empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3399b31bfc
fleet/server/mail/ses.go
Lucas Manuel Rodriguez 2a532ede94
Do not return empty SSO and SMTP settings for non-global-admins (#12180) 
#11266

PS: I first attempted a serialization trick by introducing a new
`appConfigResponse` and implementing `json.Marshal` to exclude these
fields but it was too hacky and hard to maintain moving forward, so I'm
bitting the bullet now. Happy to hear other ideas.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-06-07 16:06:36 -03:00

92 lines
2.3 KiB
Go
Raw Blame History

package mail
import (
"errors"
"fmt"
"net/url"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ses"
"github.com/fleetdm/fleet/v4/server/fleet"
)
type fleetSESSender interface {
SendRawEmail(input *ses.SendRawEmailInput) (*ses.SendRawEmailOutput, error)
}
type sesSender struct {
client fleetSESSender
sourceArn string
}
func getFromSES(e fleet.Email) (string, error) {
serverURL, err := url.Parse(e.ServerURL)
if err != nil || len(serverURL.Host) == 0 {
return "", fmt.Errorf("failed to parse server url %s err: %w", e.ServerURL, err)
}
return fmt.Sprintf("From: %s\r\n", fmt.Sprintf("do-not-reply@%s", serverURL.Host)), nil
}
func (s *sesSender) SendEmail(e fleet.Email) error {
if s.client == nil {
return errors.New("ses sender not configured")
}
msg, err := getMessageBody(e, getFromSES)
if err != nil {
return err
}
return s.sendMail(e, msg)
}
func NewSESSender(region, endpointURL, id, secret, stsAssumeRoleArn, sourceArn string) (*sesSender, error) {
conf := &aws.Config{
Region: &region,
Endpoint: &endpointURL, // empty string or nil will use default values
}
// Only provide static credentials if we have them
// otherwise use the default credentials provider chain
if id != "" && secret != "" {
conf.Credentials = credentials.NewStaticCredentials(id, secret, "")
}
sess, err := session.NewSession(conf)
if err != nil {
return nil, fmt.Errorf("create SES client: %w", err)
}
if stsAssumeRoleArn != "" {
creds := stscreds.NewCredentials(sess, stsAssumeRoleArn)
conf.Credentials = creds
sess, err = session.NewSession(conf)
if err != nil {
return nil, fmt.Errorf("create SES client: %w", err)
}
}
return &sesSender{client: ses.New(sess), sourceArn: sourceArn}, nil
}
func (s *sesSender) sendMail(e fleet.Email, msg []byte) error {
toAddresses := make([]*string, len(e.To))
for i := range e.To {
t := e.To[i]
toAddresses[i] = &t
}
_, err := s.client.SendRawEmail(&ses.SendRawEmailInput{
Destinations: toAddresses,
FromArn: &s.sourceArn,
RawMessage: &ses.RawMessage{Data: msg},
SourceArn: &s.sourceArn,
})
if err != nil {
return err
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink