feat: restrict smtp sender address (#3637)

* fix: check if sender address is custom domain * fix: check if sender address is custom domain * fix: check if sender address is custom domain Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 00:57:33 +00:00 · 2022-05-16 16:08:47 +02:00
parent 40de8d5b3b
commit 5c0f527a49
39 changed files with 510 additions and 153 deletions
--- a/internal/query/projection/domain_policy.go
+++ b/internal/query/projection/domain_policy.go
@@ -16,16 +16,17 @@ import (
 const (
 	DomainPolicyTable = "projections.domain_policies"

-	DomainPolicyIDCol                    = "id"
-	DomainPolicyCreationDateCol          = "creation_date"
-	DomainPolicyChangeDateCol            = "change_date"
-	DomainPolicySequenceCol              = "sequence"
-	DomainPolicyStateCol                 = "state"
-	DomainPolicyUserLoginMustBeDomainCol = "user_login_must_be_domain"
-	DomainPolicyValidateOrgDomainsCol    = "validate_org_domains"
-	DomainPolicyIsDefaultCol             = "is_default"
-	DomainPolicyResourceOwnerCol         = "resource_owner"
-	DomainPolicyInstanceIDCol            = "instance_id"
+	DomainPolicyIDCol                                     = "id"
+	DomainPolicyCreationDateCol                           = "creation_date"
+	DomainPolicyChangeDateCol                             = "change_date"
+	DomainPolicySequenceCol                               = "sequence"
+	DomainPolicyStateCol                                  = "state"
+	DomainPolicyUserLoginMustBeDomainCol                  = "user_login_must_be_domain"
+	DomainPolicyValidateOrgDomainsCol                     = "validate_org_domains"
+	DomainPolicySMTPSenderAddressMatchesInstanceDomainCol = "smtp_sender_address_matches_instance_domain"
+	DomainPolicyIsDefaultCol                              = "is_default"
+	DomainPolicyResourceOwnerCol                          = "resource_owner"
+	DomainPolicyInstanceIDCol                             = "instance_id"
 )

 type DomainPolicyProjection struct {
@@ -45,6 +46,7 @@ func NewDomainPolicyProjection(ctx context.Context, config crdb.StatementHandler
 			crdb.NewColumn(DomainPolicyStateCol, crdb.ColumnTypeEnum),
 			crdb.NewColumn(DomainPolicyUserLoginMustBeDomainCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(DomainPolicyValidateOrgDomainsCol, crdb.ColumnTypeBool),
+			crdb.NewColumn(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(DomainPolicyIsDefaultCol, crdb.ColumnTypeBool, crdb.Default(false)),
 			crdb.NewColumn(DomainPolicyResourceOwnerCol, crdb.ColumnTypeText),
 			crdb.NewColumn(DomainPolicyInstanceIDCol, crdb.ColumnTypeText),
@@ -114,6 +116,7 @@ func (p *DomainPolicyProjection) reduceAdded(event eventstore.Event) (*handler.S
 			handler.NewCol(DomainPolicyStateCol, domain.PolicyStateActive),
 			handler.NewCol(DomainPolicyUserLoginMustBeDomainCol, policyEvent.UserLoginMustBeDomain),
 			handler.NewCol(DomainPolicyValidateOrgDomainsCol, policyEvent.ValidateOrgDomains),
+			handler.NewCol(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, policyEvent.SMTPSenderAddressMatchesInstanceDomain),
 			handler.NewCol(DomainPolicyIsDefaultCol, isDefault),
 			handler.NewCol(DomainPolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner),
 			handler.NewCol(DomainPolicyInstanceIDCol, policyEvent.Aggregate().InstanceID),
@@ -140,6 +143,9 @@ func (p *DomainPolicyProjection) reduceChanged(event eventstore.Event) (*handler
 	if policyEvent.ValidateOrgDomains != nil {
 		cols = append(cols, handler.NewCol(DomainPolicyValidateOrgDomainsCol, *policyEvent.ValidateOrgDomains))
 	}
+	if policyEvent.SMTPSenderAddressMatchesInstanceDomain != nil {
+		cols = append(cols, handler.NewCol(DomainPolicySMTPSenderAddressMatchesInstanceDomainCol, *policyEvent.SMTPSenderAddressMatchesInstanceDomain))
+	}
 	return crdb.NewUpdateStatement(
 		&policyEvent,
 		cols,