npm - @realtimex/email-automator - Versions diffs - 2.26.0 → 2.28.0 - Mend

@realtimex/email-automator 2.26.0 → 2.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/api/server.ts CHANGED Viewed

@@ -21,9 +21,15 @@ import { setEncryptionKey, getEncryptionKeyHex } from './src/utils/encryption.js
 async function initializePersistenceEncryption() {
     try {
         const supabase = getServiceRoleSupabase();
         if (!supabase) {
-            logger.info('Supabase not configured yet, skipping encryption initialization');
-            logger.info('IMAP features will be available after completing Setup Wizard');
+            // BYOK mode: Supabase not configured at startup (credentials come via HTTP headers)
+            // Generate encryption key anyway and keep it in memory
+            logger.info('Supabase not configured yet (BYOK mode)');
+            logger.info('Generating encryption key in memory - will persist when Supabase becomes available');
+            const newKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(newKey);
+            logger.info('✓ Encryption key generated and loaded in memory');
             return;
         }
@@ -37,6 +43,10 @@ async function initializePersistenceEncryption() {
         if (error) {
             logger.warn('Failed to query user_settings for encryption key', { error });
+            // Still generate a key for in-memory use
+            const newKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(newKey);
+            logger.info('✓ Generated fallback encryption key due to DB error');
             return;
         }
@@ -74,12 +84,17 @@ async function initializePersistenceEncryption() {
             logger.info('✓ Encryption key saved to database');
         } else {
             logger.info('No users found yet, encryption key loaded in memory');
-            logger.info('Key will be persisted when first user is created');
+            logger.info('Key will be persisted when users are created');
         }
     } catch (err) {
         logger.error('Error initializing encryption:', err);
-        logger.warn('⚠ IMAP features may not work properly');
+        // Always ensure we have a key, even if there was an error
+        if (!getEncryptionKeyHex()) {
+            logger.warn('Generating emergency fallback encryption key');
+            const fallbackKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(fallbackKey);
+        }
     }
 }

package/api/src/routes/auth.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { getGmailService } from '../services/gmail.js';
 import { getMicrosoftService } from '../services/microsoft.js';
 import { getImapService } from '../services/imap-service.js';
 import { createLogger } from '../utils/logger.js';
-import { getEncryptionKeyHex } from '../utils/encryption.js';
+import { getEncryptionKeyHex, setEncryptionKey } from '../utils/encryption.js';
 const router = Router();
 const logger = createLogger('AuthRoutes');
@@ -24,25 +24,52 @@ router.post('/imap/connect',
             smtpHost, smtpPort, smtpSecure
         } = req.body;
-        // CRITICAL FIX: Ensure user has encryption key before IMAP operations
-        // This handles the "first user connects IMAP immediately after signup" case
-        const currentKey = getEncryptionKeyHex();
-        if (currentKey) {
-            const { data: userSettings } = await req.supabase!
+        // CRITICAL FIX: Sync encryption key between server memory and database
+        // In BYOK mode, database trigger generates key but server has random key in memory
+        // We need to sync them: prefer database key (persistent) over server key (ephemeral)
+        const { data: userSettings, error: fetchError } = await req.supabase!
+            .from('user_settings')
+            .select('encryption_key')
+            .eq('user_id', req.user!.id)
+            .single();
+        if (fetchError) {
+            logger.error('Failed to fetch user settings', { error: fetchError });
+            throw new ValidationError('Failed to load user settings. Please try again.');
+        }
+        const currentServerKey = getEncryptionKeyHex();
+        const databaseKey = userSettings?.encryption_key;
+        logger.info('Encryption key sync check', {
+            hasServerKey: !!currentServerKey,
+            hasDatabaseKey: !!databaseKey,
+            userId: req.user!.id
+        });
+        if (databaseKey) {
+            // Database has a key - use it (it's the source of truth)
+            if (currentServerKey !== databaseKey) {
+                logger.info('Loading encryption key from database (overriding server memory)');
+                setEncryptionKey(databaseKey);
+            }
+        } else if (currentServerKey) {
+            // Server has key but database doesn't - persist to database
+            logger.info('Database missing encryption key, persisting server key');
+            const { error: updateError } = await req.supabase!
                 .from('user_settings')
-                .select('encryption_key')
-                .eq('user_id', req.user!.id)
-                .single();
-            if (userSettings && !userSettings.encryption_key) {
-                // User doesn't have encryption key yet - persist it now
-                logger.info('User missing encryption key, persisting immediately', { userId: req.user!.id });
-                await req.supabase!
-                    .from('user_settings')
-                    .update({ encryption_key: currentKey })
-                    .eq('user_id', req.user!.id);
-                logger.info('✓ Encryption key persisted to user');
+                .update({ encryption_key: currentServerKey })
+                .eq('user_id', req.user!.id);
+            if (updateError) {
+                logger.error('Failed to persist encryption key', { error: updateError });
+                throw new ValidationError('Failed to initialize encryption. Please try again.');
             }
+            logger.info('✓ Encryption key persisted to database');
+        } else {
+            // Neither server nor database has key - this should never happen with new trigger
+            logger.error('No encryption key found in server OR database!');
+            throw new ValidationError('Encryption not initialized. Please contact support.');
         }
         const imapService = getImapService();

package/dist/api/server.js CHANGED Viewed

@@ -20,8 +20,13 @@ async function initializePersistenceEncryption() {
     try {
         const supabase = getServiceRoleSupabase();
         if (!supabase) {
-            logger.info('Supabase not configured yet, skipping encryption initialization');
-            logger.info('IMAP features will be available after completing Setup Wizard');
+            // BYOK mode: Supabase not configured at startup (credentials come via HTTP headers)
+            // Generate encryption key anyway and keep it in memory
+            logger.info('Supabase not configured yet (BYOK mode)');
+            logger.info('Generating encryption key in memory - will persist when Supabase becomes available');
+            const newKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(newKey);
+            logger.info('✓ Encryption key generated and loaded in memory');
             return;
         }
         // 1. Check if ANY user has an encryption key stored
@@ -33,6 +38,10 @@ async function initializePersistenceEncryption() {
             .limit(1);
         if (error) {
             logger.warn('Failed to query user_settings for encryption key', { error });
+            // Still generate a key for in-memory use
+            const newKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(newKey);
+            logger.info('✓ Generated fallback encryption key due to DB error');
             return;
         }
         if (users && users.length > 0 && users[0].encryption_key) {
@@ -63,12 +72,17 @@ async function initializePersistenceEncryption() {
         }
         else {
             logger.info('No users found yet, encryption key loaded in memory');
-            logger.info('Key will be persisted when first user is created');
+            logger.info('Key will be persisted when users are created');
         }
     }
     catch (err) {
         logger.error('Error initializing encryption:', err);
-        logger.warn('⚠ IMAP features may not work properly');
+        // Always ensure we have a key, even if there was an error
+        if (!getEncryptionKeyHex()) {
+            logger.warn('Generating emergency fallback encryption key');
+            const fallbackKey = crypto.randomBytes(32).toString('hex');
+            setEncryptionKey(fallbackKey);
+        }
     }
 }
 // Periodic sync: Persist in-memory encryption key to users without one

package/dist/api/src/routes/auth.js CHANGED Viewed

@@ -7,31 +7,56 @@ import { getGmailService } from '../services/gmail.js';
 import { getMicrosoftService } from '../services/microsoft.js';
 import { getImapService } from '../services/imap-service.js';
 import { createLogger } from '../utils/logger.js';
-import { getEncryptionKeyHex } from '../utils/encryption.js';
+import { getEncryptionKeyHex, setEncryptionKey } from '../utils/encryption.js';
 const router = Router();
 const logger = createLogger('AuthRoutes');
 // IMAP/SMTP Connection
 router.post('/imap/connect', connectionRateLimit, // More lenient for connection testing (30 attempts / 15 min)
 authMiddleware, validateBody(schemas.imapConnect), asyncHandler(async (req, res) => {
     const { email, password, imapHost, imapPort, imapSecure, smtpHost, smtpPort, smtpSecure } = req.body;
-    // CRITICAL FIX: Ensure user has encryption key before IMAP operations
-    // This handles the "first user connects IMAP immediately after signup" case
-    const currentKey = getEncryptionKeyHex();
-    if (currentKey) {
-        const { data: userSettings } = await req.supabase
+    // CRITICAL FIX: Sync encryption key between server memory and database
+    // In BYOK mode, database trigger generates key but server has random key in memory
+    // We need to sync them: prefer database key (persistent) over server key (ephemeral)
+    const { data: userSettings, error: fetchError } = await req.supabase
+        .from('user_settings')
+        .select('encryption_key')
+        .eq('user_id', req.user.id)
+        .single();
+    if (fetchError) {
+        logger.error('Failed to fetch user settings', { error: fetchError });
+        throw new ValidationError('Failed to load user settings. Please try again.');
+    }
+    const currentServerKey = getEncryptionKeyHex();
+    const databaseKey = userSettings?.encryption_key;
+    logger.info('Encryption key sync check', {
+        hasServerKey: !!currentServerKey,
+        hasDatabaseKey: !!databaseKey,
+        userId: req.user.id
+    });
+    if (databaseKey) {
+        // Database has a key - use it (it's the source of truth)
+        if (currentServerKey !== databaseKey) {
+            logger.info('Loading encryption key from database (overriding server memory)');
+            setEncryptionKey(databaseKey);
+        }
+    }
+    else if (currentServerKey) {
+        // Server has key but database doesn't - persist to database
+        logger.info('Database missing encryption key, persisting server key');
+        const { error: updateError } = await req.supabase
             .from('user_settings')
-            .select('encryption_key')
-            .eq('user_id', req.user.id)
-            .single();
-        if (userSettings && !userSettings.encryption_key) {
-            // User doesn't have encryption key yet - persist it now
-            logger.info('User missing encryption key, persisting immediately', { userId: req.user.id });
-            await req.supabase
-                .from('user_settings')
-                .update({ encryption_key: currentKey })
-                .eq('user_id', req.user.id);
-            logger.info('✓ Encryption key persisted to user');
+            .update({ encryption_key: currentServerKey })
+            .eq('user_id', req.user.id);
+        if (updateError) {
+            logger.error('Failed to persist encryption key', { error: updateError });
+            throw new ValidationError('Failed to initialize encryption. Please try again.');
         }
+        logger.info('✓ Encryption key persisted to database');
+    }
+    else {
+        // Neither server nor database has key - this should never happen with new trigger
+        logger.error('No encryption key found in server OR database!');
+        throw new ValidationError('Encryption not initialized. Please contact support.');
     }
     const imapService = getImapService();
     const imapConfig = {