232 bug configure sasl authentication scope for tcp vs unix socket

[Aravinda-HWK]

📌 Description

This PR gives the capability to configure the TCP or Unix Domain Socket for SASL connection

• Closes [BUG] Configure SASL Authentication Scope for TCP vs Unix Socket #232

---

🔍 Changes Made

• Add logic to configure the TCP, Unix socket, or both
• Add the test cases as well.

✅ Checklist (Email System)

• Core IMAP commands tested (LOGIN, CAPABILITY, LIST, SELECT, FETCH, LOGOUT).
• Authentication is tested.
• Docker build & run validated.
• Configuration loading verified for default and custom paths.
• Persistent storage with Docker volume verified.
• Error handling and logging verified
• Documentation updated (README, config samples).

---

🧪 Testing Instructions

To test the server, use the instructions in the README in the test directory.

---

📷 Screenshots / Logs (if applicable)

---

⚠️ Notes for Reviewers

[gemini-code-assist]

Summary of Changes

Hello @Aravinda-HWK, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the SASL authentication server by introducing a configurable scope for authentication. Users can now define whether SASL should be active on TCP connections, Unix domain sockets, or both, providing greater flexibility and security control over how the authentication mechanism is applied within the system. This change refines the server's operational behavior without altering the core authentication logic.

Highlights

• Configurable SASL Scope: Introduced a new configuration option, sasl_scope, allowing administrators to specify whether SASL authentication should be enforced on TCP connections only, Unix domain sockets only, or both. This provides granular control over authentication requirements based on connection type.
• Enhanced Configuration Management: Refactored the configuration loading and validation logic to include default values for sasl_scope and robust validation for all required configuration fields, improving reliability and ease of use.
• SASL Server Adaptation: Modified the SASL server to dynamically start and manage listeners (TCP and Unix socket) based on the configured sasl_scope, ensuring that authentication is applied only where intended.
• Comprehensive Testing: Added extensive unit and integration tests to cover the new sasl_scope configuration, validation, and the server's behavior when operating under different scope settings, ensuring correctness and preventing regressions.

Changelog

• cmd/sasl/main.go
  • Updated configuration loading to use new SetDefaults and Validate methods.
  • Modified sasl.NewServer call to pass the new SASLScope configuration.
• config/raven.yaml
  • Added sasl_scope configuration option with detailed comments explaining tcp_only, unix_socket_only, and all options.
• internal/conf/config.go
  • Defined SASLScope type and associated constants (SASLScopeTCPOnly, SASLScopeUnixSocketOnly, SASLScopeAll).
  • Added SASLScope field to the Config struct.
  • Implemented SetDefaults method to set SASLScopeAll as the default if sasl_scope is not specified.
  • Implemented Validate method to ensure domain, auth_server_url, and sasl_scope are valid.
• internal/conf/config_test.go
  • Added TestSASLScopeValidation to verify correct parsing and validation of sasl_scope from configuration, including default behavior.
• internal/sasl/server.go
  • Introduced ConnectionType enum for TCP and Unix socket connections.
  • Added saslScope field to the Server struct.
  • Updated NewServer constructor to accept saslScope parameter.
  • Modified Start method to conditionally start Unix socket and TCP listeners based on the configured saslScope.
  • Added a check in Start to ensure at least one listener is active.
  • Updated acceptConnections and handleConnection methods to pass ConnectionType for context.
• internal/sasl/server_test.go
  • Imported raven/internal/conf package.
  • Updated all sasl.NewServer calls to include conf.SASLScopeAll as the default scope for existing tests.
  • Added TestServerWithSASLScope to verify server creation with different SASL scopes.
  • Added TestConnectionTypeConstants to ensure ConnectionType enum values are distinct.
  • Added TestSASLScopeConfiguration to test server startup and shutdown behavior with various sasl_scope settings.
• test/integration/sasl/sasl_integration_test.go
  • Imported raven/internal/conf package.
  • Updated all sasl.NewServer calls to include conf.SASLScopeAll as the default scope for integration tests.

Activity

• The pull request description indicates that core IMAP commands, authentication, Docker build/run, configuration loading, persistent storage, error handling, logging, and documentation have been checked off in a checklist.
• Testing instructions are provided, directing reviewers to the test/README.md for guidance.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a new configuration option sasl_scope to control where SASL authentication is enforced (TCP, Unix socket, or both). This is a good enhancement for flexibility and security. The changes include updating the configuration structure, adding validation logic, and modifying the SASL server to respect this new scope. Unit tests have also been added to cover the new functionality. Overall, the changes are well-implemented and tested.

[maneeshaxyz]

LGTM.