@xuda.io/account_module 1.2.1871 → 1.2.1873

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.mjs +56 -35
  2. package/package.json +1 -1
package/index.mjs CHANGED
@@ -1991,7 +1991,6 @@ const set_account_profile_picture = async function (uid, account_uid, metadata,
1991
1991
 
1992
1992
  await update_account_profile_picture_status(account_uid, 2);
1993
1993
  if (!account_info.profile_picture) {
1994
- debugger;
1995
1994
  const file_ret = await ai_module.get_profile_picture(uid, account_info.account_type, name, { email: account_info.email, metadata, account_info }, account_profile_info, job_id, headers);
1996
1995
 
1997
1996
  let { code: account_code, data: account_obj2 } = await db_module.get_couch_doc('xuda_accounts', account_uid);
@@ -3455,36 +3454,26 @@ function isLikelySpamEmail(email) {
3455
3454
 
3456
3455
  if (!localPart || !domain) return true;
3457
3456
 
3458
- // 1. Obvious syntax/format red flags (RFC 5321/5322 inspired)
3459
- if (
3460
- localPart.length > 64 ||
3461
- domain.length > 255 ||
3462
- localPart.startsWith('.') ||
3463
- localPart.endsWith('.') ||
3464
- localPart.includes('..') ||
3465
- domain.includes('..') ||
3466
- domain.startsWith('-') ||
3467
- domain.endsWith('-') ||
3468
- /[^\w.!#$%&'*+/=?^`{|}~-]/.test(localPart) // illegal chars
3469
- ) {
3457
+ // 1. Obvious syntax/format red flags (unchanged strict is good here)
3458
+ if (localPart.length > 64 || domain.length > 255 || localPart.startsWith('.') || localPart.endsWith('.') || localPart.includes('..') || domain.includes('..') || domain.startsWith('-') || domain.endsWith('-') || /[^\w.!#$%&'*+/=?^`{|}~-]/.test(localPart)) {
3470
3459
  return true;
3471
3460
  }
3472
3461
 
3473
- // 2. Common spam patterns in local part
3462
+ // 2. Common spam patterns (unchanged these are strong signals)
3474
3463
  const spamPatterns = [
3475
3464
  /\d{8,}/, // long consecutive digits
3476
- /[a-z]{20,}/, // very long random lowercase (raised threshold)
3465
+ /[a-z]{20,}/, // very long random lowercase
3477
3466
  /unsubscribe/i,
3478
3467
  /free|win|bonus|deal|promo/i,
3479
- /\+\d+$/, // + followed only by digits
3480
- /^[\d\W_]+$/, // only digits/symbols/underscores
3468
+ /\+\d+$/,
3469
+ /^[\d\W_]+$/,
3481
3470
  ];
3482
3471
 
3483
3472
  if (spamPatterns.some((p) => p.test(localPart))) {
3484
3473
  return true;
3485
3474
  }
3486
3475
 
3487
- // 3. Free / major disposable providers
3476
+ // 3. Free / major disposable providers — RELAXED
3488
3477
  const freeOrDisposableDomains = new Set([
3489
3478
  'gmail.com',
3490
3479
  'yahoo.com',
@@ -3513,44 +3502,76 @@ function isLikelySpamEmail(email) {
3513
3502
  'mailinator.com',
3514
3503
  'yopmail.com',
3515
3504
  'sharklasers.com',
3516
- // For real disposables: load dynamically from https://raw.githubusercontent.com/disposable/disposable/master/domains.txt
3517
- // or https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/main/disposable_email_blocklist.conf
3518
- // Example: fetch once on startup and build a larger Set
3505
+ // Consider dynamic loading for real disposables (see comment above)
3519
3506
  ]);
3520
3507
 
3521
3508
  if (freeOrDisposableDomains.has(domain)) {
3522
- const cleanLocal = localPart.split('+')[0]; // ignore +tag completely
3509
+ const cleanLocal = localPart.split('+')[0].toLowerCase(); // ignore +tag
3510
+
3511
+ // Expanded serious/role keywords
3512
+ const roleKeywords = ['info', 'support', 'sales', 'contact', 'hello', 'team', 'admin', 'office', 'billing', 'help', 'service', 'orders', 'bookings', 'quotes', 'enquiries', 'noreply', 'no-reply'];
3513
+
3514
+ // New: business/service descriptive keywords (very common for small trades on Gmail)
3515
+ const businessKeywords = [
3516
+ 'locksmith',
3517
+ 'doors',
3518
+ 'garage',
3519
+ 'repair',
3520
+ 'pro',
3521
+ 'expert',
3522
+ '247',
3523
+ '24hr',
3524
+ 'emergency',
3525
+ 'mobile',
3526
+ 'auto',
3527
+ 'key',
3528
+ 'security',
3529
+ 'home',
3530
+ 'commercial',
3531
+ 'residential',
3532
+ 'plumbing',
3533
+ 'electric',
3534
+ 'hvac',
3535
+ 'cleaning',
3536
+ 'pest',
3537
+ 'movers',
3538
+ 'towing',
3539
+ 'tutor',
3540
+ // Add more relevant to your audience/use-case
3541
+ ];
3523
3542
 
3524
- const seriousPrefixes = ['info', 'support', 'sales', 'contact', 'hello', 'team', 'admin', 'office', 'billing', 'help', 'service', 'orders', 'bookings', 'quotes', 'enquiries', 'noreply', 'no-reply', 'business', 'shop', 'store'];
3543
+ const allKeywords = [...roleKeywords, ...businessKeywords];
3525
3544
 
3526
- // Better detection: any segment contains a serious keyword
3545
+ // Check if any segment contains a keyword
3527
3546
  const parts = cleanLocal.split(/[\.-]/);
3528
- const looksLikeRoleOrBrand = seriousPrefixes.some((p) => parts.some((part) => part.includes(p)));
3547
+ const looksTrusted = allKeywords.some((kw) => parts.some((part) => part.includes(kw)) || cleanLocal.includes(kw));
3529
3548
 
3530
- if (looksLikeRoleOrBrand) {
3531
- return false; // trusted-looking on free provider
3549
+ if (looksTrusted) {
3550
+ return false; // early pass for role or descriptive business names
3532
3551
  }
3533
3552
 
3534
- // Extra scrutiny if not role-like
3535
- if (cleanLocal.length > 24 || /\d{6,}/.test(cleanLocal)) {
3553
+ // Relaxed extra scrutiny
3554
+ if (cleanLocal.length > 32 || /\d{8,}/.test(cleanLocal)) {
3555
+ // ← raised thresholds
3536
3556
  return true;
3537
3557
  }
3538
3558
 
3539
- return false; // default: allow typical personal use on Gmail etc.
3559
+ return false; // default: allow most personal / semi-descriptive Gmail use
3540
3560
  }
3541
3561
 
3542
- // 4. Very short / meaningless / bot-like local parts
3543
- if (localPart.length < 2 || /^[a-z\d]{1,5}$/.test(localPart)) {
3544
- return true; // e.g. a1@, xyz12@, but allow real short like "tim@"
3562
+ // 4. Very short / meaningless / bot-like SLIGHTLY relaxed
3563
+ if (localPart.length < 2 || /^[a-z\d]{1,6}$/.test(localPart)) {
3564
+ // up to 6 chars
3565
+ return true;
3545
3566
  }
3546
3567
 
3547
- // 5. Suspicious new/low-trust TLDs (still relevant in 2026)
3568
+ // 5. Suspicious TLDs (unchanged still useful)
3548
3569
  const suspiciousTlds = ['.top', '.xyz', '.club', '.online', '.site', '.fun', '.buzz', '.shop', '.store', '.live', '.digital', '.monster'];
3549
3570
  if (suspiciousTlds.some((tld) => domain.endsWith(tld))) {
3550
3571
  return true;
3551
3572
  }
3552
3573
 
3553
- // Extra: very long local parts are rare for humans
3574
+ // Extra: very long local parts (unchanged)
3554
3575
  if (localPart.length > 40) {
3555
3576
  return true;
3556
3577
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xuda.io/account_module",
3
- "version": "1.2.1871",
3
+ "version": "1.2.1873",
4
4
  "description": "Xuda Account Server Module",
5
5
  "main": "index.mjs",
6
6
  "dependencies": {