@technomoron/mail-magic 1.0.4

package/src/server.ts

@@ -0,0 +1,27 @@
+import { ApiServerConf, ApiServer } from '@technomoron/api-server-base';
+
+import { api_user } from './models/user.js';
+import { mailStore } from './store/store.js';
+
+export class mailApiServer extends ApiServer {
+	storage: mailStore;
+
+	constructor(
+		config: Partial<ApiServerConf>,
+		private store: mailStore
+	) {
+		super(config);
+		this.storage = store;
+	}
+
+	override async getApiKey<ApiKey>(token: string): Promise<ApiKey | null> {
+		this.storage.print_debug(`Looking up api key ${token}`);
+		const user = await api_user.findOne({ where: { token: token } });
+		if (!user) {
+			this.storage.print_debug(`Unable to find user for token ${token}`);
+			return null;
+		} else {
+			return { uid: user.user_id } as ApiKey;
+		}
+	}
+}

package/src/store/envloader.ts

@@ -0,0 +1,117 @@
+import { defineEnvOptions } from '@technomoron/env-loader';
+
+export const envOptions = defineEnvOptions({
+	NODE_ENV: {
+		description: 'Specifies the environment in which the app is running',
+		options: ['development', 'production', 'staging'],
+		default: 'development'
+	},
+	API_PORT: {
+		description: 'Defines the port on which the app listens. Default 3780',
+		default: '3776',
+		type: 'number'
+	},
+	API_HOST: {
+		description: 'Sets the local IP address for the API to listen at',
+		default: '0.0.0.0'
+	},
+	DB_AUTO_RELOAD: {
+		description: 'Reload init-data.db automatically on change',
+		type: 'boolean',
+		default: true
+	},
+	DB_FORCE_SYNC: {
+		description: 'Whether to force sync on table definitions (ALTER TABLE)',
+		type: 'boolean',
+		default: false
+	},
+	API_URL: {
+		description: 'Sets the public URL for the API (i.e. https://ml.example.com:3790)',
+		default: 'http://localhost:3776'
+	},
+	CONFIG_PATH: {
+		description: 'Path to directory where config files are located',
+		default: './config/'
+	},
+	/*
+	SWAGGER_ENABLE: {
+		description: 'Enable Swagger API docs',
+		default: 'false',
+		type: 'boolean'
+	},
+	SWAGGER_PATH: {
+		description: 'Path for swagger api docs',
+		default: '/api-docs'
+	},
+	*/
+	/*
+	JWT_SECRET: {
+		description: 'Secret key for generating JWT access tokens',
+		required: true
+	},
+	JWT_REFRESH: {
+		description: 'Secret key for generating JWT refresh tokens',
+		required: true
+	},
+	*/
+	DB_USER: {
+		description: 'Database username for API database'
+	},
+	DB_PASS: {
+		description: 'Password for API database'
+	},
+	DB_NAME: {
+		description: 'Name of API database. Filename for sqlite3, database name for others',
+		default: 'maildata'
+	},
+	DB_HOST: {
+		description: 'Host of API database',
+		default: 'localhost'
+	},
+	DB_TYPE: {
+		description: 'Database type of WP database',
+		options: ['sqlite'],
+		default: 'sqlite'
+	},
+	DB_LOG: {
+		description: 'Log SQL statements',
+		default: 'false',
+		type: 'boolean'
+	},
+	DEBUG: {
+		description: 'Enable debug output, including nodemailer and API',
+		default: false,
+		type: 'boolean'
+	},
+	SMTP_HOST: {
+		description: 'Hostname of SMTP sending host',
+		default: 'localhost'
+	},
+	SMTP_PORT: {
+		description: 'SMTP host server port',
+		default: 587,
+		type: 'number'
+	},
+	SMTP_SECURE: {
+		description: 'Use secure connection to SMTP host (SSL/TSL)',
+		default: false,
+		type: 'boolean'
+	},
+	SMTP_TLS_REJECT: {
+		description: 'Reject bad cert/TLS connection to SMTP host',
+		default: false,
+		type: 'boolean'
+	},
+	SMTP_USER: {
+		description: 'Username for SMTP host',
+		default: ''
+	},
+	SMTP_PASSWORD: {
+		description: 'Password for SMTP host',
+		default: ''
+	},
+	UPLOAD_PATH: {
+		description: 'Path for attached files',
+		default: './uploads/'
+	}
+});

package/src/store/store.ts

@@ -0,0 +1,116 @@
+import fs from 'fs';
+import path from 'path';
+
+import { EnvLoader, envConfig } from '@technomoron/env-loader';
+import { createTransport, Transporter } from 'nodemailer';
+import { Sequelize } from 'sequelize';
+
+import { connect_api_db } from '../models/db.js';
+import { importData } from '../models/init.js';
+
+import { envOptions } from './envloader.js';
+
+import type SMTPTransport from 'nodemailer/lib/smtp-transport';
+
+interface api_key {
+	keyid: string;
+	uid: number;
+	domain: number;
+}
+
+function create_mail_transport(env: envConfig<typeof envOptions>): Transporter {
+	const args: SMTPTransport.Options = {
+		host: env.SMTP_HOST,
+		port: env.SMTP_PORT,
+		secure: env.SMTP_SECURE,
+		tls: {
+			rejectUnauthorized: env.SMTP_TLS_REJECT
+		},
+		requireTLS: true,
+		logger: env.DEBUG,
+		debug: env.DEBUG
+	};
+	const user = env.SMTP_USER;
+	const pass = env.SMTP_PASSWORD;
+	if (user && pass) {
+		args.auth = { user, pass };
+	}
+	// console.log(JSON.stringify(args, undefined, 2));
+
+	const mailer: Transporter = createTransport({
+		...args
+	});
+	if (!mailer) {
+		throw new Error('Unable to create mailer');
+	}
+	return mailer;
+}
+
+export interface ImailStore {
+	env: envConfig<typeof envOptions>;
+	transport?: Transporter<SMTPTransport.SentMessageInfo>;
+	keys: Record<string, api_key>;
+	configpath: string;
+}
+
+export class mailStore implements ImailStore {
+	env!: envConfig<typeof envOptions>;
+	transport?: Transporter<SMTPTransport.SentMessageInfo>;
+	api_db: Sequelize | null = null;
+	keys: Record<string, api_key> = {};
+	configpath = '';
+
+	print_debug(msg: string) {
+		if (this.env.DEBUG) {
+			console.log(msg);
+		}
+	}
+
+	config_filename(name: string): string {
+		return path.resolve(path.join(this.configpath, name));
+	}
+
+	private async load_api_keys(cfgpath: string): Promise<Record<string, api_key>> {
+		const keyfile = path.resolve(cfgpath, 'api-keys.json');
+		if (fs.existsSync(keyfile)) {
+			const raw = fs.readFileSync(keyfile, 'utf-8');
+			const jsonData = JSON.parse(raw) as Record<string, api_key>;
+			this.print_debug(`API Key Database loaded from ${keyfile}`);
+			return jsonData;
+		}
+		this.print_debug(`No api-keys.json file found: tried ${keyfile}`);
+		return {};
+	}
+
+	async init(): Promise<this> {
+		const env = (this.env = await EnvLoader.createConfigProxy(envOptions, { debug: true }));
+		EnvLoader.genTemplate(envOptions, '.env-dist');
+		const p = env.CONFIG_PATH;
+		this.configpath = path.isAbsolute(p) ? p : path.join(process.cwd(), p);
+		console.log(`Config path is ${this.configpath}`);
+
+		// this.keys = await this.load_api_keys(this.configpath);
+
+		this.transport = await create_mail_transport(env);
+
+		this.api_db = await connect_api_db(this);
+
+		if (this.env.DB_AUTO_RELOAD) {
+			this.print_debug('Enabling auto reload of init-data.json');
+			fs.watchFile(this.config_filename('init-data.json'), { interval: 2000 }, () => {
+				this.print_debug('Config file changed, reloading...');
+				try {
+					importData(this);
+				} catch (err) {
+					this.print_debug(`Failed to reload config: ${err}`);
+				}
+			});
+		}
+
+		return this;
+	}
+
+	public get_api_key(key: string): api_key | null {
+		return this.keys[key] || null;
+	}
+}

package/src/types.ts

@@ -0,0 +1,39 @@
+import { ApiRequest } from '@technomoron/api-server-base';
+
+import { api_domain } from './models/domain.js';
+import { api_user } from './models/user.js';
+
+export interface mailApiKey {
+	uid: number;
+}
+
+export interface mailApiRequest extends ApiRequest {
+	user?: api_user;
+	domain?: api_domain;
+	locale?: string;
+}
+
+export interface formType {
+	rcpt: string;
+	sender: string;
+	subject: string;
+	template: string;
+}
+
+export interface StoredFile {
+	filename: string;
+	path: string;
+	cid?: string;
+}
+
+export interface RequestMeta {
+	client_ip: string;
+	received_at: string;
+	ip_chain: string[];
+}
+
+export interface UploadedFile {
+	originalname: string;
+	path: string;
+	fieldname: string;
+}

package/src/util.ts

@@ -0,0 +1,111 @@
+import { api_domain } from './models/domain.js';
+import { api_user } from './models/user.js';
+
+import type { RequestMeta } from './types.js';
+
+/**
+ * Normalize a string into a safe identifier for slugs, filenames, etc.
+ *
+ * - Lowercases all characters
+ * - Replaces any character that is not `a-z`, `0-9`, `-`, '.' or `_` with `-`
+ * - Collapses multiple consecutive dashes into one
+ * - Trims leading and trailing dashes
+ *
+ * Examples:
+ *   normalizeSlug("Hello World!")    -> "hello-world"
+ *   normalizeSlug("  Áccêntš  ")     -> "ccnt"
+ *   normalizeSlug("My--Slug__Test")  -> "my-slug__test"
+ */
+export function normalizeSlug(input: string): string {
+	if (!input) {
+		return '';
+	}
+	return input
+		.trim()
+		.toLowerCase()
+		.replace(/[^a-z0-9-_\.]/g, '-')
+		.replace(/--+/g, '-') // collapse multiple dashes
+		.replace(/^-+|-+$/g, ''); // trim leading/trailing dashes
+}
+
+export async function user_and_domain(domain_id: number): Promise<{ user: api_user; domain: api_domain }> {
+	const domain = await api_domain.findByPk(domain_id);
+	if (!domain) {
+		throw new Error(`Unable to look up domain ${domain_id}`);
+	}
+	const user = await api_user.findByPk(domain.user_id);
+	if (!user) {
+		throw new Error(`Unable to look up user ${domain.user_id}`);
+	}
+	return { user, domain };
+}
+
+type HeaderValue = string | string[] | undefined | null;
+
+function collectHeaderIps(header: string | string[] | undefined): string[] {
+	if (!header) {
+		return [];
+	}
+	if (Array.isArray(header)) {
+		return header
+			.join(',')
+			.split(',')
+			.map((ip) => ip.trim())
+			.filter(Boolean);
+	}
+	return header
+		.split(',')
+		.map((ip) => ip.trim())
+		.filter(Boolean);
+}
+
+function resolveHeader(headers: Record<string, unknown>, key: string): string | string[] | undefined {
+	const direct = headers[key];
+	const alt = headers[key.toLowerCase()];
+	const value = direct ?? alt;
+	if (typeof value === 'string' || Array.isArray(value)) {
+		return value;
+	}
+	return undefined;
+}
+
+interface RequestLike {
+	headers?: Record<string, HeaderValue>;
+	ip?: string | null;
+	socket?: { remoteAddress?: string | null } | null;
+}
+
+export function buildRequestMeta(rawReq: unknown): RequestMeta {
+	const req = (rawReq ?? {}) as RequestLike;
+	const headers = req.headers ?? {};
+	const ips: string[] = [];
+	ips.push(...collectHeaderIps(resolveHeader(headers, 'x-forwarded-for')));
+	const realIp = resolveHeader(headers, 'x-real-ip');
+	if (typeof realIp === 'string' && realIp.trim()) {
+		ips.push(realIp.trim());
+	}
+	const cfIp = resolveHeader(headers, 'cf-connecting-ip');
+	if (typeof cfIp === 'string' && cfIp.trim()) {
+		ips.push(cfIp.trim());
+	}
+	const fastlyIp = resolveHeader(headers, 'fastly-client-ip');
+	if (typeof fastlyIp === 'string' && fastlyIp.trim()) {
+		ips.push(fastlyIp.trim());
+	}
+	if (req.ip && req.ip.trim()) {
+		ips.push(req.ip.trim());
+	}
+	const remoteAddress = req.socket?.remoteAddress;
+	if (remoteAddress) {
+		ips.push(remoteAddress);
+	}
+
+	const uniqueIps = ips.filter((ip, index) => ips.indexOf(ip) === index);
+	const clientIp = uniqueIps[0] || '';
+
+	return {
+		client_ip: clientIp,
+		received_at: new Date().toISOString(),
+		ip_chain: uniqueIps
+	};
+}

package/test1.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+curl -X POST http://localhost:3776/api/v1/form/message \
+  -F "formid=testform" \
+  -F "domain=ml.yesmedia.no" \
+  -F "vars={\"x\":\"y\"}" \
+  -F "attachment1=@./tsconfig.json" \
+  -F "attachment2=@./config/testuser/ml.yesmedia.no/form-template/assets/3075977.png"
+ 
+#  -F "rcpt=bjornjac@pm.me" \
+#  -H "Authorization: Bearer apikey-j82lkIOjUuj34sd" \
+
+ 

package/tsconfig.json

@@ -0,0 +1,14 @@
+{
+	"compilerOptions": {
+		"target": "ES2022",
+		"module": "ES2022", // compile as ES modules
+		"moduleResolution": "node",
+		"outDir": "./dist",
+		"rootDir": "./src",
+		"strict": true,
+		"esModuleInterop": true,
+		"allowSyntheticDefaultImports": true,
+		"typeRoots": ["./node_modules/@types", "./types"]
+	},
+	"include": ["src"]
+}