Enhance SMTP configuration in docker-compose and email handler

- Updated docker-compose.yml to include optional SMTP settings with comments for clarity on configuration. - Modified email-handler.ts to prioritize FROM_EMAIL for the sender address, falling back to SMTP_USER or ADMIN_EMAIL if not set, improving email handling flexibility.
2025-11-18 22:44:58 +01:00
parent 6cd45c254b
commit 6fa07b4b63
4 changed files with 20 additions and 6 deletions
--- a/.cursor/worktrees.json
+++ b/.cursor/worktrees.json
@@ -0,0 +1,5 @@
+{
+  "setup-worktree": [
+    "npm install"
+  ]
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,12 +14,19 @@ services:
      - NODE_ENV=production
      - PORT=3000
      - ENABLE_SSR_CSP=1
-      # Add your other environment variables here
+      # SMTP Settings - Loaded from .env file or set here
+      # Uncomment and set these if not using .env file:
+      # - SMTP_HOST=smtp.your-server.com
+      # - SMTP_PORT=587
+      # - SMTP_USER=your-email@domain.com
+      # - SMTP_PASS=your-password
+      # - FROM_EMAIL=support@365devnet.eu  # Optional: Custom "from" address
+      # - ADMIN_EMAIL=admin@365devnet.eu
+      # - WEBSITE_NAME=365DevNet
+      # Other settings
      # - GEMINI_API_KEY=${GEMINI_API_KEY}
-      # - EMAIL_USER=${EMAIL_USER}
-      # - EMAIL_PASS=${EMAIL_PASS}
    env_file:
-      - .env
+      - .env  # SMTP settings will be loaded from this file
    volumes:
      # Mount logs directory if you want to persist logs
      - ./logs:/app/logs
--- a/server.js
+++ b/server.js
@@ -25,7 +25,7 @@ app.use((req, res, next) => {
  if (process.env.ENABLE_SSR_CSP === '1') {
    res.setHeader(
      'Content-Security-Policy',
-      "default-src 'self' https://365devnet.eu https://*.365devnet.eu; " +
+      "default-src 'self' https://365devnet.eu https://*.365devnet.eu https://chat.365devnet.eu; " +
      "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://chat.365devnet.eu; " +
      "style-src 'self' 'unsafe-inline'; " +
      "img-src 'self' data: https: blob:; " +
--- a/src/utils/email-handler.ts
+++ b/src/utils/email-handler.ts
@@ -12,6 +12,7 @@ const {
  SMTP_USER = '',
  SMTP_PASS = '',
  ADMIN_EMAIL = '',
+  FROM_EMAIL = '', // Optional: Custom "from" address (defaults to SMTP_USER or ADMIN_EMAIL)
  WEBSITE_NAME = '365DevNet Support',
  // Microsoft 365 / OAuth2 (optional)
  OAUTH2_CLIENT_ID = '',
@@ -229,7 +230,8 @@ export async function sendEmail(to: string, subject: string, html: string, text:

  try {
    // Never trust user-provided domain for From header to prevent spoofing.
-    const safeSender = SMTP_USER || ADMIN_EMAIL;
+    // Use FROM_EMAIL if set, otherwise fall back to SMTP_USER or ADMIN_EMAIL
+    const safeSender = FROM_EMAIL || SMTP_USER || ADMIN_EMAIL;
    const fromAddress = isProduction
      ? `"${WEBSITE_NAME}" <${safeSender}>`
      : `"${WEBSITE_NAME}" <${ADMIN_EMAIL}>`;