich!");
return loadTemplate(EDIT_LIST, data, resp);
}
if (!Util.isEmail(email)) {
data.put(ERROR, t("Listen-E-Mail ({}) ist keine gültige Mailadresse!", email));
return loadTemplate(EDIT_LIST, data, resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR, "IMAP-Zugangsdaten sind erforderlich!");
return loadTemplate(EDIT_LIST, data, resp);
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT, imapPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(IMAP_PORT)));
return loadTemplate(EDIT_LIST, data, resp);
}
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR, "SMTP-Zugangsdaten sind erforderlich!");
return loadTemplate(EDIT_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT, smtpPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(SMTP_PORT)));
return loadTemplate(EDIT_LIST, data, resp);
}
list.update(name,email,imapHost,imapPort,imapUser,imapPass,inbox,smtpHost,smtpPort,smtpUser,smtpPass);
return loadTemplate(ADMIN,data,resp);
} catch (SQLException e) {
LOG.warn("Editing list {} by {} failed",list.email(),user.email(),e);
return t("Bearbeiten der Liste {} durch {} fehlgeschlagen",list.email(),user.email());
}
}
private SQLException getCausingException(SQLException sqle) {
Throwable cause = sqle.getCause();
while (cause instanceof SQLException){
sqle = (SQLException) cause;
cause = sqle.getCause();
}
return sqle;
}
private User getSessionUser(HttpServletRequest req) {
return req.getSession().getAttribute(USER) instanceof User user ? user : null;
}
private String handleGet(HttpServletRequest req, HttpServletResponse resp) {
var path = Util.getPath(req);
var user = Util.getUser(req);
var data = new HashMap<String,Object>();
var list = Util.getMailingList(req);
if (user != null) data.put(USER,user.safeMap());
if (list != null) data.put(LIST,list.minimalMap());
String notes = null;
switch (path){
case ARCHIVE:
return archive(req,resp);
case CONFIRM:
return confirm(req,resp);
case POST:
return post(req,resp);
case RELOAD:
loadTemplates();
data.put(NOTES,t("Vorlagen wurden neu geladen"));
path = INDEX;
case CSS:
case INDEX:
return loadTemplate(path,data,resp);
case SUBSCRIBE:
if (list.isOpenFor(user)) {
data.put(LIST,list.email());
return loadTemplate(path, data, resp);
}
return t("Es ist ihnen nicht gestattet, '{}' zu abonnieren!",list.email());
case "js":
resp.setContentType("text/javascript");
return loadTemplate(path,data,resp);
case LOGIN:
try {
if (User.noUsers()) return loadTemplate(REGISTER, Map.of(NOTES,t("Nutzer-Datenbank ist leer. Admin-Nutzer wird hiermit angelegt:")), resp);
return loadTemplate(path,null,resp);
} catch (SQLException e) {
return "Fehler beim Lesen der Datenbank!";
}
case LOGOUT:
req.getSession().invalidate();
return redirectTo(INDEX,resp);
case "jquery":
resp.setContentType("text/javascript");
return loadFile("jquery-3.6.0.min.js",resp);
case "OpenSans-Regular.woff":
resp.setContentType("font/woff");
return loadFile("OpenSans-Regular.woff",resp);
case "Bhineka.ttf":
resp.setContentType("font/ttf");
return loadFile("Bhineka.ttf",resp); case UNSUBSCRIBE:
data.put(LIST,list.email());
return loadTemplate(path,data,resp);
}
if (user != null){
if (list != null) data.put(LIST,req.getParameter(LIST));
switch (path){
case EDIT_LIST:
return editList(req,resp);
}
return loadTemplate(path,data,resp);
}
return redirectTo(LOGIN,resp);
}
private String handleLogin(HttpServletRequest req, HttpServletResponse resp) {
var email = req.getParameter("email");
var pass = req.getParameter("pass");
if (email == null || pass == null) return loadTemplate("login", Map.of("error",t("Nutzername oder Passwort fehlen!")), resp);
if (!Util.isEmail(email)) return loadTemplate("login", Map.of("error",t("'{}' ist keine gültige Mailadresse!",email)), resp);
try {
var user = User.loadUser(email,pass);
req.getSession().setAttribute("user",user);
// loading user successfull: goto index
resp.sendRedirect(String.join("/",WEB_ROOT,"admin"));
} catch (Exception e) {
try {
LOG.warn("Static.handleLogin fehlgeschlagen:",e);
Thread.sleep(10000);
} finally {
return loadTemplate("login", Map.of(ERROR,t("Ungültiger Nutzername oder ungültiges Passwort!"),EMAIL,email), resp);
}
}
return null;
}
private String handlePost(HttpServletRequest req, HttpServletResponse resp) {
final var path = Util.getPath(req);
switch (path){
case ADD_LIST:
return addList(req,resp);
case EDIT_LIST:
return editList(req,resp);
case INSPECT:
return inspect(req,resp);
case LOGIN:
return handleLogin(req,resp);
case REGISTER:
return registerUser(req,resp);
case SUBSCRIBE:
return subscribe(req,resp);
case UNSUBSCRIBE:
return unsubscribe(req,resp);
}
return t("Kein Handler für den Pfad '{}'!",path);
}
private String inspect(HttpServletRequest req, HttpServletResponse resp) {
var user = Util.getUser(req);
if (user == null) return redirectTo(LOGIN,resp);
var data = new HashMap<String,Object>();
var error = false;
var list = Util.getMailingList(req);
if (list == null) {
error = true;
data.put(ERROR, t("Keine gültige MailingListe übermittelt!"));
} else data.put(LIST, list.email());
if (!error && !list.mayBeAlteredBy(user)) {
error = true;
data.put(ERROR,t("Es ist Ihnen nicht gestattet, die Einselltungen dieser Mailingliste zu verändern!"));
}
if (!error){
try {
list.forwardFrom(Util.getCheckbox(req, KEY_FORWARD_FROM))
.forwardAttached(Util.getCheckbox(req, KEY_FORWARD_ATTACHED))
.hideReceivers(Util.getCheckbox(req, KEY_HIDE_RECEIVERS))
.replyToList(Util.getCheckbox(req, KEY_REPLY_TO_LIST))
.modsMayNominateMods(Util.getCheckbox(req, KEY_MODS_CAN_EDIT_MODS))
.openForGuests(Util.getCheckbox(req,KEY_OPEN_FOR_GUESTS))
.openForSubscribers(Util.getCheckbox(req,KEY_OPEN_FOR_SUBSCRIBERS))
.archive(Util.getCheckbox(req,KEY_ARCHIVE))
.deleteMessages(Util.getCheckbox(req,KEY_DELETE_MESSAGES),req.getParameter(HOLD_TIME));
data.put(NOTES,t("Mailing-Liste aktualisiert!"));
} catch (SQLException e){
LOG.warn("Aktualisierung der Mailing-Liste fehlgeschlagen:",e);
data.put(ERROR,t("Aktualisierung der Mailing-Liste fehlgeschlagen!"));
}
}
return loadTemplate(INSPECT,data,resp);
}
private String post(HttpServletRequest req, HttpServletResponse resp) {
var id = req.getParameter(ID);
if (id == null) return t("Could not find email with id!");
try {
var post = Post.load(id);
var map = new HashMap<String,Object>();
map.putAll(post.safeMap());
String content = Files.readString(post.file().toPath());
map.put("text",Util.dropEmail(content));
return loadTemplate("post",map,resp);
} catch (SQLException | IOException e) {
LOG.debug("Failed to load post from file!",e);
return t("Laden der Nachricht aus Datei fehlgeschlagen!");
}
}
private String redirectTo(String page, HttpServletResponse resp) {
try {
resp.sendRedirect(String.join("/",WEB_ROOT,page));
return null;
} catch (IOException e) {
return t("Weiterleitung nach {} fehlgeschlagen: {}", page, e.getMessage());
}
}
private String registerUser(HttpServletRequest req, HttpServletResponse resp) {
var email = req.getParameter("email");
var pass = req.getParameter("pass");
var pass_repeat = req.getParameter("pass_repeat");
var name = req.getParameter("name");
if (email == null || email.isBlank() ||
name == null || name.isBlank() ||
pass == null || pass.isBlank() ||
pass_repeat == null || pass_repeat.isBlank()) return loadTemplate(REGISTER,Map.of(ERROR,"Bitte alle Felder ausfüllen!",NAME,name,EMAIL,email),resp);
if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passworte stimmen nicht überein!",NAME,name,EMAIL,email),resp);
if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwort zu kurz oder zu einfach!",NAME,name,EMAIL,email),resp);
var firstUser = false;
try {
firstUser = User.noUsers();
} catch (SQLException e) {
return t("Fehler beim Zugriff auf die Nutzer-Datenbank: {}",e.getMessage());
}
try {
var user = User.create(email, name, pass);
if (firstUser) user.addPermission(PERMISSION_ADMIN|User.PERMISSION_CREATE_LISTS);
req.getSession().setAttribute("user",user);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
LOG.warn("Erzeugen des neuen Nutzers fehlgeschlagen:",e);
return t("Erzeugen des neuen Nutzers fehlgeschlagen: {}",e.getMessage());
}
}
private String subscribe(HttpServletRequest req, HttpServletResponse resp) {
var name = req.getParameter(NAME);
var email = req.getParameter(EMAIL);
var pass = req.getParameter(PASSWORD);
var list = Util.getMailingList(req);
var data = new HashMap<String,Object>();
data.put(NAME,name);
data.put(EMAIL,email);
if (list != null) data.put(LIST,list.email());
var skipConfirmation = false;
if (list == null){
data.put(ERROR,"Formular-Daten enthalten keine Liste!");
return loadTemplate(SUBSCRIBE,data,resp);
}
if (name == null || name.isBlank() || email == null || email.isBlank()){
data.put(ERROR,"Name und E-Mail-Adresse sind für das Abonnieren der Mailingliste erforderlich!");
return loadTemplate(SUBSCRIBE,data,resp);
}
if (pass != null && pass.isBlank()) pass = null;
User user = null;
try {
user = User.create(email,name,pass);
} catch (SQLException sqle) {
var cause = getCausingException(sqle);
int code = cause.getErrorCode();
if (code == PRIMARY_KEY_CONSTRAINT) try {// user already exists
user = User.loadUser(email,pass);
skipConfirmation = pass != null; // subscription with email address already known to database
// success → subscribe
} catch (InvalidKeyException | SQLException e) {
// invalid credentials
data.put(ERROR,t("'{}' gibt es schon in der Datenbank, hat dort aber ein anderes Passwort!",email));
return loadTemplate(SUBSCRIBE,data,resp);
}
}
data.put(USER,user.safeMap());
if (!list.isOpenFor(user)){
data.put(ERROR,t("Ihnen ist es nicht gestattet, '{}' zu abonnieren!",list.email()));
return loadTemplate(SUBSCRIBE,data,resp);
}
try {
list.requestSubscription(user,skipConfirmation,getTemplate("subscribe_mail"));
if (skipConfirmation) {
data.put(NOTES, t("'{}' hat die Mailingliste '{}' erfolgreich abonniert.", user.email(), list.email()));
} else {
data.put(NOTES, t("Bestätigungs-Email wurde an '{} versendet.", user.email()));
}
return loadTemplate(INDEX,data,resp);
} catch (SQLException sqle) {
LOG.debug("Abonnieren der Liste fehlgeschlagen: ",sqle);
var cause = getCausingException(sqle);
int code = cause.getErrorCode();
if (code == PRIMARY_KEY_CONSTRAINT) {// user already exists
data.put(ERROR,t("Sie haben diese Liste bereits abonniert!",sqle.getMessage()));
} else data.put(ERROR,t("Abonnieren der Liste fehlgeschlagen: {}",sqle.getMessage()));
return loadTemplate(SUBSCRIBE,data,resp);
} catch (MessagingException e) {
LOG.warn("Senden der Bestätigungs-Email fehlgeschlagen:",e);
data.put(ERROR,t("Senden der Bestätigungs-Email fehlgeschlagen: {}",e.getMessage()));
return loadTemplate(SUBSCRIBE,data,resp);
}
}
private String unsubscribe(HttpServletRequest req, HttpServletResponse resp) {
var data = new HashMap<String,Object>();
var user = getSessionUser(req);
var email = req.getParameter(EMAIL);
var list = Util.getMailingList(req);
data.put(EMAIL,email);
if (user != null) data.put(USER,user.safeMap());
if (list == null){
data.put(ERROR,"Keine Mailin-Liste in den Formular-Daten übermittelt!!");
return loadTemplate(UNSUBSCRIBE,data,resp);
} else data.put(LIST,list.email());
if (user == null) {
if (email == null || email.isBlank()) {
data.put(ERROR, "Für das Abbestellen ist eine E-Mail-Adresse erforderlich!");
return loadTemplate(UNSUBSCRIBE, data, resp);
}
var pass = req.getParameter(PASSWORD);
if (pass != null && pass.isBlank()) pass = null;
try {
user = User.loadUser(email,pass);
req.getSession().setAttribute(USER,user);
data.put(USER,user.safeMap());
} catch (InvalidKeyException | SQLException e) {
data.put(ERROR,"Ungültige E-Mail-/Passwort-Kombination!");
return loadTemplate(UNSUBSCRIBE,data,resp);
}
}
ListMember member = null;
try {
member = ListMember.load(list,user);
} catch (SQLException e) {
LOG.debug("Laden des Listenmitglieds für {}/{} fehlgeschlagen",user.email(),list.email(),e);
data.put(ERROR, t("Laden des Listenmitglieds für {}/{} fehlgeschlagen",user.email(),list.email()));
return loadTemplate(UNSUBSCRIBE,data,resp);
}
if (member == null){
data.put(ERROR, t("{} ist kein Mitglied von {}",user.email(),list.email()));
return loadTemplate(UNSUBSCRIBE,data,resp);
}
// if we get here, we should have a valid member object
try {
member.unsubscribe();
data.put(NOTES,t("'{}' erfolgreich abbestellt.",list.email()));
return loadTemplate(INDEX,data,resp);
} catch (SQLException e) {
LOG.warn("Es ist ein Problem beim Entfernen von {} aus der Liste {} aufgetreten:",user.email(),list.email(),e);
data.put(ERROR,"Abbestellen der Mailin-Liste fehlgeschlagen!");
return loadTemplate(UNSUBSCRIBE,data,resp);
}
}
}