Remove frontend, improve backend reliability

.dockerignore

@@ -0,0 +1,7 @@
+**/target
+.git
+.github
+.gitignore
+*.md
+.vscode
+.idea

.github/workflows/delivery.yml

@@ -32,7 +32,7 @@ jobs:
         component: [backend]
         include:
           - component: backend
-            dockerfile: backend.Dockerfile
+            dockerfile: Dockerfile
             image_suffix: "-backend"
             local_tag: local/postguard-backend:scan
             sarif_category: backend

backend.Dockerfile → Dockerfile

@@ -4,16 +4,16 @@ ENV ROCKET_PROFILE=release
 
 WORKDIR /app
 
-COPY cryptify-back-end/src ./src
-COPY cryptify-back-end/templates ./templates
-COPY cryptify-back-end/Cargo.toml .
-COPY cryptify-back-end/Cargo.lock .
+COPY cryptify/src ./src
+COPY cryptify/templates ./templates
+COPY cryptify/Cargo.toml .
+COPY cryptify/Cargo.lock .
 
 RUN apt-get update  \
     && apt-get --no-install-recommends install -y libssl-dev pkg-config  \
     && rm -rf /var/lib/apt/lists/*  \
     && cargo build --release  \
-    && cp ./target/release/cryptify-backend /usr/local/bin/cryptify-backend
+    && cp ./target/release/cryptify /usr/local/bin/cryptify
 
 
 FROM debian:trixie-slim
@@ -25,7 +25,7 @@ RUN groupadd -r nonroot \
     && apt-get --no-install-recommends install -y ca-certificates libssl3  \
     && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /usr/local/bin/cryptify-backend /usr/local/bin/cryptify-backend
+COPY --from=builder /usr/local/bin/cryptify /usr/local/bin/cryptify
 RUN mkdir -p /app && chown nonroot:nonroot /app
 
 WORKDIR /app
@@ -35,4 +35,4 @@ RUN mkdir -p /tmp/data
 
 EXPOSE 8000
 
-CMD ["/bin/sh", "-c", "/usr/local/bin/cryptify-backend"]
+CMD ["/bin/sh", "-c", "/usr/local/bin/cryptify"]

conf/config.dev.toml

@@ -1,13 +1,14 @@
 [default]
 address = "0.0.0.0"
 port = 8000
-server_url = "http://localhost:8080/"
+server_url = "http://localhost:8080/" # Postguard frontend (via nginx)
 data_dir = "/tmp/data"
 email_from = "noreply@postguard.local"
 smtp_url = "mailcrab"
 smtp_port = 1025
+smtp_tls = false
 # smtp_credentials = ["user", "pw"]
 allowed_origins = "^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$"
-pkg_url = "https://postguard-main.cs.ru.nl/pkg"
-# pkg_url = "https://postguard.staging.yivi.app"
-# pkg_url = "https://localhost:8087"
+# pkg_url = "https://postguard-main.cs.ru.nl/pkg"
+# pkg_url = "https://pkg.staging.yivi.app"
+pkg_url = "http://postguard-pkg:8087"

cryptify-back-end/Cargo.toml → cryptify/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "cryptify-backend"
+name = "cryptify"
 version = "0.1.0"
 authors = ["David Venhoek <david@tweedegolf.com>"]
 edition = "2018"

cryptify-back-end/src/config.rs → cryptify/src/config.rs

@@ -8,6 +8,7 @@ pub struct RawCryptifyConfig {
     smtp_url: String,
     smtp_port: u16,
     smtp_credentials: Option<(String, String)>,
+    smtp_tls: Option<bool>,
     allowed_origins: String,
     pkg_url: String,
 }
@@ -21,6 +22,7 @@ pub struct CryptifyConfig {
     smtp_url: String,
     smtp_port: u16,
     smtp_credentials: Option<(String, String)>,
+    smtp_tls: bool,
     allowed_origins: String,
     pkg_url: String,
 }
@@ -37,6 +39,7 @@ impl From<RawCryptifyConfig> for CryptifyConfig {
             smtp_url: config.smtp_url,
             smtp_port: config.smtp_port,
             smtp_credentials: config.smtp_credentials,
+            smtp_tls: config.smtp_tls.unwrap_or(true),
             allowed_origins: config.allowed_origins,
             pkg_url: config.pkg_url,
         }
@@ -68,6 +71,10 @@ impl CryptifyConfig {
         self.smtp_credentials.as_ref()
     }
 
+    pub fn smtp_tls(&self) -> bool {
+        self.smtp_tls
+    }
+
     pub fn allowed_origins(&self) -> &str {
         &self.allowed_origins
     }

cryptify-back-end/src/email.rs → cryptify/src/email.rs

@@ -154,12 +154,21 @@ pub async fn send_email(
     uuid: &str,
 ) -> Result<String, Box<dyn std::error::Error>> {
     // setup SMTP connection
-    let mut mailer_builder = if cfg!(debug_assertions) {
-        SmtpTransport::builder_dangerous(config.smtp_url()).port(config.smtp_port())
-    } else {
+    log::info!(
+        "Setting up SMTP: host={}, port={}, tls={}, credentials={}",
+        config.smtp_url(),
+        config.smtp_port(),
+        config.smtp_tls(),
+        config.smtp_credentials().is_some()
+    );
+    let mut mailer_builder = if config.smtp_tls() {
         SmtpTransport::starttls_relay(config.smtp_url())?.port(config.smtp_port())
+    } else {
+        SmtpTransport::builder_dangerous(config.smtp_url()).port(config.smtp_port())
     };
 
+    mailer_builder = mailer_builder.timeout(Some(std::time::Duration::from_secs(10)));
+
     // add credentials, if present
     if let Some((username, password)) = config.smtp_credentials() {
         let credentials = Credentials::new(username.to_owned(), password.to_owned());
@@ -168,11 +177,11 @@ pub async fn send_email(
 
     for recipient in state.recipients.iter() {
         // combine URL with mail variables into template
-        let mut url = Url::parse(config.server_url())?;
+        let base = Url::parse(config.server_url())?;
+        let mut url = base.join("/download")?;
         url.query_pairs_mut()
-            .append_pair("download", uuid)
+            .append_pair("uuid", uuid)
             .append_pair("recipient", &format!("{}", recipient.email));
-        url.set_fragment(Some("filesharing"));
 
         let (email, subject) = email_templates(state, url.as_str());
         let email = Message::builder()
@@ -183,28 +192,40 @@ pub async fn send_email(
             .body(email)?;
 
         // send email
+        log::info!("Sending email to {}", recipient.email);
         let mailer = mailer_builder.clone().build();
-        mailer.send(&email)?;
+        mailer.send(&email).map_err(|e| {
+            log::error!("Failed to send email to {}: {}", recipient.email, e);
+            e
+        })?;
+        log::info!("Email sent to {}", recipient.email);
     }
 
     if state.confirm {
         // also send confirmation email to sender
-        let mut url = Url::parse(config.server_url())?;
+        let sender = state.sender.clone().unwrap();
+
+        let base = Url::parse(config.server_url())?;
+        let mut url = base.join("/download")?;
         url.query_pairs_mut()
-            .append_pair("download", uuid)
-            .append_pair("recipient", &state.sender.clone().unwrap());
-        url.set_fragment(Some("filesharing"));
+            .append_pair("uuid", uuid)
+            .append_pair("recipient", &format!("{}", &sender));
 
         let (email, subject) = email_confirm(state, url.as_str());
         let email = Message::builder()
             .header(ContentType::TEXT_HTML)
             .from(config.email_from())
-            .to(state.sender.clone().unwrap().parse()?)
+            .to(sender.parse()?)
             .subject(subject)
             .body(email)?;
 
+        log::info!("Sending confirmation email to {}", sender);
         let mailer = mailer_builder.build();
-        mailer.send(&email)?;
+        mailer.send(&email).map_err(|e| {
+            log::error!("Failed to send confirmation email to {}: {}", sender, e);
+            e
+        })?;
+        log::info!("Confirmation email sent to {}", sender);
     }
 
     Ok("Email successfully sent".to_owned())

cryptify-back-end/src/main.rs → cryptify/src/main.rs

@@ -413,12 +413,15 @@ async fn rocket() -> _ {
         .extract::<CryptifyConfig>()
         .expect("Missing configuration");
 
-    let response = minreq::get(format!("{}/v2/sign/parameters", config.pkg_url())).send();
+    let pkg_params_url = format!("{}/v2/sign/parameters", config.pkg_url());
+    let response = minreq::get(&pkg_params_url)
+        .with_timeout(10)
+        .send()
+        .unwrap_or_else(|e| panic!("Failed to reach PKG at {}: {}", pkg_params_url, e));
 
     let vk = response
-        .expect("could not get global verification key")
         .json::<Parameters<VerifyingKey>>()
-        .expect("no verification key");
+        .unwrap_or_else(|e| panic!("Failed to parse verification key from {}: {}", pkg_params_url, e));
 
     let cors = CorsOptions::default()
         .allowed_origins(AllowedOrigins::some_regex(&[config.allowed_origins()]))

backend.dev.Dockerfile → dev.Dockerfile

@@ -7,9 +7,9 @@ WORKDIR /app
 
 FROM chef AS planner
 # Copy source to create recipe
-COPY cryptify-back-end/Cargo.toml .
-COPY cryptify-back-end/Cargo.lock .
-COPY cryptify-back-end/src ./src
+COPY cryptify/Cargo.toml .
+COPY cryptify/Cargo.lock .
+COPY cryptify/src ./src
 RUN cargo chef prepare --recipe-path recipe.json
 
 FROM chef AS builder
@@ -26,8 +26,8 @@ COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --recipe-path recipe.json
 
 # Copy lockfile and manifest
-COPY cryptify-back-end/Cargo.toml .
-COPY cryptify-back-end/Cargo.lock .
+COPY cryptify/Cargo.toml .
+COPY cryptify/Cargo.lock .
 
 # Create data directory
 RUN mkdir -p /tmp/data

docker-compose.dev.yml

@@ -7,8 +7,8 @@ services:
     depends_on:
       - mailcrab
     volumes:
-      - "./cryptify-back-end/src:/app/src"
-      - "./cryptify-back-end/templates:/app/templates"
+      - "./cryptify/src:/app/src"
+      - "./cryptify/templates:/app/templates"
       - "./conf/config.dev.toml:/app/config.toml:ro"
     ports:
       - "8000:8000"

docker-compose.yml

@@ -13,7 +13,7 @@ services:
     depends_on:
       - mailcrab
     volumes:
-      - "./cryptify-back-end/:/app"
+      - "./cryptify/:/app"
       - "./conf/config.toml/:/app/config.toml:ro"
     ports:
         - "8000:8000"