emailengine-app 2.68.0 → 2.69.0

package/lib/ui-routes/unsubscribe-routes.js

@@ -0,0 +1,234 @@
+'use strict';
+
+// NB! This file is processed by the gettext parser (npm run gettext) and can not use newer syntax like ?.
+
+// Public (unauthenticated) subscription-management routes. These render the unsubscribe
+// landing page reached from the List-Unsubscribe link in outgoing messages and process
+// the subscribe/unsubscribe form submission. Extracted verbatim from lib/routes-ui.js.
+// Both routes set `auth: false` and define their own validation failAction handlers.
+
+const Joi = require('joi');
+const Boom = require('@hapi/boom');
+const { Account } = require('../account');
+const { redis } = require('../db');
+const { accountIdSchema } = require('../schemas');
+const { REDIS_PREFIX } = require('../consts');
+
+function init(args) {
+    const { server, call } = args;
+
+    server.route({
+        method: 'GET',
+        path: '/unsubscribe',
+        async handler(request, h) {
+            let data = Buffer.from(request.query.data, 'base64url').toString();
+            // do not check signature, validate fields in the submit step
+
+            data = JSON.parse(data);
+
+            if (!data || typeof data !== 'object' || data.act !== 'unsub') {
+                throw new Error(request.app.gt.gettext('Invalid input'));
+            }
+
+            // throws if account does not exist
+            let accountObject = new Account({ redis, account: data.acc });
+            await accountObject.loadAccountData();
+
+            return h.view(
+                'unsubscribe',
+                {
+                    pageTitleFull: request.app.gt.gettext('Subscription Management'),
+
+                    unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${data.list}`, data.rcpt),
+                    values: {
+                        listId: data.list,
+                        account: data.acc,
+                        messageId: data.msg,
+                        email: data.rcpt
+                    }
+                },
+                {
+                    layout: 'public'
+                }
+            );
+        },
+        options: {
+            auth: false,
+
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+
+                async failAction(request, h, err) {
+                    request.logger.error({ msg: 'Failed to validate request arguments', err });
+                    let error = Boom.boomify(new Error(request.app.gt.gettext('Invalid request. Check your input and try again.')), { statusCode: 400 });
+                    if (err.code) {
+                        error.output.payload.code = err.code;
+                    }
+                    throw error;
+                },
+
+                query: Joi.object({
+                    data: Joi.string().base64({ paddingRequired: false, urlSafe: true }).required(),
+                    sig: Joi.string().base64({ paddingRequired: false, urlSafe: true })
+                })
+            }
+        }
+    });
+
+    server.route({
+        method: 'POST',
+        path: '/unsubscribe/address',
+        async handler(request, h) {
+            try {
+                // throws if account does not exist
+                let accountObject = new Account({ redis, account: request.payload.account });
+                await accountObject.loadAccountData();
+
+                let reSubscribed = false;
+
+                switch (request.payload.action) {
+                    case 'unsubscribe': {
+                        let isNew = await redis.eeListAdd(
+                            `${REDIS_PREFIX}lists:unsub:lists`,
+                            `${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`,
+                            request.payload.listId,
+                            request.payload.email.toLowerCase().trim(),
+                            JSON.stringify({
+                                recipient: request.payload.email,
+                                account: request.payload.account,
+                                source: 'form',
+                                reason: 'unsubscribe',
+                                messageId: request.payload.messageId,
+                                remoteAddress: request.info.remoteAddress,
+                                userAgent: request.headers['user-agent'],
+                                created: new Date().toISOString()
+                            })
+                        );
+
+                        if (isNew) {
+                            await call({
+                                cmd: 'unsubscribe',
+                                account: request.payload.account,
+                                payload: {
+                                    recipient: request.payload.email,
+                                    messageId: request.payload.messageId,
+                                    listId: request.payload.listId,
+                                    remoteAddress: request.info.remoteAddress,
+                                    userAgent: request.headers['user-agent']
+                                }
+                            });
+                        }
+                        break;
+                    }
+
+                    case 'subscribe': {
+                        let removed = await redis.eeListRemove(
+                            `${REDIS_PREFIX}lists:unsub:lists`,
+                            `${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`,
+                            request.payload.listId,
+                            request.payload.email.toLowerCase().trim()
+                        );
+
+                        if (removed) {
+                            await call({
+                                cmd: 'subscribe',
+                                account: request.payload.account,
+                                payload: {
+                                    recipient: request.payload.email,
+                                    messageId: request.payload.messageId,
+                                    listId: request.payload.listId,
+                                    remoteAddress: request.info.remoteAddress,
+                                    userAgent: request.headers['user-agent']
+                                }
+                            });
+                        }
+
+                        reSubscribed = true;
+                        break;
+                    }
+                }
+
+                return h.view(
+                    'unsubscribe',
+                    {
+                        pageTitleFull: request.app.gt.gettext('Subscription Management'),
+
+                        unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email),
+                        values: request.payload,
+                        reSubscribed
+                    },
+                    {
+                        layout: 'public'
+                    }
+                );
+            } catch (err) {
+                await request.flash({ type: 'danger', message: request.app.gt.gettext("Couldn't process request. Try again.") });
+                request.logger.error({ msg: 'Failed to process subscription request', err });
+
+                return h.view(
+                    'unsubscribe',
+                    {
+                        pageTitleFull: request.app.gt.gettext('Subscription Management'),
+                        unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email)
+                    },
+                    {
+                        layout: 'public'
+                    }
+                );
+            }
+        },
+        options: {
+            auth: false,
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+
+                async failAction(request, h, err) {
+                    let errors = {};
+
+                    if (err.details) {
+                        err.details.forEach(detail => {
+                            if (!errors[detail.path]) {
+                                errors[detail.path] = detail.message;
+                            }
+                        });
+                    }
+
+                    await request.flash({ type: 'danger', message: request.app.gt.gettext("Couldn't process request. Try again.") });
+                    request.logger.error({ msg: 'Failed to process subscription request', err });
+
+                    return h
+                        .view(
+                            'unsubscribe',
+                            {
+                                pageTitleFull: request.app.gt.gettext('Subscription Management'),
+                                unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email),
+                                errors
+                            },
+                            {
+                                layout: 'public'
+                            }
+                        )
+                        .takeover();
+                },
+
+                payload: Joi.object({
+                    action: Joi.string().valid('subscribe', 'unsubscribe').required(),
+                    account: accountIdSchema.required(),
+                    listId: Joi.string().hostname().empty('').example('test-list').label('List ID').required(),
+                    email: Joi.string().email().empty('').required().description('Email address').required(),
+                    messageId: Joi.string().empty('').max(996).example('<test123@example.com>').description('Message ID')
+                })
+            }
+        }
+    });
+}
+
+module.exports = init;

package/lib/webhook-request.js

@@ -0,0 +1,36 @@
+'use strict';
+
+/**
+ * Performs a single webhook HTTP delivery and always drains the response body.
+ *
+ * The webhook response body is never used, but with undici's keepAlive dispatcher
+ * a connection is only returned to the pool once its body has been consumed.
+ * Draining on every path (success and failure) prevents successful deliveries -
+ * the common, high-volume case - from pinning pooled sockets.
+ *
+ * @param {Function} fetchImpl - fetch implementation (undici fetch)
+ * @param {string} url - Destination URL
+ * @param {Object} options - fetch options (method, body, headers, dispatcher)
+ * @returns {Promise<number>} Resolves with the HTTP status code on success
+ * @throws {Error} On a non-2xx response; the error carries a `statusCode` property
+ */
+async function sendWebhookRequest(fetchImpl, url, options) {
+    const res = await fetchImpl(url, options);
+
+    // Drain the body regardless of status so the socket can be reused.
+    try {
+        await res.text();
+    } catch (err) {
+        // ignore drain errors
+    }
+
+    if (!res.ok) {
+        let err = new Error(res.statusText || `Invalid response: ${res.status} ${res.statusText}`);
+        err.statusCode = res.status;
+        throw err;
+    }
+
+    return res.status;
+}
+
+module.exports = { sendWebhookRequest };

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "emailengine-app",
-    "version": "2.68.0",
+    "version": "2.69.0",
     "private": false,
     "productTitle": "EmailEngine",
     "description": "Email Sync Engine",
@@ -17,7 +17,7 @@
         "build-dist": "pkg --compress Brotli package.json && npm install && node winconf.js",
         "build-dist-fast": "pkg --debug package.json && npm install && node winconf.js",
         "licenses": "license-checker --excludePackages 'emailengine-app' --json | node list-generate.js > static/licenses.html",
-        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && jsxgettext --parser-options '{\"ecmaVersion\": 2018}' lib/routes-ui.js workers/api.js lib/tools.js lib/autodetect-imap-settings.js lib/ui-routes/account-routes.js lib/ui-routes/admin-config-routes.js lib/ui-routes/admin-entities-routes.js -j -o translations/messages.pot",
+        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && jsxgettext --parser-options '{\"ecmaVersion\": 2018}' workers/api.js lib/tools.js lib/autodetect-imap-settings.js lib/ui-routes/admin-entities-routes.js lib/ui-routes/account-routes.js lib/ui-routes/oauth-config-routes.js lib/ui-routes/admin-config-routes.js lib/ui-routes/route-helpers.js lib/ui-routes/unsubscribe-routes.js -j -o translations/messages.pot",
         "prepare-docker": "echo \"EE_DOCKER_LEGACY=$EE_DOCKER_LEGACY\" >> system.env && cat system.env",
         "update": "rm -rf node_modules package-lock.json && ncu -u && npm install && ./copy-static-files.sh && npm run licenses && npm run gettext",
         "test-gmail-api": "node lib/email-client/gmail-client.js --dbs.redis=redis://127.0.0.1/11",
@@ -44,8 +44,8 @@
     "homepage": "https://emailengine.app/",
     "dependencies": {
         "@bugsnag/js": "8.9.0",
-        "@bull-board/api": "7.1.5",
-        "@bull-board/hapi": "7.1.5",
+        "@bull-board/api": "7.2.1",
+        "@bull-board/hapi": "7.2.1",
         "@elastic/elasticsearch": "8.15.3",
         "@hapi/accept": "6.0.3",
         "@hapi/bell": "13.1.0",
@@ -59,18 +59,18 @@
         "@postalsys/bounce-classifier": "3.0.0",
         "@postalsys/certs": "1.0.14",
         "@postalsys/ee-client": "1.3.0",
-        "@postalsys/email-ai-tools": "1.13.4",
-        "@postalsys/email-text-tools": "2.4.5",
+        "@postalsys/email-ai-tools": "1.13.5",
+        "@postalsys/email-text-tools": "2.4.6",
         "@postalsys/gettext": "4.1.1",
         "@postalsys/joi-messages": "1.0.5",
         "@postalsys/templates": "2.0.1",
         "@simplewebauthn/browser": "13.3.0",
-        "@simplewebauthn/server": "13.3.0",
-        "@zone-eu/mailsplit": "5.4.11",
+        "@simplewebauthn/server": "13.3.1",
+        "@zone-eu/mailsplit": "5.4.12",
         "@zone-eu/wild-config": "1.7.5",
         "ace-builds": "1.44.0",
         "base32.js": "0.1.0",
-        "bullmq": "5.77.3",
+        "bullmq": "5.78.0",
         "compare-versions": "6.1.1",
         "dotenv": "17.4.2",
         "encoding-japanese": "2.2.0",
@@ -84,9 +84,9 @@
         "html-to-text": "10.0.0",
         "ical.js": "1.5.0",
         "iconv-lite": "0.7.2",
-        "imapflow": "1.3.3",
+        "imapflow": "1.4.0",
         "ioredfour": "1.4.1",
-        "ioredis": "5.10.1",
+        "ioredis": "5.11.1",
         "ipaddr.js": "2.4.0",
         "joi": "17.13.3",
         "jquery": "4.0.0",
@@ -94,21 +94,21 @@
         "libmime": "5.3.8",
         "libqp": "2.1.1",
         "license-checker": "25.0.1",
-        "mailparser": "3.9.8",
+        "mailparser": "3.9.9",
         "marked": "9.1.6",
         "minimist": "1.2.8",
         "msgpack5": "6.0.2",
         "murmurhash": "2.0.1",
         "nanoid": "3.3.8",
-        "nodemailer": "8.0.8",
+        "nodemailer": "8.0.10",
         "pino": "10.3.1",
         "popper.js": "1.16.1",
         "prom-client": "15.1.3",
         "psl": "1.15.0",
-        "pubface": "1.1.1",
+        "pubface": "1.1.2",
         "punycode.js": "2.3.1",
         "qrcode": "1.5.4",
-        "smtp-server": "3.18.4",
+        "smtp-server": "3.18.5",
         "socks": "2.8.9",
         "speakeasy": "2.0.0",
         "startbootstrap-sb-admin-2": "3.3.7",
@@ -120,14 +120,14 @@
         "@eslint/js": "10.0.1",
         "chai": "4.3.10",
         "eerawlog": "1.5.3",
-        "eslint": "10.4.0",
+        "eslint": "10.4.1",
         "grunt": "1.6.2",
         "grunt-cli": "1.5.0",
         "grunt-shell-spawn": "0.5.0",
         "grunt-wait": "0.3.0",
         "jsxgettext": "0.11.0",
         "pino-pretty": "13.0.0",
-        "prettier": "3.8.3",
+        "prettier": "3.8.4",
         "resedit": "3.0.2",
         "spdx-satisfies": "6.0.0",
         "supertest": "7.2.2",