http-smtp-rele 0.1.0

Minimal, secure HTTP-to-SMTP submission relay
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

//! Recipient domain and API key permission policy.
//!
//! This module provides policy lookup helpers used by the validation pipeline.
//! The actual enforcement logic lives in `validation.rs`; this module provides
//! the data structures and query helpers that can be used independently.

use crate::config::{ApiKeyConfig, AppConfig};

/// Look up the API key config by `key_id`.
pub fn find_key<'a>(config: &'a AppConfig, key_id: &str) -> Option<&'a ApiKeyConfig> {
    config.security.api_keys.iter().find(|k| k.id == key_id)
}

/// Return `true` if the given domain is permitted by the global policy.
///
/// An empty `allowed_recipient_domains` list means "allow all domains".
pub fn domain_permitted_globally(config: &AppConfig, domain: &str) -> bool {
    config.mail.allowed_recipient_domains.is_empty()
        || config
            .mail
            .allowed_recipient_domains
            .iter()
            .any(|d| d.eq_ignore_ascii_case(domain))
}

/// Return `true` if the given domain is permitted for the specified API key.
///
/// If the key has no domain restriction (empty list), all domains are allowed
/// (subject to the global policy).
pub fn domain_permitted_for_key(key: &ApiKeyConfig, domain: &str) -> bool {
    key.allowed_recipient_domains.is_empty()
        || key
            .allowed_recipient_domains
            .iter()
            .any(|d| d.eq_ignore_ascii_case(domain))
}