npm - nothumanallowed - Versions diffs - 15.1.45 → 15.1.46 - Mend

nothumanallowed 15.1.45 → 15.1.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/constants.mjs +1 -1
package/src/services/email-imap.mjs +95 -46

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.45",
+  "version": "15.1.46",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '15.1.45';
+export const VERSION = '15.1.46';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';

package/src/services/email-imap.mjs CHANGED Viewed

@@ -57,13 +57,21 @@ function notifyIdle(accountId, folder) {
   for (const h of idleHandlers) { try { h(accountId, folder); } catch {} }
 }
-function createImapClient(label, creds, accountId, secureOverride) {
+function createImapClient(label, creds, accountId, secureOverride, opts = {}) {
   const port = parseInt(creds.imap_port, 10) || 993;
   // Default heuristic: 993/465 use implicit TLS, anything else uses STARTTLS.
   // `secureOverride` lets the auto-fallback path force the opposite mode.
   const isSecure = typeof secureOverride === 'boolean'
     ? secureOverride
     : (port === 993 || port === 465);
+  // TLS hardening configurable per attempt. The `legacy` flag drops the
+  // minimum TLS version to v1.0 — required by some old / self-hosted IMAP
+  // servers (mail.dimensione-server.it, postfix on legacy CentOS, etc.)
+  // that still refuse TLS 1.2+ ClientHello.
+  const tlsOpts = {
+    rejectUnauthorized: false,
+    ...(opts.legacy ? { minVersion: 'TLSv1', maxVersion: 'TLSv1.3' } : {}),
+  };
   const client = new ImapFlow({
     host: creds.imap_host,
     port,
@@ -72,11 +80,13 @@ function createImapClient(label, creds, accountId, secureOverride) {
     logger: false,
     clientInfo: { name: 'NHA-Mail', version: '1.0.0' },
     emitLogs: false,
-    // Bounded timeouts so a misconfigured server doesn't hang the UI.
-    connectionTimeout: 15000,
-    greetingTimeout: 10000,
-    socketTimeout: 60000,
-    tls: { rejectUnauthorized: false }, // always set — safe for self-signed certs too
+    // Generous timeouts — first sync from a slow server can take a while
+    // before it even responds with the greeting. The previous 10s was too
+    // tight for ISP-hosted mailservers with throttling on cold connections.
+    connectionTimeout: 30000,
+    greetingTimeout: 30000,
+    socketTimeout: 120000,
+    tls: tlsOpts,
   });
   client.on('error', (err) => {
     console.error(`[email:imap] ${label} error:`, err.message);
@@ -99,6 +109,10 @@ function _looksLikeTlsMismatch(err) {
 // a given server, and ensures the cached `syncClients` entry stays usable.
 const lastGoodSecure = new Map();   // accountId → boolean
+// Per-account memory of the FULL working profile, not just secure flag.
+// Some servers need legacy TLS — we don't want to re-discover that every sync.
+const lastGoodProfile = new Map(); // accountId → { secure, legacy }
 export async function getImapClient(accountId, override) {
   const existing = syncClients.get(accountId);
   if (existing?.usable && override === undefined) return existing;
@@ -108,67 +122,102 @@ export async function getImapClient(accountId, override) {
   if (!creds || !creds.imap_host) throw new Error(`No IMAP credentials for account ${accountId}`);
   const label = `sync:${accountId.slice(0, 8)}`;
-  // Pick initial TLS mode: explicit override > remembered-good > port heuristic.
+  // Build the candidate list — up to 4 strategies, ordered most→least likely:
+  //   1. heuristic secure + modern TLS
+  //   2. opposite secure + modern TLS
+  //   3. heuristic secure + legacy TLS (TLSv1.0+)
+  //   4. opposite secure + legacy TLS
+  // If a remembered-good profile exists, prepend it so warm syncs are 1 attempt.
   const port = parseInt(creds.imap_port, 10) || 993;
   const heuristicSecure = port === 993 || port === 465;
-  const remembered = lastGoodSecure.get(accountId);
-  const firstSecure = (typeof override === 'boolean')
-    ? override
-    : (typeof remembered === 'boolean' ? remembered : heuristicSecure);
+  let strategies;
+  if (typeof override === 'boolean') {
+    // Explicit override (used by the outer syncAccount retry): obey it
+    // exactly, but still try legacy TLS as a fallback within that mode.
+    strategies = [
+      { secure: override, legacy: false, why: 'override-modern' },
+      { secure: override, legacy: true,  why: 'override-legacy' },
+    ];
+  } else {
+    strategies = [
+      { secure: heuristicSecure,  legacy: false, why: 'heuristic-modern' },
+      { secure: !heuristicSecure, legacy: false, why: 'opposite-modern' },
+      { secure: heuristicSecure,  legacy: true,  why: 'heuristic-legacy' },
+      { secure: !heuristicSecure, legacy: true,  why: 'opposite-legacy' },
+    ];
+    const remembered = lastGoodProfile.get(accountId);
+    if (remembered) {
+      strategies = [
+        { secure: remembered.secure, legacy: !!remembered.legacy, why: 'remembered' },
+        ...strategies.filter(s => !(s.secure === remembered.secure && s.legacy === !!remembered.legacy)),
+      ];
+    }
+  }
-  // First attempt.
-  let client = createImapClient(label, creds, accountId, firstSecure);
-  try {
-    await client.connect();
-    lastGoodSecure.set(accountId, firstSecure);
-  } catch (err) {
-    if (_looksLikeTlsMismatch(err) && override === undefined) {
-      try { await client.logout(); } catch {}
-      const fallbackSecure = !firstSecure;
-      console.warn(`[email:imap] ${label} TLS mismatch (${err.message.slice(0, 100)}). Retrying with secure=${fallbackSecure}`);
-      client = createImapClient(label, creds, accountId, fallbackSecure);
+  const errors = [];
+  for (const s of strategies) {
+    const client = createImapClient(label, creds, accountId, s.secure, { legacy: s.legacy });
+    try {
       await client.connect();
-      lastGoodSecure.set(accountId, fallbackSecure);
-    } else {
-      throw err;
+      lastGoodProfile.set(accountId, { secure: s.secure, legacy: s.legacy });
+      if (s.why !== 'remembered' && s.why !== 'heuristic-modern') {
+        console.warn(`[email:imap] ${label} connected via ${s.why} (secure=${s.secure}, legacy=${s.legacy})`);
+      }
+      syncClients.set(accountId, client);
+      return client;
+    } catch (err) {
+      errors.push(`${s.why}: ${err.message.slice(0, 120)}`);
+      try { await client.logout(); } catch {}
+      // If the error is clearly NOT TLS-related (e.g. auth failure, DNS),
+      // stop trying — more TLS combos won't help.
+      if (!_looksLikeTlsMismatch(err) && !/timeout|hang/i.test(err.message)) {
+        throw err;
+      }
     }
   }
-  syncClients.set(accountId, client);
-  return client;
+  throw new Error(`IMAP connection failed after ${strategies.length} attempts:\n${errors.join('\n')}`);
 }
 // Dry-run connectivity test used by Settings UI (no DB writes, no persistent
-// client). Returns { ok, secure, message }.
+// client). Tries up to 4 TLS-mode combinations and returns the first that
+// works, along with which one. Errors include the full attempt log so the
+// user can paste it back to support if everything failed.
 export async function testImapConnection(creds) {
   if (!creds?.imap_host) throw new Error('imap_host required');
   if (!creds?.username || !creds?.password) throw new Error('Username and password required');
   const port = parseInt(creds.imap_port, 10) || 993;
-  const tryConnect = async (secure) => {
-    const client = createImapClient('test', creds, null, secure);
+  const heuristicSecure = port === 993 || port === 465;
+  const strategies = [
+    { secure: heuristicSecure,  legacy: false, why: 'heuristic-modern' },
+    { secure: !heuristicSecure, legacy: false, why: 'opposite-modern' },
+    { secure: heuristicSecure,  legacy: true,  why: 'heuristic-legacy' },
+    { secure: !heuristicSecure, legacy: true,  why: 'opposite-legacy' },
+  ];
+  const errors = [];
+  for (const s of strategies) {
+    const client = createImapClient('test', creds, null, s.secure, { legacy: s.legacy });
     try {
       await client.connect();
       const list = await client.list();
-      await client.logout();
-      return { ok: true, secure, folderCount: list.length };
+      try { await client.logout(); } catch {}
+      const mode = `${s.secure ? 'implicit TLS' : 'STARTTLS'}${s.legacy ? ' (legacy ≥TLSv1.0)' : ''}`;
+      return {
+        ok: true,
+        secure: s.secure,
+        legacy: s.legacy,
+        folderCount: list.length,
+        message: `Connesso con modalità: ${mode}`,
+      };
     } catch (err) {
+      errors.push(`• ${s.why}: ${err.message.slice(0, 160)}`);
       try { await client.logout(); } catch {}
-      throw err;
-    }
-  };
-  const firstSecure = port === 993 || port === 465;
-  try {
-    return await tryConnect(firstSecure);
-  } catch (err) {
-    if (_looksLikeTlsMismatch(err)) {
-      try {
-        const r = await tryConnect(!firstSecure);
-        return { ...r, message: `Fallback TLS=${!firstSecure} (heuristic was wrong for this server)` };
-      } catch (err2) {
-        throw new Error(`IMAP test failed (both TLS modes): ${err.message} / ${err2.message}`);
+      if (!_looksLikeTlsMismatch(err) && !/timeout|hang/i.test(err.message)) {
+        // Hard error (auth / DNS): bail with that exact message.
+        throw err;
       }
     }
-    throw err;
   }
+  throw new Error(`IMAP test failed dopo ${strategies.length} tentativi:\n${errors.join('\n')}`);
 }
 export async function closeImapClient(accountId) {