feat(server/m7-user-mgmt): mailer package + SMTP config endpoints (U3)
New internal/mailer/ package:
- Sender interface with two impls: SMTPSender (production, reads
smtp_config at send time so admin edits apply without restart;
uses stdlib net/smtp + STARTTLS) and FakeSender (test/concurrent-
safe call recorder).
- Embedded text + HTML templates for the password reset email,
rendered via stdlib text/template + html/template. The HTML
uses the FabledSword forest-teal accent color.
- ErrNotConfigured surfaces when smtp_config.enabled is false or
required fields are empty; callers like the future forgot-password
handler will treat this as "log and pretend success" to avoid
user-enumeration leaks.
Three admin endpoints under RequireAdmin:
- GET /api/admin/smtp-config — returns the singleton; password
field is masked ("***" or "").
- PUT /api/admin/smtp-config — updates settings. Validates
host + from_address are non-empty when enabled=true. Empty
password in the request preserves the stored value (so the
operator doesn't have to re-enter it on every save).
- POST /api/admin/smtp-config/test — sends a real test email to
the calling admin's email. 400 if admin has no email; 500 with
the error message on send failure (so the operator can debug
config without grep-then-trace through logs).
Tests cover the password-mask, password-preservation-on-empty,
enabled-requires-host-and-from validation, and the no-email-on-file
rejection. Mailer unit tests cover the fake recorder and template
rendering. The "real SMTP send" path needs a live server and isn't
covered in CI; the FakeSender covers that role for downstream tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
package mailer
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"embed"
|
||||
"fmt"
|
||||
htmltemplate "html/template"
|
||||
texttemplate "text/template"
|
||||
)
|
||||
|
||||
//go:embed templates/password_reset.txt templates/password_reset.html
|
||||
var resetEmailFS embed.FS
|
||||
|
||||
// ResetEmailVars is the data passed to the password reset templates.
|
||||
type ResetEmailVars struct {
|
||||
Username string
|
||||
ResetURL string
|
||||
ExpiryHours int
|
||||
}
|
||||
|
||||
// RenderResetEmail returns (textBody, htmlBody) for the password
|
||||
// reset email, parameterized with the given vars.
|
||||
func RenderResetEmail(vars ResetEmailVars) (string, string, error) {
|
||||
textTpl, err := texttemplate.ParseFS(resetEmailFS, "templates/password_reset.txt")
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("mailer: parse text template: %w", err)
|
||||
}
|
||||
htmlTpl, err := htmltemplate.ParseFS(resetEmailFS, "templates/password_reset.html")
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("mailer: parse html template: %w", err)
|
||||
}
|
||||
|
||||
var textBuf, htmlBuf bytes.Buffer
|
||||
if err := textTpl.Execute(&textBuf, vars); err != nil {
|
||||
return "", "", fmt.Errorf("mailer: render text: %w", err)
|
||||
}
|
||||
if err := htmlTpl.Execute(&htmlBuf, vars); err != nil {
|
||||
return "", "", fmt.Errorf("mailer: render html: %w", err)
|
||||
}
|
||||
return textBuf.String(), htmlBuf.String(), nil
|
||||
}
|
||||
|
||||
// ResetEmailSubject is the subject line used by the forgot-password
|
||||
// flow. Exported so callers don't string-literal it independently.
|
||||
const ResetEmailSubject = "Minstrel password reset"
|
||||
Reference in New Issue
Block a user