230 lines
7.1 KiB
TypeScript
230 lines
7.1 KiB
TypeScript
interface IDkimVerificationResult {
|
|
is_valid: boolean;
|
|
domain: string | null;
|
|
selector: string | null;
|
|
status: string;
|
|
details: string | null;
|
|
}
|
|
interface ISpfResult {
|
|
result: string;
|
|
domain: string;
|
|
ip: string;
|
|
explanation: string | null;
|
|
}
|
|
interface IDmarcResult {
|
|
passed: boolean;
|
|
policy: string;
|
|
domain: string;
|
|
dkim_result: string;
|
|
spf_result: string;
|
|
action: string;
|
|
details: string | null;
|
|
}
|
|
interface IEmailSecurityResult {
|
|
dkim: IDkimVerificationResult[];
|
|
spf: ISpfResult | null;
|
|
dmarc: IDmarcResult | null;
|
|
}
|
|
interface IValidationResult {
|
|
valid: boolean;
|
|
formatValid: boolean;
|
|
score: number;
|
|
error: string | null;
|
|
}
|
|
interface IBounceDetection {
|
|
bounce_type: string;
|
|
category: string;
|
|
}
|
|
interface IReputationResult {
|
|
ip: string;
|
|
score: number;
|
|
risk_level: string;
|
|
ip_type: string;
|
|
dnsbl_results: Array<{
|
|
server: string;
|
|
listed: boolean;
|
|
response: string | null;
|
|
}>;
|
|
listed_count: number;
|
|
total_checked: number;
|
|
}
|
|
interface IContentScanResult {
|
|
threatScore: number;
|
|
threatType: string | null;
|
|
threatDetails: string | null;
|
|
scannedElements: string[];
|
|
}
|
|
interface IVersionInfo {
|
|
bin: string;
|
|
core: string;
|
|
security: string;
|
|
smtp: string;
|
|
}
|
|
interface ISmtpServerConfig {
|
|
hostname: string;
|
|
ports: number[];
|
|
securePort?: number;
|
|
tlsCertPem?: string;
|
|
tlsKeyPem?: string;
|
|
maxMessageSize?: number;
|
|
maxConnections?: number;
|
|
maxRecipients?: number;
|
|
connectionTimeoutSecs?: number;
|
|
dataTimeoutSecs?: number;
|
|
authEnabled?: boolean;
|
|
maxAuthFailures?: number;
|
|
socketTimeoutSecs?: number;
|
|
processingTimeoutSecs?: number;
|
|
rateLimits?: IRateLimitConfig;
|
|
}
|
|
interface IRateLimitConfig {
|
|
maxConnectionsPerIp?: number;
|
|
maxMessagesPerSender?: number;
|
|
maxAuthFailuresPerIp?: number;
|
|
windowSecs?: number;
|
|
}
|
|
interface IEmailData {
|
|
type: 'inline' | 'file';
|
|
base64?: string;
|
|
path?: string;
|
|
}
|
|
interface IEmailReceivedEvent {
|
|
correlationId: string;
|
|
sessionId: string;
|
|
mailFrom: string;
|
|
rcptTo: string[];
|
|
data: IEmailData;
|
|
remoteAddr: string;
|
|
clientHostname: string | null;
|
|
secure: boolean;
|
|
authenticatedUser: string | null;
|
|
securityResults: any | null;
|
|
}
|
|
interface IAuthRequestEvent {
|
|
correlationId: string;
|
|
sessionId: string;
|
|
username: string;
|
|
password: string;
|
|
remoteAddr: string;
|
|
}
|
|
/**
|
|
* Bridge between TypeScript and the Rust `mailer-bin` binary.
|
|
*
|
|
* Uses `@push.rocks/smartrust` for JSON-over-stdin/stdout IPC.
|
|
* Singleton — access via `RustSecurityBridge.getInstance()`.
|
|
*/
|
|
export declare class RustSecurityBridge {
|
|
private static instance;
|
|
private bridge;
|
|
private _running;
|
|
private constructor();
|
|
/** Get or create the singleton instance. */
|
|
static getInstance(): RustSecurityBridge;
|
|
/** Whether the Rust process is currently running and accepting commands. */
|
|
get running(): boolean;
|
|
/**
|
|
* Spawn the Rust binary and wait for the ready signal.
|
|
* @returns `true` if the binary started successfully, `false` otherwise.
|
|
*/
|
|
start(): Promise<boolean>;
|
|
/** Kill the Rust process. */
|
|
stop(): Promise<void>;
|
|
/** Ping the Rust process. */
|
|
ping(): Promise<boolean>;
|
|
/** Get version information for all Rust crates. */
|
|
getVersion(): Promise<IVersionInfo>;
|
|
/** Validate an email address. */
|
|
validateEmail(email: string): Promise<IValidationResult>;
|
|
/** Detect bounce type from SMTP response / diagnostic code. */
|
|
detectBounce(opts: {
|
|
smtpResponse?: string;
|
|
diagnosticCode?: string;
|
|
statusCode?: string;
|
|
}): Promise<IBounceDetection>;
|
|
/** Scan email content for threats (phishing, spam, malware, etc.). */
|
|
scanContent(opts: {
|
|
subject?: string;
|
|
textBody?: string;
|
|
htmlBody?: string;
|
|
attachmentNames?: string[];
|
|
}): Promise<IContentScanResult>;
|
|
/** Check IP reputation via DNSBL. */
|
|
checkIpReputation(ip: string): Promise<IReputationResult>;
|
|
/** Verify DKIM signatures on a raw email message. */
|
|
verifyDkim(rawMessage: string): Promise<IDkimVerificationResult[]>;
|
|
/** Sign an email with DKIM. */
|
|
signDkim(opts: {
|
|
rawMessage: string;
|
|
domain: string;
|
|
selector?: string;
|
|
privateKey: string;
|
|
}): Promise<{
|
|
header: string;
|
|
signedMessage: string;
|
|
}>;
|
|
/** Check SPF for a sender. */
|
|
checkSpf(opts: {
|
|
ip: string;
|
|
heloDomain: string;
|
|
hostname?: string;
|
|
mailFrom: string;
|
|
}): Promise<ISpfResult>;
|
|
/**
|
|
* Compound email security verification: DKIM + SPF + DMARC in one IPC call.
|
|
*
|
|
* This is the preferred method for inbound email verification — it avoids
|
|
* 3 sequential round-trips and correctly passes raw mail-auth types internally.
|
|
*/
|
|
verifyEmail(opts: {
|
|
rawMessage: string;
|
|
ip: string;
|
|
heloDomain: string;
|
|
hostname?: string;
|
|
mailFrom: string;
|
|
}): Promise<IEmailSecurityResult>;
|
|
/**
|
|
* Start the Rust SMTP server.
|
|
* The server will listen on the configured ports and emit events for
|
|
* emailReceived and authRequest that must be handled by the caller.
|
|
*/
|
|
startSmtpServer(config: ISmtpServerConfig): Promise<boolean>;
|
|
/** Stop the Rust SMTP server. */
|
|
stopSmtpServer(): Promise<void>;
|
|
/**
|
|
* Send the result of email processing back to the Rust SMTP server.
|
|
* This resolves a pending correlation-ID callback, allowing the Rust
|
|
* server to send the SMTP response to the client.
|
|
*/
|
|
sendEmailProcessingResult(opts: {
|
|
correlationId: string;
|
|
accepted: boolean;
|
|
smtpCode?: number;
|
|
smtpMessage?: string;
|
|
}): Promise<void>;
|
|
/**
|
|
* Send the result of authentication validation back to the Rust SMTP server.
|
|
*/
|
|
sendAuthResult(opts: {
|
|
correlationId: string;
|
|
success: boolean;
|
|
message?: string;
|
|
}): Promise<void>;
|
|
/** Update rate limit configuration at runtime. */
|
|
configureRateLimits(config: IRateLimitConfig): Promise<void>;
|
|
/**
|
|
* Register a handler for emailReceived events from the Rust SMTP server.
|
|
* These events fire when a complete email has been received and needs processing.
|
|
*/
|
|
onEmailReceived(handler: (data: IEmailReceivedEvent) => void): void;
|
|
/**
|
|
* Register a handler for authRequest events from the Rust SMTP server.
|
|
* The handler must call sendAuthResult() with the correlationId.
|
|
*/
|
|
onAuthRequest(handler: (data: IAuthRequestEvent) => void): void;
|
|
/** Remove an emailReceived event handler. */
|
|
offEmailReceived(handler: (data: IEmailReceivedEvent) => void): void;
|
|
/** Remove an authRequest event handler. */
|
|
offAuthRequest(handler: (data: IAuthRequestEvent) => void): void;
|
|
}
|
|
export type { IDkimVerificationResult, ISpfResult, IDmarcResult, IEmailSecurityResult, IValidationResult, IBounceDetection, IContentScanResult, IReputationResult as IRustReputationResult, IVersionInfo, ISmtpServerConfig, IRateLimitConfig, IEmailData, IEmailReceivedEvent, IAuthRequestEvent, };
|