scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(PROJ-53): Konfigurierbare Listenanzahl pro Seite

Browse Source 
- users.list_page_size (Default 25), PATCH /api/auth/preferences,
  Whitelist 25/50/100/200, Wert in login/me-Response
- Settings-UI mit Select, /search nutzt gespeicherte Seitengröße
- /api/search page_size serverseitig auf max. 500 gecappt

fix(PROJ-46): login_attempts-Migration nutzte s.db statt s.pool
(Backend kompilierte nicht)

feat(PROJ-50): DSGVO-Löschersuchen Backend (dsgvo_requests, Handler,
cc_addr/bcc_addr Indexerweiterung) — noch nicht QA'd/deployed
This commit is contained in:
sysops
2026-06-14 22:25:02 +02:00
parent b73ef55a65
commit 472ba6a087
25 changed files with 1078 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/archivmail-import/main.go
+1
View File
@@ -124,6 +124,7 @@ func main() {
ID: id,
From: pm.From,
To: strings.Join(pm.To, " "),
CC: strings.Join(pm.CC, " "),
Subject: pm.Subject,
Body: pm.TextBody + " " + pm.HTMLBody,
AttachNames: strings.Join(attachNames, " "),
cmd/archivmail/cmd_export.go
+114 -60
View File
@@ -1,11 +1,13 @@
package main
import (
"context"
"encoding/json"
"flag"
"fmt"
"os"
"path/filepath"
"strconv"
"strings"
"time"
@@ -34,12 +36,16 @@ func runExport(args []string) {
dateFrom := fs.String("date-from", "", "filter from date (ISO 8601: 2024-01-01)")
dateTo := fs.String("date-to", "", "filter to date (ISO 8601: 2024-12-31)")
query := fs.String("query", "", "fulltext search query")
tenant := fs.String("tenant", "", "export ALL mails of the given tenant id (mutually exclusive with from/to/date/query)")
force := fs.Bool("force", false, "overwrite existing output file")
jsonOut := fs.Bool("json", false, "machine-readable JSON output")
fs.Usage = func() {
fmt.Fprintln(os.Stderr, "Usage: archivmail export [flags]")
fmt.Fprintln(os.Stderr, "")
fmt.Fprintln(os.Stderr, "Exports archived mails either by search filters (from/to/date/query)")
fmt.Fprintln(os.Stderr, "or, with --tenant, the complete mail set of a single tenant.")
fmt.Fprintln(os.Stderr, "")
fmt.Fprintln(os.Stderr, "Flags:")
fs.PrintDefaults()
}
@@ -51,6 +57,22 @@ func runExport(args []string) {
os.Exit(1)
}
// --tenant and search filters are mutually exclusive.
var tenantID *int64
if *tenant != "" {
if *from != "" || *to != "" || *dateFrom != "" || *dateTo != "" || *query != "" {
fmt.Fprintln(os.Stderr, "error: --tenant cannot be combined with --from/--to/--date-from/--date-to/--query")
fs.Usage()
os.Exit(1)
}
id, perr := strconv.ParseInt(*tenant, 10, 64)
if perr != nil || id <= 0 {
fmt.Fprintf(os.Stderr, "error: invalid --tenant %q (expected positive integer id)\n", *tenant)
os.Exit(1)
}
tenantID = &id
}
if *format != "eml" && *format != "mbox" {
fmt.Fprintf(os.Stderr, "error: unknown format %q (supported: eml, mbox)\n", *format)
os.Exit(1)
@@ -85,35 +107,38 @@ func runExport(args []string) {
if backend == "" {
backend = "xapian"
}
idx, err := index.New(cfg.Index.Path, batchSize, backend)
if err != nil {
fmt.Fprintf(os.Stderr, "error: index init: %v\n", err)
os.Exit(1)
}
defer idx.Close()
// Build search request
// The fulltext index is only needed when exporting via search filters.
var idx index.Indexer
req := index.SearchRequest{
Query: *query,
From: *from,
To: *to,
PageSize: 500,
}
if *dateFrom != "" {
if t, err := time.Parse(time.DateOnly, *dateFrom); err == nil {
req.DateFrom = &t
} else {
fmt.Fprintf(os.Stderr, "error: invalid --date-from %q (expected YYYY-MM-DD)\n", *dateFrom)
if tenantID == nil {
idx, err = index.New(cfg.Index.Path, batchSize, backend)
if err != nil {
fmt.Fprintf(os.Stderr, "error: index init: %v\n", err)
os.Exit(1)
}
}
if *dateTo != "" {
if t, err := time.Parse(time.DateOnly, *dateTo); err == nil {
t = t.Add(24*time.Hour - time.Second)
req.DateTo = &t
} else {
fmt.Fprintf(os.Stderr, "error: invalid --date-to %q (expected YYYY-MM-DD)\n", *dateTo)
os.Exit(1)
defer idx.Close()
if *dateFrom != "" {
if t, err := time.Parse(time.DateOnly, *dateFrom); err == nil {
req.DateFrom = &t
} else {
fmt.Fprintf(os.Stderr, "error: invalid --date-from %q (expected YYYY-MM-DD)\n", *dateFrom)
os.Exit(1)
}
}
if *dateTo != "" {
if t, err := time.Parse(time.DateOnly, *dateTo); err == nil {
t = t.Add(24*time.Hour - time.Second)
req.DateTo = &t
} else {
fmt.Fprintf(os.Stderr, "error: invalid --date-to %q (expected YYYY-MM-DD)\n", *dateTo)
os.Exit(1)
}
}
}
@@ -146,57 +171,86 @@ func runExport(args []string) {
exported := 0
errors := 0
page := 0
for {
req.Page = page
result, err := idx.Search(req)
// exportID loads a single mail and writes it in the selected format.
// Returns false on a (logged) per-mail error so the caller can count it.
exportID := func(id string) bool {
raw, err := mailStore.Load(id)
if err != nil {
fmt.Fprintf(os.Stderr, "error: search failed: %v\n", err)
fmt.Fprintf(os.Stderr, "warning: load %s: %v\n", id, err)
return false
}
if *format == "mbox" {
if err := writeMboxMessage(mboxFile, raw); err != nil {
fmt.Fprintf(os.Stderr, "warning: write mbox: %v\n", err)
return false
}
} else {
outPath := filepath.Join(*out, id+".eml")
if _, err := os.Stat(outPath); err == nil && !*force {
fmt.Fprintf(os.Stderr, "warning: %s exists, skipping (use --force)\n", outPath)
return false
}
if err := os.WriteFile(outPath, raw, 0o644); err != nil {
fmt.Fprintf(os.Stderr, "warning: write %s: %v\n", outPath, err)
return false
}
}
return true
}
if tenantID != nil {
// Full tenant export: pull all mail IDs directly from storage.
ids, err := mailStore.GetAllIDsByTenant(context.Background(), tenantID)
if err != nil {
fmt.Fprintf(os.Stderr, "error: get tenant ids: %v\n", err)
os.Exit(1)
}
if len(result.Hits) == 0 {
break
}
for _, hit := range result.Hits {
raw, err := mailStore.Load(hit.ID)
if err != nil {
fmt.Fprintf(os.Stderr, "warning: load %s: %v\n", hit.ID, err)
errors++
continue
if len(ids) == 0 {
if !*jsonOut {
fmt.Printf("Hinweis: 0 Mails exportiert (Tenant %d hat keine Mails oder existiert nicht)\n", *tenantID)
}
if *format == "mbox" {
if err := writeMboxMessage(mboxFile, raw); err != nil {
fmt.Fprintf(os.Stderr, "warning: write mbox: %v\n", err)
errors++
continue
}
}
for _, id := range ids {
if exportID(id) {
exported++
} else {
outPath := filepath.Join(*out, hit.ID+".eml")
if _, err := os.Stat(outPath); err == nil && !*force {
fmt.Fprintf(os.Stderr, "warning: %s exists, skipping (use --force)\n", outPath)
errors++
continue
}
if err := os.WriteFile(outPath, raw, 0o644); err != nil {
fmt.Fprintf(os.Stderr, "warning: write %s: %v\n", outPath, err)
errors++
continue
}
errors++
}
exported++
}
if !*jsonOut {
if !*jsonOut && len(ids) > 0 {
fmt.Printf("Progress: %d exported, %d errors\n", exported, errors)
}
} else {
page := 0
for {
req.Page = page
result, err := idx.Search(req)
if err != nil {
fmt.Fprintf(os.Stderr, "error: search failed: %v\n", err)
os.Exit(1)
}
if len(result.Hits) == 0 {
break
}
if exported+errors >= result.Total {
break
for _, hit := range result.Hits {
if exportID(hit.ID) {
exported++
} else {
errors++
}
}
if !*jsonOut {
fmt.Printf("Progress: %d exported, %d errors\n", exported, errors)
}
if exported+errors >= result.Total {
break
}
page++
}
page++
}
if *jsonOut {
cmd/archivmail/cmd_import.go
+1
View File
@@ -252,6 +252,7 @@ func importMessage(mailStore *storage.Store, idxMgr index.TenantIndexer, raw []b
ID: id,
From: pm.From,
To: strings.Join(pm.To, " "),
CC: strings.Join(pm.CC, " "),
Subject: pm.Subject,
Body: pm.TextBody + " " + pm.HTMLBody,
AttachNames: strings.Join(attachNames, " "),
cmd/archivmail/cmd_reindex.go
+1
View File
@@ -119,6 +119,7 @@ func runReindex(args []string) {
ID: id,
From: pm.From,
To: strings.Join(pm.To, ", "),
CC: strings.Join(pm.CC, ", "),
Subject: pm.Subject,
Body: pm.TextBody,
AttachNames: strings.Join(attachNames, " "),
cmd/archivmail/main.go
+2
View File
@@ -501,6 +501,7 @@ func submitToWorker(worker *index.TenantIndexWorker, store *storage.Store, raw [
ID: id,
From: pm.From,
To: strings.Join(pm.To, ", "),
CC: strings.Join(pm.CC, ", "),
Subject: pm.Subject,
Body: pm.TextBody,
AttachNames: strings.Join(attachNames, " "),
@@ -631,6 +632,7 @@ func reindexTenant(ctx context.Context, store *storage.Store, mgr index.TenantIn
ID: id,
From: pm.From,
To: strings.Join(pm.To, ", "),
CC: strings.Join(pm.CC, ", "),
Subject: pm.Subject,
Body: pm.TextBody,
AttachNames: strings.Join(attachNames, " "),
features/INDEX.md
+3 -2
View File
@@ -66,10 +66,11 @@
| PROJ-47 | Tenant-Voll-Export per CLI | In Review | [PROJ-47](PROJ-47-tenant-voll-export-cli.md) | 2026-06-13 |
| PROJ-48 | Audit-Log Unveränderbarkeit (Nachbesserung PROJ-11) | Deployed | [PROJ-48](PROJ-48-audit-log-unveraenderbarkeit.md) | 2026-06-13 |
| PROJ-49 | Verschlüsselungspflicht at-rest (Healthcheck & Warnung) | Deployed | [PROJ-49](PROJ-49-verschluesselungspflicht.md) | 2026-06-13 |
| PROJ-50 | DSGVO-Löschersuchen für Mail-Inhalte (GoBD-Vorrang) | In Progress | [PROJ-50](PROJ-50-dsgvo-loeschersuchen.md) | 2026-06-13 |
| PROJ-50 | DSGVO-Löschersuchen für Mail-Inhalte (GoBD-Vorrang) | In Review | [PROJ-50](PROJ-50-dsgvo-loeschersuchen.md) | 2026-06-13 |
| PROJ-51 | Aufbewahrungsfristen nach Dokumentenart (Retention-Kategorien) | Deployed | [PROJ-51](PROJ-51-retention-kategorien.md) | 2026-06-13 |
| PROJ-52 | Vollständigkeits-Reconciliation (Zähl-Report) | Planned | [PROJ-52](PROJ-52-vollstaendigkeits-reconciliation.md) | 2026-06-13 |
| PROJ-53 | Konfigurierbare Listenanzahl pro Seite | In Review | [PROJ-53](PROJ-53-konfigurierbare-listenanzahl.md) | 2026-06-14 |
<!-- Add features above this line -->
## Next Available ID: PROJ-53
## Next Available ID: PROJ-54
internal/api/auth_handlers.go
+9 -7
View File
@@ -88,10 +88,11 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]interface{}{
"user": map[string]interface{}{
"id": user.ID,
"username": user.Username,
"email": user.Email,
"role": user.Role,
"id": user.ID,
"username": user.Username,
"email": user.Email,
"role": user.Role,
"list_page_size": user.ListPageSize,
},
})
}
@@ -106,9 +107,10 @@ func (s *Server) handleMe(w http.ResponseWriter, r *http.Request) {
}
writeJSON(w, http.StatusOK, map[string]interface{}{
"username": user.Username,
"email": user.Email,
"role": user.Role,
"username": user.Username,
"email": user.Email,
"role": user.Role,
"list_page_size": user.ListPageSize,
})
}
internal/api/dsgvo_handlers.go
+479
View File
@@ -0,0 +1,479 @@
package api
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"strconv"
"strings"
"time"
"archivmail/internal/audit"
"archivmail/internal/index"
"archivmail/internal/storage"
"archivmail/internal/userstore"
)
// dsgvoMaxHits caps the number of mails evaluated per request, mirroring the
// eDiscovery export limit (PROJ-39). Beyond this the admin is asked to narrow
// the date range.
const dsgvoMaxHits = 10000
// canManageDSGVO reports whether the role may create/process DSGVO requests.
func canManageDSGVO(role string) bool {
switch role {
case userstore.RoleSuperAdmin, userstore.RoleDomainAdmin, userstore.RoleAdmin:
return true
}
return false
}
// canViewDSGVO reports whether the role may read DSGVO requests (incl. auditors).
func canViewDSGVO(role string) bool {
if canManageDSGVO(role) {
return true
}
switch role {
case userstore.RoleAuditor, userstore.RoleDomainAuditor:
return true
}
return false
}
// handleCreateDSGVORequest creates a DSGVO erasure request, runs the address
// search in the admin's tenant scope, evaluates retain_until per mail and
// stores the documented result.
//
// POST /api/admin/dsgvo
// Body: {address, date_from?, date_to?}
func (s *Server) handleCreateDSGVORequest(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if !canManageDSGVO(sess.Role) {
writeError(w, http.StatusForbidden, "insufficient permissions")
return
}
tenantID := tenantFromCtx(r.Context())
var req struct {
Address string `json:"address"`
DateFrom string `json:"date_from"`
DateTo string `json:"date_to"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid request body")
return
}
address := strings.ToLower(strings.TrimSpace(req.Address))
if address == "" || !strings.Contains(address, "@") {
writeError(w, http.StatusBadRequest, "valid e-mail address required")
return
}
// Build the address search across from/to/cc/bcc.
searchReq := index.SearchRequest{
AnyAddress: address,
PageSize: dsgvoMaxHits,
Page: 1,
}
if req.DateFrom != "" {
if t, err := time.Parse(time.DateOnly, req.DateFrom); err == nil {
searchReq.DateFrom = &t
}
}
if req.DateTo != "" {
if t, err := time.Parse(time.DateOnly, req.DateTo); err == nil {
t = t.Add(24*time.Hour - time.Second)
searchReq.DateTo = &t
}
}
searchIdx := s.idx
if s.idxMgr != nil && tenantID != nil {
searchIdx = s.idxMgr.ForTenant(tenantID)
}
result, err := searchIdx.Search(searchReq)
if err != nil {
writeError(w, http.StatusInternalServerError, "search failed")
return
}
// Persist the request first so the vorgang is documented even if later steps fail.
dsReq, err := s.store.CreateDSGVORequest(r.Context(), tenantID, address, sess.Username)
if err != nil {
writeError(w, http.StatusInternalServerError, "could not create request")
return
}
ids := make([]string, 0, len(result.Hits))
for _, h := range result.Hits {
ids = append(ids, h.ID)
}
meta, err := s.store.GetDSGVOMailMeta(r.Context(), ids)
if err != nil {
writeError(w, http.StatusInternalServerError, "metadata lookup failed")
return
}
now := time.Now()
summary := storage.DSGVOResultSummary{
Truncated: result.Total > dsgvoMaxHits,
}
for _, id := range ids {
m, ok := meta[id]
if !ok {
continue
}
summary.TotalHits++
am := storage.DSGVOAffectedMail{
MailID: id,
Subject: m.Subject,
RetainUntil: m.RetainUntil,
}
if !m.ReceivedAt.IsZero() {
d := m.ReceivedAt
am.Date = &d
}
if m.RetainUntil != nil && now.Before(*m.RetainUntil) {
summary.Rejected++
am.Deletable = false
am.Reason = fmt.Sprintf("Abgelehnt - gesetzliche Aufbewahrungspflicht bis %s",
m.RetainUntil.Format("2006-01-02"))
} else {
summary.Deletable++
am.Deletable = true
am.Reason = "Loeschbar - keine Aufbewahrungspflicht"
}
summary.Mails = append(summary.Mails, am)
}
status := dsgvoStatus(summary)
if err := s.store.UpdateDSGVOResult(r.Context(), dsReq.ID, status, &summary); err != nil {
writeError(w, http.StatusInternalServerError, "could not store result")
return
}
dsReq.Status = status
dsReq.ResultSummary = &summary
if s.audlog != nil {
s.audlog.Log(audit.Entry{
EventType: audit.EventDSGVORequest,
Username: sess.Username,
IPAddress: s.remoteIP(r),
Success: true,
Detail: fmt.Sprintf("dsgvo: address=%q hits=%d rejected=%d deletable=%d truncated=%t",
address, summary.TotalHits, summary.Rejected, summary.Deletable, summary.Truncated),
})
}
writeJSON(w, http.StatusOK, dsReq)
}
// dsgvoStatus computes the request status from the result summary.
func dsgvoStatus(s storage.DSGVOResultSummary) string {
if s.TotalHits == 0 {
return storage.DSGVOStatusCompleted
}
if s.Rejected > 0 && s.Deletable > 0 {
return storage.DSGVOStatusPartial
}
if s.Rejected > 0 {
return storage.DSGVOStatusPartial
}
return storage.DSGVOStatusCompleted
}
// handleListDSGVORequests lists requests in the caller's tenant scope.
// GET /api/admin/dsgvo
func (s *Server) handleListDSGVORequests(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if !canViewDSGVO(sess.Role) {
writeError(w, http.StatusForbidden, "insufficient permissions")
return
}
tenantID := tenantFromCtx(r.Context())
list, err := s.store.ListDSGVORequests(r.Context(), tenantID)
if err != nil {
writeError(w, http.StatusInternalServerError, "list failed")
return
}
writeJSON(w, http.StatusOK, map[string]interface{}{"requests": list})
}
// handleGetDSGVORequest returns a single request detail.
// GET /api/admin/dsgvo/{id}
func (s *Server) handleGetDSGVORequest(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if !canViewDSGVO(sess.Role) {
writeError(w, http.StatusForbidden, "insufficient permissions")
return
}
id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid id")
return
}
tenantID := tenantFromCtx(r.Context())
req, err := s.store.GetDSGVORequest(r.Context(), id, tenantID)
if err != nil {
writeError(w, http.StatusNotFound, "not found")
return
}
writeJSON(w, http.StatusOK, req)
}
// handleDeleteDSGVOMails deletes the deletable mails of a request using the
// existing retention-aware delete mechanism (PROJ-34). Mails under retention
// lock are skipped. Each deletion is documented and the request summary is
// updated to reflect what was actually removed.
//
// POST /api/admin/dsgvo/{id}/delete
func (s *Server) handleDeleteDSGVOMails(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if !canManageDSGVO(sess.Role) {
writeError(w, http.StatusForbidden, "insufficient permissions")
return
}
id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid id")
return
}
tenantID := tenantFromCtx(r.Context())
req, err := s.store.GetDSGVORequest(r.Context(), id, tenantID)
if err != nil || req.ResultSummary == nil {
writeError(w, http.StatusNotFound, "not found")
return
}
searchIdx := s.idx
if s.idxMgr != nil && tenantID != nil {
searchIdx = s.idxMgr.ForTenant(tenantID)
}
deleted := 0
for i := range req.ResultSummary.Mails {
m := &req.ResultSummary.Mails[i]
if !m.Deletable || m.Deleted {
continue
}
if err := s.store.Delete(m.MailID); err != nil {
// Retention lock or missing file → leave as-is, keep documented.
m.Reason = "Loeschung nicht moeglich: " + err.Error()
m.Deletable = false
continue
}
_ = searchIdx.Delete(m.MailID)
m.Deleted = true
m.Deletable = false
m.Reason = "Geloescht auf DSGVO-Antrag"
deleted++
if s.audlog != nil {
s.audlog.Log(audit.Entry{
EventType: audit.EventDSGVORequest,
Username: sess.Username,
IPAddress: s.remoteIP(r),
MailID: m.MailID,
Success: true,
Detail: fmt.Sprintf("dsgvo: deleted mail (request_id=%d address=%q)", id, req.RequestedAddress),
})
}
}
// Recompute counters.
req.ResultSummary.Deleted += deleted
req.ResultSummary.Deletable = 0
for _, m := range req.ResultSummary.Mails {
if m.Deletable {
req.ResultSummary.Deletable++
}
}
status := dsgvoStatus(*req.ResultSummary)
if req.ResultSummary.Deleted > 0 && req.ResultSummary.Deletable == 0 && req.ResultSummary.Rejected == 0 {
status = storage.DSGVOStatusCompleted
}
if err := s.store.UpdateDSGVOResult(r.Context(), id, status, req.ResultSummary); err != nil {
writeError(w, http.StatusInternalServerError, "could not update request")
return
}
req.Status = status
writeJSON(w, http.StatusOK, map[string]interface{}{"deleted": deleted, "request": req})
}
// handleExportDSGVORequest produces a PDF summary suitable as a written reply
// to the data subject, documenting the legal basis for any rejection.
//
// GET /api/admin/dsgvo/{id}/export
func (s *Server) handleExportDSGVORequest(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if !canViewDSGVO(sess.Role) {
writeError(w, http.StatusForbidden, "insufficient permissions")
return
}
id, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid id")
return
}
tenantID := tenantFromCtx(r.Context())
req, err := s.store.GetDSGVORequest(r.Context(), id, tenantID)
if err != nil {
writeError(w, http.StatusNotFound, "not found")
return
}
pdf := buildDSGVOPDF(req)
filename := fmt.Sprintf("dsgvo-antrag-%d.pdf", req.ID)
w.Header().Set("Content-Type", "application/pdf")
w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, filename))
_, _ = w.Write(pdf)
if s.audlog != nil {
s.audlog.Log(audit.Entry{
EventType: audit.EventExport,
Username: sess.Username,
IPAddress: s.remoteIP(r),
Success: true,
Detail: fmt.Sprintf("dsgvo: export request_id=%d", req.ID),
})
}
}
// buildDSGVOPDF renders a DSGVO request summary as a PDF using the existing
// minimal PDF writer (PROJ-12 buildMailPDF pattern).
func buildDSGVOPDF(req *storage.DSGVORequest) []byte {
p := newPDFWriter()
pageW := 595.28
pageH := 841.89
margin := 50.0
lineH := 14.0
smallLineH := 12.0
var cs bytes.Buffer
y := pageH - margin
newline := func(h float64) { y -= h }
text := func(x, ypos, size float64, bold bool, s string) {
font := "Helvetica"
if bold {
font = "Helvetica-Bold"
}
cs.WriteString(fmt.Sprintf("BT /%s %.1f Tf %.1f %.1f Td (%s) Tj ET\n",
font, size, x, ypos, escapePDF(toLatinSafe(s))))
}
text(margin, y, 16, true, "DSGVO-Loeschersuchen - Bearbeitungsnachweis")
newline(lineH * 2)
text(margin, y, 10, true, "Antrags-ID:")
text(margin+120, y, 10, false, strconv.FormatInt(req.ID, 10))
newline(smallLineH)
text(margin, y, 10, true, "Betroffene Adresse:")
text(margin+120, y, 10, false, req.RequestedAddress)
newline(smallLineH)
text(margin, y, 10, true, "Bearbeitet von:")
text(margin+120, y, 10, false, req.RequestedBy)
newline(smallLineH)
text(margin, y, 10, true, "Erstellt am:")
text(margin+120, y, 10, false, req.CreatedAt.Format("02.01.2006 15:04:05"))
newline(smallLineH)
text(margin, y, 10, true, "Status:")
text(margin+120, y, 10, false, req.Status)
newline(lineH * 1.5)
if req.ResultSummary != nil {
sum := req.ResultSummary
text(margin, y, 12, true, "Zusammenfassung")
newline(lineH)
text(margin, y, 10, false, fmt.Sprintf("Treffer gesamt: %d", sum.TotalHits))
newline(smallLineH)
text(margin, y, 10, false, fmt.Sprintf("Abgelehnt (Aufbewahrungspflicht): %d", sum.Rejected))
newline(smallLineH)
text(margin, y, 10, false, fmt.Sprintf("Loeschbar: %d", sum.Deletable))
newline(smallLineH)
text(margin, y, 10, false, fmt.Sprintf("Bereits geloescht: %d", sum.Deleted))
newline(smallLineH)
if sum.Truncated {
text(margin, y, 9, false, fmt.Sprintf("Hinweis: Ergebnis auf %d Treffer begrenzt - Zeitraum eingrenzen.", dsgvoMaxHits))
newline(smallLineH)
}
newline(6)
text(margin, y, 12, true, "Begruendung der Rechtslage")
newline(lineH)
legal := "Soweit E-Mails einer gesetzlichen Aufbewahrungspflicht (GoBD/HGB/AO) " +
"unterliegen, ueberwiegt diese den Loeschanspruch nach Art. 17 DSGVO. " +
"Eine Loeschung erfolgt erst nach Ablauf der jeweiligen Aufbewahrungsfrist."
for _, l := range wrapText(legal, 90) {
text(margin, y, 9, false, l)
newline(smallLineH)
}
newline(6)
text(margin, y, 12, true, "Betroffene E-Mails")
newline(lineH)
for _, m := range sum.Mails {
if y < margin+30 {
text(margin, y, 8, false, "[... gekuerzt ...]")
break
}
dateStr := ""
if m.Date != nil {
dateStr = m.Date.Format("2006-01-02")
}
subj := m.Subject
if len(subj) > 60 {
subj = subj[:60]
}
text(margin, y, 9, false, fmt.Sprintf("- [%s] %s", dateStr, subj))
newline(smallLineH)
text(margin+12, y, 8, false, m.Reason)
newline(smallLineH)
}
}
contentStream := cs.String()
p.write("%PDF-1.4\n")
p.startObj(1)
p.write("<< /Type /Catalog /Pages 2 0 R >>\n")
p.endObj()
p.startObj(2)
p.writef("<< /Type /Pages /Kids [3 0 R] /Count 1 /MediaBox [0 0 %.2f %.2f] >>\n", pageW, pageH)
p.endObj()
p.startObj(3)
p.writef("<< /Type /Page /Parent 2 0 R\n")
p.writef(" /Resources << /Font << /Helvetica << /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>\n")
p.writef(" /Helvetica-Bold << /Type /Font /Subtype /Type1 /BaseFont /Helvetica-Bold >> >> >>\n")
p.writef(" /Contents 4 0 R\n")
p.writef(" /MediaBox [0 0 %.2f %.2f]\n", pageW, pageH)
p.write(">>\n")
p.endObj()
p.startObj(4)
streamBytes := []byte("0.5 w\n" + contentStream)
p.writef("<< /Length %d >>\n", len(streamBytes))
p.write("stream\n")
p.buf.Write(streamBytes)
p.write("\nendstream\n")
p.endObj()
xrefOffset := p.buf.Len()
p.writef("xref\n0 5\n")
p.writef("0000000000 65535 f \n")
for i := 0; i < 4; i++ {
off := 0
if i < len(p.offsets) {
off = p.offsets[i]
}
p.writef("%010d 00000 n \n", off)
}
p.write("trailer\n")
p.writef("<< /Size 5 /Root 1 0 R >>\n")
p.write("startxref\n")
p.writef("%d\n", xrefOffset)
p.write("%%EOF\n")
return p.buf.Bytes()
}
internal/api/profile_handlers.go
+42
View File
@@ -150,3 +150,45 @@ func (s *Server) handleChangeEmail(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]interface{}{"ok": true, "email": req.Email})
}
// allowedListPageSizes are the valid values for users.list_page_size (PROJ-53).
var allowedListPageSizes = map[int]bool{25: true, 50: true, 100: true, 200: true}
// handleChangePreferences allows a user to change their own UI preferences,
// currently just the number of list entries shown per page.
// PATCH /api/auth/preferences
func (s *Server) handleChangePreferences(w http.ResponseWriter, r *http.Request) {
sess := sessionFromCtx(r.Context())
if sess.UserID == 0 {
writeError(w, http.StatusUnauthorized, "not authenticated")
return
}
var req struct {
ListPageSize int `json:"list_page_size"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid request body")
return
}
if !allowedListPageSizes[req.ListPageSize] {
writeError(w, http.StatusBadRequest, "invalid list_page_size: must be 25, 50, 100 or 200")
return
}
user, err := s.users.GetByUsername(sess.Username)
if err != nil {
s.logger.Error("change_preferences: user not found", "err", err, "username", sess.Username)
writeError(w, http.StatusInternalServerError, "user not found")
return
}
if err := s.users.UpdateListPageSize(r.Context(), user.ID, req.ListPageSize); err != nil {
s.logger.Error("change_preferences: update failed", "err", err)
writeError(w, http.StatusInternalServerError, "failed to update preferences")
return
}
writeJSON(w, http.StatusOK, map[string]interface{}{"ok": true, "list_page_size": req.ListPageSize})
}
internal/api/search_handlers.go
+3
View File
@@ -30,6 +30,9 @@ func (s *Server) handleSearch(w http.ResponseWriter, r *http.Request) {
if pageSize <= 0 {
pageSize = 25
}
if pageSize > 500 {
pageSize = 500
}
req := index.SearchRequest{
Query: q,
internal/api/server.go
+10
View File
@@ -236,6 +236,14 @@ func (s *Server) routes() {
s.mux.HandleFunc("PUT /api/admin/archiving-rules/{id}", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleUpdateArchivingRule)))
s.mux.HandleFunc("DELETE /api/admin/archiving-rules/{id}", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleDeleteArchivingRule)))
// PROJ-50: DSGVO Löschersuchen — admin (manage) / auditor (read-only),
// role enforced inside the handlers.
s.mux.HandleFunc("POST /api/admin/dsgvo", s.auth(s.handleCreateDSGVORequest))
s.mux.HandleFunc("GET /api/admin/dsgvo", s.auth(s.handleListDSGVORequests))
s.mux.HandleFunc("GET /api/admin/dsgvo/{id}", s.auth(s.handleGetDSGVORequest))
s.mux.HandleFunc("GET /api/admin/dsgvo/{id}/export", s.auth(s.handleExportDSGVORequest))
s.mux.HandleFunc("POST /api/admin/dsgvo/{id}/delete", s.auth(s.handleDeleteDSGVOMails))
// SMTP-Out Relay Konfiguration — superadmin only
s.mux.HandleFunc("GET /api/admin/smtp-out", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleGetSMTPOut)))
s.mux.HandleFunc("PUT /api/admin/smtp-out", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleSaveSMTPOut)))
@@ -292,6 +300,8 @@ func (s *Server) routes() {
// PROJ-25: Profile routes (password & email change)
s.mux.HandleFunc("PATCH /api/auth/password", s.auth(s.handleChangePassword))
s.mux.HandleFunc("PATCH /api/auth/email", s.auth(s.handleChangeEmail))
// PROJ-53: konfigurierbare Listenanzahl pro Seite
s.mux.HandleFunc("PATCH /api/auth/preferences", s.auth(s.handleChangePreferences))
// PROJ-24: TOTP 2FA routes
s.mux.HandleFunc("GET /api/auth/totp/setup", s.auth(s.handleTOTPSetupGet))
internal/api/upload.go
+1
View File
@@ -184,6 +184,7 @@ func (s *Server) importRawMessage(ctx context.Context, raw []byte, tenantID *int
ID: id,
From: pm.From,
To: strings.Join(pm.To, " "),
CC: strings.Join(pm.CC, " "),
Subject: pm.Subject,
Body: pm.TextBody + " " + pm.HTMLBody,
AttachNames: strings.Join(attachNames, " "),
internal/audit/audit.go
+1
View File
@@ -23,6 +23,7 @@ const (
EventExport = "export"
EventUserMgmt = "user_mgmt"
EventOCRDownload = "mail:ocr_download" // PROJ-44: extracted OCR text downloaded
EventDSGVORequest = "dsgvo_request" // PROJ-50: DSGVO Löschersuchen erfasst/bearbeitet
)
// Entry is a single audit log record.
internal/imap/importer.go
+1
View File
@@ -268,6 +268,7 @@ func (imp *Importer) storeAndIndex(raw []byte, tenantID *int64, log *slog.Logger
ID: id,
From: pm.From,
To: strings.Join(pm.To, ", "),
CC: strings.Join(pm.CC, ", "),
Subject: pm.Subject,
Body: pm.TextBody,
AttachNames: strings.Join(attachNames, " "),
internal/index/index.go
+3
View File
@@ -10,6 +10,8 @@ type MailDocument struct {
ID string
From string
To string
CC string // PROJ-50: CC addresses (space-joined) for DSGVO address search
BCC string // PROJ-50: BCC addresses (space-joined) for DSGVO address search
Subject string
Body string
AttachNames string
@@ -26,6 +28,7 @@ type SearchRequest struct {
From string
To string
OwnEmail string
AnyAddress string // PROJ-50: match address in from/to/cc/bcc (DSGVO Löschersuchen)
DateFrom *time.Time
DateTo *time.Time
HasAttachment *bool // nil=no filter, true=only with, false=only without
internal/index/manticore.go
+26 -10
View File
@@ -113,6 +113,8 @@ func (idx *manticoreIndex) ensureTable() error {
subject text,
from_addr text,
to_addr text,
cc_addr text,
bcc_addr text,
body text,
attachment_names text,
attachment_text text,
@@ -128,6 +130,15 @@ func (idx *manticoreIndex) ensureTable() error {
if err := idx.ensureColumn("attachment_text", "text"); err != nil {
return err
}
// PROJ-50: ALTER existing tables to add cc_addr/bcc_addr so DSGVO address
// searches can match CC/BCC recipients. Existing mails need `archivmail
// reindex` to backfill these fields.
if err := idx.ensureColumn("cc_addr", "text"); err != nil {
return err
}
if err := idx.ensureColumn("bcc_addr", "text"); err != nil {
return err
}
return nil
}
@@ -172,13 +183,15 @@ func (idx *manticoreIndex) IndexSync(doc MailDocument) error {
_, err := idx.db.Exec(
fmt.Sprintf(`REPLACE INTO %s
(id, mail_id, subject, from_addr, to_addr, body, attachment_names, attachment_text, has_attachment, date_ts, size_bytes)
VALUES (?,?,?,?,?,?,?,?,?,?,?)`, idx.table),
(id, mail_id, subject, from_addr, to_addr, cc_addr, bcc_addr, body, attachment_names, attachment_text, has_attachment, date_ts, size_bytes)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)`, idx.table),
rowID,
doc.ID,
doc.Subject,
doc.From,
doc.To,
doc.CC,
doc.BCC,
doc.Body,
doc.AttachNames,
doc.AttachmentText,
@@ -202,24 +215,24 @@ func (idx *manticoreIndex) IndexSync(doc MailDocument) error {
func (idx *manticoreIndex) UpdateAttachmentText(mailID, text string) error {
rowID := hashMailID(mailID)
row := idx.db.QueryRow(fmt.Sprintf(
`SELECT mail_id, subject, from_addr, to_addr, body, attachment_names,
`SELECT mail_id, subject, from_addr, to_addr, cc_addr, bcc_addr, body, attachment_names,
has_attachment, date_ts, size_bytes
FROM %s WHERE id = ? LIMIT 1`, idx.table),
rowID,
)
var (
mid, subj, from, to, body, attachNames string
hasAttach uint64
dateTS, sizeBytes int64
mid, subj, from, to, cc, bcc, body, attachNames string
hasAttach uint64
dateTS, sizeBytes int64
)
if err := row.Scan(&mid, &subj, &from, &to, &body, &attachNames, &hasAttach, &dateTS, &sizeBytes); err != nil {
if err := row.Scan(&mid, &subj, &from, &to, &cc, &bcc, &body, &attachNames, &hasAttach, &dateTS, &sizeBytes); err != nil {
return fmt.Errorf("manticore UpdateAttachmentText %s: load row: %w", idx.table, err)
}
if _, err := idx.db.Exec(
fmt.Sprintf(`REPLACE INTO %s
(id, mail_id, subject, from_addr, to_addr, body, attachment_names, attachment_text, has_attachment, date_ts, size_bytes)
VALUES (?,?,?,?,?,?,?,?,?,?,?)`, idx.table),
rowID, mid, subj, from, to, body, attachNames, text, hasAttach, dateTS, sizeBytes,
(id, mail_id, subject, from_addr, to_addr, cc_addr, bcc_addr, body, attachment_names, attachment_text, has_attachment, date_ts, size_bytes)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)`, idx.table),
rowID, mid, subj, from, to, cc, bcc, body, attachNames, text, hasAttach, dateTS, sizeBytes,
); err != nil {
return fmt.Errorf("manticore UpdateAttachmentText %s: replace: %w", idx.table, err)
}
@@ -276,6 +289,9 @@ func (idx *manticoreIndex) Search(req SearchRequest) (*SearchResult, error) {
if req.OwnEmail != "" {
matchParts = append(matchParts, fmt.Sprintf("@(from_addr,to_addr) %s", escapeManticoreMatch(req.OwnEmail)))
}
if req.AnyAddress != "" {
matchParts = append(matchParts, fmt.Sprintf("@(from_addr,to_addr,cc_addr,bcc_addr) %s", escapeManticoreMatch(req.AnyAddress)))
}
hasMatch := len(matchParts) > 0
internal/pop3/importer.go
+1
View File
@@ -161,6 +161,7 @@ func (imp *Importer) storeAndIndex(raw []byte, log *slog.Logger) error {
ID: id,
From: pm.From,
To: strings.Join(pm.To, ", "),
CC: strings.Join(pm.CC, ", "),
Subject: pm.Subject,
Body: pm.TextBody,
AttachNames: strings.Join(attachNames, " "),
internal/storage/dsgvo_requests.go
+221
View File
@@ -0,0 +1,221 @@
package storage
import (
"context"
"encoding/json"
"fmt"
"time"
)
// DSGVO request status values (PROJ-50).
const (
DSGVOStatusOpen = "open" // angelegt, noch nicht verarbeitet
DSGVOStatusPartial = "partial" // teilweise abgelehnt (Mischung)
DSGVOStatusCompleted = "completed" // abgeschlossen (0 Treffer, alle löschbar/abgelehnt, oder gelöscht)
)
// DSGVOAffectedMail is a single mail affected by a DSGVO erasure request.
type DSGVOAffectedMail struct {
MailID string `json:"mail_id"`
Subject string `json:"subject"`
Date *time.Time `json:"date,omitempty"`
RetainUntil *time.Time `json:"retain_until,omitempty"`
Deletable bool `json:"deletable"` // true wenn retain_until abgelaufen/nicht gesetzt
Deleted bool `json:"deleted"` // true wenn bereits über Löschmechanismus entfernt
Reason string `json:"reason,omitempty"` // z.B. "Aufbewahrungspflicht bis 2030-12-31"
}
// DSGVOResultSummary is the aggregated outcome stored as JSON on the request.
type DSGVOResultSummary struct {
TotalHits int `json:"total_hits"`
Rejected int `json:"rejected"` // gesetzlich gesperrt
Deletable int `json:"deletable"` // löschbar
Deleted int `json:"deleted"` // bereits gelöscht
Truncated bool `json:"truncated"` // Treffer über Limit, Ergebnis unvollständig
Mails []DSGVOAffectedMail `json:"mails"`
}
// DSGVORequest represents a documented DSGVO erasure request (Art. 17).
type DSGVORequest struct {
ID int64 `json:"id"`
TenantID *int64 `json:"tenant_id"`
RequestedAddress string `json:"requested_address"`
RequestedBy string `json:"requested_by"`
CreatedAt time.Time `json:"created_at"`
Status string `json:"status"`
ResultSummary *DSGVOResultSummary `json:"result_summary,omitempty"`
}
// initDSGVOSchema creates the dsgvo_requests table. Safe to call repeatedly.
func (s *Store) initDSGVOSchema(ctx context.Context) {
_, _ = s.db.Exec(ctx, `CREATE TABLE IF NOT EXISTS dsgvo_requests (
id BIGSERIAL PRIMARY KEY,
tenant_id BIGINT,
requested_address TEXT NOT NULL,
requested_by TEXT NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
status TEXT NOT NULL DEFAULT 'open',
result_summary JSONB
)`)
_, _ = s.db.Exec(ctx, `CREATE INDEX IF NOT EXISTS idx_dsgvo_requests_tenant ON dsgvo_requests (tenant_id)`)
}
// CreateDSGVORequest inserts a new request and returns its generated ID.
func (s *Store) CreateDSGVORequest(ctx context.Context, tenantID *int64, address, requestedBy string) (*DSGVORequest, error) {
if s.db == nil {
return nil, fmt.Errorf("storage: no db")
}
req := &DSGVORequest{
TenantID: tenantID,
RequestedAddress: address,
RequestedBy: requestedBy,
Status: DSGVOStatusOpen,
}
err := s.db.QueryRow(ctx,
`INSERT INTO dsgvo_requests (tenant_id, requested_address, requested_by, status)
VALUES ($1,$2,$3,$4) RETURNING id, created_at`,
tenantID, address, requestedBy, DSGVOStatusOpen,
).Scan(&req.ID, &req.CreatedAt)
if err != nil {
return nil, fmt.Errorf("storage: create dsgvo request: %w", err)
}
return req, nil
}
// UpdateDSGVOResult persists the computed result summary and status.
func (s *Store) UpdateDSGVOResult(ctx context.Context, id int64, status string, summary *DSGVOResultSummary) error {
if s.db == nil {
return fmt.Errorf("storage: no db")
}
js, err := json.Marshal(summary)
if err != nil {
return fmt.Errorf("storage: marshal dsgvo summary: %w", err)
}
_, err = s.db.Exec(ctx,
`UPDATE dsgvo_requests SET status=$1, result_summary=$2 WHERE id=$3`,
status, js, id,
)
if err != nil {
return fmt.Errorf("storage: update dsgvo result: %w", err)
}
return nil
}
// ListDSGVORequests returns all requests in the given tenant scope, newest first.
// A nil tenantID returns requests with NULL tenant_id (global/superadmin scope).
func (s *Store) ListDSGVORequests(ctx context.Context, tenantID *int64) ([]DSGVORequest, error) {
if s.db == nil {
return nil, fmt.Errorf("storage: no db")
}
var (
query string
args []interface{}
)
if tenantID == nil {
query = `SELECT id, tenant_id, requested_address, requested_by, created_at, status, result_summary
FROM dsgvo_requests WHERE tenant_id IS NULL ORDER BY created_at DESC`
} else {
query = `SELECT id, tenant_id, requested_address, requested_by, created_at, status, result_summary
FROM dsgvo_requests WHERE tenant_id = $1 ORDER BY created_at DESC`
args = append(args, *tenantID)
}
rows, err := s.db.Query(ctx, query, args...)
if err != nil {
return nil, fmt.Errorf("storage: list dsgvo requests: %w", err)
}
defer rows.Close()
var out []DSGVORequest
for rows.Next() {
req, err := scanDSGVORow(rows)
if err != nil {
return nil, err
}
out = append(out, *req)
}
return out, rows.Err()
}
// GetDSGVORequest returns a single request by ID within the given tenant scope.
// Returns an error if the request does not exist or belongs to another tenant.
func (s *Store) GetDSGVORequest(ctx context.Context, id int64, tenantID *int64) (*DSGVORequest, error) {
if s.db == nil {
return nil, fmt.Errorf("storage: no db")
}
var (
query string
args []interface{}
)
if tenantID == nil {
query = `SELECT id, tenant_id, requested_address, requested_by, created_at, status, result_summary
FROM dsgvo_requests WHERE id=$1 AND tenant_id IS NULL`
args = append(args, id)
} else {
query = `SELECT id, tenant_id, requested_address, requested_by, created_at, status, result_summary
FROM dsgvo_requests WHERE id=$1 AND tenant_id=$2`
args = append(args, id, *tenantID)
}
row := s.db.QueryRow(ctx, query, args...)
return scanDSGVORow(row)
}
// DSGVOMailMeta holds the metadata needed to evaluate a DSGVO request per mail.
type DSGVOMailMeta struct {
Subject string
ReceivedAt time.Time
RetainUntil *time.Time
}
// GetDSGVOMailMeta batch-loads subject, received_at and retain_until for the
// given mail IDs. Missing IDs are omitted. Used by the DSGVO workflow to avoid
// loading and parsing every raw mail file.
func (s *Store) GetDSGVOMailMeta(ctx context.Context, ids []string) (map[string]DSGVOMailMeta, error) {
if s.db == nil || len(ids) == 0 {
return map[string]DSGVOMailMeta{}, nil
}
rows, err := s.db.Query(ctx,
`SELECT id, subject, received_at, retain_until FROM emails WHERE id = ANY($1)`, ids)
if err != nil {
return nil, fmt.Errorf("storage: dsgvo mail meta: %w", err)
}
defer rows.Close()
out := make(map[string]DSGVOMailMeta, len(ids))
for rows.Next() {
var (
id string
subject *string
recv time.Time
until *time.Time
)
if err := rows.Scan(&id, &subject, &recv, &until); err != nil {
return nil, fmt.Errorf("storage: scan dsgvo mail meta: %w", err)
}
m := DSGVOMailMeta{ReceivedAt: recv, RetainUntil: until}
if subject != nil {
m.Subject = *subject
}
out[id] = m
}
return out, rows.Err()
}
type dsgvoScanner interface {
Scan(dest ...interface{}) error
}
func scanDSGVORow(row dsgvoScanner) (*DSGVORequest, error) {
var (
req DSGVORequest
js []byte
)
if err := row.Scan(&req.ID, &req.TenantID, &req.RequestedAddress, &req.RequestedBy,
&req.CreatedAt, &req.Status, &js); err != nil {
return nil, fmt.Errorf("storage: scan dsgvo request: %w", err)
}
if len(js) > 0 {
var sum DSGVOResultSummary
if err := json.Unmarshal(js, &sum); err == nil {
req.ResultSummary = &sum
}
}
return &req, nil
}
internal/storage/storage.go
+2
View File
@@ -107,6 +107,8 @@ func New(cfg Config) (*Store, error) {
_, _ = s.db.Exec(ctx, `ALTER TABLE emails ADD COLUMN IF NOT EXISTS storage_id BIGINT REFERENCES storage_objects(id)`)
// PROJ-51: archiving_rules table + retain_until_source column
s.initRetentionRulesSchema(ctx)
// PROJ-50: DSGVO Löschersuchen
s.initDSGVOSchema(ctx)
}
return s, nil
internal/userstore/userstore.go
+49 -23
View File
@@ -24,17 +24,18 @@ const (
// User represents a user account in the system.
type User struct {
ID int64 `json:"id"`
Username string `json:"username"`
Email string `json:"email"`
Role string `json:"role"`
Source string `json:"source"` // "local" or "ldap"
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
TenantID *int64 `json:"tenant_id,omitempty"`
TOTPEnabled bool `json:"totp_enabled"`
TOTPResetAt *time.Time `json:"totp_reset_at,omitempty"`
TOTPResetBy *string `json:"totp_reset_by,omitempty"`
ID int64 `json:"id"`
Username string `json:"username"`
Email string `json:"email"`
Role string `json:"role"`
Source string `json:"source"` // "local" or "ldap"
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
TenantID *int64 `json:"tenant_id,omitempty"`
TOTPEnabled bool `json:"totp_enabled"`
TOTPResetAt *time.Time `json:"totp_reset_at,omitempty"`
TOTPResetBy *string `json:"totp_reset_by,omitempty"`
ListPageSize int `json:"list_page_size"`
}
// CreateUserRequest holds parameters for creating a new user.
@@ -106,6 +107,14 @@ func (s *Store) initSchema(ctx context.Context) error {
if err != nil {
return err
}
// PROJ-46: login_attempts.username auf VARCHAR(255) erweitern (passend zu users.email),
// damit lange E-Mail-Adressen als Login-Identifier nicht abgeschnitten werden.
_, err = s.pool.Exec(ctx, `
ALTER TABLE login_attempts ALTER COLUMN username TYPE VARCHAR(255);
`)
if err != nil {
return err
}
// PROJ-24: TOTP 2FA columns
_, err = s.pool.Exec(ctx, `
ALTER TABLE users ADD COLUMN IF NOT EXISTS totp_secret BYTEA;
@@ -113,6 +122,13 @@ func (s *Store) initSchema(ctx context.Context) error {
ALTER TABLE users ADD COLUMN IF NOT EXISTS totp_reset_at TIMESTAMPTZ;
ALTER TABLE users ADD COLUMN IF NOT EXISTS totp_reset_by TEXT;
`)
if err != nil {
return err
}
// PROJ-53: konfigurierbare Listenanzahl pro Seite (25/50/100/200, Default 25)
_, err = s.pool.Exec(ctx, `
ALTER TABLE users ADD COLUMN IF NOT EXISTS list_page_size INT NOT NULL DEFAULT 25;
`)
return err
}
@@ -180,7 +196,7 @@ func (s *Store) Activate(ctx context.Context, id int64) error {
// GetByEmail retrieves a user by email address.
func (s *Store) GetByEmail(ctx context.Context, email string) (*User, error) {
row := s.pool.QueryRow(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users WHERE email = $1`, email,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users WHERE email = $1`, email,
)
return scanUser(row)
}
@@ -199,7 +215,7 @@ func (s *Store) SetPassword(ctx context.Context, id int64, newPassword string) e
func (s *Store) GetByID(id int64) (*User, error) {
ctx := context.Background()
row := s.pool.QueryRow(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users WHERE id = $1`, id,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users WHERE id = $1`, id,
)
return scanUser(row)
}
@@ -208,7 +224,7 @@ func (s *Store) GetByID(id int64) (*User, error) {
func (s *Store) GetByUsername(username string) (*User, error) {
ctx := context.Background()
row := s.pool.QueryRow(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users WHERE username = $1`, username,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users WHERE username = $1`, username,
)
return scanUser(row)
}
@@ -218,13 +234,13 @@ func (s *Store) GetByUsername(username string) (*User, error) {
func (s *Store) VerifyPassword(username, password string) (*User, error) {
ctx := context.Background()
row := s.pool.QueryRow(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, password_hash FROM users WHERE username = $1`,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size, password_hash FROM users WHERE username = $1`,
username,
)
var u User
var hash string
err := row.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy, &hash)
err := row.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy, &u.ListPageSize, &hash)
if errors.Is(err, pgx.ErrNoRows) {
return nil, errors.New("userstore: user not found")
}
@@ -296,10 +312,10 @@ func (s *Store) List(role string) ([]*User, error) {
if role == "" {
rows, err = s.pool.Query(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users ORDER BY id`)
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users ORDER BY id`)
} else {
rows, err = s.pool.Query(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users WHERE role = $1 ORDER BY id`, role)
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users WHERE role = $1 ORDER BY id`, role)
}
if err != nil {
return nil, fmt.Errorf("userstore: list: %w", err)
@@ -320,7 +336,7 @@ func (s *Store) List(role string) ([]*User, error) {
// ListByTenant returns all users belonging to a specific tenant.
func (s *Store) ListByTenant(ctx context.Context, tenantID int64) ([]*User, error) {
rows, err := s.pool.Query(ctx,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by FROM users WHERE tenant_id = $1 ORDER BY id`,
`SELECT id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size FROM users WHERE tenant_id = $1 ORDER BY id`,
tenantID,
)
if err != nil {
@@ -438,10 +454,10 @@ func (s *Store) UpsertLDAPUser(username, email, role string, tenantID *int64) (*
active = true,
tenant_id = COALESCE($3, tenant_id)
WHERE email = $4
RETURNING id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by
RETURNING id, username, email, role, source, active, created_at, tenant_id, totp_enabled, totp_reset_at, totp_reset_by, list_page_size
`, username, role, tenantID, email).Scan(
&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active,
&u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy,
&u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy, &u.ListPageSize,
)
if err == nil {
return &u, nil
@@ -466,7 +482,7 @@ func (s *Store) UpsertLDAPUser(username, email, role string, tenantID *int64) (*
func scanUser(row pgx.Row) (*User, error) {
var u User
err := row.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy)
err := row.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy, &u.ListPageSize)
if errors.Is(err, pgx.ErrNoRows) {
return nil, fmt.Errorf("userstore: not found")
}
@@ -478,7 +494,7 @@ func scanUser(row pgx.Row) (*User, error) {
func scanUserRow(rows pgx.Rows) (*User, error) {
var u User
if err := rows.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy); err != nil {
if err := rows.Scan(&u.ID, &u.Username, &u.Email, &u.Role, &u.Source, &u.Active, &u.CreatedAt, &u.TenantID, &u.TOTPEnabled, &u.TOTPResetAt, &u.TOTPResetBy, &u.ListPageSize); err != nil {
return nil, fmt.Errorf("userstore: scan row: %w", err)
}
return &u, nil
@@ -555,6 +571,16 @@ func (s *Store) UpdateEmail(ctx context.Context, userID int64, email string) err
return nil
}
// UpdateListPageSize sets the number of list entries per page for the given user.
// Validation of allowed values (25/50/100/200) happens in the API handler.
func (s *Store) UpdateListPageSize(ctx context.Context, userID int64, pageSize int) error {
_, err := s.pool.Exec(ctx, `UPDATE users SET list_page_size = $1 WHERE id = $2`, pageSize, userID)
if err != nil {
return fmt.Errorf("userstore: update list page size: %w", err)
}
return nil
}
// GetTOTPSecret returns the encrypted TOTP secret and enabled status for a user.
func (s *Store) GetTOTPSecret(ctx context.Context, userID int64) (secret []byte, enabled bool, err error) {
err = s.pool.QueryRow(ctx,
src/app/search/page.tsx
+9 -7
View File
@@ -44,7 +44,7 @@ import { Label } from "@/components/ui/label";
import { Switch } from "@/components/ui/switch";
import { Bookmark, BookmarkPlus, Trash2 } from "lucide-react";
const PAGE_SIZE = 25;
const DEFAULT_PAGE_SIZE = 25;
function formatBytes(bytes: number): string {
if (bytes < 1024) return `${bytes} B`;
@@ -86,6 +86,8 @@ export default function SearchPage() {
const { user, loading: authLoading } = useAuth();
const router = useRouter();
const pageSize = user?.list_page_size ?? DEFAULT_PAGE_SIZE;
const [query, setQuery] = useState("");
const [fromFilter, setFromFilter] = useState("");
const [toFilter, setToFilter] = useState("");
@@ -143,7 +145,7 @@ export default function SearchPage() {
sort: sort !== "date_desc" ? sort : undefined,
has_attachment: hasAttachment,
page: p,
page_size: PAGE_SIZE,
page_size: pageSize,
});
setResults(res.hits || []);
setTotal(res.total);
@@ -156,7 +158,7 @@ export default function SearchPage() {
setSearching(false);
}
},
[query, fromFilter, toFilter, dateFrom, dateTo, sort, hasAttachment]
[query, fromFilter, toFilter, dateFrom, dateTo, sort, hasAttachment, pageSize]
);
// Superadmin has no mail access — redirect to admin dashboard
@@ -170,7 +172,7 @@ export default function SearchPage() {
useEffect(() => {
if (!user || user.role === "superadmin") return;
setSearching(true);
searchEmails({ page: 1, page_size: PAGE_SIZE })
searchEmails({ page: 1, page_size: pageSize })
.then((res) => {
setResults(res.hits || []);
setTotal(res.total);
@@ -182,7 +184,7 @@ export default function SearchPage() {
setTotal(0);
})
.finally(() => setSearching(false));
}, [user]);
}, [user, pageSize]);
function handleSubmit(e: React.FormEvent) {
e.preventDefault();
@@ -339,7 +341,7 @@ export default function SearchPage() {
date_to: s.query.date_to || undefined,
has_attachment: s.query.has_attachment === "true" ? true : undefined,
page: 1,
page_size: PAGE_SIZE,
page_size: pageSize,
})
.then((res) => {
setResults(res.hits || []);
@@ -364,7 +366,7 @@ export default function SearchPage() {
}
}
const totalPages = Math.ceil(total / PAGE_SIZE);
const totalPages = Math.ceil(total / pageSize);
const allSelected = results.length > 0 && results.every((h) => selected.has(h.id));
return (
src/app/settings/page.tsx
+77 -1
View File
@@ -16,10 +16,18 @@ import {
DialogFooter,
} from "@/components/ui/dialog";
import { Badge } from "@/components/ui/badge";
import {
Select,
SelectContent,
SelectItem,
SelectTrigger,
SelectValue,
} from "@/components/ui/select";
import { Server, Lock, Info } from "lucide-react";
import {
changePassword,
changeEmail,
updatePreferences,
getTOTPSetup,
confirmTOTPSetup,
disableTOTP,
@@ -28,7 +36,7 @@ import {
} from "@/lib/api";
export default function SettingsPage() {
const { user, loading } = useAuth();
const { user, loading, refresh } = useAuth();
// ── Password state ────────────────────────────────────────────────────
const [currentPw, setCurrentPw] = useState("");
@@ -59,6 +67,13 @@ export default function SettingsPage() {
const [disableError, setDisableError] = useState("");
const [disableLoading, setDisableLoading] = useState(false);
// ── Listenanzahl (Eintraege pro Seite) ────────────────────────────────
const [listPageSize, setListPageSize] = useState("25");
const [listPageSizeInitialized, setListPageSizeInitialized] = useState(false);
const [listPageSizeError, setListPageSizeError] = useState("");
const [listPageSizeSuccess, setListPageSizeSuccess] = useState("");
const [listPageSizeLoading, setListPageSizeLoading] = useState(false);
// ── System info (FQDN + IMAP-Ports) ───────────────────────────────────
const [systemInfo, setSystemInfo] = useState<SystemInfo | null>(null);
const [systemInfoLoading, setSystemInfoLoading] = useState(true);
@@ -87,6 +102,12 @@ export default function SettingsPage() {
setEmailInitialized(true);
}
// Initialize list page size from user data once available
if (user && !listPageSizeInitialized) {
setListPageSize(String(user.list_page_size || 25));
setListPageSizeInitialized(true);
}
// ── Handlers ──────────────────────────────────────────────────────────
async function handleChangePassword(e: React.FormEvent) {
@@ -139,6 +160,24 @@ export default function SettingsPage() {
}
}
async function handleChangeListPageSize(value: string) {
setListPageSizeError("");
setListPageSizeSuccess("");
const parsed = Number(value);
setListPageSizeLoading(true);
try {
const result = await updatePreferences(parsed);
setListPageSize(String(result.list_page_size));
setListPageSizeSuccess("Eintraege pro Seite wurden gespeichert.");
await refresh();
} catch (err) {
setListPageSizeError(err instanceof Error ? err.message : "Fehler beim Speichern");
} finally {
setListPageSizeLoading(false);
}
}
async function handleSetupTOTP() {
setTotpError("");
setTotpSuccess("");
@@ -312,6 +351,43 @@ export default function SettingsPage() {
</CardContent>
</Card>
{/* ── Card 2b: Listenanzahl ─────────────────────────────────────── */}
<Card>
<CardHeader>
<CardTitle>Listenansicht</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div className="space-y-2">
<Label htmlFor="list-page-size">Eintraege pro Seite</Label>
<Select
value={listPageSize}
onValueChange={handleChangeListPageSize}
disabled={listPageSizeLoading}
>
<SelectTrigger id="list-page-size" className="w-40">
<SelectValue />
</SelectTrigger>
<SelectContent>
<SelectItem value="25">25</SelectItem>
<SelectItem value="50">50</SelectItem>
<SelectItem value="100">100</SelectItem>
<SelectItem value="200">200</SelectItem>
</SelectContent>
</Select>
</div>
{listPageSizeError && (
<Alert variant="destructive">
<AlertDescription>{listPageSizeError}</AlertDescription>
</Alert>
)}
{listPageSizeSuccess && (
<Alert>
<AlertDescription>{listPageSizeSuccess}</AlertDescription>
</Alert>
)}
</CardContent>
</Card>
{/* ── Card 3: Zwei-Faktor-Authentifizierung ────────────────────── */}
<Card>
<CardHeader>
src/hooks/useAuth.ts
+11 -1
View File
@@ -58,5 +58,15 @@ export function useAuth(requireRole?: "admin" | "domain_admin" | "superadmin" |
checkAuth();
}, [checkAuth]);
return { user, loading };
const refresh = useCallback(async () => {
try {
const me = await getMe();
setCachedUser(me);
setUser(me);
} catch {
// ignore refresh errors, keep existing cached user
}
}, []);
return { user, loading, refresh };
}
src/lib/api/index.ts
+1
View File
@@ -16,6 +16,7 @@ export {
logout,
changePassword,
changeEmail,
updatePreferences,
getUsers,
createUser,
updateUser,
src/lib/api/users.ts
+10
View File
@@ -26,6 +26,7 @@ export interface MeResponse {
username: string;
role: string;
email: string;
list_page_size: number;
}
export interface CreateUserRequest {
@@ -82,6 +83,15 @@ export async function changeEmail(
});
}
export async function updatePreferences(
listPageSize: number
): Promise<{ ok: boolean; list_page_size: number }> {
return request<{ ok: boolean; list_page_size: number }>("/api/auth/preferences", {
method: "PATCH",
body: JSON.stringify({ list_page_size: listPageSize }),
});
}
// ── User management functions ─────────────────────────────────────────────────
export async function getUsers(): Promise<User[]> {