1
0
mirror of https://github.com/hrfee/jfa-go.git synced 2025-01-08 17:30:11 +00:00

add option to trust specific cert for SMTP

This commit is contained in:
Harvey Tindall 2021-03-15 21:57:42 +00:00
parent 5892899114
commit 43e5bbbe21
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
2 changed files with 40 additions and 12 deletions

View File

@ -673,6 +673,14 @@
"requires_restart": false, "requires_restart": false,
"type": "password", "type": "password",
"value": "smtp password" "value": "smtp password"
},
"ssl_cert": {
"name": "Path to custom SSL certificate",
"required": false,
"requires_restart": false,
"type": "text",
"value": "",
"description": "Use if your SMTP server's SSL Certificate is not trusted by the system."
} }
} }
}, },

View File

@ -4,10 +4,13 @@ import (
"bytes" "bytes"
"context" "context"
"crypto/tls" "crypto/tls"
"crypto/x509"
"errors"
"fmt" "fmt"
"html/template" "html/template"
"io" "io"
"net/smtp" "net/smtp"
"os"
"strings" "strings"
"sync" "sync"
textTemplate "text/template" textTemplate "text/template"
@ -53,14 +56,11 @@ type SMTP struct {
server string server string
port int port int
auth smtp.Auth auth smtp.Auth
tlsConfig *tls.Config
} }
func (sm *SMTP) send(fromName, fromAddr string, email *Email, address ...string) error { func (sm *SMTP) send(fromName, fromAddr string, email *Email, address ...string) error {
server := fmt.Sprintf("%s:%d", sm.server, sm.port) server := fmt.Sprintf("%s:%d", sm.server, sm.port)
tlsConfig := &tls.Config{
InsecureSkipVerify: false,
ServerName: sm.server,
}
from := fmt.Sprintf("%s <%s>", fromName, fromAddr) from := fmt.Sprintf("%s <%s>", fromName, fromAddr)
var wg sync.WaitGroup var wg sync.WaitGroup
var err error var err error
@ -75,9 +75,9 @@ func (sm *SMTP) send(fromName, fromAddr string, email *Email, address ...string)
e.HTML = []byte(email.HTML) e.HTML = []byte(email.HTML)
e.To = []string{addr} e.To = []string{addr}
if sm.sslTLS { if sm.sslTLS {
err = e.SendWithTLS(server, sm.auth, tlsConfig) err = e.SendWithTLS(server, sm.auth, sm.tlsConfig)
} else { } else {
err = e.SendWithStartTLS(server, sm.auth, tlsConfig) err = e.SendWithStartTLS(server, sm.auth, sm.tlsConfig)
} }
}(addr) }(addr)
} }
@ -139,7 +139,10 @@ func NewEmailer(app *appContext) *Emailer {
} else { } else {
username = emailer.fromAddr username = emailer.fromAddr
} }
emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, app.config.Section("smtp").Key("password").String(), sslTls) err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, app.config.Section("smtp").Key("password").String(), sslTls, app.config.Section("smtp").Key("ssl_cert").MustString(""))
if err != nil {
app.err.Printf("Error while initiating SMTP mailer: %v", err)
}
} else if method == "mailgun" { } else if method == "mailgun" {
emailer.NewMailgun(app.config.Section("mailgun").Key("api_url").String(), app.config.Section("mailgun").Key("api_key").String()) emailer.NewMailgun(app.config.Section("mailgun").Key("api_url").String(), app.config.Section("mailgun").Key("api_key").String())
} }
@ -161,13 +164,30 @@ func (emailer *Emailer) NewMailgun(url, key string) {
} }
// NewSMTP returns an SMTP emailClient. // NewSMTP returns an SMTP emailClient.
func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool) { func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string) (err error) {
rootCAs, err := x509.SystemCertPool()
if rootCAs == nil || err != nil {
rootCAs = x509.NewCertPool()
}
if certPath != "" {
var cert []byte
cert, err = os.ReadFile(certPath)
if rootCAs.AppendCertsFromPEM(cert) == false {
err = errors.New("Failed to append cert to pool")
}
}
emailer.sender = &SMTP{ emailer.sender = &SMTP{
auth: smtp.PlainAuth("", username, password, server), auth: smtp.PlainAuth("", username, password, server),
server: server, server: server,
port: port, port: port,
sslTLS: sslTLS, sslTLS: sslTLS,
tlsConfig: &tls.Config{
InsecureSkipVerify: false,
ServerName: server,
RootCAs: rootCAs,
},
} }
return
} }
type templ interface { type templ interface {