FRE-681: Fix code review findings - body flag, PGP encryption, passphrase handling
- cmd/mail.go: Fix duplicate --body/--body-file flag binding (both used bodyFile) - internal/mail/client.go: Add PGP encryption to Send via EncryptBody, add passphrase to MoveToTrash and SendDraft - internal/mail/pgp.go: Store armored private key, add getUnlockedKeyRing helper, fix Decrypt/SignData/EncryptAndSign/DecryptAttachment to use passphrase via key.Unlock - internal/mail/pgp.go: Add EncryptBody method for Send encryption with sender key - cmd/draft.go: Update SendDraft call to include passphrase parameter
This commit is contained in:
Senior Engineer
@@ -260,7 +260,7 @@ func draftSendCmd() *cobra.Command {
|
||||
client.SetAuthHeader(session.AccessToken)
|
||||
mailClient := mail.NewClient(client)
|
||||
|
||||
if err := mailClient.SendDraft(messageID); err != nil {
|
||||
if err := mailClient.SendDraft(messageID, session.AccessToken); err != nil {
|
||||
return fmt.Errorf("failed to send draft: %w", err)
|
||||
}
|
||||
|
||||
|
||||
40
cmd/mail.go
40
cmd/mail.go
@@ -171,7 +171,7 @@ func mailReadCmd() *cobra.Command {
|
||||
}
|
||||
|
||||
func mailSendCmd() *cobra.Command {
|
||||
var to, cc, bcc, subject, bodyFile string
|
||||
var to, cc, bcc, subject, body, bodyFile string
|
||||
var html bool
|
||||
|
||||
cmd := &cobra.Command{
|
||||
@@ -186,14 +186,16 @@ func mailSendCmd() *cobra.Command {
|
||||
return fmt.Errorf("subject is required (--subject)")
|
||||
}
|
||||
|
||||
body := ""
|
||||
if bodyFile != "" {
|
||||
data, err := os.ReadFile(bodyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read body file: %w", err)
|
||||
}
|
||||
body = string(data)
|
||||
var bodyContent string
|
||||
if body != "" {
|
||||
bodyContent = body
|
||||
} else if bodyFile != "" {
|
||||
data, err := os.ReadFile(bodyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read body file: %w", err)
|
||||
}
|
||||
bodyContent = string(data)
|
||||
}
|
||||
|
||||
recipients := parseRecipients(to)
|
||||
var ccRecipients, bccRecipients []mail.Recipient
|
||||
@@ -223,15 +225,15 @@ func mailSendCmd() *cobra.Command {
|
||||
client.SetAuthHeader(session.AccessToken)
|
||||
mailClient := mail.NewClient(client)
|
||||
|
||||
req := mail.SendRequest{
|
||||
To: recipients,
|
||||
CC: ccRecipients,
|
||||
BCC: bccRecipients,
|
||||
Subject: subject,
|
||||
Body: body,
|
||||
HTML: html,
|
||||
Passphrase: session.AccessToken,
|
||||
}
|
||||
req := mail.SendRequest{
|
||||
To: recipients,
|
||||
CC: ccRecipients,
|
||||
BCC: bccRecipients,
|
||||
Subject: subject,
|
||||
Body: bodyContent,
|
||||
HTML: html,
|
||||
Passphrase: session.AccessToken,
|
||||
}
|
||||
|
||||
if err := mailClient.Send(req); err != nil {
|
||||
return fmt.Errorf("failed to send message: %w", err)
|
||||
@@ -248,7 +250,7 @@ func mailSendCmd() *cobra.Command {
|
||||
cmd.Flags().StringVarP(&subject, "subject", "s", "", "Message subject")
|
||||
cmd.Flags().StringVarP(&bodyFile, "body-file", "f", "", "File containing message body")
|
||||
cmd.Flags().BoolVar(&html, "html", false, "Send body as HTML")
|
||||
cmd.Flags().StringVar(&bodyFile, "body", "", "Inline message body")
|
||||
cmd.Flags().StringVar(&body, "body", "", "Inline message body")
|
||||
_ = cmd.MarkFlagRequired("to")
|
||||
|
||||
return cmd
|
||||
@@ -322,7 +324,7 @@ func mailTrashCmd() *cobra.Command {
|
||||
client.SetAuthHeader(session.AccessToken)
|
||||
mailClient := mail.NewClient(client)
|
||||
|
||||
if err := mailClient.MoveToTrash(messageID); err != nil {
|
||||
if err := mailClient.MoveToTrash(messageID, session.AccessToken); err != nil {
|
||||
return fmt.Errorf("failed to move to trash: %w", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -12,8 +12,9 @@ import (
|
||||
)
|
||||
|
||||
type Client struct {
|
||||
apiClient *api.ProtonMailClient
|
||||
baseURL string
|
||||
apiClient *api.ProtonMailClient
|
||||
baseURL string
|
||||
pgpService *PGPService
|
||||
}
|
||||
|
||||
func NewClient(apiClient *api.ProtonMailClient) *Client {
|
||||
@@ -23,6 +24,10 @@ func NewClient(apiClient *api.ProtonMailClient) *Client {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) SetPGPService(svc *PGPService) {
|
||||
c.pgpService = svc
|
||||
}
|
||||
|
||||
func (c *Client) ListMessages(req ListMessagesRequest) (*ListMessagesResponse, error) {
|
||||
body := map[string]interface{}{
|
||||
"Page": req.Page,
|
||||
@@ -116,24 +121,35 @@ func (c *Client) GetMessage(messageID string, passphrase string) (*Message, erro
|
||||
}
|
||||
|
||||
func (c *Client) Send(req SendRequest) error {
|
||||
body := map[string]interface{}{
|
||||
payload := map[string]interface{}{
|
||||
"Type": "0",
|
||||
"Passphrase": req.Passphrase,
|
||||
"Subject": req.Subject,
|
||||
"HTML": req.HTML,
|
||||
"To": req.To,
|
||||
"Body": req.Body,
|
||||
}
|
||||
|
||||
if req.Body != "" {
|
||||
if c.pgpService != nil {
|
||||
encrypted, err := c.pgpService.EncryptBody(req.Body, req.Passphrase)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to encrypt message body: %w", err)
|
||||
}
|
||||
payload["BodyEnc"] = encrypted
|
||||
} else {
|
||||
payload["Body"] = req.Body
|
||||
}
|
||||
}
|
||||
|
||||
if len(req.CC) > 0 {
|
||||
body["CC"] = req.CC
|
||||
payload["CC"] = req.CC
|
||||
}
|
||||
|
||||
if len(req.BCC) > 0 {
|
||||
body["BCC"] = req.BCC
|
||||
payload["BCC"] = req.BCC
|
||||
}
|
||||
|
||||
jsonBody, err := json.Marshal(body)
|
||||
jsonBody, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal request: %w", err)
|
||||
}
|
||||
@@ -159,8 +175,9 @@ func (c *Client) Send(req SendRequest) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) MoveToTrash(messageID string) error {
|
||||
func (c *Client) MoveToTrash(messageID string, passphrase string) error {
|
||||
formData := url.Values{}
|
||||
formData.Set("Passphrase", passphrase)
|
||||
reqURL := fmt.Sprintf("%s/api/messages/%s/movetotrash", c.baseURL, url.QueryEscape(messageID))
|
||||
httpReq, err := http.NewRequest("POST", reqURL, bytes.NewBufferString(formData.Encode()))
|
||||
if err != nil {
|
||||
@@ -293,8 +310,9 @@ func (c *Client) UpdateDraft(messageID string, draft Draft, passphrase string) e
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) SendDraft(messageID string) error {
|
||||
func (c *Client) SendDraft(messageID string, passphrase string) error {
|
||||
formData := url.Values{}
|
||||
formData.Set("Passphrase", passphrase)
|
||||
reqURL := fmt.Sprintf("%s/api/messages/%s/send", c.baseURL, url.QueryEscape(messageID))
|
||||
httpReq, err := http.NewRequest("POST", reqURL, bytes.NewBufferString(formData.Encode()))
|
||||
if err != nil {
|
||||
|
||||
@@ -8,8 +8,9 @@ import (
|
||||
)
|
||||
|
||||
type PGPKeyRing struct {
|
||||
PrivateKey *crypto.Key
|
||||
PublicKey []byte
|
||||
PrivateKey *crypto.Key
|
||||
PublicKey []byte
|
||||
PrivateKeyData string
|
||||
}
|
||||
|
||||
type PGPService struct {
|
||||
@@ -29,8 +30,9 @@ func NewPGPService(privateKeyArmored string) (*PGPService, error) {
|
||||
|
||||
return &PGPService{
|
||||
keyRing: &PGPKeyRing{
|
||||
PrivateKey: privateKey,
|
||||
PublicKey: publicKey,
|
||||
PrivateKey: privateKey,
|
||||
PublicKey: publicKey,
|
||||
PrivateKeyData: privateKeyArmored,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
@@ -56,6 +58,42 @@ func (s *PGPService) Encrypt(plaintext string, recipientPublicKey *crypto.Key) (
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptBody(plaintext string, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage([]byte(plaintext))
|
||||
|
||||
pubKeyBytes, err := s.keyRing.PrivateKey.GetPublicKey()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get public key: %w", err)
|
||||
}
|
||||
|
||||
pubKey, err := crypto.NewKeyFromArmored(string(pubKeyBytes))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse public key: %w", err)
|
||||
}
|
||||
|
||||
recipientKeyRing, err := crypto.NewKeyRing(pubKey)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create encryption key ring: %w", err)
|
||||
}
|
||||
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
|
||||
encrypted, err := recipientKeyRing.Encrypt(pgpMessage, signingKeyRing)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to encrypt body: %w", err)
|
||||
}
|
||||
|
||||
armored, err := encrypted.GetArmored()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to armor encrypted body: %w", err)
|
||||
}
|
||||
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto.Key, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage([]byte(plaintext))
|
||||
|
||||
@@ -64,7 +102,7 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto
|
||||
return "", fmt.Errorf("failed to create recipient key ring: %w", err)
|
||||
}
|
||||
|
||||
signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
@@ -82,13 +120,30 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) getUnlockedKeyRing(passphrase string) (*crypto.KeyRing, error) {
|
||||
key, err := crypto.NewKeyFromArmored(s.keyRing.PrivateKeyData)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse private key: %w", err)
|
||||
}
|
||||
|
||||
if passphrase != "" {
|
||||
unlockedKey, err := key.Unlock([]byte(passphrase))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to unlock private key: %w", err)
|
||||
}
|
||||
key = unlockedKey
|
||||
}
|
||||
|
||||
return crypto.NewKeyRing(key)
|
||||
}
|
||||
|
||||
func (s *PGPService) Decrypt(encrypted string, passphrase string) (string, error) {
|
||||
pgpMessage, err := crypto.NewPGPMessageFromArmored(encrypted)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse encrypted message: %w", err)
|
||||
}
|
||||
|
||||
decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create decryption key ring: %w", err)
|
||||
}
|
||||
@@ -133,7 +188,7 @@ func (s *PGPService) GetFingerprint() (string, error) {
|
||||
func (s *PGPService) SignData(data []byte, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage(data)
|
||||
|
||||
signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
@@ -190,7 +245,7 @@ func (s *PGPService) DecryptAttachment(attachment *Attachment, passphrase string
|
||||
return nil, fmt.Errorf("no keys available for attachment decryption")
|
||||
}
|
||||
|
||||
decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create decryption key ring: %w", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user