@upyo/smtp 0.2.2-dev.42 → 0.2.2

package/README.md

@@ -30,12 +30,7 @@ Features
  -  Comprehensive testing utilities
  -  TypeScript support
  -  Cross-runtime compatibility (Node.js, Bun, Deno)
-
-
-TODO
-----
-
-- [ ] STARTTLS support (currently only supports direct TLS)
+ -  STARTTLS support for secure connection upgrade
 
 
 Installation

package/dist/index.cjs

@@ -186,6 +186,49 @@ var SmtpConnection = class {
 		if (response.code !== 250) throw new Error(`EHLO failed: ${response.message}`);
 		this.capabilities = response.raw.split("\r\n").filter((line) => line.startsWith("250-") || line.startsWith("250 ")).map((line) => line.substring(4)).filter((line) => line.length > 0);
 	}
+	async starttls(signal) {
+		if (!this.socket) throw new Error("Not connected");
+		if (this.socket instanceof node_tls.TLSSocket) throw new Error("Connection is already using TLS");
+		signal?.throwIfAborted();
+		const response = await this.sendCommand("STARTTLS", signal);
+		if (response.code !== 220) throw new Error(`STARTTLS failed: ${response.message}`);
+		signal?.throwIfAborted();
+		return new Promise((resolve, reject) => {
+			const timeout = setTimeout(() => {
+				this.socket?.destroy();
+				reject(/* @__PURE__ */ new Error("STARTTLS upgrade timeout"));
+			}, this.config.connectionTimeout);
+			const plainSocket = this.socket;
+			const tlsSocket = (0, node_tls.connect)({
+				socket: plainSocket,
+				host: this.config.host,
+				rejectUnauthorized: this.config.tls?.rejectUnauthorized ?? true,
+				ca: this.config.tls?.ca,
+				key: this.config.tls?.key,
+				cert: this.config.tls?.cert,
+				minVersion: this.config.tls?.minVersion,
+				maxVersion: this.config.tls?.maxVersion
+			});
+			const onSecureConnect = () => {
+				clearTimeout(timeout);
+				this.socket = tlsSocket;
+				this.socket.setTimeout(this.config.socketTimeout);
+				resolve();
+			};
+			const onError = (error) => {
+				clearTimeout(timeout);
+				tlsSocket.destroy();
+				reject(error);
+			};
+			tlsSocket.once("secureConnect", onSecureConnect);
+			tlsSocket.once("error", onError);
+			tlsSocket.once("timeout", () => {
+				clearTimeout(timeout);
+				tlsSocket.destroy();
+				reject(/* @__PURE__ */ new Error("TLS upgrade timeout"));
+			});
+		});
+	}
 	async authenticate(signal) {
 		if (!this.config.auth) return;
 		if (this.authenticated) return;
@@ -627,6 +670,12 @@ var SmtpTransport = class {
 		signal?.throwIfAborted();
 		await connection.ehlo(signal);
 		signal?.throwIfAborted();
+		if (!this.config.secure && connection.capabilities.some((cap) => cap.toUpperCase().startsWith("STARTTLS"))) {
+			await connection.starttls(signal);
+			signal?.throwIfAborted();
+			await connection.ehlo(signal);
+			signal?.throwIfAborted();
+		}
 		await connection.authenticate(signal);
 	}
 	async returnConnection(connection) {

package/dist/index.js

@@ -1,5 +1,5 @@
 import { Socket } from "node:net";
-import { connect } from "node:tls";
+import { TLSSocket, connect } from "node:tls";
 import { Buffer } from "node:buffer";
 
 //#region src/config.ts
@@ -163,6 +163,49 @@ var SmtpConnection = class {
 		if (response.code !== 250) throw new Error(`EHLO failed: ${response.message}`);
 		this.capabilities = response.raw.split("\r\n").filter((line) => line.startsWith("250-") || line.startsWith("250 ")).map((line) => line.substring(4)).filter((line) => line.length > 0);
 	}
+	async starttls(signal) {
+		if (!this.socket) throw new Error("Not connected");
+		if (this.socket instanceof TLSSocket) throw new Error("Connection is already using TLS");
+		signal?.throwIfAborted();
+		const response = await this.sendCommand("STARTTLS", signal);
+		if (response.code !== 220) throw new Error(`STARTTLS failed: ${response.message}`);
+		signal?.throwIfAborted();
+		return new Promise((resolve, reject) => {
+			const timeout = setTimeout(() => {
+				this.socket?.destroy();
+				reject(/* @__PURE__ */ new Error("STARTTLS upgrade timeout"));
+			}, this.config.connectionTimeout);
+			const plainSocket = this.socket;
+			const tlsSocket = connect({
+				socket: plainSocket,
+				host: this.config.host,
+				rejectUnauthorized: this.config.tls?.rejectUnauthorized ?? true,
+				ca: this.config.tls?.ca,
+				key: this.config.tls?.key,
+				cert: this.config.tls?.cert,
+				minVersion: this.config.tls?.minVersion,
+				maxVersion: this.config.tls?.maxVersion
+			});
+			const onSecureConnect = () => {
+				clearTimeout(timeout);
+				this.socket = tlsSocket;
+				this.socket.setTimeout(this.config.socketTimeout);
+				resolve();
+			};
+			const onError = (error) => {
+				clearTimeout(timeout);
+				tlsSocket.destroy();
+				reject(error);
+			};
+			tlsSocket.once("secureConnect", onSecureConnect);
+			tlsSocket.once("error", onError);
+			tlsSocket.once("timeout", () => {
+				clearTimeout(timeout);
+				tlsSocket.destroy();
+				reject(/* @__PURE__ */ new Error("TLS upgrade timeout"));
+			});
+		});
+	}
 	async authenticate(signal) {
 		if (!this.config.auth) return;
 		if (this.authenticated) return;
@@ -604,6 +647,12 @@ var SmtpTransport = class {
 		signal?.throwIfAborted();
 		await connection.ehlo(signal);
 		signal?.throwIfAborted();
+		if (!this.config.secure && connection.capabilities.some((cap) => cap.toUpperCase().startsWith("STARTTLS"))) {
+			await connection.starttls(signal);
+			signal?.throwIfAborted();
+			await connection.ehlo(signal);
+			signal?.throwIfAborted();
+		}
 		await connection.authenticate(signal);
 	}
 	async returnConnection(connection) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@upyo/smtp",
-  "version": "0.2.2-dev.42+d516cdc2",
+  "version": "0.2.2",
   "description": "SMTP transport for Upyo email library",
   "keywords": [
     "email",
@@ -53,7 +53,7 @@
   },
   "sideEffects": false,
   "peerDependencies": {
-    "@upyo/core": "0.2.2-dev.42+d516cdc2"
+    "@upyo/core": "0.2.2"
   },
   "devDependencies": {
     "@dotenvx/dotenvx": "^1.47.3",