Prevent malicious deletes
parent
bcec71cc69
commit
d713a28fcf
|
@ -31,9 +31,10 @@ class MailProcessingService extends EventEmitter {
|
||||||
return this.mailRepository.getForRecipient(address)
|
return this.mailRepository.getForRecipient(address)
|
||||||
}
|
}
|
||||||
|
|
||||||
deleteSpecificEmail(uid) {
|
deleteSpecificEmail(adress, uid) {
|
||||||
|
if (this.mailRepository.UserRemoveUid(adress, uid) == true) {
|
||||||
this.imapService.deleteSpecificEmail(uid)
|
this.imapService.deleteSpecificEmail(uid)
|
||||||
this.mailRepository.removeUid(uid)
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
getOneFullMail(address, uid) {
|
getOneFullMail(address, uid) {
|
||||||
|
|
|
@ -22,6 +22,21 @@ class MailRepository {
|
||||||
this.mailSummaries.set(to.toLowerCase(), mailSummary)
|
this.mailSummaries.set(to.toLowerCase(), mailSummary)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
UserRemoveUid(address, uid) {
|
||||||
|
var deleted = false
|
||||||
|
// TODO: make this more efficient, looping through each email is not cool.
|
||||||
|
this.mailSummaries.forEachAssociation((mails, to) => {
|
||||||
|
mails
|
||||||
|
.filter(mail => mail.uid === parseInt(uid) & to == address)
|
||||||
|
.forEach(mail => {
|
||||||
|
this.mailSummaries.remove(to, mail)
|
||||||
|
debug('removed ', mail.date, to, mail.subject)
|
||||||
|
deleted = true
|
||||||
|
})
|
||||||
|
})
|
||||||
|
return deleted
|
||||||
|
}
|
||||||
|
|
||||||
removeUid(uid) {
|
removeUid(uid) {
|
||||||
// TODO: make this more efficient, looping through each email is not cool.
|
// TODO: make this more efficient, looping through each email is not cool.
|
||||||
this.mailSummaries.forEachAssociation((mails, to) => {
|
this.mailSummaries.forEachAssociation((mails, to) => {
|
||||||
|
|
|
@ -59,7 +59,7 @@ router.get(
|
||||||
async (req, res, next) => {
|
async (req, res, next) => {
|
||||||
try {
|
try {
|
||||||
const mailProcessingService = req.app.get('mailProcessingService')
|
const mailProcessingService = req.app.get('mailProcessingService')
|
||||||
await mailProcessingService.deleteSpecificEmail(req.params.uid)
|
await mailProcessingService.deleteSpecificEmail(req.params.address, req.params.uid)
|
||||||
res.redirect(`/${req.params.address}`)
|
res.redirect(`/${req.params.address}`)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error('error while deleting email', error)
|
console.error('error while deleting email', error)
|
||||||
|
|
Loading…
Reference in New Issue