a45d7704ab
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 8m41s
Swagger UI 5.x uses new Function() via ajv for JSON schema validation. Helmet default CSP (script-src self) blocks this in Firefox, causing TypeError: NetworkError when attempting to fetch resource on Try It. Override CSP on /docs route to allow unsafe-eval.
39 lines
1.5 KiB
JavaScript
39 lines
1.5 KiB
JavaScript
import nodemailer from "nodemailer";
|
|
import logger from "./logger.js";
|
|
const smtpUser = process.env.SMTP_USER;
|
|
const smtpPass = process.env.SMTP_PASS;
|
|
const smtpHost = process.env.SMTP_HOST || "host.docker.internal";
|
|
const smtpPort = Number(process.env.SMTP_PORT || 25);
|
|
const smtpFrom = process.env.SMTP_FROM || "DocFast <noreply@docfast.dev>";
|
|
const smtpSecure = smtpPort === 465;
|
|
const transportConfig = {
|
|
host: smtpHost,
|
|
port: smtpPort,
|
|
secure: smtpSecure,
|
|
connectionTimeout: 5000,
|
|
greetingTimeout: 5000,
|
|
socketTimeout: 10000,
|
|
tls: { rejectUnauthorized: false },
|
|
};
|
|
if (smtpUser && smtpPass) {
|
|
transportConfig.auth = { user: smtpUser, pass: smtpPass };
|
|
}
|
|
const transporter = nodemailer.createTransport(transportConfig);
|
|
export async function sendVerificationEmail(email, code) {
|
|
try {
|
|
const info = await transporter.sendMail({
|
|
from: smtpFrom,
|
|
to: email,
|
|
subject: "DocFast - Verify your email",
|
|
text: `Your DocFast verification code is: ${code}\n\nThis code expires in 15 minutes.\n\nIf you didn't request this, ignore this email.`,
|
|
});
|
|
logger.info({ email, messageId: info.messageId }, "Verification email sent");
|
|
return true;
|
|
}
|
|
catch (err) {
|
|
logger.error({ err, email }, "Failed to send verification email");
|
|
return false;
|
|
}
|
|
}
|
|
// NOTE: sendRecoveryEmail removed — API keys must NEVER be sent via email.
|
|
// Key recovery now shows the key in the browser after code verification.
|