112 lines
2.3 KiB
Go
Raw Normal View History

- Inter-node Protocol: Implemented a custom communication protocol based on Protobuf structures. - Bridge Node Support: Added functionality to manage mail (send/receive) on remote nodes via a bridge node. Full transparent management requires a private key on the bridge, while the remote node can operate with only a public key. - End-to-End Encryption (E2EE): Integrated E2EE using age. Encryption and decryption occur strictly at the bridge level; node administrators cannot access message content. - New Addressing Schema: Transitioned from nodepub@yggmail to userpub@nodepub. - Key Adaptation: Implemented ed25519 to x25519 coordinate adaptation, allowing signing keys to be used for encryption. Changed - Address Encoding: Switched from hex16 to base32 for the address space. - Memory Optimization: Replaced direct memory allocations with streaming for mail processing to reduce RAM overhead. - Code Refactoring: Performed decomposition of the original inherited codebase to improve maintainability. Fixed - Mail Updates: Fixed the mail retrieval mechanism to ensure near-instant updates for incoming messages. Changes to be committed: modified: .gitignore modified: README.md modified: cmd/yggmail/main.go modified: go.mod modified: go.sum new file: internal/account/manager.go new file: internal/account/session.go modified: internal/imapserver/backend.go modified: internal/imapserver/imap.go modified: internal/imapserver/mailbox.go modified: internal/imapserver/notify.go modified: internal/imapserver/user.go new file: internal/notify/notify.go new file: internal/notify/remote/remote.go new file: internal/remote/client.go new file: internal/remote/handlers.go new file: internal/remote/io.go new file: internal/remote/server.go new file: internal/remote/sign.go new file: internal/remote/types/request.pb.go new file: internal/remote/types/request.proto new file: internal/remote/types/response.pb.go new file: internal/remote/types/response.proto new file: internal/shell/shell.go modified: internal/smtpsender/sender.go modified: internal/smtpserver/backend.go modified: internal/smtpserver/session_local.go modified: internal/smtpserver/session_remote.go modified: internal/smtpserver/smtp.go new file: internal/storage/filestore/filestore.go new file: internal/storage/local/storage.go new file: internal/storage/remote/mail.go new file: internal/storage/remote/mailbox.go new file: internal/storage/remote/queue.go new file: internal/storage/remote/storage.go new file: internal/storage/remote/watch.go modified: internal/storage/sqlite3/sqlite3.go new file: internal/storage/sqlite3/table_accounts.go modified: internal/storage/sqlite3/table_mailboxes.go modified: internal/storage/sqlite3/table_mails.go modified: internal/storage/sqlite3/table_queue.go modified: internal/storage/storage.go modified: internal/storage/types/types.go modified: internal/utils/address.go new file: internal/utils/age/age.go new file: internal/utils/age/bech32/bech32.go new file: internal/utils/crypt.go new file: internal/utils/e2ee/crypt.go new file: internal/utils/e2ee/e2ee_test.go new file: internal/utils/e2ee/msg.go new file: internal/utils/x25519.go modified: internal/welcome/welcome.go
2026-02-14 02:34:09 +05:00
/*
* Copyright (c) 2026 Kaiy Ragur
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package remote
import (
"crypto/ed25519"
"fmt"
"sync"
"time"
pb "github.com/neilalexander/yggmail/internal/remote/types"
"github.com/neilalexander/yggmail/internal/utils"
"google.golang.org/protobuf/proto"
)
type ReqValidator struct {
r map[string]time.Time
m sync.RWMutex
window time.Duration
}
func NewValidator(window time.Duration) *ReqValidator {
r := &ReqValidator{
window: window,
r: map[string]time.Time{},
}
go r.Cleaner()
return r
}
func (rv *ReqValidator) Validate(req *pb.Request, pub ed25519.PublicKey) (bool, error) {
diff := time.Since(time.Unix(0, req.Timestamp))
if diff < 0 {
diff = -diff
}
if diff > rv.window {
return false, fmt.Errorf("request timestamp is too old or too far in future")
}
ok, err := VerifyRequest(req, pub)
if err != nil || !ok {
return false, err
}
rv.m.Lock()
defer rv.m.Unlock()
if _, exist := rv.r[utils.EncodeString(req.Signature)]; exist {
return false, nil
}
rv.r[utils.EncodeString(req.Signature)] = time.Now()
return true, nil
}
func (rv *ReqValidator) Cleaner() {
for tn := range time.NewTicker(time.Minute).C {
rv.clean(tn)
}
}
func (rv *ReqValidator) clean(tn time.Time) {
rv.m.Lock()
defer rv.m.Unlock()
for s, tr := range rv.r {
if tr.Add(rv.window).Before(tn) {
delete(rv.r, s)
}
}
}
type Signer func([]byte) ([]byte, error)
func PrepareToSign(req *pb.Request) ([]byte, error) {
clone := proto.Clone(req).(*pb.Request)
clone.Signature = nil
opts := proto.MarshalOptions{Deterministic: true}
return opts.Marshal(clone)
}
func SignRequest(req *pb.Request, signer Signer) error {
data, err := PrepareToSign(req)
if err != nil {
return err
}
req.Signature, err = signer(data)
if err != nil {
return err
}
return nil
}
func VerifyRequest(req *pb.Request, pubKey ed25519.PublicKey) (bool, error) {
if len(req.Signature) == 0 {
return false, fmt.Errorf("missing signature")
}
data, err := PrepareToSign(req)
if err != nil {
return false, err
}
if !ed25519.Verify(pubKey, data, req.Signature) {
return false, fmt.Errorf("cryptographic signature mismatch")
}
return true, nil
}