refactor(mimefactory): separate rendering of message payload and sendable message#8345
refactor(mimefactory): separate rendering of message payload and sendable message#8345link2xt wants to merge 2 commits into
Conversation
45102bc to
1956c42
Compare
5f3c57c to
f9c33de
Compare
f9c33de to
e314fc0
Compare
3d4610c to
b1b0e3f
Compare
ce43887 to
6abd90c
Compare
6abd90c to
e350dd6
Compare
a18ab11 to
2e20218
Compare
a39da96 to
1c19dd8
Compare
1c19dd8 to
efe7d0f
Compare
28522ff to
b34bc43
Compare
606d7c7 to
23c8c8a
Compare
b34bc43 to
c85e622
Compare
| if name.is_empty() { | ||
| None | ||
| } else { | ||
| Some(name.to_string()) | ||
| }, |
There was a problem hiding this comment.
nit: maybe this should be a default behavior for Address::new_address? I don't see a case when empty string would be actually desired.
There was a problem hiding this comment.
Address::new_address is part of the mail-builder crate, for them it probably makes sense to construct such addresses. In any case, we cannot change it.
| /// Consumes a `MimeFactory` and renders it into a message which is then stored in | ||
| /// `smtp`-table to be used by the SMTP loop | ||
| #[expect(clippy::arithmetic_side_effects)] | ||
| pub(crate) async fn pre_render( |
There was a problem hiding this comment.
Maybe render_queued() or smth like this? pre_render() is somewhat "vague", and i'm afraid it may be confused with pre-messages.
| /// If true, Autocrypt header should be added before sending. | ||
| should_attach_pubkey: bool, | ||
|
|
||
| /// If true, OpenPGP compression may be used. |
There was a problem hiding this comment.
Then it should be may_compress
| from_header.write_header(&mut inner_headers, 6)?; | ||
|
|
||
| if is_encrypted { | ||
| let unencrypted_from = Address::new_address(None::<&'static str>, from_addr.to_string()); |
There was a problem hiding this comment.
| let unencrypted_from = Address::new_address(None::<&'static str>, from_addr.to_string()); | |
| let unencrypted_from = Address::new_address(None::<&'static str>, from_addr.clone()); |
|
|
||
| if should_attach_pubkey { | ||
| let aheader = Aheader { | ||
| addr: from_addr.clone(), |
There was a problem hiding this comment.
| addr: from_addr.clone(), | |
| addr: from_addr, |
| verified: false, | ||
| }; | ||
| let autocrypt_header = mail_builder::headers::raw::Raw::new(aheader.to_string()); | ||
| if is_encrypted { |
There was a problem hiding this comment.
Could be
let headers = match is_encrypted {
true => &mut inner_headers,
false => &mut outer_headers,
};
...to deduplicate the code a bit
| }; | ||
|
|
||
| // Encrypt to self unconditionally, | ||
| // even for a single-device setup. |
There was a problem hiding this comment.
"... to not reveal which setup we have", IIRC.
23c8c8a to
9351ae3
Compare
c85e622 to
908b761
Compare
…able message This change separates rendering into two separate steps: 1. Rendering of the message payload without the From, Date and Autocrypt headers. 2. Adding the From, Date and Autocrypt headers and possibly encrypting the message. The goal is to have serializable result of the first step that can be persisted in the database and sent later with any email address. This way it will be possible to send queued messages over any relay. This will make it possible not to remove all messages from the queue when the sending relay is changed. Currently changing `configured_addr` deletes everything from `smtp` table. This change is however only a refactoring and does not implement any features.
9351ae3 to
598ac45
Compare
| } else { | ||
| SeipdVersion::V1 | ||
| }; | ||
| let display_name = if is_securejoin_message && !is_encrypted { |
There was a problem hiding this comment.
Btw, this is apparently not the correct implementation of #7396 , see the protocol flow chart -- Alice should attach her profile (avatar, displayname, etc.) only at the final step, but not in the "vc-pubkey" message which is encrypted with AUTH. It seems this doesn't create any security issue, but it's just enough to send the profile at the final step. Also if we let Alice review "Securejoin requests" in the future before fully executing them, showing Bob's profile to Alice first (not otherwise) makes sense:
Since we want to give Alice the opportunity to review join requests (as a future improvement that doesn't require breaking the protocol), Alice can't send any private data in the second message. [...]
EDIT: For Bob it's even worse because he sends his displayname already in "vc-request-pubkey" apparently, so e.g. other broadcast subscribers can see it.
CC @Hocuri
This is not related to the refactoring, but i'd like this to be reviewed by others.
This change separates rendering into two separate steps:
The goal is to have serializable result of the first step
that can be persisted in the database and sent later with any email address.
This way it will be possible to send queued messages over any relay.
This will make it possible not to remove all messages from the queue
when the sending relay is changed.
Currently changing
configured_addrdeletes everything fromsmtptable.This change is however only a refactoring and does not implement any features.
This is a refactoring PR in preparation for automatic relay failover.
As a side effect it also makes possible to change the Date of the message for #8112 if we decide on this approach (unlikely).
Serializable mail is currently called
mimefactory::QueuedMail. Everything except the public keys is trivially serializable, public keys should likely be serialized as recipient fingerprints rather than as OpenPGP certificates.I also noticed that we likely can remove the concept of "hidden headers" which are headers that are sent on the mulipart/mixed level of unencrypted messages. They are used to send
Chat-Editheaders and avatars in unencrypted messages. Sending avatars in unencrypted messages is not useful because they are not displayed anyway. And we can decide to make it impossible to edit and delete unencrypted messages. I have not changed anything in this PR, however, hidden headers work as before.