Re: No easy way to join discussion in existing thread when not subscribed

On 10/05/2015 10:14 PM, Amir Rohan wrote:
> On 10/05/2015 09:32 PM, Stefan Kaltenbrunner wrote:
>> On 10/05/2015 08:05 PM, Amir Rohan wrote:
>>> On 10/02/2015 03:48 PM, Stefan Kaltenbrunner wrote:
>>>> On 10/02/2015 02:45 PM, Stephen Frost wrote:
>>>>> * Amir Rohan (amir.rohan@mail.com) wrote:
>>>>>> On 10/01/2015 09:18 PM, Stefan Kaltenbrunner wrote:
>>>>>>> yeah - as Stephen said upthread I think that would be a very useful
>>>>>>> feature...
>>>>>>
>>>>>> Great, here's a spec:
>>>>>>
>>>>>> 1) If the user is not logged in, error as the mbox downloads does.
>>>>>> 2) If the user is logged in, retrieve the raw message from the db (like
>>>>>> the "raw" link) does and send it via email (the system is already setup
>>>>>> to do this) to the registered email address for the logged-in user.
>>>>>>
>>>>>> Threats:
>>>>>> a1) Abusing the system to send lots of email to one victim.
>>>>>> a2) Abusing the system to send one email to lots of victims.
>>>>>> a3) DOS on the server through overuse by legitimate users.
>>>>>> a4) DOS on the server through overuse by malicious users, possibly
>>>>>> involving many accounts.
>>>>>>
>>>>>> To mitigate these, we:
>>>>>> b1) Require a community login which involves an email verification step.
>>>>>> mitigates (a1) and (a2).
>>>>>
>>>>> Works for me.
>>>>
>>>> +1
>>>
>>> Today I sepent some time looking more closely at this. I'd like your
>>> input on a few decisions that needs to be made and some points
>>> that need to be verified if this is to work.
>>>
>>> pgarchives and pgweb are separate apps, each using its own db:
>>> - pgweb has the MailQueue model, archives does not.
>>> - pgarchives has the Message model, pgweb does not.
>>>
>>> To implement a "mail me this message", one way or another we need
>>> to interact with both.
>>>
>>> We can either:
>>> 1) Upon request, have archives redirect to a new endpoint on pgweb,
>>> which calls the archives "raw" endpoint to fetch the message,
>>> parses it and push a job to the mail queue.
>>> 2) Upon request, have archives POST the message (and user email,etc')
>>> to a new endpoint on pgweb. This needs to be inaccessible outside
>>> the LAN, because it's basically a spam service.
>>> 3) Add an a Mailqueue model to pgarchives, and have it mail things
>>> independently. This requires another cron job to drain the new queue.
>>>
>>> Which do you prefer?
>>
>> I don't think we want or need an endpoint on pgweb so my vote would be to
>> simply send out the mails from the archives box, having a job there to
>> drain the queue can easily be done so 3) looks pretty good to me
>>
>>>
>>> Next point, the Mailqueue is drained send_queued_mail.py,
>>> would sending these messages, with an envelope-to: header
>>> either through the local MTA or the relay be enough to
>>> get it delivered to the user, or will this trigger any
>>> anti-spam mechanisms along the way? If we use the local MTA,
>>> is it setup to rewrite any headers before delivery?
>>
>> it can use the local MTA (which in turn will automatically use an
>> upstream relay but that is fine).
>>
>> As a general notice - our infrastructure is heavily distributed (see
>> http://www.postgresql.org/about/servers/ for a list of virtual machine
>> hosts - we have 60+ VMs on top) between europe and north america and in
>> the general sense there is no "LAN" between those as in communication
>> between those goes by default over an untrusted channel (ie internet).
>>
>> Stefan
>>
> 
> Fine by me, that simplifies things. That only leaves the community
> login bit. pgarchives isn't setup to use sessions, and afaict
> pgweb uses the defaults setup which means sessions are stored
> in a table in its own database, and is not available to archives.
> So although archives sits under the same frontend and sees the
> session cookies, it can't get at the session data.
> I've read authentication.rst and the full "community auth" flow
> you provide is rather complex, would require creating a new
> key for use by archives, etc'. Is there a simpler way? that was
> the biggest benefit of opting for (1)/(2).
> 
> Amir 

Learned something new about SMTP today and I've now got this feature
working (mod community login).

I've added a "via email" link beside the "raw" link. Clicking it POSTs
the msgid to a new view which fetches the raw message and puts it in the
new Mailqueue
together with user's login email (mocked, now) for the worker to process.
The view itself displays an "expect an email, returning you to..."
message and meta-refreshes back to the message view after a
few seconds. It Seems to work quite well.

To make use of community login I'll either need a way to get at
the session from pgweb's db, or whatever is involved in establishing the
archives app as an auth consumer from pgweb. Both unfortunately depend
on information I don't have.

Regards,
Amir