StephanRichter
/
Widerhall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Java-basierte Mailinglisten-Anwendung, die auf IMAP+SMTP aufsetzt, und damit (fast) jede Mailbox in eine Mailingliste verwandeln kann.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 Commits
4 Branches
0 Tags
3.0 MiB
 
 
 
 
Tree: d706eac6a7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd706eac6a7'
${ noResults }
Widerhall/src/main/java/de/srsoftware/widerhall/web/Web.java

468 lines
19 KiB
Raw Blame History

package de.srsoftware.widerhall.web;
import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList;
import de.srsoftware.widerhall.data.User;
import org.json.simple.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.mail.MessagingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Map;
import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t;
public class Web extends TemplateServlet {
public static final String WEB_ROOT = "/web";
private static final String ADD_LIST = "add_list";
private static final String CONFIRM = "confirm";
private static final Logger LOG = LoggerFactory.getLogger(Web.class);
private static final String ADMIN = "admin";
private static final String INSPECT = "inspect";
private static final String LOGIN = "login";
private static final String LOGOUT = "logout";
private static final String REGISTER = "register";
private static final String RELOAD = "reload";
private static final String SUBSCRIBE = "subscribe";
private static final String UNSUBSCRIBE = "unsubscribe";
private static final String IMAP_HOST = "imap_host";
private static final String IMAP_PORT = "imap_port";
private static final String IMAP_USER = "imap_user";
private static final String IMAP_PASS = "imap_pass";
private static final String SMTP_HOST = "smtp_host";
private static final String SMTP_PORT = "smtp_port";
private static final String SMTP_USER = "smtp_user";
private static final String SMTP_PASS = "smtp_pass";
private static final int PRIMARY_KEY_CONSTRAINT = 19;
private String addList(HttpServletRequest req, HttpServletResponse resp) {
var o = req.getSession().getAttribute(USER);
if (!(o instanceof User user)) {
return redirectTo(LOGIN,resp);
}
var data = new HashMap<String, Object>();
data.put(USER, user);
if (!user.hashPermission(User.PERMISSION_CREATE_LISTS)){
data.put(ERROR,t("Ihnen ist es nicht gestattet, neue Mailinglisten anzulegen!"));
return loadTemplate(ADMIN,data,resp);
}
var name = req.getParameter(NAME);
data.put(NAME, name);
var email = req.getParameter(EMAIL);
data.put(EMAIL, email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST, imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER, imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var inbox = req.getParameter(INBOX);
if (inbox == null || inbox.isBlank()) inbox = DEFAULT_INBOX;
data.put(INBOX, inbox);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST, smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER, smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT, imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT, smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR, "Name und Adresse der Liste sind notwendige Felder!");
return loadTemplate(ADD_LIST, data, resp);
}
if (!Util.isEmail(email)) {
data.put(ERROR, t("Listen-E-Mail-Adresse ({}) ist keine gültige E-Mail-Adresse!", email));
return loadTemplate(ADD_LIST, data, resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR, "IMAP-Zugangsdaten sind erforderlich!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT, imapPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR, "SMTP-Zugangsdaten sind erforderlich!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT, smtpPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' ist keine gültige Port-Nummer!", req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
try {
var list = MailingList.create(email, name, imapHost, imapPort, imapUser, imapPass, inbox, smtpHost, smtpPort, smtpUser, smtpPass);
ListMember.create(list, user, ListMember.STATE_OWNER);
return redirectTo(INDEX, resp);
} catch (SQLException e) {
return t("Erzeugen der Liste '{}' fehlgeschlagen: {}", name, e.getMessage());
}
}
private String confirm(HttpServletRequest req, HttpServletResponse resp) {
try {
var token = req.getParameter(TOKEN);
if (token== null || token.isBlank()) return t("Ungültiger oder fehlender Token!");
var user = ListMember.confirm(token);
if (user != null) return loadTemplate(INDEX,Map.of(USER,user.safeMap(),NOTES,"Listen-Mitgliedschaft bestätigt!"),resp);
return t("Nutzer oder Token unbekannt");
} catch (Exception e) {
LOG.debug("Bestätigung des Listen-Abonnements fehlgeschlagen:",e);
return t("Bestätigung des Listen-Abonnements fehlgeschlagen!");
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String error = handleGet(req, resp);
if (error != null) resp.sendError(400,error);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String error = handlePost(req, resp);
if (error != null) resp.sendError(400,error);
}
private SQLException getCausingException(SQLException sqle) {
Throwable cause = sqle.getCause();
while (cause instanceof SQLException){
sqle = (SQLException) cause;
cause = sqle.getCause();
}
return sqle;
}
private User getSessionUser(HttpServletRequest req) {
return req.getSession().getAttribute(USER) instanceof User user ? user : null;
}
private String handleGet(HttpServletRequest req, HttpServletResponse resp) {
var path = req.getPathInfo();
if (path == null) return redirectTo(INDEX,resp);
var o = req.getSession().getAttribute("user");
User user = o instanceof User ? (User) o : null;
var data = new HashMap<String,Object>();
if (user != null) data.put(USER,user.safeMap());
path = path.equals("/") ? INDEX : path.substring(1);
String notes = null;
var listEmail = req.getParameter(LIST);
var list = MailingList.load(listEmail);
if (list != null) data.put(LIST,list.minimalMap());
switch (path){
case CONFIRM:
return confirm(req,resp);
case RELOAD:
loadTemplates();
data.put(NOTES,t("Vorlagen wurden neu geladen"));
path = INDEX;
case "css":
case INDEX:
case UNSUBSCRIBE:
return loadTemplate(path,data,resp);
case SUBSCRIBE:
if (list.isOpenFor(user)) {
data.put(LIST,listEmail);
return loadTemplate(path, data, resp);
}
return t("Es ist ihnen nicht gestattet, '{}' zu abonnieren!",list.email());
case "js":
resp.setContentType("text/javascript");
return loadTemplate(path,data,resp);
case LOGIN:
try {
if (User.noUsers()) return loadTemplate(REGISTER, Map.of(NOTES,t("Nutzer-Datenbank ist leer. Admin-Nutzer wird hiermit angelegt:")), resp);
return loadTemplate(path,null,resp);
} catch (SQLException e) {
return "Fehler beim Lesen der Datenbank!";
}
case LOGOUT:
req.getSession().invalidate();
return redirectTo(INDEX,resp);
case "jquery":
resp.setContentType("text/javascript");
return loadFile("jquery-3.6.0.min.js",resp);
}
if (user != null){
if (list != null) data.put(LIST,req.getParameter(LIST));
//data.put(NOTES,notes);
return loadTemplate(path,data,resp);
}
return redirectTo(LOGIN,resp);
}
private String handleLogin(HttpServletRequest req, HttpServletResponse resp) {
var email = req.getParameter("email");
var pass = req.getParameter("pass");
if (email == null || pass == null) return loadTemplate("login", Map.of("error",t("Nutzername oder Passwort fehlen!")), resp);
if (!Util.isEmail(email)) return loadTemplate("login", Map.of("error",t("'{}' ist keine gültige Mailadresse!",email)), resp);
try {
var user = User.loadUser(email,pass);
req.getSession().setAttribute("user",user);
// loading user successfull: goto index
resp.sendRedirect(String.join("/",WEB_ROOT,"admin"));
} catch (Exception e) {
try {
LOG.warn("Static.handleLogin fehlgeschlagen:",e);
Thread.sleep(10000);
} finally {
return loadTemplate("login", Map.of(ERROR,t("Ungültiger Nutzername oder ungültiges Passwort!"),EMAIL,email), resp);
}
}
return null;
}
private String handlePost(HttpServletRequest req, HttpServletResponse resp) {
final var user = Util.getUser(req);
final var path = Util.getPath(req);
final var list = Util.getMailingList(req);
switch (path){
case ADD_LIST:
return addList(req,resp);
case INSPECT:
return inspect(req,resp);
case LOGIN:
return handleLogin(req,resp);
case REGISTER:
return registerUser(req,resp);
case SUBSCRIBE:
return subscribe(req,resp);
case UNSUBSCRIBE:
return unsubscribe(req,resp);
}
return t("Kein Handler für den Pfad '{}'!",path);
}
private String inspect(HttpServletRequest req, HttpServletResponse resp) {
var user = Util.getUser(req);
if (user == null) return redirectTo(LOGIN,resp);
var data = new HashMap<String,Object>();
var error = false;
var list = Util.getMailingList(req);
if (list == null) {
error = true;
data.put(ERROR, t("Keine gültige MailingListe übermittelt!"));
} else data.put(LIST, list.email());
if (!error && !list.mayBeAlteredBy(user)) {
error = true;
data.put(ERROR,t("Es ist Ihnen nicht gestattet, diese Mailinglist zu verändern!"));
}
if (!error){
var dummy = req.getParameterMap();
try {
list.forwardFrom(Util.getCheckbox(req, "forward_from"));
list.forwardAttached(Util.getCheckbox(req, "forward_attached"));
data.put(NOTES,t("Mailing-Liste aktualisiert!"));
} catch (SQLException e){
LOG.warn("Aktualisierung der Mailing-Liste fehlgeschlagen:",e);
data.put(ERROR,t("Aktualisierung der Mailing-Liste fehlgeschlagen!"));
}
LOG.debug("params: {}",dummy);
}
return loadTemplate(INSPECT,data,resp);
}
private String redirectTo(String page, HttpServletResponse resp) {
try {
resp.sendRedirect(String.join("/",WEB_ROOT,page));
return null;
} catch (IOException e) {
return t("Weiterleitung nach {} fehlgeschlagen: {}", page, e.getMessage());
}
}
private String registerUser(HttpServletRequest req, HttpServletResponse resp) {
var email = req.getParameter("email");
var pass = req.getParameter("pass");
var pass_repeat = req.getParameter("pass_repeat");
var name = req.getParameter("name");
if (email == null || email.isBlank() ||
name == null || name.isBlank() ||
pass == null || pass.isBlank() ||
pass_repeat == null || pass_repeat.isBlank()) return loadTemplate(REGISTER,Map.of(ERROR,"Bitte alle Felder ausfüllen!",NAME,name,EMAIL,email),resp);
if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passworte stimmen nicht überein!",NAME,name,EMAIL,email),resp);
if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwort zu kurz oder zu einfach!",NAME,name,EMAIL,email),resp);
var firstUser = false;
try {
firstUser = User.noUsers();
} catch (SQLException e) {
return t("Fehler beim Zugriff auf die Nutzer-Datenbank: {}",e.getMessage());
}
try {
var user = User.create(email, name, pass);
if (firstUser) user.addPermission(User.PERMISSION_ADMIN|User.PERMISSION_CREATE_LISTS);
req.getSession().setAttribute("user",user);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
LOG.warn("Erzeugen des neuen Nutzers fehlgeschlagen:",e);
return t("Erzeugen des neuen Nutzers fehlgeschlagen: {}",e.getMessage());
}
}
private String subscribe(HttpServletRequest req, HttpServletResponse resp) {
var name = req.getParameter(NAME);
var email = req.getParameter(EMAIL);
var pass = req.getParameter(PASSWORD);
var listEmail = req.getParameter(LIST);
var data = new HashMap<String,Object>();
data.put(NAME,name);
data.put(EMAIL,email);
data.put(LIST,listEmail);
var skipConfirmation = false;
var list = MailingList.load(listEmail);
if (list == null){
data.put(ERROR,"Formular-Daten enthalten keine Liste!");
return loadTemplate(SUBSCRIBE,data,resp);
}
if (name == null || name.isBlank() || email == null || email.isBlank()){
data.put(ERROR,"Name und E-Mail-Adresse sind für das Abonnieren der Mailingliste erforderlich!");
return loadTemplate(SUBSCRIBE,data,resp);
}
if (pass != null && pass.isBlank()) pass = null;
User user = null;
try {
user = User.create(email,name,pass);
} catch (SQLException sqle) {
var cause = getCausingException(sqle);
int code = cause.getErrorCode();
if (code == PRIMARY_KEY_CONSTRAINT) try {// user already exists
user = User.loadUser(email,pass);
skipConfirmation = pass != null; // subscription with email address already known to database
// success → subscribe
} catch (InvalidKeyException | SQLException e) {
// invalid credentials
data.put(ERROR,t("'{}' gibt es schon in der Datenbank, hat dort aber ein anderes Passwort!",email));
return loadTemplate(SUBSCRIBE,data,resp);
}
}
data.put(USER,user.safeMap());
if (!list.isOpenFor(user)){
data.put(ERROR,t("Ihnen ist es nicht gestattet, '{}' zu abonnieren!",list.email()));
return loadTemplate(SUBSCRIBE,data,resp);
}
try {
list.requestSubscription(user,skipConfirmation);
if (skipConfirmation) {
data.put(NOTES, t("'{}' hat die Mailingliste '{}' erfolgreich abonniert.", user.email(), list.email()));
} else {
data.put(NOTES, t("Bestätigungs-Email wurde an '{} versendet.", user.email()));
}
return loadTemplate(INDEX,data,resp);
} catch (SQLException sqle) {
LOG.debug("Abonnieren der Liste fehlgeschlagen: ",sqle);
var cause = getCausingException(sqle);
int code = cause.getErrorCode();
if (code == PRIMARY_KEY_CONSTRAINT) {// user already exists
data.put(ERROR,t("Sie haben diese Liste bereits abonniert!",sqle.getMessage()));
} else data.put(ERROR,t("Abonnieren der Liste fehlgeschlagen: {}",sqle.getMessage()));
return loadTemplate(SUBSCRIBE,data,resp);
} catch (MessagingException e) {
LOG.warn("Senden der Bestätigungs-Email fehlgeschlagen:",e);
data.put(ERROR,t("Senden der Bestätigungs-Email fehlgeschlagen: {}",e.getMessage()));
return loadTemplate(SUBSCRIBE,data,resp);
}
}
private String unsubscribe(HttpServletRequest req, HttpServletResponse resp) {
var data = new HashMap<String,Object>();
var user = getSessionUser(req);
var email = req.getParameter(EMAIL);
var pass = req.getParameter(PASSWORD);
var listEmail = req.getParameter(LIST);
data.put(EMAIL,email);
data.put(LIST,listEmail);
var list = MailingList.load(listEmail);
if (user != null) data.put(USER,user.safeMap());
if (list == null){
data.put(ERROR,"Keine Mailin-Liste in den Formular-Daten übermittelt!!");
return loadTemplate(UNSUBSCRIBE,data,resp);
}
if (user == null) {
if (email == null || email.isBlank()) {
data.put(ERROR, "Für das Abbestellen ist eine E-Mail-Adresse erforderlich!");
return loadTemplate(UNSUBSCRIBE, data, resp);
}
if (pass != null && pass.isBlank()) pass = null;
try {
user = User.loadUser(email,pass);
req.getSession().setAttribute(USER,user);
data.put(USER,user.safeMap());
} catch (InvalidKeyException | SQLException e) {
data.put(ERROR,"Ungültige E-Mail-/Passwort-Kombination!");
return loadTemplate(UNSUBSCRIBE,data,resp);
}
}
// if we get here, we should have a valid user
try {
ListMember.unsubscribe(list,user);
data.put(NOTES,t("'{}' erfolgreich abbestellt.",list.email()));
return loadTemplate(INDEX,data,resp);
} catch (SQLException e) {
LOG.warn("Es ist ein Problem beim Entfernen von {} aus der Liste {} aufgetreten:",user.email(),list.email(),e);
data.put(ERROR,"Abbestellen der Mailin-Liste fehlgeschlagen!");
return loadTemplate(UNSUBSCRIBE,data,resp);
}
}
}