mailpit/server/server.go

// Package server is the HTTP daemon
package server

import (
	"bytes"
	"compress/gzip"
	"embed"
	"fmt"
	"io"
	"io/fs"
	"net/http"
	"os"
	"strings"
	"sync/atomic"

	"github.com/axllent/mailpit/config"
	"github.com/axllent/mailpit/server/apiv1"
	"github.com/axllent/mailpit/server/handlers"
	"github.com/axllent/mailpit/server/websockets"
	"github.com/axllent/mailpit/utils/logger"
	"github.com/gorilla/mux"
)

//go:embed ui
var embeddedFS embed.FS

// AccessControlAllowOrigin CORS policy
var AccessControlAllowOrigin string

// Listen will start the httpd
func Listen() {
	isReady := &atomic.Value{}
	isReady.Store(false)

	serverRoot, err := fs.Sub(embeddedFS, "ui")
	if err != nil {
		logger.Log().Errorf("[http] %s", err)
		os.Exit(1)
	}

	websockets.MessageHub = websockets.NewHub()

	go websockets.MessageHub.Run()

	r := defaultRoutes()

	// kubernetes probes
	r.HandleFunc(config.Webroot+"livez", handlers.HealthzHandler)
	r.HandleFunc(config.Webroot+"readyz", handlers.ReadyzHandler(isReady))

	// proxy handler for screenshots
	r.HandleFunc(config.Webroot+"proxy", middleWareFunc(handlers.ProxyHandler)).Methods("GET")

	// web UI websocket
	r.HandleFunc(config.Webroot+"api/events", apiWebsocket).Methods("GET")

	// virtual filesystem for others
	r.PathPrefix(config.Webroot).Handler(middlewareHandler(http.StripPrefix(config.Webroot, http.FileServer(http.FS(serverRoot)))))

	// redirect to webroot if no trailing slash
	if config.Webroot != "/" {
		redir := strings.TrimRight(config.Webroot, "/")
		r.HandleFunc(redir, middleWareFunc(addSlashToWebroot)).Methods("GET")
	}

	http.Handle("/", r)

	if config.UIAuthFile != "" {
		logger.Log().Info("[http] enabling web UI basic authentication")
	}

	// Mark the application here as ready
	isReady.Store(true)

	if config.UITLSCert != "" && config.UITLSKey != "" {
		logger.Log().Infof("[http] starting secure server on https://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)
		logger.Log().Fatal(http.ListenAndServeTLS(config.HTTPListen, config.UITLSCert, config.UITLSKey, nil))
	} else {
		logger.Log().Infof("[http] starting server on http://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)
		logger.Log().Fatal(http.ListenAndServe(config.HTTPListen, nil))
	}
}

func defaultRoutes() *mux.Router {
	r := mux.NewRouter()

	// API V1
	r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.GetMessages)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.SetReadStatus)).Methods("PUT")
	r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.DeleteMessages)).Methods("DELETE")
	r.HandleFunc(config.Webroot+"api/v1/tags", middleWareFunc(apiv1.SetTags)).Methods("PUT")
	r.HandleFunc(config.Webroot+"api/v1/search", middleWareFunc(apiv1.Search)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/part/{partID}", middleWareFunc(apiv1.DownloadAttachment)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/part/{partID}/thumb", middleWareFunc(apiv1.Thumbnail)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/headers", middleWareFunc(apiv1.GetHeaders)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/raw", middleWareFunc(apiv1.DownloadRaw)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/release", middleWareFunc(apiv1.ReleaseMessage)).Methods("POST")
	if !config.DisableHTMLCheck {
		r.HandleFunc(config.Webroot+"api/v1/message/{id}/html-check", middleWareFunc(apiv1.HTMLCheck)).Methods("GET")
	}
	r.HandleFunc(config.Webroot+"api/v1/message/{id}/link-check", middleWareFunc(apiv1.LinkCheck)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/message/{id}", middleWareFunc(apiv1.GetMessage)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/info", middleWareFunc(apiv1.AppInfo)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/webui", middleWareFunc(apiv1.WebUIConfig)).Methods("GET")
	r.HandleFunc(config.Webroot+"api/v1/swagger.json", middleWareFunc(swaggerBasePath)).Methods("GET")

	// return blank 200 response for OPTIONS requests for CORS
	r.PathPrefix(config.Webroot + "api/v1/").Handler(middleWareFunc(apiv1.GetOptions)).Methods("OPTIONS")

	return r
}

// BasicAuthResponse returns an basic auth response to the browser
func basicAuthResponse(w http.ResponseWriter) {
	w.Header().Set("WWW-Authenticate", `Basic realm="Login"`)
	w.WriteHeader(http.StatusUnauthorized)
	_, _ = w.Write([]byte("Unauthorised.\n"))
}

type gzipResponseWriter struct {
	io.Writer
	http.ResponseWriter
}

func (w gzipResponseWriter) Write(b []byte) (int, error) {
	return w.Writer.Write(b)
}

// MiddleWareFunc http middleware adds optional basic authentication
// and gzip compression.
func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Referrer-Policy", "no-referrer")
		w.Header().Set("Content-Security-Policy", config.ContentSecurityPolicy)

		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
			w.Header().Set("Access-Control-Allow-Headers", "*")
		}

		if config.UIAuthFile != "" {
			user, pass, ok := r.BasicAuth()

			if !ok {
				basicAuthResponse(w)
				return
			}

			if !config.UIAuth.Match(user, pass) {
				basicAuthResponse(w)
				return
			}
		}

		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
			fn(w, r)
			return
		}
		w.Header().Set("Content-Encoding", "gzip")
		gz := gzip.NewWriter(w)
		defer gz.Close()
		gzr := gzipResponseWriter{Writer: gz, ResponseWriter: w}
		fn(gzr, r)
	}
}

// MiddlewareHandler http middleware adds optional basic authentication
// and gzip compression
func middlewareHandler(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Referrer-Policy", "no-referrer")
		w.Header().Set("Content-Security-Policy", config.ContentSecurityPolicy)

		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
			w.Header().Set("Access-Control-Allow-Headers", "*")
		}

		if config.UIAuthFile != "" {
			user, pass, ok := r.BasicAuth()

			if !ok {
				basicAuthResponse(w)
				return
			}

			if !config.UIAuth.Match(user, pass) {
				basicAuthResponse(w)
				return
			}
		}

		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
			h.ServeHTTP(w, r)
			return
		}
		w.Header().Set("Content-Encoding", "gzip")
		gz := gzip.NewWriter(w)
		defer gz.Close()
		h.ServeHTTP(gzipResponseWriter{Writer: gz, ResponseWriter: w}, r)
	})
}

// Redirect to webroot
func addSlashToWebroot(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, config.Webroot, http.StatusFound)
}

// Websocket to broadcast changes
func apiWebsocket(w http.ResponseWriter, r *http.Request) {
	websockets.ServeWs(websockets.MessageHub, w, r)
}

// Wrapper to artificially inject a basePath to the swagger.json if a webroot has been specified
func swaggerBasePath(w http.ResponseWriter, _ *http.Request) {
	f, err := embeddedFS.ReadFile("ui/api/v1/swagger.json")
	if err != nil {
		panic(err)
	}

	if config.Webroot != "/" {
		// artificially inject a path at the start
		replacement := fmt.Sprintf("{\n  \"basePath\": \"%s\",", strings.TrimRight(config.Webroot, "/"))

		f = bytes.Replace(f, []byte("{"), []byte(replacement), 1)
	}

	w.Header().Add("Content-Type", "application/json")
	_, _ = w.Write(f)
}
API: Message relay / release This enables a SMTP server to be configured, and messages to be manually "released" via the relay server. Aditionally, messages can be auto-relayed via the SMTP server do Mailpit acts as a form of caching proxy. @see #29 2023-04-21 02:10:13 +02:00			`// Package server is the HTTP daemon`
First commit 2022-07-29 13:23:08 +02:00			`package server`

			`import (`
Fix: Add basePath to swagger.json if webroot is specified @See #147 2023-07-30 07:35:17 +02:00			`"bytes"`
First commit 2022-07-29 13:23:08 +02:00			`"compress/gzip"`
			`"embed"`
Fix: Add basePath to swagger.json if webroot is specified @See #147 2023-07-30 07:35:17 +02:00			`"fmt"`
Feature: Add Kubernetes API health (livez/readyz) endpoints Kubernetes checks if a pod is ok and if it can retrieve traffic using probes. This commit add two routes to make a liveness probe and a readiness probe. 2023-01-30 10:56:58 +02:00			`"io"`
			`"io/fs"`
			`"net/http"`
			`"os"`
			`"strings"`
			`"sync/atomic"`
Feature: Rename SSL to TLS, add deprecation warnings to flags & ENV variables referring to SSL 2023-03-12 00:31:15 +02:00
			`"github.com/axllent/mailpit/config"`
			`"github.com/axllent/mailpit/server/apiv1"`
			`"github.com/axllent/mailpit/server/handlers"`
			`"github.com/axllent/mailpit/server/websockets"`
			`"github.com/axllent/mailpit/utils/logger"`
			`"github.com/gorilla/mux"`
First commit 2022-07-29 13:23:08 +02:00			`)`

			`//go:embed ui`
			`var embeddedFS embed.FS`

API: Enable cross-origin resource sharing (CORS) configuration This feature allows the setting of the `Access-Control-Allow-Origin` header via `--api-cors`. @see #91 2023-04-21 02:49:49 +02:00			`// AccessControlAllowOrigin CORS policy`
			`var AccessControlAllowOrigin string`

First commit 2022-07-29 13:23:08 +02:00			`// Listen will start the httpd`
			`func Listen() {`
Feature: Add Kubernetes API health (livez/readyz) endpoints Kubernetes checks if a pod is ok and if it can retrieve traffic using probes. This commit add two routes to make a liveness probe and a readiness probe. 2023-01-30 10:56:58 +02:00			`isReady := &atomic.Value{}`
			`isReady.Store(false)`

First commit 2022-07-29 13:23:08 +02:00			`serverRoot, err := fs.Sub(embeddedFS, "ui")`
			`if err != nil {`
			`logger.Log().Errorf("[http] %s", err)`
			`os.Exit(1)`
			`}`

			`websockets.MessageHub = websockets.NewHub()`

			`go websockets.MessageHub.Run()`

Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`r := defaultRoutes()`

Feature: Add Kubernetes API health (livez/readyz) endpoints Kubernetes checks if a pod is ok and if it can retrieve traffic using probes. This commit add two routes to make a liveness probe and a readiness probe. 2023-01-30 10:56:58 +02:00			`// kubernetes probes`
Feature: HTML screenshots Resolves #157 2023-09-06 06:14:35 +02:00			`r.HandleFunc(config.Webroot+"livez", handlers.HealthzHandler)`
			`r.HandleFunc(config.Webroot+"readyz", handlers.ReadyzHandler(isReady))`

			`// proxy handler for screenshots`
			`r.HandleFunc(config.Webroot+"proxy", middleWareFunc(handlers.ProxyHandler)).Methods("GET")`
Feature: Add Kubernetes API health (livez/readyz) endpoints Kubernetes checks if a pod is ok and if it can retrieve traffic using probes. This commit add two routes to make a liveness probe and a readiness probe. 2023-01-30 10:56:58 +02:00
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`// web UI websocket`
Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`r.HandleFunc(config.Webroot+"api/events", apiWebsocket).Methods("GET")`
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00
			`// virtual filesystem for others`
Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`r.PathPrefix(config.Webroot).Handler(middlewareHandler(http.StripPrefix(config.Webroot, http.FileServer(http.FS(serverRoot)))))`

			`// redirect to webroot if no trailing slash`
			`if config.Webroot != "/" {`
			`redir := strings.TrimRight(config.Webroot, "/")`
			`r.HandleFunc(redir, middleWareFunc(addSlashToWebroot)).Methods("GET")`
			`}`

First commit 2022-07-29 13:23:08 +02:00			`http.Handle("/", r)`

Feature: SMTP STARTTLS & SMTP authentication support Resolves #4 2022-08-06 10:00:05 +02:00			`if config.UIAuthFile != "" {`
			`logger.Log().Info("[http] enabling web UI basic authentication")`
			`}`

Feature: Add Kubernetes API health (livez/readyz) endpoints Kubernetes checks if a pod is ok and if it can retrieve traffic using probes. This commit add two routes to make a liveness probe and a readiness probe. 2023-01-30 10:56:58 +02:00			`// Mark the application here as ready`
			`isReady.Store(true)`

Feature: Rename SSL to TLS, add deprecation warnings to flags & ENV variables referring to SSL 2023-03-12 00:31:15 +02:00			`if config.UITLSCert != "" && config.UITLSKey != "" {`
Minor UI / CLI updates 2023-05-23 06:07:05 +02:00			`logger.Log().Infof("[http] starting secure server on https://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)`
Feature: Rename SSL to TLS, add deprecation warnings to flags & ENV variables referring to SSL 2023-03-12 00:31:15 +02:00			`logger.Log().Fatal(http.ListenAndServeTLS(config.HTTPListen, config.UITLSCert, config.UITLSKey, nil))`
First commit 2022-07-29 13:23:08 +02:00			`} else {`
Minor UI / CLI updates 2023-05-23 06:07:05 +02:00			`logger.Log().Infof("[http] starting server on http://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)`
Update logging format 2022-10-12 15:53:53 +02:00			`logger.Log().Fatal(http.ListenAndServe(config.HTTPListen, nil))`
First commit 2022-07-29 13:23:08 +02:00			`}`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`}`
First commit 2022-07-29 13:23:08 +02:00
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`func defaultRoutes() *mux.Router {`
			`r := mux.NewRouter()`

			`// API V1`
Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.GetMessages)).Methods("GET")`
			`r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.SetReadStatus)).Methods("PUT")`
			`r.HandleFunc(config.Webroot+"api/v1/messages", middleWareFunc(apiv1.DeleteMessages)).Methods("DELETE")`
Feature: Message tags and auto-tagging See #17 2022-11-13 05:45:54 +02:00			`r.HandleFunc(config.Webroot+"api/v1/tags", middleWareFunc(apiv1.SetTags)).Methods("PUT")`
Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`r.HandleFunc(config.Webroot+"api/v1/search", middleWareFunc(apiv1.Search)).Methods("GET")`
			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/part/{partID}", middleWareFunc(apiv1.DownloadAttachment)).Methods("GET")`
			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/part/{partID}/thumb", middleWareFunc(apiv1.Thumbnail)).Methods("GET")`
Feature: OpenAPI / Swagger schema Mailpit now has built-in OpenAPI / Swagger documentation, see #65 2023-03-31 06:29:04 +02:00			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/headers", middleWareFunc(apiv1.GetHeaders)).Methods("GET")`
Bugfix: Add API release route again (bad merge) 2023-04-21 07:50:34 +02:00			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/raw", middleWareFunc(apiv1.DownloadRaw)).Methods("GET")`
			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/release", middleWareFunc(apiv1.ReleaseMessage)).Methods("POST")`
Feature: HTML check to test & score mail client compatibility with HTML emails 2023-07-30 07:04:06 +02:00			`if !config.DisableHTMLCheck {`
			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/html-check", middleWareFunc(apiv1.HTMLCheck)).Methods("GET")`
			`}`
Feature: Link check to test message links @see #151 2023-08-16 06:59:31 +02:00			`r.HandleFunc(config.Webroot+"api/v1/message/{id}/link-check", middleWareFunc(apiv1.LinkCheck)).Methods("GET")`
Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`r.HandleFunc(config.Webroot+"api/v1/message/{id}", middleWareFunc(apiv1.GetMessage)).Methods("GET")`
			`r.HandleFunc(config.Webroot+"api/v1/info", middleWareFunc(apiv1.AppInfo)).Methods("GET")`
UI: Message release functionality When an SMTP relay server is configured, the web UI will display a "Release" button and allow a message to be manually relayed via the SMTP server to selected addresses. @see #29 2023-04-21 02:17:14 +02:00			`r.HandleFunc(config.Webroot+"api/v1/webui", middleWareFunc(apiv1.WebUIConfig)).Methods("GET")`
Fix: Add basePath to swagger.json if webroot is specified @See #147 2023-07-30 07:35:17 +02:00			`r.HandleFunc(config.Webroot+"api/v1/swagger.json", middleWareFunc(swaggerBasePath)).Methods("GET")`
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00
API: Return blank 200 response for OPTIONS requests (CORS) 2023-05-09 07:11:57 +02:00			`// return blank 200 response for OPTIONS requests for CORS`
			`r.PathPrefix(config.Webroot + "api/v1/").Handler(middleWareFunc(apiv1.GetOptions)).Methods("OPTIONS")`

Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`return r`
			`}`

Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`// BasicAuthResponse returns an basic auth response to the browser`
			`func basicAuthResponse(w http.ResponseWriter) {`
			w.Header().Set("WWW-Authenticate", `Basic realm="Login"`)
			`w.WriteHeader(http.StatusUnauthorized)`
Ignore http.RsponseWriter errors 2022-08-06 14:09:32 +02:00			`_, _ = w.Write([]byte("Unauthorised.\n"))`
First commit 2022-07-29 13:23:08 +02:00			`}`

			`type gzipResponseWriter struct {`
			`io.Writer`
			`http.ResponseWriter`
			`}`

			`func (w gzipResponseWriter) Write(b []byte) (int, error) {`
			`return w.Writer.Write(b)`
			`}`

Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`// MiddleWareFunc http middleware adds optional basic authentication`
			`// and gzip compression.`
			`func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {`
First commit 2022-07-29 13:23:08 +02:00			`return func(w http.ResponseWriter, r *http.Request) {`
Security: Add restrictive HTTP Content-Security-Policy 2022-09-15 11:23:27 +02:00			`w.Header().Set("Referrer-Policy", "no-referrer")`
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`w.Header().Set("Content-Security-Policy", config.ContentSecurityPolicy)`
Security: Add restrictive HTTP Content-Security-Policy 2022-09-15 11:23:27 +02:00
API: Enable cross-origin resource sharing (CORS) configuration This feature allows the setting of the `Access-Control-Allow-Origin` header via `--api-cors`. @see #91 2023-04-21 02:49:49 +02:00			`if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {`
			`w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)`
API: Return blank 200 response for OPTIONS requests (CORS) 2023-05-09 07:11:57 +02:00			`w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")`
API: Set Access-Control-Allow-Headers when --api-cors is set 2023-05-04 12:23:07 +02:00			`w.Header().Set("Access-Control-Allow-Headers", "*")`
API: Enable cross-origin resource sharing (CORS) configuration This feature allows the setting of the `Access-Control-Allow-Origin` header via `--api-cors`. @see #91 2023-04-21 02:49:49 +02:00			`}`

Feature: SMTP STARTTLS & SMTP authentication support Resolves #4 2022-08-06 10:00:05 +02:00			`if config.UIAuthFile != "" {`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`user, pass, ok := r.BasicAuth()`

			`if !ok {`
			`basicAuthResponse(w)`
			`return`
			`}`

Feature: SMTP STARTTLS & SMTP authentication support Resolves #4 2022-08-06 10:00:05 +02:00			`if !config.UIAuth.Match(user, pass) {`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`basicAuthResponse(w)`
			`return`
			`}`
			`}`

First commit 2022-07-29 13:23:08 +02:00			`if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {`
			`fn(w, r)`
			`return`
			`}`
			`w.Header().Set("Content-Encoding", "gzip")`
			`gz := gzip.NewWriter(w)`
			`defer gz.Close()`
			`gzr := gzipResponseWriter{Writer: gz, ResponseWriter: w}`
			`fn(gzr, r)`
			`}`
			`}`

Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`// MiddlewareHandler http middleware adds optional basic authentication`
			`// and gzip compression`
			`func middlewareHandler(h http.Handler) http.Handler {`
First commit 2022-07-29 13:23:08 +02:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Security: Add restrictive HTTP Content-Security-Policy 2022-09-15 11:23:27 +02:00			`w.Header().Set("Referrer-Policy", "no-referrer")`
Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`w.Header().Set("Content-Security-Policy", config.ContentSecurityPolicy)`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00
API: Enable cross-origin resource sharing (CORS) configuration This feature allows the setting of the `Access-Control-Allow-Origin` header via `--api-cors`. @see #91 2023-04-21 02:49:49 +02:00			`if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {`
			`w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)`
API: Return blank 200 response for OPTIONS requests (CORS) 2023-05-09 07:11:57 +02:00			`w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")`
API: Set Access-Control-Allow-Headers when --api-cors is set 2023-05-04 12:23:07 +02:00			`w.Header().Set("Access-Control-Allow-Headers", "*")`
API: Enable cross-origin resource sharing (CORS) configuration This feature allows the setting of the `Access-Control-Allow-Origin` header via `--api-cors`. @see #91 2023-04-21 02:49:49 +02:00			`}`

Feature: SMTP STARTTLS & SMTP authentication support Resolves #4 2022-08-06 10:00:05 +02:00			`if config.UIAuthFile != "" {`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`user, pass, ok := r.BasicAuth()`

			`if !ok {`
			`basicAuthResponse(w)`
			`return`
			`}`

Feature: SMTP STARTTLS & SMTP authentication support Resolves #4 2022-08-06 10:00:05 +02:00			`if !config.UIAuth.Match(user, pass) {`
Feature: Basic authentication support 2022-08-04 07:18:07 +02:00			`basicAuthResponse(w)`
			`return`
			`}`
			`}`

First commit 2022-07-29 13:23:08 +02:00			`if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {`
			`h.ServeHTTP(w, r)`
			`return`
			`}`
			`w.Header().Set("Content-Encoding", "gzip")`
			`gz := gzip.NewWriter(w)`
			`defer gz.Close()`
			`h.ServeHTTP(gzipResponseWriter{Writer: gz, ResponseWriter: w}, r)`
			`})`
			`}`

Feature: Allow custom webroot Allow Mailpit to run on a custom webroot, resolves #19 2022-10-31 11:13:41 +02:00			`// Redirect to webroot`
			`func addSlashToWebroot(w http.ResponseWriter, r *http.Request) {`
			`http.Redirect(w, r, config.Webroot, http.StatusFound)`
			`}`

Feature: Add REST API Requested feature for integration, see #15 2022-10-07 08:46:39 +02:00			`// Websocket to broadcast changes`
			`func apiWebsocket(w http.ResponseWriter, r *http.Request) {`
			`websockets.ServeWs(websockets.MessageHub, w, r)`
First commit 2022-07-29 13:23:08 +02:00			`}`
Fix: Add basePath to swagger.json if webroot is specified @See #147 2023-07-30 07:35:17 +02:00
			`// Wrapper to artificially inject a basePath to the swagger.json if a webroot has been specified`
			`func swaggerBasePath(w http.ResponseWriter, _ *http.Request) {`
			`f, err := embeddedFS.ReadFile("ui/api/v1/swagger.json")`
			`if err != nil {`
			`panic(err)`
			`}`

			`if config.Webroot != "/" {`
			`// artificially inject a path at the start`
			`replacement := fmt.Sprintf("{\n \"basePath\": \"%s\",", strings.TrimRight(config.Webroot, "/"))`

			`f = bytes.Replace(f, []byte("{"), []byte(replacement), 1)`
			`}`

			`w.Header().Add("Content-Type", "application/json")`
			`_, _ = w.Write(f)`
			`}`