Michelle/redlight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Update README and configuration to replace RSA with Ed25519 for federation security
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m30s
Details

Browse Source
This commit is contained in:
Michelle
2026-02-28 20:19:59 +01:00
parent 2831f80ab4
commit c281628fdc
8 changed files with 74 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/config/mailer.js
View File

@@ -49,19 +49,25 @@ export function isMailerConfigured() {
* @param {string} verifyUrl full verification URL
* @param {string} appName branding app name (default "Redlight")
*/
// S3: sanitize name for use in email From header (strip quotes, newlines, control chars)
function sanitizeHeaderValue(str) {
return String(str).replace(/["\\\r\n\x00-\x1f]/g, '').trim().slice(0, 100);
}
export async function sendVerificationEmail(to, name, verifyUrl, appName = 'Redlight') {
if (!transporter) {
throw new Error('SMTP not configured');
}
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
const headerAppName = sanitizeHeaderValue(appName);
const safeName = escapeHtml(name);
const safeAppName = escapeHtml(appName);
await transporter.sendMail({
from: `"${appName}" <${from}>`,
from: `"${headerAppName}" <${from}>`,
to,
subject: `${appName} Verify your email`,
subject: `${headerAppName} Verify your email`,
html: `
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
<h2 style="color:#cba6f7;margin-top:0;">Hey ${safeName} 👋</h2>
@@ -99,6 +105,7 @@ export async function sendFederationInviteEmail(to, name, fromUser, roomName, me
if (!transporter) return; // silently skip if SMTP not configured
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
const headerAppName = sanitizeHeaderValue(appName);
const safeName = escapeHtml(name);
const safeFromUser = escapeHtml(fromUser);
const safeRoomName = escapeHtml(roomName);
@@ -106,9 +113,9 @@ export async function sendFederationInviteEmail(to, name, fromUser, roomName, me
const safeAppName = escapeHtml(appName);
await transporter.sendMail({
from: `"${appName}" <${from}>`,
from: `"${headerAppName}" <${from}>`,
to,
subject: `${appName} Meeting invitation from ${fromUser}`,
subject: `${headerAppName} Meeting invitation from ${sanitizeHeaderValue(fromUser)}`,
html: `
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
<h2 style="color:#cba6f7;margin-top:0;">Hey ${safeName} 👋</h2>