emailengine-app 2.68.1 → 2.70.0

package/.github/workflows/deploy.yml

@@ -16,6 +16,7 @@ jobs:
     deploy:
         name: Deploy Demo App
         runs-on: ubuntu-24.04
+        timeout-minutes: 15
 
         steps:
             - name: Checkout
@@ -40,7 +41,7 @@ jobs:
               id: deploy
               run: |
                   echo $GITHUB_SHA > commit.txt
-                  ./update-info.sh
+                  EE_COMMIT_HASH=$GITHUB_SHA ./update-info.sh
                   npm install --omit=dev
                   tar czf /tmp/${SERVICE_NAME}.tar.gz --exclude .git .
                   scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_02}:
@@ -54,7 +55,7 @@ jobs:
               id: deploy-demo
               run: |
                   echo $GITHUB_SHA > commit.txt
-                  ./update-info.sh
+                  EE_COMMIT_HASH=$GITHUB_SHA ./update-info.sh
                   npm install --omit=dev
                   tar czf /tmp/${SERVICE_NAME}.tar.gz --exclude .git .
                   scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_02}:
@@ -63,6 +64,7 @@ jobs:
     docker:
         name: Build Docker Image
         runs-on: ubuntu-24.04
+        timeout-minutes: 30
         permissions:
             contents: read
             packages: write
@@ -102,8 +104,11 @@ jobs:
                   images: |
                       ${{ github.repository }}
                       ghcr.io/${{ github.repository }}
+                  # :latest is owned by the release workflow (release.yaml) and
+                  # always points at the newest release; per-push dev builds from
+                  # master are published as :edge instead
                   tags: |
-                      type=raw,value=latest,enable=true
+                      type=raw,value=edge,enable=true
 
             - name: Build and push
               uses: docker/build-push-action@v7

package/.github/workflows/release.yaml

@@ -63,6 +63,10 @@ jobs:
         runs-on: ubuntu-latest
         needs: release_please
         if: ${{needs.release_please.outputs.release_created}}
+        # Multi-arch builds run the arm64 leg under QEMU emulation, which can
+        # hang indefinitely on a misbehaving step. A normal build finishes in
+        # ~4 minutes, so fail fast instead of burning the 6-hour default limit.
+        timeout-minutes: 30
         steps:
             - run: echo version v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
 
@@ -99,9 +103,11 @@ jobs:
                   platforms: ${{ steps.buildx.outputs.platforms }}
                   push: true
                   tags: |
+                      ${{ github.repository }}:latest
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}
+                      ghcr.io/${{ github.repository }}:latest
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}

package/CHANGELOG.md

@@ -1,5 +1,64 @@
 # Changelog
 
+## [2.70.0](https://github.com/postalsys/emailengine/compare/v2.69.0...v2.70.0) (2026-06-11)
+
+
+### Features
+
+* allow enabling Sentry error reporting from the admin UI ([a4076a4](https://github.com/postalsys/emailengine/commit/a4076a4fa6658ccc998f9bfe35dddf015cd12b09))
+* replace Bugsnag with self-hosted Sentry for error tracking ([62de831](https://github.com/postalsys/emailengine/commit/62de831a2911da9b649fe693547ba09d70e2e481))
+* tag Sentry error reports with instance id and license key ([2e9683f](https://github.com/postalsys/emailengine/commit/2e9683f27d54ff8fa7ba3f6f4453866fd135f173))
+
+
+### Bug Fixes
+
+* align API response schemas with actual responses and fix uncovered API bugs ([abacbf6](https://github.com/postalsys/emailengine/commit/abacbf66f048a77d00d180a831a97594380d8ed9))
+* align remaining API response schemas with actual responses ([06136ab](https://github.com/postalsys/emailengine/commit/06136abd20a97c45b25aac7f93653387eb55928a))
+* assign unassigned accounts after license activation ([5677977](https://github.com/postalsys/emailengine/commit/56779778eba27f2d1604ff06f17e5736a5ddee61))
+* do not crash at startup when a feature flag env variable is set to a falsy value ([98ad979](https://github.com/postalsys/emailengine/commit/98ad97988e752fad9e2ae11eff63f35ffcf84976))
+* report correct nextAttempt time for queued messages ([d5ebdfb](https://github.com/postalsys/emailengine/commit/d5ebdfb029b3ed331a8239ace7426f4f0704ae2e))
+* resolve code review findings in Gmail bulk ops, exports, webhooks, and schemas ([f0ddb46](https://github.com/postalsys/emailengine/commit/f0ddb4631fb924ddb93e0a99d0e20bc9f0cc8ee2))
+
+## [2.69.0](https://github.com/postalsys/emailengine/compare/v2.68.1...v2.69.0) (2026-06-09)
+
+
+### Features
+
+* add label/category filtering to message search ([c171c4e](https://github.com/postalsys/emailengine/commit/c171c4e1efe582f7e532b69108110a1c48aa3ede))
+* detect unsafe Redis eviction config in dashboard warnings ([712d5d6](https://github.com/postalsys/emailengine/commit/712d5d69b99cc45c6f3e123a084ef054236e0110))
+* rebuild lost IMAP sync state without replaying messageNew ([9fe391e](https://github.com/postalsys/emailengine/commit/9fe391e9d6350485aded780709305d698a4c65fb))
+* surface token hash for identification in API, UI, and logs ([8e2a5a9](https://github.com/postalsys/emailengine/commit/8e2a5a9f2bb5194e92575c34c0006a8c4e21888d))
+
+
+### Bug Fixes
+
+* avoid 500 on GET /admin/totp without a partial-auth session ([b6f2394](https://github.com/postalsys/emailengine/commit/b6f2394182379d94a05f95c84f5ce04ae6f87a05))
+* bound inbound line length in the IMAP proxy parser ([9fb8a5e](https://github.com/postalsys/emailengine/commit/9fb8a5e301564dee46b48ca32a5b84e4832d96e8))
+* close leaks and a worker crash found in the connection hardening review ([e97950e](https://github.com/postalsys/emailengine/commit/e97950e7e907ac5b5549302b8865c5d2bfb0d6e2))
+* count undecodable export queue entries as skipped ([72e2498](https://github.com/postalsys/emailengine/commit/72e2498390f17ad24d5f7b1577540674d7e1fe09))
+* distinguish SO_REUSEPORT fallback cause in logs and admin UI ([99ad9f3](https://github.com/postalsys/emailengine/commit/99ad9f3359eab5bafc4726535584874d4823f7bd))
+* drain webhook response body on every delivery path ([2cc3e7a](https://github.com/postalsys/emailengine/commit/2cc3e7aef114b5b913dea5c363278e1a883d5a48))
+* extract gettext strings from the decomposed ui-routes modules ([227e60f](https://github.com/postalsys/emailengine/commit/227e60ff4f354c5d0f55534877c8ab6fbdd92c7d))
+* guard cross-thread download streams against early producer errors ([191ec62](https://github.com/postalsys/emailengine/commit/191ec6204887c3abe78da7a9944e3165b19c0b87))
+* guard IMAP notification handlers against malformed events ([0248953](https://github.com/postalsys/emailengine/commit/0248953a5dcccba5d46704bf7113a70fb5ac3150))
+* guard webhook notifications in BullMQ failure handlers ([e90048e](https://github.com/postalsys/emailengine/commit/e90048e7b7bd92916219602f92305342234df4a3))
+* harden IMAP proxy STARTTLS against command injection ([3661ddd](https://github.com/postalsys/emailengine/commit/3661dddbf216b29ec8f074d3f6422dd4db5d9e7b))
+* harden inter-thread IPC (worker-death call rejection, webhook guards, stream cleanup) ([0111a8e](https://github.com/postalsys/emailengine/commit/0111a8e2bf139c3412cc37e5e933fd5316cee8fc))
+* harden message export against data loss and corruption ([540d867](https://github.com/postalsys/emailengine/commit/540d8678ec25f62e8123fc78fa929f4e4713b5d4))
+* harden multiple-API-worker startup and centralize proxy-agent reload ([7f2db9e](https://github.com/postalsys/emailengine/commit/7f2db9e557d960aa1b7523b7d8678598683c2f29))
+* list Outlook folders with slashes in the name ([dd35e7b](https://github.com/postalsys/emailengine/commit/dd35e7b262a47f9395811d75c4bcc1d9ab4c6ec0))
+* only reseed lost IMAP sync state when no stored state exists ([78e0141](https://github.com/postalsys/emailengine/commit/78e0141e9f3478d2a2a1206c805258c6807a45d8))
+* prevent IMAP worker crash on download stream errors ([d9d5396](https://github.com/postalsys/emailengine/commit/d9d539632cc245a8e2a14585fc7918186bee00b6))
+* prevent post-BYE command dispatch in IMAP proxy teardown ([d51e92d](https://github.com/postalsys/emailengine/commit/d51e92d298e9373a6dc5c2eb0919885e161b45c7))
+* re-arm a generous idle timeout for proxied IMAP connections ([627c6d4](https://github.com/postalsys/emailengine/commit/627c6d472e50f6fc3e958e4774226557a526018d))
+* reject in-flight worker calls when a worker thread terminates ([08e7b01](https://github.com/postalsys/emailengine/commit/08e7b0128a4b8e9f9e5a96fefe49110bd032bd2c))
+* release cross-thread download streams on abort and error ([6514249](https://github.com/postalsys/emailengine/commit/65142499d095bbcb5f0bb49755a2e24f6e52fa62))
+* release MessagePort streams when message/attachment downloads fail ([787f4f5](https://github.com/postalsys/emailengine/commit/787f4f5ef6364ec1389c15269c8f7f8eaaa2142a))
+* return 422 for unsupported label search and surface Outlook categories ([d981359](https://github.com/postalsys/emailengine/commit/d981359b78b61d2c8a03e4e35086a4c9674ce53a))
+* return the append destination folder from uploadMessage ([96aed6b](https://github.com/postalsys/emailengine/commit/96aed6b1144e1d3ee9da79b3a1fb03606245f83c))
+* send correctly typed SMTP and IMAP proxy state change notifications ([3fbd27f](https://github.com/postalsys/emailengine/commit/3fbd27fc08bb74f9738a3fc95d4177fa4978c263))
+* tear down subconnections when deleting an IMAP account ([bd81a33](https://github.com/postalsys/emailengine/commit/bd81a33caf9400cbee2781a9180f1a901c1d6e48))
+
 ## [2.68.1](https://github.com/postalsys/emailengine/compare/v2.68.0...v2.68.1) (2026-06-01)
 
 

package/Gruntfile.js

@@ -15,7 +15,9 @@ module.exports = function (grunt) {
 
         shell: {
             eslint: {
-                command: 'npx eslint lib/**/*.js workers/**/*.js server.js Gruntfile.js',
+                // Globs are quoted so eslint expands them itself - unquoted, sh (no globstar)
+                // expands lib/**/*.js to depth-2 files only and skips most of lib/
+                command: "npx eslint 'lib/**/*.js' 'workers/**/*.js' server.js Gruntfile.js",
                 options: {
                     async: false
                 }

package/config/default.toml

@@ -1,6 +1,8 @@
 
 [workers]
 imap = 4
+# Number of API/HTTP workers. Values >1 require SO_REUSEPORT (Linux); on other platforms it falls back to 1.
+api = 1
 webhooks = 1
 "imapProxy" = 1
 

package/data/google-crawlers.json

@@ -1,5 +1,5 @@
 {
-    "creationTime": "2026-05-29T14:45:42.000000",
+    "creationTime": "2026-06-10T14:45:48.000000",
     "prefixes": [
         {
             "ipv6Prefix": "2001:4860:4801:2008::/64"
@@ -310,6 +310,9 @@
         {
             "ipv6Prefix": "2001:4860:4801:207e::/64"
         },
+        {
+            "ipv6Prefix": "2001:4860:4801:207f::/64"
+        },
         {
             "ipv6Prefix": "2001:4860:4801:2080::/64"
         },
@@ -796,6 +799,9 @@
         {
             "ipv4Prefix": "74.125.219.192/27"
         },
+        {
+            "ipv4Prefix": "74.125.219.224/27"
+        },
         {
             "ipv4Prefix": "74.125.219.32/27"
         },

package/getswagger.sh

@@ -1,8 +1,44 @@
 #!/bin/bash
 
+set -e
+
 export EENGINE_PORT=5678
 
-npm start > /dev/null 2>&1 &
-sleep 5
-curl -s "http://127.0.0.1:${EENGINE_PORT}/swagger.json" > swagger.json
-pkill emailengine
+# refuse to run if something is already listening on the port, otherwise the
+# polling loop below would silently fetch swagger.json from a stale instance
+if (exec 3<>"/dev/tcp/127.0.0.1/${EENGINE_PORT}") 2>/dev/null; then
+    echo "Port ${EENGINE_PORT} is already in use" >&2
+    exit 1
+fi
+
+node server.js > /dev/null 2>&1 &
+SERVER_PID=$!
+
+cleanup() {
+    kill "$SERVER_PID" 2>/dev/null || true
+    wait "$SERVER_PID" 2>/dev/null || true
+}
+trap cleanup EXIT
+
+# poll until the API is up instead of relying on a fixed sleep
+rm -f swagger.json.tmp
+for i in $(seq 1 60); do
+    if curl -fs --max-time 5 "http://127.0.0.1:${EENGINE_PORT}/swagger.json" -o swagger.json.tmp; then
+        break
+    fi
+    if ! kill -0 "$SERVER_PID" 2>/dev/null; then
+        echo "Server exited before swagger.json could be fetched" >&2
+        exit 1
+    fi
+    sleep 1
+done
+
+if [ ! -s swagger.json.tmp ]; then
+    echo "Timed out waiting for swagger.json" >&2
+    exit 1
+fi
+
+# only replace swagger.json if the download parses as JSON
+node -e 'JSON.parse(require("fs").readFileSync("swagger.json.tmp", "utf-8"))'
+
+mv swagger.json.tmp swagger.json

package/gettext-extract.js

@@ -0,0 +1,163 @@
+'use strict';
+
+// Extracts translatable strings from JS sources into translations/messages.pot.
+// Run via `npm run gettext` after xgettext-template has generated the POT from the
+// Handlebars views - this script joins the strings found in JS files into that file.
+//
+// Replaces jsxgettext, which bundled acorn 5 and crashed on post-ES2018 syntax
+// (optional chaining, nullish coalescing, etc.). Files are discovered dynamically,
+// so new modules with gettext()/ngettext() calls are picked up automatically.
+
+const { parse } = require('acorn');
+const { full: walkFull } = require('acorn-walk');
+const { po } = require('gettext-parser');
+const fs = require('fs');
+const Path = require('path');
+
+const ROOT_DIR = __dirname;
+const POT_PATH = Path.join(ROOT_DIR, 'translations', 'messages.pot');
+
+// All server-side code that may contain gettext()/ngettext() calls
+const SCAN_DIRS = ['bin', 'lib', 'workers'];
+const SCAN_FILES = ['server.js'];
+
+function listJsFiles(dir) {
+    return fs
+        .readdirSync(dir, { recursive: true })
+        .filter(entryPath => entryPath.endsWith('.js'))
+        .map(entryPath => Path.join(dir, entryPath));
+}
+
+// The full sorted scan set (sorted to keep POT reference output deterministic)
+function listScanFiles() {
+    let files = SCAN_FILES.map(file => Path.join(ROOT_DIR, file));
+    for (let dir of SCAN_DIRS) {
+        files = files.concat(listJsFiles(Path.join(ROOT_DIR, dir)));
+    }
+    return files.sort();
+}
+
+function parseFile(filePath) {
+    const source = fs.readFileSync(filePath, 'utf-8');
+    try {
+        return parse(source, { ecmaVersion: 'latest', sourceType: 'script', locations: true, allowHashBang: true });
+    } catch (err) {
+        err.message = `Failed to parse ${filePath}: ${err.message}`;
+        throw err;
+    }
+}
+
+// Resolves a call argument into a string value. Handles string literals and
+// concatenation of string literals ('foo' + 'bar'). Returns false for anything
+// dynamic (identifiers, template literals with expressions, etc.) - such calls
+// forward runtime values and do not define new translatable strings.
+function resolveString(node) {
+    switch (node.type) {
+        case 'Literal':
+            return typeof node.value === 'string' ? node.value : false;
+        case 'TemplateLiteral':
+            return node.expressions.length === 0 ? node.quasis[0].value.cooked : false;
+        case 'BinaryExpression': {
+            if (node.operator !== '+') {
+                return false;
+            }
+            let left = resolveString(node.left);
+            let right = resolveString(node.right);
+            return left !== false && right !== false ? left + right : false;
+        }
+        default:
+            return false;
+    }
+}
+
+function calleeName(callee) {
+    if (callee.type === 'Identifier') {
+        return callee.name;
+    }
+    if (callee.type === 'MemberExpression' && !callee.computed && callee.property.type === 'Identifier') {
+        return callee.property.name;
+    }
+    return false;
+}
+
+function extractFromFile(filePath) {
+    const ast = parseFile(filePath);
+
+    let entries = [];
+    let reference = node => `${Path.relative(ROOT_DIR, filePath)}:${node.loc.start.line}`;
+
+    walkFull(ast, node => {
+        if (node.type !== 'CallExpression') {
+            return;
+        }
+
+        let name = calleeName(node.callee);
+
+        // An empty msgid is skipped (like xgettext does): translations[''] is the POT header
+        // entry in gettext-parser, so an empty key would corrupt the header block
+        if (name === 'gettext' && node.arguments.length >= 1) {
+            let msgid = resolveString(node.arguments[0]);
+            if (msgid !== false && msgid !== '') {
+                entries.push({ msgid, reference: reference(node) });
+            }
+        }
+
+        if (name === 'ngettext' && node.arguments.length >= 2) {
+            let msgid = resolveString(node.arguments[0]);
+            let msgidPlural = resolveString(node.arguments[1]);
+            if (msgid !== false && msgid !== '' && msgidPlural !== false) {
+                entries.push({ msgid, msgidPlural, reference: reference(node) });
+            }
+        }
+    });
+
+    return entries;
+}
+
+function main() {
+    let files = listScanFiles();
+
+    let extracted = [];
+    for (let filePath of files) {
+        extracted = extracted.concat(extractFromFile(filePath));
+    }
+
+    let pot = po.parse(fs.readFileSync(POT_PATH));
+    let translations = (pot.translations[''] = pot.translations[''] || {});
+
+    // xgettext-template does not stamp a creation date, so set it here (jsxgettext used to)
+    pot.headers = pot.headers || {};
+    pot.headers['POT-Creation-Date'] = new Date()
+        .toISOString()
+        .replace(/T/, ' ')
+        .replace(/:\d+\.\d+Z$/, '+0000');
+
+    for (let { msgid, msgidPlural, reference } of extracted) {
+        let entry = translations[msgid];
+        if (!entry) {
+            entry = translations[msgid] = { msgid, msgstr: [''] };
+        }
+
+        if (msgidPlural && !entry.msgid_plural) {
+            entry.msgid_plural = msgidPlural;
+            entry.msgstr = ['', ''];
+        }
+
+        entry.comments = entry.comments || {};
+        let references = entry.comments.reference ? entry.comments.reference.split('\n') : [];
+        if (!references.includes(reference)) {
+            references.push(reference);
+        }
+        entry.comments.reference = references.join('\n');
+    }
+
+    fs.writeFileSync(POT_PATH, po.compile(pot));
+    console.log(`Extracted ${extracted.length} gettext strings from ${files.length} JS files into ${Path.relative(ROOT_DIR, POT_PATH)}`);
+}
+
+if (require.main === module) {
+    main();
+}
+
+// Exported for the gettext coverage test, which walks the same scan set with the same helpers
+module.exports = { listScanFiles, parseFile, calleeName, extractFromFile };