npm - emailengine-app - Versions diffs - 2.63.4 → 2.65.0 - Mend

emailengine-app 2.63.4 → 2.65.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/.github/workflows/test.yml +4 -0
package/CHANGELOG.md +70 -0
package/copy-static-files.sh +1 -1
package/data/google-crawlers.json +1 -1
package/eslint.config.js +2 -0
package/lib/account.js +13 -9
package/lib/api-routes/account-routes.js +7 -1
package/lib/consts.js +17 -1
package/lib/email-client/gmail/gmail-api.js +1 -12
package/lib/email-client/imap-client.js +5 -3
package/lib/email-client/outlook/graph-api.js +9 -15
package/lib/email-client/outlook-client.js +406 -177
package/lib/export.js +17 -0
package/lib/imapproxy/imap-server.js +3 -2
package/lib/oauth/gmail.js +12 -1
package/lib/oauth/outlook.js +99 -1
package/lib/oauth/pubsub/google.js +253 -85
package/lib/oauth2-apps.js +620 -389
package/lib/outbox.js +1 -1
package/lib/routes-ui.js +193 -238
package/lib/schemas.js +189 -12
package/lib/ui-routes/account-routes.js +7 -2
package/lib/ui-routes/admin-entities-routes.js +3 -3
package/lib/ui-routes/oauth-routes.js +27 -175
package/package.json +21 -21
package/sbom.json +1 -1
package/server.js +54 -22
package/static/licenses.html +30 -90
package/translations/de.mo +0 -0
package/translations/de.po +54 -42
package/translations/en.mo +0 -0
package/translations/en.po +55 -43
package/translations/et.mo +0 -0
package/translations/et.po +54 -42
package/translations/fr.mo +0 -0
package/translations/fr.po +54 -42
package/translations/ja.mo +0 -0
package/translations/ja.po +54 -42
package/translations/messages.pot +93 -71
package/translations/nl.mo +0 -0
package/translations/nl.po +54 -42
package/translations/pl.mo +0 -0
package/translations/pl.po +54 -42
package/views/config/oauth/app.hbs +12 -0
package/views/config/oauth/edit.hbs +2 -0
package/views/config/oauth/index.hbs +4 -1
package/views/config/oauth/new.hbs +2 -0
package/views/config/oauth/subscriptions.hbs +175 -0
package/views/error.hbs +4 -4
package/views/partials/oauth_form.hbs +179 -4
package/views/partials/oauth_tabs.hbs +8 -0
package/views/partials/scope_info.hbs +10 -0
package/workers/api.js +174 -96
package/workers/documents.js +1 -0
package/workers/export.js +6 -2
package/workers/imap.js +33 -49
package/workers/smtp.js +1 -0
package/workers/submit.js +1 -0
package/workers/webhooks.js +42 -30

package/lib/export.js CHANGED Viewed

@@ -242,6 +242,7 @@ class Export {
             },
             created: toIsoDate(data.created),
             expiresAt: toIsoDate(data.expiresAt),
+            truncated: data.truncated === '1' || undefined,
             error: data.error || null
         };
@@ -322,6 +323,15 @@ class Export {
         }
     }
+    static async startProcessing(account, exportId) {
+        const exportKey = getExportKey(account, exportId);
+        const maxAge = await getExportMaxAge();
+        const ttl = Math.ceil(maxAge / 1000);
+        const newExpiresAt = Date.now() + maxAge;
+        await redis.multi().hmset(exportKey, { status: 'processing', phase: 'indexing', expiresAt: newExpiresAt }).expire(exportKey, ttl).exec();
+    }
     static async queueMessage(account, exportId, messageInfo) {
         const queueKey = getExportQueueKey(account, exportId);
         const exportKey = getExportKey(account, exportId);
@@ -415,6 +425,13 @@ class Export {
         logger.error({ msg: 'Export failed', account, exportId, error });
     }
+    static async deleteFully(account, exportId) {
+        const exportKey = getExportKey(account, exportId);
+        const queueKey = getExportQueueKey(account, exportId);
+        await redis.multi().del(exportKey).del(queueKey).srem(ACTIVE_EXPORTS_KEY, `${account}:${exportId}`).exec();
+    }
     static async markInterruptedAsFailed() {
         const activeExports = await redis.smembers(ACTIVE_EXPORTS_KEY);

package/lib/imapproxy/imap-server.js CHANGED Viewed

@@ -4,7 +4,7 @@ const { parentPort } = require('worker_threads');
 const config = require('@zone-eu/wild-config');
 const logger = require('../logger');
-const { oauth2Apps, oauth2ProviderData } = require('../oauth2-apps');
+const { oauth2Apps, oauth2ProviderData, isApiBasedApp } = require('../oauth2-apps');
 const { getDuration, getBoolean, resolveCredentials, hasEnvValue, readEnvValue, emitChangeEvent, loadTlsConfig } = require('../tools');
 const { matchIp, getLocalAddress } = require('../utils/network');
@@ -48,6 +48,7 @@ async function call(message, transferList) {
             err.statusCode = 504;
             err.code = 'Timeout';
             err.ttl = ttl;
+            callQueue.delete(mid);
             reject(err);
         }, ttl);
@@ -213,7 +214,7 @@ async function onAuth(auth, session) {
         throw respErr;
     }
-    if (accountData?._app?.baseScopes === 'api') {
+    if (isApiBasedApp(accountData?._app)) {
         let respErr = new Error('IMAP is not supported for API-based accounts');
         respErr.authenticationFailed = true;
         respErr.serverResponseCode = 'ACCOUNTDISABLED';

package/lib/oauth/gmail.js CHANGED Viewed

@@ -481,7 +481,8 @@ class GmailOauth {
                 Authorization: `Bearer ${accessToken}`,
                 'User-Agent': `${packageData.name}/${packageData.version} (+${packageData.homepage})`
             },
-            dispatcher: httpAgent.retry
+            dispatcher: httpAgent.retry,
+            signal: options.signal || undefined
         };
         if (payload && method !== 'get') {
@@ -535,6 +536,16 @@ class GmailOauth {
                 reqTime
             };
+            // Capture Retry-After header for rate limiting (429) responses
+            if (res.status === 429) {
+                let retryAfterHeader = res.headers.get('retry-after');
+                if (retryAfterHeader) {
+                    let parsed = parseInt(retryAfterHeader, 10);
+                    err.retryAfter = isNaN(parsed) ? null : parsed;
+                    err.oauthRequest.retryAfter = err.retryAfter;
+                }
+            }
             try {
                 err.oauthRequest.response = await res.json();

package/lib/oauth/outlook.js CHANGED Viewed

@@ -174,7 +174,8 @@ class OutlookOauth {
         this.logRaw = opts.logRaw;
         this.logger = opts.logger;
-        this.provider = 'outlook';
+        this.useClientCredentials = !!opts.useClientCredentials;
+        this.provider = opts.provider || 'outlook';
         this.setFlag = opts.setFlag;
@@ -199,9 +200,18 @@ class OutlookOauth {
                 this.entraEndpoint = 'https://login.microsoftonline.com';
                 this.apiBase = 'https://graph.microsoft.com';
         }
+        // Client credentials use a single .default scope; override whatever was set above
+        if (this.useClientCredentials) {
+            this.scopes = [`${this.apiBase}/.default`];
+        }
     }
     generateAuthUrl(opts) {
+        if (this.useClientCredentials) {
+            throw new Error('Client credentials flow does not support interactive authorization');
+        }
         opts = opts || {};
         const url = new URL(`${this.entraEndpoint}/${this.authority}/oauth2/v2.0/authorize`);
@@ -335,6 +345,10 @@ class OutlookOauth {
     }
     async refreshToken(opts) {
+        if (this.useClientCredentials) {
+            return this.getClientCredentialsToken();
+        }
         opts = opts || {};
         if (!opts.refreshToken) {
             throw new Error('Refresh token not provided');
@@ -435,6 +449,90 @@ class OutlookOauth {
         return responseJson;
     }
+    async getClientCredentialsToken() {
+        const url = new URL(`${this.entraEndpoint}/${this.authority}/oauth2/v2.0/token`);
+        url.searchParams.set('client_id', this.clientId);
+        url.searchParams.set('client_secret', this.clientSecret);
+        url.searchParams.set('scope', this.scopes.join(' '));
+        url.searchParams.set('grant_type', 'client_credentials');
+        let requestUrl = url.origin + url.pathname;
+        let method = 'post';
+        const bodyString = url.searchParams.toString();
+        let res = await fetchCmd(requestUrl, {
+            method,
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'User-Agent': `${packageData.name}/${packageData.version} (+${packageData.homepage})`
+            },
+            body: bodyString,
+            dispatcher: httpAgent.retry
+        });
+        let responseJson;
+        try {
+            responseJson = await res.json();
+        } catch (err) {
+            if (this.logger) {
+                this.logger.error({ msg: 'Failed to retrieve JSON', err });
+            }
+        }
+        if (this.logger) {
+            this.logger.info({
+                msg: 'OAuth2 authentication request',
+                action: 'oauth2Fetch',
+                fn: 'getClientCredentialsToken',
+                method,
+                url: requestUrl,
+                success: !!res.ok,
+                status: res.status,
+                request: formatFetchBody(url.searchParams, this.logRaw),
+                response: formatFetchResponse(responseJson, this.logRaw)
+            });
+        }
+        if (!res.ok) {
+            let err = new Error('Token request failed');
+            err.code = 'ETokenRefresh';
+            err.statusCode = res.status;
+            err.tokenRequest = {
+                url: requestUrl,
+                method,
+                authority: this.authority,
+                grant: 'client_credentials',
+                provider: this.provider,
+                status: res.status,
+                clientId: this.clientId,
+                scopes: this.scopes
+            };
+            try {
+                err.tokenRequest.response = responseJson || { error: 'Failed to parse response' };
+                if (EXPOSE_PARTIAL_SECRET_KEY_REGEX.test(err.tokenRequest.response?.error_description)) {
+                    err.tokenRequest.clientSecret = formatPartialSecretKey(this.clientSecret);
+                }
+                let flag = checkForFlags(err.tokenRequest.response);
+                if (flag) {
+                    await this.setFlag(flag);
+                }
+            } catch (e) {
+                // ignore
+            }
+            err.message = formatTokenError(this.provider, err.tokenRequest);
+            throw err;
+        }
+        // clear potential auth flag
+        await this.setFlag();
+        return responseJson;
+    }
     async request(accessToken, url, method, payload, options) {
         options = options || {};