chore(deps): update module github.com/getkin/kin-openapi to v0.134.0

2026-03-25 06:07:26 +00:00
18 changed files with 64 additions and 6875 deletions
--- a/3
+++ b/3
@ -175,8 +175,7 @@ ENV HAPPYDELIVER_DATABASE_TYPE=sqlite \
    HAPPYDELIVER_DOMAIN=happydeliver.local \
    HAPPYDELIVER_ADDRESS_PREFIX=test- \
    HAPPYDELIVER_DNS_TIMEOUT=5s \
-    HAPPYDELIVER_HTTP_TIMEOUT=10s \
-    HAPPYDELIVER_RSPAMD_API_URL=http://127.0.0.1:11334
+    HAPPYDELIVER_HTTP_TIMEOUT=10s

 # Volume for persistent data
 VOLUME ["/var/lib/happydeliver", "/var/log/happydeliver"]
--- a/api/openapi.yaml
+++ b/api/openapi.yaml
@ -926,10 +926,6 @@ components:
          format: float
          description: Score contribution of this test
          example: -1.9
-        params:
-          type: string
-          description: Symbol parameters or options
-          example: "0.02"
        description:
          type: string
          description: Human-readable description of what this test checks
@ -979,7 +975,7 @@ components:
        symbols:
          type: object
          additionalProperties:
-            $ref: '#/components/schemas/SpamTestDetail'
+            $ref: '#/components/schemas/RspamdSymbol'
          description: Map of triggered rspamd symbols to their details
          example:
            BAYES_HAM:
@ -990,6 +986,25 @@ components:
          type: string
          description: Full rspamd report (raw X-Spamd-Result header)

+    RspamdSymbol:
+      type: object
+      required:
+        - name
+        - score
+      properties:
+        name:
+          type: string
+          description: Symbol name
+          example: "BAYES_HAM"
+        score:
+          type: number
+          format: float
+          description: Score contribution of this symbol
+          example: -1.9
+        params:
+          type: string
+          description: Symbol parameters or options
+          example: "0.02"

    DNSResults:
      type: object
--- a/internal/config/cli.go
+++ b/internal/config/cli.go
@ -39,7 +39,6 @@ func declareFlags(o *Config) {
 	flag.DurationVar(&o.Analysis.HTTPTimeout, "http-timeout", o.Analysis.HTTPTimeout, "Timeout when performing HTTP query")
 	flag.Var(&StringArray{&o.Analysis.RBLs}, "rbl", "Append a RBL (use this option multiple time to append multiple RBLs)")
 	flag.BoolVar(&o.Analysis.CheckAllIPs, "check-all-ips", o.Analysis.CheckAllIPs, "Check all IPs found in email headers against RBLs (not just the first one)")
-	flag.StringVar(&o.Analysis.RspamdAPIURL, "rspamd-api-url", o.Analysis.RspamdAPIURL, "rspamd API URL for symbol descriptions (default: use embedded list)")
 	flag.DurationVar(&o.ReportRetention, "report-retention", o.ReportRetention, "How long to keep reports (e.g., 720h, 30d). 0 = keep forever")
 	flag.UintVar(&o.RateLimit, "rate-limit", o.RateLimit, "API rate limit (requests per second per IP)")
 	flag.Var(&URL{&o.SurveyURL}, "survey-url", "URL for user feedback survey")
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -72,8 +72,7 @@ type AnalysisConfig struct {
 	HTTPTimeout  time.Duration
 	RBLs         []string
 	DNSWLs       []string
-	CheckAllIPs  bool   // Check all IPs found in headers, not just the first one
-	RspamdAPIURL string // rspamd API URL for fetching symbol descriptions (empty = use embedded list)
+	CheckAllIPs  bool // Check all IPs found in headers, not just the first one
 }

 // DefaultConfig returns a configuration with sensible defaults
--- a/pkg/analyzer/analyzer.go
+++ b/pkg/analyzer/analyzer.go
@ -47,7 +47,6 @@ func NewEmailAnalyzer(cfg *config.Config) *EmailAnalyzer {
 		cfg.Analysis.RBLs,
 		cfg.Analysis.DNSWLs,
 		cfg.Analysis.CheckAllIPs,
-		cfg.Analysis.RspamdAPIURL,
 	)

 	return &EmailAnalyzer{
@ -138,7 +137,7 @@ func (a *APIAdapter) CheckBlacklistIP(ip string) ([]api.BlacklistCheck, []api.Bl
 		IPsChecked:  []string{ip},
 		ListedCount: listedCount,
 	}
-	score, grade := a.analyzer.generator.rblChecker.CalculateScore(results, false)
+	score, grade := a.analyzer.generator.rblChecker.CalculateScore(results)

 	// Check the IP against all configured DNSWLs (informational only)
 	whitelists, _, err := a.analyzer.generator.dnswlChecker.CheckIP(ip)
--- a/pkg/analyzer/authentication.go
+++ b/pkg/analyzer/authentication.go
@ -152,32 +152,27 @@ func (a *AuthenticationAnalyzer) CalculateAuthenticationScore(results *api.Authe

 	score := 0

-	// Core authentication (90 points total)
-	// SPF (30 points)
-	score += 30 * a.calculateSPFScore(results) / 100
+	// IPRev (15 points)
+	score += 15 * a.calculateIPRevScore(results) / 100

-	// DKIM (30 points)
-	score += 30 * a.calculateDKIMScore(results) / 100
+	// SPF (25 points)
+	score += 25 * a.calculateSPFScore(results) / 100

-	// DMARC (30 points)
-	score += 30 * a.calculateDMARCScore(results) / 100
+	// DKIM (23 points)
+	score += 23 * a.calculateDKIMScore(results) / 100
+
+	// X-Google-DKIM (optional) - penalty if failed
+	score += 12 * a.calculateXGoogleDKIMScore(results) / 100
+
+	// X-Aligned-From
+	score += 2 * a.calculateXAlignedFromScore(results) / 100
+
+	// DMARC (25 points)
+	score += 25 * a.calculateDMARCScore(results) / 100

 	// BIMI (10 points)
 	score += 10 * a.calculateBIMIScore(results) / 100

-	// Penalty-only: IPRev (up to -7 points on failure)
-	if iprevScore := a.calculateIPRevScore(results); iprevScore < 100 {
-		score += 7 * (iprevScore - 100) / 100
-	}
-
-	// Penalty-only: X-Google-DKIM (up to -12 points on failure)
-	score += 12 * a.calculateXGoogleDKIMScore(results) / 100
-
-	// Penalty-only: X-Aligned-From (up to -5 points on failure)
-	if xAlignedScore := a.calculateXAlignedFromScore(results); xAlignedScore < 100 {
-		score += 5 * (xAlignedScore - 100) / 100
-	}
-
 	// Ensure score doesn't exceed 100
 	if score > 100 {
 		score = 100
--- a/pkg/analyzer/authentication_spf.go
+++ b/pkg/analyzer/authentication_spf.go
@ -63,16 +63,6 @@ func (a *AuthenticationAnalyzer) parseLegacySPF(email *EmailMessage) *api.AuthRe
 		return nil
 	}

-	// Verify receiver matches our hostname
-	if a.receiverHostname != "" {
-		receiverRe := regexp.MustCompile(`receiver=([^\s;]+)`)
-		if matches := receiverRe.FindStringSubmatch(receivedSPF); len(matches) > 1 {
-			if matches[1] != a.receiverHostname {
-				return nil
-			}
-		}
-	}
-
 	result := &api.AuthResult{}

 	// Extract result (first word)
--- a/pkg/analyzer/dns.go
+++ b/pkg/analyzer/dns.go
@ -105,7 +105,7 @@ func (d *DNSAnalyzer) AnalyzeDNS(email *EmailMessage, headersResults *api.Header
 	results.SpfRecords = d.checkSPFRecords(spfDomain)

 	// Check DKIM records by parsing DKIM-Signature headers directly
-	for _, sig := range parseDKIMSignatures(email.Header["Dkim-Signature"]) {
+	for _, sig := range parseDKIMSignatures(email.Header["DKIM-Signature"]) {
 		dkimRecord := d.checkDKIMRecord(sig.Domain, sig.Selector)
 		if dkimRecord != nil {
 			if results.DkimRecords == nil {
--- a/pkg/analyzer/rbl.go
+++ b/pkg/analyzer/rbl.go
@ -300,24 +300,13 @@ func (r *DNSListChecker) reverseIP(ipStr string) string {

 // CalculateScore calculates the list contribution to deliverability.
 // Informational lists are not counted in the score.
-func (r *DNSListChecker) CalculateScore(results *DNSListResults, forWhitelist bool) (int, string) {
-	scoringListCount := len(r.Lists) - len(r.informationalSet)
-
-	if forWhitelist {
-		if results.ListedCount >= scoringListCount {
-			return 100, "A++"
-		} else if results.ListedCount > 0 {
-			return 100, "A+"
-		} else {
-			return 95, "A"
-		}
-	}
-
+func (r *DNSListChecker) CalculateScore(results *DNSListResults) (int, string) {
 	if results == nil || len(results.IPsChecked) == 0 {
 		return 100, ""
 	}

-	if results.ListedCount <= 0 {
+	scoringListCount := len(r.Lists) - len(r.informationalSet)
+	if scoringListCount <= 0 {
 		return 100, "A+"
 	}

--- a/pkg/analyzer/report.go
+++ b/pkg/analyzer/report.go
@ -49,12 +49,11 @@ func NewReportGenerator(
 	rbls []string,
 	dnswls []string,
 	checkAllIPs bool,
-	rspamdAPIURL string,
 ) *ReportGenerator {
 	return &ReportGenerator{
 		authAnalyzer:    NewAuthenticationAnalyzer(receiverHostname),
 		spamAnalyzer:    NewSpamAssassinAnalyzer(),
-		rspamdAnalyzer:  NewRspamdAnalyzer(LoadRspamdSymbols(rspamdAPIURL)),
+		rspamdAnalyzer:  NewRspamdAnalyzer(),
 		dnsAnalyzer:     NewDNSAnalyzer(dnsTimeout),
 		rblChecker:      NewRBLChecker(dnsTimeout, rbls, checkAllIPs),
 		dnswlChecker:    NewDNSWLChecker(dnsTimeout, dnswls, checkAllIPs),
@ -141,10 +140,8 @@ func (r *ReportGenerator) GenerateReport(testID uuid.UUID, results *AnalysisResu

 	blacklistScore := 0
 	var blacklistGrade string
-	var whitelistGrade string
 	if results.RBL != nil {
-		blacklistScore, blacklistGrade = r.rblChecker.CalculateScore(results.RBL, false)
-		_, whitelistGrade = r.dnswlChecker.CalculateScore(results.DNSWL, true)
+		blacklistScore, blacklistGrade = r.rblChecker.CalculateScore(results.RBL)
 	}

 	saScore, saGrade := r.spamAnalyzer.CalculateSpamAssassinScore(results.SpamAssassin)
@ -175,7 +172,7 @@ func (r *ReportGenerator) GenerateReport(testID uuid.UUID, results *AnalysisResu
 		AuthenticationScore: authScore,
 		AuthenticationGrade: api.ScoreSummaryAuthenticationGrade(authGrade),
 		BlacklistScore:      blacklistScore,
-		BlacklistGrade:      api.ScoreSummaryBlacklistGrade(MinGrade(blacklistGrade, whitelistGrade)),
+		BlacklistGrade:      api.ScoreSummaryBlacklistGrade(blacklistGrade),
 		ContentScore:        contentScore,
 		ContentGrade:        api.ScoreSummaryContentGrade(contentGrade),
 		HeaderScore:         headerScore,
--- a/pkg/analyzer/report_test.go
+++ b/pkg/analyzer/report_test.go
@ -32,7 +32,7 @@ import (
 )

 func TestNewReportGenerator(t *testing.T) {
-	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false, "")
+	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
 	if gen == nil {
 		t.Fatal("Expected report generator, got nil")
 	}
@ -55,7 +55,7 @@ func TestNewReportGenerator(t *testing.T) {
 }

 func TestAnalyzeEmail(t *testing.T) {
-	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false, "")
+	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)

 	email := createTestEmail()

@ -75,7 +75,7 @@ func TestAnalyzeEmail(t *testing.T) {
 }

 func TestGenerateReport(t *testing.T) {
-	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false, "")
+	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
 	testID := uuid.New()

 	email := createTestEmail()
@ -130,7 +130,7 @@ func TestGenerateReport(t *testing.T) {
 }

 func TestGenerateReportWithSpamAssassin(t *testing.T) {
-	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false, "")
+	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)
 	testID := uuid.New()

 	email := createTestEmailWithSpamAssassin()
@ -150,7 +150,7 @@ func TestGenerateReportWithSpamAssassin(t *testing.T) {
 }

 func TestGenerateRawEmail(t *testing.T) {
-	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false, "")
+	gen := NewReportGenerator("", 10*time.Second, 10*time.Second, DefaultRBLs, DefaultDNSWLs, false)

 	tests := []struct {
 		name     string
--- a/pkg/analyzer/rspamd-symbols-README.md
+++ b/pkg/analyzer/rspamd-symbols-README.md
@ -1,21 +0,0 @@
-# rspamd-symbols.json
-
-This file contains rspamd symbol descriptions, embedded into the binary at compile time as a fallback when no rspamd API URL is configured.
-
-## How to update
-
-Fetch the latest symbols from a running rspamd instance:
-
-```sh
-curl http://127.0.0.1:11334/symbols > rspamd-symbols.json
-```
-
-Or with docker:
-
-```sh
-docker run --rm --name rspamd --pull always rspamd/rspamd
-docker exec -u 0 rspamd apt install -y curl
-docker exec rspamd curl http://127.0.0.1:11334/symbols > rspamd-symbols.json
-```
-
-Then rebuild the project.
--- a/pkg/analyzer/rspamd-symbols.json
+++ b/pkg/analyzer/rspamd-symbols.json
--- a/pkg/analyzer/rspamd.go
+++ b/pkg/analyzer/rspamd.go
@ -37,13 +37,11 @@ const (
 )

 // RspamdAnalyzer analyzes rspamd results from email headers
-type RspamdAnalyzer struct {
-	symbols map[string]string
-}
+type RspamdAnalyzer struct{}

-// NewRspamdAnalyzer creates a new rspamd analyzer with optional symbol descriptions
-func NewRspamdAnalyzer(symbols map[string]string) *RspamdAnalyzer {
-	return &RspamdAnalyzer{symbols: symbols}
+// NewRspamdAnalyzer creates a new rspamd analyzer
+func NewRspamdAnalyzer() *RspamdAnalyzer {
+	return &RspamdAnalyzer{}
 }

 // AnalyzeRspamd extracts and analyzes rspamd results from email headers
@ -61,7 +59,7 @@ func (a *RspamdAnalyzer) AnalyzeRspamd(email *EmailMessage) *api.RspamdResult {
 	}

 	result := &api.RspamdResult{
-		Symbols: make(map[string]api.SpamTestDetail),
+		Symbols: make(map[string]api.RspamdSymbol),
 	}

 	// Parse X-Spamd-Result header (primary source for score, threshold, and symbols)
@ -85,16 +83,6 @@ func (a *RspamdAnalyzer) AnalyzeRspamd(email *EmailMessage) *api.RspamdResult {
 		result.Server = &server
 	}

-	// Populate symbol descriptions from the lookup map
-	if a.symbols != nil {
-		for name, sym := range result.Symbols {
-			if desc, ok := a.symbols[name]; ok {
-				sym.Description = &desc
-				result.Symbols[name] = sym
-			}
-		}
-	}
-
 	// Derive IsSpam from score vs reject threshold.
 	if result.Threshold > 0 {
 		result.IsSpam = result.Score >= result.Threshold
@ -141,7 +129,7 @@ func (a *RspamdAnalyzer) parseSpamdResult(header string, result *api.RspamdResul
 		if len(matches) > 2 {
 			name := matches[1]
 			score, _ := strconv.ParseFloat(matches[2], 64)
-			sym := api.SpamTestDetail{
+			sym := api.RspamdSymbol{
 				Name:  name,
 				Score: float32(score),
 			}
--- a/pkg/analyzer/rspamd_symbols.go
+++ b/pkg/analyzer/rspamd_symbols.go
@ -1,105 +0,0 @@
-// This file is part of the happyDeliver (R) project.
-// Copyright (c) 2026 happyDomain
-// Authors: Pierre-Olivier Mercier, et al.
-//
-// This program is offered under a commercial and under the AGPL license.
-// For commercial licensing, contact us at <contact@happydomain.org>.
-//
-// For AGPL licensing:
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-package analyzer
-
-import (
-	_ "embed"
-	"encoding/json"
-	"io"
-	"log"
-	"net/http"
-	"strings"
-	"time"
-)
-
-//go:embed rspamd-symbols.json
-var embeddedRspamdSymbols []byte
-
-// rspamdSymbolGroup represents a group of rspamd symbols from the API/embedded JSON.
-type rspamdSymbolGroup struct {
-	Group string              `json:"group"`
-	Rules []rspamdSymbolEntry `json:"rules"`
-}
-
-// rspamdSymbolEntry represents a single rspamd symbol entry.
-type rspamdSymbolEntry struct {
-	Symbol      string  `json:"symbol"`
-	Description string  `json:"description"`
-	Weight      float64 `json:"weight"`
-}
-
-// parseRspamdSymbolsJSON parses the rspamd symbols JSON into a name->description map.
-func parseRspamdSymbolsJSON(data []byte) map[string]string {
-	var groups []rspamdSymbolGroup
-	if err := json.Unmarshal(data, &groups); err != nil {
-		log.Printf("Failed to parse rspamd symbols JSON: %v", err)
-		return nil
-	}
-
-	symbols := make(map[string]string, len(groups)*10)
-	for _, g := range groups {
-		for _, r := range g.Rules {
-			if r.Description != "" {
-				symbols[r.Symbol] = r.Description
-			}
-		}
-	}
-	return symbols
-}
-
-// LoadRspamdSymbols loads rspamd symbol descriptions.
-// If apiURL is non-empty, it fetches from the rspamd API first, falling back to the embedded list on error.
-func LoadRspamdSymbols(apiURL string) map[string]string {
-	if apiURL != "" {
-		if symbols := fetchRspamdSymbols(apiURL); symbols != nil {
-			return symbols
-		}
-		log.Printf("Failed to fetch rspamd symbols from %s, using embedded list", apiURL)
-	}
-	return parseRspamdSymbolsJSON(embeddedRspamdSymbols)
-}
-
-// fetchRspamdSymbols fetches symbol descriptions from the rspamd API.
-func fetchRspamdSymbols(apiURL string) map[string]string {
-	url := strings.TrimRight(apiURL, "/") + "/symbols"
-
-	client := &http.Client{Timeout: 10 * time.Second}
-	resp, err := client.Get(url)
-	if err != nil {
-		log.Printf("Error fetching rspamd symbols: %v", err)
-		return nil
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		log.Printf("rspamd API returned status %d", resp.StatusCode)
-		return nil
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		log.Printf("Error reading rspamd symbols response: %v", err)
-		return nil
-	}
-
-	return parseRspamdSymbolsJSON(body)
-}
--- a/pkg/analyzer/rspamd_test.go
+++ b/pkg/analyzer/rspamd_test.go
@ -30,7 +30,7 @@ import (
 )

 func TestAnalyzeRspamdNoHeaders(t *testing.T) {
-	analyzer := NewRspamdAnalyzer(nil)
+	analyzer := NewRspamdAnalyzer()
 	email := &EmailMessage{Header: make(mail.Header)}

 	result := analyzer.AnalyzeRspamd(email)
@ -126,12 +126,12 @@ func TestParseSpamdResult(t *testing.T) {
 		},
 	}

-	analyzer := NewRspamdAnalyzer(nil)
+	analyzer := NewRspamdAnalyzer()

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			result := &api.RspamdResult{
-				Symbols: make(map[string]api.SpamTestDetail),
+				Symbols: make(map[string]api.RspamdSymbol),
 			}
 			analyzer.parseSpamdResult(tt.header, result)

@ -241,7 +241,7 @@ func TestAnalyzeRspamd(t *testing.T) {
 		},
 	}

-	analyzer := NewRspamdAnalyzer(nil)
+	analyzer := NewRspamdAnalyzer()

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -340,7 +340,7 @@ func TestCalculateRspamdScore(t *testing.T) {
 		},
 	}

-	analyzer := NewRspamdAnalyzer(nil)
+	analyzer := NewRspamdAnalyzer()

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -380,7 +380,7 @@ func TestAnalyzeRspamdRealEmail(t *testing.T) {
 		t.Fatalf("Failed to parse email: %v", err)
 	}

-	analyzer := NewRspamdAnalyzer(nil)
+	analyzer := NewRspamdAnalyzer()
 	result := analyzer.AnalyzeRspamd(email)

 	if result == nil {
--- a/pkg/analyzer/scoring.go
+++ b/pkg/analyzer/scoring.go
@ -73,8 +73,6 @@ func ScoreToReportGrade(score int) api.ReportGrade {
 // gradeRank returns a numeric rank for a grade (lower = worse)
 func gradeRank(grade string) int {
 	switch grade {
-	case "A++":
-		return 7
 	case "A+":
 		return 6
 	case "A":
--- a/web/src/lib/components/RspamdCard.svelte
+++ b/web/src/lib/components/RspamdCard.svelte
@ -75,7 +75,7 @@
                            <tr>
                                <th>Symbol</th>
                                <th class="text-end">Score</th>
-                                <th>Description</th>
+                                <th>Parameters</th>
                            </tr>
                        </thead>
                        <tbody>
@ -87,14 +87,7 @@
                                          ? "table-success"
                                          : ""}
                                >
-                                    <td>
-                                        <span class="font-monospace">{symbolName}</span>
-                                        {#if symbol.params}
-                                            <small class="d-block text-muted">
-                                                {symbol.params}
-                                            </small>
-                                        {/if}
-                                    </td>
+                                    <td class="font-monospace">{symbolName}</td>
                                    <td class="text-end">
                                        <span
                                            class={symbol.score > 0
@ -106,7 +99,7 @@
                                            {symbol.score > 0 ? "+" : ""}{symbol.score.toFixed(2)}
                                        </span>
                                    </td>
-                                    <td class="small text-muted">{symbol.description ?? ""}</td>
+                                    <td class="small text-muted">{symbol.params ?? ""}</td>
                                </tr>
                            {/each}
                        </tbody>