@technomoron/mail-magic 1.0.40 → 1.0.42

package/dist/esm/models/form.js

@@ -2,7 +2,7 @@ import path from 'path';
 import { nanoid } from 'nanoid';
 import { Model, DataTypes, UniqueConstraintError } from 'sequelize';
 import { z } from 'zod';
-import { assertSafeRelativePath } from '../util/paths.js';
+import { assertSafeRelativePath, buildFormSlugAndFilename } from '../util/paths.js';
 import { user_and_domain, normalizeSlug } from '../util.js';
 const stored_file_schema = z
     .object({
@@ -173,7 +173,9 @@ export async function init_api_form(api_db) {
                 }
                 try {
                     const parsed = JSON.parse(raw);
-                    return Array.isArray(parsed) ? parsed : [];
+                    return Array.isArray(parsed)
+                        ? parsed.filter((item) => typeof item === 'string')
+                        : [];
                 }
                 catch {
                     return [];
@@ -231,23 +233,24 @@ export async function init_api_form(api_db) {
 export async function upsert_form(record) {
     const { user, domain } = await user_and_domain(record.domain_id);
     const dname = normalizeSlug(domain.name);
-    const name = normalizeSlug(record.idname);
-    const locale = normalizeSlug(record.locale || domain.locale || user.locale || '');
+    const { slug, filename: generatedFilename } = buildFormSlugAndFilename({
+        domainName: domain.name,
+        domainLocale: domain.locale,
+        userLocale: user.locale,
+        idname: record.idname,
+        locale: record.locale
+    });
     if (!record.slug) {
-        record.slug = `${dname}${locale ? '-' + locale : ''}-${name}`;
+        record.slug = slug;
     }
     if (!record.filename) {
-        const parts = [dname, 'form-template'];
-        if (locale)
-            parts.push(locale);
-        parts.push(name);
-        record.filename = path.join(...parts);
+        record.filename = generatedFilename;
     }
     else {
         record.filename = path.join(dname, 'form-template', record.filename);
-    }
-    if (!record.filename.endsWith('.njk')) {
-        record.filename += '.njk';
+        if (!record.filename.endsWith('.njk')) {
+            record.filename += '.njk';
+        }
     }
     record.filename = assertSafeRelativePath(record.filename, 'Form filename');
     let instance = null;

package/dist/esm/models/init.d.ts

@@ -0,0 +1,12 @@
+import { mailStore } from '../store/store.js';
+import { StoredFile } from '../types.js';
+import { api_form_type } from './form.js';
+import { api_txmail_type } from './txmail.js';
+interface LoadedTemplate {
+    html: string;
+    assets: StoredFile[];
+}
+export declare function loadFormTemplate(store: mailStore, form: api_form_type): Promise<LoadedTemplate>;
+export declare function loadTxTemplate(store: mailStore, template: api_txmail_type): Promise<LoadedTemplate>;
+export declare function importData(store: mailStore): Promise<void>;
+export {};

package/dist/esm/models/recipient.d.ts

@@ -0,0 +1,24 @@
+import { Sequelize, Model } from 'sequelize';
+import { z } from 'zod';
+export declare const api_recipient_schema: z.ZodObject<{
+    recipient_id: z.ZodNumber;
+    domain_id: z.ZodNumber;
+    form_key: z.ZodDefault<z.ZodString>;
+    idname: z.ZodString;
+    email: z.ZodString;
+    name: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+export type api_recipient_input = z.input<typeof api_recipient_schema>;
+export type api_recipient_type = z.output<typeof api_recipient_schema>;
+export type api_recipient_creation_type = Omit<api_recipient_input, 'recipient_id'> & {
+    recipient_id?: number;
+};
+export declare class api_recipient extends Model<api_recipient_type, api_recipient_creation_type> {
+    recipient_id: number;
+    domain_id: number;
+    form_key: string;
+    idname: string;
+    email: string;
+    name: string;
+}
+export declare function init_api_recipient(api_db: Sequelize): Promise<typeof api_recipient>;

package/dist/esm/models/txmail.d.ts

@@ -0,0 +1,42 @@
+import { Sequelize, Model } from 'sequelize';
+import { z } from 'zod';
+import { StoredFile } from '../types.js';
+export declare const api_txmail_schema: z.ZodObject<{
+    template_id: z.ZodNumber;
+    user_id: z.ZodNumber;
+    domain_id: z.ZodNumber;
+    name: z.ZodString;
+    locale: z.ZodDefault<z.ZodString>;
+    template: z.ZodDefault<z.ZodString>;
+    filename: z.ZodDefault<z.ZodString>;
+    sender: z.ZodString;
+    subject: z.ZodString;
+    slug: z.ZodDefault<z.ZodString>;
+    part: z.ZodDefault<z.ZodBoolean>;
+    files: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        filename: z.ZodString;
+        path: z.ZodString;
+        cid: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export type api_txmail_input = z.input<typeof api_txmail_schema>;
+export type api_txmail_type = z.output<typeof api_txmail_schema>;
+export type api_txmail_creation_type = Omit<api_txmail_input, 'template_id'> & {
+    template_id?: number;
+};
+export declare class api_txmail extends Model<api_txmail_type, api_txmail_creation_type> {
+    template_id: number;
+    user_id: number;
+    domain_id: number;
+    name: string;
+    locale: string;
+    template: string;
+    filename: string;
+    sender: string;
+    subject: string;
+    slug: string;
+    part: boolean;
+    files: StoredFile[];
+}
+export declare function upsert_txmail(record: api_txmail_type): Promise<api_txmail>;
+export declare function init_api_txmail(api_db: Sequelize): Promise<typeof api_txmail>;

package/dist/esm/models/user.d.ts

@@ -0,0 +1,33 @@
+import { Sequelize, Model } from 'sequelize';
+import { z } from 'zod';
+export declare const api_user_schema: z.ZodObject<{
+    user_id: z.ZodNumber;
+    idname: z.ZodString;
+    token: z.ZodOptional<z.ZodString>;
+    token_hmac: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    email: z.ZodString;
+    domain: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+    locale: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+export type api_user_input = z.input<typeof api_user_schema>;
+export type api_user_type = z.output<typeof api_user_schema>;
+export type api_user_creation_type = Omit<api_user_input, 'user_id'> & {
+    user_id?: number;
+};
+export declare class api_user extends Model<api_user_type, api_user_creation_type> {
+    user_id: number;
+    idname: string;
+    token: string | undefined;
+    token_hmac: string | undefined;
+    name: string;
+    email: string;
+    domain: number | null | undefined;
+    locale: string;
+}
+export declare function apiTokenToHmac(token: string, pepper: string): string;
+export declare function migrateLegacyApiTokens(pepper: string): Promise<{
+    migrated: number;
+    cleared: number;
+}>;
+export declare function init_api_user(api_db: Sequelize): Promise<typeof api_user>;

package/dist/esm/server.d.ts

@@ -0,0 +1,8 @@
+import { ApiServerConf, ApiServer } from '@technomoron/api-server-base';
+import { mailStore } from './store/store.js';
+export declare class mailApiServer extends ApiServer {
+    private store;
+    storage: mailStore;
+    constructor(config: Partial<ApiServerConf>, store: mailStore);
+    getApiKey<ApiKey>(token: string): Promise<ApiKey | null>;
+}

package/dist/esm/store/envloader.d.ts

@@ -0,0 +1,188 @@
+export declare const envOptions: {
+    NODE_ENV: {
+        description: string;
+        options: string[];
+        default: string;
+    };
+    API_PORT: {
+        description: string;
+        default: string;
+        type: "number";
+    };
+    API_HOST: {
+        description: string;
+        default: string;
+    };
+    DB_AUTO_RELOAD: {
+        description: string;
+        type: "boolean";
+        default: false;
+    };
+    DB_FORCE_SYNC: {
+        description: string;
+        type: "boolean";
+        default: false;
+    };
+    DB_SYNC_ALTER: {
+        description: string;
+        type: "boolean";
+        default: false;
+    };
+    API_URL: {
+        description: string;
+        default: string;
+    };
+    API_BASE_PATH: {
+        description: string;
+        default: string;
+    };
+    ASSET_PUBLIC_BASE: {
+        description: string;
+        default: string;
+    };
+    SWAGGER_ENABLED: {
+        description: string;
+        type: "boolean";
+        default: false;
+    };
+    SWAGGER_PATH: {
+        description: string;
+        default: string;
+    };
+    ADMIN_ENABLED: {
+        description: string;
+        default: false;
+        type: "boolean";
+    };
+    ADMIN_APP_PATH: {
+        description: string;
+        default: string;
+    };
+    ASSET_ROUTE: {
+        description: string;
+        default: string;
+    };
+    CONFIG_PATH: {
+        description: string;
+        default: string;
+    };
+    GEN_ENV_TEMPLATE: {
+        description: string;
+        default: false;
+        type: "boolean";
+    };
+    DB_USER: {
+        description: string;
+    };
+    DB_PASS: {
+        description: string;
+    };
+    DB_NAME: {
+        description: string;
+        default: string;
+    };
+    DB_HOST: {
+        description: string;
+        default: string;
+    };
+    DB_TYPE: {
+        description: string;
+        options: string[];
+        default: string;
+    };
+    DB_LOG: {
+        description: string;
+        default: string;
+        type: "boolean";
+    };
+    DEBUG: {
+        description: string;
+        default: false;
+        type: "boolean";
+    };
+    AUTOESCAPE_HTML: {
+        description: string;
+        default: true;
+        type: "boolean";
+    };
+    SMTP_HOST: {
+        description: string;
+        default: string;
+    };
+    SMTP_PORT: {
+        description: string;
+        default: number;
+        type: "number";
+    };
+    SMTP_SECURE: {
+        description: string;
+        default: false;
+        type: "boolean";
+    };
+    SMTP_TLS_REJECT: {
+        description: string;
+        default: true;
+        type: "boolean";
+    };
+    SMTP_REQUIRE_TLS: {
+        description: string;
+        default: true;
+        type: "boolean";
+    };
+    SMTP_USER: {
+        description: string;
+        default: string;
+    };
+    SMTP_PASSWORD: {
+        description: string;
+        default: string;
+    };
+    UPLOAD_PATH: {
+        description: string;
+        default: string;
+    };
+    UPLOAD_MAX: {
+        description: string;
+        default: number;
+        type: "number";
+    };
+    FORM_RATE_LIMIT_WINDOW_SEC: {
+        description: string;
+        default: number;
+        type: "number";
+    };
+    FORM_RATE_LIMIT_MAX: {
+        description: string;
+        default: number;
+        type: "number";
+    };
+    FORM_MAX_ATTACHMENTS: {
+        description: string;
+        default: number;
+        type: "number";
+    };
+    FORM_KEEP_UPLOADS: {
+        description: string;
+        default: true;
+        type: "boolean";
+    };
+    FORM_CAPTCHA_PROVIDER: {
+        description: string;
+        options: string[];
+        default: string;
+    };
+    FORM_CAPTCHA_SECRET: {
+        description: string;
+        default: string;
+    };
+    FORM_CAPTCHA_REQUIRED: {
+        description: string;
+        default: false;
+        type: "boolean";
+    };
+    API_TOKEN_PEPPER: {
+        description: string;
+        required: true;
+        transform: (raw: string) => string;
+    };
+};

package/dist/esm/store/envloader.js

@@ -27,7 +27,7 @@ export const envOptions = defineEnvOptions({
     DB_SYNC_ALTER: {
         description: 'Alter existing tables on startup to match models (requires write access to the DB)',
         type: 'boolean',
-        default: true
+        default: false
     },
     API_URL: {
         description: 'Sets the public URL for the API (i.e. https://ml.example.com:3790)',
@@ -88,7 +88,7 @@ export const envOptions = defineEnvOptions({
     },
     DB_TYPE: {
         description: 'Database type for the API database',
-        options: ['sqlite'],
+        options: ['sqlite', 'mysql', 'postgres'],
         default: 'sqlite'
     },
     DB_LOG: {
@@ -121,8 +121,13 @@ export const envOptions = defineEnvOptions({
         type: 'boolean'
     },
     SMTP_TLS_REJECT: {
-        description: 'Reject bad cert/TLS connection to SMTP host',
-        default: false,
+        description: 'Validate the SMTP server TLS certificate. Set false to allow self-signed certificates.',
+        default: true,
+        type: 'boolean'
+    },
+    SMTP_REQUIRE_TLS: {
+        description: 'Require STARTTLS upgrade on SMTP connection. Set false for servers that do not support STARTTLS (e.g. MailHog).',
+        default: true,
         type: 'boolean'
     },
     SMTP_USER: {

package/dist/esm/store/store.d.ts

@@ -0,0 +1,38 @@
+import { envConfig } from '@technomoron/env-loader';
+import { Transporter } from 'nodemailer';
+import { Sequelize } from 'sequelize';
+import { envOptions } from './envloader.js';
+import type SMTPTransport from 'nodemailer/lib/smtp-transport';
+type UploadedFile = {
+    fieldname?: string;
+    originalname?: string;
+    filepath?: string;
+    buffer?: Buffer;
+};
+export type MailStoreVars = envConfig<typeof envOptions>;
+type AutoReloadHandle = {
+    close: () => void;
+};
+type AutoReloadContext = {
+    vars: Pick<MailStoreVars, 'DB_AUTO_RELOAD'>;
+    config_filename: (name: string) => string;
+    print_debug: (msg: string) => void;
+};
+export declare function enableInitDataAutoReload(ctx: AutoReloadContext, reload: () => void): AutoReloadHandle | null;
+export declare class mailStore {
+    private env;
+    vars: MailStoreVars;
+    transport?: Transporter<SMTPTransport.SentMessageInfo>;
+    api_db: Sequelize | null;
+    configpath: string;
+    uploadTemplate?: string;
+    uploadStagingPath?: string;
+    autoReloadHandle: AutoReloadHandle | null;
+    print_debug(msg: string): void;
+    config_filename(name: string): string;
+    resolveUploadPath(domainName?: string): string;
+    getUploadStagingPath(): string;
+    relocateUploads(domainName: string | null, files: UploadedFile[]): Promise<void>;
+    init(overrides?: Partial<MailStoreVars>): Promise<this>;
+}
+export {};

package/dist/esm/store/store.js

@@ -13,7 +13,7 @@ function create_mail_transport(vars) {
         tls: {
             rejectUnauthorized: vars.SMTP_TLS_REJECT
         },
-        requireTLS: true,
+        requireTLS: vars.SMTP_REQUIRE_TLS,
         logger: vars.DEBUG,
         debug: vars.DEBUG
     };
@@ -102,24 +102,28 @@ export class mailStore {
         }
         await fs.promises.mkdir(targetDir, { recursive: true });
         await Promise.all(files.map(async (file) => {
-            if (!file?.path) {
+            const name = (file.originalname ?? file.filepath) ? path.basename(file.filepath ?? file.originalname ?? '') : '';
+            if (!name) {
                 return;
             }
-            const basename = path.basename(file.path);
-            const destination = path.join(targetDir, basename);
-            if (destination === file.path) {
-                return;
-            }
-            try {
-                await fs.promises.rename(file.path, destination);
-            }
-            catch {
-                await fs.promises.copyFile(file.path, destination);
-                await fs.promises.unlink(file.path);
+            const destination = path.join(targetDir, name);
+            if (file.buffer) {
+                await fs.promises.writeFile(destination, file.buffer);
+                file.filepath = destination;
+                file.buffer = undefined;
             }
-            file.path = destination;
-            if (file.destination !== undefined) {
-                file.destination = targetDir;
+            else if (file.filepath) {
+                if (destination === file.filepath) {
+                    return;
+                }
+                try {
+                    await fs.promises.rename(file.filepath, destination);
+                }
+                catch {
+                    await fs.promises.copyFile(file.filepath, destination);
+                    await fs.promises.unlink(file.filepath);
+                }
+                file.filepath = destination;
             }
         }));
     }

package/dist/esm/swagger.d.ts

@@ -0,0 +1,10 @@
+import type { mailApiServer } from './server.js';
+type SwaggerInstallOptions = {
+    apiBasePath: string;
+    assetRoute: string;
+    apiUrl: string;
+    swaggerEnabled?: boolean;
+    swaggerPath?: string;
+};
+export declare function installMailMagicSwagger(server: mailApiServer, opts: SwaggerInstallOptions): void;
+export {};

package/dist/esm/types.d.ts

@@ -0,0 +1,36 @@
+import { ApiRequest } from '@technomoron/api-server-base';
+import { api_domain } from './models/domain.js';
+import { api_user } from './models/user.js';
+export interface mailApiKey {
+    uid: number;
+}
+export interface mailApiRequest extends ApiRequest {
+    user?: api_user;
+    domain?: api_domain;
+    locale?: string;
+}
+export interface formType {
+    rcpt: string;
+    sender: string;
+    subject: string;
+    template: string;
+}
+export interface StoredFile {
+    filename: string;
+    path: string;
+    cid?: string;
+}
+export interface RequestMeta {
+    client_ip: string;
+    received_at: string;
+    ip_chain: string[];
+}
+export interface UploadedFile {
+    fieldname: string;
+    originalname: string;
+    encoding?: string;
+    mimetype?: string;
+    size?: number;
+    buffer?: Buffer;
+    filepath?: string;
+}

package/dist/esm/util/captcha.d.ts

@@ -0,0 +1,7 @@
+export type CaptchaProvider = 'turnstile' | 'hcaptcha' | 'recaptcha';
+export declare function verifyCaptcha(params: {
+    provider: CaptchaProvider;
+    secret: string;
+    token: string;
+    remoteip: string | null;
+}): Promise<boolean>;

package/dist/esm/util/captcha.js

@@ -4,7 +4,10 @@ export async function verifyCaptcha(params) {
         hcaptcha: 'https://hcaptcha.com/siteverify',
         recaptcha: 'https://www.google.com/recaptcha/api/siteverify'
     };
-    const endpoint = endpoints[params.provider] ?? endpoints.turnstile;
+    const endpoint = endpoints[params.provider];
+    if (!endpoint) {
+        throw new Error(`Unknown CAPTCHA provider: "${params.provider}"`);
+    }
     const body = new URLSearchParams();
     body.set('secret', params.secret);
     body.set('response', params.token);

package/dist/esm/util/email.d.ts

@@ -0,0 +1,3 @@
+import { ParsedMailbox } from 'email-addresses';
+export declare function validateEmail(email: string): string | undefined;
+export declare function parseMailbox(value: string): ParsedMailbox | undefined;

package/dist/esm/util/form-replyto.d.ts

@@ -0,0 +1,6 @@
+type ReplyToValue = string | {
+    name: string;
+    address: string;
+};
+export declare function extractReplyToFromSubmission(body: Record<string, unknown>): ReplyToValue | undefined;
+export {};

package/dist/esm/util/form-submission.d.ts

@@ -0,0 +1,24 @@
+import { z } from 'zod';
+export declare const form_submission_schema: z.ZodObject<{
+    _mm_form_key: z.ZodString;
+    _mm_locale: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    _mm_recipients: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    email: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    name: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    first_name: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    last_name: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    'cf-turnstile-response': z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    'h-captcha-response': z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    'g-recaptcha-response': z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+    captcha: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+}, z.core.$loose>;
+export type ParsedFormSubmission = {
+    mm: {
+        form_key: string;
+        locale: string;
+        captcha_token: string;
+        recipients_raw: unknown;
+    };
+    fields: Record<string, unknown>;
+};
+export declare function parseFormSubmissionInput(raw: unknown): ParsedFormSubmission;