From 6fa07b4b6303249545fde1db2dd90bcfe10b2416 Mon Sep 17 00:00:00 2001 From: Richard Bergsma Date: Tue, 18 Nov 2025 22:44:58 +0100 Subject: [PATCH] Enhance SMTP configuration in docker-compose and email handler - Updated docker-compose.yml to include optional SMTP settings with comments for clarity on configuration. - Modified email-handler.ts to prioritize FROM_EMAIL for the sender address, falling back to SMTP_USER or ADMIN_EMAIL if not set, improving email handling flexibility. --- .cursor/worktrees.json | 5 +++++ docker-compose.yml | 15 +++++++++++---- server.js | 2 +- src/utils/email-handler.ts | 4 +++- 4 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 .cursor/worktrees.json diff --git a/.cursor/worktrees.json b/.cursor/worktrees.json new file mode 100644 index 0000000..77e9744 --- /dev/null +++ b/.cursor/worktrees.json @@ -0,0 +1,5 @@ +{ + "setup-worktree": [ + "npm install" + ] +} diff --git a/docker-compose.yml b/docker-compose.yml index dbb6576..74c4621 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,12 +14,19 @@ services: - NODE_ENV=production - PORT=3000 - ENABLE_SSR_CSP=1 - # Add your other environment variables here + # SMTP Settings - Loaded from .env file or set here + # Uncomment and set these if not using .env file: + # - SMTP_HOST=smtp.your-server.com + # - SMTP_PORT=587 + # - SMTP_USER=your-email@domain.com + # - SMTP_PASS=your-password + # - FROM_EMAIL=support@365devnet.eu # Optional: Custom "from" address + # - ADMIN_EMAIL=admin@365devnet.eu + # - WEBSITE_NAME=365DevNet + # Other settings # - GEMINI_API_KEY=${GEMINI_API_KEY} - # - EMAIL_USER=${EMAIL_USER} - # - EMAIL_PASS=${EMAIL_PASS} env_file: - - .env + - .env # SMTP settings will be loaded from this file volumes: # Mount logs directory if you want to persist logs - ./logs:/app/logs diff --git a/server.js b/server.js index 4374cec..a52d9a4 100644 --- a/server.js +++ b/server.js @@ -25,7 +25,7 @@ app.use((req, res, next) => { if (process.env.ENABLE_SSR_CSP === '1') { res.setHeader( 'Content-Security-Policy', - "default-src 'self' https://365devnet.eu https://*.365devnet.eu; " + + "default-src 'self' https://365devnet.eu https://*.365devnet.eu https://chat.365devnet.eu; " + "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://chat.365devnet.eu; " + "style-src 'self' 'unsafe-inline'; " + "img-src 'self' data: https: blob:; " + diff --git a/src/utils/email-handler.ts b/src/utils/email-handler.ts index a597c16..58407e5 100644 --- a/src/utils/email-handler.ts +++ b/src/utils/email-handler.ts @@ -12,6 +12,7 @@ const { SMTP_USER = '', SMTP_PASS = '', ADMIN_EMAIL = '', + FROM_EMAIL = '', // Optional: Custom "from" address (defaults to SMTP_USER or ADMIN_EMAIL) WEBSITE_NAME = '365DevNet Support', // Microsoft 365 / OAuth2 (optional) OAUTH2_CLIENT_ID = '', @@ -229,7 +230,8 @@ export async function sendEmail(to: string, subject: string, html: string, text: try { // Never trust user-provided domain for From header to prevent spoofing. - const safeSender = SMTP_USER || ADMIN_EMAIL; + // Use FROM_EMAIL if set, otherwise fall back to SMTP_USER or ADMIN_EMAIL + const safeSender = FROM_EMAIL || SMTP_USER || ADMIN_EMAIL; const fromAddress = isProduction ? `"${WEBSITE_NAME}" <${safeSender}>` : `"${WEBSITE_NAME}" <${ADMIN_EMAIL}>`;