From 09efd3c348fcda26d3b14ec55110f955a4e61bd2 Mon Sep 17 00:00:00 2001 From: Ro Date: Thu, 2 Jul 2020 13:43:40 -0700 Subject: [PATCH] mailer is an admin method, so added auth check to request --- brain/api/v1/mailer.js | 132 ++++++++++++++++++++++------------------- 1 file changed, 70 insertions(+), 62 deletions(-) diff --git a/brain/api/v1/mailer.js b/brain/api/v1/mailer.js index e407424..998d1c7 100644 --- a/brain/api/v1/mailer.js +++ b/brain/api/v1/mailer.js @@ -1,75 +1,83 @@ import Settings, { SETTINGS_FILE } from '../../data/Settings'; +import Auth from '../../data/Auth'; var express = require('express'); var router = express.Router(); var nodemailer = require('nodemailer'); var mg = require('nodemailer-mailgun-transport'); const pug = require('pug'); const settings = new Settings(); +const auth = new Auth(); router.post('/', function (req, res) { - settings - .load(SETTINGS_FILE) - .then(settings => { - let transport = ''; - var auth = ''; - switch (settings.email.active) { - case 'option-smtp': - auth = { - host: settings.email.smtp.domain, - port: 587, - secure: false, - auth: { - type: 'login', - user: settings.email.smtp, - pass: settings.email.smtp.password - } - }; - transport = nodemailer.createTransport(auth); - break; - case 'option-mg': - auth = { - auth: { - api_key: settings.email.mailgun.key, - domain: settings.email.mailgun.domain - } - }; - transport = nodemailer.createTransport(mg(auth)); - break; - } - let render = pug.compileFile('brain/views/email/base.pug'); - let html = render({ - title: settings.global.title, - header: 'a note from ' + settings.global.title, - content: req.body.content, - footer: 'powered by fipamo' - }); - transport.sendMail( - { - from: 'control@playvico.us', - to: req.session.user.email, // An array if you have multiple recipients. - subject: 'Hey beautiful', - //You can use "html:" to send HTML email content. It's magic! - html: html - //You can use "text:" to send plain-text content. It's oldschool! - //text: 'Mailgun rocks, pow pow!' - }, - function (err, info) { - if (err) { - res.json({ - message: 'MAIL ERROR', - desc: err - }); - } else { - //console.log(info); - res.json({ - message: 'MAIL SENT', - desc: info - }); + auth.authCheck(req) + .then(() => { + settings + .load(SETTINGS_FILE) + .then(settings => { + let transport = ''; + var auth = ''; + switch (settings.email.active) { + case 'option-smtp': + auth = { + host: settings.email.smtp.domain, + port: 587, + secure: false, + auth: { + type: 'login', + user: settings.email.smtp, + pass: settings.email.smtp.password + } + }; + transport = nodemailer.createTransport(auth); + break; + case 'option-mg': + auth = { + auth: { + api_key: settings.email.mailgun.key, + domain: settings.email.mailgun.domain + } + }; + transport = nodemailer.createTransport(mg(auth)); + break; } - } - ); + let render = pug.compileFile('brain/views/email/base.pug'); + let html = render({ + title: settings.global.title, + header: 'a note from ' + settings.global.title, + content: req.body.content, + footer: 'powered by fipamo' + }); + transport.sendMail( + { + from: 'control@playvico.us', + to: req.session.user.email, // An array if you have multiple recipients. + subject: 'Hey beautiful', + //You can use "html:" to send HTML email content. It's magic! + html: html + //You can use "text:" to send plain-text content. It's oldschool! + //text: 'Mailgun rocks, pow pow!' + }, + function (err, info) { + if (err) { + res.json({ + message: 'MAIL ERROR', + desc: err + }); + } else { + //console.log(info); + res.json({ + message: 'MAIL SENT', + desc: info + }); + } + } + ); + }) + .catch(() => { + //console.error(err); + }); }) - .catch(() => { - //console.error(err); + .catch(err => { + res.json(err); }); }); module.exports = router;