pixelplanet/src/core/mail.js

/*
 * functions for mail verify
 * @flow
 */

import Sequelize from 'sequelize';
import nodemailer from 'nodemailer';

import logger from './logger';
import { HOUR, MINUTE } from './constants';
import { HOSTURL } from './config';
import { DailyCron, HourlyCron } from '../utils/cron';

import RegUser from '../data/models/RegUser';


/*
 * define mail transport
 * using unix command sendmail
 */
const transporter = nodemailer.createTransport({
  sendmail: true,
  newline: 'unix',
  path: '/usr/sbin/sendmail',
});


// TODO make code expire
class MailProvider {
  verifyCodes: Object;

  constructor() {
    this.clearCodes = this.clearCodes.bind(this);

    this.verifyCodes = {};
    HourlyCron.hook(this.clearCodes);
    DailyCron.hook(MailProvider.cleanUsers);
  }

  sendVerifyMail(to, name) {
    const pastMail = this.verifyCodes[to];
    if (pastMail) {
      const minLeft = Math.floor(
        pastMail.timestamp / MINUTE + 15 - Date.now() / MINUTE,
      );
      if (minLeft > 0) {
        logger.info(
          `Verify mail for ${to} - already sent, ${minLeft} minutes left`,
        );
        // eslint-disable-next-line max-len
        return `We already sent you a verification mail, you can request another one in ${minLeft} minutes.`;
      }
    }
    logger.info(`Sending verification mail to ${to} / ${name}`);
    const code = this.setCode(to);
    const verifyUrl = `${HOSTURL}/api/auth/verify?token=${code}`;
    transporter.sendMail({
      from: 'donotreply@pixelplanet.fun',
      to,
      replyTo: 'donotreply@pixelplanet.fun',
      // eslint-disable-next-line max-len
      subject: `Welcome ${name} to PixelPlanet, plese verify your mail`,
      // eslint-disable-next-line max-len
      text: `Hello,\nwelcome to our little community of pixelplacers, to use your account, you have to verify your mail. You can do that here:\n ${verifyUrl} \nHave fun and don't hesitate to contact us if you encouter any problems :)\nThanks`,
    }, (err) => {
      if (err) {
        logger.error(err & err.stack);
      }
    });
    return null;
  }

  async sendPasswdResetMail(to, ip) {
    const pastMail = this.verifyCodes[to];
    if (pastMail) {
      if (Date.now() < pastMail.timestamp + 15 * MINUTE) {
        logger.info(
          `Password reset mail for ${to} requested by ${ip} - already sent`,
        );
        // eslint-disable-next-line max-len
        return 'We already sent you a mail with instructions. Please wait before requesting another mail.';
      }
    }
    const reguser = await RegUser.findOne({ where: { email: to } });
    if (pastMail || !reguser) {
      logger.info(
        `Password reset mail for ${to} requested by ${ip} - mail not found`,
      );
      return "Couldn't find this mail in our database";
    }
    /*
     * not sure if this is needed yet
     * does it matter if spaming password reset mails or verifications mails?
     *
    if(!reguser.verified) {
      logger.info(`Password reset mail for ${to} requested by ${ip} - mail not verified`);
      return "Can't reset password of unverified account.";
    }
    */

    logger.info(`Sending Password reset mail to ${to}`);
    const code = this.setCode(to);
    const restoreUrl = `${HOSTURL}/reset_password?token=${code}`;
    transporter.sendMail({
      from: 'donotreply@pixelplanet.fun',
      to,
      replyTo: 'donotreply@pixelplanet.fun',
      // eslint-disable-next-line max-len
      subject: 'You forgot your password for PixelPlanet? Get a new one here',
      // eslint-disable-next-line max-len
      text: `Hello,\nYou requested to get a new password. You can change your password within the next 30min here:\n ${restoreUrl} \nHave fun and don't hesitate to contact us if you encouter any problems :)\nIf you did not request this mail, please just ignore it (the ip that requested this mail was ${ip}).\nThanks`,
    }, (err) => {
      if (err) {
        logger.error(err & err.stack);
      }
    });
    return null;
  }

  setCode(email) {
    const code = MailProvider.createCode();
    this.verifyCodes[email] = {
      code,
      timestamp: Date.now(),
    };
    return code;
  }

  async clearCodes() {
    const curTime = Date.now();
    const toDelete = [];

    const mails = Object.keys(this.verifyCodes);
    for (let i = 0; i < mails.length; i += 1) {
      const iteremail = mails[i];
      if (curTime > this.verifyCodes[iteremail].timestamp + HOUR) {
        toDelete.push(iteremail);
      }
    }
    toDelete.forEach((email) => {
      logger.info(`Mail Code for ${email} expired`);
      delete this.verifyCodes[email];
    });
  }

  // Note: code gets deleted on check
  checkCode(code) {
    let email = null;
    const mails = Object.keys(this.verifyCodes);
    for (let i = 0; i < mails.length; i += 1) {
      const iteremail = mails[i];
      if (this.verifyCodes[iteremail].code === code) {
        email = iteremail;
        break;
      }
    }
    if (!email) {
      logger.info(`Mail Code ${code} not found.`);
      return false;
    }
    logger.info(`Got Mail Code from ${email}.`);
    delete this.verifyCodes[email];
    return email;
  }

  async verify(code) {
    const email = this.checkCode(code);
    if (!email) return false;

    const reguser = await RegUser.findOne({ where: { email } });
    if (!reguser) {
      logger.error(`${email} does not exist in database`);
      return false;
    }
    await reguser.update({
      mailVerified: true,
      verificationReqAt: null,
    });
    return true;
  }

  static createCode() {
    const part1 = Math.random().toString(36).substring(2, 15)
      + Math.random().toString(36).substring(2, 15);
    const part2 = Math.random().toString(36).substring(2, 15)
      + Math.random().toString(36).substring(2, 15);
    return `${part1}-${part2}`;
  }

  static cleanUsers() {
    // delete users that requier verification for more than 4 days
    RegUser.destroy({
      where: {
        verificationReqAt: {
          [Sequelize.Op.lt]:
            Sequelize.literal('CURRENT_TIMESTAMP - INTERVAL 4 DAY'),
        },
        // NOTE: this means that minecraft verified accounts do not get deleted
        verified: 0,
      },
    });
  }
}

export const mailProvider = new MailProvider();

export default mailProvider;
Mirror repository for github 2020-01-02 16:58:06 +00:00			`/*`
			`* functions for mail verify`
			`* @flow`
			`*/`

eslint auto-fix 2020-01-04 06:00:47 +00:00			`import Sequelize from 'sequelize';`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`import nodemailer from 'nodemailer';`
Mirror repository for github 2020-01-02 16:58:06 +00:00
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`import logger from './logger';`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`import { HOUR, MINUTE } from './constants';`
			`import { HOSTURL } from './config';`
			`import { DailyCron, HourlyCron } from '../utils/cron';`

			`import RegUser from '../data/models/RegUser';`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00
			`/*`
			`* define mail transport`
			`* using unix command sendmail`
			`*/`
			`const transporter = nodemailer.createTransport({`
			`sendmail: true,`
			`newline: 'unix',`
			`path: '/usr/sbin/sendmail',`
			`});`
Mirror repository for github 2020-01-02 16:58:06 +00:00

			`// TODO make code expire`
			`class MailProvider {`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`verifyCodes: Object;`
Mirror repository for github 2020-01-02 16:58:06 +00:00
			`constructor() {`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`this.clearCodes = this.clearCodes.bind(this);`
Mirror repository for github 2020-01-02 16:58:06 +00:00
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`this.verifyCodes = {};`
			`HourlyCron.hook(this.clearCodes);`
			`DailyCron.hook(MailProvider.cleanUsers);`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`sendVerifyMail(to, name) {`
			`const pastMail = this.verifyCodes[to];`
			`if (pastMail) {`
			`const minLeft = Math.floor(`
			`pastMail.timestamp / MINUTE + 15 - Date.now() / MINUTE,`
			`);`
			`if (minLeft > 0) {`
			`logger.info(`
			`Verify mail for ${to} - already sent, ${minLeft} minutes left`,
			`);`
			`// eslint-disable-next-line max-len`
			return `We already sent you a verification mail, you can request another one in ${minLeft} minutes.`;
Mirror repository for github 2020-01-02 16:58:06 +00:00			`}`
			`}`
			logger.info(`Sending verification mail to ${to} / ${name}`);
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`const code = this.setCode(to);`
			const verifyUrl = `${HOSTURL}/api/auth/verify?token=${code}`;
			`transporter.sendMail({`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`from: 'donotreply@pixelplanet.fun',`
			`to,`
			`replyTo: 'donotreply@pixelplanet.fun',`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`// eslint-disable-next-line max-len`
Mirror repository for github 2020-01-02 16:58:06 +00:00			subject: `Welcome ${name} to PixelPlanet, plese verify your mail`,
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`// eslint-disable-next-line max-len`
			text: `Hello,\nwelcome to our little community of pixelplacers, to use your account, you have to verify your mail. You can do that here:\n ${verifyUrl} \nHave fun and don't hesitate to contact us if you encouter any problems :)\nThanks`,
			`}, (err) => {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`if (err) {`
			`logger.error(err & err.stack);`
			`}`
			`});`
			`return null;`
			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`async sendPasswdResetMail(to, ip) {`
			`const pastMail = this.verifyCodes[to];`
			`if (pastMail) {`
			`if (Date.now() < pastMail.timestamp + 15 * MINUTE) {`
			`logger.info(`
			`Password reset mail for ${to} requested by ${ip} - already sent`,
			`);`
			`// eslint-disable-next-line max-len`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`return 'We already sent you a mail with instructions. Please wait before requesting another mail.';`
			`}`
			`}`
			`const reguser = await RegUser.findOne({ where: { email: to } });`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`if (pastMail \|\| !reguser) {`
			`logger.info(`
			`Password reset mail for ${to} requested by ${ip} - mail not found`,
			`);`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`return "Couldn't find this mail in our database";`
			`}`
			`/*`
			`* not sure if this is needed yet`
			`* does it matter if spaming password reset mails or verifications mails?`
			`*`
			`if(!reguser.verified) {`
			logger.info(`Password reset mail for ${to} requested by ${ip} - mail not verified`);
			`return "Can't reset password of unverified account.";`
			`}`
			`*/`

			logger.info(`Sending Password reset mail to ${to}`);
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`const code = this.setCode(to);`
			const restoreUrl = `${HOSTURL}/reset_password?token=${code}`;
			`transporter.sendMail({`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`from: 'donotreply@pixelplanet.fun',`
			`to,`
			`replyTo: 'donotreply@pixelplanet.fun',`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`// eslint-disable-next-line max-len`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`subject: 'You forgot your password for PixelPlanet? Get a new one here',`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`// eslint-disable-next-line max-len`
			text: `Hello,\nYou requested to get a new password. You can change your password within the next 30min here:\n ${restoreUrl} \nHave fun and don't hesitate to contact us if you encouter any problems :)\nIf you did not request this mail, please just ignore it (the ip that requested this mail was ${ip}).\nThanks`,
			`}, (err) => {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`if (err) {`
			`logger.error(err & err.stack);`
			`}`
			`});`
			`return null;`
			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`setCode(email) {`
			`const code = MailProvider.createCode();`
			`this.verifyCodes[email] = {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`code,`
			`timestamp: Date.now(),`
			`};`
			`return code;`
			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`async clearCodes() {`
			`const curTime = Date.now();`
			`const toDelete = [];`

			`const mails = Object.keys(this.verifyCodes);`
			`for (let i = 0; i < mails.length; i += 1) {`
			`const iteremail = mails[i];`
			`if (curTime > this.verifyCodes[iteremail].timestamp + HOUR) {`
			`toDelete.push(iteremail);`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`}`
			`}`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`toDelete.forEach((email) => {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			logger.info(`Mail Code for ${email} expired`);
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`delete this.verifyCodes[email];`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`});`
			`}`

			`// Note: code gets deleted on check`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`checkCode(code) {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`let email = null;`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`const mails = Object.keys(this.verifyCodes);`
			`for (let i = 0; i < mails.length; i += 1) {`
			`const iteremail = mails[i];`
			`if (this.verifyCodes[iteremail].code === code) {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`email = iteremail;`
			`break;`
			`}`
			`}`
			`if (!email) {`
			logger.info(`Mail Code ${code} not found.`);
			`return false;`
			`}`
			logger.info(`Got Mail Code from ${email}.`);
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`delete this.verifyCodes[email];`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`return email;`
			`}`

			`async verify(code) {`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`const email = this.checkCode(code);`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`if (!email) return false;`

			`const reguser = await RegUser.findOne({ where: { email } });`
			`if (!reguser) {`
			logger.error(`${email} does not exist in database`);
			`return false;`
			`}`
			`await reguser.update({`
			`mailVerified: true,`
			`verificationReqAt: null,`
			`});`
			`return true;`
			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`static createCode() {`
			`const part1 = Math.random().toString(36).substring(2, 15)`
			`+ Math.random().toString(36).substring(2, 15);`
			`const part2 = Math.random().toString(36).substring(2, 15)`
			`+ Math.random().toString(36).substring(2, 15);`
Mirror repository for github 2020-01-02 16:58:06 +00:00			return `${part1}-${part2}`;
			`}`

change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`static cleanUsers() {`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`// delete users that requier verification for more than 4 days`
			`RegUser.destroy({`
			`where: {`
			`verificationReqAt: {`
change from sendmail to nodemailer fix eslint errors corresponding to mail sending 2020-01-06 10:46:11 +00:00			`[Sequelize.Op.lt]:`
			`Sequelize.literal('CURRENT_TIMESTAMP - INTERVAL 4 DAY'),`
Mirror repository for github 2020-01-02 16:58:06 +00:00			`},`
			`// NOTE: this means that minecraft verified accounts do not get deleted`
			`verified: 0,`
			`},`
			`});`
			`}`
			`}`

			`export const mailProvider = new MailProvider();`

			`export default mailProvider;`