ayrisdev/webmailserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: complete i18n support, telegram webhook, and security improvements

Browse Source
This commit is contained in:
AyrisAI
2026-05-14 13:46:17 +03:00
parent 4c9a07e3ef
commit cc65a2bd72
23 changed files with 798 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
lib/mail-session.ts
View File

@@ -1,16 +1,12 @@
/**
* lib/mail-session.ts
* Stores/retrieves mail credentials in an encrypted httpOnly cookie.
* Credentials never hit the database.
*/
import { cookies } from "next/headers";
import { auth } from "@/auth";
const COOKIE_NAME = "ayrismail_creds";
export interface MailSessionData {
email: string;
password: string;
ownerId: string; // Dashboard user ID who owns this mail session
}
/**
@@ -30,9 +26,19 @@ function decode(token: string): MailSessionData | null {
}
/** Save mail credentials to cookie */
export async function setMailSession(data: MailSessionData): Promise<void> {
export async function setMailSession(data: Omit<MailSessionData, "ownerId">): Promise<void> {
const session = await auth();
if (!session?.user?.id) {
throw new Error("Cannot set mail session without dashboard session");
}
const cookieStore = await cookies();
cookieStore.set(COOKIE_NAME, encode(data), {
const sessionData: MailSessionData = {
...data,
ownerId: session.user.id,
};
cookieStore.set(COOKIE_NAME, encode(sessionData), {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
@@ -43,10 +49,24 @@ export async function setMailSession(data: MailSessionData): Promise<void> {
/** Get mail credentials from cookie */
export async function getMailSession(): Promise<MailSessionData | null> {
const session = await auth();
if (!session?.user?.id) return null;
const cookieStore = await cookies();
const cookie = cookieStore.get(COOKIE_NAME);
if (!cookie?.value) return null;
return decode(cookie.value);
const data = decode(cookie.value);
if (!data) return null;
// Verify that this mail session belongs to the current dashboard user
if (data.ownerId !== session.user.id) {
// Session belongs to another user, clear it for safety
await clearMailSession();
return null;
}
return data;
}
/** Clear mail credentials cookie */