feat: mail service

2026-04-17 18:39:16 +02:00
parent 23ffcb7535
commit 5b7593e6f6
183 changed files with 31215 additions and 248 deletions
@@ -0,0 +1,262 @@
+package app
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"io"
+	"log/slog"
+	"math/big"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	smtpadapter "galaxy/mail/internal/adapters/smtp"
+	"galaxy/mail/internal/config"
+	"galaxy/mail/internal/ports"
+
+	"github.com/stretchr/testify/require"
+	testcontainers "github.com/testcontainers/testcontainers-go"
+	rediscontainer "github.com/testcontainers/testcontainers-go/modules/redis"
+	"github.com/testcontainers/testcontainers-go/wait"
+)
+
+const (
+	realRuntimeSmokeEnv     = "MAIL_REAL_RUNTIME_SMOKE"
+	realRuntimeRedisImage   = "redis:7"
+	realRuntimeMailpitImage = "axllent/mailpit:v1.28.2"
+	realRuntimeMailpitCert  = "/tmp/mailpit/server.crt"
+	realRuntimeMailpitKey   = "/tmp/mailpit/server.key"
+)
+
+func TestRealRuntimeCompatibility(t *testing.T) {
+	if os.Getenv(realRuntimeSmokeEnv) != "1" {
+		t.Skipf("set %s=1 to run the real runtime smoke suite", realRuntimeSmokeEnv)
+	}
+
+	ctx := context.Background()
+
+	redisContainer, err := rediscontainer.Run(ctx, realRuntimeRedisImage)
+	require.NoError(t, err)
+	testcontainers.CleanupContainer(t, redisContainer)
+
+	redisAddr, err := redisContainer.Endpoint(ctx, "")
+	require.NoError(t, err)
+
+	certFiles := writeMailpitTLSFiles(t)
+	mailpitContainer, err := testcontainers.Run(
+		ctx,
+		realRuntimeMailpitImage,
+		testcontainers.WithExposedPorts("1025/tcp", "8025/tcp"),
+		testcontainers.WithFiles(
+			testcontainers.ContainerFile{
+				HostFilePath:      certFiles.certPath,
+				ContainerFilePath: realRuntimeMailpitCert,
+				FileMode:          0o644,
+			},
+			testcontainers.ContainerFile{
+				HostFilePath:      certFiles.keyPath,
+				ContainerFilePath: realRuntimeMailpitKey,
+				FileMode:          0o600,
+			},
+		),
+		testcontainers.WithEnv(map[string]string{
+			"MP_SMTP_TLS_CERT":         realRuntimeMailpitCert,
+			"MP_SMTP_TLS_KEY":          realRuntimeMailpitKey,
+			"MP_SMTP_REQUIRE_STARTTLS": "true",
+		}),
+		testcontainers.WithWaitStrategy(
+			wait.ForAll(
+				wait.ForListeningPort("1025/tcp"),
+				wait.ForListeningPort("8025/tcp"),
+			).WithDeadline(30*time.Second),
+		),
+	)
+	require.NoError(t, err)
+	testcontainers.CleanupContainer(t, mailpitContainer)
+
+	smtpAddr, err := mailpitContainer.PortEndpoint(ctx, "1025/tcp", "")
+	require.NoError(t, err)
+	mailpitHTTPBaseURL, err := mailpitContainer.PortEndpoint(ctx, "8025/tcp", "http")
+	require.NoError(t, err)
+
+	cfg := config.DefaultConfig()
+	cfg.Redis.Addr = redisAddr
+	cfg.Templates.Dir = writeRuntimeTemplates(t)
+	cfg.InternalHTTP.Addr = mustFreeAddr(t)
+	cfg.ShutdownTimeout = time.Second
+	cfg.StreamBlockTimeout = 100 * time.Millisecond
+	cfg.AttemptWorkerConcurrency = 1
+	cfg.OperatorRequestTimeout = time.Second
+	cfg.SMTP.Mode = config.SMTPModeSMTP
+	cfg.SMTP.Addr = smtpAddr
+	cfg.SMTP.FromEmail = "noreply@example.com"
+	cfg.SMTP.Timeout = 2 * time.Second
+
+	instance := startSmokeRuntime(t, cfg, runtimeDependencies{
+		providerFactory: func(cfg config.SMTPConfig, _ *slog.Logger) (ports.Provider, error) {
+			return smtpadapter.New(smtpadapter.Config{
+				Addr:      cfg.Addr,
+				FromEmail: cfg.FromEmail,
+				FromName:  cfg.FromName,
+				Timeout:   cfg.Timeout,
+				TLSConfig: certFiles.clientTLSConfig,
+			})
+		},
+		schedulerPoll: 25 * time.Millisecond,
+	})
+
+	response := postLoginCodeDelivery(t, instance.baseURL, loginCodeDeliveryRequest{
+		idempotencyKey: "real-runtime-smoke",
+		email:          "pilot@example.com",
+		code:           "246810",
+		locale:         "fr-FR",
+	})
+	require.Equal(t, "sent", string(response.Outcome))
+
+	list := eventuallyListDeliveries(t, instance.baseURL, url.Values{
+		"source":          []string{"authsession"},
+		"idempotency_key": []string{"real-runtime-smoke"},
+	})
+	require.Len(t, list.Items, 1)
+
+	detail := eventuallyDeliveryStatus(t, instance.baseURL, list.Items[0].DeliveryID, "sent")
+	require.Equal(t, "authsession", detail.Source)
+	require.Equal(t, "auth.login_code", detail.TemplateID)
+	require.Equal(t, "fr-FR", detail.Locale)
+	require.True(t, detail.LocaleFallbackUsed)
+	require.Equal(t, []string{"pilot@example.com"}, detail.To)
+
+	attempts := getDeliveryAttempts(t, instance.baseURL, detail.DeliveryID)
+	require.Len(t, attempts.Items, 1)
+	require.Equal(t, "provider_accepted", attempts.Items[0].Status)
+
+	messageText := waitForMailpitLatestText(t, mailpitHTTPBaseURL)
+	require.Contains(t, messageText, "246810")
+}
+
+type smokeTLSFiles struct {
+	certPath        string
+	keyPath         string
+	clientTLSConfig *tls.Config
+}
+
+func writeMailpitTLSFiles(t *testing.T) smokeTLSFiles {
+	t.Helper()
+
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err)
+
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName: "localhost",
+		},
+		NotBefore:             time.Now().Add(-time.Hour),
+		NotAfter:              time.Now().Add(time.Hour),
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+		DNSNames:              []string{"localhost"},
+		IPAddresses:           []net.IP{net.ParseIP("127.0.0.1")},
+	}
+
+	der, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
+	require.NoError(t, err)
+
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der})
+	keyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
+	})
+
+	root := t.TempDir()
+	certPath := filepath.Join(root, "server.crt")
+	keyPath := filepath.Join(root, "server.key")
+	require.NoError(t, os.WriteFile(certPath, certPEM, 0o644))
+	require.NoError(t, os.WriteFile(keyPath, keyPEM, 0o600))
+
+	rootCAs := x509.NewCertPool()
+	require.True(t, rootCAs.AppendCertsFromPEM(certPEM))
+
+	return smokeTLSFiles{
+		certPath: certPath,
+		keyPath:  keyPath,
+		clientTLSConfig: &tls.Config{
+			MinVersion: tls.VersionTLS12,
+			RootCAs:    rootCAs,
+			ServerName: "localhost",
+		},
+	}
+}
+
+func startSmokeRuntime(t *testing.T, cfg config.Config, deps runtimeDependencies) *runtimeInstance {
+	t.Helper()
+
+	runtime, err := newRuntime(context.Background(), cfg, testLogger(), deps)
+	require.NoError(t, err)
+
+	instance := &runtimeInstance{
+		baseURL: "http://" + cfg.InternalHTTP.Addr,
+		runtime: runtime,
+		done:    make(chan error, 1),
+	}
+
+	runCtx, cancel := context.WithCancel(context.Background())
+	instance.cancel = cancel
+	go func() {
+		instance.done <- runtime.Run(runCtx)
+	}()
+
+	waitForRuntimeReady(t, instance.baseURL)
+	t.Cleanup(func() {
+		instance.stop(t)
+	})
+
+	return instance
+}
+
+func waitForMailpitLatestText(t *testing.T, baseURL string) string {
+	t.Helper()
+
+	client := &http.Client{
+		Timeout: 500 * time.Millisecond,
+		Transport: &http.Transport{
+			DisableKeepAlives: true,
+		},
+	}
+	t.Cleanup(client.CloseIdleConnections)
+
+	var payload string
+	require.Eventually(t, func() bool {
+		request, err := http.NewRequest(http.MethodGet, baseURL+"/view/latest.txt", nil)
+		require.NoError(t, err)
+
+		response, err := client.Do(request)
+		if err != nil {
+			return false
+		}
+		defer response.Body.Close()
+
+		body, err := io.ReadAll(response.Body)
+		require.NoError(t, err)
+
+		if response.StatusCode != http.StatusOK {
+			return false
+		}
+
+		payload = string(body)
+		return strings.TrimSpace(payload) != ""
+	}, 20*time.Second, 100*time.Millisecond)
+
+	return payload
+}