Browse Source

Add option to specify mail providers which are not supported

master
Jonas Lochmann 2 months ago
parent
commit
5987583ca3
Signed by: Jonas Lochmann <git@inkompetenz.org> GPG Key ID: 8B8C9AEE10FA5B36
3 changed files with 34 additions and 0 deletions
  1. +3
    -0
      Readme.md
  2. +23
    -0
      src/api/auth.ts
  3. +8
    -0
      src/util/mail.ts

+ 3
- 0
Readme.md View File

@@ -57,3 +57,6 @@ This fixes the causes of lint warnings (where possible).
- ADMIN_TOKEN
- a password which allows to use some APIs
- admin APIs are disabled when this is not set
- MAIL_SERVER_BLACKLIST
- list of domains, separated by comma
- if the user tries to use such a mail service, then he will get the notification that this provider is not supported

+ 23
- 0
src/api/auth.ts View File

@@ -24,6 +24,7 @@ import {
isSendMailLoginCodeRequest,
isSignInByMailCodeRequest
} from './validator'
import { isMailServerBlacklisted } from '../util/mail'

export const createAuthRouter = (database: Database) => {
const router = Router()
@@ -46,6 +47,28 @@ export const createAuthRouter = (database: Database) => {
}
})

router.post('/send-mail-login-code-v2', json(), async (req, res, next) => {
try {
if (!isSendMailLoginCodeRequest(req.body)) {
throw new BadRequest()
}

if (isMailServerBlacklisted(req.body.mail)) {
res.json({ mailServerBlacklisted: true })
} else {
const { mailLoginToken } = await sendLoginCode({
mail: req.body.mail,
locale: req.body.locale,
database
})

res.json({ mailLoginToken })
}
} catch (ex) {
next(ex)
}
})

router.post('/sign-in-by-mail-code', json(), async (req, res, next) => {
try {
if (!isSignInByMailCodeRequest(req.body)) {

+ 8
- 0
src/util/mail.ts View File

@@ -19,6 +19,7 @@ import * as Email from 'email-templates'
import { join } from 'path'

const mailimprint = process.env.MAIL_IMPRINT || 'not defined'
const mailServerBlacklist = (process.env.MAIL_SERVER_BLACKLIST || '').split(',').filter((item) => !!item)

const email = new Email({
message: {
@@ -81,3 +82,10 @@ export const sendUninstallWarningMail = async ({ receiver, deviceName }: {
}
})
}

export function isMailServerBlacklisted(mail: string) {
const parts = mail.split('@')
const domain = parts[parts.length - 1]

return mailServerBlacklist.indexOf(domain.toLowerCase()) !== -1
}

Loading…
Cancel
Save