emailengine-app 2.61.4 → 2.62.0

package/CHANGELOG.md

@@ -1,5 +1,92 @@
 # Changelog
 
+## [2.62.0](https://github.com/postalsys/emailengine/compare/v2.61.5...v2.62.0) (2026-02-06)
+
+
+### Features
+
+* add AES-256-GCM encryption at rest for export files ([4f67269](https://github.com/postalsys/emailengine/commit/4f6726915bd40087c0f447a7f2cb36943e8a849a))
+* add configurable batch sizes for Gmail/Outlook exports ([a4d178c](https://github.com/postalsys/emailengine/commit/a4d178ceee195825d7f05a263897a873c361b296))
+* add export beta notice and status indicator in UI ([271bd18](https://github.com/postalsys/emailengine/commit/271bd1899241903c50f582827e0f08306c79cb1d))
+* add export reliability improvements and resume capability ([9f78644](https://github.com/postalsys/emailengine/commit/9f78644cc1801bf64725bbde47c0910aab69769b))
+* add export UI to admin account page ([cf3ce49](https://github.com/postalsys/emailengine/commit/cf3ce4979b6a4547081c2bea534a7327ebe73009))
+* add global concurrent export limit and performance optimizations ([20a1272](https://github.com/postalsys/emailengine/commit/20a1272ca20ee9961c5163a0c5d8c5452cb6b556))
+* add include attachments option to export UI ([2b8d2c6](https://github.com/postalsys/emailengine/commit/2b8d2c6cd60eb72556a1f1a4db03abf0cdc14e6f))
+* add parallel message fetching for Gmail/Outlook export ([12de963](https://github.com/postalsys/emailengine/commit/12de963abe8f6922a8840e8291e57a5dcf03e584))
+* display export expiration date in UI ([5e1e633](https://github.com/postalsys/emailengine/commit/5e1e6334e13b3b1ff012bfd76b933548c6cb6d83))
+* expose outlookSubscription in account info API ([0d97b51](https://github.com/postalsys/emailengine/commit/0d97b51bd60458ad7a8cdd9170aa50605fd1c127))
+
+
+### Bug Fixes
+
+* accept base64-encoded nonces for backward compatibility ([2c46822](https://github.com/postalsys/emailengine/commit/2c46822a46ce1b2dc632f9a20f5831eabad3b623))
+* add BullMQ stalled job configuration to prevent queue hangs ([23a74c3](https://github.com/postalsys/emailengine/commit/23a74c359e131baafd12dcf08d213eac0d96840f))
+* add labels to remaining Joi schemas for stable OpenAPI names ([4e7e064](https://github.com/postalsys/emailengine/commit/4e7e064063f9e882ec94ada9d0dd1aad6567c675))
+* add null guards to prevent unhandled exceptions ([9f48f64](https://github.com/postalsys/emailengine/commit/9f48f64b4ded00afa819d06d85be469ef4ea3ab6))
+* address 14 bugs found since v2.61.5 ([839ce55](https://github.com/postalsys/emailengine/commit/839ce55502d28a23f86868012a51bd0077b31f65))
+* address 5 release blockers for export and account APIs ([762c201](https://github.com/postalsys/emailengine/commit/762c20112e9b4de705f037659702eca18b750092))
+* address 6 critical/high bugs and make export limits opt-in ([eb14c69](https://github.com/postalsys/emailengine/commit/eb14c69db2fad7c6fe8fd140de24c41f26922f48))
+* address critical, high, and medium export feature issues ([576345a](https://github.com/postalsys/emailengine/commit/576345ad82d30193a13eea1ea130bf711cfae483))
+* address must-fix and should-fix issues for release ([6def6ef](https://github.com/postalsys/emailengine/commit/6def6efc809e204fc39bd1bf6181a477fae0481f))
+* address verified warnings from release review ([bb08f54](https://github.com/postalsys/emailengine/commit/bb08f54c2aba248e4204b704a6730c8bdf1eeb0e))
+* downgrade transient connection/timeout error logs to warn level ([9064529](https://github.com/postalsys/emailengine/commit/9064529a0d21cd6198386c73d9abca3447f6dc31))
+* downgrade transient PubSub poll errors from error to warn ([d9f2e2f](https://github.com/postalsys/emailengine/commit/d9f2e2f6300b7e99a9ae57c6466fe147614bb891))
+* enrich OAuth token error messages for BullMQ job visibility ([29da53f](https://github.com/postalsys/emailengine/commit/29da53ff38c12e59b54468f5be3579c758a651c0))
+* force Swagger UI to light mode only ([4c26d12](https://github.com/postalsys/emailengine/commit/4c26d12437feaacd26da88a6fb3e85a7ca2ee238))
+* guard against null job in export worker BullMQ failed handler ([4cb1532](https://github.com/postalsys/emailengine/commit/4cb15324b913b7a8fbcbf4f5714c26e3c06226b3))
+* handle missing attachments in ARF detection ([fe08f6a](https://github.com/postalsys/emailengine/commit/fe08f6a8c3120a01e04860c5770f78e925678797))
+* handle missing attachments in Outlook message conversion ([46cf25a](https://github.com/postalsys/emailengine/commit/46cf25adefa9ca615f05381e257ee13a6c3e49b9))
+* handle non-iterable messageInfo.attachments in mailbox sync ([3187571](https://github.com/postalsys/emailengine/commit/31875714e0ceb8e8711c910f6c561e1b1fe81a50))
+* handle notificationBaseUrl without trailing slash in prepareUrl ([1048818](https://github.com/postalsys/emailengine/commit/1048818fe1b1a193a8d5f1b99a37285b54bd9317))
+* handle uncaught EPIPE in ResponseStream for SSE endpoints ([ca7af4a](https://github.com/postalsys/emailengine/commit/ca7af4ad7a4fa6ccc02dcaee79f06d33bd38e8b8))
+* harden OAuth token request body serialization and error handling ([296c4e9](https://github.com/postalsys/emailengine/commit/296c4e99fd00928fa0682f2c735c2d81c1a74bcf))
+* improve BullMQ efficiency with jitter, retention, and cleanup ([fb48fd8](https://github.com/postalsys/emailengine/commit/fb48fd84065fe44a4bf5054ced45f4bffc9c8153))
+* improve packUid robustness with fallback and validation ([4b4253e](https://github.com/postalsys/emailengine/commit/4b4253e3fd025070b42c3d012071dd6376191692))
+* improve submit resilience during worker restarts and add batch endpoint ([f559c38](https://github.com/postalsys/emailengine/commit/f559c3818bb727b137f5a2b8b32b0efee48a093d))
+* leverage Nodemailer error codes for better retry logic and UI messages ([0f3068a](https://github.com/postalsys/emailengine/commit/0f3068abc4b63d87a9f93ba927f8be07a5737f0c))
+* preserve threadId for large Gmail threaded replies via multipart upload ([b04c2ca](https://github.com/postalsys/emailengine/commit/b04c2cac6bc7a6dfe347a800b57ed0bd1a21291a))
+* prevent ArrayBuffer detachment and IMAP null reference errors ([3b97372](https://github.com/postalsys/emailengine/commit/3b9737234b6f71ae9c1adbf4018134cc6bb4a070))
+* prevent concurrent export race condition with atomic Redis operation ([dbc14f6](https://github.com/postalsys/emailengine/commit/dbc14f683ef8509003699a12ff60ec26001522fa))
+* prevent sync state corruption from invalid uidNext values ([533f026](https://github.com/postalsys/emailengine/commit/533f026933fbbefb8b6998e412dc8cf3693c2b9b))
+* prevent sync state corruption from invalid uidValidity values ([976fdb7](https://github.com/postalsys/emailengine/commit/976fdb7a1a74127c6c738b331f2c5aa8b7daddb4))
+* prevent UTF-8 data corruption in OAuth request Buffer handling ([14361fd](https://github.com/postalsys/emailengine/commit/14361fdc4c7c04ad2ca5934eb4d418abf1c66289))
+* reject invalid nonce format instead of silently regenerating ([422ea5c](https://github.com/postalsys/emailengine/commit/422ea5c3dc56f4cf1679a1783d4c108d1486f455))
+* remove BullMQ job when marking interrupted exports as failed ([ad587a7](https://github.com/postalsys/emailengine/commit/ad587a7e0e536f2cb1647f420daa338e24d24233))
+* replace blocking scryptSync with async scrypt in DecryptStream ([c9c6ede](https://github.com/postalsys/emailengine/commit/c9c6edefb11bf7908e5fd64118ff4211f5f6bd4e))
+* resolve 11 bugs in export functionality ([f5d2621](https://github.com/postalsys/emailengine/commit/f5d2621bbaa2cf3b1dab06c67a7e2d5bf29075ed))
+* resolve Gmail label IDs to human-readable names ([02c306f](https://github.com/postalsys/emailengine/commit/02c306f10f29d8941f242f9283684621fefcd5c3))
+* resolve OpenAPI spec validation errors for token restrictions ([a9cffe1](https://github.com/postalsys/emailengine/commit/a9cffe150843fb7f8b4f7f5d01afc69ef451bac2))
+* restore retry for empty Buffer payloads and fix large threaded Gmail replies ([107c164](https://github.com/postalsys/emailengine/commit/107c16475a2278a9428903d7280f481cf62a64ec))
+* return WorkerNotAvailable immediately and remove batch submit endpoint ([aed5c45](https://github.com/postalsys/emailengine/commit/aed5c45aeec37a42b6c7113a3e45cb7153ae67bb))
+* revert jQuery to 3.7.1 and harden export resilience ([43f2a74](https://github.com/postalsys/emailengine/commit/43f2a74587fc8915dbb6dce6497f60a8159f6140))
+* send Buffer for Outlook sendMail base64 payload to avoid JSON quoting ([e89a924](https://github.com/postalsys/emailengine/commit/e89a924343bf8ba3ea1fd7e75bc09aa53c2177b2))
+* share Lock instance across Account objects to prevent Redis connection leak ([56f421b](https://github.com/postalsys/emailengine/commit/56f421b866a12187937cfa935764878f14f0ab1b))
+* stabilize Swagger model names for SDK generation ([8078830](https://github.com/postalsys/emailengine/commit/80788305f23eee9d021b4c72dce21961493ca093))
+* tighten export route validation and apply default export limits ([f45d83f](https://github.com/postalsys/emailengine/commit/f45d83f1d27ab05984f1a0213174025f5f79d71e))
+* update test expectations for email-text-tools 2.3.5+ behavior ([1e28abf](https://github.com/postalsys/emailengine/commit/1e28abf77282ac4c550f9834f61064ae8fde7de9))
+* update test expectations for email-text-tools 2.4.x ([6333fa3](https://github.com/postalsys/emailengine/commit/6333fa3308b1b822a5c364ad5cb25c1c211edeca))
+* use consistent index source in batch submit success and failure paths ([3a73704](https://github.com/postalsys/emailengine/commit/3a737047c1f1e4fda6bd7c4b6822ca31ebe27fd2))
+* validate nonce format before using data.n from cached URLs ([d825303](https://github.com/postalsys/emailengine/commit/d82530395e93e88f5841156a53fe41d476eec9da))
+
+
+### Performance Improvements
+
+* use MS Graph batch API for Outlook message export ([f031f77](https://github.com/postalsys/emailengine/commit/f031f770278a14aeb2fd5a589e31bb5621b0c410))
+
+
+### Reverts
+
+* remove Swagger UI light mode forcing ([9c9bd25](https://github.com/postalsys/emailengine/commit/9c9bd25e4488828e3112e671df12d1c551957dac))
+
+## [2.61.5](https://github.com/postalsys/emailengine/compare/v2.61.4...v2.61.5) (2026-01-15)
+
+
+### Bug Fixes
+
+* use base64url encoding for OAuth state nonce in /v1/authentication/form ([1f2cecf](https://github.com/postalsys/emailengine/commit/1f2cecf9efbee8a12c3a0d27c9879bfbbf7dfa39))
+* use base64url encoding for OAuth state nonce in /v1/authentication/form ([dead38c](https://github.com/postalsys/emailengine/commit/dead38c348f1c0204f2bfba09997090cb86c348b))
+* use base64url encoding for OAuth state nonce in remaining locations ([961b710](https://github.com/postalsys/emailengine/commit/961b710357d836782c9bbce329178aa96e08ee20))
+
 ## [2.61.4](https://github.com/postalsys/emailengine/compare/v2.61.3...v2.61.4) (2026-01-14)
 
 

package/data/google-crawlers.json

@@ -1,5 +1,5 @@
 {
-    "creationTime": "2026-01-13T15:46:00.000000",
+    "creationTime": "2026-02-04T15:46:47.000000",
     "prefixes": [
         {
             "ipv6Prefix": "2001:4860:4801:2008::/64"

package/lib/account.js

@@ -23,12 +23,20 @@ const settings = require('./settings');
 const redisScanDelete = require('./redis-scan-delete');
 const { customAlphabet } = require('nanoid');
 const Lock = require('ioredfour');
+const { redis } = require('./db');
 const nanoid = customAlphabet('0123456789abcdefghijklmnopqrstuvwxyz', 16);
 const { REDIS_PREFIX, ACCOUNT_DELETED_NOTIFY, MAILBOX_HASH } = require('./consts');
 const { mimeHtml } = require('@postalsys/email-text-tools');
 const { checkAccountScopes: checkScopes } = require('./oauth/scope-checker');
 const { ACCOUNT_STATES, calculateEffectiveState, validateAccountState, getDisplayState, formatLastError } = require('./account/account-state');
 
+// Shared Lock instance to prevent Redis connection leak (one subscriber per Lock instance)
+// Previously, each Account created its own Lock, causing ~30k connections with 30k accounts
+const defaultLock = new Lock({
+    redis,
+    namespace: 'ee'
+});
+
 class Account {
     constructor(options) {
         this.redis = options.redis;
@@ -48,13 +56,7 @@ class Account {
     }
 
     getLock() {
-        if (!this.lock) {
-            this.lock = new Lock({
-                redis: this.redis,
-                namespace: 'ee'
-            });
-        }
-        return this.lock;
+        return this.lock || defaultLock;
     }
 
     /**
@@ -1602,6 +1604,17 @@ class Account {
         return messageData;
     }
 
+    async getMessages(messageIds, options) {
+        await this.loadAccountData(this.account, true);
+        return await this.call({
+            cmd: 'getMessages',
+            account: this.account,
+            messageIds,
+            options,
+            timeout: this.timeout
+        });
+    }
+
     async listMessages(query) {
         if (query.documentStore && (await settings.get('documentStoreEnabled'))) {
             await this.loadAccountData(this.account, false);

package/lib/api-routes/account-routes.js

@@ -368,7 +368,7 @@ async function init(args) {
             response: {
                 schema: Joi.object({
                     account: accountIdSchema.required()
-                }),
+                }).label('UpdateAccountResponse'),
                 failAction: 'log'
             }
         }
@@ -568,7 +568,7 @@ async function init(args) {
                 schema: Joi.object({
                     account: accountIdSchema.required(),
                     deleted: Joi.boolean().truthy('Y', 'true', '1').falsy('N', 'false', 0).default(true).description('Was the account deleted')
-                }).label('DeleteRequestResponse'),
+                }).label('DeleteAccountResponse'),
                 failAction: 'log'
             }
         }
@@ -732,7 +732,8 @@ async function init(args) {
                                     .required()
                                     .valid('init', 'syncing', 'connecting', 'connected', 'authenticationError', 'connectError', 'unset', 'disconnected')
                                     .example('connected')
-                                    .description('Account state'),
+                                    .description('Account state')
+                                    .label('AccountListState'),
                                 webhooks: Joi.string()
                                     .uri({
                                         scheme: ['http', 'https'],
@@ -816,13 +817,24 @@ async function init(args) {
                     'connections',
                     'webhooksCustomHeaders',
                     'locale',
-                    'tz'
+                    'tz',
+                    'outlookSubscription'
                 ]) {
                     if (key in accountData) {
                         result[key] = accountData[key];
                     }
                 }
 
+                if (result.outlookSubscription) {
+                    try {
+                        let parsed = typeof result.outlookSubscription === 'string' ? JSON.parse(result.outlookSubscription) : result.outlookSubscription;
+                        delete parsed.clientState;
+                        result.outlookSubscription = parsed;
+                    } catch (err) {
+                        result.outlookSubscription = {};
+                    }
+                }
+
                 // default false
                 for (let key of ['logs']) {
                     result[key] = !!result[key];
@@ -995,7 +1007,8 @@ async function init(args) {
                         .trim()
                         .valid(...['imap', 'api', 'pubsub'])
                         .example('imap')
-                        .description('OAuth2 Base Scopes'),
+                        .description('OAuth2 Base Scopes')
+                        .label('AccountBaseScopes'),
 
                     counters: accountCountersSchema,
 
@@ -1012,6 +1025,16 @@ async function init(args) {
 
                     syncTime: Joi.date().iso().example('2021-02-17T13:43:18.860Z').description('Last sync time'),
 
+                    outlookSubscription: Joi.object({
+                        id: Joi.string().description('Microsoft Graph subscription ID'),
+                        expirationDateTime: Joi.date().iso().description('When the subscription expires'),
+                        state: Joi.object({
+                            state: Joi.string().valid('creating', 'created', 'error').description('Subscription state'),
+                            time: Joi.number().description('Timestamp of last state change'),
+                            error: Joi.string().description('Error message if state is error')
+                        }).description('Current subscription state')
+                    }).description('Microsoft Graph subscription details (Outlook accounts only)'),
+
                     lastError: lastErrorSchema.allow(null)
                 }).label('AccountResponse'),
                 failAction: 'log'

package/lib/api-routes/chat-routes.js

@@ -510,7 +510,7 @@ async function init(args) {
                         .description('Chat message to use')
                         .label('ChatMessage')
                         .required()
-                })
+                }).label('ChatTestPayload')
             }
         }
     });

package/lib/api-routes/export-routes.js

@@ -0,0 +1,316 @@
+'use strict';
+
+const fs = require('fs');
+const { Export } = require('../export');
+const Boom = require('@hapi/boom');
+const Joi = require('joi');
+const { failAction } = require('../tools');
+const { accountIdSchema, exportRequestSchema, exportStatusSchema, exportListSchema, exportIdSchema } = require('../schemas');
+const getSecret = require('../get-secret');
+const { createDecryptStream } = require('../stream-encrypt');
+
+function handleError(request, err) {
+    request.logger.error({ msg: 'API request failed', err });
+    if (Boom.isBoom(err)) {
+        throw err;
+    }
+    const error = Boom.boomify(err, { statusCode: err.statusCode || 500 });
+    if (err.code) {
+        error.output.payload.code = err.code;
+    }
+    throw error;
+}
+
+async function init(args) {
+    const { server, CORS_CONFIG } = args;
+
+    server.route({
+        method: 'POST',
+        path: '/v1/account/{account}/export',
+
+        async handler(request) {
+            try {
+                return await Export.create(request.params.account, {
+                    folders: request.payload.folders,
+                    startDate: request.payload.startDate,
+                    endDate: request.payload.endDate,
+                    textType: request.payload.textType,
+                    maxBytes: request.payload.maxBytes,
+                    includeAttachments: request.payload.includeAttachments
+                });
+            } catch (err) {
+                handleError(request, err);
+            }
+        },
+
+        options: {
+            description: 'Create export',
+            notes: 'Creates a new bulk message export job. The export runs asynchronously and notifies via webhook when complete.',
+            tags: ['api', 'Export (Beta)'],
+
+            auth: {
+                strategy: 'api-token',
+                mode: 'required'
+            },
+            cors: CORS_CONFIG,
+
+            validate: {
+                options: {
+                    stripUnknown: false,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+
+                params: Joi.object({
+                    account: accountIdSchema.required()
+                }).label('CreateExportParams'),
+
+                payload: exportRequestSchema
+            },
+
+            response: {
+                schema: Joi.object({
+                    exportId: Joi.string().example('exp_abc123def456abc123def456').description('Export job identifier'),
+                    status: Joi.string().example('queued').description('Export status'),
+                    created: Joi.date().iso().example('2024-01-15T10:30:00Z').description('When export was created')
+                }).label('CreateExportResponse'),
+                failAction: 'log'
+            }
+        }
+    });
+
+    server.route({
+        method: 'GET',
+        path: '/v1/account/{account}/export/{exportId}',
+
+        async handler(request) {
+            try {
+                const result = await Export.get(request.params.account, request.params.exportId);
+                if (!result) {
+                    throw Boom.notFound('Export not found');
+                }
+                return result;
+            } catch (err) {
+                handleError(request, err);
+            }
+        },
+
+        options: {
+            description: 'Get export status',
+            notes: 'Returns the status and progress of an export job.',
+            tags: ['api', 'Export (Beta)'],
+
+            auth: {
+                strategy: 'api-token',
+                mode: 'required'
+            },
+            cors: CORS_CONFIG,
+
+            validate: {
+                options: {
+                    stripUnknown: false,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+
+                params: Joi.object({
+                    account: accountIdSchema.required(),
+                    exportId: exportIdSchema
+                }).label('GetExportParams')
+            },
+
+            response: {
+                schema: exportStatusSchema,
+                failAction: 'log'
+            }
+        }
+    });
+
+    server.route({
+        method: 'GET',
+        path: '/v1/account/{account}/export/{exportId}/download',
+
+        async handler(request, h) {
+            try {
+                const { account, exportId } = request.params;
+                const fileInfo = await Export.getFile(account, exportId);
+                if (!fileInfo) {
+                    throw Boom.notFound('Export not found');
+                }
+
+                const fileReadStream = fs.createReadStream(fileInfo.filePath);
+                let stream = fileReadStream;
+
+                stream.on('error', err => {
+                    request.logger.error({ msg: 'Export download stream error', exportId, err });
+                });
+
+                if (fileInfo.isEncrypted) {
+                    const secret = await getSecret();
+                    if (!secret) {
+                        fileReadStream.destroy();
+                        throw Boom.serverUnavailable('Encryption secret not available for decryption');
+                    }
+                    const decryptStream = await createDecryptStream(secret);
+                    decryptStream.on('error', err => {
+                        request.logger.error({ msg: 'Export decryption error', exportId, err });
+                        fileReadStream.destroy();
+                    });
+                    stream = fileReadStream.pipe(decryptStream);
+                }
+
+                return h
+                    .response(stream)
+                    .type('application/gzip')
+                    .header('Content-Disposition', `attachment; filename="${fileInfo.filename}"`)
+                    .header('Content-Encoding', 'identity');
+            } catch (err) {
+                handleError(request, err);
+            }
+        },
+
+        options: {
+            description: 'Download export file',
+            notes: 'Downloads the completed export file as gzip-compressed NDJSON.',
+            tags: ['api', 'Export (Beta)'],
+
+            plugins: {
+                'hapi-swagger': {
+                    produces: ['application/gzip']
+                }
+            },
+
+            auth: {
+                strategy: 'api-token',
+                mode: 'required'
+            },
+            cors: CORS_CONFIG,
+
+            validate: {
+                options: {
+                    stripUnknown: false,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+
+                params: Joi.object({
+                    account: accountIdSchema.required(),
+                    exportId: exportIdSchema
+                }).label('DownloadExportParams')
+            }
+        }
+    });
+
+    server.route({
+        method: 'DELETE',
+        path: '/v1/account/{account}/export/{exportId}',
+
+        async handler(request) {
+            try {
+                const deleted = await Export.delete(request.params.account, request.params.exportId);
+                if (!deleted) {
+                    throw Boom.notFound('Export not found');
+                }
+                return { deleted: true };
+            } catch (err) {
+                handleError(request, err);
+            }
+        },
+
+        options: {
+            description: 'Delete export',
+            notes: 'Cancels a pending export or deletes a completed export. Removes both Redis data and the export file.',
+            tags: ['api', 'Export (Beta)'],
+
+            auth: {
+                strategy: 'api-token',
+                mode: 'required'
+            },
+            cors: CORS_CONFIG,
+
+            validate: {
+                options: {
+                    stripUnknown: false,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+
+                params: Joi.object({
+                    account: accountIdSchema.required(),
+                    exportId: exportIdSchema
+                }).label('DeleteExportParams')
+            },
+
+            response: {
+                schema: Joi.object({
+                    deleted: Joi.boolean().example(true).description('True if export was deleted')
+                }).label('DeleteExportResponse'),
+                failAction: 'log'
+            }
+        }
+    });
+
+    server.route({
+        method: 'GET',
+        path: '/v1/account/{account}/exports',
+
+        async handler(request) {
+            try {
+                return await Export.list(request.params.account, {
+                    page: request.query.page,
+                    pageSize: request.query.pageSize
+                });
+            } catch (err) {
+                handleError(request, err);
+            }
+        },
+
+        options: {
+            description: 'List exports',
+            notes: 'Lists all exports for an account with pagination.',
+            tags: ['api', 'Export (Beta)'],
+
+            auth: {
+                strategy: 'api-token',
+                mode: 'required'
+            },
+            cors: CORS_CONFIG,
+
+            validate: {
+                options: {
+                    stripUnknown: false,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+
+                params: Joi.object({
+                    account: accountIdSchema.required()
+                }).label('ListExportsParams'),
+
+                query: Joi.object({
+                    page: Joi.number()
+                        .integer()
+                        .min(0)
+                        .max(1024 * 1024)
+                        .default(0)
+                        .example(0)
+                        .description('Page number (zero indexed)')
+                        .label('PageNumber'),
+                    pageSize: Joi.number().integer().min(1).max(1000).default(20).example(20).description('How many entries per page').label('PageSize')
+                }).label('ListExportsQuery')
+            },
+
+            response: {
+                schema: exportListSchema,
+                failAction: 'log'
+            }
+        }
+    });
+}
+
+module.exports = init;