http-smtp-rele 0.8.0

Minimal, secure HTTP-to-SMTP submission relay
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

//! `GET /v1/keys/self` handler.
//!
//! Returns the non-secret configuration of the currently authenticated API key.
//! Allows clients to verify their effective policy without admin access.
//!
//! # Response
//!
//! ```json
//! {
//!   "id": "service-a",
//!   "enabled": true,
//!   "description": "Production service",
//!   "allowed_recipient_domains": ["example.com"],
//!   "allowed_recipients": [],
//!   "rate_limit_per_min": 30,
//!   "burst": 0,
//!   "mask_recipient": null
//! }
//! ```
//!
//! `secret` is never returned.

use std::sync::Arc;

use axum::{extract::State, http::StatusCode, Json};
use serde_json::{json, Value};

use crate::{auth::AuthContext, AppState};

/// GET /v1/keys/self
///
/// Returns the non-secret configuration of the authenticated API key.
pub async fn get_key_self(
    State(state): State<Arc<AppState>>,
    auth: AuthContext,
) -> (StatusCode, Json<Value>) {
    let cfg = state.config();
    let key = cfg.security.api_keys.iter().find(|k| k.id == auth.key_id);

    match key {
        Some(k) => {
            (
                StatusCode::OK,
                Json(json!({
                    "id":                       k.id,
                    "enabled":                  k.enabled,
                    "description":              k.description,
                    "allowed_recipient_domains": k.allowed_recipient_domains,
                    "allowed_recipients":       k.allowed_recipients,
                    "rate_limit_per_min":       k.rate_limit_per_min,
                    "burst":                    k.burst,
                    "mask_recipient":           k.mask_recipient,
                    // Effective rate (for client convenience)
                    "effective_rate_limit_per_min":
                        k.rate_limit_per_min.unwrap_or(cfg.rate_limit.per_key_per_min),
                    "effective_burst":
                        if k.burst > 0 { k.burst }
                        else { cfg.rate_limit.effective_per_key_burst() },
                })),
            )
        }
        None => {
            // Should not happen: auth extractor already validated the key.
            (
                StatusCode::INTERNAL_SERVER_ERROR,
                Json(json!({
                    "status": "error",
                    "code":   "internal_error",
                    "message": "Authenticated key not found in config.",
                })),
            )
        }
    }
}