proton-bridge/internal/bridge/bridge.go

// Package bridge implements the Bridge, which acts as the backend to the UI.
package bridge

import (
	"context"
	"crypto/tls"
	"fmt"
	"net"
	"net/http"
	"sync"
	"time"

	"github.com/Masterminds/semver/v3"
	"github.com/ProtonMail/gluon"
	"github.com/ProtonMail/gluon/watcher"
	"github.com/ProtonMail/proton-bridge/v2/internal/constants"
	"github.com/ProtonMail/proton-bridge/v2/internal/events"
	"github.com/ProtonMail/proton-bridge/v2/internal/focus"
	"github.com/ProtonMail/proton-bridge/v2/internal/user"
	"github.com/ProtonMail/proton-bridge/v2/internal/vault"
	"github.com/bradenaw/juniper/xslices"
	"github.com/emersion/go-smtp"
	"github.com/go-resty/resty/v2"
	"github.com/sirupsen/logrus"
	"gitlab.protontech.ch/go/liteapi"
)

type Bridge struct {
	// vault holds bridge-specific data, such as preferences and known users (authorized or not).
	vault *vault.Vault

	// users holds authorized users.
	users map[string]*user.User

	// api manages user API clients.
	api        *liteapi.Manager
	proxyCtl   ProxyController
	identifier Identifier

	// watchers holds all registered event watchers.
	watchers     []*watcher.Watcher[events.Event]
	watchersLock sync.RWMutex

	// tlsConfig holds the bridge TLS config used by the IMAP and SMTP servers.
	tlsConfig *tls.Config

	// imapServer is the bridge's IMAP server.
	imapServer   *gluon.Server
	imapListener net.Listener

	// smtpServer is the bridge's SMTP server.
	smtpServer  *smtp.Server
	smtpBackend *smtpBackend

	// updater is the bridge's updater.
	updater       Updater
	curVersion    *semver.Version
	updateCheckCh chan struct{}

	// focusService is used to raise the bridge window when needed.
	focusService *focus.Service

	// autostarter is the bridge's autostarter.
	autostarter Autostarter

	// locator is the bridge's locator.
	locator Locator

	// errors contains errors encountered during startup.
	errors []error

	// These control the bridge's IMAP and SMTP logging behaviour.
	logIMAPClient bool
	logIMAPServer bool
	logSMTP       bool

	// stopCh is used to stop ongoing goroutines when the bridge is closed.
	stopCh chan struct{}
}

// New creates a new bridge.
func New(
	locator Locator, // the locator to provide paths to store data
	vault *vault.Vault, // the bridge's encrypted data store
	autostarter Autostarter, // the autostarter to manage autostart settings
	updater Updater, // the updater to fetch and install updates
	curVersion *semver.Version, // the current version of the bridge

	apiURL string, // the URL of the API to use
	cookieJar http.CookieJar, // the cookie jar to use
	identifier Identifier, // the identifier to keep track of the user agent
	tlsReporter TLSReporter, // the TLS reporter to report TLS errors
	roundTripper http.RoundTripper, // the round tripper to use for API requests
	proxyCtl ProxyController, // the DoH controller

	logIMAPClient, logIMAPServer bool, // whether to log IMAP client/server activity
	logSMTP bool, // whether to log SMTP activity
) (*Bridge, error) {
	api := liteapi.New(
		liteapi.WithHostURL(apiURL),
		liteapi.WithAppVersion(constants.AppVersion(curVersion.Original())),
		liteapi.WithCookieJar(cookieJar),
		liteapi.WithTransport(roundTripper),
	)

	tlsConfig, err := loadTLSConfig(vault)
	if err != nil {
		return nil, fmt.Errorf("failed to load TLS config: %w", err)
	}

	gluonDir, err := getGluonDir(vault)
	if err != nil {
		return nil, fmt.Errorf("failed to get Gluon directory: %w", err)
	}

	smtpBackend, err := newSMTPBackend()
	if err != nil {
		return nil, fmt.Errorf("failed to create SMTP backend: %w", err)
	}

	imapServer, err := newIMAPServer(gluonDir, curVersion, tlsConfig, logIMAPClient, logIMAPServer)
	if err != nil {
		return nil, fmt.Errorf("failed to create IMAP server: %w", err)
	}

	focusService, err := focus.NewService()
	if err != nil {
		return nil, fmt.Errorf("failed to create focus service: %w", err)
	}

	bridge := newBridge(
		locator,
		vault,
		autostarter,
		updater,
		curVersion,

		api,
		identifier,
		proxyCtl,

		tlsConfig,
		imapServer,
		smtpBackend,
		focusService,
		logIMAPClient,
		logIMAPServer,
		logSMTP,
	)

	if err := bridge.init(tlsReporter); err != nil {
		return nil, fmt.Errorf("failed to initialize bridge: %w", err)
	}

	return bridge, nil
}

func newBridge(
	locator Locator,
	vault *vault.Vault,
	autostarter Autostarter,
	updater Updater,
	curVersion *semver.Version,

	api *liteapi.Manager,
	identifier Identifier,
	proxyCtl ProxyController,

	tlsConfig *tls.Config,
	imapServer *gluon.Server,
	smtpBackend *smtpBackend,
	focusService *focus.Service,
	logIMAPClient, logIMAPServer, logSMTP bool,
) *Bridge {
	return &Bridge{
		vault: vault,
		users: make(map[string]*user.User),

		api:        api,
		proxyCtl:   proxyCtl,
		identifier: identifier,

		tlsConfig:   tlsConfig,
		imapServer:  imapServer,
		smtpServer:  newSMTPServer(smtpBackend, tlsConfig, logSMTP),
		smtpBackend: smtpBackend,

		updater:       updater,
		curVersion:    curVersion,
		updateCheckCh: make(chan struct{}, 1),

		focusService: focusService,
		autostarter:  autostarter,
		locator:      locator,

		logIMAPClient: logIMAPClient,
		logIMAPServer: logIMAPServer,
		logSMTP:       logSMTP,

		stopCh: make(chan struct{}),
	}
}

func (bridge *Bridge) init(tlsReporter TLSReporter) error {
	if bridge.vault.GetProxyAllowed() {
		bridge.proxyCtl.AllowProxy()
	} else {
		bridge.proxyCtl.DisallowProxy()
	}

	bridge.api.AddStatusObserver(func(status liteapi.Status) {
		switch {
		case status == liteapi.StatusUp:
			go bridge.onStatusUp()

		case status == liteapi.StatusDown:
			go bridge.onStatusDown()
		}
	})

	bridge.api.AddErrorHandler(liteapi.AppVersionBadCode, func() {
		bridge.publish(events.UpdateForced{})
	})

	bridge.api.AddPreRequestHook(func(_ *resty.Client, req *resty.Request) error {
		req.SetHeader("User-Agent", bridge.identifier.GetUserAgent())
		return nil
	})

	if err := bridge.loadUsers(); err != nil {
		return fmt.Errorf("failed to load users: %w", err)
	}

	go func() {
		for range tlsReporter.GetTLSIssueCh() {
			bridge.publish(events.TLSIssue{})
		}
	}()

	go func() {
		for range bridge.focusService.GetRaiseCh() {
			bridge.publish(events.Raise{})
		}
	}()

	go func() {
		for event := range bridge.imapServer.AddWatcher() {
			bridge.handleIMAPEvent(event)
		}
	}()

	if err := bridge.serveIMAP(); err != nil {
		bridge.PushError(ErrServeIMAP)
	}

	if err := bridge.serveSMTP(); err != nil {
		bridge.PushError(ErrServeSMTP)
	}

	if err := bridge.watchForUpdates(); err != nil {
		bridge.PushError(ErrWatchUpdates)
	}

	return nil
}

// GetEvents returns a channel of events of the given type.
// If no types are supplied, all events are returned.
func (bridge *Bridge) GetEvents(ofType ...events.Event) (<-chan events.Event, func()) {
	newWatcher := bridge.addWatcher(ofType...)

	return newWatcher.GetChannel(), func() { bridge.remWatcher(newWatcher) }
}

func (bridge *Bridge) FactoryReset(ctx context.Context) error {
	panic("TODO")
}

func (bridge *Bridge) PushError(err error) {
	bridge.errors = append(bridge.errors, err)
}

func (bridge *Bridge) GetErrors() []error {
	return bridge.errors
}

func (bridge *Bridge) Close(ctx context.Context) error {
	// Stop ongoing operations such as connectivity checks.
	close(bridge.stopCh)

	// Close the IMAP server.
	if err := bridge.closeIMAP(ctx); err != nil {
		logrus.WithError(err).Error("Failed to close IMAP server")
	}

	// Close the SMTP server.
	if err := bridge.closeSMTP(); err != nil {
		logrus.WithError(err).Error("Failed to close SMTP server")
	}

	// Close all users.
	for _, user := range bridge.users {
		if err := user.Close(); err != nil {
			logrus.WithError(err).Error("Failed to close user")
		}
	}

	// Close the focus service.
	bridge.focusService.Close()

	// Save the last version of bridge that was run.
	if err := bridge.vault.SetLastVersion(bridge.curVersion); err != nil {
		logrus.WithError(err).Error("Failed to save last version")
	}

	return nil
}

func (bridge *Bridge) publish(event events.Event) {
	bridge.watchersLock.RLock()
	defer bridge.watchersLock.RUnlock()

	for _, watcher := range bridge.watchers {
		if watcher.IsWatching(event) {
			if ok := watcher.Send(event); !ok {
				logrus.WithField("event", event).Warn("Failed to send event to watcher")
			}
		}
	}
}

func (bridge *Bridge) addWatcher(ofType ...events.Event) *watcher.Watcher[events.Event] {
	bridge.watchersLock.Lock()
	defer bridge.watchersLock.Unlock()

	newWatcher := watcher.New(ofType...)

	bridge.watchers = append(bridge.watchers, newWatcher)

	return newWatcher
}

func (bridge *Bridge) remWatcher(oldWatcher *watcher.Watcher[events.Event]) {
	bridge.watchersLock.Lock()
	defer bridge.watchersLock.Unlock()

	bridge.watchers = xslices.Filter(bridge.watchers, func(other *watcher.Watcher[events.Event]) bool {
		return other != oldWatcher
	})
}

func (bridge *Bridge) onStatusUp() {
	bridge.publish(events.ConnStatusUp{})

	if err := bridge.loadUsers(); err != nil {
		logrus.WithError(err).Error("Failed to load users")
	}
}

func (bridge *Bridge) onStatusDown() {
	bridge.publish(events.ConnStatusDown{})

	upCh, done := bridge.GetEvents(events.ConnStatusUp{})
	defer done()

	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	backoff := time.Second

	for {
		select {
		case <-upCh:
			return

		case <-bridge.stopCh:
			return

		case <-time.After(backoff):
			if err := bridge.api.Ping(ctx); err != nil {
				logrus.WithError(err).Debug("Failed to ping API")
			}
		}

		if backoff < 30*time.Second {
			backoff *= 2
		}
	}
}

func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert(), vault.GetBridgeTLSKey())
	if err != nil {
		return nil, err
	}

	// TODO: Do we have to set MinVersion to tls.VersionTLS12?
	return &tls.Config{
		Certificates: []tls.Certificate{cert},
	}, nil
}

func newListener(port int, useTLS bool, tlsConfig *tls.Config) (net.Listener, error) {
	if useTLS {
		tlsListener, err := tls.Listen("tcp", fmt.Sprintf(":%v", port), tlsConfig)
		if err != nil {
			return nil, err
		}

		return tlsListener, nil
	}

	netListener, err := net.Listen("tcp", fmt.Sprintf(":%v", port))
	if err != nil {
		return nil, err
	}

	return netListener, nil
}