2019-12-04 01:03:02 +01:00
|
|
|
from flask import g
|
|
|
|
from flask import jsonify, request
|
2020-05-02 16:22:17 +02:00
|
|
|
from itsdangerous import SignatureExpired
|
2019-12-04 01:03:02 +01:00
|
|
|
|
2020-11-03 10:39:08 +01:00
|
|
|
from app.alias_utils import check_alias_prefix
|
2020-04-24 14:08:00 +02:00
|
|
|
from app.api.base import api_bp, require_api_auth
|
2020-05-23 19:18:50 +02:00
|
|
|
from app.api.serializer import (
|
|
|
|
serialize_alias_info,
|
|
|
|
get_alias_info,
|
|
|
|
serialize_alias_info_v2,
|
|
|
|
get_alias_info_v2,
|
|
|
|
)
|
2020-05-09 20:49:38 +02:00
|
|
|
from app.config import MAX_NB_EMAIL_FREE_PLAN
|
2020-05-02 16:22:17 +02:00
|
|
|
from app.dashboard.views.custom_alias import verify_prefix_suffix, signer
|
2020-06-24 10:32:22 +02:00
|
|
|
from app.extensions import db, limiter
|
2019-12-04 01:03:02 +01:00
|
|
|
from app.log import LOG
|
2020-05-23 12:02:01 +02:00
|
|
|
from app.models import (
|
|
|
|
Alias,
|
|
|
|
AliasUsedOn,
|
|
|
|
User,
|
|
|
|
CustomDomain,
|
|
|
|
DeletedAlias,
|
|
|
|
DomainDeletedAlias,
|
2020-06-02 09:33:56 +02:00
|
|
|
Mailbox,
|
|
|
|
AliasMailbox,
|
2020-05-23 12:02:01 +02:00
|
|
|
)
|
2019-12-04 01:03:02 +01:00
|
|
|
from app.utils import convert_to_id
|
|
|
|
|
|
|
|
|
|
|
|
@api_bp.route("/alias/custom/new", methods=["POST"])
|
2020-06-24 10:32:22 +02:00
|
|
|
@limiter.limit("5/minute")
|
2020-04-24 14:08:00 +02:00
|
|
|
@require_api_auth
|
2019-12-04 01:03:02 +01:00
|
|
|
def new_custom_alias():
|
|
|
|
"""
|
|
|
|
Create a new custom alias
|
|
|
|
Input:
|
|
|
|
alias_prefix, for ex "www_groupon_com"
|
|
|
|
alias_suffix, either .random_letters@simplelogin.co or @my-domain.com
|
|
|
|
optional "hostname" in args
|
2020-03-11 12:18:27 +01:00
|
|
|
optional "note"
|
2019-12-04 01:03:02 +01:00
|
|
|
Output:
|
|
|
|
201 if success
|
2019-12-26 14:00:17 +01:00
|
|
|
409 if the alias already exists
|
2019-12-04 01:03:02 +01:00
|
|
|
|
|
|
|
"""
|
2020-05-02 16:23:40 +02:00
|
|
|
LOG.warning("/alias/custom/new is obsolete")
|
2020-03-05 17:03:07 +01:00
|
|
|
user: User = g.user
|
2019-12-22 17:27:55 +01:00
|
|
|
if not user.can_create_new_alias():
|
2019-12-26 14:00:17 +01:00
|
|
|
LOG.d("user %s cannot create any custom alias", user)
|
2019-12-12 21:11:10 +01:00
|
|
|
return (
|
|
|
|
jsonify(
|
2019-12-26 14:00:17 +01:00
|
|
|
error="You have reached the limitation of a free account with the maximum of "
|
2020-01-05 21:14:40 +01:00
|
|
|
f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
|
2019-12-12 21:11:10 +01:00
|
|
|
),
|
|
|
|
400,
|
|
|
|
)
|
2019-12-04 01:03:02 +01:00
|
|
|
|
|
|
|
hostname = request.args.get("hostname")
|
|
|
|
|
|
|
|
data = request.get_json()
|
2020-01-05 20:48:32 +01:00
|
|
|
if not data:
|
|
|
|
return jsonify(error="request body cannot be empty"), 400
|
|
|
|
|
2020-09-02 09:56:16 +02:00
|
|
|
alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
|
|
|
|
alias_suffix = data.get("alias_suffix", "").strip().lower().replace(" ", "")
|
2020-03-11 12:18:27 +01:00
|
|
|
note = data.get("note")
|
2019-12-04 01:03:02 +01:00
|
|
|
alias_prefix = convert_to_id(alias_prefix)
|
|
|
|
|
2020-05-02 12:27:54 +02:00
|
|
|
if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
|
2020-01-22 10:22:59 +01:00
|
|
|
return jsonify(error="wrong alias prefix or suffix"), 400
|
2019-12-04 01:03:02 +01:00
|
|
|
|
|
|
|
full_alias = alias_prefix + alias_suffix
|
2020-05-23 19:49:40 +02:00
|
|
|
if (
|
|
|
|
Alias.get_by(email=full_alias)
|
|
|
|
or DeletedAlias.get_by(email=full_alias)
|
|
|
|
or DomainDeletedAlias.get_by(email=full_alias)
|
|
|
|
):
|
2019-12-04 01:03:02 +01:00
|
|
|
LOG.d("full alias already used %s", full_alias)
|
|
|
|
return jsonify(error=f"alias {full_alias} already exists"), 409
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = Alias.create(
|
2020-03-11 12:18:27 +01:00
|
|
|
user_id=user.id, email=full_alias, mailbox_id=user.default_mailbox_id, note=note
|
2020-03-05 17:03:07 +01:00
|
|
|
)
|
2020-03-15 23:18:43 +01:00
|
|
|
|
|
|
|
if alias_suffix.startswith("@"):
|
|
|
|
alias_domain = alias_suffix[1:]
|
2020-05-07 20:48:11 +02:00
|
|
|
domain = CustomDomain.get_by(domain=alias_domain)
|
2020-05-27 22:13:43 +02:00
|
|
|
if domain:
|
|
|
|
LOG.d("set alias %s to domain %s", full_alias, domain)
|
|
|
|
alias.custom_domain_id = domain.id
|
2020-03-15 23:18:43 +01:00
|
|
|
|
2019-12-04 01:03:02 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
if hostname:
|
2020-03-20 12:29:11 +01:00
|
|
|
AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
|
2019-12-04 01:03:02 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
2020-03-26 19:48:36 +01:00
|
|
|
return jsonify(alias=full_alias, **serialize_alias_info(get_alias_info(alias))), 201
|
2020-05-02 16:22:17 +02:00
|
|
|
|
|
|
|
|
|
|
|
@api_bp.route("/v2/alias/custom/new", methods=["POST"])
|
2020-06-24 10:32:22 +02:00
|
|
|
@limiter.limit("5/minute")
|
2020-05-02 16:22:17 +02:00
|
|
|
@require_api_auth
|
|
|
|
def new_custom_alias_v2():
|
|
|
|
"""
|
|
|
|
Create a new custom alias
|
|
|
|
Same as v1 but signed_suffix is actually the suffix with signature, e.g.
|
|
|
|
.random_word@SL.co.Xq19rQ.s99uWQ7jD1s5JZDZqczYI5TbNNU
|
|
|
|
Input:
|
|
|
|
alias_prefix, for ex "www_groupon_com"
|
|
|
|
signed_suffix, either .random_letters@simplelogin.co or @my-domain.com
|
|
|
|
optional "hostname" in args
|
|
|
|
optional "note"
|
|
|
|
Output:
|
|
|
|
201 if success
|
|
|
|
409 if the alias already exists
|
|
|
|
|
|
|
|
"""
|
|
|
|
user: User = g.user
|
|
|
|
if not user.can_create_new_alias():
|
|
|
|
LOG.d("user %s cannot create any custom alias", user)
|
|
|
|
return (
|
|
|
|
jsonify(
|
|
|
|
error="You have reached the limitation of a free account with the maximum of "
|
|
|
|
f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
|
|
|
|
),
|
|
|
|
400,
|
|
|
|
)
|
|
|
|
|
|
|
|
hostname = request.args.get("hostname")
|
|
|
|
|
|
|
|
data = request.get_json()
|
|
|
|
if not data:
|
|
|
|
return jsonify(error="request body cannot be empty"), 400
|
|
|
|
|
2020-09-02 09:56:16 +02:00
|
|
|
alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
|
2020-05-20 18:23:13 +02:00
|
|
|
signed_suffix = data.get("signed_suffix", "").strip()
|
2020-05-02 16:22:17 +02:00
|
|
|
note = data.get("note")
|
|
|
|
alias_prefix = convert_to_id(alias_prefix)
|
|
|
|
|
2020-05-06 10:10:47 +02:00
|
|
|
# hypothesis: user will click on the button in the 600 secs
|
2020-05-02 16:22:17 +02:00
|
|
|
try:
|
2020-05-06 10:10:47 +02:00
|
|
|
alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
|
2020-05-02 16:22:17 +02:00
|
|
|
except SignatureExpired:
|
2020-07-13 20:40:26 +02:00
|
|
|
LOG.warning("Alias creation time expired for %s", user)
|
2020-07-11 19:23:56 +02:00
|
|
|
return jsonify(error="Alias creation time is expired, please retry"), 412
|
2020-05-02 16:22:17 +02:00
|
|
|
except Exception:
|
2020-08-24 19:58:21 +02:00
|
|
|
LOG.warning("Alias suffix is tampered, user %s", user)
|
2020-05-02 16:22:17 +02:00
|
|
|
return jsonify(error="Tampered suffix"), 400
|
|
|
|
|
|
|
|
if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
|
|
|
|
return jsonify(error="wrong alias prefix or suffix"), 400
|
|
|
|
|
|
|
|
full_alias = alias_prefix + alias_suffix
|
2020-05-23 19:49:40 +02:00
|
|
|
if (
|
|
|
|
Alias.get_by(email=full_alias)
|
|
|
|
or DeletedAlias.get_by(email=full_alias)
|
|
|
|
or DomainDeletedAlias.get_by(email=full_alias)
|
|
|
|
):
|
2020-05-02 16:22:17 +02:00
|
|
|
LOG.d("full alias already used %s", full_alias)
|
|
|
|
return jsonify(error=f"alias {full_alias} already exists"), 409
|
|
|
|
|
2020-05-23 12:02:01 +02:00
|
|
|
custom_domain_id = None
|
2020-05-02 16:22:17 +02:00
|
|
|
if alias_suffix.startswith("@"):
|
|
|
|
alias_domain = alias_suffix[1:]
|
2020-05-07 20:48:11 +02:00
|
|
|
domain = CustomDomain.get_by(domain=alias_domain)
|
2020-05-23 12:02:01 +02:00
|
|
|
|
|
|
|
# check if the alias is currently in the domain trash
|
|
|
|
if domain and DomainDeletedAlias.get_by(domain_id=domain.id, email=full_alias):
|
|
|
|
LOG.d(f"Alias {full_alias} is currently in the {domain.domain} trash. ")
|
|
|
|
return jsonify(error=f"alias {full_alias} in domain trash"), 409
|
|
|
|
|
2020-06-15 23:35:20 +02:00
|
|
|
if domain:
|
|
|
|
custom_domain_id = domain.id
|
2020-05-23 12:02:01 +02:00
|
|
|
|
|
|
|
alias = Alias.create(
|
|
|
|
user_id=user.id,
|
|
|
|
email=full_alias,
|
|
|
|
mailbox_id=user.default_mailbox_id,
|
|
|
|
note=note,
|
|
|
|
custom_domain_id=custom_domain_id,
|
|
|
|
)
|
2020-05-02 16:22:17 +02:00
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
if hostname:
|
|
|
|
AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
|
|
|
|
db.session.commit()
|
|
|
|
|
2020-05-23 19:18:50 +02:00
|
|
|
return (
|
|
|
|
jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))),
|
|
|
|
201,
|
|
|
|
)
|
2020-06-02 09:33:56 +02:00
|
|
|
|
|
|
|
|
|
|
|
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
|
2020-06-24 10:32:22 +02:00
|
|
|
@limiter.limit("5/minute")
|
2020-06-02 09:33:56 +02:00
|
|
|
@require_api_auth
|
|
|
|
def new_custom_alias_v3():
|
|
|
|
"""
|
|
|
|
Create a new custom alias
|
|
|
|
Same as v2 but accept a list of mailboxes as input
|
|
|
|
Input:
|
|
|
|
alias_prefix, for ex "www_groupon_com"
|
|
|
|
signed_suffix, either .random_letters@simplelogin.co or @my-domain.com
|
2020-06-02 20:06:32 +02:00
|
|
|
mailbox_ids: list of int
|
2020-06-02 09:33:56 +02:00
|
|
|
optional "hostname" in args
|
|
|
|
optional "note"
|
2020-06-03 21:22:29 +02:00
|
|
|
optional "name"
|
2020-06-02 09:33:56 +02:00
|
|
|
|
|
|
|
Output:
|
|
|
|
201 if success
|
|
|
|
409 if the alias already exists
|
|
|
|
|
|
|
|
"""
|
|
|
|
user: User = g.user
|
|
|
|
if not user.can_create_new_alias():
|
|
|
|
LOG.d("user %s cannot create any custom alias", user)
|
|
|
|
return (
|
|
|
|
jsonify(
|
|
|
|
error="You have reached the limitation of a free account with the maximum of "
|
|
|
|
f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
|
|
|
|
),
|
|
|
|
400,
|
|
|
|
)
|
|
|
|
|
|
|
|
hostname = request.args.get("hostname")
|
|
|
|
|
|
|
|
data = request.get_json()
|
|
|
|
if not data:
|
|
|
|
return jsonify(error="request body cannot be empty"), 400
|
|
|
|
|
2020-09-02 09:56:16 +02:00
|
|
|
alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
|
2020-06-02 09:33:56 +02:00
|
|
|
signed_suffix = data.get("signed_suffix", "").strip()
|
2020-06-02 20:06:32 +02:00
|
|
|
mailbox_ids = data.get("mailbox_ids")
|
2020-06-02 09:33:56 +02:00
|
|
|
note = data.get("note")
|
2020-06-03 21:22:29 +02:00
|
|
|
name = data.get("name")
|
2020-06-02 09:33:56 +02:00
|
|
|
alias_prefix = convert_to_id(alias_prefix)
|
|
|
|
|
2020-11-03 10:39:08 +01:00
|
|
|
if not check_alias_prefix(alias_prefix):
|
|
|
|
return jsonify(error="alias prefix format problem"), 400
|
|
|
|
|
2020-06-02 09:33:56 +02:00
|
|
|
# check if mailbox is not tempered with
|
|
|
|
mailboxes = []
|
|
|
|
for mailbox_id in mailbox_ids:
|
|
|
|
mailbox = Mailbox.get(mailbox_id)
|
|
|
|
if not mailbox or mailbox.user_id != user.id or not mailbox.verified:
|
|
|
|
return jsonify(error="Errors with Mailbox"), 400
|
|
|
|
mailboxes.append(mailbox)
|
|
|
|
|
|
|
|
if not mailboxes:
|
|
|
|
return jsonify(error="At least one mailbox must be selected"), 400
|
|
|
|
|
|
|
|
# hypothesis: user will click on the button in the 600 secs
|
|
|
|
try:
|
|
|
|
alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
|
|
|
|
except SignatureExpired:
|
2020-07-13 20:40:26 +02:00
|
|
|
LOG.warning("Alias creation time expired for %s", user)
|
2020-07-11 19:23:56 +02:00
|
|
|
return jsonify(error="Alias creation time is expired, please retry"), 412
|
2020-06-02 09:33:56 +02:00
|
|
|
except Exception:
|
2020-08-24 19:58:21 +02:00
|
|
|
LOG.warning("Alias suffix is tampered, user %s", user)
|
2020-06-02 09:33:56 +02:00
|
|
|
return jsonify(error="Tampered suffix"), 400
|
|
|
|
|
|
|
|
if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
|
|
|
|
return jsonify(error="wrong alias prefix or suffix"), 400
|
|
|
|
|
|
|
|
full_alias = alias_prefix + alias_suffix
|
|
|
|
if (
|
|
|
|
Alias.get_by(email=full_alias)
|
|
|
|
or DeletedAlias.get_by(email=full_alias)
|
|
|
|
or DomainDeletedAlias.get_by(email=full_alias)
|
|
|
|
):
|
|
|
|
LOG.d("full alias already used %s", full_alias)
|
|
|
|
return jsonify(error=f"alias {full_alias} already exists"), 409
|
|
|
|
|
|
|
|
custom_domain_id = None
|
|
|
|
if alias_suffix.startswith("@"):
|
|
|
|
alias_domain = alias_suffix[1:]
|
|
|
|
domain = CustomDomain.get_by(domain=alias_domain)
|
|
|
|
if domain:
|
|
|
|
custom_domain_id = domain.id
|
|
|
|
|
|
|
|
alias = Alias.create(
|
|
|
|
user_id=user.id,
|
|
|
|
email=full_alias,
|
|
|
|
note=note,
|
2020-06-03 21:22:29 +02:00
|
|
|
name=name or None,
|
2020-06-02 09:33:56 +02:00
|
|
|
mailbox_id=mailboxes[0].id,
|
|
|
|
custom_domain_id=custom_domain_id,
|
|
|
|
)
|
|
|
|
db.session.flush()
|
|
|
|
|
|
|
|
for i in range(1, len(mailboxes)):
|
|
|
|
AliasMailbox.create(
|
2020-08-27 10:20:48 +02:00
|
|
|
alias_id=alias.id,
|
|
|
|
mailbox_id=mailboxes[i].id,
|
2020-06-02 09:33:56 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
if hostname:
|
|
|
|
AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
return (
|
|
|
|
jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))),
|
|
|
|
201,
|
|
|
|
)
|