[PATCH pmg-api] quarantine: link generate call: restrict link to relay domains

[PATCH pmg-api] quarantine: link generate call: restrict link to relay domains

[Stoiko Ivanov]

both when using the send quarantine link functionality before logging
in, as well as when sending out reports to users, we verify that the
e-mail address is internal (in the sense of being an address inside
one of the relay domains).

while allowing this for all addresses could make sense in certain
use-cases (e.g. making some mail-content available to an external
contact, without sending it via SMTP on the public internet), treat it
as an error for now - relaxing the constraint on the address later is
always possible, restricting it might brake the workflow of some
users.

follows commit:
 2d3a8a50 ("fix #3414: quarantine: add API to get a login link for a mail")

minimally tested with `pmgsh get /quarantine/link -mail` with relayed
and external addresses.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/API2/Quarantine.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/PMG/API2/Quarantine.pm b/src/PMG/API2/Quarantine.pm
index 6f88ddee..eb31be77 100644
--- a/src/PMG/API2/Quarantine.pm
+++ b/src/PMG/API2/Quarantine.pm
@@ -1723,7 +1723,16 @@ __PACKAGE__->register_method({
 
         my $cfg = PMG::Config->new();
 
-        my ($link) = build_quarantine_link($cfg, $param->{mail});
+        my $domains = PVE::INotify::read_file('domains');
+        my $domainregex = PMG::Utils::domain_regex([keys %$domains]);
+
+        my $receiver = $param->{mail};
+
+        raise_param_exc({
+            mail => "link generation only allowed for address inside relay domains" })
+            if ($receiver !~ $domainregex);
+
+        my ($link) = build_quarantine_link($cfg, $receiver);
 
         return { link => $link };
     },
-- 
2.47.3