chore: wip

Author: chrisbbreuer

packages/cloud/cloud.config.ts

@@ -55,6 +55,10 @@ const mailConfig = {
     backupDir: '/var/lib/mail/backups',
   },
 
+  discord: {
+    webhookUrl: process.env.DISCORD_WEBHOOK_URL || 'https://discord.com/api/webhooks/1479364487294488596/4x1uwO_FvR-4PZ_bZ1ozkF3imltiNoZtEjM2CBFk30xXQkdF3pSJNsVYXtJ_kwEBQhqB',
+  },
+
   installUtils: [
     'git',
     'wget',
@@ -520,6 +524,9 @@ SMTP_MAX_MESSAGE_SIZE=${cfg.server.maxMessageSize}
 SMTP_MAX_RECIPIENTS=${cfg.server.maxRecipients}
 SMTP_RATE_LIMIT_PER_IP=${cfg.server.rateLimitPerIp}
 SMTP_RATE_LIMIT_PER_USER=${cfg.server.rateLimitPerUser}
+
+# Discord Health Monitoring
+DISCORD_WEBHOOK_URL=${cfg.discord?.webhookUrl || ''}
 ENVEOF
 
 chmod 600 ${cfg.paths.configDir}/mail.env

packages/zig/src/auth/auth.zig

@@ -699,11 +699,12 @@ pub const ResetRateLimiter = struct {
     pub fn recordAttempt(self: *ResetRateLimiter, identifier: []const u8) !void {
         const now = getCurrentTimestamp();
 
-        const result = try self.attempts.getOrPut(try self.allocator.dupe(u8, identifier));
+        const result = try self.attempts.getOrPut(identifier);
         if (result.found_existing) {
             result.value_ptr.count += 1;
             result.value_ptr.last_attempt = now;
         } else {
+            result.key_ptr.* = try self.allocator.dupe(u8, identifier);
             result.value_ptr.* = .{
                 .count = 1,
                 .first_attempt = now,

packages/zig/src/auth/password.zig

@@ -30,7 +30,7 @@ pub const PasswordHasher = struct {
             .{
                 .t = 3, // 3 iterations
                 .m = 65536, // 64 MB memory
-                .p = 4, // 4 parallelism
+                .p = 1, // single-threaded (avoids async I/O requirement)
             },
             .argon2id,
             io_compat.getIo(),
@@ -49,10 +49,10 @@ pub const PasswordHasher = struct {
         defer self.allocator.free(hash_b64);
         const hash_encoded = encoder.encode(hash_b64, &hash);
 
-        // Format: $argon2id$v=19$m=65536,t=3,p=4$<salt_b64>$<hash_b64>
+        // Format: $argon2id$v=19$m=65536,t=3,p=1$<salt_b64>$<hash_b64>
         const encoded = try std.fmt.allocPrint(
             self.allocator,
-            "$argon2id$v=19$m=65536,t=3,p=4${s}${s}",
+            "$argon2id$v=19$m=65536,t=3,p=1${s}${s}",
             .{ salt_encoded, hash_encoded },
         );
 
@@ -62,7 +62,7 @@ pub const PasswordHasher = struct {
     /// Verify a password against a hash
     pub fn verifyPassword(self: *PasswordHasher, password: []const u8, hash_str: []const u8) !bool {
         // Parse the hash string
-        // Format: $argon2id$v=19$m=65536,t=3,p=4$<salt_b64>$<hash_b64>
+        // Format: $argon2id$v=19$m=65536,t=3,p=1$<salt_b64>$<hash_b64>
         var parts = std.mem.splitSequence(u8, hash_str, "$");
 
         // Skip empty first part
@@ -77,11 +77,11 @@ pub const PasswordHasher = struct {
         // Skip version
         _ = parts.next();
 
-        // Parse parameters (m=65536,t=3,p=4)
+        // Parse parameters (m=65536,t=3,p=1)
         const params_str = parts.next() orelse return error.InvalidHashFormat;
         var m: u32 = 65536;
         var t: u32 = 3;
-        var p: u24 = 4;
+        var p: u24 = 1;
 
         var param_parts = std.mem.splitScalar(u8, params_str, ',');
         while (param_parts.next()) |param| {

packages/zig/src/main.zig

@@ -16,6 +16,7 @@ const cluster = @import("infrastructure/cluster.zig");
 const multitenancy = @import("features/multitenancy.zig");
 const metrics_mod = @import("observability/metrics.zig");
 const alerting = @import("observability/alerting.zig");
+const discord = @import("observability/discord.zig");
 const secrets = @import("security/secrets.zig");
 const hot_reload = @import("core/hot_reload.zig");
 
@@ -542,6 +543,26 @@ pub fn run(allocator: std.mem.Allocator, cli_args: args_parser.Args) !void {
         }
     }
 
+    // Start Discord health monitor if webhook URL is configured
+    var discord_monitor: ?discord.DiscordHealthMonitor = null;
+    var discord_thread: ?std.Thread = null;
+    const discord_webhook_url = env.get("DISCORD_WEBHOOK_URL");
+    if (discord_webhook_url) |webhook_url| {
+        discord_monitor = discord.DiscordHealthMonitor.init(
+            allocator,
+            webhook_url,
+            &server.active_connections,
+            cfg.max_connections,
+            &shutdown_requested,
+        );
+        discord_thread = try std.Thread.spawn(.{}, struct {
+            fn run(monitor: *discord.DiscordHealthMonitor) void {
+                monitor.run();
+            }
+        }.run, .{&discord_monitor.?});
+        log.info("Discord health monitor enabled", .{});
+    }
+
     server.startWithReload(&shutdown_requested, &reload_requested, reloadConfigCallback) catch |err| {
         log.critical("Server error: {}", .{err});
         // Stop IMAP server on error
@@ -607,6 +628,12 @@ pub fn run(allocator: std.mem.Allocator, cli_args: args_parser.Args) !void {
         t.join();
     }
 
+    // Stop Discord health monitor
+    if (discord_thread) |t| {
+        t.join();
+        log.info("Discord health monitor stopped", .{});
+    }
+
     // Cleanup
     if (cluster_manager) |cm| {
         cm.stop();