mirror of
https://github.com/nodemailer/wildduck.git
synced 2024-09-20 15:26:03 +08:00
353 lines
12 KiB
JavaScript
353 lines
12 KiB
JavaScript
'use strict';
|
|
|
|
const Joi = require('joi');
|
|
const ObjectID = require('mongodb').ObjectID;
|
|
const tools = require('../tools');
|
|
const roles = require('../roles');
|
|
|
|
module.exports = (db, server) => {
|
|
/**
|
|
* @api {put} /users/:user/autoreply Update Autoreply information
|
|
* @apiName PutAutoreply
|
|
* @apiGroup Autoreplies
|
|
* @apiHeader {String} X-Access-Token Optional access token if authentication is enabled
|
|
* @apiHeaderExample {json} Header-Example:
|
|
* {
|
|
* "X-Access-Token": "59fc66a03e54454869460e45"
|
|
* }
|
|
*
|
|
* @apiParam {String} user ID of the User
|
|
* @apiParam {Boolean} [status] Is the autoreply enabled (true) or not (false)
|
|
* @apiParam {String} [name] Name that is used for the From: header in autoreply message
|
|
* @apiParam {String} [subject] Subject line for the autoreply. If empty then uses subject of the original message
|
|
* @apiParam {String} [html] HTML formatted content of the autoreply message
|
|
* @apiParam {String} [text] Plaintext formatted content of the autoreply message
|
|
* @apiParam {String} [start] Datestring of the start of the autoreply or boolean false to disable start checks
|
|
* @apiParam {String} [end] Datestring of the end of the autoreply or boolean false to disable end checks
|
|
*
|
|
* @apiSuccess {Boolean} success Indicates successful response
|
|
*
|
|
* @apiError error Description of the error
|
|
*
|
|
* @apiExample {curl} Example usage:
|
|
* curl -i -XPUT http://localhost:8080/users/59fc66a03e54454869460e45/autoreply \
|
|
* -H 'Content-type: application/json' \
|
|
* -d '{
|
|
* "status": true,
|
|
* "text": "Away from office until Dec.19",
|
|
* "start": "2017-11-15T00:00:00.000Z",
|
|
* "end": "2017-12-19T00:00:00.000Z"
|
|
* }'
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "success": true
|
|
* }
|
|
*
|
|
* @apiErrorExample {json} Error-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "error": "This user does not exist"
|
|
* }
|
|
*/
|
|
server.put(
|
|
'/users/:user/autoreply',
|
|
tools.asyncifyJson(async (req, res, next) => {
|
|
res.charSet('utf-8');
|
|
|
|
const schema = Joi.object().keys({
|
|
user: Joi.string()
|
|
.hex()
|
|
.lowercase()
|
|
.length(24)
|
|
.required(),
|
|
status: Joi.boolean()
|
|
.truthy(['Y', 'true', 'yes', 'on', '1', 1])
|
|
.falsy(['N', 'false', 'no', 'off', '0', 0, ''])
|
|
.default(false),
|
|
name: Joi.string()
|
|
.empty('')
|
|
.trim()
|
|
.max(128),
|
|
subject: Joi.string()
|
|
.empty('')
|
|
.trim()
|
|
.max(128),
|
|
text: Joi.string()
|
|
.empty('')
|
|
.trim()
|
|
.max(128 * 1024),
|
|
html: Joi.string()
|
|
.empty('')
|
|
.trim()
|
|
.max(128 * 1024),
|
|
start: Joi.date()
|
|
.empty('')
|
|
.allow(false),
|
|
end: Joi.date()
|
|
.empty('')
|
|
.allow(false),
|
|
sess: Joi.string().max(255),
|
|
ip: Joi.string().ip({
|
|
version: ['ipv4', 'ipv6'],
|
|
cidr: 'forbidden'
|
|
})
|
|
});
|
|
|
|
const result = Joi.validate(req.params, schema, {
|
|
abortEarly: false,
|
|
convert: true
|
|
});
|
|
|
|
if (result.error) {
|
|
res.status(400);
|
|
res.json({
|
|
error: result.error.message,
|
|
code: 'InputValidationError'
|
|
});
|
|
return next();
|
|
}
|
|
|
|
// permissions check
|
|
if (req.user && req.user === result.value.user) {
|
|
req.validate(roles.can(req.role).updateOwn('autoreplies'));
|
|
} else {
|
|
req.validate(roles.can(req.role).updateAny('autoreplies'));
|
|
}
|
|
|
|
if (!result.value.name && 'name' in req.params) {
|
|
result.value.name = '';
|
|
}
|
|
|
|
if (!result.value.subject && 'subject' in req.params) {
|
|
result.value.subject = '';
|
|
}
|
|
|
|
if (!result.value.text && 'text' in req.params) {
|
|
result.value.text = '';
|
|
if (!result.value.html) {
|
|
// make sure we also update html part
|
|
result.value.html = '';
|
|
}
|
|
}
|
|
|
|
if (!result.value.html && 'html' in req.params) {
|
|
result.value.html = '';
|
|
if (!result.value.text) {
|
|
// make sure we also update plaintext part
|
|
result.value.text = '';
|
|
}
|
|
}
|
|
|
|
let user = new ObjectID(result.value.user);
|
|
|
|
let r = await db.users.collection('users').updateOne({ _id: user }, { $set: { autoreply: result.value.status } });
|
|
|
|
if (!r.matchedCount) {
|
|
res.json({
|
|
error: 'Unknown user'
|
|
});
|
|
return next();
|
|
}
|
|
|
|
result.value.user = user;
|
|
r = await db.database.collection('autoreplies').updateOne({ user }, { $set: result.value }, { upsert: true });
|
|
|
|
res.json({
|
|
success: true,
|
|
id: r.insertedId
|
|
});
|
|
|
|
return next();
|
|
})
|
|
);
|
|
|
|
/**
|
|
* @api {get} /users/:user/autoreply Request Autoreply information
|
|
* @apiName GetAutoreply
|
|
* @apiGroup Autoreplies
|
|
* @apiHeader {String} X-Access-Token Optional access token if authentication is enabled
|
|
* @apiHeaderExample {json} Header-Example:
|
|
* {
|
|
* "X-Access-Token": "59fc66a03e54454869460e45"
|
|
* }
|
|
*
|
|
* @apiParam {String} user ID of the User
|
|
*
|
|
* @apiSuccess {Boolean} success Indicates successful response
|
|
* @apiSuccess {Boolean} status Is the autoreply enabled (true) or not (false)
|
|
* @apiSuccess {String} name Name that is used for the From: header in autoreply message
|
|
* @apiSuccess {String} subject Subject line for the autoreply. If empty then uses subject of the original message
|
|
* @apiSuccess {String} html HTML formatted content of the autoreply message
|
|
* @apiSuccess {String} text Plaintext formatted content of the autoreply message
|
|
* @apiSuccess {String} start Datestring of the start of the autoreply
|
|
* @apiSuccess {String} end Datestring of the end of the autoreply
|
|
*
|
|
*
|
|
* @apiError error Description of the error
|
|
*
|
|
* @apiExample {curl} Example usage:
|
|
* curl -i http://localhost:8080/users/59fc66a03e54454869460e45/autoreply
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "success": true,
|
|
* "status": true,
|
|
* "subject": "",
|
|
* "text": "Away from office until Dec.19",
|
|
* "html": "",
|
|
* "start": "2017-11-15T00:00:00.000Z",
|
|
* "end": "2017-12-19T00:00:00.000Z"
|
|
* }
|
|
*
|
|
* @apiErrorExample {json} Error-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "error": "This user does not exist"
|
|
* }
|
|
*/
|
|
server.get(
|
|
'/users/:user/autoreply',
|
|
tools.asyncifyJson(async (req, res, next) => {
|
|
res.charSet('utf-8');
|
|
|
|
const schema = Joi.object().keys({
|
|
user: Joi.string()
|
|
.hex()
|
|
.lowercase()
|
|
.length(24)
|
|
.required(),
|
|
sess: Joi.string().max(255),
|
|
ip: Joi.string().ip({
|
|
version: ['ipv4', 'ipv6'],
|
|
cidr: 'forbidden'
|
|
})
|
|
});
|
|
|
|
const result = Joi.validate(req.params, schema, {
|
|
abortEarly: false,
|
|
convert: true
|
|
});
|
|
|
|
if (result.error) {
|
|
res.status(400);
|
|
res.json({
|
|
error: result.error.message,
|
|
code: 'InputValidationError'
|
|
});
|
|
return next();
|
|
}
|
|
|
|
// permissions check
|
|
if (req.user && req.user === result.value.user) {
|
|
req.validate(roles.can(req.role).readOwn('autoreplies'));
|
|
} else {
|
|
req.validate(roles.can(req.role).readAny('autoreplies'));
|
|
}
|
|
|
|
let user = new ObjectID(result.value.user);
|
|
|
|
let entry = await db.database.collection('autoreplies').findOne({ user });
|
|
|
|
entry = entry || {};
|
|
res.json({
|
|
success: true,
|
|
status: !!entry.status,
|
|
name: entry.name || '',
|
|
subject: entry.subject || '',
|
|
text: entry.text || '',
|
|
html: entry.html || '',
|
|
start: entry.start || false,
|
|
end: entry.end || false
|
|
});
|
|
|
|
return next();
|
|
})
|
|
);
|
|
|
|
/**
|
|
* @api {delete} /users/:user/autoreply Delete Autoreply information
|
|
* @apiName DeleteAutoreply
|
|
* @apiGroup Autoreplies
|
|
* @apiHeader {String} X-Access-Token Optional access token if authentication is enabled
|
|
* @apiHeaderExample {json} Header-Example:
|
|
* {
|
|
* "X-Access-Token": "59fc66a03e54454869460e45"
|
|
* }
|
|
*
|
|
* @apiParam {String} user ID of the User
|
|
*
|
|
* @apiSuccess {Boolean} success Indicates successful response
|
|
*
|
|
* @apiError error Description of the error
|
|
*
|
|
* @apiExample {curl} Example usage:
|
|
* curl -i -XDELETE http://localhost:8080/users/59fc66a03e54454869460e45/autoreply
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "success": true
|
|
* }
|
|
*
|
|
* @apiErrorExample {json} Error-Response:
|
|
* HTTP/1.1 200 OK
|
|
* {
|
|
* "error": "This user does not exist"
|
|
* }
|
|
*/
|
|
server.del(
|
|
'/users/:user/autoreply',
|
|
tools.asyncifyJson(async (req, res, next) => {
|
|
res.charSet('utf-8');
|
|
|
|
const schema = Joi.object().keys({
|
|
user: Joi.string()
|
|
.hex()
|
|
.lowercase()
|
|
.length(24)
|
|
.required(),
|
|
sess: Joi.string().max(255),
|
|
ip: Joi.string().ip({
|
|
version: ['ipv4', 'ipv6'],
|
|
cidr: 'forbidden'
|
|
})
|
|
});
|
|
|
|
const result = Joi.validate(req.params, schema, {
|
|
abortEarly: false,
|
|
convert: true
|
|
});
|
|
|
|
if (result.error) {
|
|
res.status(400);
|
|
res.json({
|
|
error: result.error.message,
|
|
code: 'InputValidationError'
|
|
});
|
|
return next();
|
|
}
|
|
|
|
// permissions check
|
|
if (req.user && req.user === result.value.user) {
|
|
req.validate(roles.can(req.role).deleteOwn('autoreplies'));
|
|
} else {
|
|
req.validate(roles.can(req.role).deleteAny('autoreplies'));
|
|
}
|
|
|
|
let user = new ObjectID(result.value.user);
|
|
|
|
await db.users.collection('users').updateOne({ _id: user }, { $set: { autoreply: false } });
|
|
await db.database.collection('autoreplies').deleteOne({ user });
|
|
|
|
res.json({
|
|
success: true
|
|
});
|
|
|
|
return next();
|
|
})
|
|
);
|
|
};
|