postfix_log_parser/utils/

common_fields.rs

//! Postfix公共字段解析器
//!
//! 基于Postfix源码分析，提取高频公共字段的统一解析方法。
//! 这个模块解决了多个组件中重复的字段解析逻辑，提供了性能优化的统一实现。

use lazy_static::lazy_static;
use regex::Regex;
use serde::{Deserialize, Serialize};

lazy_static! {
    // === 邮件地址字段 (基于Postfix src/cleanup/cleanup_envelope.c) ===
    /// 发件人地址提取: from=<address> 或 from=<>（空地址）
    pub static ref FROM_EMAIL_REGEX: Regex = Regex::new(r"from=<([^>]*)>").unwrap();

    /// 收件人地址提取: to=<address>
    pub static ref TO_EMAIL_REGEX: Regex = Regex::new(r"to=<([^>]+)>").unwrap();

    /// 原始收件人地址: orig_to=<address> (aliases/forwards处理前)
    pub static ref ORIG_TO_EMAIL_REGEX: Regex = Regex::new(r"orig_to=<([^>]+)>").unwrap();

    // === 客户端信息字段 (基于Postfix src/smtpd/smtpd.c) ===
    /// 客户端连接信息: client=hostname[ip]:port 或 client=hostname[ip]
    pub static ref CLIENT_INFO_REGEX: Regex = Regex::new(r"client=([^\[]+)\[([^\]]+)\](?::(\d+))?").unwrap();

    /// 客户端信息（简化）: hostname[ip]:port 格式 (用于cleanup等组件)
    pub static ref CLIENT_SIMPLE_REGEX: Regex = Regex::new(r"([^\[]+)\[([^\]]+)\](?::(\d+))?").unwrap();

    // === 中继信息字段 (基于Postfix src/smtp/smtp_deliver.c) ===
    /// 中继主机信息: relay=hostname[ip]:port 或 relay=hostname 或 relay=none
    pub static ref RELAY_INFO_REGEX: Regex = Regex::new(r"relay=([^,\[\]]+)(?:\[([^\]]+)\])?(?::(\d+))?").unwrap();

    // === 性能和状态字段 (基于Postfix src/global/deliver_*.c) ===
    /// 延迟时间: delay=seconds (可以是小数)
    pub static ref DELAY_REGEX: Regex = Regex::new(r"delay=([\d.]+)").unwrap();

    /// 详细延迟: delays=a/b/c/d (qmgr/smtp/connection/delivery)
    pub static ref DELAYS_REGEX: Regex = Regex::new(r"delays=([\d./]+)").unwrap();

    /// DSN状态码: dsn=x.y.z
    pub static ref DSN_REGEX: Regex = Regex::new(r"dsn=([\d.]+)").unwrap();

    /// 投递状态: status=sent/bounced/deferred/...
    pub static ref STATUS_REGEX: Regex = Regex::new(r"status=(\w+)").unwrap();

    // === 邮件属性字段 (基于Postfix src/cleanup/cleanup_message.c) ===
    /// 邮件大小: size=bytes
    pub static ref SIZE_REGEX: Regex = Regex::new(r"size=(\d+)").unwrap();

    /// 收件人数量: nrcpt=count
    pub static ref NRCPT_REGEX: Regex = Regex::new(r"nrcpt=(\d+)").unwrap();

    /// Message-ID: message-id=<id> 或 message-id=id (带或不带尖括号)
    pub static ref MESSAGE_ID_REGEX: Regex = Regex::new(r"message-id=(?:<([^>]+)>|([^,\s]+))").unwrap();

    // === 协议和认证字段 (基于Postfix src/smtpd/smtpd_sasl_*.c) ===
    /// 协议版本: proto=SMTP/ESMTP
    pub static ref PROTO_REGEX: Regex = Regex::new(r"proto=(\w+)").unwrap();

    /// HELO/EHLO信息: helo=<hostname>
    pub static ref HELO_REGEX: Regex = Regex::new(r"helo=<([^>]+)>").unwrap();

    /// SASL认证方法: sasl_method=PLAIN/LOGIN/...
    pub static ref SASL_METHOD_REGEX: Regex = Regex::new(r"sasl_method=(\w+)").unwrap();

    /// SASL用户名: sasl_username=user
    pub static ref SASL_USERNAME_REGEX: Regex = Regex::new(r"sasl_username=([^,\s]+)").unwrap();
}

/// 邮件地址信息结构体
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct EmailAddress {
    /// 邮件地址
    pub address: String,
    /// 是否为空地址（如bounce邮件的from=<>）
    pub is_empty: bool,
}

/// 客户端连接信息结构体
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct ClientInfo {
    /// 客户端主机名
    pub hostname: String,
    /// 客户端IP地址
    pub ip: String,
    /// 客户端端口（如果有）
    pub port: Option<u16>,
}

/// 中继主机信息结构体
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct RelayInfo {
    /// 中继主机名
    pub hostname: String,
    /// 中继IP地址（如果有）
    pub ip: Option<String>,
    /// 中继端口（如果有）
    pub port: Option<u16>,
    /// 是否为"none"（本地处理）
    pub is_none: bool,
}

/// 延迟时间详情结构体
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DelayInfo {
    /// 总延迟（秒）
    pub total: f64,
    /// 详细延迟分解：[qmgr, smtp_connect, network, smtp_data]
    pub breakdown: Option<[f64; 4]>,
}

/// 状态信息结构体
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct StatusInfo {
    /// 状态：sent, bounced, deferred等
    pub status: String,
    /// DSN状态码
    pub dsn: Option<String>,
    /// 状态描述（括号内的内容）
    pub description: Option<String>,
}

/// 公共字段解析器
pub struct CommonFieldsParser;

impl CommonFieldsParser {
    /// 提取发件人地址
    pub fn extract_from_email(message: &str) -> Option<EmailAddress> {
        FROM_EMAIL_REGEX.captures(message).map(|caps| {
            let address = caps
                .get(1)
                .map_or(String::new(), |m| m.as_str().to_string());
            EmailAddress {
                is_empty: address.is_empty(),
                address,
            }
        })
    }

    /// 提取收件人地址
    pub fn extract_to_email(message: &str) -> Option<EmailAddress> {
        TO_EMAIL_REGEX.captures(message).map(|caps| {
            let address = caps
                .get(1)
                .map_or(String::new(), |m| m.as_str().to_string());
            EmailAddress {
                is_empty: address.is_empty(),
                address,
            }
        })
    }

    /// 提取原始收件人地址
    pub fn extract_orig_to_email(message: &str) -> Option<EmailAddress> {
        ORIG_TO_EMAIL_REGEX.captures(message).map(|caps| {
            let address = caps
                .get(1)
                .map_or(String::new(), |m| m.as_str().to_string());
            EmailAddress {
                is_empty: address.is_empty(),
                address,
            }
        })
    }

    /// 提取客户端信息（完整格式）
    pub fn extract_client_info(message: &str) -> Option<ClientInfo> {
        CLIENT_INFO_REGEX.captures(message).map(|caps| ClientInfo {
            hostname: caps
                .get(1)
                .map_or(String::new(), |m| m.as_str().to_string()),
            ip: caps
                .get(2)
                .map_or(String::new(), |m| m.as_str().to_string()),
            port: caps.get(3).and_then(|m| m.as_str().parse().ok()),
        })
    }

    /// 提取客户端信息（简化格式，不带client=前缀）
    pub fn extract_client_info_simple(client_str: &str) -> Option<ClientInfo> {
        CLIENT_SIMPLE_REGEX
            .captures(client_str)
            .map(|caps| ClientInfo {
                hostname: caps
                    .get(1)
                    .map_or(String::new(), |m| m.as_str().to_string()),
                ip: caps
                    .get(2)
                    .map_or(String::new(), |m| m.as_str().to_string()),
                port: caps.get(3).and_then(|m| m.as_str().parse().ok()),
            })
    }

    /// 提取中继信息
    pub fn extract_relay_info(message: &str) -> Option<RelayInfo> {
        RELAY_INFO_REGEX.captures(message).map(|caps| {
            let hostname = caps
                .get(1)
                .map_or(String::new(), |m| m.as_str().to_string());
            let is_none = hostname == "none";

            RelayInfo {
                hostname,
                ip: caps.get(2).map(|m| m.as_str().to_string()),
                port: caps.get(3).and_then(|m| m.as_str().parse().ok()),
                is_none,
            }
        })
    }

    /// 提取延迟信息
    pub fn extract_delay_info(message: &str) -> Option<DelayInfo> {
        let total = DELAY_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .and_then(|m| m.as_str().parse().ok())?;

        let breakdown = DELAYS_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .and_then(|m| Self::parse_delays_breakdown(m.as_str()));

        Some(DelayInfo { total, breakdown })
    }

    /// 解析延迟分解信息
    fn parse_delays_breakdown(delays_str: &str) -> Option<[f64; 4]> {
        let parts: Vec<&str> = delays_str.split('/').collect();
        if parts.len() == 4 {
            let mut breakdown = [0.0; 4];
            for (i, part) in parts.iter().enumerate() {
                breakdown[i] = part.parse().ok()?;
            }
            Some(breakdown)
        } else {
            None
        }
    }

    /// 提取状态信息
    pub fn extract_status_info(message: &str) -> Option<StatusInfo> {
        let status = STATUS_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string())?;

        let dsn = DSN_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string());

        // 提取状态描述（括号内容）
        let description = if let Some(start) = message.find('(') {
            if let Some(end) = message.rfind(')') {
                if end > start {
                    Some(message[start + 1..end].to_string())
                } else {
                    None
                }
            } else {
                None
            }
        } else {
            None
        };

        Some(StatusInfo {
            status,
            dsn,
            description,
        })
    }

    /// 提取邮件大小
    pub fn extract_size(message: &str) -> Option<u64> {
        SIZE_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .and_then(|m| m.as_str().parse().ok())
    }

    /// 提取收件人数量
    pub fn extract_nrcpt(message: &str) -> Option<u32> {
        NRCPT_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .and_then(|m| m.as_str().parse().ok())
    }

    /// 提取Message-ID (支持带尖括号和不带尖括号的格式)
    pub fn extract_message_id(message: &str) -> Option<String> {
        MESSAGE_ID_REGEX.captures(message).and_then(|caps| {
            // 先检查带尖括号的格式 (第1个捕获组)
            if let Some(bracketed) = caps.get(1) {
                Some(bracketed.as_str().to_string())
            }
            // 再检查不带尖括号的格式 (第2个捕获组)
            else if let Some(unbracketed) = caps.get(2) {
                Some(unbracketed.as_str().to_string())
            } else {
                None
            }
        })
    }

    /// 提取协议信息
    pub fn extract_protocol(message: &str) -> Option<String> {
        PROTO_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string())
    }

    /// 提取HELO信息
    pub fn extract_helo(message: &str) -> Option<String> {
        HELO_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string())
    }

    /// 提取SASL认证方法
    pub fn extract_sasl_method(message: &str) -> Option<String> {
        SASL_METHOD_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string())
    }

    /// 提取SASL用户名
    pub fn extract_sasl_username(message: &str) -> Option<String> {
        SASL_USERNAME_REGEX
            .captures(message)
            .and_then(|caps| caps.get(1))
            .map(|m| m.as_str().to_string())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_extract_from_email() {
        let message = "4bG4VR5z: from=<sender@example.com>, size=1234";
        let result = CommonFieldsParser::extract_from_email(message);
        assert_eq!(
            result,
            Some(EmailAddress {
                address: "sender@example.com".to_string(),
                is_empty: false,
            })
        );

        // 测试空地址（bounce邮件）
        let bounce_message = "4bG4VR5z: from=<>, to=<user@example.com>";
        let bounce_result = CommonFieldsParser::extract_from_email(bounce_message);
        assert_eq!(
            bounce_result,
            Some(EmailAddress {
                address: "".to_string(),
                is_empty: true,
            })
        );
    }

    #[test]
    fn test_extract_client_info() {
        let message = "4bG4VR5z: client=mail.example.com[192.168.1.100]:25";
        let result = CommonFieldsParser::extract_client_info(message);
        assert_eq!(
            result,
            Some(ClientInfo {
                hostname: "mail.example.com".to_string(),
                ip: "192.168.1.100".to_string(),
                port: Some(25),
            })
        );

        // 测试无端口的情况
        let no_port_message = "4bG4VR5z: client=localhost[127.0.0.1]";
        let no_port_result = CommonFieldsParser::extract_client_info(no_port_message);
        assert_eq!(
            no_port_result,
            Some(ClientInfo {
                hostname: "localhost".to_string(),
                ip: "127.0.0.1".to_string(),
                port: None,
            })
        );
    }

    #[test]
    fn test_extract_relay_info() {
        let message = "4bG4VR5z: to=<user@example.com>, relay=mx.example.com[1.2.3.4]:25";
        let result = CommonFieldsParser::extract_relay_info(message);
        assert_eq!(
            result,
            Some(RelayInfo {
                hostname: "mx.example.com".to_string(),
                ip: Some("1.2.3.4".to_string()),
                port: Some(25),
                is_none: false,
            })
        );

        // 测试relay=none的情况
        let none_message = "4bG4VR5z: to=<user@example.com>, relay=none, delay=0";
        let none_result = CommonFieldsParser::extract_relay_info(none_message);
        assert_eq!(
            none_result,
            Some(RelayInfo {
                hostname: "none".to_string(),
                ip: None,
                port: None,
                is_none: true,
            })
        );
    }

    #[test]
    fn test_extract_delay_info() {
        let message = "4bG4VR5z: delay=5.5, delays=1.0/0.5/3.0/1.0";
        let result = CommonFieldsParser::extract_delay_info(message);
        assert_eq!(
            result,
            Some(DelayInfo {
                total: 5.5,
                breakdown: Some([1.0, 0.5, 3.0, 1.0]),
            })
        );

        // 测试只有total delay的情况
        let simple_message = "4bG4VR5z: delay=2.3";
        let simple_result = CommonFieldsParser::extract_delay_info(simple_message);
        assert_eq!(
            simple_result,
            Some(DelayInfo {
                total: 2.3,
                breakdown: None,
            })
        );
    }

    #[test]
    fn test_extract_status_info() {
        let message = "4bG4VR5z: status=sent (250 2.0.0 OK), dsn=2.0.0";
        let result = CommonFieldsParser::extract_status_info(message);
        assert_eq!(
            result,
            Some(StatusInfo {
                status: "sent".to_string(),
                dsn: Some("2.0.0".to_string()),
                description: Some("250 2.0.0 OK".to_string()),
            })
        );
    }

    #[test]
    fn test_extract_message_properties() {
        let message = "4bG4VR5z: from=<sender@example.com>, size=1234, nrcpt=2";

        assert_eq!(CommonFieldsParser::extract_size(message), Some(1234));
        assert_eq!(CommonFieldsParser::extract_nrcpt(message), Some(2));
    }

    #[test]
    fn test_extract_message_id() {
        // 测试带尖括号的格式
        let bracketed_message = "61172636348059648: message-id=<61172636348059648@m01.localdomain>";
        let bracketed_result = CommonFieldsParser::extract_message_id(bracketed_message);
        assert_eq!(
            bracketed_result,
            Some("61172636348059648@m01.localdomain".to_string())
        );

        // 测试不带尖括号的格式
        let unbracketed_message = "61172641393807360: message-id=61172636348059648@m01.localdomain";
        let unbracketed_result = CommonFieldsParser::extract_message_id(unbracketed_message);
        assert_eq!(
            unbracketed_result,
            Some("61172636348059648@m01.localdomain".to_string())
        );

        // 测试复杂的带尖括号格式
        let complex_message = "4bG4VR5z: message-id=<test123@example.com>, size=456";
        let complex_result = CommonFieldsParser::extract_message_id(complex_message);
        assert_eq!(complex_result, Some("test123@example.com".to_string()));
    }

    #[test]
    fn test_extract_protocol_info() {
        let message = "4bG4VR5z: proto=ESMTP, helo=<mail.example.com>";

        assert_eq!(
            CommonFieldsParser::extract_protocol(message),
            Some("ESMTP".to_string())
        );
        assert_eq!(
            CommonFieldsParser::extract_helo(message),
            Some("mail.example.com".to_string())
        );
    }
}