phundrak/bakit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(SMTP): disallow unencrypted SMTP with credentials

Browse Source
This commit is contained in:
Lucien Cartier-Tilet
2026-06-01 23:18:45 +02:00
parent b923f3bdb0
commit afd399b84f
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/startup.rs
+13
View File
@@ -10,6 +10,7 @@ use poem::middleware::{AddDataEndpoint, Cors, CorsEndpoint};
use poem::{EndpointExt, Route}; use poem::{EndpointExt, Route};
use poem_openapi::OpenApiService; use poem_openapi::OpenApiService;
use crate::settings::Starttls;
use crate::{ use crate::{
middleware::rate_limit::{RateLimit, RateLimitConfig}, middleware::rate_limit::{RateLimit, RateLimitConfig},
route::Api, route::Api,
@@ -93,6 +94,7 @@ impl From<Application> for RunnableApplication {
impl Application { impl Application {
fn setup_app(settings: &Settings) -> poem::Route { fn setup_app(settings: &Settings) -> poem::Route {
Self::prevent_unencrypted_smtp_with_credentials(settings);
let api_service = OpenApiService::new( let api_service = OpenApiService::new(
Api::from(settings).apis(), Api::from(settings).apis(),
settings.application.clone().name, settings.application.clone().name,
@@ -109,6 +111,17 @@ impl Application {
route route
} }
fn prevent_unencrypted_smtp_with_credentials(settings: &Settings) {
if !settings.email.tls
&& settings.email.starttls == Starttls::Never
&& !settings.email.user.is_empty()
&& settings.email.host != "localhost"
&& settings.email.host != "127.0.0.1"
{
panic!("Refusing to send SMTP credentials over cleartext to non-local host");
}
}
fn setup_server( fn setup_server(
settings: &Settings, settings: &Settings,
tcp_listener: Option<poem::listener::TcpListener<String>>, tcp_listener: Option<poem::listener::TcpListener<String>>,