nothumanallowed 15.1.43 → 15.1.44

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.43",
+  "version": "15.1.44",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '15.1.43';
+export const VERSION = '15.1.44';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/email.mjs

@@ -416,6 +416,42 @@ export function register(router) {
     } catch (e) { sendError(res, 500, e.message); }
   });
 
+  // POST /api/imap/test — dry-run connection test (no DB writes).
+  // Body: { imap_host, imap_port, smtp_host, smtp_port, username, password,
+  //         email_address, from_name, sendTest? }
+  // Returns: { imap: {ok, secure, ...}, smtp: {ok, secure, sent, messageId, ...} }
+  // The UI uses this for the "Test connection" / "Send test email" buttons
+  // before persisting an account — same UX as Outlook / Thunderbird.
+  router.post('/api/imap/test', async (req, res) => {
+    try {
+      const body = await parseBody(req);
+      const creds = {
+        imap_host: body.imap_host,
+        imap_port: body.imap_port,
+        smtp_host: body.smtp_host,
+        smtp_port: body.smtp_port,
+        username: body.username,
+        password: body.password,
+        email_address: body.email_address,
+        from_name: body.from_name,
+      };
+      const out = { imap: null, smtp: null };
+      try {
+        const { testImapConnection } = await import('../../services/email-imap.mjs');
+        out.imap = await testImapConnection(creds);
+      } catch (e) {
+        out.imap = { ok: false, error: e.message };
+      }
+      try {
+        const { testSmtpConnection } = await import('../../services/email-smtp.mjs');
+        out.smtp = await testSmtpConnection(creds, { sendTest: !!body.sendTest });
+      } catch (e) {
+        out.smtp = { ok: false, error: e.message };
+      }
+      sendJSON(res, 200, out);
+    } catch (e) { sendError(res, 500, e.message); }
+  });
+
   // POST /api/imap/sync  (body: { accountId, force })
   router.post('/api/imap/sync', async (req, res) => {
     try {

package/src/services/email-imap.mjs

@@ -57,9 +57,13 @@ function notifyIdle(accountId, folder) {
   for (const h of idleHandlers) { try { h(accountId, folder); } catch {} }
 }
 
-function createImapClient(label, creds, accountId) {
+function createImapClient(label, creds, accountId, secureOverride) {
   const port = parseInt(creds.imap_port, 10) || 993;
-  const isSecure = port === 993 || port === 465;
+  // Default heuristic: 993/465 use implicit TLS, anything else uses STARTTLS.
+  // `secureOverride` lets the auto-fallback path force the opposite mode.
+  const isSecure = typeof secureOverride === 'boolean'
+    ? secureOverride
+    : (port === 993 || port === 465);
   const client = new ImapFlow({
     host: creds.imap_host,
     port,
@@ -68,6 +72,10 @@ function createImapClient(label, creds, accountId) {
     logger: false,
     clientInfo: { name: 'NHA-Mail', version: '1.0.0' },
     emitLogs: false,
+    // Bounded timeouts so a misconfigured server doesn't hang the UI.
+    connectionTimeout: 15000,
+    greetingTimeout: 10000,
+    socketTimeout: 60000,
     tls: { rejectUnauthorized: false }, // always set — safe for self-signed certs too
   });
   client.on('error', (err) => {
@@ -77,6 +85,12 @@ function createImapClient(label, creds, accountId) {
   return client;
 }
 
+// Match the most common "wrong TLS mode" failure modes from ImapFlow.
+function _looksLikeTlsMismatch(err) {
+  const msg = (err && err.message ? err.message : String(err)).toLowerCase();
+  return /greeting|tls|ssl|wrong version number|protocol|enotconn|econnreset|handshake/.test(msg);
+}
+
 export async function getImapClient(accountId) {
   const existing = syncClients.get(accountId);
   if (existing?.usable) return existing;
@@ -84,12 +98,66 @@ export async function getImapClient(accountId) {
 
   const creds = getAccountCredentials(accountId);
   if (!creds || !creds.imap_host) throw new Error(`No IMAP credentials for account ${accountId}`);
-  const client = createImapClient(`sync:${accountId.slice(0, 8)}`, creds, accountId);
-  await client.connect();
+  const label = `sync:${accountId.slice(0, 8)}`;
+
+  // First attempt with the heuristic-derived TLS mode.
+  let client = createImapClient(label, creds, accountId);
+  try {
+    await client.connect();
+  } catch (err) {
+    // Auto-fallback: if the failure smells like a TLS-mode mismatch, retry
+    // with the opposite mode before bubbling the error up to the user. The
+    // most common case is port 993 misclassified (or a non-standard port
+    // with implicit TLS) — the second try usually succeeds.
+    if (_looksLikeTlsMismatch(err)) {
+      try { await client.logout(); } catch {}
+      const port = parseInt(creds.imap_port, 10) || 993;
+      const fallbackSecure = !(port === 993 || port === 465);
+      console.warn(`[email:imap] ${label} TLS mismatch (${err.message}). Retrying with secure=${fallbackSecure}`);
+      client = createImapClient(label, creds, accountId, fallbackSecure);
+      await client.connect();
+    } else {
+      throw err;
+    }
+  }
   syncClients.set(accountId, client);
   return client;
 }
 
+// Dry-run connectivity test used by Settings UI (no DB writes, no persistent
+// client). Returns { ok, secure, message }.
+export async function testImapConnection(creds) {
+  if (!creds?.imap_host) throw new Error('imap_host required');
+  if (!creds?.username || !creds?.password) throw new Error('Username and password required');
+  const port = parseInt(creds.imap_port, 10) || 993;
+  const tryConnect = async (secure) => {
+    const client = createImapClient('test', creds, null, secure);
+    try {
+      await client.connect();
+      const list = await client.list();
+      await client.logout();
+      return { ok: true, secure, folderCount: list.length };
+    } catch (err) {
+      try { await client.logout(); } catch {}
+      throw err;
+    }
+  };
+  const firstSecure = port === 993 || port === 465;
+  try {
+    return await tryConnect(firstSecure);
+  } catch (err) {
+    if (_looksLikeTlsMismatch(err)) {
+      try {
+        const r = await tryConnect(!firstSecure);
+        return { ...r, message: `Fallback TLS=${!firstSecure} (heuristic was wrong for this server)` };
+      } catch (err2) {
+        throw new Error(`IMAP test failed (both TLS modes): ${err.message} / ${err2.message}`);
+      }
+    }
+    throw err;
+  }
+}
+
 export async function closeImapClient(accountId) {
   const c = syncClients.get(accountId);
   if (c) { try { await c.logout(); } catch {}; syncClients.delete(accountId); }

package/src/services/email-smtp.mjs

@@ -18,9 +18,9 @@ function threadId(messageId) {
   return createHash('sha1').update(messageId).digest('hex');
 }
 
-function getTransporter(creds) {
+function getTransporter(creds, secureOverride) {
   const port = parseInt(creds.smtp_port, 10) || 587;
-  const isSecure = port === 465;
+  const isSecure = typeof secureOverride === 'boolean' ? secureOverride : (port === 465);
   return createTransport({
     host: creds.smtp_host,
     port,
@@ -33,6 +33,53 @@ function getTransporter(creds) {
   });
 }
 
+// Dry-run SMTP test used by Settings UI. Verifies auth, optionally sends a
+// real "Hello from NHA" message to the configured address. Same TLS-mode
+// auto-fallback pattern as IMAP.
+export async function testSmtpConnection(creds, { sendTest = false } = {}) {
+  if (!creds?.smtp_host) throw new Error('smtp_host required');
+  if (!creds?.username || !creds?.password) throw new Error('Username and password required');
+  const port = parseInt(creds.smtp_port, 10) || 587;
+  const firstSecure = port === 465;
+  const trySend = async (secure) => {
+    const t = getTransporter(creds, secure);
+    try {
+      await t.verify();
+      let sendInfo = null;
+      if (sendTest) {
+        const to = creds.email_address || creds.username;
+        const from = creds.from_name ? `${creds.from_name} <${creds.email_address || creds.username}>` : (creds.email_address || creds.username);
+        sendInfo = await t.sendMail({
+          from,
+          to,
+          subject: 'NHA — Email di prova',
+          text: `Questo è un messaggio di prova inviato da NotHumanAllowed (${new Date().toISOString()}).\n\nSe lo vedi, la configurazione SMTP è corretta.`,
+          html: `<p>Questo è un messaggio di prova inviato da <strong>NotHumanAllowed</strong> (${new Date().toISOString()}).</p><p>Se lo vedi, la configurazione SMTP è corretta.</p>`,
+        });
+      }
+      try { t.close(); } catch {}
+      return { ok: true, secure, sent: !!sendInfo, messageId: sendInfo?.messageId || null };
+    } catch (err) {
+      try { t.close(); } catch {}
+      throw err;
+    }
+  };
+  try {
+    return await trySend(firstSecure);
+  } catch (err) {
+    const looksTls = /greeting|tls|ssl|wrong version number|protocol|handshake/i.test(err.message || '');
+    if (looksTls) {
+      try {
+        const r = await trySend(!firstSecure);
+        return { ...r, message: `Fallback TLS=${!firstSecure} (heuristic was wrong for this server)` };
+      } catch (err2) {
+        throw new Error(`SMTP test failed (both TLS modes): ${err.message} / ${err2.message}`);
+      }
+    }
+    throw err;
+  }
+}
+
 /**
  * Send an email.
  *