dunkirk.sh
+21
-5
config/app.go
+21
-5
config/app.go
···
25
25
}
26
26
27
27
type SMTPConfig struct {
28
-
Host string `yaml:"host"`
29
-
Port int `yaml:"port"`
30
-
User string `yaml:"user"`
31
-
Pass string `yaml:"pass"`
32
-
From string `yaml:"from"`
28
+
Host string `yaml:"host"`
29
+
Port int `yaml:"port"`
30
+
User string `yaml:"user"`
31
+
Pass string `yaml:"pass"`
32
+
From string `yaml:"from"`
33
+
DKIMPrivateKey string `yaml:"dkim_private_key"`
34
+
DKIMPrivateKeyFile string `yaml:"dkim_private_key_file"`
35
+
DKIMSelector string `yaml:"dkim_selector"`
36
+
DKIMDomain string `yaml:"dkim_domain"`
33
37
}
34
38
35
39
func DefaultAppConfig() *AppConfig {
···
142
146
}
143
147
if v := os.Getenv("HERALD_SMTP_FROM"); v != "" {
144
148
cfg.SMTP.From = v
149
+
}
150
+
if v := os.Getenv("HERALD_SMTP_DKIM_PRIVATE_KEY"); v != "" {
151
+
cfg.SMTP.DKIMPrivateKey = v
152
+
}
153
+
if v := os.Getenv("HERALD_SMTP_DKIM_PRIVATE_KEY_FILE"); v != "" {
154
+
cfg.SMTP.DKIMPrivateKeyFile = v
155
+
}
156
+
if v := os.Getenv("HERALD_SMTP_DKIM_SELECTOR"); v != "" {
157
+
cfg.SMTP.DKIMSelector = v
158
+
}
159
+
if v := os.Getenv("HERALD_SMTP_DKIM_DOMAIN"); v != "" {
160
+
cfg.SMTP.DKIMDomain = v
145
161
}
146
162
if v := os.Getenv("HERALD_ALLOW_ALL_KEYS"); v != "" {
147
163
cfg.AllowAllKeys = strings.ToLower(v) == "true"
+100
-12
email/send.go
+100
-12
email/send.go
···
1
1
package email
2
2
3
3
import (
4
+
"bytes"
5
+
"crypto/rsa"
4
6
"crypto/tls"
7
+
"crypto/x509"
8
+
"encoding/pem"
5
9
"fmt"
6
10
"mime"
7
11
"mime/quotedprintable"
8
12
"net"
9
13
"net/smtp"
14
+
"os"
10
15
"strings"
16
+
"time"
17
+
18
+
"github.com/emersion/go-msgauth/dkim"
11
19
)
12
20
13
21
type SMTPConfig struct {
14
-
Host string
15
-
Port int
16
-
User string
17
-
Pass string
18
-
From string
22
+
Host string
23
+
Port int
24
+
User string
25
+
Pass string
26
+
From string
27
+
DKIMPrivateKey string
28
+
DKIMPrivateKeyFile string
29
+
DKIMSelector string
30
+
DKIMDomain string
19
31
}
20
32
21
33
type Mailer struct {
22
34
cfg SMTPConfig
23
35
unsubBaseURL string
36
+
dkimKey *rsa.PrivateKey
24
37
}
25
38
26
-
func NewMailer(cfg SMTPConfig, unsubBaseURL string) *Mailer {
27
-
return &Mailer{
39
+
func NewMailer(cfg SMTPConfig, unsubBaseURL string) (*Mailer, error) {
40
+
m := &Mailer{
28
41
cfg: cfg,
29
42
unsubBaseURL: unsubBaseURL,
30
43
}
44
+
45
+
// Parse DKIM private key if provided
46
+
var keyData string
47
+
if cfg.DKIMPrivateKey != "" {
48
+
keyData = cfg.DKIMPrivateKey
49
+
} else if cfg.DKIMPrivateKeyFile != "" {
50
+
keyBytes, err := os.ReadFile(cfg.DKIMPrivateKeyFile)
51
+
if err != nil {
52
+
return nil, fmt.Errorf("failed to read DKIM private key file: %w", err)
53
+
}
54
+
keyData = string(keyBytes)
55
+
}
56
+
57
+
if keyData != "" && strings.Contains(keyData, "BEGIN") {
58
+
// Replace literal \n with actual newlines (for .env file compatibility)
59
+
keyData = strings.ReplaceAll(keyData, "\\n", "\n")
60
+
61
+
block, _ := pem.Decode([]byte(keyData))
62
+
if block == nil {
63
+
return nil, fmt.Errorf("failed to decode DKIM private key PEM")
64
+
}
65
+
66
+
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
67
+
if err != nil {
68
+
// Try PKCS8 format
69
+
keyInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
70
+
if err != nil {
71
+
return nil, fmt.Errorf("failed to parse DKIM private key: %w", err)
72
+
}
73
+
var ok bool
74
+
key, ok = keyInterface.(*rsa.PrivateKey)
75
+
if !ok {
76
+
return nil, fmt.Errorf("DKIM private key is not RSA")
77
+
}
78
+
}
79
+
m.dkimKey = key
80
+
}
81
+
82
+
return m, nil
31
83
}
32
84
33
85
// ValidateConfig tests SMTP connectivity and auth
···
122
174
htmlFooter.WriteString(" • ")
123
175
textFooter.WriteString("")
124
176
}
125
-
htmlFooter.WriteString(fmt.Sprintf(`<a href="%s">Unsubscribe</a>`, unsubURL))
177
+
htmlFooter.WriteString(fmt.Sprintf(`<a href="%s">unsubscribe</a>`, unsubURL))
126
178
textFooter.WriteString(fmt.Sprintf("unsubscribe: %s\n", unsubURL))
127
179
}
128
180
···
177
229
178
230
msg.WriteString(fmt.Sprintf("--%s--\r\n", boundary))
179
231
232
+
messageBytes := []byte(msg.String())
233
+
234
+
// Sign with DKIM if configured
235
+
if m.dkimKey != nil && m.cfg.DKIMDomain != "" && m.cfg.DKIMSelector != "" {
236
+
signed, err := m.signDKIM(messageBytes)
237
+
if err != nil {
238
+
return fmt.Errorf("DKIM signing: %w", err)
239
+
}
240
+
messageBytes = signed
241
+
}
242
+
180
243
var auth smtp.Auth
181
244
if m.cfg.User != "" && m.cfg.Pass != "" {
182
245
auth = smtp.PlainAuth("", m.cfg.User, m.cfg.Pass, m.cfg.Host)
183
246
}
184
247
185
248
if m.cfg.Port == 465 {
186
-
return m.sendWithTLS(addr, auth, to, msg.String())
249
+
return m.sendWithTLS(addr, auth, to, messageBytes)
187
250
}
188
251
189
-
return smtp.SendMail(addr, auth, m.cfg.From, []string{to}, []byte(msg.String()))
252
+
return smtp.SendMail(addr, auth, m.cfg.From, []string{to}, messageBytes)
190
253
}
191
254
192
255
func encodeQuotedPrintable(s string) string {
···
197
260
return buf.String()
198
261
}
199
262
200
-
func (m *Mailer) sendWithTLS(addr string, auth smtp.Auth, to, msg string) error {
263
+
func (m *Mailer) sendWithTLS(addr string, auth smtp.Auth, to string, msg []byte) error {
201
264
tlsConfig := &tls.Config{
202
265
ServerName: m.cfg.Host,
203
266
MinVersion: tls.VersionTLS12,
···
234
297
return fmt.Errorf("data: %w", err)
235
298
}
236
299
237
-
if _, err = w.Write([]byte(msg)); err != nil {
300
+
if _, err = w.Write(msg); err != nil {
238
301
return fmt.Errorf("write: %w", err)
239
302
}
240
303
···
244
307
245
308
return client.Quit()
246
309
}
310
+
311
+
func (m *Mailer) signDKIM(message []byte) ([]byte, error) {
312
+
options := &dkim.SignOptions{
313
+
Domain: m.cfg.DKIMDomain,
314
+
Selector: m.cfg.DKIMSelector,
315
+
Signer: m.dkimKey,
316
+
HeaderCanonicalization: dkim.CanonicalizationRelaxed,
317
+
BodyCanonicalization: dkim.CanonicalizationRelaxed,
318
+
HeaderKeys: []string{
319
+
"From",
320
+
"To",
321
+
"Subject",
322
+
"List-Unsubscribe",
323
+
"List-Unsubscribe-Post",
324
+
},
325
+
Expiration: time.Now().Add(72 * time.Hour),
326
+
}
327
+
328
+
var b bytes.Buffer
329
+
if err := dkim.Sign(&b, bytes.NewReader(message), options); err != nil {
330
+
return nil, err
331
+
}
332
+
333
+
return b.Bytes(), nil
334
+
}
+1
go.mod
+1
go.mod
···
41
41
github.com/clipperhouse/stringish v0.1.1 // indirect
42
42
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
43
43
github.com/creack/pty v1.1.24 // indirect
44
+
github.com/emersion/go-msgauth v0.7.0 // indirect
44
45
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
45
46
github.com/go-logfmt/logfmt v0.6.1 // indirect
46
47
github.com/inconshreveable/mousetrap v1.1.0 // indirect
+2
go.sum
+2
go.sum
···
58
58
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
59
59
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
60
60
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
61
+
github.com/emersion/go-msgauth v0.7.0 h1:vj2hMn6KhFtW41kshIBTXvp6KgYSqpA/ZN9Pv4g1INc=
62
+
github.com/emersion/go-msgauth v0.7.0/go.mod h1:mmS9I6HkSovrNgq0HNXTeu8l3sRAAuQ9RMvbM4KU7Ck=
61
63
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
62
64
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
63
65
github.com/go-logfmt/logfmt v0.6.1 h1:4hvbpePJKnIzH1B+8OR/JPbTx37NktoI9LE2QZBBkvE=
+13
-6
main.go
+13
-6
main.go
···
146
146
return fmt.Errorf("failed to migrate database: %w", err)
147
147
}
148
148
149
-
mailer := email.NewMailer(email.SMTPConfig{
150
-
Host: cfg.SMTP.Host,
151
-
Port: cfg.SMTP.Port,
152
-
User: cfg.SMTP.User,
153
-
Pass: cfg.SMTP.Pass,
154
-
From: cfg.SMTP.From,
149
+
mailer, err := email.NewMailer(email.SMTPConfig{
150
+
Host: cfg.SMTP.Host,
151
+
Port: cfg.SMTP.Port,
152
+
User: cfg.SMTP.User,
153
+
Pass: cfg.SMTP.Pass,
154
+
From: cfg.SMTP.From,
155
+
DKIMPrivateKey: cfg.SMTP.DKIMPrivateKey,
156
+
DKIMPrivateKeyFile: cfg.SMTP.DKIMPrivateKeyFile,
157
+
DKIMSelector: cfg.SMTP.DKIMSelector,
158
+
DKIMDomain: cfg.SMTP.DKIMDomain,
155
159
}, cfg.Origin)
160
+
if err != nil {
161
+
return fmt.Errorf("failed to create mailer: %w", err)
162
+
}
156
163
157
164
// Validate SMTP configuration
158
165
if err := mailer.ValidateConfig(); err != nil {
+16
store/db.go
+16
store/db.go
···
108
108
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
109
109
);
110
110
111
+
CREATE TABLE IF NOT EXISTS email_sends (
112
+
id INTEGER PRIMARY KEY,
113
+
config_id INTEGER NOT NULL REFERENCES configs(id) ON DELETE CASCADE,
114
+
recipient TEXT NOT NULL,
115
+
subject TEXT NOT NULL,
116
+
tracking_token TEXT UNIQUE,
117
+
sent_at DATETIME DEFAULT CURRENT_TIMESTAMP,
118
+
bounced BOOLEAN DEFAULT FALSE,
119
+
bounce_reason TEXT,
120
+
opened BOOLEAN DEFAULT FALSE,
121
+
opened_at DATETIME
122
+
);
123
+
111
124
CREATE INDEX IF NOT EXISTS idx_configs_user_id ON configs(user_id);
112
125
CREATE INDEX IF NOT EXISTS idx_configs_active_next_run ON configs(next_run) WHERE next_run IS NOT NULL;
113
126
CREATE INDEX IF NOT EXISTS idx_feeds_config_id ON feeds(config_id);
···
115
128
CREATE INDEX IF NOT EXISTS idx_logs_config_id ON logs(config_id);
116
129
CREATE INDEX IF NOT EXISTS idx_logs_created_at ON logs(created_at);
117
130
CREATE INDEX IF NOT EXISTS idx_unsubscribe_tokens_token ON unsubscribe_tokens(token);
131
+
CREATE INDEX IF NOT EXISTS idx_email_sends_config_id ON email_sends(config_id);
132
+
CREATE INDEX IF NOT EXISTS idx_email_sends_tracking_token ON email_sends(tracking_token);
133
+
CREATE INDEX IF NOT EXISTS idx_email_sends_sent_at ON email_sends(sent_at);
118
134
`
119
135
120
136
_, err := db.Exec(schema)
+160
store/tracking.go
+160
store/tracking.go
···
1
+
package store
2
+
3
+
import (
4
+
"crypto/rand"
5
+
"database/sql"
6
+
"encoding/base64"
7
+
"fmt"
8
+
"time"
9
+
)
10
+
11
+
type EmailSend struct {
12
+
ID int64
13
+
ConfigID int64
14
+
Recipient string
15
+
Subject string
16
+
TrackingToken string
17
+
SentAt time.Time
18
+
Bounced bool
19
+
BounceReason sql.NullString
20
+
Opened bool
21
+
OpenedAt sql.NullTime
22
+
}
23
+
24
+
// RecordEmailSend records an email send with optional tracking token
25
+
func (db *DB) RecordEmailSend(configID int64, recipient, subject string, includeTracking bool) (string, error) {
26
+
var trackingToken string
27
+
if includeTracking {
28
+
token, err := generateTrackingToken()
29
+
if err != nil {
30
+
return "", fmt.Errorf("generate tracking token: %w", err)
31
+
}
32
+
trackingToken = token
33
+
}
34
+
35
+
query := `INSERT INTO email_sends (config_id, recipient, subject, tracking_token)
36
+
VALUES (?, ?, ?, ?)`
37
+
_, err := db.Exec(query, configID, recipient, subject, sql.NullString{String: trackingToken, Valid: trackingToken != ""})
38
+
if err != nil {
39
+
return "", fmt.Errorf("insert email send: %w", err)
40
+
}
41
+
42
+
return trackingToken, nil
43
+
}
44
+
45
+
// MarkEmailBounced marks an email as bounced
46
+
func (db *DB) MarkEmailBounced(configID int64, recipient, reason string) error {
47
+
query := `UPDATE email_sends
48
+
SET bounced = TRUE, bounce_reason = ?
49
+
WHERE config_id = ? AND recipient = ?
50
+
AND sent_at > datetime('now', '-7 days')
51
+
ORDER BY sent_at DESC
52
+
LIMIT 1`
53
+
_, err := db.Exec(query, reason, configID, recipient)
54
+
return err
55
+
}
56
+
57
+
// MarkEmailOpened marks an email as opened via tracking token
58
+
func (db *DB) MarkEmailOpened(trackingToken string) error {
59
+
query := `UPDATE email_sends
60
+
SET opened = TRUE, opened_at = CURRENT_TIMESTAMP
61
+
WHERE tracking_token = ? AND opened = FALSE`
62
+
result, err := db.Exec(query, trackingToken)
63
+
if err != nil {
64
+
return fmt.Errorf("update email opened: %w", err)
65
+
}
66
+
67
+
rows, err := result.RowsAffected()
68
+
if err != nil {
69
+
return fmt.Errorf("rows affected: %w", err)
70
+
}
71
+
72
+
if rows == 0 {
73
+
return fmt.Errorf("tracking token not found or already opened")
74
+
}
75
+
76
+
return nil
77
+
}
78
+
79
+
// GetInactiveConfigs returns config IDs that haven't had opens in the specified days
80
+
func (db *DB) GetInactiveConfigs(daysWithoutOpen int, minSends int) ([]int64, error) {
81
+
query := `
82
+
SELECT DISTINCT es.config_id
83
+
FROM email_sends es
84
+
WHERE es.config_id IN (
85
+
SELECT config_id
86
+
FROM email_sends
87
+
GROUP BY config_id
88
+
HAVING COUNT(*) >= ?
89
+
)
90
+
AND es.sent_at > datetime('now', '-' || ? || ' days')
91
+
AND es.config_id NOT IN (
92
+
SELECT config_id
93
+
FROM email_sends
94
+
WHERE opened = TRUE
95
+
AND sent_at > datetime('now', '-' || ? || ' days')
96
+
)
97
+
GROUP BY es.config_id
98
+
`
99
+
100
+
rows, err := db.Query(query, minSends, daysWithoutOpen, daysWithoutOpen)
101
+
if err != nil {
102
+
return nil, fmt.Errorf("query inactive configs: %w", err)
103
+
}
104
+
defer rows.Close()
105
+
106
+
var configIDs []int64
107
+
for rows.Next() {
108
+
var id int64
109
+
if err := rows.Scan(&id); err != nil {
110
+
return nil, fmt.Errorf("scan config id: %w", err)
111
+
}
112
+
configIDs = append(configIDs, id)
113
+
}
114
+
115
+
return configIDs, rows.Err()
116
+
}
117
+
118
+
// GetConfigEngagement returns engagement stats for a config
119
+
func (db *DB) GetConfigEngagement(configID int64, days int) (totalSends, opens, bounces int, lastOpen *time.Time, err error) {
120
+
query := `
121
+
SELECT
122
+
COUNT(*) as total_sends,
123
+
SUM(CASE WHEN opened = TRUE THEN 1 ELSE 0 END) as opens,
124
+
SUM(CASE WHEN bounced = TRUE THEN 1 ELSE 0 END) as bounces,
125
+
MAX(opened_at) as last_open
126
+
FROM email_sends
127
+
WHERE config_id = ?
128
+
AND sent_at > datetime('now', '-' || ? || ' days')
129
+
`
130
+
131
+
var lastOpenTime sql.NullTime
132
+
err = db.QueryRow(query, configID, days).Scan(&totalSends, &opens, &bounces, &lastOpenTime)
133
+
if err != nil {
134
+
return 0, 0, 0, nil, fmt.Errorf("query engagement: %w", err)
135
+
}
136
+
137
+
if lastOpenTime.Valid {
138
+
lastOpen = &lastOpenTime.Time
139
+
}
140
+
141
+
return totalSends, opens, bounces, lastOpen, nil
142
+
}
143
+
144
+
// CleanupOldSends removes email send records older than specified days
145
+
func (db *DB) CleanupOldSends(daysToKeep int) (int64, error) {
146
+
query := `DELETE FROM email_sends WHERE sent_at < datetime('now', '-' || ? || ' days')`
147
+
result, err := db.Exec(query, daysToKeep)
148
+
if err != nil {
149
+
return 0, fmt.Errorf("cleanup old sends: %w", err)
150
+
}
151
+
return result.RowsAffected()
152
+
}
153
+
154
+
func generateTrackingToken() (string, error) {
155
+
b := make([]byte, 24)
156
+
if _, err := rand.Read(b); err != nil {
157
+
return "", err
158
+
}
159
+
return base64.URLEncoding.EncodeToString(b), nil
160
+
}