http-smtp-rele 0.1.0

Minimal, secure HTTP-to-SMTP submission relay
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

//! `POST /v1/send` handler.
//!
//! Thin handler: delegates all business logic to domain modules.
//! Authentication, validation, mail construction, and SMTP submission
//! are each handled by their own module.

use std::sync::Arc;

use axum::{extract::State, http::StatusCode, Json};
use serde_json::{json, Value};

use crate::{
    auth::AuthContext,
    error::AppError,
    mail, smtp, validation,
    AppState,
};

// Request DTO is defined in validation.rs; re-export here for handler use.
pub use crate::validation::MailRequest;

/// Mail submission handler.
///
/// Processing pipeline (RFC 040, 050, 060–062, 070–072):
/// 1. Rate limit: global and IP limits run as Tower middleware before this handler.
/// 2. Auth: `AuthContext` extractor enforces authentication.
/// 3. Rate limit: per-key limit checked here, after auth.
/// 4. Validate and sanitize request fields.
/// 5. Build lettre Message.
/// 6. Submit to SMTP.
/// 7. Return 202 Accepted.
pub async fn send_mail(
    State(state): State<Arc<AppState>>,
    auth: AuthContext,
    Json(payload): Json<MailRequest>,
) -> Result<(StatusCode, Json<Value>), AppError> {
    // 3. Per-key rate limit (after auth so we know key_id and per-key config).
    state
        .rate_limiter
        .check_key(&auth.key_id, auth.key_rate_limit_per_min)
        .map_err(|e| {
            tracing::warn!(
                event = "rate_limited",
                tier = "key",
                key_id = %auth.key_id,
                retry_after = e.retry_after_secs,
            );
            AppError::RateLimited {
                retry_after_secs: Some(e.retry_after_secs),
            }
        })?;

    // 4. Validate and sanitize.
    let validated = validation::validate_mail_request(payload, &state.config, &auth)
        .map_err(|e| {
            tracing::warn!(
                event = "validation_failure",
                key_id = %auth.key_id,
                client_ip = %auth.client_ip,
                error = %e,
            );
            e
        })?;

    // 5. Build mail message.
    let message = mail::build_message(&validated, &state.config)?;

    // 6. Submit to SMTP.
    let recipient_domain = validated
        .to
        .split('@')
        .nth(1)
        .unwrap_or("unknown");

    smtp::submit(&state.smtp, message, state.config.smtp.submission_timeout_seconds)
        .await
        .map_err(|e| {
            tracing::error!(
                event = "smtp_failure",
                key_id = %auth.key_id,
                client_ip = %auth.client_ip,
                recipient_domain = recipient_domain,
                error = %e,
            );
            e
        })?;

    tracing::info!(
        event = "smtp_submitted",
        key_id = %auth.key_id,
        recipient_domain = recipient_domain,
    );

    // 7. Return 202 Accepted.
    let request_id = uuid::Uuid::new_v4().to_string();
    Ok((
        StatusCode::ACCEPTED,
        Json(json!({
            "request_id": request_id,
            "status": "accepted",
        })),
    ))
}