deltachat/
mimefactory.rs

1//! # MIME message production.
2
3use std::collections::{BTreeSet, HashSet};
4use std::io::Cursor;
5use std::path::Path;
6
7use anyhow::{bail, Context as _, Result};
8use base64::Engine as _;
9use chrono::TimeZone;
10use deltachat_contact_tools::sanitize_bidi_characters;
11use mail_builder::headers::address::{Address, EmailAddress};
12use mail_builder::headers::HeaderType;
13use mail_builder::mime::MimePart;
14use tokio::fs;
15
16use crate::aheader::{Aheader, EncryptPreference};
17use crate::blob::BlobObject;
18use crate::chat::{self, Chat};
19use crate::config::Config;
20use crate::constants::ASM_SUBJECT;
21use crate::constants::{Chattype, DC_FROM_HANDSHAKE};
22use crate::contact::{Contact, ContactId, Origin};
23use crate::context::Context;
24use crate::e2ee::EncryptHelper;
25use crate::ephemeral::Timer as EphemeralTimer;
26use crate::key::self_fingerprint;
27use crate::key::{DcKey, SignedPublicKey};
28use crate::location;
29use crate::log::{info, warn};
30use crate::message::{self, Message, MsgId, Viewtype};
31use crate::mimeparser::{is_hidden, SystemMessage};
32use crate::param::Param;
33use crate::peer_channels::create_iroh_header;
34use crate::simplify::escape_message_footer_marks;
35use crate::stock_str;
36use crate::tools::{
37    create_outgoing_rfc724_mid, create_smeared_timestamp, remove_subject_prefix, time,
38    IsNoneOrEmpty,
39};
40use crate::webxdc::StatusUpdateSerial;
41
42// attachments of 25 mb brutto should work on the majority of providers
43// (brutto examples: web.de=50, 1&1=40, t-online.de=32, gmail=25, posteo=50, yahoo=25, all-inkl=100).
44// to get the netto sizes, we subtract 1 mb header-overhead and the base64-overhead.
45pub const RECOMMENDED_FILE_SIZE: u64 = 24 * 1024 * 1024 / 4 * 3;
46
47#[derive(Debug, Clone)]
48#[expect(clippy::large_enum_variant)]
49pub enum Loaded {
50    Message {
51        chat: Chat,
52        msg: Message,
53    },
54    Mdn {
55        rfc724_mid: String,
56        additional_msg_ids: Vec<String>,
57    },
58}
59
60/// Helper to construct mime messages.
61#[derive(Debug, Clone)]
62pub struct MimeFactory {
63    from_addr: String,
64    from_displayname: String,
65
66    /// Goes to the `Sender:`-header, if set.
67    /// For overridden names, `sender_displayname` is set to the
68    /// config-name while `from_displayname` is set to the overridden name.
69    /// From the perspective of the receiver,
70    /// a set `Sender:`-header is used as an indicator that the name is overridden;
71    /// names are alsways read from the `From:`-header.
72    sender_displayname: Option<String>,
73
74    selfstatus: String,
75
76    /// Vector of actual recipient addresses.
77    ///
78    /// This is the list of addresses the message should be sent to.
79    /// It is not the same as the `To` header,
80    /// because in case of "member removed" message
81    /// removed member is in the recipient list,
82    /// but not in the `To` header.
83    /// In case of broadcast lists there are multiple recipients,
84    /// but the `To` header has no members.
85    ///
86    /// If `bcc_self` configuration is enabled,
87    /// this list will be extended with own address later,
88    /// but `MimeFactory` is not responsible for this.
89    recipients: Vec<String>,
90
91    /// Vector of pairs of recipient
92    /// addresses and OpenPGP keys
93    /// to use for encryption.
94    ///
95    /// `None` if the message is not encrypted.
96    encryption_keys: Option<Vec<(String, SignedPublicKey)>>,
97
98    /// Vector of pairs of recipient name and address that goes into the `To` field.
99    ///
100    /// The list of actual message recipient addresses may be different,
101    /// e.g. if members are hidden for broadcast lists
102    /// or if the keys for some recipients are missing
103    /// and encrypted message cannot be sent to them.
104    to: Vec<(String, String)>,
105
106    /// Vector of pairs of past group member names and addresses.
107    past_members: Vec<(String, String)>,
108
109    /// Fingerprints of the members in the same order as in the `to`
110    /// followed by `past_members`.
111    ///
112    /// If this is not empty, its length
113    /// should be the sum of `to` and `past_members` length.
114    member_fingerprints: Vec<String>,
115
116    /// Timestamps of the members in the same order as in the `to`
117    /// followed by `past_members`.
118    ///
119    /// If this is not empty, its length
120    /// should be the sum of `to` and `past_members` length.
121    member_timestamps: Vec<i64>,
122
123    timestamp: i64,
124    loaded: Loaded,
125    in_reply_to: String,
126
127    /// List of Message-IDs for `References` header.
128    references: Vec<String>,
129
130    /// True if the message requests Message Disposition Notification
131    /// using `Chat-Disposition-Notification-To` header.
132    req_mdn: bool,
133
134    last_added_location_id: Option<u32>,
135
136    /// If the created mime-structure contains sync-items,
137    /// the IDs of these items are listed here.
138    /// The IDs are returned via `RenderedEmail`
139    /// and must be deleted if the message is actually queued for sending.
140    sync_ids_to_delete: Option<String>,
141
142    /// True if the avatar should be attached.
143    pub attach_selfavatar: bool,
144}
145
146/// Result of rendering a message, ready to be submitted to a send job.
147#[derive(Debug, Clone)]
148pub struct RenderedEmail {
149    pub message: String,
150    // pub envelope: Envelope,
151    pub is_encrypted: bool,
152    pub last_added_location_id: Option<u32>,
153
154    /// A comma-separated string of sync-IDs that are used by the rendered email and must be deleted
155    /// from `multi_device_sync` once the message is actually queued for sending.
156    pub sync_ids_to_delete: Option<String>,
157
158    /// Message ID (Message in the sense of Email)
159    pub rfc724_mid: String,
160
161    /// Message subject.
162    pub subject: String,
163}
164
165fn new_address_with_name(name: &str, address: String) -> Address<'static> {
166    Address::new_address(
167        if name == address || name.is_empty() {
168            None
169        } else {
170            Some(name.to_string())
171        },
172        address,
173    )
174}
175
176impl MimeFactory {
177    pub async fn from_msg(context: &Context, msg: Message) -> Result<MimeFactory> {
178        let now = time();
179        let chat = Chat::load_from_db(context, msg.chat_id).await?;
180        let attach_profile_data = Self::should_attach_profile_data(&msg);
181        let undisclosed_recipients = chat.typ == Chattype::Broadcast;
182
183        let from_addr = context.get_primary_self_addr().await?;
184        let config_displayname = context
185            .get_config(Config::Displayname)
186            .await?
187            .unwrap_or_default();
188        let (from_displayname, sender_displayname) =
189            if let Some(override_name) = msg.param.get(Param::OverrideSenderDisplayname) {
190                (override_name.to_string(), Some(config_displayname))
191            } else {
192                let name = match attach_profile_data {
193                    true => config_displayname,
194                    false => "".to_string(),
195                };
196                (name, None)
197            };
198
199        let mut recipients = Vec::new();
200        let mut to = Vec::new();
201        let mut past_members = Vec::new();
202        let mut member_fingerprints = Vec::new();
203        let mut member_timestamps = Vec::new();
204        let mut recipient_ids = HashSet::new();
205        let mut req_mdn = false;
206
207        let encryption_keys;
208
209        let self_fingerprint = self_fingerprint(context).await?;
210
211        if chat.is_self_talk() {
212            to.push((from_displayname.to_string(), from_addr.to_string()));
213
214            encryption_keys = if msg.param.get_bool(Param::ForcePlaintext).unwrap_or(false) {
215                None
216            } else {
217                // Encrypt, but only to self.
218                Some(Vec::new())
219            };
220        } else if chat.is_mailing_list() {
221            let list_post = chat
222                .param
223                .get(Param::ListPost)
224                .context("Can't write to mailinglist without ListPost param")?;
225            to.push(("".to_string(), list_post.to_string()));
226            recipients.push(list_post.to_string());
227
228            // Do not encrypt messages to mailing lists.
229            encryption_keys = None;
230        } else {
231            let email_to_remove = if msg.param.get_cmd() == SystemMessage::MemberRemovedFromGroup {
232                msg.param.get(Param::Arg)
233            } else {
234                None
235            };
236
237            let is_encrypted = if msg
238                .param
239                .get_bool(Param::ForcePlaintext)
240                .unwrap_or_default()
241            {
242                false
243            } else {
244                msg.param.get_bool(Param::GuaranteeE2ee).unwrap_or_default()
245                    || chat.is_encrypted(context).await?
246            };
247
248            let mut keys = Vec::new();
249            let mut missing_key_addresses = BTreeSet::new();
250            context
251                .sql
252                .query_map(
253                    "SELECT
254                     c.authname,
255                     c.addr,
256                     c.fingerprint,
257                     c.id,
258                     cc.add_timestamp,
259                     cc.remove_timestamp,
260                     k.public_key
261                     FROM chats_contacts cc
262                     LEFT JOIN contacts c ON cc.contact_id=c.id
263                     LEFT JOIN public_keys k ON k.fingerprint=c.fingerprint
264                     WHERE cc.chat_id=?
265                     AND (cc.contact_id>9 OR (cc.contact_id=1 AND ?))",
266                    (msg.chat_id, chat.typ == Chattype::Group),
267                    |row| {
268                        let authname: String = row.get(0)?;
269                        let addr: String = row.get(1)?;
270                        let fingerprint: String = row.get(2)?;
271                        let id: ContactId = row.get(3)?;
272                        let add_timestamp: i64 = row.get(4)?;
273                        let remove_timestamp: i64 = row.get(5)?;
274                        let public_key_bytes_opt: Option<Vec<u8>> = row.get(6)?;
275                        Ok((authname, addr, fingerprint, id, add_timestamp, remove_timestamp, public_key_bytes_opt))
276                    },
277                    |rows| {
278                        let mut past_member_timestamps = Vec::new();
279                        let mut past_member_fingerprints = Vec::new();
280
281                        for row in rows {
282                            let (authname, addr, fingerprint, id, add_timestamp, remove_timestamp, public_key_bytes_opt) = row?;
283
284                            let public_key_opt = if let Some(public_key_bytes) = &public_key_bytes_opt {
285                                Some(SignedPublicKey::from_slice(public_key_bytes)?)
286                            } else {
287                                None
288                            };
289
290                            let addr = if id == ContactId::SELF {
291                                from_addr.to_string()
292                            } else {
293                                addr
294                            };
295                            let name = match attach_profile_data {
296                                true => authname,
297                                false => "".to_string(),
298                            };
299                            if add_timestamp >= remove_timestamp {
300                                if !recipients_contain_addr(&to, &addr) {
301                                    if id != ContactId::SELF {
302                                        recipients.push(addr.clone());
303                                    }
304                                    if !undisclosed_recipients {
305                                        to.push((name, addr.clone()));
306
307                                        if is_encrypted {
308                                            if !fingerprint.is_empty() {
309                                                member_fingerprints.push(fingerprint);
310                                            } else if id == ContactId::SELF {
311                                                member_fingerprints.push(self_fingerprint.to_string());
312                                            } else {
313                                                debug_assert!(member_fingerprints.is_empty(), "If some past member is a key-contact, all other past members should be key-contacts too");
314                                            }
315                                        }
316                                        member_timestamps.push(add_timestamp);
317                                    }
318                                }
319                                recipient_ids.insert(id);
320
321                                if let Some(public_key) = public_key_opt {
322                                    keys.push((addr.clone(), public_key))
323                                } else if id != ContactId::SELF {
324                                    missing_key_addresses.insert(addr.clone());
325                                    if is_encrypted {
326                                        warn!(context, "Missing key for {addr}");
327                                    }
328                                }
329                            } else if remove_timestamp.saturating_add(60 * 24 * 3600) > now {
330                                // Row is a tombstone,
331                                // member is not actually part of the group.
332                                if !recipients_contain_addr(&past_members, &addr) {
333                                    if let Some(email_to_remove) = email_to_remove {
334                                        if email_to_remove == addr {
335                                            // This is a "member removed" message,
336                                            // we need to notify removed member
337                                            // that it was removed.
338                                            if id != ContactId::SELF {
339                                                recipients.push(addr.clone());
340                                            }
341
342                                            if let Some(public_key) = public_key_opt {
343                                                keys.push((addr.clone(), public_key))
344                                            } else if id != ContactId::SELF {
345                                                missing_key_addresses.insert(addr.clone());
346                                                if is_encrypted {
347                                                    warn!(context, "Missing key for {addr}");
348                                                }
349                                            }
350                                        }
351                                    }
352                                    if !undisclosed_recipients {
353                                        past_members.push((name, addr.clone()));
354                                        past_member_timestamps.push(remove_timestamp);
355
356                                        if is_encrypted {
357                                            if !fingerprint.is_empty() {
358                                                past_member_fingerprints.push(fingerprint);
359                                            } else if id == ContactId::SELF {
360                                                // It's fine to have self in past members
361                                                // if we are leaving the group.
362                                                past_member_fingerprints.push(self_fingerprint.to_string());
363                                            } else {
364                                                debug_assert!(past_member_fingerprints.is_empty(), "If some past member is a key-contact, all other past members should be key-contacts too");
365                                            }
366                                        }
367                                    }
368                                }
369                            }
370                        }
371
372                        debug_assert!(member_timestamps.len() >= to.len());
373                        debug_assert!(member_fingerprints.is_empty() || member_fingerprints.len() >= to.len());
374
375                        if to.len() > 1 {
376                            if let Some(position) = to.iter().position(|(_, x)| x == &from_addr) {
377                                to.remove(position);
378                                member_timestamps.remove(position);
379                                if is_encrypted {
380                                    member_fingerprints.remove(position);
381                                }
382                            }
383                        }
384
385                        member_timestamps.extend(past_member_timestamps);
386                        if is_encrypted {
387                            member_fingerprints.extend(past_member_fingerprints);
388                        }
389                        Ok(())
390                    },
391                )
392                .await?;
393            let recipient_ids: Vec<_> = recipient_ids.into_iter().collect();
394            ContactId::scaleup_origin(context, &recipient_ids, Origin::OutgoingTo).await?;
395
396            if !msg.is_system_message()
397                && msg.param.get_int(Param::Reaction).unwrap_or_default() == 0
398                && context.should_request_mdns().await?
399            {
400                req_mdn = true;
401            }
402
403            encryption_keys = if !is_encrypted {
404                None
405            } else {
406                if keys.is_empty() && !recipients.is_empty() {
407                    bail!(
408                        "No recipient keys are available, cannot encrypt to {:?}.",
409                        recipients
410                    );
411                }
412
413                // Remove recipients for which the key is missing.
414                if !missing_key_addresses.is_empty() {
415                    recipients.retain(|addr| !missing_key_addresses.contains(addr));
416                }
417
418                Some(keys)
419            };
420        }
421
422        let (in_reply_to, references) = context
423            .sql
424            .query_row(
425                "SELECT mime_in_reply_to, IFNULL(mime_references, '')
426                 FROM msgs WHERE id=?",
427                (msg.id,),
428                |row| {
429                    let in_reply_to: String = row.get(0)?;
430                    let references: String = row.get(1)?;
431
432                    Ok((in_reply_to, references))
433                },
434            )
435            .await?;
436        let references: Vec<String> = references
437            .trim()
438            .split_ascii_whitespace()
439            .map(|s| s.trim_start_matches('<').trim_end_matches('>').to_string())
440            .collect();
441        let selfstatus = match attach_profile_data {
442            true => context
443                .get_config(Config::Selfstatus)
444                .await?
445                .unwrap_or_default(),
446            false => "".to_string(),
447        };
448        let attach_selfavatar = Self::should_attach_selfavatar(context, &msg).await;
449
450        debug_assert!(
451            member_timestamps.is_empty()
452                || to.len() + past_members.len() == member_timestamps.len()
453        );
454
455        let factory = MimeFactory {
456            from_addr,
457            from_displayname,
458            sender_displayname,
459            selfstatus,
460            recipients,
461            encryption_keys,
462            to,
463            past_members,
464            member_fingerprints,
465            member_timestamps,
466            timestamp: msg.timestamp_sort,
467            loaded: Loaded::Message { msg, chat },
468            in_reply_to,
469            references,
470            req_mdn,
471            last_added_location_id: None,
472            sync_ids_to_delete: None,
473            attach_selfavatar,
474        };
475        Ok(factory)
476    }
477
478    pub async fn from_mdn(
479        context: &Context,
480        from_id: ContactId,
481        rfc724_mid: String,
482        additional_msg_ids: Vec<String>,
483    ) -> Result<MimeFactory> {
484        let contact = Contact::get_by_id(context, from_id).await?;
485        let from_addr = context.get_primary_self_addr().await?;
486        let timestamp = create_smeared_timestamp(context);
487
488        let addr = contact.get_addr().to_string();
489        let encryption_keys = if contact.is_key_contact() {
490            if let Some(key) = contact.public_key(context).await? {
491                Some(vec![(addr.clone(), key)])
492            } else {
493                Some(Vec::new())
494            }
495        } else {
496            None
497        };
498
499        let res = MimeFactory {
500            from_addr,
501            from_displayname: "".to_string(),
502            sender_displayname: None,
503            selfstatus: "".to_string(),
504            recipients: vec![addr],
505            encryption_keys,
506            to: vec![("".to_string(), contact.get_addr().to_string())],
507            past_members: vec![],
508            member_fingerprints: vec![],
509            member_timestamps: vec![],
510            timestamp,
511            loaded: Loaded::Mdn {
512                rfc724_mid,
513                additional_msg_ids,
514            },
515            in_reply_to: String::default(),
516            references: Vec::new(),
517            req_mdn: false,
518            last_added_location_id: None,
519            sync_ids_to_delete: None,
520            attach_selfavatar: false,
521        };
522
523        Ok(res)
524    }
525
526    fn should_skip_autocrypt(&self) -> bool {
527        match &self.loaded {
528            Loaded::Message { msg, .. } => {
529                msg.param.get_bool(Param::SkipAutocrypt).unwrap_or_default()
530            }
531            Loaded::Mdn { .. } => true,
532        }
533    }
534
535    fn should_attach_profile_data(msg: &Message) -> bool {
536        msg.param.get_cmd() != SystemMessage::SecurejoinMessage || {
537            let step = msg.param.get(Param::Arg).unwrap_or_default();
538            // Don't attach profile data at the earlier SecureJoin steps:
539            // - The corresponding messages, i.e. "v{c,g}-request" and "v{c,g}-auth-required" are
540            //   deleted right after processing, so other devices won't see the avatar etc.
541            // - It's also good for privacy because the contact isn't yet verified and these
542            //   messages are auto-sent unlike usual unencrypted messages.
543            step == "vg-request-with-auth"
544                || step == "vc-request-with-auth"
545                || step == "vg-member-added"
546                || step == "vc-contact-confirm"
547        }
548    }
549
550    async fn should_attach_selfavatar(context: &Context, msg: &Message) -> bool {
551        Self::should_attach_profile_data(msg)
552            && match chat::shall_attach_selfavatar(context, msg.chat_id).await {
553                Ok(should) => should,
554                Err(err) => {
555                    warn!(
556                        context,
557                        "should_attach_selfavatar: cannot get selfavatar state: {err:#}."
558                    );
559                    false
560                }
561            }
562    }
563
564    fn grpimage(&self) -> Option<String> {
565        match &self.loaded {
566            Loaded::Message { chat, msg } => {
567                let cmd = msg.param.get_cmd();
568
569                match cmd {
570                    SystemMessage::MemberAddedToGroup => {
571                        return chat.param.get(Param::ProfileImage).map(Into::into);
572                    }
573                    SystemMessage::GroupImageChanged => {
574                        return msg.param.get(Param::Arg).map(Into::into)
575                    }
576                    _ => {}
577                }
578
579                if msg
580                    .param
581                    .get_bool(Param::AttachGroupImage)
582                    .unwrap_or_default()
583                {
584                    return chat.param.get(Param::ProfileImage).map(Into::into);
585                }
586
587                None
588            }
589            Loaded::Mdn { .. } => None,
590        }
591    }
592
593    async fn subject_str(&self, context: &Context) -> Result<String> {
594        let subject = match &self.loaded {
595            Loaded::Message { ref chat, msg } => {
596                let quoted_msg_subject = msg.quoted_message(context).await?.map(|m| m.subject);
597
598                if !msg.subject.is_empty() {
599                    return Ok(msg.subject.clone());
600                }
601
602                if (chat.typ == Chattype::Group || chat.typ == Chattype::Broadcast)
603                    && quoted_msg_subject.is_none_or_empty()
604                {
605                    let re = if self.in_reply_to.is_empty() {
606                        ""
607                    } else {
608                        "Re: "
609                    };
610                    return Ok(format!("{}{}", re, chat.name));
611                }
612
613                let parent_subject = if quoted_msg_subject.is_none_or_empty() {
614                    chat.param.get(Param::LastSubject)
615                } else {
616                    quoted_msg_subject.as_deref()
617                };
618                if let Some(last_subject) = parent_subject {
619                    return Ok(format!("Re: {}", remove_subject_prefix(last_subject)));
620                }
621
622                let self_name = match Self::should_attach_profile_data(msg) {
623                    true => context.get_config(Config::Displayname).await?,
624                    false => None,
625                };
626                let self_name = &match self_name {
627                    Some(name) => name,
628                    None => context.get_config(Config::Addr).await?.unwrap_or_default(),
629                };
630                stock_str::subject_for_new_contact(context, self_name).await
631            }
632            Loaded::Mdn { .. } => "Receipt Notification".to_string(), // untranslated to no reveal sender's language
633        };
634
635        Ok(subject)
636    }
637
638    pub fn recipients(&self) -> Vec<String> {
639        self.recipients.clone()
640    }
641
642    /// Consumes a `MimeFactory` and renders it into a message which is then stored in
643    /// `smtp`-table to be used by the SMTP loop
644    pub async fn render(mut self, context: &Context) -> Result<RenderedEmail> {
645        let mut headers = Vec::<(&'static str, HeaderType<'static>)>::new();
646
647        let from = new_address_with_name(&self.from_displayname, self.from_addr.clone());
648
649        let mut to: Vec<Address<'static>> = Vec::new();
650        for (name, addr) in &self.to {
651            to.push(Address::new_address(
652                if name.is_empty() {
653                    None
654                } else {
655                    Some(name.to_string())
656                },
657                addr.clone(),
658            ));
659        }
660
661        let mut past_members: Vec<Address<'static>> = Vec::new(); // Contents of `Chat-Group-Past-Members` header.
662        for (name, addr) in &self.past_members {
663            past_members.push(Address::new_address(
664                if name.is_empty() {
665                    None
666                } else {
667                    Some(name.to_string())
668                },
669                addr.clone(),
670            ));
671        }
672
673        debug_assert!(
674            self.member_timestamps.is_empty()
675                || to.len() + past_members.len() == self.member_timestamps.len()
676        );
677        if to.is_empty() {
678            to.push(hidden_recipients());
679        }
680
681        // Start with Internet Message Format headers in the order of the standard example
682        // <https://datatracker.ietf.org/doc/html/rfc5322#appendix-A.1.1>.
683        headers.push(("From", from.into()));
684
685        if let Some(sender_displayname) = &self.sender_displayname {
686            let sender = new_address_with_name(sender_displayname, self.from_addr.clone());
687            headers.push(("Sender", sender.into()));
688        }
689        headers.push((
690            "To",
691            mail_builder::headers::address::Address::new_list(to.clone()).into(),
692        ));
693        if !past_members.is_empty() {
694            headers.push((
695                "Chat-Group-Past-Members",
696                mail_builder::headers::address::Address::new_list(past_members.clone()).into(),
697            ));
698        }
699
700        if let Loaded::Message { chat, .. } = &self.loaded {
701            if chat.typ == Chattype::Group {
702                if !self.member_timestamps.is_empty() && !chat.member_list_is_stale(context).await?
703                {
704                    headers.push((
705                        "Chat-Group-Member-Timestamps",
706                        mail_builder::headers::raw::Raw::new(
707                            self.member_timestamps
708                                .iter()
709                                .map(|ts| ts.to_string())
710                                .collect::<Vec<String>>()
711                                .join(" "),
712                        )
713                        .into(),
714                    ));
715                }
716
717                if !self.member_fingerprints.is_empty() {
718                    headers.push((
719                        "Chat-Group-Member-Fpr",
720                        mail_builder::headers::raw::Raw::new(
721                            self.member_fingerprints
722                                .iter()
723                                .map(|fp| fp.to_string())
724                                .collect::<Vec<String>>()
725                                .join(" "),
726                        )
727                        .into(),
728                    ));
729                }
730            }
731        }
732
733        let subject_str = self.subject_str(context).await?;
734        headers.push((
735            "Subject",
736            mail_builder::headers::text::Text::new(subject_str.to_string()).into(),
737        ));
738
739        let date = chrono::DateTime::<chrono::Utc>::from_timestamp(self.timestamp, 0)
740            .unwrap()
741            .to_rfc2822();
742        headers.push(("Date", mail_builder::headers::raw::Raw::new(date).into()));
743
744        let rfc724_mid = match &self.loaded {
745            Loaded::Message { msg, .. } => msg.rfc724_mid.clone(),
746            Loaded::Mdn { .. } => create_outgoing_rfc724_mid(),
747        };
748        headers.push((
749            "Message-ID",
750            mail_builder::headers::message_id::MessageId::new(rfc724_mid.clone()).into(),
751        ));
752
753        // Reply headers as in <https://datatracker.ietf.org/doc/html/rfc5322#appendix-A.2>.
754        if !self.in_reply_to.is_empty() {
755            headers.push((
756                "In-Reply-To",
757                mail_builder::headers::message_id::MessageId::new(self.in_reply_to.clone()).into(),
758            ));
759        }
760        if !self.references.is_empty() {
761            headers.push((
762                "References",
763                mail_builder::headers::message_id::MessageId::<'static>::new_list(
764                    self.references.iter().map(|s| s.to_string()),
765                )
766                .into(),
767            ));
768        }
769
770        // Automatic Response headers <https://www.rfc-editor.org/rfc/rfc3834>
771        if let Loaded::Mdn { .. } = self.loaded {
772            headers.push((
773                "Auto-Submitted",
774                mail_builder::headers::raw::Raw::new("auto-replied".to_string()).into(),
775            ));
776        } else if context.get_config_bool(Config::Bot).await? {
777            headers.push((
778                "Auto-Submitted",
779                mail_builder::headers::raw::Raw::new("auto-generated".to_string()).into(),
780            ));
781        } else if let Loaded::Message { msg, .. } = &self.loaded {
782            if msg.param.get_cmd() == SystemMessage::SecurejoinMessage {
783                let step = msg.param.get(Param::Arg).unwrap_or_default();
784                if step != "vg-request" && step != "vc-request" {
785                    headers.push((
786                        "Auto-Submitted",
787                        mail_builder::headers::raw::Raw::new("auto-replied".to_string()).into(),
788                    ));
789                }
790            }
791        }
792
793        if let Loaded::Message { chat, .. } = &self.loaded {
794            if chat.typ == Chattype::Broadcast {
795                headers.push((
796                    "List-ID",
797                    mail_builder::headers::text::Text::new(format!(
798                        "{} <{}>",
799                        chat.name, chat.grpid
800                    ))
801                    .into(),
802                ));
803            }
804        }
805
806        if let Loaded::Message { msg, .. } = &self.loaded {
807            if let Some(original_rfc724_mid) = msg.param.get(Param::TextEditFor) {
808                headers.push((
809                    "Chat-Edit",
810                    mail_builder::headers::message_id::MessageId::new(
811                        original_rfc724_mid.to_string(),
812                    )
813                    .into(),
814                ));
815            } else if let Some(rfc724_mid_list) = msg.param.get(Param::DeleteRequestFor) {
816                headers.push((
817                    "Chat-Delete",
818                    mail_builder::headers::message_id::MessageId::new(rfc724_mid_list.to_string())
819                        .into(),
820                ));
821            }
822        }
823
824        // Non-standard headers.
825        headers.push((
826            "Chat-Version",
827            mail_builder::headers::raw::Raw::new("1.0").into(),
828        ));
829
830        if self.req_mdn {
831            // we use "Chat-Disposition-Notification-To"
832            // because replies to "Disposition-Notification-To" are weird in many cases
833            // eg. are just freetext and/or do not follow any standard.
834            headers.push((
835                "Chat-Disposition-Notification-To",
836                mail_builder::headers::raw::Raw::new(self.from_addr.clone()).into(),
837            ));
838        }
839
840        let grpimage = self.grpimage();
841        let skip_autocrypt = self.should_skip_autocrypt();
842        let encrypt_helper = EncryptHelper::new(context).await?;
843
844        if !skip_autocrypt {
845            // unless determined otherwise we add the Autocrypt header
846            let aheader = encrypt_helper.get_aheader().to_string();
847            headers.push((
848                "Autocrypt",
849                mail_builder::headers::raw::Raw::new(aheader).into(),
850            ));
851        }
852
853        let is_encrypted = self.encryption_keys.is_some();
854
855        // Add ephemeral timer for non-MDN messages.
856        // For MDNs it does not matter because they are not visible
857        // and ignored by the receiver.
858        if let Loaded::Message { msg, .. } = &self.loaded {
859            let ephemeral_timer = msg.chat_id.get_ephemeral_timer(context).await?;
860            if let EphemeralTimer::Enabled { duration } = ephemeral_timer {
861                headers.push((
862                    "Ephemeral-Timer",
863                    mail_builder::headers::raw::Raw::new(duration.to_string()).into(),
864                ));
865            }
866        }
867
868        let is_securejoin_message = if let Loaded::Message { msg, .. } = &self.loaded {
869            msg.param.get_cmd() == SystemMessage::SecurejoinMessage
870        } else {
871            false
872        };
873
874        let message: MimePart<'static> = match &self.loaded {
875            Loaded::Message { msg, .. } => {
876                let msg = msg.clone();
877                let (main_part, mut parts) = self
878                    .render_message(context, &mut headers, &grpimage, is_encrypted)
879                    .await?;
880                if parts.is_empty() {
881                    // Single part, render as regular message.
882                    main_part
883                } else {
884                    parts.insert(0, main_part);
885
886                    // Multiple parts, render as multipart.
887                    if msg.param.get_cmd() == SystemMessage::MultiDeviceSync {
888                        MimePart::new("multipart/report; report-type=multi-device-sync", parts)
889                    } else if msg.param.get_cmd() == SystemMessage::WebxdcStatusUpdate {
890                        MimePart::new("multipart/report; report-type=status-update", parts)
891                    } else {
892                        MimePart::new("multipart/mixed", parts)
893                    }
894                }
895            }
896            Loaded::Mdn { .. } => self.render_mdn()?,
897        };
898
899        // Split headers based on header confidentiality policy.
900
901        // Headers that must go into IMF header section.
902        //
903        // These are standard headers such as Date, In-Reply-To, References, which cannot be placed
904        // anywhere else according to the standard. Placing headers here also allows them to be fetched
905        // individually over IMAP without downloading the message body. This is why Chat-Version is
906        // placed here.
907        let mut unprotected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
908
909        // Headers that MUST NOT (only) go into IMF header section:
910        // - Large headers which may hit the header section size limit on the server, such as
911        //   Chat-User-Avatar with a base64-encoded image inside.
912        // - Headers duplicated here that servers mess up with in the IMF header section, like
913        //   Message-ID.
914        // - Nonstandard headers that should be DKIM-protected because e.g. OpenDKIM only signs
915        //   known headers.
916        //
917        // The header should be hidden from MTA
918        // by moving it either into protected part
919        // in case of encrypted mails
920        // or unprotected MIME preamble in case of unencrypted mails.
921        let mut hidden_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
922
923        // Opportunistically protected headers.
924        //
925        // These headers are placed into encrypted part *if* the message is encrypted. Place headers
926        // which are not needed before decryption (e.g. Chat-Group-Name) or are not interesting if the
927        // message cannot be decrypted (e.g. Chat-Disposition-Notification-To) here.
928        //
929        // If the message is not encrypted, these headers are placed into IMF header section, so make
930        // sure that the message will be encrypted if you place any sensitive information here.
931        let mut protected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
932
933        // MIME header <https://datatracker.ietf.org/doc/html/rfc2045>.
934        unprotected_headers.push((
935            "MIME-Version",
936            mail_builder::headers::raw::Raw::new("1.0").into(),
937        ));
938        for header @ (original_header_name, _header_value) in &headers {
939            let header_name = original_header_name.to_lowercase();
940            if header_name == "message-id" {
941                unprotected_headers.push(header.clone());
942                hidden_headers.push(header.clone());
943            } else if is_hidden(&header_name) {
944                hidden_headers.push(header.clone());
945            } else if header_name == "autocrypt"
946                && !context.get_config_bool(Config::ProtectAutocrypt).await?
947            {
948                unprotected_headers.push(header.clone());
949            } else if header_name == "from" {
950                // Unencrypted securejoin messages should _not_ include the display name:
951                if is_encrypted || !is_securejoin_message {
952                    protected_headers.push(header.clone());
953                }
954
955                unprotected_headers.push((
956                    original_header_name,
957                    Address::new_address(None::<&'static str>, self.from_addr.clone()).into(),
958                ));
959            } else if header_name == "to" {
960                protected_headers.push(header.clone());
961                if is_encrypted {
962                    let mut to_without_names = to
963                        .clone()
964                        .into_iter()
965                        .filter_map(|header| match header {
966                            Address::Address(mb) => Some(Address::Address(EmailAddress {
967                                name: None,
968                                email: mb.email,
969                            })),
970                            _ => None,
971                        })
972                        .collect::<Vec<_>>();
973                    if to_without_names.is_empty() {
974                        to_without_names.push(hidden_recipients());
975                    }
976                    unprotected_headers.push((
977                        original_header_name,
978                        Address::new_list(to_without_names).into(),
979                    ));
980                } else {
981                    unprotected_headers.push(header.clone());
982                }
983            } else if is_encrypted {
984                protected_headers.push(header.clone());
985
986                match header_name.as_str() {
987                    "subject" => {
988                        unprotected_headers.push((
989                            "Subject",
990                            mail_builder::headers::raw::Raw::new("[...]").into(),
991                        ));
992                    }
993                    "date"
994                    | "in-reply-to"
995                    | "references"
996                    | "auto-submitted"
997                    | "chat-version"
998                    | "autocrypt-setup-message" => {
999                        unprotected_headers.push(header.clone());
1000                    }
1001                    _ => {
1002                        // Other headers are removed from unprotected part.
1003                    }
1004                }
1005            } else {
1006                // Copy the header to the protected headers
1007                // in case of signed-only message.
1008                // If the message is not signed, this value will not be used.
1009                protected_headers.push(header.clone());
1010                unprotected_headers.push(header.clone())
1011            }
1012        }
1013
1014        let outer_message = if let Some(encryption_keys) = self.encryption_keys {
1015            // Store protected headers in the inner message.
1016            let message = protected_headers
1017                .into_iter()
1018                .fold(message, |message, (header, value)| {
1019                    message.header(header, value)
1020                });
1021
1022            // Add hidden headers to encrypted payload.
1023            let mut message: MimePart<'static> = hidden_headers
1024                .into_iter()
1025                .fold(message, |message, (header, value)| {
1026                    message.header(header, value)
1027                });
1028
1029            // Add gossip headers in chats with multiple recipients
1030            let multiple_recipients =
1031                encryption_keys.len() > 1 || context.get_config_bool(Config::BccSelf).await?;
1032
1033            let gossip_period = context.get_config_i64(Config::GossipPeriod).await?;
1034            let now = time();
1035
1036            match &self.loaded {
1037                Loaded::Message { chat, msg } => {
1038                    if chat.typ != Chattype::Broadcast {
1039                        for (addr, key) in &encryption_keys {
1040                            let fingerprint = key.dc_fingerprint().hex();
1041                            let cmd = msg.param.get_cmd();
1042                            let should_do_gossip = cmd == SystemMessage::MemberAddedToGroup
1043                                || cmd == SystemMessage::SecurejoinMessage
1044                                || multiple_recipients && {
1045                                    let gossiped_timestamp: Option<i64> = context
1046                                        .sql
1047                                        .query_get_value(
1048                                            "SELECT timestamp
1049                                         FROM gossip_timestamp
1050                                         WHERE chat_id=? AND fingerprint=?",
1051                                            (chat.id, &fingerprint),
1052                                        )
1053                                        .await?;
1054
1055                                    // `gossip_period == 0` is a special case for testing,
1056                                    // enabling gossip in every message.
1057                                    //
1058                                    // If current time is in the past compared to
1059                                    // `gossiped_timestamp`, we also gossip because
1060                                    // either the `gossiped_timestamp` or clock is wrong.
1061                                    gossip_period == 0
1062                                        || gossiped_timestamp
1063                                            .is_none_or(|ts| now >= ts + gossip_period || now < ts)
1064                                };
1065
1066                            if !should_do_gossip {
1067                                continue;
1068                            }
1069
1070                            let header = Aheader::new(
1071                                addr.clone(),
1072                                key.clone(),
1073                                // Autocrypt 1.1.0 specification says that
1074                                // `prefer-encrypt` attribute SHOULD NOT be included.
1075                                EncryptPreference::NoPreference,
1076                            )
1077                            .to_string();
1078
1079                            message = message.header(
1080                                "Autocrypt-Gossip",
1081                                mail_builder::headers::raw::Raw::new(header),
1082                            );
1083
1084                            context
1085                                .sql
1086                                .execute(
1087                                    "INSERT INTO gossip_timestamp (chat_id, fingerprint, timestamp)
1088                                     VALUES                       (?, ?, ?)
1089                                     ON CONFLICT                  (chat_id, fingerprint)
1090                                     DO UPDATE SET timestamp=excluded.timestamp",
1091                                    (chat.id, &fingerprint, now),
1092                                )
1093                                .await?;
1094                        }
1095                    }
1096                }
1097                Loaded::Mdn { .. } => {
1098                    // Never gossip in MDNs.
1099                }
1100            }
1101
1102            // Set the appropriate Content-Type for the inner message.
1103            for (h, ref mut v) in &mut message.headers {
1104                if h == "Content-Type" {
1105                    if let mail_builder::headers::HeaderType::ContentType(ref mut ct) = v {
1106                        *ct = ct.clone().attribute("protected-headers", "v1");
1107                    }
1108                }
1109            }
1110
1111            // Disable compression for SecureJoin to ensure
1112            // there are no compression side channels
1113            // leaking information about the tokens.
1114            let compress = match &self.loaded {
1115                Loaded::Message { msg, .. } => {
1116                    msg.param.get_cmd() != SystemMessage::SecurejoinMessage
1117                }
1118                Loaded::Mdn { .. } => true,
1119            };
1120
1121            // Encrypt to self unconditionally,
1122            // even for a single-device setup.
1123            let mut encryption_keyring = vec![encrypt_helper.public_key.clone()];
1124            encryption_keyring.extend(encryption_keys.iter().map(|(_addr, key)| (*key).clone()));
1125
1126            // XXX: additional newline is needed
1127            // to pass filtermail at
1128            // <https://github.com/deltachat/chatmail/blob/4d915f9800435bf13057d41af8d708abd34dbfa8/chatmaild/src/chatmaild/filtermail.py#L84-L86>
1129            let encrypted = encrypt_helper
1130                .encrypt(context, encryption_keyring, message, compress)
1131                .await?
1132                + "\n";
1133
1134            // Set the appropriate Content-Type for the outer message
1135            MimePart::new(
1136                "multipart/encrypted; protocol=\"application/pgp-encrypted\"",
1137                vec![
1138                    // Autocrypt part 1
1139                    MimePart::new("application/pgp-encrypted", "Version: 1\r\n").header(
1140                        "Content-Description",
1141                        mail_builder::headers::raw::Raw::new("PGP/MIME version identification"),
1142                    ),
1143                    // Autocrypt part 2
1144                    MimePart::new(
1145                        "application/octet-stream; name=\"encrypted.asc\"",
1146                        encrypted,
1147                    )
1148                    .header(
1149                        "Content-Description",
1150                        mail_builder::headers::raw::Raw::new("OpenPGP encrypted message"),
1151                    )
1152                    .header(
1153                        "Content-Disposition",
1154                        mail_builder::headers::raw::Raw::new("inline; filename=\"encrypted.asc\";"),
1155                    ),
1156                ],
1157            )
1158        } else if matches!(self.loaded, Loaded::Mdn { .. }) {
1159            // Never add outer multipart/mixed wrapper to MDN
1160            // as multipart/report Content-Type is used to recognize MDNs
1161            // by Delta Chat receiver and Chatmail servers
1162            // allowing them to be unencrypted and not contain Autocrypt header
1163            // without resetting Autocrypt encryption or triggering Chatmail filter
1164            // that normally only allows encrypted mails.
1165
1166            // Hidden headers are dropped.
1167            message
1168        } else {
1169            let message = hidden_headers
1170                .into_iter()
1171                .fold(message, |message, (header, value)| {
1172                    message.header(header, value)
1173                });
1174            let message = MimePart::new("multipart/mixed", vec![message]);
1175            let mut message = protected_headers
1176                .iter()
1177                .fold(message, |message, (header, value)| {
1178                    message.header(*header, value.clone())
1179                });
1180
1181            if skip_autocrypt || !context.get_config_bool(Config::SignUnencrypted).await? {
1182                // Deduplicate unprotected headers that also are in the protected headers:
1183                let protected: HashSet<&str> =
1184                    HashSet::from_iter(protected_headers.iter().map(|(header, _value)| *header));
1185                unprotected_headers.retain(|(header, _value)| !protected.contains(header));
1186
1187                message
1188            } else {
1189                for (h, ref mut v) in &mut message.headers {
1190                    if h == "Content-Type" {
1191                        if let mail_builder::headers::HeaderType::ContentType(ref mut ct) = v {
1192                            *ct = ct.clone().attribute("protected-headers", "v1");
1193                        }
1194                    }
1195                }
1196
1197                let signature = encrypt_helper.sign(context, &message).await?;
1198                MimePart::new(
1199                    "multipart/signed; protocol=\"application/pgp-signature\"; protected",
1200                    vec![
1201                        message,
1202                        MimePart::new(
1203                            "application/pgp-signature; name=\"signature.asc\"",
1204                            signature,
1205                        )
1206                        .header(
1207                            "Content-Description",
1208                            mail_builder::headers::raw::Raw::<'static>::new(
1209                                "OpenPGP digital signature",
1210                            ),
1211                        )
1212                        .attachment("signature"),
1213                    ],
1214                )
1215            }
1216        };
1217
1218        // Store the unprotected headers on the outer message.
1219        let outer_message = unprotected_headers
1220            .into_iter()
1221            .fold(outer_message, |message, (header, value)| {
1222                message.header(header, value)
1223            });
1224
1225        let MimeFactory {
1226            last_added_location_id,
1227            ..
1228        } = self;
1229
1230        let mut buffer = Vec::new();
1231        let cursor = Cursor::new(&mut buffer);
1232        outer_message.clone().write_part(cursor).ok();
1233        let message = String::from_utf8_lossy(&buffer).to_string();
1234
1235        Ok(RenderedEmail {
1236            message,
1237            // envelope: Envelope::new,
1238            is_encrypted,
1239            last_added_location_id,
1240            sync_ids_to_delete: self.sync_ids_to_delete,
1241            rfc724_mid,
1242            subject: subject_str,
1243        })
1244    }
1245
1246    /// Returns MIME part with a `message.kml` attachment.
1247    fn get_message_kml_part(&self) -> Option<MimePart<'static>> {
1248        let Loaded::Message { msg, .. } = &self.loaded else {
1249            return None;
1250        };
1251
1252        let latitude = msg.param.get_float(Param::SetLatitude)?;
1253        let longitude = msg.param.get_float(Param::SetLongitude)?;
1254
1255        let kml_file = location::get_message_kml(msg.timestamp_sort, latitude, longitude);
1256        let part = MimePart::new("application/vnd.google-earth.kml+xml", kml_file)
1257            .attachment("message.kml");
1258        Some(part)
1259    }
1260
1261    /// Returns MIME part with a `location.kml` attachment.
1262    async fn get_location_kml_part(
1263        &mut self,
1264        context: &Context,
1265    ) -> Result<Option<MimePart<'static>>> {
1266        let Loaded::Message { msg, .. } = &self.loaded else {
1267            return Ok(None);
1268        };
1269
1270        let Some((kml_content, last_added_location_id)) =
1271            location::get_kml(context, msg.chat_id).await?
1272        else {
1273            return Ok(None);
1274        };
1275
1276        let part = MimePart::new("application/vnd.google-earth.kml+xml", kml_content)
1277            .attachment("location.kml");
1278        if !msg.param.exists(Param::SetLatitude) {
1279            // otherwise, the independent location is already filed
1280            self.last_added_location_id = Some(last_added_location_id);
1281        }
1282        Ok(Some(part))
1283    }
1284
1285    async fn render_message(
1286        &mut self,
1287        context: &Context,
1288        headers: &mut Vec<(&'static str, HeaderType<'static>)>,
1289        grpimage: &Option<String>,
1290        is_encrypted: bool,
1291    ) -> Result<(MimePart<'static>, Vec<MimePart<'static>>)> {
1292        let Loaded::Message { chat, msg } = &self.loaded else {
1293            bail!("Attempt to render MDN as a message");
1294        };
1295        let chat = chat.clone();
1296        let msg = msg.clone();
1297        let command = msg.param.get_cmd();
1298        let mut placeholdertext = None;
1299
1300        let send_verified_headers = match chat.typ {
1301            Chattype::Single => true,
1302            Chattype::Group => true,
1303            // Mailinglists and broadcast lists can actually never be verified:
1304            Chattype::Mailinglist => false,
1305            Chattype::Broadcast => false,
1306        };
1307        if chat.is_protected() && send_verified_headers {
1308            headers.push((
1309                "Chat-Verified",
1310                mail_builder::headers::raw::Raw::new("1").into(),
1311            ));
1312        }
1313
1314        if chat.typ == Chattype::Group {
1315            // Send group ID unless it is an ad hoc group that has no ID.
1316            if !chat.grpid.is_empty() {
1317                headers.push((
1318                    "Chat-Group-ID",
1319                    mail_builder::headers::raw::Raw::new(chat.grpid.clone()).into(),
1320                ));
1321            }
1322
1323            headers.push((
1324                "Chat-Group-Name",
1325                mail_builder::headers::text::Text::new(chat.name.to_string()).into(),
1326            ));
1327            if let Some(ts) = chat.param.get_i64(Param::GroupNameTimestamp) {
1328                headers.push((
1329                    "Chat-Group-Name-Timestamp",
1330                    mail_builder::headers::text::Text::new(ts.to_string()).into(),
1331                ));
1332            }
1333
1334            match command {
1335                SystemMessage::MemberRemovedFromGroup => {
1336                    let email_to_remove = msg.param.get(Param::Arg).unwrap_or_default();
1337
1338                    if email_to_remove
1339                        == context
1340                            .get_config(Config::ConfiguredAddr)
1341                            .await?
1342                            .unwrap_or_default()
1343                    {
1344                        placeholdertext = Some(stock_str::msg_group_left_remote(context).await);
1345                    } else {
1346                        placeholdertext =
1347                            Some(stock_str::msg_del_member_remote(context, email_to_remove).await);
1348                    };
1349
1350                    if !email_to_remove.is_empty() {
1351                        headers.push((
1352                            "Chat-Group-Member-Removed",
1353                            mail_builder::headers::raw::Raw::new(email_to_remove.to_string())
1354                                .into(),
1355                        ));
1356                    }
1357                }
1358                SystemMessage::MemberAddedToGroup => {
1359                    // TODO: lookup the contact by ID rather than email address.
1360                    // We are adding key-contacts, the cannot be looked up by address.
1361                    let email_to_add = msg.param.get(Param::Arg).unwrap_or_default();
1362                    placeholdertext =
1363                        Some(stock_str::msg_add_member_remote(context, email_to_add).await);
1364
1365                    if !email_to_add.is_empty() {
1366                        headers.push((
1367                            "Chat-Group-Member-Added",
1368                            mail_builder::headers::raw::Raw::new(email_to_add.to_string()).into(),
1369                        ));
1370                    }
1371                    if 0 != msg.param.get_int(Param::Arg2).unwrap_or_default() & DC_FROM_HANDSHAKE {
1372                        info!(
1373                            context,
1374                            "Sending secure-join message {:?}.", "vg-member-added",
1375                        );
1376                        headers.push((
1377                            "Secure-Join",
1378                            mail_builder::headers::raw::Raw::new("vg-member-added".to_string())
1379                                .into(),
1380                        ));
1381                    }
1382                }
1383                SystemMessage::GroupNameChanged => {
1384                    let old_name = msg.param.get(Param::Arg).unwrap_or_default().to_string();
1385                    headers.push((
1386                        "Chat-Group-Name-Changed",
1387                        mail_builder::headers::text::Text::new(old_name).into(),
1388                    ));
1389                }
1390                SystemMessage::GroupImageChanged => {
1391                    headers.push((
1392                        "Chat-Content",
1393                        mail_builder::headers::text::Text::new("group-avatar-changed").into(),
1394                    ));
1395                    if grpimage.is_none() {
1396                        headers.push((
1397                            "Chat-Group-Avatar",
1398                            mail_builder::headers::raw::Raw::new("0").into(),
1399                        ));
1400                    }
1401                }
1402                _ => {}
1403            }
1404        }
1405
1406        match command {
1407            SystemMessage::LocationStreamingEnabled => {
1408                headers.push((
1409                    "Chat-Content",
1410                    mail_builder::headers::raw::Raw::new("location-streaming-enabled").into(),
1411                ));
1412            }
1413            SystemMessage::EphemeralTimerChanged => {
1414                headers.push((
1415                    "Chat-Content",
1416                    mail_builder::headers::raw::Raw::new("ephemeral-timer-changed").into(),
1417                ));
1418            }
1419            SystemMessage::LocationOnly
1420            | SystemMessage::MultiDeviceSync
1421            | SystemMessage::WebxdcStatusUpdate => {
1422                // This should prevent automatic replies,
1423                // such as non-delivery reports.
1424                //
1425                // See <https://tools.ietf.org/html/rfc3834>
1426                //
1427                // Adding this header without encryption leaks some
1428                // information about the message contents, but it can
1429                // already be easily guessed from message timing and size.
1430                headers.push((
1431                    "Auto-Submitted",
1432                    mail_builder::headers::raw::Raw::new("auto-generated").into(),
1433                ));
1434            }
1435            SystemMessage::AutocryptSetupMessage => {
1436                headers.push((
1437                    "Autocrypt-Setup-Message",
1438                    mail_builder::headers::raw::Raw::new("v1").into(),
1439                ));
1440
1441                placeholdertext = Some(ASM_SUBJECT.to_string());
1442            }
1443            SystemMessage::SecurejoinMessage => {
1444                let step = msg.param.get(Param::Arg).unwrap_or_default();
1445                if !step.is_empty() {
1446                    info!(context, "Sending secure-join message {step:?}.");
1447                    headers.push((
1448                        "Secure-Join",
1449                        mail_builder::headers::raw::Raw::new(step.to_string()).into(),
1450                    ));
1451
1452                    let param2 = msg.param.get(Param::Arg2).unwrap_or_default();
1453                    if !param2.is_empty() {
1454                        headers.push((
1455                            if step == "vg-request-with-auth" || step == "vc-request-with-auth" {
1456                                "Secure-Join-Auth"
1457                            } else {
1458                                "Secure-Join-Invitenumber"
1459                            },
1460                            mail_builder::headers::text::Text::new(param2.to_string()).into(),
1461                        ));
1462                    }
1463
1464                    let fingerprint = msg.param.get(Param::Arg3).unwrap_or_default();
1465                    if !fingerprint.is_empty() {
1466                        headers.push((
1467                            "Secure-Join-Fingerprint",
1468                            mail_builder::headers::raw::Raw::new(fingerprint.to_string()).into(),
1469                        ));
1470                    }
1471                    if let Some(id) = msg.param.get(Param::Arg4) {
1472                        headers.push((
1473                            "Secure-Join-Group",
1474                            mail_builder::headers::raw::Raw::new(id.to_string()).into(),
1475                        ));
1476                    };
1477                }
1478            }
1479            SystemMessage::ChatProtectionEnabled => {
1480                headers.push((
1481                    "Chat-Content",
1482                    mail_builder::headers::raw::Raw::new("protection-enabled").into(),
1483                ));
1484            }
1485            SystemMessage::ChatProtectionDisabled => {
1486                headers.push((
1487                    "Chat-Content",
1488                    mail_builder::headers::raw::Raw::new("protection-disabled").into(),
1489                ));
1490            }
1491            SystemMessage::IrohNodeAddr => {
1492                headers.push((
1493                    "Iroh-Node-Addr",
1494                    mail_builder::headers::text::Text::new(serde_json::to_string(
1495                        &context
1496                            .get_or_try_init_peer_channel()
1497                            .await?
1498                            .get_node_addr()
1499                            .await?,
1500                    )?)
1501                    .into(),
1502                ));
1503            }
1504            _ => {}
1505        }
1506
1507        if let Some(grpimage) = grpimage {
1508            info!(context, "setting group image '{}'", grpimage);
1509            let avatar = build_avatar_file(context, grpimage)
1510                .await
1511                .context("Cannot attach group image")?;
1512            headers.push((
1513                "Chat-Group-Avatar",
1514                mail_builder::headers::raw::Raw::new(format!("base64:{avatar}")).into(),
1515            ));
1516        }
1517
1518        if msg.viewtype == Viewtype::Sticker {
1519            headers.push((
1520                "Chat-Content",
1521                mail_builder::headers::raw::Raw::new("sticker").into(),
1522            ));
1523        } else if msg.viewtype == Viewtype::VideochatInvitation {
1524            headers.push((
1525                "Chat-Content",
1526                mail_builder::headers::raw::Raw::new("videochat-invitation").into(),
1527            ));
1528            headers.push((
1529                "Chat-Webrtc-Room",
1530                mail_builder::headers::raw::Raw::new(
1531                    msg.param
1532                        .get(Param::WebrtcRoom)
1533                        .unwrap_or_default()
1534                        .to_string(),
1535                )
1536                .into(),
1537            ));
1538        }
1539
1540        if msg.viewtype == Viewtype::Voice
1541            || msg.viewtype == Viewtype::Audio
1542            || msg.viewtype == Viewtype::Video
1543        {
1544            if msg.viewtype == Viewtype::Voice {
1545                headers.push((
1546                    "Chat-Voice-Message",
1547                    mail_builder::headers::raw::Raw::new("1").into(),
1548                ));
1549            }
1550            let duration_ms = msg.param.get_int(Param::Duration).unwrap_or_default();
1551            if duration_ms > 0 {
1552                let dur = duration_ms.to_string();
1553                headers.push((
1554                    "Chat-Duration",
1555                    mail_builder::headers::raw::Raw::new(dur).into(),
1556                ));
1557            }
1558        }
1559
1560        // add text part - we even add empty text and force a MIME-multipart-message as:
1561        // - some Apps have problems with Non-text in the main part (eg. "Mail" from stock Android)
1562        // - we can add "forward hints" this way
1563        // - it looks better
1564
1565        let afwd_email = msg.param.exists(Param::Forwarded);
1566        let fwdhint = if afwd_email {
1567            Some(
1568                "---------- Forwarded message ----------\r\n\
1569                 From: Delta Chat\r\n\
1570                 \r\n"
1571                    .to_string(),
1572            )
1573        } else {
1574            None
1575        };
1576
1577        let final_text = placeholdertext.as_deref().unwrap_or(&msg.text);
1578
1579        let mut quoted_text = None;
1580        if let Some(msg_quoted_text) = msg.quoted_text() {
1581            let mut some_quoted_text = String::new();
1582            for quoted_line in msg_quoted_text.split('\n') {
1583                some_quoted_text += "> ";
1584                some_quoted_text += quoted_line;
1585                some_quoted_text += "\r\n";
1586            }
1587            some_quoted_text += "\r\n";
1588            quoted_text = Some(some_quoted_text)
1589        }
1590
1591        if !is_encrypted && msg.param.get_bool(Param::ProtectQuote).unwrap_or_default() {
1592            // Message is not encrypted but quotes encrypted message.
1593            quoted_text = Some("> ...\r\n\r\n".to_string());
1594        }
1595        if quoted_text.is_none() && final_text.starts_with('>') {
1596            // Insert empty line to avoid receiver treating user-sent quote as topquote inserted by
1597            // Delta Chat.
1598            quoted_text = Some("\r\n".to_string());
1599        }
1600
1601        let is_reaction = msg.param.get_int(Param::Reaction).unwrap_or_default() != 0;
1602
1603        let footer = if is_reaction { "" } else { &self.selfstatus };
1604
1605        let message_text = format!(
1606            "{}{}{}{}{}{}",
1607            fwdhint.unwrap_or_default(),
1608            quoted_text.unwrap_or_default(),
1609            escape_message_footer_marks(final_text),
1610            if !final_text.is_empty() && !footer.is_empty() {
1611                "\r\n\r\n"
1612            } else {
1613                ""
1614            },
1615            if !footer.is_empty() { "-- \r\n" } else { "" },
1616            footer
1617        );
1618
1619        let mut main_part = MimePart::new("text/plain", message_text);
1620        if is_reaction {
1621            main_part = main_part.header(
1622                "Content-Disposition",
1623                mail_builder::headers::raw::Raw::new("reaction"),
1624            );
1625        }
1626
1627        let mut parts = Vec::new();
1628
1629        // add HTML-part, this is needed only if a HTML-message from a non-delta-client is forwarded;
1630        // for simplificity and to avoid conversion errors, we're generating the HTML-part from the original message.
1631        if msg.has_html() {
1632            let html = if let Some(orig_msg_id) = msg.param.get_int(Param::Forwarded) {
1633                MsgId::new(orig_msg_id.try_into()?)
1634                    .get_html(context)
1635                    .await?
1636            } else {
1637                msg.param.get(Param::SendHtml).map(|s| s.to_string())
1638            };
1639            if let Some(html) = html {
1640                main_part = MimePart::new(
1641                    "multipart/alternative",
1642                    vec![main_part, MimePart::new("text/html", html)],
1643                )
1644            }
1645        }
1646
1647        // add attachment part
1648        if msg.viewtype.has_file() {
1649            let file_part = build_body_file(context, &msg).await?;
1650            parts.push(file_part);
1651        }
1652
1653        if let Some(msg_kml_part) = self.get_message_kml_part() {
1654            parts.push(msg_kml_part);
1655        }
1656
1657        if location::is_sending_locations_to_chat(context, Some(msg.chat_id)).await? {
1658            if let Some(part) = self.get_location_kml_part(context).await? {
1659                parts.push(part);
1660            }
1661        }
1662
1663        // we do not piggyback sync-files to other self-sent-messages
1664        // to not risk files becoming too larger and being skipped by download-on-demand.
1665        if command == SystemMessage::MultiDeviceSync {
1666            let json = msg.param.get(Param::Arg).unwrap_or_default();
1667            let ids = msg.param.get(Param::Arg2).unwrap_or_default();
1668            parts.push(context.build_sync_part(json.to_string()));
1669            self.sync_ids_to_delete = Some(ids.to_string());
1670        } else if command == SystemMessage::WebxdcStatusUpdate {
1671            let json = msg.param.get(Param::Arg).unwrap_or_default();
1672            parts.push(context.build_status_update_part(json));
1673        } else if msg.viewtype == Viewtype::Webxdc {
1674            headers.push((
1675                "Iroh-Gossip-Topic",
1676                mail_builder::headers::raw::Raw::new(create_iroh_header(context, msg.id).await?)
1677                    .into(),
1678            ));
1679            if let (Some(json), _) = context
1680                .render_webxdc_status_update_object(
1681                    msg.id,
1682                    StatusUpdateSerial::MIN,
1683                    StatusUpdateSerial::MAX,
1684                    None,
1685                )
1686                .await?
1687            {
1688                parts.push(context.build_status_update_part(&json));
1689            }
1690        }
1691
1692        if self.attach_selfavatar {
1693            match context.get_config(Config::Selfavatar).await? {
1694                Some(path) => match build_avatar_file(context, &path).await {
1695                    Ok(avatar) => headers.push((
1696                        "Chat-User-Avatar",
1697                        mail_builder::headers::raw::Raw::new(format!("base64:{avatar}")).into(),
1698                    )),
1699                    Err(err) => warn!(context, "mimefactory: cannot attach selfavatar: {}", err),
1700                },
1701                None => headers.push((
1702                    "Chat-User-Avatar",
1703                    mail_builder::headers::raw::Raw::new("0").into(),
1704                )),
1705            }
1706        }
1707
1708        Ok((main_part, parts))
1709    }
1710
1711    /// Render an MDN
1712    fn render_mdn(&mut self) -> Result<MimePart<'static>> {
1713        // RFC 6522, this also requires the `report-type` parameter which is equal
1714        // to the MIME subtype of the second body part of the multipart/report
1715        //
1716        // currently, we do not send MDNs encrypted:
1717        // - in a multi-device-setup that is not set up properly, MDNs would disturb the communication as they
1718        //   are send automatically which may lead to spreading outdated Autocrypt headers.
1719        // - they do not carry any information but the Message-ID
1720        // - this save some KB
1721        // - in older versions, we did not encrypt messages to ourself when they to to SMTP - however, if these messages
1722        //   are forwarded for any reasons (eg. gmail always forwards to IMAP), we have no chance to decrypt them;
1723        //   this issue is fixed with 0.9.4
1724
1725        let Loaded::Mdn {
1726            rfc724_mid,
1727            additional_msg_ids,
1728        } = &self.loaded
1729        else {
1730            bail!("Attempt to render a message as MDN");
1731        };
1732
1733        // first body part: always human-readable, always REQUIRED by RFC 6522.
1734        // untranslated to no reveal sender's language.
1735        // moreover, translations in unknown languages are confusing, and clients may not display them at all
1736        let text_part = MimePart::new("text/plain", "This is a receipt notification.");
1737
1738        let mut message = MimePart::new(
1739            "multipart/report; report-type=disposition-notification",
1740            vec![text_part],
1741        );
1742
1743        // second body part: machine-readable, always REQUIRED by RFC 6522
1744        let message_text2 = format!(
1745            "Original-Recipient: rfc822;{}\r\n\
1746             Final-Recipient: rfc822;{}\r\n\
1747             Original-Message-ID: <{}>\r\n\
1748             Disposition: manual-action/MDN-sent-automatically; displayed\r\n",
1749            self.from_addr, self.from_addr, rfc724_mid
1750        );
1751
1752        let extension_fields = if additional_msg_ids.is_empty() {
1753            "".to_string()
1754        } else {
1755            "Additional-Message-IDs: ".to_string()
1756                + &additional_msg_ids
1757                    .iter()
1758                    .map(|mid| render_rfc724_mid(mid))
1759                    .collect::<Vec<String>>()
1760                    .join(" ")
1761                + "\r\n"
1762        };
1763
1764        message.add_part(MimePart::new(
1765            "message/disposition-notification",
1766            message_text2 + &extension_fields,
1767        ));
1768
1769        Ok(message)
1770    }
1771}
1772
1773fn hidden_recipients() -> Address<'static> {
1774    Address::new_group(Some("hidden-recipients".to_string()), Vec::new())
1775}
1776
1777async fn build_body_file(context: &Context, msg: &Message) -> Result<MimePart<'static>> {
1778    let file_name = msg.get_filename().context("msg has no file")?;
1779    let suffix = Path::new(&file_name)
1780        .extension()
1781        .and_then(|e| e.to_str())
1782        .unwrap_or("dat");
1783
1784    let blob = msg
1785        .param
1786        .get_file_blob(context)?
1787        .context("msg has no file")?;
1788
1789    // Get file name to use for sending.  For privacy purposes, we do
1790    // not transfer the original filenames eg. for images; these names
1791    // are normally not needed and contain timestamps, running numbers
1792    // etc.
1793    let filename_to_send: String = match msg.viewtype {
1794        Viewtype::Voice => format!(
1795            "voice-messsage_{}.{}",
1796            chrono::Utc
1797                .timestamp_opt(msg.timestamp_sort, 0)
1798                .single()
1799                .map_or_else(
1800                    || "YY-mm-dd_hh:mm:ss".to_string(),
1801                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string()
1802                ),
1803            &suffix
1804        ),
1805        Viewtype::Image | Viewtype::Gif => format!(
1806            "image_{}.{}",
1807            chrono::Utc
1808                .timestamp_opt(msg.timestamp_sort, 0)
1809                .single()
1810                .map_or_else(
1811                    || "YY-mm-dd_hh:mm:ss".to_string(),
1812                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string(),
1813                ),
1814            &suffix,
1815        ),
1816        Viewtype::Video => format!(
1817            "video_{}.{}",
1818            chrono::Utc
1819                .timestamp_opt(msg.timestamp_sort, 0)
1820                .single()
1821                .map_or_else(
1822                    || "YY-mm-dd_hh:mm:ss".to_string(),
1823                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string()
1824                ),
1825            &suffix
1826        ),
1827        _ => file_name,
1828    };
1829
1830    /* check mimetype */
1831    let mimetype = match msg.param.get(Param::MimeType) {
1832        Some(mtype) => mtype.to_string(),
1833        None => {
1834            if let Some((_viewtype, res)) = message::guess_msgtype_from_suffix(msg) {
1835                res.to_string()
1836            } else {
1837                "application/octet-stream".to_string()
1838            }
1839        }
1840    };
1841
1842    let body = fs::read(blob.to_abs_path()).await?;
1843
1844    // create mime part, for Content-Disposition, see RFC 2183.
1845    // `Content-Disposition: attachment` seems not to make a difference to `Content-Disposition: inline`
1846    // at least on tested Thunderbird and Gma'l in 2017.
1847    // But I've heard about problems with inline and outl'k, so we just use the attachment-type until we
1848    // run into other problems ...
1849    let mail =
1850        MimePart::new(mimetype, body).attachment(sanitize_bidi_characters(&filename_to_send));
1851
1852    Ok(mail)
1853}
1854
1855async fn build_avatar_file(context: &Context, path: &str) -> Result<String> {
1856    let blob = match path.starts_with("$BLOBDIR/") {
1857        true => BlobObject::from_name(context, path)?,
1858        false => BlobObject::from_path(context, path.as_ref())?,
1859    };
1860    let body = fs::read(blob.to_abs_path()).await?;
1861    let encoded_body = base64::engine::general_purpose::STANDARD
1862        .encode(&body)
1863        .chars()
1864        .enumerate()
1865        .fold(String::new(), |mut res, (i, c)| {
1866            if i % 78 == 77 {
1867                res.push(' ')
1868            }
1869            res.push(c);
1870            res
1871        });
1872    Ok(encoded_body)
1873}
1874
1875fn recipients_contain_addr(recipients: &[(String, String)], addr: &str) -> bool {
1876    let addr_lc = addr.to_lowercase();
1877    recipients
1878        .iter()
1879        .any(|(_, cur)| cur.to_lowercase() == addr_lc)
1880}
1881
1882fn render_rfc724_mid(rfc724_mid: &str) -> String {
1883    let rfc724_mid = rfc724_mid.trim().to_string();
1884
1885    if rfc724_mid.chars().next().unwrap_or_default() == '<' {
1886        rfc724_mid
1887    } else {
1888        format!("<{rfc724_mid}>")
1889    }
1890}
1891
1892#[cfg(test)]
1893mod mimefactory_tests;