emailengine-app 2.68.1 → 2.70.0

package/lib/ui-routes/unsubscribe-routes.js

@@ -0,0 +1,232 @@
+'use strict';
+
+// Public (unauthenticated) subscription-management routes. These render the unsubscribe
+// landing page reached from the List-Unsubscribe link in outgoing messages and process
+// the subscribe/unsubscribe form submission. Extracted verbatim from lib/routes-ui.js.
+// Both routes set `auth: false` and define their own validation failAction handlers.
+
+const Joi = require('joi');
+const Boom = require('@hapi/boom');
+const { Account } = require('../account');
+const { redis } = require('../db');
+const { accountIdSchema } = require('../schemas');
+const { REDIS_PREFIX } = require('../consts');
+
+function init(args) {
+    const { server, call } = args;
+
+    server.route({
+        method: 'GET',
+        path: '/unsubscribe',
+        async handler(request, h) {
+            let data = Buffer.from(request.query.data, 'base64url').toString();
+            // do not check signature, validate fields in the submit step
+
+            data = JSON.parse(data);
+
+            if (!data || typeof data !== 'object' || data.act !== 'unsub') {
+                throw new Error(request.app.gt.gettext('Invalid input'));
+            }
+
+            // throws if account does not exist
+            let accountObject = new Account({ redis, account: data.acc });
+            await accountObject.loadAccountData();
+
+            return h.view(
+                'unsubscribe',
+                {
+                    pageTitleFull: request.app.gt.gettext('Subscription Management'),
+
+                    unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${data.list}`, data.rcpt),
+                    values: {
+                        listId: data.list,
+                        account: data.acc,
+                        messageId: data.msg,
+                        email: data.rcpt
+                    }
+                },
+                {
+                    layout: 'public'
+                }
+            );
+        },
+        options: {
+            auth: false,
+
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+
+                async failAction(request, h, err) {
+                    request.logger.error({ msg: 'Failed to validate request arguments', err });
+                    let error = Boom.boomify(new Error(request.app.gt.gettext('Invalid request. Check your input and try again.')), { statusCode: 400 });
+                    if (err.code) {
+                        error.output.payload.code = err.code;
+                    }
+                    throw error;
+                },
+
+                query: Joi.object({
+                    data: Joi.string().base64({ paddingRequired: false, urlSafe: true }).required(),
+                    sig: Joi.string().base64({ paddingRequired: false, urlSafe: true })
+                })
+            }
+        }
+    });
+
+    server.route({
+        method: 'POST',
+        path: '/unsubscribe/address',
+        async handler(request, h) {
+            try {
+                // throws if account does not exist
+                let accountObject = new Account({ redis, account: request.payload.account });
+                await accountObject.loadAccountData();
+
+                let reSubscribed = false;
+
+                switch (request.payload.action) {
+                    case 'unsubscribe': {
+                        let isNew = await redis.eeListAdd(
+                            `${REDIS_PREFIX}lists:unsub:lists`,
+                            `${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`,
+                            request.payload.listId,
+                            request.payload.email.toLowerCase().trim(),
+                            JSON.stringify({
+                                recipient: request.payload.email,
+                                account: request.payload.account,
+                                source: 'form',
+                                reason: 'unsubscribe',
+                                messageId: request.payload.messageId,
+                                remoteAddress: request.info.remoteAddress,
+                                userAgent: request.headers['user-agent'],
+                                created: new Date().toISOString()
+                            })
+                        );
+
+                        if (isNew) {
+                            await call({
+                                cmd: 'unsubscribe',
+                                account: request.payload.account,
+                                payload: {
+                                    recipient: request.payload.email,
+                                    messageId: request.payload.messageId,
+                                    listId: request.payload.listId,
+                                    remoteAddress: request.info.remoteAddress,
+                                    userAgent: request.headers['user-agent']
+                                }
+                            });
+                        }
+                        break;
+                    }
+
+                    case 'subscribe': {
+                        let removed = await redis.eeListRemove(
+                            `${REDIS_PREFIX}lists:unsub:lists`,
+                            `${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`,
+                            request.payload.listId,
+                            request.payload.email.toLowerCase().trim()
+                        );
+
+                        if (removed) {
+                            await call({
+                                cmd: 'subscribe',
+                                account: request.payload.account,
+                                payload: {
+                                    recipient: request.payload.email,
+                                    messageId: request.payload.messageId,
+                                    listId: request.payload.listId,
+                                    remoteAddress: request.info.remoteAddress,
+                                    userAgent: request.headers['user-agent']
+                                }
+                            });
+                        }
+
+                        reSubscribed = true;
+                        break;
+                    }
+                }
+
+                return h.view(
+                    'unsubscribe',
+                    {
+                        pageTitleFull: request.app.gt.gettext('Subscription Management'),
+
+                        unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email),
+                        values: request.payload,
+                        reSubscribed
+                    },
+                    {
+                        layout: 'public'
+                    }
+                );
+            } catch (err) {
+                await request.flash({ type: 'danger', message: request.app.gt.gettext("Couldn't process request. Try again.") });
+                request.logger.error({ msg: 'Failed to process subscription request', err });
+
+                return h.view(
+                    'unsubscribe',
+                    {
+                        pageTitleFull: request.app.gt.gettext('Subscription Management'),
+                        unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email)
+                    },
+                    {
+                        layout: 'public'
+                    }
+                );
+            }
+        },
+        options: {
+            auth: false,
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+
+                async failAction(request, h, err) {
+                    let errors = {};
+
+                    if (err.details) {
+                        err.details.forEach(detail => {
+                            if (!errors[detail.path]) {
+                                errors[detail.path] = detail.message;
+                            }
+                        });
+                    }
+
+                    await request.flash({ type: 'danger', message: request.app.gt.gettext("Couldn't process request. Try again.") });
+                    request.logger.error({ msg: 'Failed to process subscription request', err });
+
+                    return h
+                        .view(
+                            'unsubscribe',
+                            {
+                                pageTitleFull: request.app.gt.gettext('Subscription Management'),
+                                unsubscribed: await redis.hexists(`${REDIS_PREFIX}lists:unsub:entries:${request.payload.listId}`, request.payload.email),
+                                errors
+                            },
+                            {
+                                layout: 'public'
+                            }
+                        )
+                        .takeover();
+                },
+
+                payload: Joi.object({
+                    action: Joi.string().valid('subscribe', 'unsubscribe').required(),
+                    account: accountIdSchema.required(),
+                    listId: Joi.string().hostname().empty('').example('test-list').label('List ID').required(),
+                    email: Joi.string().email().empty('').required().description('Email address').required(),
+                    messageId: Joi.string().empty('').max(996).example('<test123@example.com>').description('Message ID')
+                })
+            }
+        }
+    });
+}
+
+module.exports = init;

package/lib/webhook-request.js

@@ -0,0 +1,36 @@
+'use strict';
+
+/**
+ * Performs a single webhook HTTP delivery and always drains the response body.
+ *
+ * The webhook response body is never used, but with undici's keepAlive dispatcher
+ * a connection is only returned to the pool once its body has been consumed.
+ * Draining on every path (success and failure) prevents successful deliveries -
+ * the common, high-volume case - from pinning pooled sockets.
+ *
+ * @param {Function} fetchImpl - fetch implementation (undici fetch)
+ * @param {string} url - Destination URL
+ * @param {Object} options - fetch options (method, body, headers, dispatcher)
+ * @returns {Promise<number>} Resolves with the HTTP status code on success
+ * @throws {Error} On a non-2xx response; the error carries a `statusCode` property
+ */
+async function sendWebhookRequest(fetchImpl, url, options) {
+    const res = await fetchImpl(url, options);
+
+    // Drain the body regardless of status so the socket can be reused.
+    try {
+        await res.text();
+    } catch (err) {
+        // ignore drain errors
+    }
+
+    if (!res.ok) {
+        let err = new Error(res.statusText || `Invalid response: ${res.status} ${res.statusText}`);
+        err.statusCode = res.status;
+        throw err;
+    }
+
+    return res.status;
+}
+
+module.exports = { sendWebhookRequest };

package/lib/webhooks.js

@@ -70,12 +70,12 @@ class WebhooksHandler {
 
             try {
                 let webhookMeta = msgpack.decode(entry);
-                if (webhookErrorFlag && typeof webhookErrorFlag === 'object' && !Object.keys(webhookErrorFlag)) {
+                if (webhookErrorFlag && typeof webhookErrorFlag === 'object' && !Object.keys(webhookErrorFlag).length) {
                     webhookErrorFlag = null;
                 }
                 response.webhooks.push(Object.assign(webhookMeta, { tcount, webhookErrorFlag }));
             } catch (err) {
-                logger.error({ msg: 'Failed to process webhook', entry: entry.toString('base64') });
+                logger.error({ msg: 'Failed to process webhook', entry: entry && entry.toString('base64'), err });
                 continue;
             }
         }
@@ -398,7 +398,6 @@ class WebhooksHandler {
         v = Number(v) || 0;
         if (v !== this.handlerCacheV) {
             // changes detected
-            v = this.handlerCacheV;
 
             let webhookIds = await this.redis.smembers(this.getWebhooksIndexKey());
             webhookIds = [].concat(webhookIds || []).sort((a, b) => -a.localeCompare(b));
@@ -418,7 +417,8 @@ class WebhooksHandler {
                     this.handlerCache.push(handler);
                 } else {
                     // compare existing
-                    let webhookV = await this.redis.hget(this.getWebhooksContentKey(), `${webhookId}:v`);
+                    // the per-route counter is stored as a string, existing.v is a number (see get())
+                    let webhookV = Number(await this.redis.hget(this.getWebhooksContentKey(), `${webhookId}:v`)) || 0;
                     if (existing.v !== webhookV) {
                         // update
                         for (let i = this.handlerCache.length - 1; i >= 0; i--) {
@@ -430,6 +430,10 @@ class WebhooksHandler {
                     }
                 }
             }
+
+            // mark the cache as current only after a successful refresh, so a failure above
+            // leaves the cache stale and the next call retries
+            this.handlerCacheV = v;
         }
 
         return this.handlerCache;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "emailengine-app",
-    "version": "2.68.1",
+    "version": "2.70.0",
     "private": false,
     "productTitle": "EmailEngine",
     "description": "Email Sync Engine",
@@ -11,13 +11,13 @@
         "single": "EE_OPENAPI_VERBOSE=true EENGINE_LOG_RAW=true EENGINE_SECRET=your-encryption-key EENGINE_WORKERS=1 node --inspect server --dbs.redis='redis://127.0.0.1:6379/6' --api.port=7003 --api.host=0.0.0.0 | tee $HOME/ee.log.single.txt | pino-pretty",
         "gmail": "EE_OPENAPI_VERBOSE=true EENGINE_LOG_RAW=true EENGINE_SECRET=your-encryption-key EENGINE_WORKERS=2 EENGINE_CORS_ORIGIN='*' node --inspect server --dbs.redis='redis://127.0.0.1:6379/11' --api.port=7003 --api.host=0.0.0.0 | tee $HOME/ee.log.gmail.txt | pino-pretty",
         "test": "NODE_ENV=test grunt",
-        "lint": "npx eslint lib/**/*.js workers/**/*.js test/**/*.js server.js Gruntfile.js",
+        "lint": "npx eslint 'lib/**/*.js' 'workers/**/*.js' 'test/**/*.js' server.js Gruntfile.js",
         "swagger": "./getswagger.sh",
         "build-source": "rm -rf node_modules && npm install && rm -rf node_modules && npm ci --omit=dev && rm -rf node_modules/ace-builds node_modules/@postalsys/ee-client && ./update-info.sh",
         "build-dist": "pkg --compress Brotli package.json && npm install && node winconf.js",
         "build-dist-fast": "pkg --debug package.json && npm install && node winconf.js",
         "licenses": "license-checker --excludePackages 'emailengine-app' --json | node list-generate.js > static/licenses.html",
-        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && jsxgettext --parser-options '{\"ecmaVersion\": 2018}' lib/routes-ui.js workers/api.js lib/tools.js lib/autodetect-imap-settings.js lib/ui-routes/account-routes.js lib/ui-routes/admin-config-routes.js lib/ui-routes/admin-entities-routes.js -j -o translations/messages.pot",
+        "gettext": "find ./views -name \"*.hbs\" -print0 | xargs -0 xgettext-template -L Handlebars -o translations/messages.pot --force-po && node gettext-extract.js",
         "prepare-docker": "echo \"EE_DOCKER_LEGACY=$EE_DOCKER_LEGACY\" >> system.env && cat system.env",
         "update": "rm -rf node_modules package-lock.json && ncu -u && npm install && ./copy-static-files.sh && npm run licenses && npm run gettext",
         "test-gmail-api": "node lib/email-client/gmail-client.js --dbs.redis=redis://127.0.0.1/11",
@@ -43,9 +43,8 @@
     },
     "homepage": "https://emailengine.app/",
     "dependencies": {
-        "@bugsnag/js": "8.9.0",
-        "@bull-board/api": "7.1.5",
-        "@bull-board/hapi": "7.1.5",
+        "@bull-board/api": "8.0.0",
+        "@bull-board/hapi": "8.0.0",
         "@elastic/elasticsearch": "8.15.3",
         "@hapi/accept": "6.0.3",
         "@hapi/bell": "13.1.0",
@@ -64,13 +63,14 @@
         "@postalsys/gettext": "4.1.1",
         "@postalsys/joi-messages": "1.0.5",
         "@postalsys/templates": "2.0.1",
+        "@sentry/node": "10.57.0",
         "@simplewebauthn/browser": "13.3.0",
         "@simplewebauthn/server": "13.3.1",
         "@zone-eu/mailsplit": "5.4.12",
         "@zone-eu/wild-config": "1.7.5",
         "ace-builds": "1.44.0",
         "base32.js": "0.1.0",
-        "bullmq": "5.77.7",
+        "bullmq": "5.78.0",
         "compare-versions": "6.1.1",
         "dotenv": "17.4.2",
         "encoding-japanese": "2.2.0",
@@ -84,9 +84,9 @@
         "html-to-text": "10.0.0",
         "ical.js": "1.5.0",
         "iconv-lite": "0.7.2",
-        "imapflow": "1.3.5",
+        "imapflow": "1.4.0",
         "ioredfour": "1.4.1",
-        "ioredis": "5.11.0",
+        "ioredis": "5.11.1",
         "ipaddr.js": "2.4.0",
         "joi": "17.13.3",
         "jquery": "4.0.0",
@@ -100,7 +100,7 @@
         "msgpack5": "6.0.2",
         "murmurhash": "2.0.1",
         "nanoid": "3.3.8",
-        "nodemailer": "8.0.10",
+        "nodemailer": "8.0.11",
         "pino": "10.3.1",
         "popper.js": "1.16.1",
         "prom-client": "15.1.3",
@@ -118,6 +118,8 @@
     },
     "devDependencies": {
         "@eslint/js": "10.0.1",
+        "acorn": "^8.16.0",
+        "acorn-walk": "^8.3.5",
         "chai": "4.3.10",
         "eerawlog": "1.5.3",
         "eslint": "10.4.1",
@@ -125,9 +127,8 @@
         "grunt-cli": "1.5.0",
         "grunt-shell-spawn": "0.5.0",
         "grunt-wait": "0.3.0",
-        "jsxgettext": "0.11.0",
         "pino-pretty": "13.0.0",
-        "prettier": "3.8.3",
+        "prettier": "3.8.4",
         "resedit": "3.0.2",
         "spdx-satisfies": "6.0.0",
         "supertest": "7.2.2",