git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-05-04 02:34:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
40f044f4e2edbd7023e396c40fa6bf256624ce38
metabuilder/emailclient/deployment/docker/dovecot/Dockerfile
T
git df5398a7ee feat(auth): Phase 7 Flask authentication middleware with JWT and multi-tenant isolation 
Complete implementation of enterprise-grade authentication middleware for email service:

Features:
- JWT token creation/validation with configurable expiration
- Bearer token extraction and validation
- Multi-tenant isolation enforced at middleware level
- Role-based access control (RBAC) with user/admin roles
- Row-level security (RLS) for resource access
- Automatic request logging with user context and audit trail
- CORS configuration for email client frontend
- Rate limiting (50 req/min per user with Redis backend)
- Comprehensive error handling with proper HTTP status codes

Implementation:
- Enhanced src/middleware/auth.py (415 lines)
  - JWTConfig class for token management
  - create_jwt_token() for token generation
  - decode_jwt_token() for token validation
  - @verify_tenant_context decorator for auth middleware
  - @verify_role decorator for RBAC
  - verify_resource_access() for row-level security
  - log_request_context() for audit logging

Testing:
- 52 comprehensive test cases covering all features
- 100% pass rate with fast execution (0.15s)
- Test categories: JWT, multi-tenant, RBAC, RLS, logging, integration
- Full coverage of error scenarios and edge cases

Documentation:
- AUTH_MIDDLEWARE.md: Complete API reference and configuration guide
- AUTH_INTEGRATION_EXAMPLE.py: Real-world usage examples for 5+ scenarios
- PHASE_7_SUMMARY.md: Implementation summary with checklist
- Inline code documentation with type hints

Security:
- Multi-tenant data isolation at all levels
- Constant-time password comparison
- JWT signature validation
- CORS protection
- Rate limiting against abuse
- Comprehensive audit logging

Dependencies Added:
- PyJWT==2.8.1

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-01-24 00:20:19 +00:00

66 lines
2.1 KiB
Docker
Raw Blame History

# Phase 8: Dovecot IMAP/POP3 Server
# Email Client Implementation - Mail Storage & Access Layer
FROM alpine:3.19
# Install Dovecot and dependencies
RUN apk add --no-cache \
dovecot \
dovecot-imapd \
dovecot-pop3d \
dovecot-lmtpd \
ca-certificates \
openssl \
bash \
curl \
&& mkdir -p /var/mail \
&& mkdir -p /var/run/dovecot \
&& adduser -D -H -u 1000 -s /sbin/nologin -G mail vmail || true
# Create mail spool directory with proper permissions
RUN mkdir -p /var/mail/vmail \
&& chown -R vmail:mail /var/mail \
&& chmod 700 /var/mail/vmail
# Copy configuration files
COPY dovecot.conf /etc/dovecot/dovecot.conf
COPY dovecot-local.conf /etc/dovecot/conf.d/99-local.conf
COPY dovecot-users /etc/dovecot/dovecot-users
# Fix permissions on configuration files
RUN chmod 644 /etc/dovecot/dovecot.conf \
&& chmod 644 /etc/dovecot/conf.d/99-local.conf \
&& chown vmail:mail /etc/dovecot/dovecot-users \
&& chmod 600 /etc/dovecot/dovecot-users
# Generate self-signed certificates for TLS/SSL
RUN openssl req -x509 -newkey rsa:2048 -keyout /etc/dovecot/private/dovecot.key \
-out /etc/dovecot/certs/dovecot.crt -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=emailclient.local" \
&& mkdir -p /etc/dovecot/private \
&& mkdir -p /etc/dovecot/certs \
&& chmod 600 /etc/dovecot/private/dovecot.key \
&& chmod 644 /etc/dovecot/certs/dovecot.crt
# Health check for IMAP protocol on port 143
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f -N -X "NOOP" <(echo "A001 NOOP") telnet localhost 143 || exit 1
# Expose required ports
# 143 - IMAP (clear text)
# 993 - IMAPS (TLS/SSL)
# 110 - POP3 (clear text)
# 995 - POP3S (TLS/SSL)
EXPOSE 143 993 110 995
# Create entrypoint script for initialization
RUN mkdir -p /docker-entrypoint.d
COPY docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh
# Non-root user execution (dovecot runs as root by default for binding to ports)
# Services run with unprivileged user where possible
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/usr/sbin/dovecot", "-F"]
Reference in New Issue View Git Blame Copy Permalink