emailengine-app 2.69.0 → 2.70.0

package/.github/workflows/deploy.yml

@@ -41,7 +41,7 @@ jobs:
               id: deploy
               run: |
                   echo $GITHUB_SHA > commit.txt
-                  ./update-info.sh
+                  EE_COMMIT_HASH=$GITHUB_SHA ./update-info.sh
                   npm install --omit=dev
                   tar czf /tmp/${SERVICE_NAME}.tar.gz --exclude .git .
                   scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_02}:
@@ -55,7 +55,7 @@ jobs:
               id: deploy-demo
               run: |
                   echo $GITHUB_SHA > commit.txt
-                  ./update-info.sh
+                  EE_COMMIT_HASH=$GITHUB_SHA ./update-info.sh
                   npm install --omit=dev
                   tar czf /tmp/${SERVICE_NAME}.tar.gz --exclude .git .
                   scp -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_02}:
@@ -104,8 +104,11 @@ jobs:
                   images: |
                       ${{ github.repository }}
                       ghcr.io/${{ github.repository }}
+                  # :latest is owned by the release workflow (release.yaml) and
+                  # always points at the newest release; per-push dev builds from
+                  # master are published as :edge instead
                   tags: |
-                      type=raw,value=latest,enable=true
+                      type=raw,value=edge,enable=true
 
             - name: Build and push
               uses: docker/build-push-action@v7

package/.github/workflows/release.yaml

@@ -103,9 +103,11 @@ jobs:
                   platforms: ${{ steps.buildx.outputs.platforms }}
                   push: true
                   tags: |
+                      ${{ github.repository }}:latest
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}
                       ${{ github.repository }}:v${{needs.release_please.outputs.major}}
+                      ghcr.io/${{ github.repository }}:latest
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}.${{needs.release_please.outputs.patch}}
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}.${{needs.release_please.outputs.minor}}
                       ghcr.io/${{ github.repository }}:v${{needs.release_please.outputs.major}}

package/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## [2.70.0](https://github.com/postalsys/emailengine/compare/v2.69.0...v2.70.0) (2026-06-11)
+
+
+### Features
+
+* allow enabling Sentry error reporting from the admin UI ([a4076a4](https://github.com/postalsys/emailengine/commit/a4076a4fa6658ccc998f9bfe35dddf015cd12b09))
+* replace Bugsnag with self-hosted Sentry for error tracking ([62de831](https://github.com/postalsys/emailengine/commit/62de831a2911da9b649fe693547ba09d70e2e481))
+* tag Sentry error reports with instance id and license key ([2e9683f](https://github.com/postalsys/emailengine/commit/2e9683f27d54ff8fa7ba3f6f4453866fd135f173))
+
+
+### Bug Fixes
+
+* align API response schemas with actual responses and fix uncovered API bugs ([abacbf6](https://github.com/postalsys/emailengine/commit/abacbf66f048a77d00d180a831a97594380d8ed9))
+* align remaining API response schemas with actual responses ([06136ab](https://github.com/postalsys/emailengine/commit/06136abd20a97c45b25aac7f93653387eb55928a))
+* assign unassigned accounts after license activation ([5677977](https://github.com/postalsys/emailengine/commit/56779778eba27f2d1604ff06f17e5736a5ddee61))
+* do not crash at startup when a feature flag env variable is set to a falsy value ([98ad979](https://github.com/postalsys/emailengine/commit/98ad97988e752fad9e2ae11eff63f35ffcf84976))
+* report correct nextAttempt time for queued messages ([d5ebdfb](https://github.com/postalsys/emailengine/commit/d5ebdfb029b3ed331a8239ace7426f4f0704ae2e))
+* resolve code review findings in Gmail bulk ops, exports, webhooks, and schemas ([f0ddb46](https://github.com/postalsys/emailengine/commit/f0ddb4631fb924ddb93e0a99d0e20bc9f0cc8ee2))
+
 ## [2.69.0](https://github.com/postalsys/emailengine/compare/v2.68.1...v2.69.0) (2026-06-09)
 
 

package/Gruntfile.js

@@ -15,7 +15,9 @@ module.exports = function (grunt) {
 
         shell: {
             eslint: {
-                command: 'npx eslint lib/**/*.js workers/**/*.js server.js Gruntfile.js',
+                // Globs are quoted so eslint expands them itself - unquoted, sh (no globstar)
+                // expands lib/**/*.js to depth-2 files only and skips most of lib/
+                command: "npx eslint 'lib/**/*.js' 'workers/**/*.js' server.js Gruntfile.js",
                 options: {
                     async: false
                 }

package/data/google-crawlers.json

@@ -1,5 +1,5 @@
 {
-    "creationTime": "2026-06-09T14:45:50.000000",
+    "creationTime": "2026-06-10T14:45:48.000000",
     "prefixes": [
         {
             "ipv6Prefix": "2001:4860:4801:2008::/64"

package/getswagger.sh

@@ -1,8 +1,44 @@
 #!/bin/bash
 
+set -e
+
 export EENGINE_PORT=5678
 
-npm start > /dev/null 2>&1 &
-sleep 5
-curl -s "http://127.0.0.1:${EENGINE_PORT}/swagger.json" > swagger.json
-pkill emailengine
+# refuse to run if something is already listening on the port, otherwise the
+# polling loop below would silently fetch swagger.json from a stale instance
+if (exec 3<>"/dev/tcp/127.0.0.1/${EENGINE_PORT}") 2>/dev/null; then
+    echo "Port ${EENGINE_PORT} is already in use" >&2
+    exit 1
+fi
+
+node server.js > /dev/null 2>&1 &
+SERVER_PID=$!
+
+cleanup() {
+    kill "$SERVER_PID" 2>/dev/null || true
+    wait "$SERVER_PID" 2>/dev/null || true
+}
+trap cleanup EXIT
+
+# poll until the API is up instead of relying on a fixed sleep
+rm -f swagger.json.tmp
+for i in $(seq 1 60); do
+    if curl -fs --max-time 5 "http://127.0.0.1:${EENGINE_PORT}/swagger.json" -o swagger.json.tmp; then
+        break
+    fi
+    if ! kill -0 "$SERVER_PID" 2>/dev/null; then
+        echo "Server exited before swagger.json could be fetched" >&2
+        exit 1
+    fi
+    sleep 1
+done
+
+if [ ! -s swagger.json.tmp ]; then
+    echo "Timed out waiting for swagger.json" >&2
+    exit 1
+fi
+
+# only replace swagger.json if the download parses as JSON
+node -e 'JSON.parse(require("fs").readFileSync("swagger.json.tmp", "utf-8"))'
+
+mv swagger.json.tmp swagger.json

package/gettext-extract.js

@@ -0,0 +1,163 @@
+'use strict';
+
+// Extracts translatable strings from JS sources into translations/messages.pot.
+// Run via `npm run gettext` after xgettext-template has generated the POT from the
+// Handlebars views - this script joins the strings found in JS files into that file.
+//
+// Replaces jsxgettext, which bundled acorn 5 and crashed on post-ES2018 syntax
+// (optional chaining, nullish coalescing, etc.). Files are discovered dynamically,
+// so new modules with gettext()/ngettext() calls are picked up automatically.
+
+const { parse } = require('acorn');
+const { full: walkFull } = require('acorn-walk');
+const { po } = require('gettext-parser');
+const fs = require('fs');
+const Path = require('path');
+
+const ROOT_DIR = __dirname;
+const POT_PATH = Path.join(ROOT_DIR, 'translations', 'messages.pot');
+
+// All server-side code that may contain gettext()/ngettext() calls
+const SCAN_DIRS = ['bin', 'lib', 'workers'];
+const SCAN_FILES = ['server.js'];
+
+function listJsFiles(dir) {
+    return fs
+        .readdirSync(dir, { recursive: true })
+        .filter(entryPath => entryPath.endsWith('.js'))
+        .map(entryPath => Path.join(dir, entryPath));
+}
+
+// The full sorted scan set (sorted to keep POT reference output deterministic)
+function listScanFiles() {
+    let files = SCAN_FILES.map(file => Path.join(ROOT_DIR, file));
+    for (let dir of SCAN_DIRS) {
+        files = files.concat(listJsFiles(Path.join(ROOT_DIR, dir)));
+    }
+    return files.sort();
+}
+
+function parseFile(filePath) {
+    const source = fs.readFileSync(filePath, 'utf-8');
+    try {
+        return parse(source, { ecmaVersion: 'latest', sourceType: 'script', locations: true, allowHashBang: true });
+    } catch (err) {
+        err.message = `Failed to parse ${filePath}: ${err.message}`;
+        throw err;
+    }
+}
+
+// Resolves a call argument into a string value. Handles string literals and
+// concatenation of string literals ('foo' + 'bar'). Returns false for anything
+// dynamic (identifiers, template literals with expressions, etc.) - such calls
+// forward runtime values and do not define new translatable strings.
+function resolveString(node) {
+    switch (node.type) {
+        case 'Literal':
+            return typeof node.value === 'string' ? node.value : false;
+        case 'TemplateLiteral':
+            return node.expressions.length === 0 ? node.quasis[0].value.cooked : false;
+        case 'BinaryExpression': {
+            if (node.operator !== '+') {
+                return false;
+            }
+            let left = resolveString(node.left);
+            let right = resolveString(node.right);
+            return left !== false && right !== false ? left + right : false;
+        }
+        default:
+            return false;
+    }
+}
+
+function calleeName(callee) {
+    if (callee.type === 'Identifier') {
+        return callee.name;
+    }
+    if (callee.type === 'MemberExpression' && !callee.computed && callee.property.type === 'Identifier') {
+        return callee.property.name;
+    }
+    return false;
+}
+
+function extractFromFile(filePath) {
+    const ast = parseFile(filePath);
+
+    let entries = [];
+    let reference = node => `${Path.relative(ROOT_DIR, filePath)}:${node.loc.start.line}`;
+
+    walkFull(ast, node => {
+        if (node.type !== 'CallExpression') {
+            return;
+        }
+
+        let name = calleeName(node.callee);
+
+        // An empty msgid is skipped (like xgettext does): translations[''] is the POT header
+        // entry in gettext-parser, so an empty key would corrupt the header block
+        if (name === 'gettext' && node.arguments.length >= 1) {
+            let msgid = resolveString(node.arguments[0]);
+            if (msgid !== false && msgid !== '') {
+                entries.push({ msgid, reference: reference(node) });
+            }
+        }
+
+        if (name === 'ngettext' && node.arguments.length >= 2) {
+            let msgid = resolveString(node.arguments[0]);
+            let msgidPlural = resolveString(node.arguments[1]);
+            if (msgid !== false && msgid !== '' && msgidPlural !== false) {
+                entries.push({ msgid, msgidPlural, reference: reference(node) });
+            }
+        }
+    });
+
+    return entries;
+}
+
+function main() {
+    let files = listScanFiles();
+
+    let extracted = [];
+    for (let filePath of files) {
+        extracted = extracted.concat(extractFromFile(filePath));
+    }
+
+    let pot = po.parse(fs.readFileSync(POT_PATH));
+    let translations = (pot.translations[''] = pot.translations[''] || {});
+
+    // xgettext-template does not stamp a creation date, so set it here (jsxgettext used to)
+    pot.headers = pot.headers || {};
+    pot.headers['POT-Creation-Date'] = new Date()
+        .toISOString()
+        .replace(/T/, ' ')
+        .replace(/:\d+\.\d+Z$/, '+0000');
+
+    for (let { msgid, msgidPlural, reference } of extracted) {
+        let entry = translations[msgid];
+        if (!entry) {
+            entry = translations[msgid] = { msgid, msgstr: [''] };
+        }
+
+        if (msgidPlural && !entry.msgid_plural) {
+            entry.msgid_plural = msgidPlural;
+            entry.msgstr = ['', ''];
+        }
+
+        entry.comments = entry.comments || {};
+        let references = entry.comments.reference ? entry.comments.reference.split('\n') : [];
+        if (!references.includes(reference)) {
+            references.push(reference);
+        }
+        entry.comments.reference = references.join('\n');
+    }
+
+    fs.writeFileSync(POT_PATH, po.compile(pot));
+    console.log(`Extracted ${extracted.length} gettext strings from ${files.length} JS files into ${Path.relative(ROOT_DIR, POT_PATH)}`);
+}
+
+if (require.main === module) {
+    main();
+}
+
+// Exported for the gettext coverage test, which walks the same scan set with the same helpers
+module.exports = { listScanFiles, parseFile, calleeName, extractFromFile };

package/lib/account.js

@@ -945,7 +945,7 @@ class Account {
             throw error;
         }
 
-        let state = false;
+        let state;
         if (result[0][1] && result[0][1].account) {
             // existing user
             state = 'existing';
@@ -1267,16 +1267,7 @@ class Account {
             } catch (err) {
                 // should not happen
                 if (logger.notifyError) {
-                    logger.notifyError(err, event => {
-                        if (this.account) {
-                            event.setUser(this.account);
-                        }
-
-                        event.addMetadata('ee', {
-                            path,
-                            mailboxListing: typeof mailboxListing
-                        });
-                    });
+                    logger.notifyError(err, { user: this.account, meta: { path, mailboxListing: typeof mailboxListing } });
                 }
 
                 let message = 'Failed to process stored mailbox listing';
@@ -1290,22 +1281,44 @@ class Account {
         return mailboxes;
     }
 
+    // Worker backends return false for entities they can not find (e.g. an unknown mailbox path
+    // or message ID on IMAP). Convert such results into a 404 error for the API.
+    assertFound(result, message, code) {
+        if (!result) {
+            let error = Boom.boomify(new Error(message), { statusCode: 404 });
+            error.output.payload.code = code;
+            throw error;
+        }
+        return result;
+    }
+
+    assertMessageFound(result) {
+        return this.assertFound(result, 'Requested message was not found', 'MessageNotFound');
+    }
+
+    assertFolderFound(result) {
+        return this.assertFound(result, 'Requested mailbox folder was not found', 'FolderNotFound');
+    }
+
     async updateMessage(message, updates) {
         await this.loadAccountData(this.account, true);
 
-        return await this.call({
+        let result = await this.call({
             cmd: 'updateMessage',
             account: this.account,
             message,
             updates,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown messages and folders
+        return this.assertMessageFound(result);
     }
 
     async updateMessages(path, search, updates) {
         await this.loadAccountData(this.account, true);
 
-        return await this.call({
+        let result = await this.call({
             cmd: 'updateMessages',
             account: this.account,
             path,
@@ -1313,6 +1326,9 @@ class Account {
             updates,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown folders
+        return this.assertFolderFound(result);
     }
 
     async listMailboxes(query) {
@@ -1335,7 +1351,8 @@ class Account {
 
     async moveMessage(message, target, options) {
         await this.loadAccountData(this.account, true);
-        return await this.call({
+
+        let result = await this.call({
             cmd: 'moveMessage',
             account: this.account,
             message,
@@ -1343,11 +1360,15 @@ class Account {
             options,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown messages and folders
+        return this.assertMessageFound(result);
     }
 
     async moveMessages(source, search, target) {
         await this.loadAccountData(this.account, true);
-        return await this.call({
+
+        let result = await this.call({
             cmd: 'moveMessages',
             account: this.account,
             source,
@@ -1355,24 +1376,30 @@ class Account {
             target,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown folders
+        return this.assertFolderFound(result);
     }
 
     async deleteMessage(message, force) {
         await this.loadAccountData(this.account, true);
 
-        return await this.call({
+        let result = await this.call({
             cmd: 'deleteMessage',
             account: this.account,
             message,
             force,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown messages and folders
+        return this.assertMessageFound(result);
     }
 
     async deleteMessages(path, search, force) {
         await this.loadAccountData(this.account, true);
 
-        return await this.call({
+        let result = await this.call({
             cmd: 'deleteMessages',
             account: this.account,
             path,
@@ -1380,6 +1407,9 @@ class Account {
             force,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown folders
+        return this.assertFolderFound(result);
     }
 
     async getQuota() {
@@ -1447,13 +1477,7 @@ class Account {
                 results: getResult && getResult._source ? 1 : 0
             });
 
-            if (!getResult || !getResult._source) {
-                let message = 'Requested message was not found';
-                let error = Boom.boomify(new Error(message), { statusCode: 404 });
-                throw error;
-            }
-
-            let messageData = getResult._source;
+            let messageData = this.assertMessageFound(getResult && getResult._source);
             let response = {};
 
             response.hasMore = false;
@@ -1473,13 +1497,16 @@ class Account {
 
         await this.loadAccountData(this.account, true);
 
-        return await this.call({
+        let textData = await this.call({
             cmd: 'getText',
             account: this.account,
             text,
             options,
             timeout: this.timeout
         });
+
+        // IMAP backend returns false for unknown messages and folders
+        return this.assertMessageFound(textData);
     }
 
     async getMessage(message, options) {
@@ -1521,13 +1548,7 @@ class Account {
                 results: getResult && getResult._source ? 1 : 0
             });
 
-            if (!getResult || !getResult._source) {
-                let message = 'Requested message was not found';
-                let error = Boom.boomify(new Error(message), { statusCode: 404 });
-                throw error;
-            }
-
-            let messageData = getResult._source;
+            let messageData = this.assertMessageFound(getResult && getResult._source);
 
             // restore headers and text object as per the API response
             let headersObj = {};
@@ -1632,6 +1653,9 @@ class Account {
 
             if (options.markAsSeen && (!messageData.flags || !messageData.flags.includes('\\Seen'))) {
                 // mark message as seen
+                if (!messageData.flags) {
+                    messageData.flags = [];
+                }
                 messageData.flags.push('\\Seen');
                 // do not wait until the update is completed, return immediately
                 this.updateMessage(message, { flags: { add: ['\\Seen'] } }).catch(err => {
@@ -1661,13 +1685,7 @@ class Account {
             timeout: this.timeout
         });
 
-        if (!messageData) {
-            let message = 'Requested message was not found';
-            let error = Boom.boomify(new Error(message), { statusCode: 404 });
-            throw error;
-        }
-
-        return messageData;
+        return this.assertMessageFound(messageData);
     }
 
     async getMessages(messageIds, options) {
@@ -1801,7 +1819,7 @@ class Account {
 
         await this.loadAccountData(this.account, true);
 
-        return await this.call(
+        let listing = await this.call(
             Object.assign(
                 {
                     cmd: 'listMessages',
@@ -1811,6 +1829,9 @@ class Account {
                 { timeout: this.timeout }
             )
         );
+
+        // IMAP and Gmail backends return false for unknown folders
+        return this.assertFolderFound(listing);
     }
 
     async searchMessages(query, searchOpts) {
@@ -2086,11 +2107,11 @@ class Account {
             let sizeMatch = {};
 
             if (query.search.larger) {
-                dateMatch.gte = query.search.larger;
+                sizeMatch.gte = query.search.larger;
             }
 
             if (query.search.smaller) {
-                dateMatch.lte = query.search.smaller;
+                sizeMatch.lte = query.search.smaller;
             }
 
             if (Object.keys(sizeMatch).length) {
@@ -2198,7 +2219,7 @@ class Account {
 
         await this.loadAccountData(this.account, true);
 
-        return await this.call(
+        let listing = await this.call(
             Object.assign(
                 {
                     cmd: 'listMessages',
@@ -2208,6 +2229,9 @@ class Account {
                 { timeout: this.timeout }
             )
         );
+
+        // IMAP and Gmail backends return false for unknown folders
+        return this.assertFolderFound(listing);
     }
 
     async uploadMessage(data) {
@@ -2322,7 +2346,7 @@ class Account {
             }
         } catch (err) {
             this.logger.error({ msg: 'Failed to get lock', lockKey, err });
-            if (Boom.isBoom) {
+            if (Boom.isBoom(err)) {
                 throw err;
             }
             let error = Boom.boomify(new Error('Failed to get flush lock, try again later'), { statusCode: 500 });
@@ -2381,7 +2405,9 @@ class Account {
                     // Flush ElasticSearch index for this account
                     const { index, client } = this.esClient;
                     if (!client) {
-                        return;
+                        // Account data in Redis was already flushed, only the index cleanup was skipped
+                        this.logger.error({ msg: 'Document store is enabled but the ElasticSearch client is not available', action: 'flush' });
+                        return true;
                     }
 
                     let deleteResult = {};
@@ -2592,7 +2618,7 @@ class Account {
                 account: accountData.account,
                 user: authData.user,
                 accessToken: authData.accessToken,
-                provider: accountData.oauth2.auth.provider,
+                provider: accountData.oauth2.provider,
                 registeredScopes: accountData.oauth2.scope,
                 cached: false
             };
@@ -2626,7 +2652,7 @@ class Account {
             account: accountData.account,
             user: accountData.oauth2.auth.user,
             accessToken,
-            provider: accountData.oauth2.auth.provider,
+            provider: accountData.oauth2.provider,
             registeredScopes: accountData.oauth2.scope,
             expires:
                 accountData.oauth2.expires && typeof accountData.oauth2.expires.toISOString === 'function'