Shared secret auth support, contributed by @JeWe37

README.md

@@ -43,8 +43,9 @@ so you can use it to send emails from your apps and scripts as well.
 env vars
 
 * **POSTMOOGLE_HOMESERVER** - homeserver url, eg: `https://matrix.example.com`
-* **POSTMOOGLE_LOGIN** - user login/localpart, eg: `moogle`
-* **POSTMOOGLE_PASSWORD** - user password
+* **POSTMOOGLE_LOGIN** - user login, localpart when logging in with password (e.g., `moogle`), OR full MXID when using shared secret (e.g., `@moogle:example.com`)
+* **POSTMOOGLE_PASSWORD** - user password, alternatively you may use shared secret
+* **POSTMOOGLE_SHAREDSECRET** - alternative to password, shared secret ([details](https://github.com/devture/matrix-synapse-shared-secret-auth))
 * **POSTMOOGLE_DOMAINS** - space separated list of SMTP domains to listen for new emails. The first domain acts as the default domain, all other as aliases
 
 <details>

cmd/cmd.go

@@ -105,6 +105,7 @@ func initMatrix(cfg *config.Config) {
 		Homeserver:        cfg.Homeserver,
 		Login:             cfg.Login,
 		Password:          cfg.Password,
+		SharedSecret:      cfg.SharedSecret,
 		DB:                db,
 		Dialect:           cfg.DB.Dialect,
 		AccountDataSecret: cfg.DataSecret,

config/config.go

@@ -16,6 +16,7 @@ func New() *Config {
 		Homeserver:   env.String("homeserver", defaultConfig.Homeserver),
 		Login:        env.String("login", defaultConfig.Login),
 		Password:     env.String("password", defaultConfig.Password),
+		SharedSecret: env.String("sharedsecret", defaultConfig.SharedSecret),
 		Prefix:       env.String("prefix", defaultConfig.Prefix),
 		Domains:      migrateDomains("domain", "domains"),
 		Port:         env.String("port", defaultConfig.Port),

config/types.go

@@ -6,10 +6,12 @@ import "time"
 type Config struct {
 	// Homeserver url
 	Homeserver string
-	// Login is a MXID localpart (scheduler - OK, @scheduler:example.com - wrong)
+	// Login is a localpart if logging in with password (postmoogle) OR full MXID if logging in with shared secret (@postmoogle:example.com)
 	Login string
 	// Password for login/password auth only
 	Password string
+	// SharedSecret for login/sharedsecret auth only
+	SharedSecret string
 	// Domains for SMTP
 	Domains []string
 	// Port for SMTP

go.mod

@@ -25,7 +25,7 @@ require (
 	gitlab.com/etke.cc/go/secgen v1.1.1
 	gitlab.com/etke.cc/go/trysmtp v1.1.3
 	gitlab.com/etke.cc/go/validator v1.0.6
-	gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568
+	gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0
 	maunium.net/go/mautrix v0.16.1
 )
 

go.sum

@@ -109,8 +109,8 @@ gitlab.com/etke.cc/go/trysmtp v1.1.3 h1:e2EHond77onMaecqCg6mWumffTSEf+ycgj88nbee
 gitlab.com/etke.cc/go/trysmtp v1.1.3/go.mod h1:lOO7tTdAE0a3ETV3wN3GJ7I1Tqewu7YTpPWaOmTteV0=
 gitlab.com/etke.cc/go/validator v1.0.6 h1:w0Muxf9Pqw7xvF7NaaswE6d7r9U3nB2t2l5PnFMrecQ=
 gitlab.com/etke.cc/go/validator v1.0.6/go.mod h1:Id0SxRj0J3IPhiKlj0w1plxVLZfHlkwipn7HfRZsDts=
-gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568 h1:4DqBpBNYZt6MGtDzxZoTwO40996Ug3XVbAkpMTLhowU=
-gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568/go.mod h1:IZ0TE+ZnIdJLb538owDMxhtpWH7blfW+oR7e5XRXxNY=
+gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0 h1:7fx8afCUluCzJISPUr6j8przpwdcCCXqqPHWvPRmzhA=
+gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0/go.mod h1:IZ0TE+ZnIdJLb538owDMxhtpWH7blfW+oR7e5XRXxNY=
 go.mau.fi/util v0.1.0 h1:BwIFWIOEeO7lsiI2eWKFkWTfc5yQmoe+0FYyOFVyaoE=
 go.mau.fi/util v0.1.0/go.mod h1:AxuJUMCxpzgJ5eV9JbPWKRH8aAJJidxetNdUj7qcb84=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=

vendor/gitlab.com/etke.cc/linkpearl/config.go

@@ -1,7 +1,10 @@
 package linkpearl
 
 import (
+	"crypto/hmac"
+	"crypto/sha512"
 	"database/sql"
+	"encoding/hex"
 
 	"github.com/rs/zerolog"
 	"maunium.net/go/mautrix"
@@ -12,10 +15,12 @@ import (
 type Config struct {
 	// Homeserver url
 	Homeserver string
-	// Login is a localpart (honoroit - OK, @honoroit:example.com - wrong)
+	// Login is a localpart for password auth or full mxid for shared secret auth (honoroit - for password, @honoroit:example.com - for shared secret)
 	Login string
 	// Password for login/password auth only
 	Password string
+	// Shared secret for login/sharedsecret auth only
+	SharedSecret string
 
 	// JoinPermit is a callback function that tells
 	// if linkpearl should respond to the given "invite" event
@@ -45,14 +50,24 @@ type Config struct {
 
 // LoginAs for cryptohelper
 func (cfg *Config) LoginAs() *mautrix.ReqLogin {
-	return &mautrix.ReqLogin{
-		Type: mautrix.AuthTypePassword,
+	loginReq := mautrix.ReqLogin{
 		Identifier: mautrix.UserIdentifier{
 			Type: mautrix.IdentifierTypeUser,
 			User: cfg.Login,
 		},
-		Password:           cfg.Password,
 		StoreCredentials:   true,
 		StoreHomeserverURL: true,
 	}
+
+	if cfg.SharedSecret != "" {
+		loginReq.Type = mautrix.AuthTypeDevtureSharedSecret
+		mac := hmac.New(sha512.New, []byte(cfg.SharedSecret))
+		mac.Write([]byte(cfg.Login))
+		loginReq.Token = hex.EncodeToString(mac.Sum(nil))
+	} else {
+		loginReq.Type = mautrix.AuthTypePassword
+		loginReq.Password = cfg.Password
+	}
+
+	return &loginReq
 }

vendor/modules.txt

@@ -141,7 +141,7 @@ gitlab.com/etke.cc/go/trysmtp
 # gitlab.com/etke.cc/go/validator v1.0.6
 ## explicit; go 1.18
 gitlab.com/etke.cc/go/validator
-# gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568
+# gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0
 ## explicit; go 1.18
 gitlab.com/etke.cc/linkpearl
 # go.mau.fi/util v0.1.0