restore /v2/alias/custom/new as used by browser extension

2024-09-20 15:05:59 +08:00 · 2021-03-25 19:18:50 +01:00 · 2021-03-25 19:18:50 +01:00 · 1cac625a90
parent c122b05896
commit 1cac625a90
2 changed files with 127 additions and 0 deletions
--- a/app/api/views/new_custom_alias.py
+++ b/app/api/views/new_custom_alias.py
@ -25,6 +25,101 @@ from app.models import (
 from app.utils import convert_to_id


+@api_bp.route("/v2/alias/custom/new", methods=["POST"])
+@limiter.limit(ALIAS_LIMIT)
+@require_api_auth
+def new_custom_alias_v2():
+    """
+    Create a new custom alias
+    Same as v1 but signed_suffix is actually the suffix with signature, e.g.
+    .random_word@SL.co.Xq19rQ.s99uWQ7jD1s5JZDZqczYI5TbNNU
+    Input:
+        alias_prefix, for ex "www_groupon_com"
+        signed_suffix, either .random_letters@simplelogin.co or @my-domain.com
+        optional "hostname" in args
+        optional "note"
+    Output:
+        201 if success
+        409 if the alias already exists
+
+    """
+    user: User = g.user
+    if not user.can_create_new_alias():
+        LOG.d("user %s cannot create any custom alias", user)
+        return (
+            jsonify(
+                error="You have reached the limitation of a free account with the maximum of "
+                f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
+            ),
+            400,
+        )
+
+    hostname = request.args.get("hostname")
+
+    data = request.get_json()
+    if not data:
+        return jsonify(error="request body cannot be empty"), 400
+
+    alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
+    signed_suffix = data.get("signed_suffix", "").strip()
+    note = data.get("note")
+    alias_prefix = convert_to_id(alias_prefix)
+
+    # hypothesis: user will click on the button in the 600 secs
+    try:
+        alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
+    except SignatureExpired:
+        LOG.warning("Alias creation time expired for %s", user)
+        return jsonify(error="Alias creation time is expired, please retry"), 412
+    except Exception:
+        LOG.warning("Alias suffix is tampered, user %s", user)
+        return jsonify(error="Tampered suffix"), 400
+
+    if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
+        return jsonify(error="wrong alias prefix or suffix"), 400
+
+    full_alias = alias_prefix + alias_suffix
+    if (
+        Alias.get_by(email=full_alias)
+        or DeletedAlias.get_by(email=full_alias)
+        or DomainDeletedAlias.get_by(email=full_alias)
+    ):
+        LOG.d("full alias already used %s", full_alias)
+        return jsonify(error=f"alias {full_alias} already exists"), 409
+
+    custom_domain_id = None
+    if alias_suffix.startswith("@"):
+        alias_domain = alias_suffix[1:]
+        domain = CustomDomain.get_by(domain=alias_domain)
+
+        # check if the alias is currently in the domain trash
+        if domain and DomainDeletedAlias.get_by(domain_id=domain.id, email=full_alias):
+            LOG.d(f"Alias {full_alias} is currently in the {domain.domain} trash. ")
+            return jsonify(error=f"alias {full_alias} in domain trash"), 409
+
+        if domain:
+            custom_domain_id = domain.id
+
+    alias = Alias.create(
+        user_id=user.id,
+        email=full_alias,
+        mailbox_id=user.default_mailbox_id,
+        note=note,
+        custom_domain_id=custom_domain_id,
+    )
+
+    db.session.commit()
+
+    if hostname:
+        AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
+        db.session.commit()
+
+    return (
+        jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))),
+        201,
+    )
+
+
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
@limiter.limit(ALIAS_LIMIT)
@require_api_auth
--- a/tests/api/test_new_custom_alias.py
+++ b/tests/api/test_new_custom_alias.py
@ -9,6 +9,38 @@ from app.utils import random_word
 from tests.utils import login


+def test_v2(flask_client):
+    login(flask_client)
+
+    word = random_word()
+    suffix = f".{word}@{EMAIL_DOMAIN}"
+    signed_suffix = signer.sign(suffix).decode()
+
+    r = flask_client.post(
+        "/api/v2/alias/custom/new",
+        json={
+            "alias_prefix": "prefix",
+            "signed_suffix": signed_suffix,
+        },
+    )
+
+    assert r.status_code == 201
+    assert r.json["alias"] == f"prefix.{word}@{EMAIL_DOMAIN}"
+
+    res = r.json
+    assert "id" in res
+    assert "email" in res
+    assert "creation_date" in res
+    assert "creation_timestamp" in res
+    assert "nb_forward" in res
+    assert "nb_block" in res
+    assert "nb_reply" in res
+    assert "enabled" in res
+
+    new_alias: Alias = Alias.get_by(email=r.json["alias"])
+    assert len(new_alias.mailboxes) == 1
+
+
 def test_minimal_payload(flask_client):
    user = login(flask_client)