strapi-plugin-magic-mail 2.9.1 → 2.9.2

package/dist/server/index.js

@@ -1007,6 +1007,10 @@ const attributes = {
     type: "boolean",
     "default": true,
     configurable: false
+  },
+  trackingFallbackUrl: {
+    type: "string",
+    configurable: false
   }
 };
 const require$$7 = {
@@ -48884,7 +48888,11 @@ const schemas = {
     defaultFromName: headerSafe.optional(),
     defaultFromEmail: emailString.optional().or(z2.literal("")),
     unsubscribeUrl: z2.string().url().optional().or(z2.literal("")),
-    enableUnsubscribeHeader: z2.boolean().optional()
+    enableUnsubscribeHeader: z2.boolean().optional(),
+    // Where to redirect the recipient when a tracking link is no longer
+    // resolvable (e.g. retention cleanup removed the row). If empty the
+    // tracker renders a static HTML fallback page instead.
+    trackingFallbackUrl: z2.string().url().optional().or(z2.literal(""))
   }),
   // ── Content-API send payloads ───────────────────────────────────────────
   // Bounded attachments to prevent OOM from huge base64 payloads.
@@ -49344,7 +49352,7 @@ var oauthState = {
   verifyAndConsumeState: verifyAndConsumeState$1
 };
 const { createState, verifyAndConsumeState } = oauthState;
-function escapeHtml(str2) {
+function escapeHtml$1(str2) {
   return String(str2 || "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
 }
 function escapeJs(str2) {
@@ -49409,7 +49417,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -49520,7 +49528,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -49628,7 +49636,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -50711,6 +50719,52 @@ var emailDesigner$3 = ({ strapi: strapi2 }) => ({
 const EMAIL_LOG_UID$1 = "plugin::magic-mail.email-log";
 const EMAIL_EVENT_UID$1 = "plugin::magic-mail.email-event";
 const EMAIL_ACCOUNT_UID$1 = "plugin::magic-mail.email-account";
+const escapeHtml = (value) => String(value ?? "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+const renderTrackingFallbackHtml = (reason, fallbackUrl) => {
+  const safeReason = escapeHtml(reason);
+  const safeUrl = fallbackUrl ? escapeHtml(fallbackUrl) : "";
+  const refreshMeta = fallbackUrl ? `<meta http-equiv="refresh" content="3;url=${safeUrl}">` : "";
+  const manualLink = fallbackUrl ? `<p style="margin-top:24px;font-size:14px;color:#6b7280;">
+         You will be redirected in a few seconds. If nothing happens,
+         <a href="${safeUrl}" style="color:#4f46e5;">click here</a>.
+       </p>` : `<p style="margin-top:24px;font-size:14px;color:#6b7280;">
+         You can safely close this tab.
+       </p>`;
+  return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    ${refreshMeta}
+    <title>Link unavailable</title>
+    <style>
+      body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background:#f9fafb; margin:0; padding:40px 20px; color:#111827; }
+      .card { max-width: 480px; margin: 60px auto; background:#fff; border-radius: 12px; padding: 32px; box-shadow: 0 1px 3px rgba(0,0,0,0.08); text-align:center; }
+      h1 { font-size: 22px; margin: 0 0 12px; }
+      p  { font-size: 15px; line-height: 1.5; color:#374151; }
+    </style>
+  </head>
+  <body>
+    <main class="card">
+      <h1>This link is no longer available</h1>
+      <p>${safeReason}</p>
+      ${manualLink}
+    </main>
+  </body>
+</html>`;
+};
+const respondWithTrackingFallback = async (ctx, reason) => {
+  let fallbackUrl = null;
+  try {
+    const settings = await strapi.plugin("magic-mail").service("plugin-settings").getSettings();
+    fallbackUrl = settings?.trackingFallbackUrl || null;
+  } catch (err) {
+    strapi.log.debug(`[magic-mail] Could not load tracking fallback setting: ${err.message}`);
+  }
+  ctx.status = 410;
+  ctx.type = "text/html; charset=utf-8";
+  ctx.body = renderTrackingFallbackHtml(reason, fallbackUrl);
+};
 var analytics$3 = ({ strapi: strapi2 }) => ({
   /**
    * Tracking pixel endpoint
@@ -50731,7 +50785,18 @@ var analytics$3 = ({ strapi: strapi2 }) => ({
     ctx.body = pixel;
   },
   /**
-   * Click tracking endpoint with open-redirect protection
+   * Click tracking endpoint with open-redirect protection.
+   *
+   * Resolves the destination URL exclusively from the database — never
+   * from query parameters — so the endpoint cannot be used as an open
+   * redirect. When the URL is no longer resolvable (retention cleanup
+   * deleted the row, the hash is wrong, the stored URL is malformed),
+   * the end-user used to receive a Strapi JSON error envelope, which is
+   * the single biggest UX regression in any tracking setup. Now the
+   * user sees a branded HTML fallback page that either redirects to the
+   * admin-configured `trackingFallbackUrl` or apologises and invites
+   * them to close the tab.
+   *
    * GET /magic-mail/track/click/:emailId/:linkHash/:recipientHash
    */
   async trackClick(ctx) {
@@ -50744,15 +50809,25 @@ var analytics$3 = ({ strapi: strapi2 }) => ({
       strapi2.log.error("[magic-mail] Error getting original URL:", err.message);
     }
     if (!url) {
-      return ctx.badRequest("Invalid or expired tracking link");
+      return respondWithTrackingFallback(
+        ctx,
+        "The page behind this link is no longer tracked. It may have been removed by our retention policy."
+      );
     }
     try {
       const parsed = new URL(url);
       if (!["http:", "https:"].includes(parsed.protocol)) {
-        return ctx.badRequest("Invalid URL protocol");
+        strapi2.log.warn(`[magic-mail] Blocked non-http(s) tracking URL for email ${emailId}`);
+        return respondWithTrackingFallback(
+          ctx,
+          "This link points to an unsupported destination and cannot be opened for your safety."
+        );
       }
     } catch {
-      return ctx.badRequest("Invalid URL format");
+      return respondWithTrackingFallback(
+        ctx,
+        "This link is no longer valid."
+      );
     }
     try {
       await strapi2.plugin("magic-mail").service("analytics").recordClick(emailId, linkHash, recipientHash, url, ctx.request);
@@ -63354,7 +63429,7 @@ var oauth$1 = ({ strapi: strapi2 }) => ({
     return account;
   }
 });
-const version = "2.9.0";
+const version = "2.9.1";
 const require$$2 = {
   version
 };
@@ -65238,7 +65313,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
             defaultFromName: null,
             defaultFromEmail: null,
             unsubscribeUrl: null,
-            enableUnsubscribeHeader: true
+            enableUnsubscribeHeader: true,
+            trackingFallbackUrl: null
           }
         });
         strapi2.log.info("[magic-mail] [SETTINGS] Created default plugin settings");
@@ -65253,7 +65329,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
         defaultFromName: null,
         defaultFromEmail: null,
         unsubscribeUrl: null,
-        enableUnsubscribeHeader: true
+        enableUnsubscribeHeader: true,
+        trackingFallbackUrl: null
       };
     }
   },
@@ -65269,7 +65346,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
         trackingBaseUrl: data.trackingBaseUrl?.trim() || null,
         defaultFromName: data.defaultFromName?.trim() || null,
         defaultFromEmail: data.defaultFromEmail?.trim()?.toLowerCase() || null,
-        unsubscribeUrl: data.unsubscribeUrl?.trim() || null
+        unsubscribeUrl: data.unsubscribeUrl?.trim() || null,
+        trackingFallbackUrl: data.trackingFallbackUrl?.trim() || null
       };
       let settings = await strapi2.documents(SETTINGS_UID).findFirst({});
       if (settings) {
@@ -65287,7 +65365,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
             defaultFromName: sanitizedData.defaultFromName,
             defaultFromEmail: sanitizedData.defaultFromEmail,
             unsubscribeUrl: sanitizedData.unsubscribeUrl,
-            enableUnsubscribeHeader: sanitizedData.enableUnsubscribeHeader ?? true
+            enableUnsubscribeHeader: sanitizedData.enableUnsubscribeHeader ?? true,
+            trackingFallbackUrl: sanitizedData.trackingFallbackUrl
           }
         });
         strapi2.log.info("[magic-mail] [SETTINGS] Created plugin settings");

package/dist/server/index.mjs

@@ -971,6 +971,10 @@ const attributes = {
     type: "boolean",
     "default": true,
     configurable: false
+  },
+  trackingFallbackUrl: {
+    type: "string",
+    configurable: false
   }
 };
 const require$$7 = {
@@ -48848,7 +48852,11 @@ const schemas = {
     defaultFromName: headerSafe.optional(),
     defaultFromEmail: emailString.optional().or(z2.literal("")),
     unsubscribeUrl: z2.string().url().optional().or(z2.literal("")),
-    enableUnsubscribeHeader: z2.boolean().optional()
+    enableUnsubscribeHeader: z2.boolean().optional(),
+    // Where to redirect the recipient when a tracking link is no longer
+    // resolvable (e.g. retention cleanup removed the row). If empty the
+    // tracker renders a static HTML fallback page instead.
+    trackingFallbackUrl: z2.string().url().optional().or(z2.literal(""))
   }),
   // ── Content-API send payloads ───────────────────────────────────────────
   // Bounded attachments to prevent OOM from huge base64 payloads.
@@ -49308,7 +49316,7 @@ var oauthState = {
   verifyAndConsumeState: verifyAndConsumeState$1
 };
 const { createState, verifyAndConsumeState } = oauthState;
-function escapeHtml(str2) {
+function escapeHtml$1(str2) {
   return String(str2 || "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
 }
 function escapeJs(str2) {
@@ -49373,7 +49381,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -49484,7 +49492,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -49592,7 +49600,7 @@ var oauth$3 = {
           </head>
           <body>
             <div class="error">[ERROR] OAuth Authorization Failed</div>
-            <p>Error: ${escapeHtml(error2)}</p>
+            <p>Error: ${escapeHtml$1(error2)}</p>
             <p>You can close this window and try again.</p>
             <script>
               setTimeout(() => window.close(), 3000);
@@ -50675,6 +50683,52 @@ var emailDesigner$3 = ({ strapi: strapi2 }) => ({
 const EMAIL_LOG_UID$1 = "plugin::magic-mail.email-log";
 const EMAIL_EVENT_UID$1 = "plugin::magic-mail.email-event";
 const EMAIL_ACCOUNT_UID$1 = "plugin::magic-mail.email-account";
+const escapeHtml = (value) => String(value ?? "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+const renderTrackingFallbackHtml = (reason, fallbackUrl) => {
+  const safeReason = escapeHtml(reason);
+  const safeUrl = fallbackUrl ? escapeHtml(fallbackUrl) : "";
+  const refreshMeta = fallbackUrl ? `<meta http-equiv="refresh" content="3;url=${safeUrl}">` : "";
+  const manualLink = fallbackUrl ? `<p style="margin-top:24px;font-size:14px;color:#6b7280;">
+         You will be redirected in a few seconds. If nothing happens,
+         <a href="${safeUrl}" style="color:#4f46e5;">click here</a>.
+       </p>` : `<p style="margin-top:24px;font-size:14px;color:#6b7280;">
+         You can safely close this tab.
+       </p>`;
+  return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    ${refreshMeta}
+    <title>Link unavailable</title>
+    <style>
+      body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background:#f9fafb; margin:0; padding:40px 20px; color:#111827; }
+      .card { max-width: 480px; margin: 60px auto; background:#fff; border-radius: 12px; padding: 32px; box-shadow: 0 1px 3px rgba(0,0,0,0.08); text-align:center; }
+      h1 { font-size: 22px; margin: 0 0 12px; }
+      p  { font-size: 15px; line-height: 1.5; color:#374151; }
+    </style>
+  </head>
+  <body>
+    <main class="card">
+      <h1>This link is no longer available</h1>
+      <p>${safeReason}</p>
+      ${manualLink}
+    </main>
+  </body>
+</html>`;
+};
+const respondWithTrackingFallback = async (ctx, reason) => {
+  let fallbackUrl = null;
+  try {
+    const settings = await strapi.plugin("magic-mail").service("plugin-settings").getSettings();
+    fallbackUrl = settings?.trackingFallbackUrl || null;
+  } catch (err) {
+    strapi.log.debug(`[magic-mail] Could not load tracking fallback setting: ${err.message}`);
+  }
+  ctx.status = 410;
+  ctx.type = "text/html; charset=utf-8";
+  ctx.body = renderTrackingFallbackHtml(reason, fallbackUrl);
+};
 var analytics$3 = ({ strapi: strapi2 }) => ({
   /**
    * Tracking pixel endpoint
@@ -50695,7 +50749,18 @@ var analytics$3 = ({ strapi: strapi2 }) => ({
     ctx.body = pixel;
   },
   /**
-   * Click tracking endpoint with open-redirect protection
+   * Click tracking endpoint with open-redirect protection.
+   *
+   * Resolves the destination URL exclusively from the database — never
+   * from query parameters — so the endpoint cannot be used as an open
+   * redirect. When the URL is no longer resolvable (retention cleanup
+   * deleted the row, the hash is wrong, the stored URL is malformed),
+   * the end-user used to receive a Strapi JSON error envelope, which is
+   * the single biggest UX regression in any tracking setup. Now the
+   * user sees a branded HTML fallback page that either redirects to the
+   * admin-configured `trackingFallbackUrl` or apologises and invites
+   * them to close the tab.
+   *
    * GET /magic-mail/track/click/:emailId/:linkHash/:recipientHash
    */
   async trackClick(ctx) {
@@ -50708,15 +50773,25 @@ var analytics$3 = ({ strapi: strapi2 }) => ({
       strapi2.log.error("[magic-mail] Error getting original URL:", err.message);
     }
     if (!url) {
-      return ctx.badRequest("Invalid or expired tracking link");
+      return respondWithTrackingFallback(
+        ctx,
+        "The page behind this link is no longer tracked. It may have been removed by our retention policy."
+      );
     }
     try {
       const parsed = new URL(url);
       if (!["http:", "https:"].includes(parsed.protocol)) {
-        return ctx.badRequest("Invalid URL protocol");
+        strapi2.log.warn(`[magic-mail] Blocked non-http(s) tracking URL for email ${emailId}`);
+        return respondWithTrackingFallback(
+          ctx,
+          "This link points to an unsupported destination and cannot be opened for your safety."
+        );
       }
     } catch {
-      return ctx.badRequest("Invalid URL format");
+      return respondWithTrackingFallback(
+        ctx,
+        "This link is no longer valid."
+      );
     }
     try {
       await strapi2.plugin("magic-mail").service("analytics").recordClick(emailId, linkHash, recipientHash, url, ctx.request);
@@ -63318,7 +63393,7 @@ var oauth$1 = ({ strapi: strapi2 }) => ({
     return account;
   }
 });
-const version = "2.9.0";
+const version = "2.9.1";
 const require$$2 = {
   version
 };
@@ -65202,7 +65277,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
             defaultFromName: null,
             defaultFromEmail: null,
             unsubscribeUrl: null,
-            enableUnsubscribeHeader: true
+            enableUnsubscribeHeader: true,
+            trackingFallbackUrl: null
           }
         });
         strapi2.log.info("[magic-mail] [SETTINGS] Created default plugin settings");
@@ -65217,7 +65293,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
         defaultFromName: null,
         defaultFromEmail: null,
         unsubscribeUrl: null,
-        enableUnsubscribeHeader: true
+        enableUnsubscribeHeader: true,
+        trackingFallbackUrl: null
       };
     }
   },
@@ -65233,7 +65310,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
         trackingBaseUrl: data.trackingBaseUrl?.trim() || null,
         defaultFromName: data.defaultFromName?.trim() || null,
         defaultFromEmail: data.defaultFromEmail?.trim()?.toLowerCase() || null,
-        unsubscribeUrl: data.unsubscribeUrl?.trim() || null
+        unsubscribeUrl: data.unsubscribeUrl?.trim() || null,
+        trackingFallbackUrl: data.trackingFallbackUrl?.trim() || null
       };
       let settings = await strapi2.documents(SETTINGS_UID).findFirst({});
       if (settings) {
@@ -65251,7 +65329,8 @@ var pluginSettings$1 = ({ strapi: strapi2 }) => ({
             defaultFromName: sanitizedData.defaultFromName,
             defaultFromEmail: sanitizedData.defaultFromEmail,
             unsubscribeUrl: sanitizedData.unsubscribeUrl,
-            enableUnsubscribeHeader: sanitizedData.enableUnsubscribeHeader ?? true
+            enableUnsubscribeHeader: sanitizedData.enableUnsubscribeHeader ?? true,
+            trackingFallbackUrl: sanitizedData.trackingFallbackUrl
           }
         });
         strapi2.log.info("[magic-mail] [SETTINGS] Created plugin settings");

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "2.9.1",
+  "version": "2.9.2",
   "keywords": [
     "strapi",
     "strapi-plugin",