Move most code from the repo root into subdirectories

The intention is to keep to repo root clean while the list of packages is slowly growing. Additionally, a bunch of small (~30 LoC) files in the repo root is merged into a single maddy.go file, for the same reason. Most of the internal code is moved into the internal/ directory. Go toolchain will make it impossible to import these packages from external applications. Some packages are renamed and moved into the pkg/ directory in the root. According to https://github.com/golang-standards/project-layout this is the de-facto standard to place "library code that's ok to use by external applications" in. To clearly define the purpose of top-level directories, README.md files are added to each.
2025-04-06 14:37:37 +03:00 · 2019-12-06 01:25:29 +03:00 · 2019-12-06 01:25:29 +03:00 · bf188e454f
commit bf188e454f
parent c4df3af4af
180 changed files with 722 additions and 684 deletions
--- a/internal/msgpipeline/check_runner.go
+++ b/internal/msgpipeline/check_runner.go
@ -0,0 +1,313 @@
+package msgpipeline
+
+import (
+	"sync"
+
+	"github.com/emersion/go-message/textproto"
+	"github.com/emersion/go-msgauth/authres"
+	"github.com/foxcpp/maddy/internal/buffer"
+	"github.com/foxcpp/maddy/internal/dmarc"
+	"github.com/foxcpp/maddy/internal/dns"
+	"github.com/foxcpp/maddy/internal/exterrors"
+	"github.com/foxcpp/maddy/internal/log"
+	"github.com/foxcpp/maddy/internal/module"
+)
+
+// checkRunner runs groups of checks, collects and merges results.
+// It also makes sure that each check gets only one state object created.
+type checkRunner struct {
+	msgMeta  *module.MsgMetadata
+	mailFrom string
+
+	checkedRcpts         []string
+	checkedRcptsPerCheck map[module.CheckState]map[string]struct{}
+	checkedRcptsLock     sync.Mutex
+
+	resolver    dns.Resolver
+	doDMARC     bool
+	dmarcVerify *dmarc.Verifier
+
+	log log.Logger
+
+	states map[module.Check]module.CheckState
+
+	mergedRes module.CheckResult
+}
+
+func newCheckRunner(msgMeta *module.MsgMetadata, log log.Logger, r dns.Resolver) *checkRunner {
+	return &checkRunner{
+		msgMeta:              msgMeta,
+		checkedRcptsPerCheck: map[module.CheckState]map[string]struct{}{},
+		log:                  log,
+		resolver:             r,
+		dmarcVerify:          dmarc.NewVerifier(r),
+		states:               make(map[module.Check]module.CheckState),
+	}
+}
+
+func (cr *checkRunner) checkStates(checks []module.Check) ([]module.CheckState, error) {
+	states := make([]module.CheckState, 0, len(checks))
+	newStates := make([]module.CheckState, 0, len(checks))
+	newStatesMap := make(map[module.Check]module.CheckState, len(checks))
+	closeStates := func() {
+		for _, state := range states {
+			state.Close()
+		}
+	}
+
+	for _, check := range checks {
+		state, ok := cr.states[check]
+		if ok {
+			states = append(states, state)
+			continue
+		}
+
+		cr.log.Debugf("initializing state for %v (%p)", objectName(check), check)
+		state, err := check.CheckStateForMsg(cr.msgMeta)
+		if err != nil {
+			closeStates()
+			return nil, err
+		}
+		states = append(states, state)
+		newStates = append(newStates, state)
+		newStatesMap[check] = state
+	}
+
+	if len(newStates) == 0 {
+		return states, nil
+	}
+
+	// Here we replay previous CheckConnection/CheckSender/CheckRcpt calls
+	// for any newly initialized checks so they all get change to see all these things.
+	//
+	// Done outside of check loop above to make sure we can run these for multiple
+	// checks in parallel.
+	if cr.mailFrom != "" {
+		err := cr.runAndMergeResults(newStates, func(s module.CheckState) module.CheckResult {
+			res := s.CheckConnection()
+			return res
+		})
+		if err != nil {
+			closeStates()
+			return nil, err
+		}
+		err = cr.runAndMergeResults(newStates, func(s module.CheckState) module.CheckResult {
+			res := s.CheckSender(cr.mailFrom)
+			return res
+		})
+		if err != nil {
+			closeStates()
+			return nil, err
+		}
+	}
+
+	if len(cr.checkedRcpts) != 0 {
+		for _, rcpt := range cr.checkedRcpts {
+			rcpt := rcpt
+			err := cr.runAndMergeResults(states, func(s module.CheckState) module.CheckResult {
+				// Avoid calling CheckRcpt for the same recipient for the same check
+				// multiple times, even if requested.
+				cr.checkedRcptsLock.Lock()
+				if _, ok := cr.checkedRcptsPerCheck[s][rcpt]; ok {
+					cr.checkedRcptsLock.Unlock()
+					return module.CheckResult{}
+				}
+				if cr.checkedRcptsPerCheck[s] == nil {
+					cr.checkedRcptsPerCheck[s] = make(map[string]struct{})
+				}
+				cr.checkedRcptsPerCheck[s][rcpt] = struct{}{}
+				cr.checkedRcptsLock.Unlock()
+
+				res := s.CheckRcpt(rcpt)
+				return res
+			})
+			if err != nil {
+				closeStates()
+				return nil, err
+			}
+		}
+	}
+
+	// This is done after all actions that can fail so we will not have to remove
+	// state objects from main map.
+	for check, state := range newStatesMap {
+		cr.states[check] = state
+	}
+
+	return states, nil
+}
+
+func (cr *checkRunner) runAndMergeResults(states []module.CheckState, runner func(module.CheckState) module.CheckResult) error {
+	data := struct {
+		authResLock sync.Mutex
+		headerLock  sync.Mutex
+
+		quarantineErr    error
+		quarantineCheck  string
+		setQuarantineErr sync.Once
+
+		rejectErr    error
+		rejectCheck  string
+		setRejectErr sync.Once
+
+		wg sync.WaitGroup
+	}{}
+
+	for _, state := range states {
+		state := state
+		data.wg.Add(1)
+		go func() {
+			subCheckRes := runner(state)
+
+			// We check the length because we don't want to take locks
+			// when it is not necessary.
+			if len(subCheckRes.AuthResult) != 0 {
+				data.authResLock.Lock()
+				cr.mergedRes.AuthResult = append(cr.mergedRes.AuthResult, subCheckRes.AuthResult...)
+				data.authResLock.Unlock()
+			}
+			if subCheckRes.Header.Len() != 0 {
+				data.headerLock.Lock()
+				for field := subCheckRes.Header.Fields(); field.Next(); {
+					cr.mergedRes.Header.Add(field.Key(), field.Value())
+				}
+				data.headerLock.Unlock()
+			}
+
+			if subCheckRes.Quarantine {
+				data.setQuarantineErr.Do(func() {
+					data.quarantineErr = subCheckRes.Reason
+				})
+			} else if subCheckRes.Reject {
+				data.setRejectErr.Do(func() {
+					data.rejectErr = subCheckRes.Reason
+				})
+			} else if subCheckRes.Reason != nil {
+				// 'action ignore' case. There is Reason, but action.Apply set
+				// both Reject and Quarantine to false. Log the reason for
+				// purposes of deployment testing.
+				cr.log.Error("no check action", subCheckRes.Reason)
+			}
+
+			data.wg.Done()
+		}()
+	}
+
+	data.wg.Wait()
+	if data.rejectErr != nil {
+		return data.rejectErr
+	}
+
+	if data.quarantineErr != nil {
+		cr.log.Error("quarantined", data.quarantineErr)
+		cr.mergedRes.Quarantine = true
+	}
+
+	return nil
+}
+
+func (cr *checkRunner) checkConnSender(checks []module.Check, mailFrom string) error {
+	cr.mailFrom = mailFrom
+
+	// checkStates will run CheckConnection and CheckSender.
+	_, err := cr.checkStates(checks)
+	return err
+}
+
+func (cr *checkRunner) checkRcpt(checks []module.Check, rcptTo string) error {
+	states, err := cr.checkStates(checks)
+	if err != nil {
+		return err
+	}
+
+	err = cr.runAndMergeResults(states, func(s module.CheckState) module.CheckResult {
+		cr.checkedRcptsLock.Lock()
+		if _, ok := cr.checkedRcptsPerCheck[s][rcptTo]; ok {
+			cr.checkedRcptsLock.Unlock()
+			return module.CheckResult{}
+		}
+		if cr.checkedRcptsPerCheck[s] == nil {
+			cr.checkedRcptsPerCheck[s] = make(map[string]struct{})
+		}
+		cr.checkedRcptsPerCheck[s][rcptTo] = struct{}{}
+		cr.checkedRcptsLock.Unlock()
+
+		res := s.CheckRcpt(rcptTo)
+		return res
+	})
+
+	cr.checkedRcpts = append(cr.checkedRcpts, rcptTo)
+	return err
+}
+
+func (cr *checkRunner) checkBody(checks []module.Check, header textproto.Header, body buffer.Buffer) error {
+	states, err := cr.checkStates(checks)
+	if err != nil {
+		return err
+	}
+
+	if cr.doDMARC {
+		cr.dmarcVerify.FetchRecord(header)
+	}
+
+	return cr.runAndMergeResults(states, func(s module.CheckState) module.CheckResult {
+		res := s.CheckBody(header, body)
+		return res
+	})
+}
+
+func (cr *checkRunner) applyResults(hostname string, header *textproto.Header) error {
+	if cr.mergedRes.Quarantine {
+		cr.msgMeta.Quarantine = true
+	}
+
+	if cr.doDMARC {
+		dmarcRes, policy := cr.dmarcVerify.Apply(cr.mergedRes.AuthResult)
+		cr.mergedRes.AuthResult = append(cr.mergedRes.AuthResult, &dmarcRes.Authres)
+		switch policy {
+		case dmarc.PolicyReject:
+			code := 550
+			enchCode := exterrors.EnhancedCode{5, 7, 1}
+			if dmarcRes.Authres.Value == authres.ResultTempError {
+				code = 450
+				enchCode[0] = 4
+			}
+			return &exterrors.SMTPError{
+				Code:         code,
+				EnhancedCode: enchCode,
+				Message:      "DMARC check failed",
+				CheckName:    "dmarc",
+				Misc: map[string]interface{}{
+					"reason":      dmarcRes.Authres.Reason,
+					"dkim_res":    dmarcRes.DKIMResult.Value,
+					"dkim_domain": dmarcRes.DKIMResult.Domain,
+					"spf_res":     dmarcRes.SPFResult.Value,
+					"spf_from":    dmarcRes.SPFResult.From,
+				},
+			}
+		case dmarc.PolicyQuarantine:
+			cr.msgMeta.Quarantine = true
+
+			// Mimick the message structure for regular checks.
+			cr.log.Msg("quarantined", "reason", dmarcRes.Authres.Reason, "check", "dmarc")
+		}
+	}
+
+	// After results for all checks are checked, authRes will be populated with values
+	// we should put into Authentication-Results header.
+	if len(cr.mergedRes.AuthResult) != 0 {
+		header.Add("Authentication-Results", authres.Format(hostname, cr.mergedRes.AuthResult))
+	}
+
+	for field := cr.mergedRes.Header.Fields(); field.Next(); {
+		header.Add(field.Key(), field.Value())
+	}
+	return nil
+}
+
+func (cr *checkRunner) close() {
+	cr.dmarcVerify.Close()
+	for _, state := range cr.states {
+		state.Close()
+	}
+}