diff options
-rw-r--r-- | CHANGES.md | 86 | ||||
-rwxr-xr-x | b/extract.pl | 43 | ||||
-rwxr-xr-x | configure | 4 | ||||
-rw-r--r-- | lib/JWebmail/Plugin/I18N2.pm | 4 | ||||
-rwxr-xr-x | script/mojocookiecheck.pl | 85 |
5 files changed, 180 insertions, 42 deletions
@@ -89,14 +89,8 @@ v1.0.0 release plan - [x] rewrite about - [x] search in subject -Current v1.1.0 +Version 1.1.0 -------------- -- [ ] From v1.0.0 - - [ ] Maybe the translation/documentation can be made available under a - different license - - [ ] may relicense this under the AGPL. - - [ ] research content-transfer encoding for sending (currently 8bit) - - [ ] check legal requirements (cookies and DSGVO) - [x] separate development and production configuration - [x] better back buttons - [x] writemail @@ -121,56 +115,82 @@ Current v1.1.0 - [x] merge read and raw (with content type) - how does one extract the body functionality? (One does not.) - [x] refactor templates to make use of link_to -- [ ] improve html styling (especially for mobile) +- [x] improve html styling (especially for mobile) - [x] about - [x] displayheaders - [x] nocation - [x] readmail - [x] writemail - [x] mobile optimize - - [ ] cleanup css - - [ ] improve styling of read- and writemail -- [ ] fix tests -- [ ] moving mails to other folders - - [ ] creating new folders - - [ ] backend + - [x] cleanup css + - [x] improve styling of read- and writemail +- [x] fix tests - [x] specify protocol for backend interaction (RPC IDL) - [ ] choose tool for validation -- [ ] cleanup README -- [ ] improve about page -- [ ] improve performance of backend, consider alternatives to Mail::Box::Manager +- [x] improve performance of backend, consider alternatives to Mail::Box::Manager - [ ] based on Maildir::Light - - [x] reimplementation in Rust - - [x] reimplementation in Python + - [x] reimplementation in Rust (maildir/mailparse) + - [x] reimplementation in Python (mailbox/email) - [ ] cache mail reads - is unlikely to work as mails can be moved freely - [ ] add exception types - [x] added exception for QMailAuthuser -- [ ] extract version for Makefile.PL from Application -- [ ] add basic telemetry (goatcounter?) -- [ ] make mime_render return a mojo bytes object +- [x] extract version for Makefile.PL from Application +- [x] make mime_render return a mojo bytes object - [ ] advance toml config plugin - [ ] add template support, maybe - [ ] add config validation -- [ ] improve i18n - - [ ] add localization of dates and time - - [ ] plural handling +- [x] improve i18n - [x] refactor I18N plugin to allow independent translate provider - [x] extend matcher dynamic with a role - [x] compute hmac on the client side - [x] better handling on form - [ ] better random numbers -- [x] separate namespace for pagination in the stash -- [ ] Rust IO error ?? +Version 1.2.0 +-------------- +- [ ] From v1.0.0 + - [ ] Maybe the translation/documentation can be made available under a + different license + - [ ] may relicense this under the AGPL. + - [ ] research content-transfer encoding for sending (currently 8bit) + - [ ] check legal requirements (cookies and DSGVO) +- [x] separate namespace for pagination in the stash - [x] Read attachments - [x] display recursive multipart +- [x] add more mime types to read + - [x] jpeg + - [x] png + - [x] gif +- [x] download mail and attachments +- [x] better pagination + - [ ] merge with partial templates, maybe +- [x] bundle css and js dependencies instead of CDN +- [ ] finish: moving mails to other folders + - [ ] creating new folders + - [ ] backend +- [ ] improve about page +- [ ] add basic telemetry (goatcounter?) +- [ ] improve i18n + - [ ] add localization of dates and time + - [ ] plural handling +- [x] Rust IO error: (rename (+S)) and try to open old file +- [x] random name for tmp directories in s3d +- [x] INV: new mails are not highlighted +- [x] handle killed by signal in QMailAuthuser.pm + +- [ ] add delete mail +- [ ] qmauth.py mark as read + accept new +- [ ] brute force password mitigation - [ ] iframe load confirmation +- [ ] better support for multipart/related +- [ ] chunked send of attachments +- [ ] avoid double compression +- [ ] Bulma CSS framework (dark and light mode) Future ------ - [ ] INV: wrong subject being shown -- [ ] INV: new mails are not highlighted - [ ] INV: displayheaders table does not fill outer container - [ ] consider using more mojo functions - [ ] base64 @@ -187,23 +207,13 @@ Future - [ ] async version of controller - [ ] async wait for send - [ ] add wait_for_child to event loop -- [ ] add more mime types to read - - [ ] jpeg - - [ ] png - - [ ] gif -- [ ] better pagination - - [ ] merge with partial templates, maybe - [ ] click on sender to answer -- [ ] download mail and attachments - [ ] allow multiple attachments - [ ] add mails to Sent folder - [ ] smtp send model, maybe - [ ] pop read model, maybe -- [ ] add icons for navigation - [ ] allow changing password - [ ] think about forgot password feature - [ ] address book support - [ ] add links on email addresses in header : click = add into address book - [ ] read and write s3d only once per request ($c->on('finish')) -- [ ] classless CSS framework -- [ ] dark and light mode diff --git a/b/extract.pl b/b/extract.pl new file mode 100755 index 0000000..f610b39 --- /dev/null +++ b/b/extract.pl @@ -0,0 +1,43 @@ +#!/usr/bin/env perl + +use v5.30; +use warnings; +use utf8; + +use JSON::PP 'decode_json'; +use Benchmark 'cmpthese'; + + +my $perl_mail_box = 'script/qmauth.pl '; +my $rust_maildir = 'extract/target/debug/jwebmail-extract'; +my $python_maildir = 'script/qmauth.py'; + +my $MAILDIR = 't/'; +my $SYS_USER = $ENV{USER}; +my $MAIL_USER = 'maildir'; + +my $ARGS = "$MAILDIR $SYS_USER $MAIL_USER"; + + +my $res = `$perl_mail_box $ARGS invalid`; +die "perl version error" unless decode_json($res)->{error}; +$res = `$rust_maildir $ARGS invalid 2>/dev/null`; +#die "rust version error" unless decode_json($res)->{error}; + +cmpthese(100, { + perl => sub { `$perl_mail_box $ARGS invalid 2>/dev/null` }, + rust => sub { `$rust_maildir $ARGS invalid 2>/dev/null` }, + python => sub { `$python_maildir $ARGS invalid 2>/dev/null` }, +}); + +cmpthese(100, { + perl => sub { `$perl_mail_box $ARGS folders` }, + rust => sub { `$rust_maildir $ARGS folders` }, + python => sub { `$python_maildir $ARGS folders` }, +}); + +cmpthese(100, { + perl => sub { `$perl_mail_box $ARGS list '' 0 10 ''` }, + rust => sub { `$rust_maildir $ARGS list '' 0 10 ''` }, + python => sub { `$python_maildir $ARGS list '' 0 10 ''` }, +}); @@ -13,7 +13,7 @@ check_command () { check_perl_deps () { for d in "$@" do - echo "Checking for perl module $d ... " + echo -n "Checking for perl module $d ... " if perl -Ilib -e "use $d;" then echo 'found!' else echo 'not available!'; exit 1 @@ -120,7 +120,7 @@ case "$JWM_MAILDIR_EXTRACTOR" in MAILDIR_EXTRACTOR_BIN=script/extract.py ;; (extractrs) - [ -f "$(pwd)/extract/Cargo.toml" ] + [ -f "$(pwd)/extract/Cargo.toml" ] || { echo 'extractrs not available' >&2; exit; } JWM_EXTRACTRS_DIR=extract check_command cargo MAILDIR_EXTRACTOR_BIN=bin/jwebmail-extract diff --git a/lib/JWebmail/Plugin/I18N2.pm b/lib/JWebmail/Plugin/I18N2.pm index fa80282..e9e485f 100644 --- a/lib/JWebmail/Plugin/I18N2.pm +++ b/lib/JWebmail/Plugin/I18N2.pm @@ -70,7 +70,7 @@ sub register { { local $" = ','; - $i18n_log->info("loaded languages (@{[$t->languages]})"); + $i18n_log->debug("loaded languages (@{[$t->languages]})"); unless (any { $defaultLang eq $_ } $t->languages) { die "default language '$defaultLang' not loaded"; @@ -114,7 +114,7 @@ sub register { __END__ -=encoding utf8 +=encoding utf8 =head1 NAME diff --git a/script/mojocookiecheck.pl b/script/mojocookiecheck.pl new file mode 100755 index 0000000..a078b8c --- /dev/null +++ b/script/mojocookiecheck.pl @@ -0,0 +1,85 @@ +#!/usr/bin/env perl + +use v5.34; +use warnings; +use utf8; +use autodie; + +use Digest::SHA 'hmac_sha256_hex'; +use JSON::PP 'decode_json'; +use MIME::Base64 'decode_base64'; +use Pod::Usage 'pod2usage'; + + +sub main { + pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help'; + + die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3; + my @check_args = $ARGV[0]; + if (@ARGV == 3) { + push @check_args, $ARGV[1], $ARGV[2]; + } + + my ($match, $res) = check_cookie(@check_args); + + if (defined $match && !$match) { + say STDERR 'mismatched mac'; + exit 1; + } + + my $json = decode_json $res; + print JSON::PP->new()->pretty(1)->canonical(1)->encode($json); +} + +sub check_cookie { + my $cookie = shift; + + # split + my $splitAt = rindex $cookie, '--'; + die 'invalid format' if $splitAt == -1; + my $val = substr $cookie, 0, $splitAt; + my $sig = substr $cookie, $splitAt+2; + + my $match; + if (@_) { + my ($cookie_name, $secret) = @_; + # hmac + my $check = hmac_sha256_hex "$cookie_name=$val", $secret; + $match = $sig eq $check; + } + + # change base64 padding + $val =~ s/-*$/'=' x length $&/e; + + # base64 + my $res = decode_base64 $val; + + # cookie content padding + $res =~ s/Z*$//; + + return $match, $res; +} + +main unless caller; + +1 + +__END__ + +=encoding utf-8 + +=head1 NAME + +mojocookiecheck - Prints out a Signed Cookie of Mojolicious + +=head1 SYNOPSIS + +mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET] + + Options: + -h --help print this help + +=head1 DESCRIPTION + +This is a cookie checker for Mojolicious that converts them from an opaque +character string to something nicely readable. It also can check the HMAC. |