email-mirror: Remove HTTP interface.

scripts/lib/email-mirror-postfix

@@ -1,169 +0,0 @@
-#!/usr/bin/env python3
-
-"""Postfix implementation of the incoming email gateway's helper for
-forwarding emails into Zulip.
-
-https://zulip.readthedocs.io/en/latest/production/email-gateway.html
-
-The email gateway supports two major modes of operation: An email
-server (using Postfix) where the email address configured in
-EMAIL_GATEWAY_PATTERN delivers emails directly to Zulip (this) or a
-cron job that connects to an IMAP inbox (which receives the emails)
-periodically.
-
-Zulip's Puppet configuration takes care of configuring Postfix to
-execute this script when emails are received by Postfix, piping the
-email content via standard input (and the destination email address in
-the ORIGINAL_RECIPIENT environment variable).
-
-In Postfix, you can express that via an /etc/aliases entry like this:
- |/home/zulip/deployments/current/scripts/lib/email-mirror-postfix -r ${original_recipient}
-
-To manage DoS issues, this script does very little work (just sending
-an HTTP request to queue the message for processing) to avoid
-importing expensive libraries.
-
-Also you can use optional keys to configure the script and change default values:
-
--s SHARED_SECRET    For adding shared secret key if it is not contained in
-                    "/etc/zulip/zulip-secrets.conf".  This key is used to authenticate
-                    the HTTP requests made by this tool.
-
--d HOST             Destination Zulip host for email uploading. Address must contain type of
-                    HTTP protocol, e.g. "https://example.com". Default value: "https://127.0.0.1".
-
--u URL             Destination relative for email uploading. Default value: "/api/internal/email_mirror_message".
-
--n                  Disable checking ssl certificate. This option is used for
-                    self-signed certificates. Default value: False.
-
--t                  Disable sending request to the Zulip server. Default value: False.
-"""
-
-import argparse
-import base64
-import json
-import os
-import posix
-import ssl
-import sys
-from configparser import RawConfigParser
-from typing import NoReturn
-from urllib.error import HTTPError
-from urllib.parse import urlencode, urljoin, urlsplit
-from urllib.request import Request, urlopen
-
-sys.path.append(os.path.join(os.path.dirname(__file__), "..", ".."))
-from scripts.lib.zulip_tools import get_config, get_config_file
-
-parser = argparse.ArgumentParser()
-
-parser.add_argument("-r", "--recipient", default="", help="Original recipient.")
-
-parser.add_argument("-s", "--shared-secret", default="", help="Secret access key.")
-
-parser.add_argument(
-    "-d",
-    "--dst-host",
-    dest="host",
-    default="127.0.0.1",
-    help="Destination server address for uploading email from email mirror. "
-    "Address must contain an HTTP protocol. Otherwise, default value is assumed "
-    "based on the http_only setting.",
-)
-
-parser.add_argument(
-    "-u",
-    "--dst-url",
-    dest="url",
-    default="/api/internal/email_mirror_message",
-    help="Destination relative URL for uploading email from email mirror.",
-)
-
-parser.add_argument(
-    "-n",
-    "--not-verify-ssl",
-    dest="verify_ssl",
-    action="store_false",
-    help="Disable ssl certificate verifying for self-signed certificates",
-)
-
-parser.add_argument("-t", "--test", action="store_true", help="Test mode.")
-
-options = parser.parse_args()
-
-MAX_ALLOWED_PAYLOAD = 25 * 1024 * 1024
-
-
-def process_response_error(e: HTTPError) -> NoReturn:
-    if e.code == 400:
-        response_content = e.read()
-        response_data = json.loads(response_content)
-        print(response_data["msg"])
-        sys.exit(posix.EX_NOUSER)
-    else:
-        print("4.4.2 Connection dropped: Internal server error.")
-        sys.exit(1)
-
-
-def send_email_mirror(
-    rcpt_to: str,
-    shared_secret: str,
-    host: str,
-    url: str,
-    test: bool,
-    verify_ssl: bool,
-) -> None:
-    if not rcpt_to:
-        print("5.1.1 Bad destination mailbox address: No missed message email address.")
-        sys.exit(posix.EX_NOUSER)
-    msg_bytes = sys.stdin.buffer.read(MAX_ALLOWED_PAYLOAD + 1)
-    if len(msg_bytes) > MAX_ALLOWED_PAYLOAD:
-        # We're not at EOF, reject large mail.
-        print("5.3.4 Message too big for system: Max size is 25MiB")
-        sys.exit(posix.EX_DATAERR)
-
-    secrets_file = RawConfigParser()
-    secrets_file.read("/etc/zulip/zulip-secrets.conf")
-    if not shared_secret:
-        shared_secret = secrets_file.get("secrets", "shared_secret")
-
-    if test:
-        return
-
-    if not urlsplit(host).scheme:
-        config_file = get_config_file()
-        http_only = get_config(config_file, "application_server", "http_only", False)
-        scheme = "http://" if http_only else "https://"
-        host = scheme + host
-
-    if host == "https://127.0.0.1":
-        # Don't try to verify SSL when posting to 127.0.0.1; it won't
-        # work, and connections to 127.0.0.1 are secure without SSL.
-        verify_ssl = False
-
-    # Because this script is run from postfix, it does not have any
-    # http proxy environment variables set which might interfere with
-    # access to localhost.
-
-    context = None
-    if not verify_ssl:
-        context = ssl.create_default_context()
-        context.check_hostname = False
-        context.verify_mode = ssl.CERT_NONE
-    data = {
-        "rcpt_to": rcpt_to,
-        "msg_base64": base64.b64encode(msg_bytes).decode(),
-        "secret": shared_secret,
-    }
-    req = Request(url=urljoin(host, url), data=urlencode(data).encode())
-    try:
-        urlopen(req, context=context)
-    except HTTPError as err:
-        process_response_error(err)
-
-
-recipient = str(os.environ.get("ORIGINAL_RECIPIENT", options.recipient))
-send_email_mirror(
-    recipient, options.shared_secret, options.host, options.url, options.test, options.verify_ssl
-)