nodemailer 8.0.1 → 8.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/lib/addressparser/index.js +75 -76
- package/lib/base64/index.js +6 -5
- package/lib/dkim/index.js +8 -16
- package/lib/dkim/message-parser.js +12 -13
- package/lib/dkim/relaxed-body.js +2 -2
- package/lib/dkim/sign.js +13 -14
- package/lib/errors.js +4 -7
- package/lib/fetch/cookies.js +13 -18
- package/lib/fetch/index.js +12 -15
- package/lib/json-transport/index.js +4 -4
- package/lib/mail-composer/index.js +86 -116
- package/lib/mailer/index.js +26 -26
- package/lib/mailer/mail-message.js +17 -21
- package/lib/mime-funcs/index.js +25 -40
- package/lib/mime-funcs/mime-types.js +7 -11
- package/lib/mime-node/index.js +81 -72
- package/lib/mime-node/last-newline.js +1 -1
- package/lib/mime-node/le-unix.js +4 -7
- package/lib/mime-node/le-windows.js +1 -4
- package/lib/nodemailer.js +11 -18
- package/lib/qp/index.js +24 -21
- package/lib/sendmail-transport/index.js +30 -41
- package/lib/ses-transport/index.js +23 -34
- package/lib/shared/index.js +94 -140
- package/lib/smtp-connection/data-stream.js +3 -6
- package/lib/smtp-connection/http-proxy-client.js +11 -13
- package/lib/smtp-connection/index.js +114 -181
- package/lib/smtp-pool/index.js +20 -32
- package/lib/smtp-pool/pool-resource.js +8 -12
- package/lib/smtp-transport/index.js +22 -42
- package/lib/stream-transport/index.js +7 -7
- package/lib/well-known/index.js +7 -7
- package/lib/xoauth2/index.js +22 -28
- package/package.json +7 -6
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
2
|
|
|
3
|
+
## [8.0.3](https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3) (2026-03-18)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* clean up addressparser and fix group name fallback producing undefined ([9d55877](https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd))
|
|
9
|
+
* fix cookie bugs, remove dead code, and improve hot-path efficiency ([e8c8b92](https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524))
|
|
10
|
+
* refactor smtp-connection for clarity and add Node.js 6 syntax compat test ([c5b48ea](https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7))
|
|
11
|
+
* remove familySupportCache that broke DNS resolution tests ([c803d90](https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa))
|
|
12
|
+
|
|
13
|
+
## [8.0.2](https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2) (2026-03-09)
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
### Bug Fixes
|
|
17
|
+
|
|
18
|
+
* merge fragmented display names with unquoted commas in addressparser ([fe27f7f](https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9))
|
|
19
|
+
|
|
3
20
|
## [8.0.1](https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1) (2026-02-07)
|
|
4
21
|
|
|
5
22
|
|
|
@@ -10,23 +10,20 @@
|
|
|
10
10
|
function _handleAddress(tokens, depth) {
|
|
11
11
|
let isGroup = false;
|
|
12
12
|
let state = 'text';
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
let data = {
|
|
13
|
+
const addresses = [];
|
|
14
|
+
const data = {
|
|
16
15
|
address: [],
|
|
17
16
|
comment: [],
|
|
18
17
|
group: [],
|
|
19
18
|
text: [],
|
|
20
|
-
textWasQuoted: []
|
|
19
|
+
textWasQuoted: []
|
|
21
20
|
};
|
|
22
|
-
let
|
|
23
|
-
let len;
|
|
24
|
-
let insideQuotes = false; // Track if we're currently inside a quoted string
|
|
21
|
+
let insideQuotes = false;
|
|
25
22
|
|
|
26
23
|
// Filter out <addresses>, (comments) and regular text
|
|
27
|
-
for (i = 0, len = tokens.length; i < len; i++) {
|
|
28
|
-
|
|
29
|
-
|
|
24
|
+
for (let i = 0, len = tokens.length; i < len; i++) {
|
|
25
|
+
const token = tokens[i];
|
|
26
|
+
const prevToken = i ? tokens[i - 1] : null;
|
|
30
27
|
if (token.type === 'operator') {
|
|
31
28
|
switch (token.value) {
|
|
32
29
|
case '<':
|
|
@@ -43,7 +40,6 @@ function _handleAddress(tokens, depth) {
|
|
|
43
40
|
insideQuotes = false;
|
|
44
41
|
break;
|
|
45
42
|
case '"':
|
|
46
|
-
// Track quote state for text tokens
|
|
47
43
|
insideQuotes = !insideQuotes;
|
|
48
44
|
state = 'text';
|
|
49
45
|
break;
|
|
@@ -54,14 +50,12 @@ function _handleAddress(tokens, depth) {
|
|
|
54
50
|
}
|
|
55
51
|
} else if (token.value) {
|
|
56
52
|
if (state === 'address') {
|
|
57
|
-
//
|
|
58
|
-
// Apple Mail truncates everything between an unexpected < and an address
|
|
59
|
-
// and so will we
|
|
53
|
+
// Handle unquoted name that includes a "<".
|
|
54
|
+
// Apple Mail truncates everything between an unexpected < and an address.
|
|
60
55
|
token.value = token.value.replace(/^[^<]*<\s*/, '');
|
|
61
56
|
}
|
|
62
57
|
|
|
63
58
|
if (prevToken && prevToken.noBreak && data[state].length) {
|
|
64
|
-
// join values
|
|
65
59
|
data[state][data[state].length - 1] += token.value;
|
|
66
60
|
if (state === 'text' && insideQuotes) {
|
|
67
61
|
data.textWasQuoted[data.textWasQuoted.length - 1] = true;
|
|
@@ -88,11 +82,9 @@ function _handleAddress(tokens, depth) {
|
|
|
88
82
|
// Parse group members, but flatten any nested groups (RFC 5322 doesn't allow nesting)
|
|
89
83
|
let groupMembers = [];
|
|
90
84
|
if (data.group.length) {
|
|
91
|
-
|
|
92
|
-
// Flatten: if any member is itself a group, extract its members into the sequence
|
|
85
|
+
const parsedGroup = addressparser(data.group.join(','), { _depth: depth + 1 });
|
|
93
86
|
parsedGroup.forEach(member => {
|
|
94
87
|
if (member.group) {
|
|
95
|
-
// Nested group detected - flatten it by adding its members directly
|
|
96
88
|
groupMembers = groupMembers.concat(member.group);
|
|
97
89
|
} else {
|
|
98
90
|
groupMembers.push(member);
|
|
@@ -101,40 +93,40 @@ function _handleAddress(tokens, depth) {
|
|
|
101
93
|
}
|
|
102
94
|
|
|
103
95
|
addresses.push({
|
|
104
|
-
name: data.text ||
|
|
96
|
+
name: data.text || '',
|
|
105
97
|
group: groupMembers
|
|
106
98
|
});
|
|
107
99
|
} else {
|
|
108
100
|
// If no address was found, try to detect one from regular text
|
|
109
101
|
if (!data.address.length && data.text.length) {
|
|
110
|
-
for (i = data.text.length - 1; i >= 0; i--) {
|
|
111
|
-
// Security
|
|
112
|
-
// RFC 5321 allows @ inside quoted local-parts like "user@domain"@example.com
|
|
113
|
-
// Extracting emails from quoted text leads to misrouting vulnerabilities
|
|
114
|
-
if (!data.textWasQuoted[i] &&
|
|
102
|
+
for (let i = data.text.length - 1; i >= 0; i--) {
|
|
103
|
+
// Security: Do not extract email addresses from quoted strings.
|
|
104
|
+
// RFC 5321 allows @ inside quoted local-parts like "user@domain"@example.com.
|
|
105
|
+
// Extracting emails from quoted text leads to misrouting vulnerabilities.
|
|
106
|
+
if (!data.textWasQuoted[i] && /^[^@\s]+@[^@\s]+$/.test(data.text[i])) {
|
|
115
107
|
data.address = data.text.splice(i, 1);
|
|
116
108
|
data.textWasQuoted.splice(i, 1);
|
|
117
109
|
break;
|
|
118
110
|
}
|
|
119
111
|
}
|
|
120
112
|
|
|
121
|
-
|
|
122
|
-
if (!data.address.length) {
|
|
123
|
-
data.address = [address.trim()];
|
|
124
|
-
return ' ';
|
|
125
|
-
} else {
|
|
126
|
-
return address;
|
|
127
|
-
}
|
|
128
|
-
};
|
|
129
|
-
|
|
130
|
-
// still no address
|
|
113
|
+
// Try a looser regex match if strict match found nothing
|
|
131
114
|
if (!data.address.length) {
|
|
132
|
-
|
|
133
|
-
|
|
115
|
+
let extracted = false;
|
|
116
|
+
for (let i = data.text.length - 1; i >= 0; i--) {
|
|
117
|
+
// Security: Do not extract email addresses from quoted strings
|
|
134
118
|
if (!data.textWasQuoted[i]) {
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
119
|
+
data.text[i] = data.text[i]
|
|
120
|
+
.replace(/\s*\b[^@\s]+@[^\s]+\b\s*/, match => {
|
|
121
|
+
if (!extracted) {
|
|
122
|
+
data.address = [match.trim()];
|
|
123
|
+
extracted = true;
|
|
124
|
+
return ' ';
|
|
125
|
+
}
|
|
126
|
+
return match;
|
|
127
|
+
})
|
|
128
|
+
.trim();
|
|
129
|
+
if (extracted) {
|
|
138
130
|
break;
|
|
139
131
|
}
|
|
140
132
|
}
|
|
@@ -142,13 +134,13 @@ function _handleAddress(tokens, depth) {
|
|
|
142
134
|
}
|
|
143
135
|
}
|
|
144
136
|
|
|
145
|
-
// If there's still
|
|
137
|
+
// If there's still no text but a comment exists, replace the two
|
|
146
138
|
if (!data.text.length && data.comment.length) {
|
|
147
139
|
data.text = data.comment;
|
|
148
140
|
data.comment = [];
|
|
149
141
|
}
|
|
150
142
|
|
|
151
|
-
// Keep only the first address
|
|
143
|
+
// Keep only the first address occurrence, push others to regular text
|
|
152
144
|
if (data.address.length > 1) {
|
|
153
145
|
data.text = data.text.concat(data.address.splice(1));
|
|
154
146
|
}
|
|
@@ -157,24 +149,20 @@ function _handleAddress(tokens, depth) {
|
|
|
157
149
|
data.text = data.text.join(' ');
|
|
158
150
|
data.address = data.address.join(' ');
|
|
159
151
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
address: data.address || data.text || '',
|
|
165
|
-
name: data.text || data.address || ''
|
|
166
|
-
};
|
|
152
|
+
const address = {
|
|
153
|
+
address: data.address || data.text || '',
|
|
154
|
+
name: data.text || data.address || ''
|
|
155
|
+
};
|
|
167
156
|
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
}
|
|
157
|
+
if (address.address === address.name) {
|
|
158
|
+
if (/@/.test(address.address || '')) {
|
|
159
|
+
address.name = '';
|
|
160
|
+
} else {
|
|
161
|
+
address.address = '';
|
|
174
162
|
}
|
|
175
|
-
|
|
176
|
-
addresses.push(address);
|
|
177
163
|
}
|
|
164
|
+
|
|
165
|
+
addresses.push(address);
|
|
178
166
|
}
|
|
179
167
|
|
|
180
168
|
return addresses;
|
|
@@ -220,11 +208,11 @@ class Tokenizer {
|
|
|
220
208
|
* @return {Array} An array of operator|text tokens
|
|
221
209
|
*/
|
|
222
210
|
tokenize() {
|
|
223
|
-
|
|
211
|
+
const list = [];
|
|
224
212
|
|
|
225
213
|
for (let i = 0, len = this.str.length; i < len; i++) {
|
|
226
|
-
|
|
227
|
-
|
|
214
|
+
const chr = this.str.charAt(i);
|
|
215
|
+
const nextChr = i < len - 1 ? this.str.charAt(i + 1) : null;
|
|
228
216
|
this.checkChar(chr, nextChr);
|
|
229
217
|
}
|
|
230
218
|
|
|
@@ -325,17 +313,17 @@ const MAX_NESTED_GROUP_DEPTH = 50;
|
|
|
325
313
|
*/
|
|
326
314
|
function addressparser(str, options) {
|
|
327
315
|
options = options || {};
|
|
328
|
-
|
|
316
|
+
const depth = options._depth || 0;
|
|
329
317
|
|
|
330
318
|
// Prevent stack overflow from deeply nested groups (DoS protection)
|
|
331
319
|
if (depth > MAX_NESTED_GROUP_DEPTH) {
|
|
332
320
|
return [];
|
|
333
321
|
}
|
|
334
322
|
|
|
335
|
-
|
|
336
|
-
|
|
323
|
+
const tokenizer = new Tokenizer(str);
|
|
324
|
+
const tokens = tokenizer.tokenize();
|
|
337
325
|
|
|
338
|
-
|
|
326
|
+
const addresses = [];
|
|
339
327
|
let address = [];
|
|
340
328
|
let parsedAddresses = [];
|
|
341
329
|
|
|
@@ -354,30 +342,41 @@ function addressparser(str, options) {
|
|
|
354
342
|
addresses.push(address);
|
|
355
343
|
}
|
|
356
344
|
|
|
357
|
-
addresses.forEach(
|
|
358
|
-
|
|
359
|
-
if (
|
|
360
|
-
parsedAddresses = parsedAddresses.concat(
|
|
345
|
+
addresses.forEach(addr => {
|
|
346
|
+
const handled = _handleAddress(addr, depth);
|
|
347
|
+
if (handled.length) {
|
|
348
|
+
parsedAddresses = parsedAddresses.concat(handled);
|
|
361
349
|
}
|
|
362
350
|
});
|
|
363
351
|
|
|
352
|
+
// Merge fragments produced when unquoted display names contain commas.
|
|
353
|
+
// "Joe Foo, PhD <joe@example.com>" is split on the comma into
|
|
354
|
+
// [{name:"Joe Foo", address:""}, {name:"PhD", address:"joe@example.com"}].
|
|
355
|
+
// Recombine: a name-only entry followed by an entry with both name and address.
|
|
356
|
+
for (let i = parsedAddresses.length - 2; i >= 0; i--) {
|
|
357
|
+
const current = parsedAddresses[i];
|
|
358
|
+
const next = parsedAddresses[i + 1];
|
|
359
|
+
if (current.address === '' && current.name && !current.group && next.address && next.name) {
|
|
360
|
+
next.name = current.name + ', ' + next.name;
|
|
361
|
+
parsedAddresses.splice(i, 1);
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
|
|
364
365
|
if (options.flatten) {
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
list.forEach(
|
|
368
|
-
if (
|
|
369
|
-
return walkAddressList(
|
|
370
|
-
} else {
|
|
371
|
-
addresses.push(address);
|
|
366
|
+
const flatAddresses = [];
|
|
367
|
+
const walkAddressList = list => {
|
|
368
|
+
list.forEach(entry => {
|
|
369
|
+
if (entry.group) {
|
|
370
|
+
return walkAddressList(entry.group);
|
|
372
371
|
}
|
|
372
|
+
flatAddresses.push(entry);
|
|
373
373
|
});
|
|
374
374
|
};
|
|
375
375
|
walkAddressList(parsedAddresses);
|
|
376
|
-
return
|
|
376
|
+
return flatAddresses;
|
|
377
377
|
}
|
|
378
378
|
|
|
379
379
|
return parsedAddresses;
|
|
380
380
|
}
|
|
381
381
|
|
|
382
|
-
// expose to the world
|
|
383
382
|
module.exports = addressparser;
|
package/lib/base64/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
const Transform = require('stream')
|
|
3
|
+
const { Transform } = require('stream');
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Encodes a Buffer into a base64 encoded string
|
|
@@ -31,11 +31,12 @@ function wrap(str, lineLength) {
|
|
|
31
31
|
return str;
|
|
32
32
|
}
|
|
33
33
|
|
|
34
|
-
|
|
34
|
+
const result = [];
|
|
35
35
|
let pos = 0;
|
|
36
|
-
|
|
36
|
+
const chunkLength = lineLength * 1024;
|
|
37
|
+
const wrapRegex = new RegExp('.{' + lineLength + '}', 'g');
|
|
37
38
|
while (pos < str.length) {
|
|
38
|
-
|
|
39
|
+
const wrappedLines = str.substr(pos, chunkLength).replace(wrapRegex, '$&\r\n');
|
|
39
40
|
result.push(wrappedLines);
|
|
40
41
|
pos += chunkLength;
|
|
41
42
|
}
|
|
@@ -94,7 +95,7 @@ class Encoder extends Transform {
|
|
|
94
95
|
if (this.options.lineLength) {
|
|
95
96
|
b64 = wrap(b64, this.options.lineLength);
|
|
96
97
|
|
|
97
|
-
|
|
98
|
+
const lastLF = b64.lastIndexOf('\n');
|
|
98
99
|
if (lastLF < 0) {
|
|
99
100
|
this._curLine = b64;
|
|
100
101
|
b64 = '';
|
package/lib/dkim/index.js
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
const MessageParser = require('./message-parser');
|
|
7
7
|
const RelaxedBody = require('./relaxed-body');
|
|
8
8
|
const sign = require('./sign');
|
|
9
|
-
const PassThrough = require('stream')
|
|
9
|
+
const { PassThrough } = require('stream');
|
|
10
10
|
const fs = require('fs');
|
|
11
11
|
const path = require('path');
|
|
12
12
|
const crypto = require('crypto');
|
|
@@ -96,7 +96,7 @@ class DKIMSigner {
|
|
|
96
96
|
}
|
|
97
97
|
return this.createReadCache();
|
|
98
98
|
}
|
|
99
|
-
|
|
99
|
+
const chunk = this.chunks[this.readPos++];
|
|
100
100
|
if (this.output.write(chunk) === false) {
|
|
101
101
|
return this.output.once('drain', () => {
|
|
102
102
|
this.sendNextChunk();
|
|
@@ -107,13 +107,13 @@ class DKIMSigner {
|
|
|
107
107
|
|
|
108
108
|
sendSignedOutput() {
|
|
109
109
|
let keyPos = 0;
|
|
110
|
-
|
|
110
|
+
const signNextKey = () => {
|
|
111
111
|
if (keyPos >= this.keys.length) {
|
|
112
112
|
this.output.write(this.parser.rawHeaders);
|
|
113
113
|
return setImmediate(() => this.sendNextChunk());
|
|
114
114
|
}
|
|
115
|
-
|
|
116
|
-
|
|
115
|
+
const key = this.keys[keyPos++];
|
|
116
|
+
const dkimField = sign(this.headers, this.hashAlgo, this.bodyHash, {
|
|
117
117
|
domainName: key.domainName,
|
|
118
118
|
keySelector: key.keySelector,
|
|
119
119
|
privateKey: key.privateKey,
|
|
@@ -211,7 +211,7 @@ class DKIM {
|
|
|
211
211
|
}
|
|
212
212
|
|
|
213
213
|
sign(input, extraOptions) {
|
|
214
|
-
|
|
214
|
+
const output = new PassThrough();
|
|
215
215
|
let inputStream = input;
|
|
216
216
|
let writeValue = false;
|
|
217
217
|
|
|
@@ -225,18 +225,10 @@ class DKIM {
|
|
|
225
225
|
|
|
226
226
|
let options = this.options;
|
|
227
227
|
if (extraOptions && Object.keys(extraOptions).length) {
|
|
228
|
-
options = {};
|
|
229
|
-
Object.keys(this.options || {}).forEach(key => {
|
|
230
|
-
options[key] = this.options[key];
|
|
231
|
-
});
|
|
232
|
-
Object.keys(extraOptions || {}).forEach(key => {
|
|
233
|
-
if (!(key in options)) {
|
|
234
|
-
options[key] = extraOptions[key];
|
|
235
|
-
}
|
|
236
|
-
});
|
|
228
|
+
options = Object.assign({}, extraOptions, this.options);
|
|
237
229
|
}
|
|
238
230
|
|
|
239
|
-
|
|
231
|
+
const signer = new DKIMSigner(options, this.keys, inputStream, output);
|
|
240
232
|
setImmediate(() => {
|
|
241
233
|
signer.signStream();
|
|
242
234
|
if (writeValue) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
const Transform = require('stream')
|
|
3
|
+
const { Transform } = require('stream');
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* MessageParser instance is a transform stream that separates message headers
|
|
@@ -24,8 +24,8 @@ class MessageParser extends Transform {
|
|
|
24
24
|
* @param {Buffer} data Next data chunk from the stream
|
|
25
25
|
*/
|
|
26
26
|
updateLastBytes(data) {
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
const lblen = this.lastBytes.length;
|
|
28
|
+
const nblen = Math.min(data.length, lblen);
|
|
29
29
|
|
|
30
30
|
// shift existing bytes
|
|
31
31
|
for (let i = 0, len = lblen - nblen; i < len; i++) {
|
|
@@ -50,9 +50,8 @@ class MessageParser extends Transform {
|
|
|
50
50
|
return true;
|
|
51
51
|
}
|
|
52
52
|
|
|
53
|
-
|
|
53
|
+
const lblen = this.lastBytes.length;
|
|
54
54
|
let headerPos = 0;
|
|
55
|
-
this.curLinePos = 0;
|
|
56
55
|
for (let i = 0, len = this.lastBytes.length + data.length; i < len; i++) {
|
|
57
56
|
let chr;
|
|
58
57
|
if (i < lblen) {
|
|
@@ -61,8 +60,8 @@ class MessageParser extends Transform {
|
|
|
61
60
|
chr = data[i - lblen];
|
|
62
61
|
}
|
|
63
62
|
if (chr === 0x0a && i) {
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
const pr1 = i - 1 < lblen ? this.lastBytes[i - 1] : data[i - 1 - lblen];
|
|
64
|
+
const pr2 = i > 1 ? (i - 2 < lblen ? this.lastBytes[i - 2] : data[i - 2 - lblen]) : false;
|
|
66
65
|
if (pr1 === 0x0a) {
|
|
67
66
|
this.headersParsed = true;
|
|
68
67
|
headerPos = i - lblen + 1;
|
|
@@ -83,17 +82,17 @@ class MessageParser extends Transform {
|
|
|
83
82
|
this.headerChunks = null;
|
|
84
83
|
this.emit('headers', this.parseHeaders());
|
|
85
84
|
if (data.length - 1 > headerPos) {
|
|
86
|
-
|
|
85
|
+
const chunk = data.slice(headerPos);
|
|
87
86
|
this.bodySize += chunk.length;
|
|
88
87
|
// this would be the first chunk of data sent downstream
|
|
89
88
|
setImmediate(() => this.push(chunk));
|
|
90
89
|
}
|
|
91
90
|
return false;
|
|
92
|
-
} else {
|
|
93
|
-
this.headerBytes += data.length;
|
|
94
|
-
this.headerChunks.push(data);
|
|
95
91
|
}
|
|
96
92
|
|
|
93
|
+
this.headerBytes += data.length;
|
|
94
|
+
this.headerChunks.push(data);
|
|
95
|
+
|
|
97
96
|
// store last 4 bytes to catch header break
|
|
98
97
|
this.updateLastBytes(data);
|
|
99
98
|
|
|
@@ -127,7 +126,7 @@ class MessageParser extends Transform {
|
|
|
127
126
|
|
|
128
127
|
_flush(callback) {
|
|
129
128
|
if (this.headerChunks) {
|
|
130
|
-
|
|
129
|
+
const chunk = Buffer.concat(this.headerChunks, this.headerBytes);
|
|
131
130
|
this.bodySize += chunk.length;
|
|
132
131
|
this.push(chunk);
|
|
133
132
|
this.headerChunks = null;
|
|
@@ -136,7 +135,7 @@ class MessageParser extends Transform {
|
|
|
136
135
|
}
|
|
137
136
|
|
|
138
137
|
parseHeaders() {
|
|
139
|
-
|
|
138
|
+
const lines = (this.rawHeaders || '').toString().split(/\r?\n/);
|
|
140
139
|
for (let i = lines.length - 1; i > 0; i--) {
|
|
141
140
|
if (/^\s/.test(lines[i])) {
|
|
142
141
|
lines[i - 1] += '\n' + lines[i];
|
package/lib/dkim/relaxed-body.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
// streams through a message body and calculates relaxed body hash
|
|
4
4
|
|
|
5
|
-
const Transform = require('stream')
|
|
5
|
+
const { Transform } = require('stream');
|
|
6
6
|
const crypto = require('crypto');
|
|
7
7
|
|
|
8
8
|
class RelaxedBody extends Transform {
|
|
@@ -29,7 +29,7 @@ class RelaxedBody extends Transform {
|
|
|
29
29
|
// If we get another chunk that does not match this description then we can restore the previously processed data
|
|
30
30
|
let state = 'file';
|
|
31
31
|
for (let i = chunk.length - 1; i >= 0; i--) {
|
|
32
|
-
|
|
32
|
+
const c = chunk[i];
|
|
33
33
|
|
|
34
34
|
if (state === 'file' && (c === 0x0a || c === 0x0d)) {
|
|
35
35
|
// do nothing, found \n or \r at the end of chunk, stil end of file
|
package/lib/dkim/sign.js
CHANGED
|
@@ -20,7 +20,7 @@ module.exports = (headers, hashAlgo, bodyHash, options) => {
|
|
|
20
20
|
options = options || {};
|
|
21
21
|
|
|
22
22
|
// all listed fields from RFC4871 #5.5
|
|
23
|
-
|
|
23
|
+
const defaultFieldNames =
|
|
24
24
|
'From:Sender:Reply-To:Subject:Date:Message-ID:To:' +
|
|
25
25
|
'Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:' +
|
|
26
26
|
'Content-Description:Resent-Date:Resent-From:Resent-Sender:' +
|
|
@@ -28,17 +28,16 @@ module.exports = (headers, hashAlgo, bodyHash, options) => {
|
|
|
28
28
|
'List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:' +
|
|
29
29
|
'List-Owner:List-Archive';
|
|
30
30
|
|
|
31
|
-
|
|
31
|
+
const fieldNames = options.headerFieldNames || defaultFieldNames;
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
let signer, signature;
|
|
33
|
+
const canonicalizedHeaderData = relaxedHeaders(headers, fieldNames, options.skipFields);
|
|
34
|
+
const dkimHeader = generateDKIMHeader(options.domainName, options.keySelector, canonicalizedHeaderData.fieldNames, hashAlgo, bodyHash);
|
|
37
35
|
|
|
38
36
|
canonicalizedHeaderData.headers += 'dkim-signature:' + relaxedHeaderLine(dkimHeader);
|
|
39
37
|
|
|
40
|
-
signer = crypto.createSign(('rsa-' + hashAlgo).toUpperCase());
|
|
38
|
+
const signer = crypto.createSign(('rsa-' + hashAlgo).toUpperCase());
|
|
41
39
|
signer.update(canonicalizedHeaderData.headers);
|
|
40
|
+
let signature;
|
|
42
41
|
try {
|
|
43
42
|
signature = signer.sign(options.privateKey, 'base64');
|
|
44
43
|
} catch (_E) {
|
|
@@ -51,7 +50,7 @@ module.exports = (headers, hashAlgo, bodyHash, options) => {
|
|
|
51
50
|
module.exports.relaxedHeaders = relaxedHeaders;
|
|
52
51
|
|
|
53
52
|
function generateDKIMHeader(domainName, keySelector, fieldNames, hashAlgo, bodyHash) {
|
|
54
|
-
|
|
53
|
+
const dkim = [
|
|
55
54
|
'v=1',
|
|
56
55
|
'a=rsa-' + hashAlgo,
|
|
57
56
|
'c=relaxed/relaxed',
|
|
@@ -66,9 +65,9 @@ function generateDKIMHeader(domainName, keySelector, fieldNames, hashAlgo, bodyH
|
|
|
66
65
|
}
|
|
67
66
|
|
|
68
67
|
function relaxedHeaders(headers, fieldNames, skipFields) {
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
68
|
+
const includedFields = new Set();
|
|
69
|
+
const skip = new Set();
|
|
70
|
+
const headerFields = new Map();
|
|
72
71
|
|
|
73
72
|
(skipFields || '')
|
|
74
73
|
.toLowerCase()
|
|
@@ -86,15 +85,15 @@ function relaxedHeaders(headers, fieldNames, skipFields) {
|
|
|
86
85
|
});
|
|
87
86
|
|
|
88
87
|
for (let i = headers.length - 1; i >= 0; i--) {
|
|
89
|
-
|
|
88
|
+
const line = headers[i];
|
|
90
89
|
// only include the first value from bottom to top
|
|
91
90
|
if (includedFields.has(line.key) && !headerFields.has(line.key)) {
|
|
92
91
|
headerFields.set(line.key, relaxedHeaderLine(line.line));
|
|
93
92
|
}
|
|
94
93
|
}
|
|
95
94
|
|
|
96
|
-
|
|
97
|
-
|
|
95
|
+
const headersList = [];
|
|
96
|
+
const fields = [];
|
|
98
97
|
includedFields.forEach(field => {
|
|
99
98
|
if (headerFields.has(field)) {
|
|
100
99
|
fields.push(field);
|
package/lib/errors.js
CHANGED
|
@@ -52,10 +52,7 @@ const ERROR_CODES = {
|
|
|
52
52
|
};
|
|
53
53
|
|
|
54
54
|
// Export error codes as string constants and the full definitions object
|
|
55
|
-
module.exports =
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
},
|
|
60
|
-
{ ERROR_CODES }
|
|
61
|
-
);
|
|
55
|
+
module.exports = { ERROR_CODES };
|
|
56
|
+
for (const code of Object.keys(ERROR_CODES)) {
|
|
57
|
+
module.exports[code] = code;
|
|
58
|
+
}
|
package/lib/fetch/cookies.js
CHANGED
|
@@ -25,8 +25,8 @@ class Cookies {
|
|
|
25
25
|
* @param {String} url Current URL
|
|
26
26
|
*/
|
|
27
27
|
set(cookieStr, url) {
|
|
28
|
-
|
|
29
|
-
|
|
28
|
+
const urlparts = urllib.parse(url || '');
|
|
29
|
+
const cookie = this.parse(cookieStr);
|
|
30
30
|
let domain;
|
|
31
31
|
|
|
32
32
|
if (cookie.domain) {
|
|
@@ -76,15 +76,13 @@ class Cookies {
|
|
|
76
76
|
* @returns {Array} An array of cookie objects
|
|
77
77
|
*/
|
|
78
78
|
list(url) {
|
|
79
|
-
|
|
80
|
-
let i;
|
|
81
|
-
let cookie;
|
|
79
|
+
const result = [];
|
|
82
80
|
|
|
83
|
-
for (i = this.cookies.length - 1; i >= 0; i--) {
|
|
84
|
-
cookie = this.cookies[i];
|
|
81
|
+
for (let i = this.cookies.length - 1; i >= 0; i--) {
|
|
82
|
+
const cookie = this.cookies[i];
|
|
85
83
|
|
|
86
84
|
if (this.isExpired(cookie)) {
|
|
87
|
-
this.cookies.splice(i,
|
|
85
|
+
this.cookies.splice(i, 1);
|
|
88
86
|
continue;
|
|
89
87
|
}
|
|
90
88
|
|
|
@@ -103,14 +101,14 @@ class Cookies {
|
|
|
103
101
|
* @returns {Object} Cookie object
|
|
104
102
|
*/
|
|
105
103
|
parse(cookieStr) {
|
|
106
|
-
|
|
104
|
+
const cookie = {};
|
|
107
105
|
|
|
108
106
|
(cookieStr || '')
|
|
109
107
|
.toString()
|
|
110
108
|
.split(';')
|
|
111
109
|
.forEach(cookiePart => {
|
|
112
|
-
|
|
113
|
-
|
|
110
|
+
const valueParts = cookiePart.split('=');
|
|
111
|
+
const key = valueParts.shift().trim().toLowerCase();
|
|
114
112
|
let value = valueParts.join('=').trim();
|
|
115
113
|
let domain;
|
|
116
114
|
|
|
@@ -171,7 +169,7 @@ class Cookies {
|
|
|
171
169
|
* @returns {Boolean} true if cookie is valid for specifiec URL
|
|
172
170
|
*/
|
|
173
171
|
match(cookie, url) {
|
|
174
|
-
|
|
172
|
+
const urlparts = urllib.parse(url || '');
|
|
175
173
|
|
|
176
174
|
// check if hostname matches
|
|
177
175
|
// .foo.com also matches subdomains, foo.com does not
|
|
@@ -183,7 +181,7 @@ class Cookies {
|
|
|
183
181
|
}
|
|
184
182
|
|
|
185
183
|
// check if path matches
|
|
186
|
-
|
|
184
|
+
const path = this.getPath(urlparts.pathname);
|
|
187
185
|
if (path.substr(0, cookie.path.length) !== cookie.path) {
|
|
188
186
|
return false;
|
|
189
187
|
}
|
|
@@ -202,16 +200,13 @@ class Cookies {
|
|
|
202
200
|
* @param {Object} cookie Cookie value to be stored
|
|
203
201
|
*/
|
|
204
202
|
add(cookie) {
|
|
205
|
-
let i;
|
|
206
|
-
let len;
|
|
207
|
-
|
|
208
203
|
// nothing to do here
|
|
209
204
|
if (!cookie || !cookie.name) {
|
|
210
205
|
return false;
|
|
211
206
|
}
|
|
212
207
|
|
|
213
208
|
// overwrite if has same params
|
|
214
|
-
for (i = 0, len = this.cookies.length; i < len; i++) {
|
|
209
|
+
for (let i = 0, len = this.cookies.length; i < len; i++) {
|
|
215
210
|
if (this.compare(this.cookies[i], cookie)) {
|
|
216
211
|
// check if the cookie needs to be removed instead
|
|
217
212
|
if (this.isExpired(cookie)) {
|
|
@@ -240,7 +235,7 @@ class Cookies {
|
|
|
240
235
|
* @returns {Boolean} True, if the cookies are the same
|
|
241
236
|
*/
|
|
242
237
|
compare(a, b) {
|
|
243
|
-
return a.name === b.name && a.path === b.path && a.domain === b.domain && a.secure === b.secure && a.httponly ===
|
|
238
|
+
return a.name === b.name && a.path === b.path && a.domain === b.domain && a.secure === b.secure && a.httponly === b.httponly;
|
|
244
239
|
}
|
|
245
240
|
|
|
246
241
|
/**
|