deltachat/
mimefactory.rs

1//! # MIME message production.
2
3use std::collections::HashSet;
4use std::io::Cursor;
5use std::path::Path;
6
7use anyhow::{bail, Context as _, Result};
8use base64::Engine as _;
9use chrono::TimeZone;
10use deltachat_contact_tools::sanitize_bidi_characters;
11use mail_builder::headers::address::{Address, EmailAddress};
12use mail_builder::headers::HeaderType;
13use mail_builder::mime::MimePart;
14use tokio::fs;
15
16use crate::aheader::{Aheader, EncryptPreference};
17use crate::blob::BlobObject;
18use crate::chat::{self, Chat};
19use crate::config::Config;
20use crate::constants::ASM_SUBJECT;
21use crate::constants::{Chattype, DC_FROM_HANDSHAKE};
22use crate::contact::{Contact, ContactId, Origin};
23use crate::context::Context;
24use crate::e2ee::EncryptHelper;
25use crate::ephemeral::Timer as EphemeralTimer;
26use crate::key::DcKey;
27use crate::location;
28use crate::message::{self, Message, MsgId, Viewtype};
29use crate::mimeparser::{is_hidden, SystemMessage};
30use crate::param::Param;
31use crate::peer_channels::create_iroh_header;
32use crate::peerstate::Peerstate;
33use crate::simplify::escape_message_footer_marks;
34use crate::stock_str;
35use crate::tools::IsNoneOrEmpty;
36use crate::tools::{
37    create_outgoing_rfc724_mid, create_smeared_timestamp, remove_subject_prefix, time,
38};
39use crate::webxdc::StatusUpdateSerial;
40
41// attachments of 25 mb brutto should work on the majority of providers
42// (brutto examples: web.de=50, 1&1=40, t-online.de=32, gmail=25, posteo=50, yahoo=25, all-inkl=100).
43// to get the netto sizes, we subtract 1 mb header-overhead and the base64-overhead.
44pub const RECOMMENDED_FILE_SIZE: u64 = 24 * 1024 * 1024 / 4 * 3;
45
46#[derive(Debug, Clone)]
47#[expect(clippy::large_enum_variant)]
48pub enum Loaded {
49    Message {
50        chat: Chat,
51        msg: Message,
52    },
53    Mdn {
54        rfc724_mid: String,
55        additional_msg_ids: Vec<String>,
56    },
57}
58
59/// Helper to construct mime messages.
60#[derive(Debug, Clone)]
61pub struct MimeFactory {
62    from_addr: String,
63    from_displayname: String,
64
65    /// Goes to the `Sender:`-header, if set.
66    /// For overridden names, `sender_displayname` is set to the
67    /// config-name while `from_displayname` is set to the overridden name.
68    /// From the perspective of the receiver,
69    /// a set `Sender:`-header is used as an indicator that the name is overridden;
70    /// names are alsways read from the `From:`-header.
71    sender_displayname: Option<String>,
72
73    selfstatus: String,
74
75    /// Vector of actual recipient addresses.
76    ///
77    /// This is the list of addresses the message should be sent to.
78    /// It is not the same as the `To` header,
79    /// because in case of "member removed" message
80    /// removed member is in the recipient list,
81    /// but not in the `To` header.
82    /// In case of broadcast lists there are multiple recipients,
83    /// but the `To` header has no members.
84    ///
85    /// If `bcc_self` configuration is enabled,
86    /// this list will be extended with own address later,
87    /// but `MimeFactory` is not responsible for this.
88    recipients: Vec<String>,
89
90    /// Vector of pairs of recipient name and address that goes into the `To` field.
91    ///
92    /// The list of actual message recipient addresses may be different,
93    /// e.g. if members are hidden for broadcast lists
94    /// or if the keys for some recipients are missing
95    /// and encrypted message cannot be sent to them.
96    to: Vec<(String, String)>,
97
98    /// Vector of pairs of past group member names and addresses.
99    past_members: Vec<(String, String)>,
100
101    /// Timestamps of the members in the same order as in the `to`
102    /// followed by `past_members`.
103    ///
104    /// If this is not empty, its length
105    /// should be the sum of `recipients` and `past_members` length.
106    member_timestamps: Vec<i64>,
107
108    timestamp: i64,
109    loaded: Loaded,
110    in_reply_to: String,
111
112    /// List of Message-IDs for `References` header.
113    references: Vec<String>,
114
115    /// True if the message requests Message Disposition Notification
116    /// using `Chat-Disposition-Notification-To` header.
117    req_mdn: bool,
118
119    last_added_location_id: Option<u32>,
120
121    /// If the created mime-structure contains sync-items,
122    /// the IDs of these items are listed here.
123    /// The IDs are returned via `RenderedEmail`
124    /// and must be deleted if the message is actually queued for sending.
125    sync_ids_to_delete: Option<String>,
126
127    /// True if the avatar should be attached.
128    pub attach_selfavatar: bool,
129}
130
131/// Result of rendering a message, ready to be submitted to a send job.
132#[derive(Debug, Clone)]
133pub struct RenderedEmail {
134    pub message: String,
135    // pub envelope: Envelope,
136    pub is_encrypted: bool,
137    pub last_added_location_id: Option<u32>,
138
139    /// A comma-separated string of sync-IDs that are used by the rendered email and must be deleted
140    /// from `multi_device_sync` once the message is actually queued for sending.
141    pub sync_ids_to_delete: Option<String>,
142
143    /// Message ID (Message in the sense of Email)
144    pub rfc724_mid: String,
145
146    /// Message subject.
147    pub subject: String,
148}
149
150fn new_address_with_name(name: &str, address: String) -> Address<'static> {
151    Address::new_address(
152        if name == address || name.is_empty() {
153            None
154        } else {
155            Some(name.to_string())
156        },
157        address,
158    )
159}
160
161impl MimeFactory {
162    pub async fn from_msg(context: &Context, msg: Message) -> Result<MimeFactory> {
163        let now = time();
164        let chat = Chat::load_from_db(context, msg.chat_id).await?;
165        let attach_profile_data = Self::should_attach_profile_data(&msg);
166        let undisclosed_recipients = chat.typ == Chattype::Broadcast;
167
168        let from_addr = context.get_primary_self_addr().await?;
169        let config_displayname = context
170            .get_config(Config::Displayname)
171            .await?
172            .unwrap_or_default();
173        let (from_displayname, sender_displayname) =
174            if let Some(override_name) = msg.param.get(Param::OverrideSenderDisplayname) {
175                (override_name.to_string(), Some(config_displayname))
176            } else {
177                let name = match attach_profile_data {
178                    true => config_displayname,
179                    false => "".to_string(),
180                };
181                (name, None)
182            };
183
184        let mut recipients = Vec::new();
185        let mut to = Vec::new();
186        let mut past_members = Vec::new();
187        let mut member_timestamps = Vec::new();
188        let mut recipient_ids = HashSet::new();
189        let mut req_mdn = false;
190
191        if chat.is_self_talk() {
192            to.push((from_displayname.to_string(), from_addr.to_string()));
193        } else if chat.is_mailing_list() {
194            let list_post = chat
195                .param
196                .get(Param::ListPost)
197                .context("Can't write to mailinglist without ListPost param")?;
198            to.push(("".to_string(), list_post.to_string()));
199            recipients.push(list_post.to_string());
200        } else {
201            let email_to_remove = if msg.param.get_cmd() == SystemMessage::MemberRemovedFromGroup {
202                msg.param.get(Param::Arg)
203            } else {
204                None
205            };
206
207            context
208                .sql
209                .query_map(
210                    "SELECT c.authname, c.addr, c.id, cc.add_timestamp, cc.remove_timestamp
211                     FROM chats_contacts cc
212                     LEFT JOIN contacts c ON cc.contact_id=c.id
213                     WHERE cc.chat_id=? AND (cc.contact_id>9 OR (cc.contact_id=1 AND ?))",
214                    (msg.chat_id, chat.typ == Chattype::Group),
215                    |row| {
216                        let authname: String = row.get(0)?;
217                        let addr: String = row.get(1)?;
218                        let id: ContactId = row.get(2)?;
219                        let add_timestamp: i64 = row.get(3)?;
220                        let remove_timestamp: i64 = row.get(4)?;
221                        Ok((authname, addr, id, add_timestamp, remove_timestamp))
222                    },
223                    |rows| {
224                        let mut past_member_timestamps = Vec::new();
225
226                        for row in rows {
227                            let (authname, addr, id, add_timestamp, remove_timestamp) = row?;
228                            let addr = if id == ContactId::SELF {
229                                from_addr.to_string()
230                            } else {
231                                addr
232                            };
233                            let name = match attach_profile_data {
234                                true => authname,
235                                false => "".to_string(),
236                            };
237                            if add_timestamp >= remove_timestamp {
238                                if !recipients_contain_addr(&to, &addr) {
239                                    recipients.push(addr.clone());
240                                    if !undisclosed_recipients {
241                                        to.push((name, addr));
242                                        member_timestamps.push(add_timestamp);
243                                    }
244                                }
245                                recipient_ids.insert(id);
246                            } else if remove_timestamp.saturating_add(60 * 24 * 3600) > now {
247                                // Row is a tombstone,
248                                // member is not actually part of the group.
249                                if !recipients_contain_addr(&past_members, &addr) {
250                                    if let Some(email_to_remove) = email_to_remove {
251                                        if email_to_remove == addr {
252                                            // This is a "member removed" message,
253                                            // we need to notify removed member
254                                            // that it was removed.
255                                            recipients.push(addr.clone());
256                                        }
257                                    }
258                                    if !undisclosed_recipients {
259                                        past_members.push((name, addr));
260                                        past_member_timestamps.push(remove_timestamp);
261                                    }
262                                }
263                            }
264                        }
265
266                        debug_assert!(member_timestamps.len() >= to.len());
267
268                        if to.len() > 1 {
269                            if let Some(position) = to.iter().position(|(_, x)| x == &from_addr) {
270                                to.remove(position);
271                                member_timestamps.remove(position);
272                            }
273                        }
274
275                        member_timestamps.extend(past_member_timestamps);
276                        Ok(())
277                    },
278                )
279                .await?;
280            let recipient_ids: Vec<_> = recipient_ids.into_iter().collect();
281            ContactId::scaleup_origin(context, &recipient_ids, Origin::OutgoingTo).await?;
282
283            if !msg.is_system_message()
284                && msg.param.get_int(Param::Reaction).unwrap_or_default() == 0
285                && context.should_request_mdns().await?
286            {
287                req_mdn = true;
288            }
289        }
290        let (in_reply_to, references) = context
291            .sql
292            .query_row(
293                "SELECT mime_in_reply_to, IFNULL(mime_references, '')
294                 FROM msgs WHERE id=?",
295                (msg.id,),
296                |row| {
297                    let in_reply_to: String = row.get(0)?;
298                    let references: String = row.get(1)?;
299
300                    Ok((in_reply_to, references))
301                },
302            )
303            .await?;
304        let references: Vec<String> = references
305            .trim()
306            .split_ascii_whitespace()
307            .map(|s| s.trim_start_matches('<').trim_end_matches('>').to_string())
308            .collect();
309        let selfstatus = match attach_profile_data {
310            true => context
311                .get_config(Config::Selfstatus)
312                .await?
313                .unwrap_or_default(),
314            false => "".to_string(),
315        };
316        let attach_selfavatar = Self::should_attach_selfavatar(context, &msg).await;
317
318        debug_assert!(
319            member_timestamps.is_empty()
320                || to.len() + past_members.len() == member_timestamps.len()
321        );
322        let factory = MimeFactory {
323            from_addr,
324            from_displayname,
325            sender_displayname,
326            selfstatus,
327            recipients,
328            to,
329            past_members,
330            member_timestamps,
331            timestamp: msg.timestamp_sort,
332            loaded: Loaded::Message { msg, chat },
333            in_reply_to,
334            references,
335            req_mdn,
336            last_added_location_id: None,
337            sync_ids_to_delete: None,
338            attach_selfavatar,
339        };
340        Ok(factory)
341    }
342
343    pub async fn from_mdn(
344        context: &Context,
345        from_id: ContactId,
346        rfc724_mid: String,
347        additional_msg_ids: Vec<String>,
348    ) -> Result<MimeFactory> {
349        let contact = Contact::get_by_id(context, from_id).await?;
350        let from_addr = context.get_primary_self_addr().await?;
351        let timestamp = create_smeared_timestamp(context);
352
353        let res = MimeFactory {
354            from_addr,
355            from_displayname: "".to_string(),
356            sender_displayname: None,
357            selfstatus: "".to_string(),
358            recipients: vec![contact.get_addr().to_string()],
359            to: vec![("".to_string(), contact.get_addr().to_string())],
360            past_members: vec![],
361            member_timestamps: vec![],
362            timestamp,
363            loaded: Loaded::Mdn {
364                rfc724_mid,
365                additional_msg_ids,
366            },
367            in_reply_to: String::default(),
368            references: Vec::new(),
369            req_mdn: false,
370            last_added_location_id: None,
371            sync_ids_to_delete: None,
372            attach_selfavatar: false,
373        };
374
375        Ok(res)
376    }
377
378    async fn peerstates_for_recipients(
379        &self,
380        context: &Context,
381    ) -> Result<Vec<(Option<Peerstate>, String)>> {
382        let self_addr = context.get_primary_self_addr().await?;
383
384        let mut res = Vec::new();
385        for addr in self.recipients.iter().filter(|&addr| *addr != self_addr) {
386            res.push((Peerstate::from_addr(context, addr).await?, addr.clone()));
387        }
388
389        Ok(res)
390    }
391
392    fn is_e2ee_guaranteed(&self) -> bool {
393        match &self.loaded {
394            Loaded::Message { chat, msg } => {
395                !msg.param
396                    .get_bool(Param::ForcePlaintext)
397                    .unwrap_or_default()
398                    && (chat.is_protected()
399                        || msg.param.get_bool(Param::GuaranteeE2ee).unwrap_or_default())
400            }
401            Loaded::Mdn { .. } => false,
402        }
403    }
404
405    fn verified(&self) -> bool {
406        match &self.loaded {
407            Loaded::Message { chat, msg } => {
408                chat.is_self_talk() ||
409                    // Securejoin messages are supposed to verify a key.
410                    // In order to do this, it is necessary that they can be sent
411                    // to a key that is not yet verified.
412                    // This has to work independently of whether the chat is protected right now.
413                    chat.is_protected() && msg.get_info_type() != SystemMessage::SecurejoinMessage
414            }
415            Loaded::Mdn { .. } => false,
416        }
417    }
418
419    fn should_force_plaintext(&self) -> bool {
420        match &self.loaded {
421            Loaded::Message { msg, .. } => msg
422                .param
423                .get_bool(Param::ForcePlaintext)
424                .unwrap_or_default(),
425            Loaded::Mdn { .. } => false,
426        }
427    }
428
429    fn should_skip_autocrypt(&self) -> bool {
430        match &self.loaded {
431            Loaded::Message { msg, .. } => {
432                msg.param.get_bool(Param::SkipAutocrypt).unwrap_or_default()
433            }
434            Loaded::Mdn { .. } => true,
435        }
436    }
437
438    fn should_attach_profile_data(msg: &Message) -> bool {
439        msg.param.get_cmd() != SystemMessage::SecurejoinMessage || {
440            let step = msg.param.get(Param::Arg).unwrap_or_default();
441            // Don't attach profile data at the earlier SecureJoin steps:
442            // - The corresponding messages, i.e. "v{c,g}-request" and "v{c,g}-auth-required" are
443            //   deleted right after processing, so other devices won't see the avatar etc.
444            // - It's also good for privacy because the contact isn't yet verified and these
445            //   messages are auto-sent unlike usual unencrypted messages.
446            step == "vg-request-with-auth"
447                || step == "vc-request-with-auth"
448                || step == "vg-member-added"
449                || step == "vc-contact-confirm"
450        }
451    }
452
453    async fn should_attach_selfavatar(context: &Context, msg: &Message) -> bool {
454        Self::should_attach_profile_data(msg)
455            && match chat::shall_attach_selfavatar(context, msg.chat_id).await {
456                Ok(should) => should,
457                Err(err) => {
458                    warn!(
459                        context,
460                        "should_attach_selfavatar: cannot get selfavatar state: {err:#}."
461                    );
462                    false
463                }
464            }
465    }
466
467    fn grpimage(&self) -> Option<String> {
468        match &self.loaded {
469            Loaded::Message { chat, msg } => {
470                let cmd = msg.param.get_cmd();
471
472                match cmd {
473                    SystemMessage::MemberAddedToGroup => {
474                        return chat.param.get(Param::ProfileImage).map(Into::into);
475                    }
476                    SystemMessage::GroupImageChanged => {
477                        return msg.param.get(Param::Arg).map(Into::into)
478                    }
479                    _ => {}
480                }
481
482                if msg
483                    .param
484                    .get_bool(Param::AttachGroupImage)
485                    .unwrap_or_default()
486                {
487                    return chat.param.get(Param::ProfileImage).map(Into::into);
488                }
489
490                None
491            }
492            Loaded::Mdn { .. } => None,
493        }
494    }
495
496    async fn subject_str(&self, context: &Context) -> Result<String> {
497        let subject = match &self.loaded {
498            Loaded::Message { ref chat, msg } => {
499                let quoted_msg_subject = msg.quoted_message(context).await?.map(|m| m.subject);
500
501                if !msg.subject.is_empty() {
502                    return Ok(msg.subject.clone());
503                }
504
505                if (chat.typ == Chattype::Group || chat.typ == Chattype::Broadcast)
506                    && quoted_msg_subject.is_none_or_empty()
507                {
508                    let re = if self.in_reply_to.is_empty() {
509                        ""
510                    } else {
511                        "Re: "
512                    };
513                    return Ok(format!("{}{}", re, chat.name));
514                }
515
516                let parent_subject = if quoted_msg_subject.is_none_or_empty() {
517                    chat.param.get(Param::LastSubject)
518                } else {
519                    quoted_msg_subject.as_deref()
520                };
521                if let Some(last_subject) = parent_subject {
522                    return Ok(format!("Re: {}", remove_subject_prefix(last_subject)));
523                }
524
525                let self_name = match Self::should_attach_profile_data(msg) {
526                    true => context.get_config(Config::Displayname).await?,
527                    false => None,
528                };
529                let self_name = &match self_name {
530                    Some(name) => name,
531                    None => context.get_config(Config::Addr).await?.unwrap_or_default(),
532                };
533                stock_str::subject_for_new_contact(context, self_name).await
534            }
535            Loaded::Mdn { .. } => "Receipt Notification".to_string(), // untranslated to no reveal sender's language
536        };
537
538        Ok(subject)
539    }
540
541    pub fn recipients(&self) -> Vec<String> {
542        self.recipients.clone()
543    }
544
545    /// Consumes a `MimeFactory` and renders it into a message which is then stored in
546    /// `smtp`-table to be used by the SMTP loop
547    pub async fn render(mut self, context: &Context) -> Result<RenderedEmail> {
548        let mut headers = Vec::<(&'static str, HeaderType<'static>)>::new();
549
550        let from = new_address_with_name(&self.from_displayname, self.from_addr.clone());
551
552        let mut to: Vec<Address<'static>> = Vec::new();
553        for (name, addr) in &self.to {
554            to.push(Address::new_address(
555                if name.is_empty() {
556                    None
557                } else {
558                    Some(name.to_string())
559                },
560                addr.clone(),
561            ));
562        }
563
564        let mut past_members: Vec<Address<'static>> = Vec::new(); // Contents of `Chat-Group-Past-Members` header.
565        for (name, addr) in &self.past_members {
566            past_members.push(Address::new_address(
567                if name.is_empty() {
568                    None
569                } else {
570                    Some(name.to_string())
571                },
572                addr.clone(),
573            ));
574        }
575
576        debug_assert!(
577            self.member_timestamps.is_empty()
578                || to.len() + past_members.len() == self.member_timestamps.len()
579        );
580        if to.is_empty() {
581            to.push(hidden_recipients());
582        }
583
584        // Start with Internet Message Format headers in the order of the standard example
585        // <https://datatracker.ietf.org/doc/html/rfc5322#appendix-A.1.1>.
586        headers.push(("From", from.into()));
587
588        if let Some(sender_displayname) = &self.sender_displayname {
589            let sender = new_address_with_name(sender_displayname, self.from_addr.clone());
590            headers.push(("Sender", sender.into()));
591        }
592        headers.push((
593            "To",
594            mail_builder::headers::address::Address::new_list(to.clone()).into(),
595        ));
596        if !past_members.is_empty() {
597            headers.push((
598                "Chat-Group-Past-Members",
599                mail_builder::headers::address::Address::new_list(past_members.clone()).into(),
600            ));
601        }
602
603        if let Loaded::Message { chat, .. } = &self.loaded {
604            if chat.typ == Chattype::Group
605                && !self.member_timestamps.is_empty()
606                && !chat.member_list_is_stale(context).await?
607            {
608                headers.push((
609                    "Chat-Group-Member-Timestamps",
610                    mail_builder::headers::raw::Raw::new(
611                        self.member_timestamps
612                            .iter()
613                            .map(|ts| ts.to_string())
614                            .collect::<Vec<String>>()
615                            .join(" "),
616                    )
617                    .into(),
618                ));
619            }
620        }
621
622        let subject_str = self.subject_str(context).await?;
623        headers.push((
624            "Subject",
625            mail_builder::headers::text::Text::new(subject_str.to_string()).into(),
626        ));
627
628        let date = chrono::DateTime::<chrono::Utc>::from_timestamp(self.timestamp, 0)
629            .unwrap()
630            .to_rfc2822();
631        headers.push(("Date", mail_builder::headers::raw::Raw::new(date).into()));
632
633        let rfc724_mid = match &self.loaded {
634            Loaded::Message { msg, .. } => msg.rfc724_mid.clone(),
635            Loaded::Mdn { .. } => create_outgoing_rfc724_mid(),
636        };
637        headers.push((
638            "Message-ID",
639            mail_builder::headers::message_id::MessageId::new(rfc724_mid.clone()).into(),
640        ));
641
642        // Reply headers as in <https://datatracker.ietf.org/doc/html/rfc5322#appendix-A.2>.
643        if !self.in_reply_to.is_empty() {
644            headers.push((
645                "In-Reply-To",
646                mail_builder::headers::message_id::MessageId::new(self.in_reply_to.clone()).into(),
647            ));
648        }
649        if !self.references.is_empty() {
650            headers.push((
651                "References",
652                mail_builder::headers::message_id::MessageId::<'static>::new_list(
653                    self.references.iter().map(|s| s.to_string()),
654                )
655                .into(),
656            ));
657        }
658
659        // Automatic Response headers <https://www.rfc-editor.org/rfc/rfc3834>
660        if let Loaded::Mdn { .. } = self.loaded {
661            headers.push((
662                "Auto-Submitted",
663                mail_builder::headers::raw::Raw::new("auto-replied".to_string()).into(),
664            ));
665        } else if context.get_config_bool(Config::Bot).await? {
666            headers.push((
667                "Auto-Submitted",
668                mail_builder::headers::raw::Raw::new("auto-generated".to_string()).into(),
669            ));
670        } else if let Loaded::Message { msg, .. } = &self.loaded {
671            if msg.param.get_cmd() == SystemMessage::SecurejoinMessage {
672                let step = msg.param.get(Param::Arg).unwrap_or_default();
673                if step != "vg-request" && step != "vc-request" {
674                    headers.push((
675                        "Auto-Submitted",
676                        mail_builder::headers::raw::Raw::new("auto-replied".to_string()).into(),
677                    ));
678                }
679            }
680        }
681
682        if let Loaded::Message { chat, .. } = &self.loaded {
683            if chat.typ == Chattype::Broadcast {
684                headers.push((
685                    "List-ID",
686                    mail_builder::headers::text::Text::new(format!(
687                        "{} <{}>",
688                        chat.name, chat.grpid
689                    ))
690                    .into(),
691                ));
692            }
693        }
694
695        if let Loaded::Message { msg, .. } = &self.loaded {
696            if let Some(original_rfc724_mid) = msg.param.get(Param::TextEditFor) {
697                headers.push((
698                    "Chat-Edit",
699                    mail_builder::headers::message_id::MessageId::new(
700                        original_rfc724_mid.to_string(),
701                    )
702                    .into(),
703                ));
704            } else if let Some(rfc724_mid_list) = msg.param.get(Param::DeleteRequestFor) {
705                headers.push((
706                    "Chat-Delete",
707                    mail_builder::headers::message_id::MessageId::new(rfc724_mid_list.to_string())
708                        .into(),
709                ));
710            }
711        }
712
713        // Non-standard headers.
714        headers.push((
715            "Chat-Version",
716            mail_builder::headers::raw::Raw::new("1.0").into(),
717        ));
718
719        if self.req_mdn {
720            // we use "Chat-Disposition-Notification-To"
721            // because replies to "Disposition-Notification-To" are weird in many cases
722            // eg. are just freetext and/or do not follow any standard.
723            headers.push((
724                "Chat-Disposition-Notification-To",
725                mail_builder::headers::raw::Raw::new(self.from_addr.clone()).into(),
726            ));
727        }
728
729        let verified = self.verified();
730        let grpimage = self.grpimage();
731        let skip_autocrypt = self.should_skip_autocrypt();
732        let e2ee_guaranteed = self.is_e2ee_guaranteed();
733        let encrypt_helper = EncryptHelper::new(context).await?;
734
735        if !skip_autocrypt {
736            // unless determined otherwise we add the Autocrypt header
737            let aheader = encrypt_helper.get_aheader().to_string();
738            headers.push((
739                "Autocrypt",
740                mail_builder::headers::raw::Raw::new(aheader).into(),
741            ));
742        }
743
744        // Add ephemeral timer for non-MDN messages.
745        // For MDNs it does not matter because they are not visible
746        // and ignored by the receiver.
747        if let Loaded::Message { msg, .. } = &self.loaded {
748            let ephemeral_timer = msg.chat_id.get_ephemeral_timer(context).await?;
749            if let EphemeralTimer::Enabled { duration } = ephemeral_timer {
750                headers.push((
751                    "Ephemeral-Timer",
752                    mail_builder::headers::raw::Raw::new(duration.to_string()).into(),
753                ));
754            }
755        }
756
757        let peerstates = self.peerstates_for_recipients(context).await?;
758        let is_encrypted = !self.should_force_plaintext()
759            && (e2ee_guaranteed || encrypt_helper.should_encrypt(context, &peerstates).await?);
760        let is_securejoin_message = if let Loaded::Message { msg, .. } = &self.loaded {
761            msg.param.get_cmd() == SystemMessage::SecurejoinMessage
762        } else {
763            false
764        };
765
766        let message: MimePart<'static> = match &self.loaded {
767            Loaded::Message { msg, .. } => {
768                let msg = msg.clone();
769                let (main_part, mut parts) = self
770                    .render_message(context, &mut headers, &grpimage, is_encrypted)
771                    .await?;
772                if parts.is_empty() {
773                    // Single part, render as regular message.
774                    main_part
775                } else {
776                    parts.insert(0, main_part);
777
778                    // Multiple parts, render as multipart.
779                    if msg.param.get_cmd() == SystemMessage::MultiDeviceSync {
780                        MimePart::new("multipart/report; report-type=multi-device-sync", parts)
781                    } else if msg.param.get_cmd() == SystemMessage::WebxdcStatusUpdate {
782                        MimePart::new("multipart/report; report-type=status-update", parts)
783                    } else {
784                        MimePart::new("multipart/mixed", parts)
785                    }
786                }
787            }
788            Loaded::Mdn { .. } => self.render_mdn()?,
789        };
790
791        // Split headers based on header confidentiality policy.
792
793        // Headers that must go into IMF header section.
794        //
795        // These are standard headers such as Date, In-Reply-To, References, which cannot be placed
796        // anywhere else according to the standard. Placing headers here also allows them to be fetched
797        // individually over IMAP without downloading the message body. This is why Chat-Version is
798        // placed here.
799        let mut unprotected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
800
801        // Headers that MUST NOT (only) go into IMF header section:
802        // - Large headers which may hit the header section size limit on the server, such as
803        //   Chat-User-Avatar with a base64-encoded image inside.
804        // - Headers duplicated here that servers mess up with in the IMF header section, like
805        //   Message-ID.
806        // - Nonstandard headers that should be DKIM-protected because e.g. OpenDKIM only signs
807        //   known headers.
808        //
809        // The header should be hidden from MTA
810        // by moving it either into protected part
811        // in case of encrypted mails
812        // or unprotected MIME preamble in case of unencrypted mails.
813        let mut hidden_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
814
815        // Opportunistically protected headers.
816        //
817        // These headers are placed into encrypted part *if* the message is encrypted. Place headers
818        // which are not needed before decryption (e.g. Chat-Group-Name) or are not interesting if the
819        // message cannot be decrypted (e.g. Chat-Disposition-Notification-To) here.
820        //
821        // If the message is not encrypted, these headers are placed into IMF header section, so make
822        // sure that the message will be encrypted if you place any sensitive information here.
823        let mut protected_headers: Vec<(&'static str, HeaderType<'static>)> = Vec::new();
824
825        // MIME header <https://datatracker.ietf.org/doc/html/rfc2045>.
826        unprotected_headers.push((
827            "MIME-Version",
828            mail_builder::headers::raw::Raw::new("1.0").into(),
829        ));
830        for header @ (original_header_name, _header_value) in &headers {
831            let header_name = original_header_name.to_lowercase();
832            if header_name == "message-id" {
833                unprotected_headers.push(header.clone());
834                hidden_headers.push(header.clone());
835            } else if is_hidden(&header_name) {
836                hidden_headers.push(header.clone());
837            } else if header_name == "autocrypt"
838                && !context.get_config_bool(Config::ProtectAutocrypt).await?
839            {
840                unprotected_headers.push(header.clone());
841            } else if header_name == "from" {
842                // Unencrypted securejoin messages should _not_ include the display name:
843                if is_encrypted || !is_securejoin_message {
844                    protected_headers.push(header.clone());
845                }
846
847                unprotected_headers.push((
848                    original_header_name,
849                    Address::new_address(None::<&'static str>, self.from_addr.clone()).into(),
850                ));
851            } else if header_name == "to" {
852                protected_headers.push(header.clone());
853                if is_encrypted {
854                    let mut to_without_names = to
855                        .clone()
856                        .into_iter()
857                        .filter_map(|header| match header {
858                            Address::Address(mb) => Some(Address::Address(EmailAddress {
859                                name: None,
860                                email: mb.email,
861                            })),
862                            _ => None,
863                        })
864                        .collect::<Vec<_>>();
865                    if to_without_names.is_empty() {
866                        to_without_names.push(hidden_recipients());
867                    }
868                    unprotected_headers.push((
869                        original_header_name,
870                        Address::new_list(to_without_names).into(),
871                    ));
872                } else {
873                    unprotected_headers.push(header.clone());
874                }
875            } else if is_encrypted {
876                protected_headers.push(header.clone());
877
878                match header_name.as_str() {
879                    "subject" => {
880                        unprotected_headers.push((
881                            "Subject",
882                            mail_builder::headers::raw::Raw::new("[...]").into(),
883                        ));
884                    }
885                    "date"
886                    | "in-reply-to"
887                    | "references"
888                    | "auto-submitted"
889                    | "chat-version"
890                    | "autocrypt-setup-message" => {
891                        unprotected_headers.push(header.clone());
892                    }
893                    _ => {
894                        // Other headers are removed from unprotected part.
895                    }
896                }
897            } else {
898                // Copy the header to the protected headers
899                // in case of signed-only message.
900                // If the message is not signed, this value will not be used.
901                protected_headers.push(header.clone());
902                unprotected_headers.push(header.clone())
903            }
904        }
905
906        let outer_message = if is_encrypted {
907            // Store protected headers in the inner message.
908            let message = protected_headers
909                .into_iter()
910                .fold(message, |message, (header, value)| {
911                    message.header(header, value)
912                });
913
914            // Add hidden headers to encrypted payload.
915            let mut message: MimePart<'static> = hidden_headers
916                .into_iter()
917                .fold(message, |message, (header, value)| {
918                    message.header(header, value)
919                });
920
921            // Add gossip headers in chats with multiple recipients
922            let multiple_recipients =
923                peerstates.len() > 1 || context.get_config_bool(Config::BccSelf).await?;
924
925            let gossip_period = context.get_config_i64(Config::GossipPeriod).await?;
926            let now = time();
927
928            match &self.loaded {
929                Loaded::Message { chat, msg } => {
930                    if chat.typ != Chattype::Broadcast {
931                        for peerstate in peerstates.iter().filter_map(|(state, _)| state.as_ref()) {
932                            let Some(key) = peerstate.peek_key(verified) else {
933                                continue;
934                            };
935
936                            let fingerprint = key.dc_fingerprint().hex();
937                            let cmd = msg.param.get_cmd();
938                            let should_do_gossip = cmd == SystemMessage::MemberAddedToGroup
939                                || cmd == SystemMessage::SecurejoinMessage
940                                || multiple_recipients && {
941                                    let gossiped_timestamp: Option<i64> = context
942                                        .sql
943                                        .query_get_value(
944                                            "SELECT timestamp
945                                         FROM gossip_timestamp
946                                         WHERE chat_id=? AND fingerprint=?",
947                                            (chat.id, &fingerprint),
948                                        )
949                                        .await?;
950
951                                    // `gossip_period == 0` is a special case for testing,
952                                    // enabling gossip in every message.
953                                    //
954                                    // If current time is in the past compared to
955                                    // `gossiped_timestamp`, we also gossip because
956                                    // either the `gossiped_timestamp` or clock is wrong.
957                                    gossip_period == 0
958                                        || gossiped_timestamp
959                                            .is_none_or(|ts| now >= ts + gossip_period || now < ts)
960                                };
961
962                            if !should_do_gossip {
963                                continue;
964                            }
965
966                            let header = Aheader::new(
967                                peerstate.addr.clone(),
968                                key.clone(),
969                                // Autocrypt 1.1.0 specification says that
970                                // `prefer-encrypt` attribute SHOULD NOT be included.
971                                EncryptPreference::NoPreference,
972                            )
973                            .to_string();
974
975                            message = message.header(
976                                "Autocrypt-Gossip",
977                                mail_builder::headers::raw::Raw::new(header),
978                            );
979
980                            context
981                                .sql
982                                .execute(
983                                    "INSERT INTO gossip_timestamp (chat_id, fingerprint, timestamp)
984                                     VALUES                       (?, ?, ?)
985                                     ON CONFLICT                  (chat_id, fingerprint)
986                                     DO UPDATE SET timestamp=excluded.timestamp",
987                                    (chat.id, &fingerprint, now),
988                                )
989                                .await?;
990                        }
991                    }
992                }
993                Loaded::Mdn { .. } => {
994                    // Never gossip in MDNs.
995                }
996            }
997
998            // Set the appropriate Content-Type for the inner message.
999            for (h, ref mut v) in &mut message.headers {
1000                if h == "Content-Type" {
1001                    if let mail_builder::headers::HeaderType::ContentType(ref mut ct) = v {
1002                        *ct = ct.clone().attribute("protected-headers", "v1");
1003                    }
1004                }
1005            }
1006
1007            // Disable compression for SecureJoin to ensure
1008            // there are no compression side channels
1009            // leaking information about the tokens.
1010            let compress = match &self.loaded {
1011                Loaded::Message { msg, .. } => {
1012                    msg.param.get_cmd() != SystemMessage::SecurejoinMessage
1013                }
1014                Loaded::Mdn { .. } => true,
1015            };
1016
1017            let (encryption_keyring, missing_key_addresses) =
1018                encrypt_helper.encryption_keyring(context, verified, &peerstates)?;
1019
1020            // XXX: additional newline is needed
1021            // to pass filtermail at
1022            // <https://github.com/deltachat/chatmail/blob/4d915f9800435bf13057d41af8d708abd34dbfa8/chatmaild/src/chatmaild/filtermail.py#L84-L86>
1023            let encrypted = encrypt_helper
1024                .encrypt(context, encryption_keyring, message, compress)
1025                .await?
1026                + "\n";
1027
1028            // Remove recipients for which the key is missing.
1029            if !missing_key_addresses.is_empty() {
1030                self.recipients
1031                    .retain(|addr| !missing_key_addresses.contains(addr));
1032            }
1033
1034            // Set the appropriate Content-Type for the outer message
1035            MimePart::new(
1036                "multipart/encrypted; protocol=\"application/pgp-encrypted\"",
1037                vec![
1038                    // Autocrypt part 1
1039                    MimePart::new("application/pgp-encrypted", "Version: 1\r\n").header(
1040                        "Content-Description",
1041                        mail_builder::headers::raw::Raw::new("PGP/MIME version identification"),
1042                    ),
1043                    // Autocrypt part 2
1044                    MimePart::new(
1045                        "application/octet-stream; name=\"encrypted.asc\"",
1046                        encrypted,
1047                    )
1048                    .header(
1049                        "Content-Description",
1050                        mail_builder::headers::raw::Raw::new("OpenPGP encrypted message"),
1051                    )
1052                    .header(
1053                        "Content-Disposition",
1054                        mail_builder::headers::raw::Raw::new("inline; filename=\"encrypted.asc\";"),
1055                    ),
1056                ],
1057            )
1058        } else if matches!(self.loaded, Loaded::Mdn { .. }) {
1059            // Never add outer multipart/mixed wrapper to MDN
1060            // as multipart/report Content-Type is used to recognize MDNs
1061            // by Delta Chat receiver and Chatmail servers
1062            // allowing them to be unencrypted and not contain Autocrypt header
1063            // without resetting Autocrypt encryption or triggering Chatmail filter
1064            // that normally only allows encrypted mails.
1065
1066            // Hidden headers are dropped.
1067            message
1068        } else {
1069            let message = hidden_headers
1070                .into_iter()
1071                .fold(message, |message, (header, value)| {
1072                    message.header(header, value)
1073                });
1074            let message = MimePart::new("multipart/mixed", vec![message]);
1075            let mut message = protected_headers
1076                .iter()
1077                .fold(message, |message, (header, value)| {
1078                    message.header(*header, value.clone())
1079                });
1080
1081            if skip_autocrypt || !context.get_config_bool(Config::SignUnencrypted).await? {
1082                // Deduplicate unprotected headers that also are in the protected headers:
1083                let protected: HashSet<&str> =
1084                    HashSet::from_iter(protected_headers.iter().map(|(header, _value)| *header));
1085                unprotected_headers.retain(|(header, _value)| !protected.contains(header));
1086
1087                message
1088            } else {
1089                for (h, ref mut v) in &mut message.headers {
1090                    if h == "Content-Type" {
1091                        if let mail_builder::headers::HeaderType::ContentType(ref mut ct) = v {
1092                            *ct = ct.clone().attribute("protected-headers", "v1");
1093                        }
1094                    }
1095                }
1096
1097                let signature = encrypt_helper.sign(context, &message).await?;
1098                MimePart::new(
1099                    "multipart/signed; protocol=\"application/pgp-signature\"; protected",
1100                    vec![
1101                        message,
1102                        MimePart::new(
1103                            "application/pgp-signature; name=\"signature.asc\"",
1104                            signature,
1105                        )
1106                        .header(
1107                            "Content-Description",
1108                            mail_builder::headers::raw::Raw::<'static>::new(
1109                                "OpenPGP digital signature",
1110                            ),
1111                        )
1112                        .attachment("signature"),
1113                    ],
1114                )
1115            }
1116        };
1117
1118        // Store the unprotected headers on the outer message.
1119        let outer_message = unprotected_headers
1120            .into_iter()
1121            .fold(outer_message, |message, (header, value)| {
1122                message.header(header, value)
1123            });
1124
1125        let MimeFactory {
1126            last_added_location_id,
1127            ..
1128        } = self;
1129
1130        let mut buffer = Vec::new();
1131        let cursor = Cursor::new(&mut buffer);
1132        outer_message.clone().write_part(cursor).ok();
1133        let message = String::from_utf8_lossy(&buffer).to_string();
1134
1135        Ok(RenderedEmail {
1136            message,
1137            // envelope: Envelope::new,
1138            is_encrypted,
1139            last_added_location_id,
1140            sync_ids_to_delete: self.sync_ids_to_delete,
1141            rfc724_mid,
1142            subject: subject_str,
1143        })
1144    }
1145
1146    /// Returns MIME part with a `message.kml` attachment.
1147    fn get_message_kml_part(&self) -> Option<MimePart<'static>> {
1148        let Loaded::Message { msg, .. } = &self.loaded else {
1149            return None;
1150        };
1151
1152        let latitude = msg.param.get_float(Param::SetLatitude)?;
1153        let longitude = msg.param.get_float(Param::SetLongitude)?;
1154
1155        let kml_file = location::get_message_kml(msg.timestamp_sort, latitude, longitude);
1156        let part = MimePart::new("application/vnd.google-earth.kml+xml", kml_file)
1157            .attachment("message.kml");
1158        Some(part)
1159    }
1160
1161    /// Returns MIME part with a `location.kml` attachment.
1162    async fn get_location_kml_part(
1163        &mut self,
1164        context: &Context,
1165    ) -> Result<Option<MimePart<'static>>> {
1166        let Loaded::Message { msg, .. } = &self.loaded else {
1167            return Ok(None);
1168        };
1169
1170        let Some((kml_content, last_added_location_id)) =
1171            location::get_kml(context, msg.chat_id).await?
1172        else {
1173            return Ok(None);
1174        };
1175
1176        let part = MimePart::new("application/vnd.google-earth.kml+xml", kml_content)
1177            .attachment("location.kml");
1178        if !msg.param.exists(Param::SetLatitude) {
1179            // otherwise, the independent location is already filed
1180            self.last_added_location_id = Some(last_added_location_id);
1181        }
1182        Ok(Some(part))
1183    }
1184
1185    async fn render_message(
1186        &mut self,
1187        context: &Context,
1188        headers: &mut Vec<(&'static str, HeaderType<'static>)>,
1189        grpimage: &Option<String>,
1190        is_encrypted: bool,
1191    ) -> Result<(MimePart<'static>, Vec<MimePart<'static>>)> {
1192        let Loaded::Message { chat, msg } = &self.loaded else {
1193            bail!("Attempt to render MDN as a message");
1194        };
1195        let chat = chat.clone();
1196        let msg = msg.clone();
1197        let command = msg.param.get_cmd();
1198        let mut placeholdertext = None;
1199
1200        let send_verified_headers = match chat.typ {
1201            Chattype::Single => true,
1202            Chattype::Group => true,
1203            // Mailinglists and broadcast lists can actually never be verified:
1204            Chattype::Mailinglist => false,
1205            Chattype::Broadcast => false,
1206        };
1207        if chat.is_protected() && send_verified_headers {
1208            headers.push((
1209                "Chat-Verified",
1210                mail_builder::headers::raw::Raw::new("1").into(),
1211            ));
1212        }
1213
1214        if chat.typ == Chattype::Group {
1215            // Send group ID unless it is an ad hoc group that has no ID.
1216            if !chat.grpid.is_empty() {
1217                headers.push((
1218                    "Chat-Group-ID",
1219                    mail_builder::headers::raw::Raw::new(chat.grpid.clone()).into(),
1220                ));
1221            }
1222
1223            headers.push((
1224                "Chat-Group-Name",
1225                mail_builder::headers::text::Text::new(chat.name.to_string()).into(),
1226            ));
1227            if let Some(ts) = chat.param.get_i64(Param::GroupNameTimestamp) {
1228                headers.push((
1229                    "Chat-Group-Name-Timestamp",
1230                    mail_builder::headers::text::Text::new(ts.to_string()).into(),
1231                ));
1232            }
1233
1234            match command {
1235                SystemMessage::MemberRemovedFromGroup => {
1236                    let email_to_remove = msg.param.get(Param::Arg).unwrap_or_default();
1237
1238                    if email_to_remove
1239                        == context
1240                            .get_config(Config::ConfiguredAddr)
1241                            .await?
1242                            .unwrap_or_default()
1243                    {
1244                        placeholdertext = Some(stock_str::msg_group_left_remote(context).await);
1245                    } else {
1246                        placeholdertext =
1247                            Some(stock_str::msg_del_member_remote(context, email_to_remove).await);
1248                    };
1249
1250                    if !email_to_remove.is_empty() {
1251                        headers.push((
1252                            "Chat-Group-Member-Removed",
1253                            mail_builder::headers::raw::Raw::new(email_to_remove.to_string())
1254                                .into(),
1255                        ));
1256                    }
1257                }
1258                SystemMessage::MemberAddedToGroup => {
1259                    let email_to_add = msg.param.get(Param::Arg).unwrap_or_default();
1260                    placeholdertext =
1261                        Some(stock_str::msg_add_member_remote(context, email_to_add).await);
1262
1263                    if !email_to_add.is_empty() {
1264                        headers.push((
1265                            "Chat-Group-Member-Added",
1266                            mail_builder::headers::raw::Raw::new(email_to_add.to_string()).into(),
1267                        ));
1268                    }
1269                    if 0 != msg.param.get_int(Param::Arg2).unwrap_or_default() & DC_FROM_HANDSHAKE {
1270                        info!(
1271                            context,
1272                            "Sending secure-join message {:?}.", "vg-member-added",
1273                        );
1274                        headers.push((
1275                            "Secure-Join",
1276                            mail_builder::headers::raw::Raw::new("vg-member-added".to_string())
1277                                .into(),
1278                        ));
1279                    }
1280                }
1281                SystemMessage::GroupNameChanged => {
1282                    let old_name = msg.param.get(Param::Arg).unwrap_or_default().to_string();
1283                    headers.push((
1284                        "Chat-Group-Name-Changed",
1285                        mail_builder::headers::text::Text::new(old_name).into(),
1286                    ));
1287                }
1288                SystemMessage::GroupImageChanged => {
1289                    headers.push((
1290                        "Chat-Content",
1291                        mail_builder::headers::text::Text::new("group-avatar-changed").into(),
1292                    ));
1293                    if grpimage.is_none() {
1294                        headers.push((
1295                            "Chat-Group-Avatar",
1296                            mail_builder::headers::raw::Raw::new("0").into(),
1297                        ));
1298                    }
1299                }
1300                _ => {}
1301            }
1302        }
1303
1304        match command {
1305            SystemMessage::LocationStreamingEnabled => {
1306                headers.push((
1307                    "Chat-Content",
1308                    mail_builder::headers::raw::Raw::new("location-streaming-enabled").into(),
1309                ));
1310            }
1311            SystemMessage::EphemeralTimerChanged => {
1312                headers.push((
1313                    "Chat-Content",
1314                    mail_builder::headers::raw::Raw::new("ephemeral-timer-changed").into(),
1315                ));
1316            }
1317            SystemMessage::LocationOnly
1318            | SystemMessage::MultiDeviceSync
1319            | SystemMessage::WebxdcStatusUpdate => {
1320                // This should prevent automatic replies,
1321                // such as non-delivery reports.
1322                //
1323                // See <https://tools.ietf.org/html/rfc3834>
1324                //
1325                // Adding this header without encryption leaks some
1326                // information about the message contents, but it can
1327                // already be easily guessed from message timing and size.
1328                headers.push((
1329                    "Auto-Submitted",
1330                    mail_builder::headers::raw::Raw::new("auto-generated").into(),
1331                ));
1332            }
1333            SystemMessage::AutocryptSetupMessage => {
1334                headers.push((
1335                    "Autocrypt-Setup-Message",
1336                    mail_builder::headers::raw::Raw::new("v1").into(),
1337                ));
1338
1339                placeholdertext = Some(ASM_SUBJECT.to_string());
1340            }
1341            SystemMessage::SecurejoinMessage => {
1342                let step = msg.param.get(Param::Arg).unwrap_or_default();
1343                if !step.is_empty() {
1344                    info!(context, "Sending secure-join message {step:?}.");
1345                    headers.push((
1346                        "Secure-Join",
1347                        mail_builder::headers::raw::Raw::new(step.to_string()).into(),
1348                    ));
1349
1350                    let param2 = msg.param.get(Param::Arg2).unwrap_or_default();
1351                    if !param2.is_empty() {
1352                        headers.push((
1353                            if step == "vg-request-with-auth" || step == "vc-request-with-auth" {
1354                                "Secure-Join-Auth"
1355                            } else {
1356                                "Secure-Join-Invitenumber"
1357                            },
1358                            mail_builder::headers::text::Text::new(param2.to_string()).into(),
1359                        ));
1360                    }
1361
1362                    let fingerprint = msg.param.get(Param::Arg3).unwrap_or_default();
1363                    if !fingerprint.is_empty() {
1364                        headers.push((
1365                            "Secure-Join-Fingerprint",
1366                            mail_builder::headers::raw::Raw::new(fingerprint.to_string()).into(),
1367                        ));
1368                    }
1369                    if let Some(id) = msg.param.get(Param::Arg4) {
1370                        headers.push((
1371                            "Secure-Join-Group",
1372                            mail_builder::headers::raw::Raw::new(id.to_string()).into(),
1373                        ));
1374                    };
1375                }
1376            }
1377            SystemMessage::ChatProtectionEnabled => {
1378                headers.push((
1379                    "Chat-Content",
1380                    mail_builder::headers::raw::Raw::new("protection-enabled").into(),
1381                ));
1382            }
1383            SystemMessage::ChatProtectionDisabled => {
1384                headers.push((
1385                    "Chat-Content",
1386                    mail_builder::headers::raw::Raw::new("protection-disabled").into(),
1387                ));
1388            }
1389            SystemMessage::IrohNodeAddr => {
1390                headers.push((
1391                    "Iroh-Node-Addr",
1392                    mail_builder::headers::text::Text::new(serde_json::to_string(
1393                        &context
1394                            .get_or_try_init_peer_channel()
1395                            .await?
1396                            .get_node_addr()
1397                            .await?,
1398                    )?)
1399                    .into(),
1400                ));
1401            }
1402            _ => {}
1403        }
1404
1405        if let Some(grpimage) = grpimage {
1406            info!(context, "setting group image '{}'", grpimage);
1407            let avatar = build_avatar_file(context, grpimage)
1408                .await
1409                .context("Cannot attach group image")?;
1410            headers.push((
1411                "Chat-Group-Avatar",
1412                mail_builder::headers::raw::Raw::new(format!("base64:{avatar}")).into(),
1413            ));
1414        }
1415
1416        if msg.viewtype == Viewtype::Sticker {
1417            headers.push((
1418                "Chat-Content",
1419                mail_builder::headers::raw::Raw::new("sticker").into(),
1420            ));
1421        } else if msg.viewtype == Viewtype::VideochatInvitation {
1422            headers.push((
1423                "Chat-Content",
1424                mail_builder::headers::raw::Raw::new("videochat-invitation").into(),
1425            ));
1426            headers.push((
1427                "Chat-Webrtc-Room",
1428                mail_builder::headers::raw::Raw::new(
1429                    msg.param
1430                        .get(Param::WebrtcRoom)
1431                        .unwrap_or_default()
1432                        .to_string(),
1433                )
1434                .into(),
1435            ));
1436        }
1437
1438        if msg.viewtype == Viewtype::Voice
1439            || msg.viewtype == Viewtype::Audio
1440            || msg.viewtype == Viewtype::Video
1441        {
1442            if msg.viewtype == Viewtype::Voice {
1443                headers.push((
1444                    "Chat-Voice-Message",
1445                    mail_builder::headers::raw::Raw::new("1").into(),
1446                ));
1447            }
1448            let duration_ms = msg.param.get_int(Param::Duration).unwrap_or_default();
1449            if duration_ms > 0 {
1450                let dur = duration_ms.to_string();
1451                headers.push((
1452                    "Chat-Duration",
1453                    mail_builder::headers::raw::Raw::new(dur).into(),
1454                ));
1455            }
1456        }
1457
1458        // add text part - we even add empty text and force a MIME-multipart-message as:
1459        // - some Apps have problems with Non-text in the main part (eg. "Mail" from stock Android)
1460        // - we can add "forward hints" this way
1461        // - it looks better
1462
1463        let afwd_email = msg.param.exists(Param::Forwarded);
1464        let fwdhint = if afwd_email {
1465            Some(
1466                "---------- Forwarded message ----------\r\n\
1467                 From: Delta Chat\r\n\
1468                 \r\n"
1469                    .to_string(),
1470            )
1471        } else {
1472            None
1473        };
1474
1475        let final_text = placeholdertext.as_deref().unwrap_or(&msg.text);
1476
1477        let mut quoted_text = None;
1478        if let Some(msg_quoted_text) = msg.quoted_text() {
1479            let mut some_quoted_text = String::new();
1480            for quoted_line in msg_quoted_text.split('\n') {
1481                some_quoted_text += "> ";
1482                some_quoted_text += quoted_line;
1483                some_quoted_text += "\r\n";
1484            }
1485            some_quoted_text += "\r\n";
1486            quoted_text = Some(some_quoted_text)
1487        }
1488
1489        if !is_encrypted && msg.param.get_bool(Param::ProtectQuote).unwrap_or_default() {
1490            // Message is not encrypted but quotes encrypted message.
1491            quoted_text = Some("> ...\r\n\r\n".to_string());
1492        }
1493        if quoted_text.is_none() && final_text.starts_with('>') {
1494            // Insert empty line to avoid receiver treating user-sent quote as topquote inserted by
1495            // Delta Chat.
1496            quoted_text = Some("\r\n".to_string());
1497        }
1498
1499        let is_reaction = msg.param.get_int(Param::Reaction).unwrap_or_default() != 0;
1500
1501        let footer = if is_reaction { "" } else { &self.selfstatus };
1502
1503        let message_text = format!(
1504            "{}{}{}{}{}{}",
1505            fwdhint.unwrap_or_default(),
1506            quoted_text.unwrap_or_default(),
1507            escape_message_footer_marks(final_text),
1508            if !final_text.is_empty() && !footer.is_empty() {
1509                "\r\n\r\n"
1510            } else {
1511                ""
1512            },
1513            if !footer.is_empty() { "-- \r\n" } else { "" },
1514            footer
1515        );
1516
1517        let mut main_part = MimePart::new("text/plain", message_text);
1518        if is_reaction {
1519            main_part = main_part.header(
1520                "Content-Disposition",
1521                mail_builder::headers::raw::Raw::new("reaction"),
1522            );
1523        }
1524
1525        let mut parts = Vec::new();
1526
1527        // add HTML-part, this is needed only if a HTML-message from a non-delta-client is forwarded;
1528        // for simplificity and to avoid conversion errors, we're generating the HTML-part from the original message.
1529        if msg.has_html() {
1530            let html = if let Some(orig_msg_id) = msg.param.get_int(Param::Forwarded) {
1531                MsgId::new(orig_msg_id.try_into()?)
1532                    .get_html(context)
1533                    .await?
1534            } else {
1535                msg.param.get(Param::SendHtml).map(|s| s.to_string())
1536            };
1537            if let Some(html) = html {
1538                main_part = MimePart::new(
1539                    "multipart/alternative",
1540                    vec![main_part, MimePart::new("text/html", html)],
1541                )
1542            }
1543        }
1544
1545        // add attachment part
1546        if msg.viewtype.has_file() {
1547            let file_part = build_body_file(context, &msg).await?;
1548            parts.push(file_part);
1549        }
1550
1551        if let Some(msg_kml_part) = self.get_message_kml_part() {
1552            parts.push(msg_kml_part);
1553        }
1554
1555        if location::is_sending_locations_to_chat(context, Some(msg.chat_id)).await? {
1556            if let Some(part) = self.get_location_kml_part(context).await? {
1557                parts.push(part);
1558            }
1559        }
1560
1561        // we do not piggyback sync-files to other self-sent-messages
1562        // to not risk files becoming too larger and being skipped by download-on-demand.
1563        if command == SystemMessage::MultiDeviceSync && self.is_e2ee_guaranteed() {
1564            let json = msg.param.get(Param::Arg).unwrap_or_default();
1565            let ids = msg.param.get(Param::Arg2).unwrap_or_default();
1566            parts.push(context.build_sync_part(json.to_string()));
1567            self.sync_ids_to_delete = Some(ids.to_string());
1568        } else if command == SystemMessage::WebxdcStatusUpdate {
1569            let json = msg.param.get(Param::Arg).unwrap_or_default();
1570            parts.push(context.build_status_update_part(json));
1571        } else if msg.viewtype == Viewtype::Webxdc {
1572            headers.push((
1573                "Iroh-Gossip-Topic",
1574                mail_builder::headers::raw::Raw::new(create_iroh_header(context, msg.id).await?)
1575                    .into(),
1576            ));
1577            if let (Some(json), _) = context
1578                .render_webxdc_status_update_object(
1579                    msg.id,
1580                    StatusUpdateSerial::MIN,
1581                    StatusUpdateSerial::MAX,
1582                    None,
1583                )
1584                .await?
1585            {
1586                parts.push(context.build_status_update_part(&json));
1587            }
1588        }
1589
1590        if self.attach_selfavatar {
1591            match context.get_config(Config::Selfavatar).await? {
1592                Some(path) => match build_avatar_file(context, &path).await {
1593                    Ok(avatar) => headers.push((
1594                        "Chat-User-Avatar",
1595                        mail_builder::headers::raw::Raw::new(format!("base64:{avatar}")).into(),
1596                    )),
1597                    Err(err) => warn!(context, "mimefactory: cannot attach selfavatar: {}", err),
1598                },
1599                None => headers.push((
1600                    "Chat-User-Avatar",
1601                    mail_builder::headers::raw::Raw::new("0").into(),
1602                )),
1603            }
1604        }
1605
1606        Ok((main_part, parts))
1607    }
1608
1609    /// Render an MDN
1610    fn render_mdn(&mut self) -> Result<MimePart<'static>> {
1611        // RFC 6522, this also requires the `report-type` parameter which is equal
1612        // to the MIME subtype of the second body part of the multipart/report
1613        //
1614        // currently, we do not send MDNs encrypted:
1615        // - in a multi-device-setup that is not set up properly, MDNs would disturb the communication as they
1616        //   are send automatically which may lead to spreading outdated Autocrypt headers.
1617        // - they do not carry any information but the Message-ID
1618        // - this save some KB
1619        // - in older versions, we did not encrypt messages to ourself when they to to SMTP - however, if these messages
1620        //   are forwarded for any reasons (eg. gmail always forwards to IMAP), we have no chance to decrypt them;
1621        //   this issue is fixed with 0.9.4
1622
1623        let Loaded::Mdn {
1624            rfc724_mid,
1625            additional_msg_ids,
1626        } = &self.loaded
1627        else {
1628            bail!("Attempt to render a message as MDN");
1629        };
1630
1631        // first body part: always human-readable, always REQUIRED by RFC 6522.
1632        // untranslated to no reveal sender's language.
1633        // moreover, translations in unknown languages are confusing, and clients may not display them at all
1634        let text_part = MimePart::new("text/plain", "This is a receipt notification.");
1635
1636        let mut message = MimePart::new(
1637            "multipart/report; report-type=disposition-notification",
1638            vec![text_part],
1639        );
1640
1641        // second body part: machine-readable, always REQUIRED by RFC 6522
1642        let message_text2 = format!(
1643            "Original-Recipient: rfc822;{}\r\n\
1644             Final-Recipient: rfc822;{}\r\n\
1645             Original-Message-ID: <{}>\r\n\
1646             Disposition: manual-action/MDN-sent-automatically; displayed\r\n",
1647            self.from_addr, self.from_addr, rfc724_mid
1648        );
1649
1650        let extension_fields = if additional_msg_ids.is_empty() {
1651            "".to_string()
1652        } else {
1653            "Additional-Message-IDs: ".to_string()
1654                + &additional_msg_ids
1655                    .iter()
1656                    .map(|mid| render_rfc724_mid(mid))
1657                    .collect::<Vec<String>>()
1658                    .join(" ")
1659                + "\r\n"
1660        };
1661
1662        message.add_part(MimePart::new(
1663            "message/disposition-notification",
1664            message_text2 + &extension_fields,
1665        ));
1666
1667        Ok(message)
1668    }
1669}
1670
1671fn hidden_recipients() -> Address<'static> {
1672    Address::new_group(Some("hidden-recipients".to_string()), Vec::new())
1673}
1674
1675async fn build_body_file(context: &Context, msg: &Message) -> Result<MimePart<'static>> {
1676    let file_name = msg.get_filename().context("msg has no file")?;
1677    let suffix = Path::new(&file_name)
1678        .extension()
1679        .and_then(|e| e.to_str())
1680        .unwrap_or("dat");
1681
1682    let blob = msg
1683        .param
1684        .get_file_blob(context)?
1685        .context("msg has no file")?;
1686
1687    // Get file name to use for sending.  For privacy purposes, we do
1688    // not transfer the original filenames eg. for images; these names
1689    // are normally not needed and contain timestamps, running numbers
1690    // etc.
1691    let filename_to_send: String = match msg.viewtype {
1692        Viewtype::Voice => format!(
1693            "voice-messsage_{}.{}",
1694            chrono::Utc
1695                .timestamp_opt(msg.timestamp_sort, 0)
1696                .single()
1697                .map_or_else(
1698                    || "YY-mm-dd_hh:mm:ss".to_string(),
1699                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string()
1700                ),
1701            &suffix
1702        ),
1703        Viewtype::Image | Viewtype::Gif => format!(
1704            "image_{}.{}",
1705            chrono::Utc
1706                .timestamp_opt(msg.timestamp_sort, 0)
1707                .single()
1708                .map_or_else(
1709                    || "YY-mm-dd_hh:mm:ss".to_string(),
1710                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string(),
1711                ),
1712            &suffix,
1713        ),
1714        Viewtype::Video => format!(
1715            "video_{}.{}",
1716            chrono::Utc
1717                .timestamp_opt(msg.timestamp_sort, 0)
1718                .single()
1719                .map_or_else(
1720                    || "YY-mm-dd_hh:mm:ss".to_string(),
1721                    |ts| ts.format("%Y-%m-%d_%H-%M-%S").to_string()
1722                ),
1723            &suffix
1724        ),
1725        _ => file_name,
1726    };
1727
1728    /* check mimetype */
1729    let mimetype = match msg.param.get(Param::MimeType) {
1730        Some(mtype) => mtype.to_string(),
1731        None => {
1732            if let Some((_viewtype, res)) = message::guess_msgtype_from_suffix(msg) {
1733                res.to_string()
1734            } else {
1735                "application/octet-stream".to_string()
1736            }
1737        }
1738    };
1739
1740    let body = fs::read(blob.to_abs_path()).await?;
1741
1742    // create mime part, for Content-Disposition, see RFC 2183.
1743    // `Content-Disposition: attachment` seems not to make a difference to `Content-Disposition: inline`
1744    // at least on tested Thunderbird and Gma'l in 2017.
1745    // But I've heard about problems with inline and outl'k, so we just use the attachment-type until we
1746    // run into other problems ...
1747    let mail =
1748        MimePart::new(mimetype, body).attachment(sanitize_bidi_characters(&filename_to_send));
1749
1750    Ok(mail)
1751}
1752
1753async fn build_avatar_file(context: &Context, path: &str) -> Result<String> {
1754    let blob = match path.starts_with("$BLOBDIR/") {
1755        true => BlobObject::from_name(context, path)?,
1756        false => BlobObject::from_path(context, path.as_ref())?,
1757    };
1758    let body = fs::read(blob.to_abs_path()).await?;
1759    let encoded_body = base64::engine::general_purpose::STANDARD
1760        .encode(&body)
1761        .chars()
1762        .enumerate()
1763        .fold(String::new(), |mut res, (i, c)| {
1764            if i % 78 == 77 {
1765                res.push(' ')
1766            }
1767            res.push(c);
1768            res
1769        });
1770    Ok(encoded_body)
1771}
1772
1773fn recipients_contain_addr(recipients: &[(String, String)], addr: &str) -> bool {
1774    let addr_lc = addr.to_lowercase();
1775    recipients
1776        .iter()
1777        .any(|(_, cur)| cur.to_lowercase() == addr_lc)
1778}
1779
1780fn render_rfc724_mid(rfc724_mid: &str) -> String {
1781    let rfc724_mid = rfc724_mid.trim().to_string();
1782
1783    if rfc724_mid.chars().next().unwrap_or_default() == '<' {
1784        rfc724_mid
1785    } else {
1786        format!("<{rfc724_mid}>")
1787    }
1788}
1789
1790#[cfg(test)]
1791mod mimefactory_tests;