@technomoron/mail-magic 1.0.8 → 1.0.9

package/.do-realease.sh

@@ -30,6 +30,11 @@ if [ "$BEHIND_COUNT" -ne 0 ] || [ "$AHEAD_COUNT" -ne 0 ]; then
 	exit 1
 fi
 
+if ! npm whoami >/dev/null 2>&1; then
+	echo "Not logged into npm. Run 'npm login' before release." >&2
+	exit 1
+fi
+
 if git rev-parse -q --verify "refs/tags/v${VERSION}" >/dev/null; then
 	echo "Tag v${VERSION} already exists. Aborting." >&2
 	exit 1

package/.env-dist

@@ -26,7 +26,7 @@ SWAGGER_PATH=
 ASSET_ROUTE=/asset
 
 # Path to directory where config files are located
-CONFIG_PATH=./config/
+CONFIG_PATH=./data/
 
 # Database username for API database
 DB_USER=
@@ -67,5 +67,5 @@ SMTP_USER=
 # Password for SMTP host
 SMTP_PASSWORD=
 
-# Path for attached files
-UPLOAD_PATH=./uploads/
+# Path for attached files. Use {domain} to scope per domain.
+UPLOAD_PATH=./{domain}/uploads

package/CHANGES

@@ -1,3 +1,11 @@
+Version 1.0.9 (2026-01-02)
+
+- Default CONFIG_PATH to ./data and document the data-rooted layout, including
+  per-domain uploads.
+- Allow UPLOAD_PATH to include {domain}, staging incoming uploads under
+  <CONFIG_PATH>/_uploads before relocating to <CONFIG_PATH>/<domain>/uploads
+  for transactional and form submissions.
+
 Version 1.0.7 (2026-01-01)
 
 - Harden asset serving and template resolution against traversal/symlink escapes by

package/README.md

@@ -15,7 +15,7 @@ Mail Magic is a TypeScript service for managing, templating, and delivering tran
 1. Clone the repository: `git clone git@github.com:technomoron/mail-magic.git`
 2. Install dependencies: `npm install`
 3. Create your environment file: copy `.env-dist` to `.env` and adjust values
-4. Populate the config directory (see `config-example/` for a reference layout)
+4. Populate the config directory (defaults to `./data/`; see `config-example/` for a reference layout). You can point `CONFIG_PATH` at `./config` to use the bundled sample data.
 5. Build the project: `npm run build`
 6. Start the API server: `npm run start`
 
@@ -24,14 +24,15 @@ During development you can run `npm run dev` for a watch mode that recompiles on
 ## Configuration
 
 - **Environment variables** are defined in `src/store/envloader.ts`. Important settings include SMTP credentials, API host/port, the config directory path, and database options.
-- **Config directory** (`CONFIG_PATH`) contains JSON seed data (`init-data.json`), optional API key files, and template assets. Each domain now lives directly under the config root (for example `config/example.com/form-template/…`). Review `config-example/` for the recommended layout, in particular the `form-template/` and `tx-template/` folders used for compiled Nunjucks templates.
+- **Config directory** (`CONFIG_PATH`) contains JSON seed data (`init-data.json`), optional API key files, and template assets. Each domain now lives directly under the config root (for example `data/example.com/form-template/…`). Use an absolute path or a relative one like `../data` when you want the config outside the repo. Review `config-example/` for the recommended layout, in particular the `form-template/` and `tx-template/` folders used for compiled Nunjucks templates.
 - **Database** defaults to SQLite (`maildata.db`). You can switch dialects by updating the environment options if your deployment requires another database.
+- **Uploads** default to `<CONFIG_PATH>/<domain>/uploads` via `UPLOAD_PATH=./{domain}/uploads`. Set a fixed path if you prefer a shared upload directory.
 
 When `DB_AUTO_RELOAD` is enabled the service watches `init-data.json` and refreshes templates and forms without a restart.
 
 ### Template assets and inline resources
 
-- Keep any non-inline files (images, attachments, etc.) under `config/<domain>/assets`. Mail Magic rewrites `asset('logo.png')` to the public route `/asset/<domain>/logo.png` (or whatever you set via `ASSET_ROUTE`).
+- Keep any non-inline files (images, attachments, etc.) under `<CONFIG_PATH>/<domain>/assets`. Mail Magic rewrites `asset('logo.png')` to the public route `/asset/<domain>/logo.png` (or whatever you set via `ASSET_ROUTE`).
 - Pass `true` as the second argument when you want to embed a file as an inline CID attachment: `asset('logo.png', true)` stores the file in Nodemailer and rewrites the HTML to reference `cid:logo.png`.
 - Avoid mixing template-type folders for assets; everything that should be linked externally belongs in the shared `<domain>/assets` tree so it can be served for both form and transactional templates.
 

package/TUTORIAL.MD

@@ -19,6 +19,7 @@ Update your `.env` (or runtime environment) to point at the new workspace:
 ```
 CONFIG_PATH=${CONFIG_ROOT}
 DB_AUTO_RELOAD=1  # optional: hot‑reload init-data and templates
+UPLOAD_PATH=./{domain}/uploads
 ```
 
 From now on the tutorial assumes `${CONFIG_ROOT}` is the root of the custom config tree.

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/mail-magic",
-	"version": "1.0.8",
+	"version": "1.0.9",
 	"main": "dist/index.js",
 	"type": "module",
 	"repository": {

package/src/api/forms.ts

@@ -172,6 +172,8 @@ export class FormAPI extends ApiModule<mailApiServer> {
 		*/
 
 		const rawFiles = Array.isArray(apireq.req.files) ? (apireq.req.files as UploadedFile[]) : [];
+		const domainRecord = await api_domain.findOne({ where: { domain_id: form.domain_id } });
+		await this.server.storage.relocateUploads(domainRecord?.name ?? null, rawFiles);
 		const attachments = rawFiles.map((file) => ({
 			filename: file.originalname,
 			path: file.path

package/src/api/mailer.ts

@@ -170,6 +170,7 @@ export class MailerAPI extends ApiModule<mailApiServer> {
 		}
 
 		const rawFiles = Array.isArray(apireq.req.files) ? (apireq.req.files as UploadedFile[]) : [];
+		await this.server.storage.relocateUploads(apireq.domain?.name ?? null, rawFiles);
 		const templateAssets = Array.isArray(template.files) ? template.files : [];
 		const attachments = [
 			...templateAssets.map((file) => ({

package/src/index.ts

@@ -21,7 +21,7 @@ function buildServerConfig(store: mailStore, overrides: MailMagicServerOptions):
 	return {
 		apiHost: env.API_HOST,
 		apiPort: env.API_PORT,
-		uploadPath: env.UPLOAD_PATH,
+		uploadPath: store.getUploadStagingPath(),
 		debug: env.DEBUG,
 		apiBasePath: '',
 		swaggerEnabled: env.SWAGGER_ENABLED,

package/src/store/envloader.ts

@@ -44,7 +44,7 @@ export const envOptions = defineEnvOptions({
 	},
 	CONFIG_PATH: {
 		description: 'Path to directory where config files are located',
-		default: './config/'
+		default: './data/'
 	},
 	DB_USER: {
 		description: 'Database username for API database'
@@ -103,7 +103,7 @@ export const envOptions = defineEnvOptions({
 		default: ''
 	},
 	UPLOAD_PATH: {
-		description: 'Path for attached files',
-		default: './uploads/'
+		description: 'Path for attached files. Use {domain} to scope per domain.',
+		default: './{domain}/uploads'
 	}
 });

package/src/store/store.ts

@@ -18,6 +18,12 @@ interface api_key {
 	domain: number;
 }
 
+type UploadedFile = {
+	path: string;
+	filename?: string;
+	destination?: string;
+};
+
 function create_mail_transport(env: envConfig<typeof envOptions>): Transporter {
 	const args: SMTPTransport.Options = {
 		host: env.SMTP_HOST,
@@ -52,6 +58,8 @@ export interface ImailStore {
 	keys: Record<string, api_key>;
 	configpath: string;
 	deflocale?: string;
+	uploadTemplate?: string;
+	uploadStagingPath?: string;
 }
 
 export class mailStore implements ImailStore {
@@ -61,6 +69,8 @@ export class mailStore implements ImailStore {
 	keys: Record<string, api_key> = {};
 	configpath = '';
 	deflocale?: string;
+	uploadTemplate?: string;
+	uploadStagingPath?: string;
 
 	print_debug(msg: string) {
 		if (this.env.DEBUG) {
@@ -72,6 +82,63 @@ export class mailStore implements ImailStore {
 		return path.resolve(path.join(this.configpath, name));
 	}
 
+	resolveUploadPath(domainName?: string): string {
+		const raw = this.env.UPLOAD_PATH ?? '';
+		const hasDomainToken = raw.includes('{domain}');
+		const expanded = hasDomainToken && domainName ? raw.replaceAll('{domain}', domainName) : raw;
+		if (!expanded) {
+			return '';
+		}
+		if (path.isAbsolute(expanded)) {
+			return expanded;
+		}
+		const base = hasDomainToken ? this.configpath : process.cwd();
+		return path.resolve(base, expanded);
+	}
+
+	getUploadStagingPath(): string {
+		if (!this.env.UPLOAD_PATH) {
+			return '';
+		}
+		if (this.uploadTemplate) {
+			return this.uploadStagingPath || path.resolve(this.configpath, '_uploads');
+		}
+		return this.resolveUploadPath();
+	}
+
+	async relocateUploads(domainName: string | null, files: UploadedFile[]): Promise<void> {
+		if (!this.uploadTemplate || !domainName || !files?.length) {
+			return;
+		}
+		const targetDir = this.resolveUploadPath(domainName);
+		if (!targetDir) {
+			return;
+		}
+		await fs.promises.mkdir(targetDir, { recursive: true });
+		await Promise.all(
+			files.map(async (file) => {
+				if (!file?.path) {
+					return;
+				}
+				const basename = path.basename(file.path);
+				const destination = path.join(targetDir, basename);
+				if (destination === file.path) {
+					return;
+				}
+				try {
+					await fs.promises.rename(file.path, destination);
+				} catch {
+					await fs.promises.copyFile(file.path, destination);
+					await fs.promises.unlink(file.path);
+				}
+				file.path = destination;
+				if (file.destination !== undefined) {
+					file.destination = targetDir;
+				}
+			})
+		);
+	}
+
 	private async load_api_keys(cfgpath: string): Promise<Record<string, api_key>> {
 		const keyfile = path.resolve(cfgpath, 'api-keys.json');
 		if (fs.existsSync(keyfile)) {
@@ -88,9 +155,19 @@ export class mailStore implements ImailStore {
 		const env = (this.env = await EnvLoader.createConfigProxy(envOptions, { debug: true }));
 		EnvLoader.genTemplate(envOptions, '.env-dist');
 		const p = env.CONFIG_PATH;
-		this.configpath = path.isAbsolute(p) ? p : path.join(process.cwd(), p);
+		this.configpath = path.isAbsolute(p) ? p : path.resolve(process.cwd(), p);
 		console.log(`Config path is ${this.configpath}`);
 
+		if (env.UPLOAD_PATH && env.UPLOAD_PATH.includes('{domain}')) {
+			this.uploadTemplate = env.UPLOAD_PATH;
+			this.uploadStagingPath = path.resolve(this.configpath, '_uploads');
+			try {
+				fs.mkdirSync(this.uploadStagingPath, { recursive: true });
+			} catch (err) {
+				this.print_debug(`Unable to create upload staging path: ${err}`);
+			}
+		}
+
 		// this.keys = await this.load_api_keys(this.configpath);
 
 		this.transport = await create_mail_transport(env);

package/tests/helpers/test-setup.ts

@@ -30,6 +30,7 @@ export type TestContext = {
 	tempDir: string;
 	configPath: string;
 	uploadFile: string;
+	uploadsPath: string;
 	domainName: string;
 	userToken: string;
 	apiUrl: string;
@@ -239,8 +240,7 @@ export async function createTestContext(): Promise<TestContext> {
 
 	const smtp = await startSmtpServer();
 
-	const uploadPath = path.join(tempDir, 'uploads');
-	fs.mkdirSync(uploadPath, { recursive: true });
+	const uploadsPath = path.join(configPath, domainName, 'uploads');
 
 	const uploadFile = path.join(tempDir, 'upload.txt');
 	fs.writeFileSync(uploadFile, 'upload-bytes');
@@ -279,7 +279,7 @@ export async function createTestContext(): Promise<TestContext> {
 	process.env.ASSET_ROUTE = '/asset';
 	process.env.API_HOST = '127.0.0.1';
 	process.env.API_PORT = '0';
-	process.env.UPLOAD_PATH = uploadPath;
+	process.env.UPLOAD_PATH = './{domain}/uploads';
 	process.env.SMTP_HOST = '127.0.0.1';
 	process.env.SMTP_PORT = String(smtp.port);
 	process.env.SMTP_SECURE = 'true';
@@ -308,6 +308,7 @@ export async function createTestContext(): Promise<TestContext> {
 		tempDir,
 		configPath,
 		uploadFile,
+		uploadsPath,
 		domainName,
 		userToken: 'test-token',
 		apiUrl,

package/tests/mail-magic.test.ts

@@ -1,3 +1,6 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
 import request from 'supertest';
 
 import { api_form } from '../src/models/form.js';
@@ -93,6 +96,8 @@ describe('mail-magic API', () => {
 	});
 
 	test('sends transactional mail with inline assets and attachments', async () => {
+		const uploadsDir = ctx.uploadsPath;
+		const beforeUploads = fs.existsSync(uploadsDir) ? fs.readdirSync(uploadsDir) : [];
 		const res = await api
 			.post('/api/v1/tx/message')
 			.set('Authorization', `Bearer apikey-${ctx.userToken}`)
@@ -116,6 +121,18 @@ describe('mail-magic API', () => {
 		expect(filenames).toContain('upload.txt');
 		const inline = message.attachments.find((att) => att.contentId?.includes('images/logo.png'));
 		expect(inline).toBeTruthy();
+
+		expect(fs.existsSync(uploadsDir)).toBe(true);
+		const afterUploads = fs.readdirSync(uploadsDir);
+		const newUploads = afterUploads.filter((name) => !beforeUploads.includes(name));
+		expect(newUploads.length).toBeGreaterThan(0);
+		const uploadedPath = path.join(uploadsDir, newUploads[0]);
+		expect(fs.readFileSync(uploadedPath, 'utf8')).toBe('upload-bytes');
+
+		const stagingDir = path.join(ctx.configPath, '_uploads');
+		if (fs.existsSync(stagingDir)) {
+			expect(fs.existsSync(path.join(stagingDir, newUploads[0]))).toBe(false);
+		}
 	});
 
 	test('rejects form submissions without the secret', async () => {