Prevent malicious deletes

pull/1/head
ClaraCrazy 2023-11-02 06:27:28 +01:00
parent bcec71cc69
commit d713a28fcf
3 changed files with 20 additions and 4 deletions

View File

@ -31,9 +31,10 @@ class MailProcessingService extends EventEmitter {
return this.mailRepository.getForRecipient(address) return this.mailRepository.getForRecipient(address)
} }
deleteSpecificEmail(uid) { deleteSpecificEmail(adress, uid) {
if (this.mailRepository.UserRemoveUid(adress, uid) == true) {
this.imapService.deleteSpecificEmail(uid) this.imapService.deleteSpecificEmail(uid)
this.mailRepository.removeUid(uid) }
} }
getOneFullMail(address, uid) { getOneFullMail(address, uid) {

View File

@ -22,6 +22,21 @@ class MailRepository {
this.mailSummaries.set(to.toLowerCase(), mailSummary) this.mailSummaries.set(to.toLowerCase(), mailSummary)
} }
UserRemoveUid(address, uid) {
var deleted = false
// TODO: make this more efficient, looping through each email is not cool.
this.mailSummaries.forEachAssociation((mails, to) => {
mails
.filter(mail => mail.uid === parseInt(uid) & to == address)
.forEach(mail => {
this.mailSummaries.remove(to, mail)
debug('removed ', mail.date, to, mail.subject)
deleted = true
})
})
return deleted
}
removeUid(uid) { removeUid(uid) {
// TODO: make this more efficient, looping through each email is not cool. // TODO: make this more efficient, looping through each email is not cool.
this.mailSummaries.forEachAssociation((mails, to) => { this.mailSummaries.forEachAssociation((mails, to) => {

View File

@ -59,7 +59,7 @@ router.get(
async (req, res, next) => { async (req, res, next) => {
try { try {
const mailProcessingService = req.app.get('mailProcessingService') const mailProcessingService = req.app.get('mailProcessingService')
await mailProcessingService.deleteSpecificEmail(req.params.uid) await mailProcessingService.deleteSpecificEmail(req.params.address, req.params.uid)
res.redirect(`/${req.params.address}`) res.redirect(`/${req.params.address}`)
} catch (error) { } catch (error) {
console.error('error while deleting email', error) console.error('error while deleting email', error)