Skip to content

Commit

Permalink
fix: fixed isEmail via @forwardemail/validator and blacklisted_chars …
Browse files Browse the repository at this point in the history
…options
  • Loading branch information
titanism committed Dec 13, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 8d87dd3 commit 26a702f
Showing 66 changed files with 177 additions and 198 deletions.
2 changes: 1 addition & 1 deletion app/controllers/api/v1/inquiries.js
Original file line number Diff line number Diff line change
@@ -7,8 +7,8 @@ const { createHmac } = require('node:crypto');
const Boom = require('@hapi/boom');
const isSANB = require('is-string-and-not-blank');
const _ = require('lodash');
const { isEmail } = require('validator');
const { Headers } = require('mailsplit');
const isEmail = require('#helpers/is-email');

const config = require('#config');
const env = require('#config/env');
2 changes: 1 addition & 1 deletion app/controllers/api/v1/lookup.js
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ const isSANB = require('is-string-and-not-blank');
const ms = require('ms');
const regexParser = require('regex-parser');
const { boolean } = require('boolean');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const Aliases = require('#models/aliases');
const Domains = require('#models/domains');
2 changes: 1 addition & 1 deletion app/controllers/api/v1/port.js
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ const Boom = require('@hapi/boom');
const isBase64 = require('is-base64');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const { isPort } = require('validator');
const { isPort } = require('@forwardemail/validator');

const env = require('#config/env');
const config = require('#config');
2 changes: 1 addition & 1 deletion app/controllers/api/v1/self-test.js
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ const Boom = require('@hapi/boom');
const _ = require('lodash');
const isSANB = require('is-string-and-not-blank');
const pMap = require('p-map');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const config = require('#config');
const email = require('#helpers/email');
2 changes: 1 addition & 1 deletion app/controllers/api/v1/settings.js
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ const Boom = require('@hapi/boom');
const isBase64 = require('is-base64');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const { isPort } = require('validator');
const { isPort } = require('@forwardemail/validator');

const env = require('#config/env');
const config = require('#config');
2 changes: 1 addition & 1 deletion app/controllers/api/v1/upgrade.js
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ const Boom = require('@hapi/boom');
const _ = require('lodash');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const { UpgradeReminders } = require('#models');

4 changes: 3 additions & 1 deletion app/controllers/web/admin/allowlist.js
Original file line number Diff line number Diff line change
@@ -9,7 +9,9 @@ const _ = require('lodash');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const paginate = require('koa-ctx-paginate');
const { isEmail, isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');

const isEmail = require('#helpers/is-email');

async function list(ctx) {
let results = await ctx.client.keys('allowlist:*');
4 changes: 3 additions & 1 deletion app/controllers/web/admin/denylist.js
Original file line number Diff line number Diff line change
@@ -9,7 +9,9 @@ const _ = require('lodash');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const paginate = require('koa-ctx-paginate');
const { isEmail, isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');

const isEmail = require('#helpers/is-email');

async function list(ctx) {
let results = await ctx.client.keys('denylist:*');
2 changes: 1 addition & 1 deletion app/controllers/web/admin/domains.js
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ const isSANB = require('is-string-and-not-blank');
const paginate = require('koa-ctx-paginate');
const parser = require('mongodb-query-parser');
const { boolean } = require('boolean');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const config = require('#config');
const emailHelper = require('#helpers/email');
3 changes: 2 additions & 1 deletion app/controllers/web/api.js
Original file line number Diff line number Diff line change
@@ -13,9 +13,10 @@ const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const pug = require('pug');
const { JSDOM } = require('jsdom');
const { isIP, isEmail } = require('validator');
const { isIP } = require('@forwardemail/validator');

const exec = util.promisify(childProcess.exec);
const isEmail = require('#helpers/is-email');
const config = require('#config');
const markdown = require('#helpers/markdown');
const logger = require('#helpers/logger');
2 changes: 1 addition & 1 deletion app/controllers/web/auth.js
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ const dayjs = require('dayjs-with-plugins');
const isSANB = require('is-string-and-not-blank');
const qrcode = require('qrcode');
const titleize = require('titleize');
const validator = require('validator');
const validator = require('@forwardemail/validator');
const { authenticator } = require('otplib');
const { boolean } = require('boolean');
const { errors } = require('passport-local-mongoose');
26 changes: 12 additions & 14 deletions app/controllers/web/denylist.js
Original file line number Diff line number Diff line change
@@ -9,16 +9,15 @@ const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const ms = require('ms');
const { boolean } = require('boolean');
const { isEmail, isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');

const isEmail = require('#helpers/is-email');
const config = require('#config');
const { email, decrypt } = require('#helpers');
const { Inquiries } = require('#models');
const parseHostFromDomainOrAddress = require('#helpers/parse-host-from-domain-or-address');
const parseRootDomain = require('#helpers/parse-root-domain');

const isEmailOptions = { ignore_max_length: true };

// eslint-disable-next-line complexity
async function validate(ctx, next) {
//
@@ -35,7 +34,7 @@ async function validate(ctx, next) {
if (
ctx.state.user.group === 'admin' &&
isSANB(ctx.request.body.email) &&
!isEmail(ctx.request.body.email, isEmailOptions)
!isEmail(ctx.request.body.email)
)
return ctx.throw(Boom.badRequest(ctx.translateError('INVALID_EMAIL')));

@@ -44,7 +43,7 @@ async function validate(ctx, next) {
// normalize by converting to lowercase and trimming
q = q.toLowerCase().trim();

if (!isFQDN(q) && !isIP(q) && !isEmail(q, isEmailOptions)) {
if (!isFQDN(q) && !isIP(q) && !isEmail(q)) {
// check if it was encrypted value and can be decrypted without error
// and the decrypted value is a FQDN, IP, or Email
// otherwise throw the same error as above
@@ -58,7 +57,7 @@ async function validate(ctx, next) {
);
}

if (!isFQDN(q) && !isIP(q) && !isEmail(q, isEmailOptions))
if (!isFQDN(q) && !isIP(q) && !isEmail(q))
return ctx.throw(
Boom.badRequest(ctx.translateError('INVALID_DENYLIST_VALUE'))
);
@@ -75,8 +74,7 @@ async function validate(ctx, next) {
}

// set the root domain value in state for validate fn
if (isEmail(q, isEmailOptions) || isFQDN(q))
ctx.state.rootDomain = parseRootDomain(q);
if (isEmail(q) || isFQDN(q)) ctx.state.rootDomain = parseRootDomain(q);

// check that the value is in the denylist
// (or the root value is in the denylist)
@@ -101,7 +99,7 @@ async function validate(ctx, next) {
ctx.state.rootDomain && // if it was an email or if the root domain value was different
// then we need to check denylist against root value and if it was an email
// then we need to check the combo of denylist:root:email
(isEmail(q, isEmailOptions) || ctx.state.rootDomain !== q)
(isEmail(q) || ctx.state.rootDomain !== q)
) {
result = await ctx.client.get(`denylist:${ctx.state.rootDomain}`);

@@ -118,7 +116,7 @@ async function validate(ctx, next) {

// if it was an email then check `denylist:root:email` combo

if (isEmail(q, isEmailOptions)) {
if (isEmail(q)) {
result = await ctx.client.get(
`denylist:${ctx.state.rootDomain}:${q}`
);
@@ -139,7 +137,7 @@ async function validate(ctx, next) {

// if no result and it was an email then check against hard-coded denylist
// (and also check parsed domain and root domain)
if (!result && isEmail(q, isEmailOptions)) {
if (!result && isEmail(q)) {
const domain = parseHostFromDomainOrAddress(q);
const root = parseRootDomain(domain);
if (config.denylist.has(q)) {
@@ -254,7 +252,7 @@ async function remove(ctx) {
// automatic spam activity detected bug or a spammer
//
let isAllowlisted = false;
if (isEmail(ctx.state.q, isEmailOptions) && ctx.state.rootDomain) {
if (isEmail(ctx.state.q) && ctx.state.rootDomain) {
try {
isAllowlisted = await ctx.client.get(
`allowlist:${ctx.state.rootDomain}`
@@ -356,7 +354,7 @@ async function remove(ctx) {
}

// if it was an email then delete the combo
if (isEmail(ctx.state.q, isEmailOptions) && ctx.state.rootDomain) {
if (isEmail(ctx.state.q) && ctx.state.rootDomain) {
await ctx.client.del(`denylist:${ctx.state.q}`);
await ctx.client.del(`denylist:${ctx.state.rootDomain}:${ctx.state.q}`);
await ctx.client.set(
@@ -389,7 +387,7 @@ async function remove(ctx) {
if (
ctx.state.user.group === 'admin' &&
isSANB(ctx.request.body.email) &&
isEmail(ctx.request.body.email, isEmailOptions)
isEmail(ctx.request.body.email)
)
email({
template: 'alert',
2 changes: 1 addition & 1 deletion app/controllers/web/index.js
Original file line number Diff line number Diff line change
@@ -26,7 +26,6 @@ const titleize = require('titleize');
const wrap = require('word-wrap');
const { Octokit } = require('@octokit/core');
const { gzip } = require('node-gzip');
const { isEmail } = require('validator');

const admin = require('./admin');
const api = require('./api');
@@ -44,6 +43,7 @@ const sitemap = require('./sitemap');
const search = require('./search');
const ips = require('./ips');
const mobileConfig = require('./mobile-config');
const isEmail = require('#helpers/is-email');

const Aliases = require('#models/aliases');
const Domains = require('#models/domains');
9 changes: 3 additions & 6 deletions app/controllers/web/mobile-config.js
Original file line number Diff line number Diff line change
@@ -15,10 +15,10 @@ const mongoose = require('mongoose');
const plist = require('plist');
const shortID = require('mongodb-short-id');
const titleize = require('titleize');
const { isEmail } = require('validator');
const getUuid = require('@forwardemail/uuid-by-string');
const isEmail = require('#helpers/is-email');

// https://github.com/danakt/uuid-by-string/issues/24
const getUuid = require('@forwardemail/uuid-by-string');

const Aliases = require('#models/aliases');
const env = require('#config/env');
@@ -379,10 +379,7 @@ async function mobileConfig(ctx, next) {
return next(); // 404

// ctx.params.username must be a valid email address
if (
!isSANB(ctx.params.username) ||
!isEmail(ctx.params.username, { ignore_max_length: true })
)
if (!isSANB(ctx.params.username) || !isEmail(ctx.params.username))
return next(); // 404

// ?a= alias ID
2 changes: 1 addition & 1 deletion app/controllers/web/my-account/create-invite.js
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@

const Boom = require('@hapi/boom');
const isSANB = require('is-string-and-not-blank');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const emailHelper = require('#helpers/email');
const { Users, Domains } = require('#models');
4 changes: 2 additions & 2 deletions app/controllers/web/my-account/generate-alias-password.js
Original file line number Diff line number Diff line change
@@ -12,9 +12,9 @@ const isSANB = require('is-string-and-not-blank');
const sanitizeHtml = require('sanitize-html');
const shortID = require('mongodb-short-id');
const { boolean } = require('boolean');
const { isEmail } = require('validator');

const ms = require('ms');
const isEmail = require('#helpers/is-email');

const Aliases = require('#models/aliases');
const Domains = require('#models/domains');
const config = require('#config');
3 changes: 2 additions & 1 deletion app/controllers/web/my-account/import-aliases.js
Original file line number Diff line number Diff line change
@@ -9,8 +9,9 @@ const Boom = require('@hapi/boom');
const _ = require('lodash');
const isFQDN = require('is-fqdn');
const { boolean } = require('boolean');
const { isURL, isEmail, isIP } = require('validator');
const { isURL, isIP } = require('@forwardemail/validator');

const isEmail = require('#helpers/is-email');
const { Domains, Aliases } = require('#models');
const config = require('#config');

2 changes: 1 addition & 1 deletion app/controllers/web/my-account/list-logs.js
Original file line number Diff line number Diff line change
@@ -15,8 +15,8 @@ const isSANB = require('is-string-and-not-blank');
const paginate = require('koa-ctx-paginate');
const regexParser = require('regex-parser');
const revHash = require('rev-hash');
const { isEmail } = require('validator');
const ms = require('ms');
const isEmail = require('#helpers/is-email');

const config = require('#config');
const emailHelper = require('#helpers/email');
2 changes: 1 addition & 1 deletion app/controllers/web/my-account/remove-invite.js
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@

const Boom = require('@hapi/boom');
const isSANB = require('is-string-and-not-blank');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const { Domains } = require('#models');

2 changes: 1 addition & 1 deletion app/controllers/web/my-account/retrieve-aliases.js
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ const isSANB = require('is-string-and-not-blank');
const mongoose = require('mongoose');
const paginate = require('koa-ctx-paginate');
const { boolean } = require('boolean');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const Aliases = require('#models/aliases');
const sendPaginationCheck = require('#helpers/send-pagination-check');
2 changes: 1 addition & 1 deletion app/controllers/web/my-account/retrieve-log.js
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@
const Boom = require('@hapi/boom');
const isSANB = require('is-string-and-not-blank');
const mongoose = require('mongoose');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const { Logs, Aliases } = require('#models');

2 changes: 1 addition & 1 deletion app/controllers/web/my-account/sorted-domains.js
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@
const _ = require('lodash');
const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const { isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');

function sortedDomains(ctx, next) {
ctx.state.sortedDomains = _.clone(ctx.state.domains);
2 changes: 1 addition & 1 deletion app/controllers/web/my-account/update-domain.js
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ const _ = require('lodash');
const bytes = require('@forwardemail/bytes');
const isSANB = require('is-string-and-not-blank');
const { boolean } = require('boolean');
const { isPort } = require('validator');
const { isPort } = require('@forwardemail/validator');

const { Domains } = require('#models');

2 changes: 1 addition & 1 deletion app/controllers/web/my-account/update-profile.js
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ const cryptoRandomString = require('crypto-random-string');
const dayjs = require('dayjs-with-plugins');
const humanize = require('humanize-string');
const isSANB = require('is-string-and-not-blank');
const { isEmail } = require('validator');
const isEmail = require('#helpers/is-email');

const config = require('#config');
const emailHelper = require('#helpers/email');
4 changes: 2 additions & 2 deletions app/controllers/web/my-account/validate-alias.js
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@ const slug = require('speakingurl');
const splitLines = require('split-lines');
const striptags = require('striptags');
const { boolean } = require('boolean');
// const { isEmail } = require('validator');
// const isEmail = require('#helpers/is-email');

const ensureDomainAdmin = require('./ensure-domain-admin');

@@ -184,7 +184,7 @@ function validateAlias(ctx, next) {
if (
_.isArray(body.recipients) &&
body.recipients.some(
(r) => isEmail(r, { ignore_max_length: true }) && r.endsWith(`@${ctx.state.domain.name}`)
(r) => isEmail(r) && r.endsWith(`@${ctx.state.domain.name}`)
)
)
return ctx.throw(
3 changes: 2 additions & 1 deletion app/controllers/web/my-account/validate-domain.js
Original file line number Diff line number Diff line change
@@ -11,8 +11,9 @@ const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const splitLines = require('split-lines');
const { boolean } = require('boolean');
const { isEmail, isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');

const isEmail = require('#helpers/is-email');
const parseRootDomain = require('#helpers/parse-root-domain');

// eslint-disable-next-line complexity
3 changes: 2 additions & 1 deletion app/controllers/web/onboard.js
Original file line number Diff line number Diff line change
@@ -14,10 +14,11 @@ const isFQDN = require('is-fqdn');
const isSANB = require('is-string-and-not-blank');
const pug = require('pug');
const { boolean } = require('boolean');
const { isEmail, isIP } = require('validator');
const { isIP } = require('@forwardemail/validator');
const { ValidationError } = require('mongoose/lib/error');
const { parse } = require('node-html-parser');

const isEmail = require('#helpers/is-email');
const config = require('#config');
const logger = require('#helpers/logger');
const sendVerificationEmail = require('#helpers/send-verification-email');
Loading

0 comments on commit 26a702f

Please sign in to comment.