letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d62822c284e1a3c3b4049412ad03df9e9e7b609c
pn-new-crm/src/lib/email/index.ts
Matt Ciaccio 1151768159 feat(email): system/user senderType + attachments 
Composer validator now takes senderType (system|user) and an
attachments[] array, and the service dispatches across two paths:
the system path uses lib/email/index.ts with port-config noreply
identity and logs signed_doc_emailed when an attachment matches a
document's signed PDF; the user path stays on the existing personal-
account flow but is gated by the new email.allowPersonalAccountSends
toggle and the attachment fileIds are persisted on email_messages.
sendEmail in lib/email accepts attachments and resolves them from
MinIO with cross-port enforcement.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 02:48:11 +02:00

145 lines
4.8 KiB
TypeScript
Raw Blame History

import nodemailer, { type Transporter } from 'nodemailer';
import { env } from '@/lib/env';
import { logger } from '@/lib/logger';
import { getPortEmailConfig, type PortEmailConfig } from '@/lib/services/port-config';
/**
* Creates and returns a new Nodemailer SMTP transporter using env defaults.
* For port-scoped configuration use {@link createPortTransporter} instead.
*
* A new instance is created on each call so the factory can be used in
* contexts where connection pooling is managed externally (e.g. per-request
* in serverless, or once at worker startup).
*/
export function createTransporter(): Transporter {
return nodemailer.createTransport({
host: env.SMTP_HOST,
port: env.SMTP_PORT,
// Implicitly secure when port is 465; STARTTLS for all other ports.
secure: env.SMTP_PORT === 465,
...(env.SMTP_USER && env.SMTP_PASS
? { auth: { user: env.SMTP_USER, pass: env.SMTP_PASS } }
: {}),
});
}
function createTransporterFromConfig(cfg: PortEmailConfig): Transporter {
return nodemailer.createTransport({
host: cfg.smtpHost,
port: cfg.smtpPort,
secure: cfg.smtpPort === 465,
...(cfg.smtpUser && cfg.smtpPass ? { auth: { user: cfg.smtpUser, pass: cfg.smtpPass } } : {}),
});
}
export interface EmailAttachmentRef {
fileId: string;
filename?: string;
}
export interface SendEmailOptions {
to: string | string[];
subject: string;
html: string;
from?: string;
/** When provided, port-level email settings override env defaults. */
portId?: string;
text?: string;
/**
* File attachments to fetch from MinIO and attach to the message.
* Resolution + cross-port enforcement happens via `resolveAttachments`
* before the SMTP call.
*/
attachments?: EmailAttachmentRef[];
}
/**
* Resolve attachment refs to nodemailer attachment payloads. Reads each file
* from MinIO and enforces port-isolation: an attachment that doesn't belong
* to `portId` throws ForbiddenError. Returns an empty array when no refs
* are provided.
*/
async function resolveAttachments(
refs: EmailAttachmentRef[] | undefined,
portId: string | undefined,
): Promise<Array<{ filename: string; content: Buffer; contentType?: string }>> {
if (!refs || refs.length === 0) return [];
const { db } = await import('@/lib/db');
const { files } = await import('@/lib/db/schema/documents');
const { eq } = await import('drizzle-orm');
const { ForbiddenError, NotFoundError } = await import('@/lib/errors');
const { minioClient } = await import('@/lib/minio');
return Promise.all(
refs.map(async (ref) => {
const file = await db.query.files.findFirst({ where: eq(files.id, ref.fileId) });
if (!file) throw new NotFoundError('File');
if (portId && file.portId !== portId) {
throw new ForbiddenError('File belongs to a different port');
}
const stream = await minioClient.getObject(file.storageBucket, file.storagePath);
const chunks: Buffer[] = [];
for await (const chunk of stream) {
chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
}
return {
filename: ref.filename ?? file.originalName,
content: Buffer.concat(chunks),
...(file.mimeType ? { contentType: file.mimeType } : {}),
};
}),
);
}
/**
* Sends a single email via SMTP.
*
* Returns the nodemailer info object on success. Propagates errors to the
* caller — callers in background jobs should wrap in try/catch and handle
* retries via BullMQ.
*/
export async function sendEmail(
to: string | string[],
subject: string,
html: string,
from?: string,
text?: string,
portId?: string,
attachments?: EmailAttachmentRef[],
): Promise<nodemailer.SentMessageInfo> {
const cfg = portId ? await getPortEmailConfig(portId) : null;
const transporter = cfg ? createTransporterFromConfig(cfg) : createTransporter();
const requestedTo = Array.isArray(to) ? to.join(', ') : to;
const effectiveTo = env.EMAIL_REDIRECT_TO ?? requestedTo;
const effectiveSubject = env.EMAIL_REDIRECT_TO
? `[redirected from ${requestedTo}] ${subject}`
: subject;
const fromHeader =
from ??
(cfg ? `${cfg.fromName} <${cfg.fromAddress}>` : undefined) ??
env.SMTP_FROM ??
`Port Nimara CRM <noreply@${env.SMTP_HOST}>`;
const resolvedAttachments = await resolveAttachments(attachments, portId);
const info = await transporter.sendMail({
from: fromHeader,
to: effectiveTo,
subject: effectiveSubject,
html,
...(cfg?.replyTo ? { replyTo: cfg.replyTo } : {}),
...(text ? { text } : {}),
...(resolvedAttachments.length > 0 ? { attachments: resolvedAttachments } : {}),
});
logger.debug(
{ messageId: info.messageId, to: effectiveTo, originalTo: requestedTo, subject, portId },
env.EMAIL_REDIRECT_TO ? 'Email sent (redirected)' : 'Email sent',
);
return info;
}
Reference in New Issue View Git Blame Copy Permalink