From 2902d0fcc584b4165751936685bc4b13c7103d52 Mon Sep 17 00:00:00 2001 From: ClaraCrazy Date: Sat, 13 Dec 2025 14:41:54 +0100 Subject: [PATCH] We are balls-deep in errors we should never see.... I wanna leave. --- infrastructure/web/routes/inbox.js | 56 ++++++++++++++++++++++++++---- infrastructure/web/web.js | 17 +++++++-- 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/infrastructure/web/routes/inbox.js b/infrastructure/web/routes/inbox.js index e253ce5..5ad0b84 100644 --- a/infrastructure/web/routes/inbox.js +++ b/infrastructure/web/routes/inbox.js @@ -116,13 +116,42 @@ router.get( async(req, res, next) => { try { const mailProcessingService = req.app.get('mailProcessingService') + const uid = parseInt(req.params.uid, 10) + const count = await mailProcessingService.getCount() + + // Validate UID is a valid integer + if (isNaN(uid) || uid <= 0) { + return res.render( + 'error', { + purgeTime: purgeTime, + address: req.params.address, + count: count, + message: 'Invalid/Malformed UID provided.', + branding: config.http.branding, + } + ) + } + const mail = await mailProcessingService.getOneFullMail( req.params.address, - req.params.uid + uid ) + + if (!mail || !mail.attachments) { + return res.render( + 'error', { + purgeTime: purgeTime, + address: req.params.address, + count: count, + message: 'This email could not be found. It either does not exist or has been deleted from our servers!', + branding: config.http.branding, + } + ) + } + var index = mail.attachments.findIndex(attachment => attachment.checksum === req.params.checksum); const attachment = mail.attachments[index]; - const count = await mailProcessingService.getCount() + if (attachment) { try { res.set('Content-Disposition', `attachment; filename=${attachment.filename}`); @@ -132,9 +161,10 @@ router.get( } catch (error) { console.error('Error while fetching attachment', error); next(error); + return; } } else { - res.render( + return res.render( 'error', { purgeTime: purgeTime, address: req.params.address, @@ -144,9 +174,8 @@ router.get( } ) } - res.redirect(`/inbox/${req.params.address}`) } catch (error) { - console.error('Error while deleting email', error) + console.error('Error while fetching attachment', error) next(error) } } @@ -160,10 +189,25 @@ router.get( async(req, res, next) => { try { const mailProcessingService = req.app.get('mailProcessingService') + const uid = parseInt(req.params.uid, 10) const count = await mailProcessingService.getCount() + + // Validate UID is a valid integer + if (isNaN(uid) || uid <= 0) { + return res.render( + 'error', { + purgeTime: purgeTime, + address: req.params.address, + count: count, + message: 'Invalid/Malformed UID provided.', + branding: config.http.branding, + } + ) + } + mail = await mailProcessingService.getOneFullMail( req.params.address, - req.params.uid, + uid, true ) if (mail) { diff --git a/infrastructure/web/web.js b/infrastructure/web/web.js index 9d69c2f..789708b 100644 --- a/infrastructure/web/web.js +++ b/infrastructure/web/web.js @@ -13,6 +13,10 @@ const inboxRouter = require('./routes/inbox') const loginRouter = require('./routes/login') const { sanitizeHtmlTwigFilter } = require('./views/twig-filters') +const Helper = require('../../application/helper') +const helper = new(Helper) +const purgeTime = helper.purgeTimeElemetBuilder() + // Init express middleware const app = express() app.use(helmet()) @@ -66,14 +70,23 @@ app.use((req, res, next) => { }) // Error handler -app.use((err, req, res, _next) => { +app.use(async(err, req, res, _next) => { + const mailProcessingService = req.app.get('mailProcessingService') + const count = await mailProcessingService.getCount() + // Set locals, only providing error in development res.locals.message = err.message res.locals.error = req.app.get('env') === 'development' ? err : {} // Render the error page res.status(err.status || 500) - res.render('error') + res.render('error', { + purgeTime: purgeTime, + address: req.params.address, + count: count, + branding: config.http.branding + + }) }) /**