From 86af0179c50cc73d210e78faa47eec667986efcb Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Thu, 12 Feb 2026 15:07:08 +0100 Subject: [PATCH 01/10] Change pkg_url in dev.toml --- conf/config.dev.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.dev.toml b/conf/config.dev.toml index c2a0e3f..8a6f0e3 100644 --- a/conf/config.dev.toml +++ b/conf/config.dev.toml @@ -9,5 +9,5 @@ smtp_port = 1025 # smtp_credentials = ["user", "pw"] allowed_origins = "^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$" pkg_url = "https://postguard-main.cs.ru.nl/pkg" -# pkg_url = "https://postguard.staging.yivi.app" +# pkg_url = "https://pkg.staging.yivi.app" # pkg_url = "https://localhost:8087" From 35ce38c701acd450f1d4760c747abfb869d632e9 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Mon, 23 Feb 2026 10:18:30 +0100 Subject: [PATCH 02/10] Add dockerignore to cut build context --- .dockerignore | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..8e58c46 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +**/target +.git +.github +.gitignore +*.md +.vscode +.idea From 8853d91b5957774678ead298ae0e6537b3c9ef42 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Mon, 23 Feb 2026 10:19:15 +0100 Subject: [PATCH 03/10] Rename cryptify-backend to cryptify --- backend.Dockerfile => Dockerfile | 14 +++++++------- conf/config.dev.toml | 7 ++++--- {cryptify-back-end => cryptify}/.gitignore | 0 {cryptify-back-end => cryptify}/Cargo.lock | 2 +- {cryptify-back-end => cryptify}/Cargo.toml | 2 +- {cryptify-back-end => cryptify}/src/config.rs | 7 +++++++ {cryptify-back-end => cryptify}/src/email.rs | 6 +++--- {cryptify-back-end => cryptify}/src/error.rs | 0 {cryptify-back-end => cryptify}/src/main.rs | 0 {cryptify-back-end => cryptify}/src/store.rs | 0 .../templates/email/email.html | 0 .../templates/email/subject.txt | 0 backend.dev.Dockerfile => dev.Dockerfile | 10 +++++----- docker-compose.dev.yml | 4 ++-- docker-compose.yml | 2 +- 15 files changed, 31 insertions(+), 23 deletions(-) rename backend.Dockerfile => Dockerfile (62%) rename {cryptify-back-end => cryptify}/.gitignore (100%) rename {cryptify-back-end => cryptify}/Cargo.lock (99%) rename {cryptify-back-end => cryptify}/Cargo.toml (97%) rename {cryptify-back-end => cryptify}/src/config.rs (92%) rename {cryptify-back-end => cryptify}/src/email.rs (99%) rename {cryptify-back-end => cryptify}/src/error.rs (100%) rename {cryptify-back-end => cryptify}/src/main.rs (100%) rename {cryptify-back-end => cryptify}/src/store.rs (100%) rename {cryptify-back-end => cryptify}/templates/email/email.html (100%) rename {cryptify-back-end => cryptify}/templates/email/subject.txt (100%) rename backend.dev.Dockerfile => dev.Dockerfile (82%) diff --git a/backend.Dockerfile b/Dockerfile similarity index 62% rename from backend.Dockerfile rename to Dockerfile index 57c6ae0..99822a3 100644 --- a/backend.Dockerfile +++ b/Dockerfile @@ -4,16 +4,16 @@ ENV ROCKET_PROFILE=release WORKDIR /app -COPY cryptify-back-end/src ./src -COPY cryptify-back-end/templates ./templates -COPY cryptify-back-end/Cargo.toml . -COPY cryptify-back-end/Cargo.lock . +COPY cryptify/src ./src +COPY cryptify/templates ./templates +COPY cryptify/Cargo.toml . +COPY cryptify/Cargo.lock . RUN apt-get update \ && apt-get --no-install-recommends install -y libssl-dev pkg-config \ && rm -rf /var/lib/apt/lists/* \ && cargo build --release \ - && cp ./target/release/cryptify-backend /usr/local/bin/cryptify-backend + && cp ./target/release/cryptify /usr/local/bin/cryptify FROM debian:trixie-slim @@ -25,7 +25,7 @@ RUN groupadd -r nonroot \ && apt-get --no-install-recommends install -y ca-certificates libssl3 \ && rm -rf /var/lib/apt/lists/* -COPY --from=builder /usr/local/bin/cryptify-backend /usr/local/bin/cryptify-backend +COPY --from=builder /usr/local/bin/cryptify /usr/local/bin/cryptify RUN mkdir -p /app && chown nonroot:nonroot /app WORKDIR /app @@ -35,4 +35,4 @@ RUN mkdir -p /tmp/data EXPOSE 8000 -CMD ["/bin/sh", "-c", "/usr/local/bin/cryptify-backend"] +CMD ["/bin/sh", "-c", "/usr/local/bin/cryptify"] diff --git a/conf/config.dev.toml b/conf/config.dev.toml index 8a6f0e3..de4346d 100644 --- a/conf/config.dev.toml +++ b/conf/config.dev.toml @@ -1,13 +1,14 @@ [default] address = "0.0.0.0" port = 8000 -server_url = "http://localhost:8080/" +server_url = "http://localhost:8080/" # Postguard frontend (via nginx) data_dir = "/tmp/data" email_from = "noreply@postguard.local" smtp_url = "mailcrab" smtp_port = 1025 +smtp_tls = false # smtp_credentials = ["user", "pw"] allowed_origins = "^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$" -pkg_url = "https://postguard-main.cs.ru.nl/pkg" +# pkg_url = "https://postguard-main.cs.ru.nl/pkg" # pkg_url = "https://pkg.staging.yivi.app" -# pkg_url = "https://localhost:8087" +pkg_url = "http://postguard-pkg:8087" diff --git a/cryptify-back-end/.gitignore b/cryptify/.gitignore similarity index 100% rename from cryptify-back-end/.gitignore rename to cryptify/.gitignore diff --git a/cryptify-back-end/Cargo.lock b/cryptify/Cargo.lock similarity index 99% rename from cryptify-back-end/Cargo.lock rename to cryptify/Cargo.lock index 0eac186..ba34e29 100644 --- a/cryptify-back-end/Cargo.lock +++ b/cryptify/Cargo.lock @@ -382,7 +382,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" [[package]] -name = "cryptify-backend" +name = "cryptify" version = "0.1.0" dependencies = [ "askama", diff --git a/cryptify-back-end/Cargo.toml b/cryptify/Cargo.toml similarity index 97% rename from cryptify-back-end/Cargo.toml rename to cryptify/Cargo.toml index d27b127..75bbd02 100644 --- a/cryptify-back-end/Cargo.toml +++ b/cryptify/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "cryptify-backend" +name = "cryptify" version = "0.1.0" authors = ["David Venhoek "] edition = "2018" diff --git a/cryptify-back-end/src/config.rs b/cryptify/src/config.rs similarity index 92% rename from cryptify-back-end/src/config.rs rename to cryptify/src/config.rs index 9b0d1e3..3a7846c 100644 --- a/cryptify-back-end/src/config.rs +++ b/cryptify/src/config.rs @@ -8,6 +8,7 @@ pub struct RawCryptifyConfig { smtp_url: String, smtp_port: u16, smtp_credentials: Option<(String, String)>, + smtp_tls: Option, allowed_origins: String, pkg_url: String, } @@ -21,6 +22,7 @@ pub struct CryptifyConfig { smtp_url: String, smtp_port: u16, smtp_credentials: Option<(String, String)>, + smtp_tls: bool, allowed_origins: String, pkg_url: String, } @@ -37,6 +39,7 @@ impl From for CryptifyConfig { smtp_url: config.smtp_url, smtp_port: config.smtp_port, smtp_credentials: config.smtp_credentials, + smtp_tls: config.smtp_tls.unwrap_or(true), allowed_origins: config.allowed_origins, pkg_url: config.pkg_url, } @@ -68,6 +71,10 @@ impl CryptifyConfig { self.smtp_credentials.as_ref() } + pub fn smtp_tls(&self) -> bool { + self.smtp_tls + } + pub fn allowed_origins(&self) -> &str { &self.allowed_origins } diff --git a/cryptify-back-end/src/email.rs b/cryptify/src/email.rs similarity index 99% rename from cryptify-back-end/src/email.rs rename to cryptify/src/email.rs index b0d501b..aff5589 100644 --- a/cryptify-back-end/src/email.rs +++ b/cryptify/src/email.rs @@ -154,10 +154,10 @@ pub async fn send_email( uuid: &str, ) -> Result> { // setup SMTP connection - let mut mailer_builder = if cfg!(debug_assertions) { - SmtpTransport::builder_dangerous(config.smtp_url()).port(config.smtp_port()) - } else { + let mut mailer_builder = if config.smtp_tls() { SmtpTransport::starttls_relay(config.smtp_url())?.port(config.smtp_port()) + } else { + SmtpTransport::builder_dangerous(config.smtp_url()).port(config.smtp_port()) }; // add credentials, if present diff --git a/cryptify-back-end/src/error.rs b/cryptify/src/error.rs similarity index 100% rename from cryptify-back-end/src/error.rs rename to cryptify/src/error.rs diff --git a/cryptify-back-end/src/main.rs b/cryptify/src/main.rs similarity index 100% rename from cryptify-back-end/src/main.rs rename to cryptify/src/main.rs diff --git a/cryptify-back-end/src/store.rs b/cryptify/src/store.rs similarity index 100% rename from cryptify-back-end/src/store.rs rename to cryptify/src/store.rs diff --git a/cryptify-back-end/templates/email/email.html b/cryptify/templates/email/email.html similarity index 100% rename from cryptify-back-end/templates/email/email.html rename to cryptify/templates/email/email.html diff --git a/cryptify-back-end/templates/email/subject.txt b/cryptify/templates/email/subject.txt similarity index 100% rename from cryptify-back-end/templates/email/subject.txt rename to cryptify/templates/email/subject.txt diff --git a/backend.dev.Dockerfile b/dev.Dockerfile similarity index 82% rename from backend.dev.Dockerfile rename to dev.Dockerfile index acd2a8d..ba565ea 100644 --- a/backend.dev.Dockerfile +++ b/dev.Dockerfile @@ -7,9 +7,9 @@ WORKDIR /app FROM chef AS planner # Copy source to create recipe -COPY cryptify-back-end/Cargo.toml . -COPY cryptify-back-end/Cargo.lock . -COPY cryptify-back-end/src ./src +COPY cryptify/Cargo.toml . +COPY cryptify/Cargo.lock . +COPY cryptify/src ./src RUN cargo chef prepare --recipe-path recipe.json FROM chef AS builder @@ -26,8 +26,8 @@ COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --recipe-path recipe.json # Copy lockfile and manifest -COPY cryptify-back-end/Cargo.toml . -COPY cryptify-back-end/Cargo.lock . +COPY cryptify/Cargo.toml . +COPY cryptify/Cargo.lock . # Create data directory RUN mkdir -p /tmp/data diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 5c72c0b..90cd321 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -7,8 +7,8 @@ services: depends_on: - mailcrab volumes: - - "./cryptify-back-end/src:/app/src" - - "./cryptify-back-end/templates:/app/templates" + - "./cryptify/src:/app/src" + - "./cryptify/templates:/app/templates" - "./conf/config.dev.toml:/app/config.toml:ro" ports: - "8000:8000" diff --git a/docker-compose.yml b/docker-compose.yml index 5604f08..1b9d847 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: depends_on: - mailcrab volumes: - - "./cryptify-back-end/:/app" + - "./cryptify/:/app" - "./conf/config.toml/:/app/config.toml:ro" ports: - "8000:8000" From 62a9c751ef4e5bcaf6873937b317198828a085f3 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Mon, 23 Feb 2026 11:45:43 +0100 Subject: [PATCH 04/10] Change email url --- cryptify/src/email.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cryptify/src/email.rs b/cryptify/src/email.rs index aff5589..1c328aa 100644 --- a/cryptify/src/email.rs +++ b/cryptify/src/email.rs @@ -168,11 +168,11 @@ pub async fn send_email( for recipient in state.recipients.iter() { // combine URL with mail variables into template - let mut url = Url::parse(config.server_url())?; + let base = Url::parse(config.server_url())?; + let mut url = base.join("/download")?; url.query_pairs_mut() - .append_pair("download", uuid) + .append_pair("uuid", uuid) .append_pair("recipient", &format!("{}", recipient.email)); - url.set_fragment(Some("filesharing")); let (email, subject) = email_templates(state, url.as_str()); let email = Message::builder() From 1e6df0b39beec21e7133ac1c7f8640849d97d2a1 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 16:22:12 +0100 Subject: [PATCH 05/10] Fix CI deployment --- .github/workflows/delivery.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml index c1835a9..28d05dc 100644 --- a/.github/workflows/delivery.yml +++ b/.github/workflows/delivery.yml @@ -32,7 +32,7 @@ jobs: component: [backend] include: - component: backend - dockerfile: backend.Dockerfile + dockerfile: Dockerfile image_suffix: "-backend" local_tag: local/postguard-backend:scan sarif_category: backend From 81b2ff6c6b71416b74df0dbbee62e42a46a72b8e Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 16:22:36 +0100 Subject: [PATCH 06/10] Add better error msg for pkg fetch --- cryptify/src/main.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/cryptify/src/main.rs b/cryptify/src/main.rs index c9ae4cf..d038378 100644 --- a/cryptify/src/main.rs +++ b/cryptify/src/main.rs @@ -413,12 +413,14 @@ async fn rocket() -> _ { .extract::() .expect("Missing configuration"); - let response = minreq::get(format!("{}/v2/sign/parameters", config.pkg_url())).send(); + let pkg_params_url = format!("{}/v2/sign/parameters", config.pkg_url()); + let response = minreq::get(&pkg_params_url) + .send() + .unwrap_or_else(|e| panic!("Failed to reach PKG at {pkg_params_url}: {e}")); let vk = response - .expect("could not get global verification key") .json::>() - .expect("no verification key"); + .unwrap_or_else(|e| panic!("Failed to parse verification key from {pkg_params_url}: {e}")); let cors = CorsOptions::default() .allowed_origins(AllowedOrigins::some_regex(&[config.allowed_origins()])) From 1b8ea077c8fd3921fa0b5612a12f41bd7de24563 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 16:38:24 +0100 Subject: [PATCH 07/10] Change error to properly print url --- cryptify/src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptify/src/main.rs b/cryptify/src/main.rs index d038378..5c48f52 100644 --- a/cryptify/src/main.rs +++ b/cryptify/src/main.rs @@ -416,11 +416,11 @@ async fn rocket() -> _ { let pkg_params_url = format!("{}/v2/sign/parameters", config.pkg_url()); let response = minreq::get(&pkg_params_url) .send() - .unwrap_or_else(|e| panic!("Failed to reach PKG at {pkg_params_url}: {e}")); + .unwrap_or_else(|e| panic!("Failed to reach PKG at {}: {}", pkg_params_url, e)); let vk = response .json::>() - .unwrap_or_else(|e| panic!("Failed to parse verification key from {pkg_params_url}: {e}")); + .unwrap_or_else(|e| panic!("Failed to parse verification key from {}: {}", pkg_params_url, e)); let cors = CorsOptions::default() .allowed_origins(AllowedOrigins::some_regex(&[config.allowed_origins()])) From 4dc301049d2d7a84c22c3e178f9906dd54ced410 Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 16:54:51 +0100 Subject: [PATCH 08/10] Add 10s timeout to PKG fetch to prevent silent startup hang --- cryptify/src/main.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptify/src/main.rs b/cryptify/src/main.rs index 5c48f52..b013904 100644 --- a/cryptify/src/main.rs +++ b/cryptify/src/main.rs @@ -415,6 +415,7 @@ async fn rocket() -> _ { let pkg_params_url = format!("{}/v2/sign/parameters", config.pkg_url()); let response = minreq::get(&pkg_params_url) + .with_timeout(10) .send() .unwrap_or_else(|e| panic!("Failed to reach PKG at {}: {}", pkg_params_url, e)); From 88a847b1355251ddbe556cc9e6d0a31a2ce0dd9f Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 17:50:45 +0100 Subject: [PATCH 09/10] Add SMTP logging and connection timeout to email sending --- cryptify/src/email.rs | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/cryptify/src/email.rs b/cryptify/src/email.rs index 1c328aa..96a4987 100644 --- a/cryptify/src/email.rs +++ b/cryptify/src/email.rs @@ -154,12 +154,21 @@ pub async fn send_email( uuid: &str, ) -> Result> { // setup SMTP connection + log::info!( + "Setting up SMTP: host={}, port={}, tls={}, credentials={}", + config.smtp_url(), + config.smtp_port(), + config.smtp_tls(), + config.smtp_credentials().is_some() + ); let mut mailer_builder = if config.smtp_tls() { SmtpTransport::starttls_relay(config.smtp_url())?.port(config.smtp_port()) } else { SmtpTransport::builder_dangerous(config.smtp_url()).port(config.smtp_port()) }; + mailer_builder = mailer_builder.timeout(Some(std::time::Duration::from_secs(10))); + // add credentials, if present if let Some((username, password)) = config.smtp_credentials() { let credentials = Credentials::new(username.to_owned(), password.to_owned()); @@ -183,28 +192,39 @@ pub async fn send_email( .body(email)?; // send email + log::info!("Sending email to {}", recipient.email); let mailer = mailer_builder.clone().build(); - mailer.send(&email)?; + mailer.send(&email).map_err(|e| { + log::error!("Failed to send email to {}: {}", recipient.email, e); + e + })?; + log::info!("Email sent to {}", recipient.email); } if state.confirm { // also send confirmation email to sender + let sender = state.sender.clone().unwrap(); let mut url = Url::parse(config.server_url())?; url.query_pairs_mut() .append_pair("download", uuid) - .append_pair("recipient", &state.sender.clone().unwrap()); + .append_pair("recipient", &sender); url.set_fragment(Some("filesharing")); let (email, subject) = email_confirm(state, url.as_str()); let email = Message::builder() .header(ContentType::TEXT_HTML) .from(config.email_from()) - .to(state.sender.clone().unwrap().parse()?) + .to(sender.parse()?) .subject(subject) .body(email)?; + log::info!("Sending confirmation email to {}", sender); let mailer = mailer_builder.build(); - mailer.send(&email)?; + mailer.send(&email).map_err(|e| { + log::error!("Failed to send confirmation email to {}: {}", sender, e); + e + })?; + log::info!("Confirmation email sent to {}", sender); } Ok("Email successfully sent".to_owned()) From 8295248349df7549e6b3cfe4ff954e89d2d4ae6c Mon Sep 17 00:00:00 2001 From: Ruben Hensen Date: Wed, 25 Feb 2026 21:05:21 +0100 Subject: [PATCH 10/10] Change url send confirmation --- cryptify/src/email.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cryptify/src/email.rs b/cryptify/src/email.rs index 96a4987..e760426 100644 --- a/cryptify/src/email.rs +++ b/cryptify/src/email.rs @@ -204,11 +204,12 @@ pub async fn send_email( if state.confirm { // also send confirmation email to sender let sender = state.sender.clone().unwrap(); - let mut url = Url::parse(config.server_url())?; + + let base = Url::parse(config.server_url())?; + let mut url = base.join("/download")?; url.query_pairs_mut() - .append_pair("download", uuid) - .append_pair("recipient", &sender); - url.set_fragment(Some("filesharing")); + .append_pair("uuid", uuid) + .append_pair("recipient", &format!("{}", &sender)); let (email, subject) = email_confirm(state, url.as_str()); let email = Message::builder()