From 8545ce80e4898ad6a64a77f0b7a34f750b1c8243 Mon Sep 17 00:00:00 2001
From: Aine <aine@etke.cc>
Date: Wed, 20 Sep 2023 10:25:35 +0300
Subject: [PATCH] Shared secret auth support, contributed by @JeWe37

---
 README.md                                     |  5 ++--
 cmd/cmd.go                                    |  1 +
 config/config.go                              |  1 +
 config/types.go                               |  4 +++-
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 vendor/gitlab.com/etke.cc/linkpearl/config.go | 23 +++++++++++++++----
 vendor/modules.txt                            |  2 +-
 8 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 27f2dbd..281d951 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,9 @@ so you can use it to send emails from your apps and scripts as well.
 env vars
 
 * **POSTMOOGLE_HOMESERVER** - homeserver url, eg: `https://matrix.example.com`
-* **POSTMOOGLE_LOGIN** - user login/localpart, eg: `moogle`
-* **POSTMOOGLE_PASSWORD** - user password
+* **POSTMOOGLE_LOGIN** - user login, localpart when logging in with password (e.g., `moogle`), OR full MXID when using shared secret (e.g., `@moogle:example.com`)
+* **POSTMOOGLE_PASSWORD** - user password, alternatively you may use shared secret
+* **POSTMOOGLE_SHAREDSECRET** - alternative to password, shared secret ([details](https://github.com/devture/matrix-synapse-shared-secret-auth))
 * **POSTMOOGLE_DOMAINS** - space separated list of SMTP domains to listen for new emails. The first domain acts as the default domain, all other as aliases
 
 <details>
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 601fd03..b3b5565 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -105,6 +105,7 @@ func initMatrix(cfg *config.Config) {
 		Homeserver:        cfg.Homeserver,
 		Login:             cfg.Login,
 		Password:          cfg.Password,
+		SharedSecret:      cfg.SharedSecret,
 		DB:                db,
 		Dialect:           cfg.DB.Dialect,
 		AccountDataSecret: cfg.DataSecret,
diff --git a/config/config.go b/config/config.go
index 06e594f..2415445 100644
--- a/config/config.go
+++ b/config/config.go
@@ -16,6 +16,7 @@ func New() *Config {
 		Homeserver:   env.String("homeserver", defaultConfig.Homeserver),
 		Login:        env.String("login", defaultConfig.Login),
 		Password:     env.String("password", defaultConfig.Password),
+		SharedSecret: env.String("sharedsecret", defaultConfig.SharedSecret),
 		Prefix:       env.String("prefix", defaultConfig.Prefix),
 		Domains:      migrateDomains("domain", "domains"),
 		Port:         env.String("port", defaultConfig.Port),
diff --git a/config/types.go b/config/types.go
index 8abff2d..191e818 100644
--- a/config/types.go
+++ b/config/types.go
@@ -6,10 +6,12 @@ import "time"
 type Config struct {
 	// Homeserver url
 	Homeserver string
-	// Login is a MXID localpart (scheduler - OK, @scheduler:example.com - wrong)
+	// Login is a localpart if logging in with password (postmoogle) OR full MXID if logging in with shared secret (@postmoogle:example.com)
 	Login string
 	// Password for login/password auth only
 	Password string
+	// SharedSecret for login/sharedsecret auth only
+	SharedSecret string
 	// Domains for SMTP
 	Domains []string
 	// Port for SMTP
diff --git a/go.mod b/go.mod
index 8c3ed39..a7a1e40 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	gitlab.com/etke.cc/go/secgen v1.1.1
 	gitlab.com/etke.cc/go/trysmtp v1.1.3
 	gitlab.com/etke.cc/go/validator v1.0.6
-	gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568
+	gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0
 	maunium.net/go/mautrix v0.16.1
 )
 
diff --git a/go.sum b/go.sum
index 413fff7..b87e519 100644
--- a/go.sum
+++ b/go.sum
@@ -109,8 +109,8 @@ gitlab.com/etke.cc/go/trysmtp v1.1.3 h1:e2EHond77onMaecqCg6mWumffTSEf+ycgj88nbee
 gitlab.com/etke.cc/go/trysmtp v1.1.3/go.mod h1:lOO7tTdAE0a3ETV3wN3GJ7I1Tqewu7YTpPWaOmTteV0=
 gitlab.com/etke.cc/go/validator v1.0.6 h1:w0Muxf9Pqw7xvF7NaaswE6d7r9U3nB2t2l5PnFMrecQ=
 gitlab.com/etke.cc/go/validator v1.0.6/go.mod h1:Id0SxRj0J3IPhiKlj0w1plxVLZfHlkwipn7HfRZsDts=
-gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568 h1:4DqBpBNYZt6MGtDzxZoTwO40996Ug3XVbAkpMTLhowU=
-gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568/go.mod h1:IZ0TE+ZnIdJLb538owDMxhtpWH7blfW+oR7e5XRXxNY=
+gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0 h1:7fx8afCUluCzJISPUr6j8przpwdcCCXqqPHWvPRmzhA=
+gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0/go.mod h1:IZ0TE+ZnIdJLb538owDMxhtpWH7blfW+oR7e5XRXxNY=
 go.mau.fi/util v0.1.0 h1:BwIFWIOEeO7lsiI2eWKFkWTfc5yQmoe+0FYyOFVyaoE=
 go.mau.fi/util v0.1.0/go.mod h1:AxuJUMCxpzgJ5eV9JbPWKRH8aAJJidxetNdUj7qcb84=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
diff --git a/vendor/gitlab.com/etke.cc/linkpearl/config.go b/vendor/gitlab.com/etke.cc/linkpearl/config.go
index 8cc0297..0fe5d17 100644
--- a/vendor/gitlab.com/etke.cc/linkpearl/config.go
+++ b/vendor/gitlab.com/etke.cc/linkpearl/config.go
@@ -1,7 +1,10 @@
 package linkpearl
 
 import (
+	"crypto/hmac"
+	"crypto/sha512"
 	"database/sql"
+	"encoding/hex"
 
 	"github.com/rs/zerolog"
 	"maunium.net/go/mautrix"
@@ -12,10 +15,12 @@ import (
 type Config struct {
 	// Homeserver url
 	Homeserver string
-	// Login is a localpart (honoroit - OK, @honoroit:example.com - wrong)
+	// Login is a localpart for password auth or full mxid for shared secret auth (honoroit - for password, @honoroit:example.com - for shared secret)
 	Login string
 	// Password for login/password auth only
 	Password string
+	// Shared secret for login/sharedsecret auth only
+	SharedSecret string
 
 	// JoinPermit is a callback function that tells
 	// if linkpearl should respond to the given "invite" event
@@ -45,14 +50,24 @@ type Config struct {
 
 // LoginAs for cryptohelper
 func (cfg *Config) LoginAs() *mautrix.ReqLogin {
-	return &mautrix.ReqLogin{
-		Type: mautrix.AuthTypePassword,
+	loginReq := mautrix.ReqLogin{
 		Identifier: mautrix.UserIdentifier{
 			Type: mautrix.IdentifierTypeUser,
 			User: cfg.Login,
 		},
-		Password:           cfg.Password,
 		StoreCredentials:   true,
 		StoreHomeserverURL: true,
 	}
+
+	if cfg.SharedSecret != "" {
+		loginReq.Type = mautrix.AuthTypeDevtureSharedSecret
+		mac := hmac.New(sha512.New, []byte(cfg.SharedSecret))
+		mac.Write([]byte(cfg.Login))
+		loginReq.Token = hex.EncodeToString(mac.Sum(nil))
+	} else {
+		loginReq.Type = mautrix.AuthTypePassword
+		loginReq.Password = cfg.Password
+	}
+
+	return &loginReq
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 7225cfb..dfee720 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -141,7 +141,7 @@ gitlab.com/etke.cc/go/trysmtp
 # gitlab.com/etke.cc/go/validator v1.0.6
 ## explicit; go 1.18
 gitlab.com/etke.cc/go/validator
-# gitlab.com/etke.cc/linkpearl v0.0.0-20230916181909-246862c25568
+# gitlab.com/etke.cc/linkpearl v0.0.0-20230920071429-25fe33ba08d0
 ## explicit; go 1.18
 gitlab.com/etke.cc/linkpearl
 # go.mau.fi/util v0.1.0