Prevent malicious deletes
parent
bcec71cc69
commit
d713a28fcf
|
@ -31,9 +31,10 @@ class MailProcessingService extends EventEmitter {
|
|||
return this.mailRepository.getForRecipient(address)
|
||||
}
|
||||
|
||||
deleteSpecificEmail(uid) {
|
||||
deleteSpecificEmail(adress, uid) {
|
||||
if (this.mailRepository.UserRemoveUid(adress, uid) == true) {
|
||||
this.imapService.deleteSpecificEmail(uid)
|
||||
this.mailRepository.removeUid(uid)
|
||||
}
|
||||
}
|
||||
|
||||
getOneFullMail(address, uid) {
|
||||
|
|
|
@ -22,6 +22,21 @@ class MailRepository {
|
|||
this.mailSummaries.set(to.toLowerCase(), mailSummary)
|
||||
}
|
||||
|
||||
UserRemoveUid(address, uid) {
|
||||
var deleted = false
|
||||
// TODO: make this more efficient, looping through each email is not cool.
|
||||
this.mailSummaries.forEachAssociation((mails, to) => {
|
||||
mails
|
||||
.filter(mail => mail.uid === parseInt(uid) & to == address)
|
||||
.forEach(mail => {
|
||||
this.mailSummaries.remove(to, mail)
|
||||
debug('removed ', mail.date, to, mail.subject)
|
||||
deleted = true
|
||||
})
|
||||
})
|
||||
return deleted
|
||||
}
|
||||
|
||||
removeUid(uid) {
|
||||
// TODO: make this more efficient, looping through each email is not cool.
|
||||
this.mailSummaries.forEachAssociation((mails, to) => {
|
||||
|
|
|
@ -59,7 +59,7 @@ router.get(
|
|||
async (req, res, next) => {
|
||||
try {
|
||||
const mailProcessingService = req.app.get('mailProcessingService')
|
||||
await mailProcessingService.deleteSpecificEmail(req.params.uid)
|
||||
await mailProcessingService.deleteSpecificEmail(req.params.address, req.params.uid)
|
||||
res.redirect(`/${req.params.address}`)
|
||||
} catch (error) {
|
||||
console.error('error while deleting email', error)
|
||||
|
|
Loading…
Reference in New Issue