Michelle
b5218046c9
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
- Updated import statements to remove invisible characters. - Standardized comments to use a consistent hyphen format. - Adjusted username validation error messages for consistency. - Enhanced email sending functions to include language support. - Added email internationalization configuration for dynamic translations. - Updated calendar and federation routes to include language in user queries. - Improved user feedback messages in German and English for clarity.
275 lines
13 KiB
JavaScript
275 lines
13 KiB
JavaScript
import nodemailer from 'nodemailer';
|
|
import { log } from './logger.js';
|
|
import { t } from './emaili18n.js';
|
|
|
|
let transporter;
|
|
|
|
// Escape HTML special characters to prevent injection in email bodies
|
|
function escapeHtml(str) {
|
|
if (!str) return '';
|
|
return String(str)
|
|
.replace(/&/g, '&')
|
|
.replace(/</g, '<')
|
|
.replace(/>/g, '>')
|
|
.replace(/"/g, '"')
|
|
.replace(/'/g, ''');
|
|
}
|
|
|
|
export function initMailer() {
|
|
const host = process.env.SMTP_HOST;
|
|
const port = parseInt(process.env.SMTP_PORT || '587', 10);
|
|
const user = process.env.SMTP_USER;
|
|
const pass = process.env.SMTP_PASS;
|
|
|
|
if (!host || !user || !pass) {
|
|
log.mailer.warn('SMTP not configured - email verification disabled');
|
|
return false;
|
|
}
|
|
|
|
transporter = nodemailer.createTransport({
|
|
host,
|
|
port,
|
|
secure: port === 465,
|
|
auth: { user, pass },
|
|
connectionTimeout: 10_000, // 10 s to establish TCP connection
|
|
greetingTimeout: 10_000, // 10 s to receive SMTP greeting
|
|
socketTimeout: 15_000, // 15 s of inactivity before abort
|
|
});
|
|
|
|
log.mailer.info('SMTP mailer configured');
|
|
return true;
|
|
}
|
|
|
|
export function isMailerConfigured() {
|
|
return !!transporter;
|
|
}
|
|
|
|
/**
|
|
* Send the verification email with a clickable link.
|
|
* @param {string} to - recipient email
|
|
* @param {string} name - user's display name
|
|
* @param {string} verifyUrl - full verification URL
|
|
* @param {string} appName - branding app name (default "Redlight")
|
|
*/
|
|
// S3: sanitize name for use in email From header (strip quotes, newlines, control chars)
|
|
function sanitizeHeaderValue(str) {
|
|
return String(str).replace(/["\\\r\n\x00-\x1f]/g, '').trim().slice(0, 100);
|
|
}
|
|
|
|
export async function sendVerificationEmail(to, name, verifyUrl, appName = 'Redlight', lang = 'en') {
|
|
if (!transporter) {
|
|
throw new Error('SMTP not configured');
|
|
}
|
|
|
|
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
|
const headerAppName = sanitizeHeaderValue(appName);
|
|
const safeName = escapeHtml(name);
|
|
const safeAppName = escapeHtml(appName);
|
|
|
|
await transporter.sendMail({
|
|
from: `"${headerAppName}" <${from}>`,
|
|
to,
|
|
subject: t(lang, 'email.verify.subject', { appName: headerAppName }),
|
|
html: `
|
|
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
|
|
<h2 style="color:#cba6f7;margin-top:0;">${t(lang, 'email.greeting', { name: safeName })}</h2>
|
|
<p>${t(lang, 'email.verify.intro')}</p>
|
|
<p style="text-align:center;margin:28px 0;">
|
|
<a href="${verifyUrl}"
|
|
style="display:inline-block;background:#cba6f7;color:#1e1e2e;padding:12px 32px;border-radius:8px;text-decoration:none;font-weight:bold;">
|
|
${t(lang, 'email.verify.button')}
|
|
</a>
|
|
</p>
|
|
<p style="font-size:13px;color:#7f849c;">
|
|
${t(lang, 'email.linkHint')}<br/>
|
|
<a href="${verifyUrl}" style="color:#89b4fa;word-break:break-all;">${escapeHtml(verifyUrl)}</a>
|
|
</p>
|
|
<p style="font-size:13px;color:#7f849c;">${t(lang, 'email.verify.validity')}</p>
|
|
<hr style="border:none;border-top:1px solid #313244;margin:24px 0;"/>
|
|
<p style="font-size:12px;color:#585b70;">${t(lang, 'email.verify.footer')}</p>
|
|
</div>
|
|
`,
|
|
text: `${t(lang, 'email.greeting', { name })}\n\n${t(lang, 'email.verify.intro')}\n${verifyUrl}\n\n${t(lang, 'email.verify.validity')}\n\n- ${appName}`,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Send a federation meeting invitation email.
|
|
* @param {string} to - recipient email
|
|
* @param {string} name - recipient display name
|
|
* @param {string} fromUser - sender federated address (user@domain)
|
|
* @param {string} roomName - name of the invited room
|
|
* @param {string} message - optional personal message
|
|
* @param {string} inboxUrl - URL to the federation inbox
|
|
* @param {string} appName - branding app name (default "Redlight")
|
|
*/
|
|
export async function sendFederationInviteEmail(to, name, fromUser, roomName, message, inboxUrl, appName = 'Redlight', lang = 'en') {
|
|
if (!transporter) return; // silently skip if SMTP not configured
|
|
|
|
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
|
const headerAppName = sanitizeHeaderValue(appName);
|
|
const safeName = escapeHtml(name);
|
|
const safeFromUser = escapeHtml(fromUser);
|
|
const safeRoomName = escapeHtml(roomName);
|
|
const safeMessage = message ? escapeHtml(message) : null;
|
|
const safeAppName = escapeHtml(appName);
|
|
|
|
const introHtml = t(lang, 'email.federationInvite.intro')
|
|
.replace('{fromUser}', `<strong style="color:#cdd6f4;">${safeFromUser}</strong>`);
|
|
|
|
await transporter.sendMail({
|
|
from: `"${headerAppName}" <${from}>`,
|
|
to,
|
|
subject: t(lang, 'email.federationInvite.subject', { appName: headerAppName, fromUser: sanitizeHeaderValue(fromUser) }),
|
|
html: `
|
|
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
|
|
<h2 style="color:#cba6f7;margin-top:0;">${t(lang, 'email.greeting', { name: safeName })}</h2>
|
|
<p>${introHtml}</p>
|
|
<div style="background:#313244;border-radius:8px;padding:16px;margin:20px 0;">
|
|
<p style="margin:0 0 8px 0;font-size:13px;color:#7f849c;">${t(lang, 'email.federationInvite.roomLabel')}</p>
|
|
<p style="margin:0;font-size:16px;font-weight:bold;color:#cdd6f4;">${safeRoomName}</p>
|
|
${safeMessage ? `<p style="margin:12px 0 0 0;font-size:13px;color:#a6adc8;font-style:italic;">"${safeMessage}"</p>` : ''}
|
|
</div>
|
|
<p style="text-align:center;margin:28px 0;">
|
|
<a href="${inboxUrl}"
|
|
style="display:inline-block;background:#cba6f7;color:#1e1e2e;padding:12px 32px;border-radius:8px;text-decoration:none;font-weight:bold;">
|
|
${t(lang, 'email.viewInvitation')}
|
|
</a>
|
|
</p>
|
|
<hr style="border:none;border-top:1px solid #313244;margin:24px 0;"/>
|
|
<p style="font-size:12px;color:#585b70;">${t(lang, 'email.invitationFooter')}</p>
|
|
</div>
|
|
`,
|
|
text: `${t(lang, 'email.greeting', { name })}\n\n${t(lang, 'email.federationInvite.intro', { fromUser })}\n${t(lang, 'email.federationInvite.roomLabel')} ${roomName}${message ? `\n"${message}"` : ''}\n\n${t(lang, 'email.viewInvitation')}: ${inboxUrl}\n\n- ${appName}`,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Send a calendar event invitation email (federated).
|
|
*/
|
|
export async function sendCalendarInviteEmail(to, name, fromUser, title, startTime, endTime, description, inboxUrl, appName = 'Redlight', lang = 'en') {
|
|
if (!transporter) return;
|
|
|
|
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
|
const headerAppName = sanitizeHeaderValue(appName);
|
|
const safeName = escapeHtml(name);
|
|
const safeFromUser = escapeHtml(fromUser);
|
|
const safeTitle = escapeHtml(title);
|
|
const safeDesc = description ? escapeHtml(description) : null;
|
|
|
|
const formatDate = (iso) => {
|
|
try { return new Date(iso).toLocaleString(lang === 'de' ? 'de-DE' : 'en-GB', { dateStyle: 'full', timeStyle: 'short' }); }
|
|
catch { return iso; }
|
|
};
|
|
|
|
const introHtml = t(lang, 'email.calendarInvite.intro')
|
|
.replace('{fromUser}', `<strong style="color:#cdd6f4;">${safeFromUser}</strong>`);
|
|
|
|
await transporter.sendMail({
|
|
from: `"${headerAppName}" <${from}>`,
|
|
to,
|
|
subject: t(lang, 'email.calendarInvite.subject', { appName: headerAppName, fromUser: sanitizeHeaderValue(fromUser) }),
|
|
html: `
|
|
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
|
|
<h2 style="color:#cba6f7;margin-top:0;">${t(lang, 'email.greeting', { name: safeName })}</h2>
|
|
<p>${introHtml}</p>
|
|
<div style="background:#313244;border-radius:8px;padding:16px;margin:20px 0;">
|
|
<p style="margin:0 0 4px 0;font-size:15px;font-weight:bold;color:#cdd6f4;">${safeTitle}</p>
|
|
<p style="margin:6px 0 0 0;font-size:13px;color:#a6adc8;">🕐 ${escapeHtml(formatDate(startTime))} - ${escapeHtml(formatDate(endTime))}</p>
|
|
${safeDesc ? `<p style="margin:10px 0 0 0;font-size:13px;color:#a6adc8;font-style:italic;">"${safeDesc}"</p>` : ''}
|
|
</div>
|
|
<p style="text-align:center;margin:28px 0;">
|
|
<a href="${inboxUrl}"
|
|
style="display:inline-block;background:#cba6f7;color:#1e1e2e;padding:12px 32px;border-radius:8px;text-decoration:none;font-weight:bold;">
|
|
${t(lang, 'email.viewInvitation')}
|
|
</a>
|
|
</p>
|
|
<hr style="border:none;border-top:1px solid #313244;margin:24px 0;"/>
|
|
<p style="font-size:12px;color:#585b70;">${t(lang, 'email.invitationFooter')}</p>
|
|
</div>
|
|
`,
|
|
text: `${t(lang, 'email.greeting', { name })}\n\n${t(lang, 'email.calendarInvite.intro', { fromUser })}\n${safeTitle}\n${formatDate(startTime)} \u2013 ${formatDate(endTime)}${description ? `\n\n"${description}"` : ''}\n\n${t(lang, 'email.viewInvitation')}: ${inboxUrl}\n\n\u2013 ${appName}`,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Notify a user that a federated calendar event they received was deleted by the organiser.
|
|
*/
|
|
export async function sendCalendarEventDeletedEmail(to, name, fromUser, title, appName = 'Redlight', lang = 'en') {
|
|
if (!transporter) return;
|
|
|
|
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
|
const headerAppName = sanitizeHeaderValue(appName);
|
|
const safeName = escapeHtml(name);
|
|
const safeFromUser = escapeHtml(fromUser);
|
|
const safeTitle = escapeHtml(title);
|
|
|
|
const introHtml = t(lang, 'email.calendarDeleted.intro')
|
|
.replace('{fromUser}', `<strong style="color:#cdd6f4;">${safeFromUser}</strong>`);
|
|
|
|
await transporter.sendMail({
|
|
from: `"${headerAppName}" <${from}>`,
|
|
to,
|
|
subject: t(lang, 'email.calendarDeleted.subject', { appName: headerAppName, title: sanitizeHeaderValue(title) }),
|
|
html: `
|
|
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
|
|
<h2 style="color:#f38ba8;margin-top:0;">${t(lang, 'email.greeting', { name: safeName })}</h2>
|
|
<p>${introHtml}</p>
|
|
<div style="background:#313244;border-radius:8px;padding:16px;margin:20px 0;border-left:4px solid #f38ba8;">
|
|
<p style="margin:0;font-size:15px;font-weight:bold;color:#cdd6f4;">${safeTitle}</p>
|
|
</div>
|
|
<p style="font-size:13px;color:#7f849c;">${t(lang, 'email.calendarDeleted.note')}</p>
|
|
<hr style="border:none;border-top:1px solid #313244;margin:24px 0;"/>
|
|
<p style="font-size:12px;color:#585b70;">${t(lang, 'email.calendarDeleted.footer', { appName: escapeHtml(appName) })}</p>
|
|
</div>
|
|
`,
|
|
text: `${t(lang, 'email.greeting', { name })}\n\n${t(lang, 'email.calendarDeleted.intro', { fromUser })}\n"${title}"\n\n${t(lang, 'email.calendarDeleted.note')}\n\n\u2013 ${appName}`,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Send a user registration invite email.
|
|
* @param {string} to - recipient email
|
|
* @param {string} inviteUrl - full invite registration URL
|
|
* @param {string} appName - branding app name (default "Redlight")
|
|
*/
|
|
export async function sendInviteEmail(to, inviteUrl, appName = 'Redlight', lang = 'en') {
|
|
if (!transporter) {
|
|
throw new Error('SMTP not configured');
|
|
}
|
|
|
|
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
|
const headerAppName = sanitizeHeaderValue(appName);
|
|
const safeAppName = escapeHtml(appName);
|
|
|
|
const introHtml = t(lang, 'email.invite.intro')
|
|
.replace('{appName}', `<strong style="color:#cdd6f4;">${safeAppName}</strong>`);
|
|
|
|
await transporter.sendMail({
|
|
from: `"${headerAppName}" <${from}>`,
|
|
to,
|
|
subject: t(lang, 'email.invite.subject', { appName: headerAppName }),
|
|
html: `
|
|
<div style="font-family:Arial,sans-serif;max-width:520px;margin:0 auto;padding:32px;background:#1e1e2e;color:#cdd6f4;border-radius:12px;">
|
|
<h2 style="color:#cba6f7;margin-top:0;">${t(lang, 'email.invite.title')}</h2>
|
|
<p>${introHtml}</p>
|
|
<p>${t(lang, 'email.invite.prompt')}</p>
|
|
<p style="text-align:center;margin:28px 0;">
|
|
<a href="${inviteUrl}"
|
|
style="display:inline-block;background:#cba6f7;color:#1e1e2e;padding:12px 32px;border-radius:8px;text-decoration:none;font-weight:bold;">
|
|
${t(lang, 'email.invite.button')}
|
|
</a>
|
|
</p>
|
|
<p style="font-size:13px;color:#7f849c;">
|
|
${t(lang, 'email.linkHint')}<br/>
|
|
<a href="${inviteUrl}" style="color:#89b4fa;word-break:break-all;">${escapeHtml(inviteUrl)}</a>
|
|
</p>
|
|
<p style="font-size:13px;color:#7f849c;">${t(lang, 'email.invite.validity')}</p>
|
|
<hr style="border:none;border-top:1px solid #313244;margin:24px 0;"/>
|
|
<p style="font-size:12px;color:#585b70;">${t(lang, 'email.invite.footer')}</p>
|
|
</div>
|
|
`,
|
|
text: `${t(lang, 'email.invite.title')}\n\n${t(lang, 'email.invite.intro', { appName })}\n\n${t(lang, 'email.invite.prompt')}\n${inviteUrl}\n\n${t(lang, 'email.invite.validity')}\n\n- ${appName}`,
|
|
});
|
|
}
|