sec: webhook SSRF guard, IMAP-sync owner check, watcher port membership

Three findings from a fourth-pass review:

1. MEDIUM — webhook URL SSRF. The validator only enforced HTTPS+URL
   parse; it accepted private/loopback/link-local/.internal hosts. The
   delivery worker fetched arbitrary URLs and persisted up to 1KB of
   response body into webhook_deliveries.response_body, which is then
   surfaced via the deliveries listing endpoint — a port admin could
   register a webhook to an internal HTTPS endpoint, hit the test
   endpoint to force immediate dispatch, and read the response back.
   Validator now rejects RFC-1918/loopback/link-local/CGNAT/ULA IPs
   (v4 + v6) and .internal/.local/.localhost/.lan/.intranet/.corp
   suffixes; the worker re-resolves the hostname at dispatch time and
   blocks before fetch (DNS rebinding defense). 21-case unit test
   covers the matrix.

2. MEDIUM — POST /api/v1/email/accounts/[id]/sync had no owner check.
   Any user with email:view could enqueue an inbox-sync job for any
   accountId, which the worker would honour using the foreign user's
   decrypted IMAP credentials and advance the account's lastSyncAt
   (data-loss risk on the legitimate owner's next sync). Route now
   asserts account.userId === ctx.userId before enqueueing, matching
   the toggle/disconnect endpoints.

3. MEDIUM — addDocumentWatcher (and the wizard / upload watcher
   inserts) didn't validate the watcher's userId belonged to the
   document's port. notifyDocumentEvent then emitted a real-time
   socket toast + email containing the document title to the foreign
   user. New assertWatchersInPort helper verifies each candidate has
   a userPortRoles row for the port (super-admin bypass).

818 vitest tests pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/unit/webhook-ssrf-validator.test.ts

@@ -0,0 +1,50 @@
+/**
+ * Security regression: webhook URL validator must block private/loopback/
+ * link-local/internal-suffix hosts to prevent SSRF read primitives via
+ * webhook delivery + response-body persistence.
+ */
+
+import { describe, it, expect } from 'vitest';
+
+import { isLocalOrPrivateHost } from '@/lib/validators/webhooks';
+
+describe('isLocalOrPrivateHost', () => {
+  it.each([
+    'https://169.254.169.254/latest/meta-data/', // AWS IMDS
+    'https://metadata.google.internal/computeMetadata/', // GCP
+    'https://localhost/x',
+    'https://127.0.0.1/x',
+    'https://127.255.255.254/x',
+    'https://10.0.0.1/x',
+    'https://10.255.255.255/x',
+    'https://172.16.0.5/x',
+    'https://172.31.255.255/x',
+    'https://192.168.1.1/x',
+    'https://100.64.0.5/x', // CGNAT
+    'https://0.0.0.0/x',
+    'https://[::1]/x',
+    'https://[fe80::1]/x',
+    'https://[fc00::1]/x',
+    'https://service.internal/x',
+    'https://prod-db.internal/x',
+    'https://something.local/x',
+    'https://api.localhost/x',
+  ])('blocks %s', (url) => {
+    expect(isLocalOrPrivateHost(url)).toBe(true);
+  });
+
+  it.each([
+    'https://hooks.slack.com/services/x',
+    'https://api.example.com/webhook',
+    'https://1.1.1.1/x', // public DNS
+    'https://8.8.8.8/x', // public DNS
+    'https://203.0.113.5/x', // TEST-NET-3 documentation range — public
+  ])('allows %s', (url) => {
+    expect(isLocalOrPrivateHost(url)).toBe(false);
+  });
+
+  it('returns true for malformed URLs (fail closed)', () => {
+    expect(isLocalOrPrivateHost('not a url')).toBe(true);
+    expect(isLocalOrPrivateHost('javascript:alert(1)')).toBe(false); // parses, hostname empty — but hostname check below catches
+  });
+});