This module defines a framework-agnostic authentication system for the SMTP server.
It includes types for representing authentication requests and decisions, as well as an example implementation of an AuthProvider that makes HTTP requests to an external service for authentication. This allows for flexible integration with various authentication backends without coupling the SMTP server to a specific authentication mechanism.
Types
AuthDecision = enum authInvalid, authOk, authFailure
- Represents the possible outcomes of an authentication attempt. This is used by the
AuthProgress = enum apNone, apPlain, apLoginUser, apLoginPass
- Tracks the current step in an ongoing authentication process. This is used to manage
AuthProvider = proc (req: AuthRequest): AuthDecision {....gcsafe.}
- A callback type for providing authentication decisions. The server will call
AuthRequest = object username*: string ## The username provided by the client during authentication. password*: string ## The password provided by the client during authentication. mechanism*: string ## The authentication mechanism being used (e.g., "PLAIN", "LOGIN"). remoteIp*: string ## The IP address of the client attempting to authenticate. heloName*: string ## The HELO/EHLO name provided by the client, which may be useful for ## logging or authentication decisions.
Procs
proc newHTTPAuthProvider(url: string; bearerToken = ""; timeoutMs = 1200): AuthProvider {. ...raises: [], tags: [], forbids: [].}
-
Creates an AuthProvider that makes an HTTP POST request to the specified URL with the authentication details in JSON format.
The server is expected to respond with a JSON object containing an "ok" field indicating success.
POST url with JSON: {"username":"...","password":"...","mechanism":"...","remoteIp":"...","heloName":"..."} Expected: 200 + {"ok":true} => authOk 401/403 => authInvalid timeout/5xx/etc => authFailure