mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-01 06:48:56 +00:00
6068978c42
Backport #22566 Change the mailer interface to prevent the leaking of possible hidden email addresses when sending to multiple recipients. Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Gusted <williamzijl7@hotmail.com>
91 lines
2.2 KiB
Go
91 lines
2.2 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package private
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/json"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/private"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/services/mailer"
|
|
)
|
|
|
|
// SendEmail pushes messages to mail queue
|
|
//
|
|
// It doesn't wait before each message will be processed
|
|
func SendEmail(ctx *context.PrivateContext) {
|
|
if setting.MailService == nil {
|
|
ctx.JSON(http.StatusInternalServerError, private.Response{
|
|
Err: "Mail service is not enabled.",
|
|
})
|
|
return
|
|
}
|
|
|
|
var mail private.Email
|
|
rd := ctx.Req.Body
|
|
defer rd.Close()
|
|
|
|
if err := json.NewDecoder(rd).Decode(&mail); err != nil {
|
|
log.Error("%v", err)
|
|
ctx.JSON(http.StatusInternalServerError, private.Response{
|
|
Err: err.Error(),
|
|
})
|
|
return
|
|
}
|
|
|
|
var emails []string
|
|
if len(mail.To) > 0 {
|
|
for _, uname := range mail.To {
|
|
user, err := user_model.GetUserByName(ctx, uname)
|
|
if err != nil {
|
|
err := fmt.Sprintf("Failed to get user information: %v", err)
|
|
log.Error(err)
|
|
ctx.JSON(http.StatusInternalServerError, private.Response{
|
|
Err: err,
|
|
})
|
|
return
|
|
}
|
|
|
|
if user != nil && len(user.Email) > 0 {
|
|
emails = append(emails, user.Email)
|
|
}
|
|
}
|
|
} else {
|
|
err := db.IterateObjects(ctx, func(user *user_model.User) error {
|
|
if len(user.Email) > 0 && user.IsActive {
|
|
emails = append(emails, user.Email)
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
err := fmt.Sprintf("Failed to find users: %v", err)
|
|
log.Error(err)
|
|
ctx.JSON(http.StatusInternalServerError, private.Response{
|
|
Err: err,
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
sendEmail(ctx, mail.Subject, mail.Message, emails)
|
|
}
|
|
|
|
func sendEmail(ctx *context.PrivateContext, subject, message string, to []string) {
|
|
for _, email := range to {
|
|
msg := mailer.NewMessage(email, subject, message)
|
|
mailer.SendAsync(msg)
|
|
}
|
|
|
|
wasSent := strconv.Itoa(len(to))
|
|
|
|
ctx.PlainText(http.StatusOK, wasSent)
|
|
}
|