mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-07-01 00:05:43 +08:00
bf59eb77cc
## Summary Implements **chunk 1** of #15282 — the four `/api/v1/auth/password/...` endpoints from the login-page Go port. **Chunk 2 (OAuth/OIDC) is deferred** to its own subtask, matching the issue author's own confidence-low recommendation ("multi-provider, stateful redirect flow with external dependencies; recommend its own subtask"). New endpoints, all registered under `apiNoAuth` (forgot-password users are unauthenticated by definition): | Method | Path | Status | |--------|------|--------| | `POST` | `/api/v1/auth/password/forgot/captcha` | new | | `POST` | `/api/v1/auth/password/forgot/otp` | new | | `POST` | `/api/v1/auth/password/forgot/otp/verify` | new | | `POST` | `/api/v1/auth/password/reset` | new | ## Wire compatibility with the Python backend The two backends share state through Redis, so the Go port had to use identical keys, encodings, and constants. Either backend can now validate a code the other minted. - **Redis keys**: `captcha:<email>`, `otp:<email>`, `otp_attempts:<email>`, `otp_last_sent:<email>`, `otp_lock:<email>`, `otp:verified:<email>` — same as `api/utils/web_utils.py`. - **Stored OTP value**: `"<hex_hash>:<hex_salt>"` — same as Python. - **Hash**: HMAC-SHA256 with a `crypto/rand` 16-byte salt — same as `hash_code()`. - **Constants**: `OTP_LENGTH=4`, `OTP_TTL=5min`, `ATTEMPT_LIMIT=5`, `ATTEMPT_LOCK_SECONDS=30min`, `RESEND_COOLDOWN_SECONDS=60s` — all match `api/utils/web_utils.py`. - **Email body**: matches `RESET_CODE_EMAIL_TMPL` byte-for-byte. ## Files ### New | File | Purpose | |---|---| | `internal/utility/otp.go` | OTP/captcha constants, Redis key builders (`CaptchaRedisKey`, `OTPRedisKeys`, `OTPVerifiedRedisKey`), `HashOTPCode`, `GenerateOTPCode` / `GenerateCaptchaCode` / `GenerateOTPSalt` via `crypto/rand`, and `EncodeOTPStorageValue` / `DecodeOTPStorageValue` matching Python's storage shape. | | `internal/utility/smtp.go` | Minimal stdlib `net/smtp` sender. `SendResetCodeEmail(to, otp, ttlMin)` builds an RFC 5322 plain-text message and dispatches via implicit TLS / STARTTLS / plain — same selectors as Python `aiosmtplib`. Returns `SMTPNotConfiguredError` if the config block is empty. | ### Modified | File | Change | |---|---| | `internal/server/config.go` | New `SMTPConfig` struct + `Config.SMTP` field. Field names mirror the `smtp:` keys in `common/settings.py` (`mail_server`, `mail_port`, `mail_use_ssl`, `mail_use_tls`, `mail_username`, `mail_password`, `mail_from_name`, `mail_from_address`, `mail_frontend_url`) so a single `conf/service_conf.yaml` powers both backends. | | `internal/service/user.go` | Four methods — `ForgotIssueCaptcha`, `ForgotSendOTP`, `ForgotVerifyOTP`, `ForgotResetPassword`. Reuses the existing `decryptPassword`, `HashPassword`, `userDAO.Update`, and `utility.GenerateToken` so the reset+auto-login path is identical to `LoginByEmail`. | | `internal/handler/user.go` | Four handlers in the same `c.JSON` shape as `LoginByEmail`. The reset handler rotates the access token and emits an `Authorization` header for auto-login (matches Python `construct_response(auth=user.get_id())`). | | `internal/router/router.go` | Routes registered under `apiNoAuth`, with an explanatory comment on why they sit outside the auth middleware. | ## Known divergence — captcha rendering The Python endpoint returns a rendered `image/JPEG` from the `python-captcha` library. The Go side has **no image-captcha dependency vendored** in `go.mod`, and hand-rolling a raster generator was out of scope for this PR. This commit returns JSON `{captcha: "<text>"}` instead. Implications: - **Backend gate is identical** — the OTP step still verifies the user-submitted captcha string against the Redis value, so the security model is unchanged. - **Frontend impact**: the password-reset page rendering needs a small tweak (text display instead of `<img>`) until a Go captcha library is wired in. - The handler comments call this out explicitly so the next PR knows what to swap. Possible follow-ups (any one closes the gap): 1. Add `github.com/mojocn/base64Captcha` or `github.com/dchest/captcha` to `go.mod` and replace the JSON response with an `image/JPEG`. 2. Hand-roll a 5x7 bitmap font + `image/png` writer using only the stdlib. 3. Render a server-side SVG (cheap, but trivially OCR-able — only useful as a UI shim). ## Test plan - [ ] **Captcha**: `POST /api/v1/auth/password/forgot/captcha?email=<existing>` returns `{code: 0, data: {captcha: "ABCD"}}`. Redis shows `captcha:<email>` with that value and ~60s TTL. Unknown email returns `code: CodeDataError`. - [ ] **OTP send**: `POST /api/v1/auth/password/forgot/otp` with the right captcha mints an OTP, stores `<hash>:<salt>` under `otp:<email>` for 5 min, sends an email, returns success. With a wrong captcha returns `CodeAuthenticationError`. Hitting it again within 60s returns "you still have to wait …" with `CodeNotEffective`. - [ ] **OTP verify**: correct OTP → `code: 0`, OTP keys cleared, `otp:verified:<email>` = `"1"`. Wrong OTP → `code: CodeAuthenticationError`, attempt counter bumped; after 5 wrong tries `otp_lock:<email>` is set and further attempts hit `CodeNotEffective`. - [ ] **Reset**: with the verified flag set, supply a new password (RSA-encrypted+base64, same as `LoginByEmail`). Returns `code: 0`, `Authorization` header set, verified flag deleted. Without the verified flag returns `CodeAuthenticationError`. - [ ] **Wire-compat smoke**: mint an OTP from the Python backend, verify it via the Go endpoint, and vice versa. Should both succeed. - [ ] **SMTP misconfigured**: drop `smtp.mail_server` from `conf/service_conf.yaml`. The OTP-send endpoint should now return "failed to send email" without panicking; check the log for the `SMTPNotConfiguredError` warning. - [ ] **End-to-end FE**: hit the password-reset flow from `web/src/pages/login-next/`. Confirm the text-captcha shim works after the FE tweak. - [ ] `go build ./...` and `go vet ./...` — I could not run these in the sandbox; please confirm a clean build before merging. - [ ] `uv run pytest` to confirm no Python regressions (shared Redis schema). ### Type of change - [x] New Feature (non-breaking change which adds functionality)
203 lines
6.1 KiB
Go
203 lines
6.1 KiB
Go
//
|
|
// Copyright 2026 The InfiniFlow Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
// Minimal SMTP sender for transactional email (forgot-password OTP, etc).
|
|
// Mirrors api/utils/web_utils.py:send_email_html on the Python side and
|
|
// uses the same conf/service_conf.yaml `smtp` block so a single config
|
|
// powers both backends.
|
|
//
|
|
// The config is passed in as a parameter rather than read via
|
|
// server.GetConfig() — internal/server already imports internal/utility
|
|
// (via variable.go), so importing server from here would close an
|
|
// import cycle. The SMTPConfig type lives in internal/common for the
|
|
// same reason.
|
|
package utility
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"net/smtp"
|
|
"strings"
|
|
|
|
"ragflow/internal/common"
|
|
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// SMTPNotConfiguredError is returned when an SMTP send is attempted but the
|
|
// active config has no mail server. Lets the caller distinguish a config
|
|
// problem from a transient delivery failure.
|
|
type SMTPNotConfiguredError struct{}
|
|
|
|
func (SMTPNotConfiguredError) Error() string {
|
|
return "smtp is not configured"
|
|
}
|
|
|
|
// SMTPInsecureAuthError is returned when authentication is requested over
|
|
// an unencrypted SMTP connection (neither MailUseSSL nor MailUseTLS set).
|
|
// Sending credentials in the clear is refused on principle.
|
|
type SMTPInsecureAuthError struct{}
|
|
|
|
func (SMTPInsecureAuthError) Error() string {
|
|
return "smtp authentication refused over plaintext connection (set mail_use_ssl or mail_use_tls)"
|
|
}
|
|
|
|
// SendResetCodeEmail delivers the password-reset OTP email. It is the Go
|
|
// analogue of:
|
|
//
|
|
// await send_email_html(
|
|
// subject="Your Password Reset Code",
|
|
// to_email=email,
|
|
// template_key="reset_code",
|
|
// code=otp,
|
|
// ttl_min=ttl_min,
|
|
// )
|
|
//
|
|
// — same subject, same plaintext body shape (see RESET_CODE_EMAIL_TMPL in
|
|
// api/utils/email_templates.py).
|
|
func SendResetCodeEmail(cfg common.SMTPConfig, toEmail, otp string, ttlMinutes int) error {
|
|
if cfg.MailServer == "" || cfg.MailPort == 0 {
|
|
return SMTPNotConfiguredError{}
|
|
}
|
|
|
|
subject := "Your Password Reset Code"
|
|
body := fmt.Sprintf(
|
|
"Hello,\nYour password reset code is: %s\nThis code will expire in %d minutes.\n",
|
|
otp, ttlMinutes,
|
|
)
|
|
|
|
fromAddr := cfg.MailFromAddress
|
|
if fromAddr == "" {
|
|
fromAddr = cfg.MailUsername
|
|
}
|
|
fromName := cfg.MailFromName
|
|
if fromName == "" {
|
|
fromName = "RAGFlow"
|
|
}
|
|
fromHeader := fmt.Sprintf("%s <%s>", fromName, fromAddr)
|
|
|
|
msg := buildPlainEmail(fromHeader, toEmail, subject, body)
|
|
if err := sendMail(cfg, fromAddr, toEmail, msg); err != nil {
|
|
common.Warn("smtp send failed",
|
|
zap.String("to", toEmail),
|
|
zap.String("server", cfg.MailServer),
|
|
zap.Int("port", cfg.MailPort),
|
|
zap.Error(err),
|
|
)
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// buildPlainEmail composes an RFC 5322 plain-text message. CRLF line
|
|
// endings are required by the SMTP DATA spec.
|
|
func buildPlainEmail(from, to, subject, body string) []byte {
|
|
headers := []string{
|
|
"From: " + from,
|
|
"To: " + to,
|
|
"Subject: " + subject,
|
|
"MIME-Version: 1.0",
|
|
"Content-Type: text/plain; charset=utf-8",
|
|
"Content-Transfer-Encoding: 8bit",
|
|
}
|
|
return []byte(strings.Join(headers, "\r\n") + "\r\n\r\n" + body)
|
|
}
|
|
|
|
// sendMail dispatches the message over implicit TLS, STARTTLS, or plain
|
|
// — matching how the Python aiosmtplib client is configured by the
|
|
// `mail_use_ssl` / `mail_use_tls` flags.
|
|
//
|
|
// Authentication is only attempted over an encrypted session. If the
|
|
// caller asks for auth (MailUsername set) on a plaintext connection,
|
|
// SMTPInsecureAuthError is returned before any credential is written.
|
|
func sendMail(cfg common.SMTPConfig, from, to string, msg []byte) error {
|
|
if cfg.MailUsername != "" && !cfg.MailUseSSL && !cfg.MailUseTLS {
|
|
return SMTPInsecureAuthError{}
|
|
}
|
|
|
|
addr := net.JoinHostPort(cfg.MailServer, fmt.Sprintf("%d", cfg.MailPort))
|
|
auth := smtp.PlainAuth("", cfg.MailUsername, cfg.MailPassword, cfg.MailServer)
|
|
|
|
if cfg.MailUseSSL {
|
|
// Implicit TLS (typical port 465). Dial TLS first, then SMTP.
|
|
tlsCfg := &tls.Config{
|
|
ServerName: cfg.MailServer,
|
|
MinVersion: tls.VersionTLS12,
|
|
}
|
|
conn, err := tls.Dial("tcp", addr, tlsCfg)
|
|
if err != nil {
|
|
return fmt.Errorf("smtp tls dial: %w", err)
|
|
}
|
|
client, err := smtp.NewClient(conn, cfg.MailServer)
|
|
if err != nil {
|
|
conn.Close()
|
|
return fmt.Errorf("smtp client init: %w", err)
|
|
}
|
|
defer client.Quit()
|
|
if cfg.MailUsername != "" {
|
|
if err := client.Auth(auth); err != nil {
|
|
return fmt.Errorf("smtp auth: %w", err)
|
|
}
|
|
}
|
|
return deliverMail(client, from, to, msg)
|
|
}
|
|
|
|
// STARTTLS (typical port 587) or plain (auth refused above).
|
|
client, err := smtp.Dial(addr)
|
|
if err != nil {
|
|
return fmt.Errorf("smtp dial: %w", err)
|
|
}
|
|
defer client.Quit()
|
|
if cfg.MailUseTLS {
|
|
tlsCfg := &tls.Config{
|
|
ServerName: cfg.MailServer,
|
|
MinVersion: tls.VersionTLS12,
|
|
}
|
|
if err := client.StartTLS(tlsCfg); err != nil {
|
|
return fmt.Errorf("smtp starttls: %w", err)
|
|
}
|
|
if cfg.MailUsername != "" {
|
|
if err := client.Auth(auth); err != nil {
|
|
return fmt.Errorf("smtp auth: %w", err)
|
|
}
|
|
}
|
|
}
|
|
// Plaintext: no auth performed (refused at the top of the function).
|
|
return deliverMail(client, from, to, msg)
|
|
}
|
|
|
|
func deliverMail(client *smtp.Client, from, to string, msg []byte) error {
|
|
if err := client.Mail(from); err != nil {
|
|
return fmt.Errorf("smtp mail-from: %w", err)
|
|
}
|
|
if err := client.Rcpt(to); err != nil {
|
|
return fmt.Errorf("smtp rcpt-to: %w", err)
|
|
}
|
|
w, err := client.Data()
|
|
if err != nil {
|
|
return fmt.Errorf("smtp data: %w", err)
|
|
}
|
|
if _, err := w.Write(msg); err != nil {
|
|
w.Close()
|
|
return fmt.Errorf("smtp write: %w", err)
|
|
}
|
|
if err := w.Close(); err != nil {
|
|
return fmt.Errorf("smtp close: %w", err)
|
|
}
|
|
return nil
|
|
}
|