fix: limit SEND_MAIL domain checks to binding paths (#987)

* fix: scope SEND_MAIL domain gating to binding

* test: cover SEND_MAIL domain gating in e2e

worker/src/admin_api/send_mail.ts

@@ -1,4 +1,5 @@
 import { Context } from "hono";
+import { isSendMailBindingEnabled } from "../common";
 import i18n from "../i18n";
 import { sendMail } from "../mails_api/send_mail_api";
 import { ensureSendMailLimit, increaseSendMailLimitCount } from "../mails_api/send_mail_limit_utils";
@@ -66,6 +67,16 @@ export const sendMailByBindingAdmin = async (c: Context<HonoCustomType>) => {
     if (!from || !to || !subject || (!html && !text)) {
         return c.text(msgs.InvalidInputMsg, 400)
     }
+    const fromMail = typeof from === "string" ? from : from?.email;
+    const mailDomain = typeof fromMail === "string" && fromMail.includes("@")
+        ? fromMail.split("@")[1]?.trim().toLowerCase()
+        : null;
+    if (!mailDomain) {
+        return c.text(msgs.InvalidInputMsg, 400)
+    }
+    if (!isSendMailBindingEnabled(c, mailDomain)) {
+        return c.text(msgs.EnableSendMailForDomainMsg, 400)
+    }
     try {
         await ensureSendMailLimit(c);
         await c.env.SEND_MAIL.send({

worker/src/common.ts

@@ -2,7 +2,7 @@ import { Context } from 'hono';
 import { Jwt } from 'hono/utils/jwt'
 import { WorkerMailerOptions } from 'worker-mailer';
 
-import { getBooleanValue, getDomains, getStringValue, getIntValue, getUserRoles, getDefaultDomains, getJsonSetting, getAnotherWorkerList, hashPassword, getJsonObjectValue, getRandomSubdomainDomains } from './utils';
+import { getBooleanValue, getDomains, getStringArray, getStringValue, getIntValue, getUserRoles, getDefaultDomains, getJsonSetting, getAnotherWorkerList, hashPassword, getJsonObjectValue, getRandomSubdomainDomains } from './utils';
 import { unbindTelegramByAddress } from './telegram_api/common';
 import { CONSTANTS } from './constants';
 import { AddressCreationSettings, AdminWebhookSettings, WebhookMail, WebhookSettings } from './models';
@@ -44,11 +44,26 @@ export const isSendMailEnabled = (
     if (smtpConfigMap && smtpConfigMap[mailDomain]) return true;
 
     // Check SEND_MAIL binding
-    if (c.env.SEND_MAIL) return true;
+    if (isSendMailBindingEnabled(c, mailDomain)) return true;
 
     return false;
 }
 
+export const isSendMailBindingEnabled = (
+    c: Context<HonoCustomType>,
+    mailDomain: string
+): boolean => {
+    if (!c.env.SEND_MAIL) {
+        return false;
+    }
+    const sendMailDomains = getStringArray(c.env.SEND_MAIL_DOMAINS)
+        .map((domain) => normalizeDomainValue(domain));
+    if (sendMailDomains.length === 0) {
+        return true;
+    }
+    return sendMailDomains.includes(normalizeDomainValue(mailDomain));
+}
+
 /**
  * Check if send mail is enabled for any configured domain
  */

worker/src/i18n/en.ts

@@ -80,6 +80,7 @@ const messages: LocaleMessages = {
     InvalidAddressIdMsg: "Invalid address_id",
     EnableKVMsg: "Please enable KV first",
     EnableSendMailMsg: "Please enable SEND_MAIL first",
+    EnableSendMailForDomainMsg: "Please enable SEND_MAIL for this domain first",
     InvalidCleanupConfigMsg: "Invalid cleanType or cleanDays",
     InvalidCleanTypeMsg: "Invalid cleanType",
     EnableKVForMailVerifyMsg: "Please enable KV first if you want to enable mail verify",

worker/src/i18n/type.ts

@@ -78,6 +78,7 @@ export type LocaleMessages = {
     InvalidAddressIdMsg: string
     EnableKVMsg: string
     EnableSendMailMsg: string
+    EnableSendMailForDomainMsg: string
     InvalidCleanupConfigMsg: string
     InvalidCleanTypeMsg: string
     EnableKVForMailVerifyMsg: string

worker/src/i18n/zh.ts

@@ -80,6 +80,7 @@ const messages: LocaleMessages = {
     InvalidAddressIdMsg: "无效的 address_id",
     EnableKVMsg: "请先启用 KV",
     EnableSendMailMsg: "请先启用 SEND_MAIL",
+    EnableSendMailForDomainMsg: "请先为此域名启用 SEND_MAIL",
     InvalidCleanupConfigMsg: "无效的 cleanType 或 cleanDays",
     InvalidCleanTypeMsg: "无效的 cleanType",
     EnableKVForMailVerifyMsg: "如果要启用邮件验证，请先启用 KV",

worker/src/mails_api/send_mail_api.ts

@@ -10,7 +10,7 @@ import {
     getJsonSetting, getDomains, getIntValue, getBooleanValue, getJsonObjectValue, getSplitStringListValue
 } from '../utils';
 import { GeoData } from '../models'
-import { handleListQuery, updateAddressUpdatedAt } from '../common'
+import { handleListQuery, isSendMailBindingEnabled, updateAddressUpdatedAt } from '../common'
 import { ensureSendMailLimit, increaseSendMailLimitCount } from './send_mail_limit_utils';
 
 
@@ -213,6 +213,7 @@ export const sendMail = async (
             sendByVerifiedAddressList = true;
         }
     }
+    const sendMailBindingEnabled = isSendMailBindingEnabled(c, mailDomain);
 
     // send mail workflow
     if (sendByVerifiedAddressList) {
@@ -225,7 +226,7 @@ export const sendMail = async (
     else if (smtpConfig) {
         await sendMailBySmtp(c, address, reqJson, smtpConfig);
     }
-    else if (c.env.SEND_MAIL) {
+    else if (sendMailBindingEnabled) {
         await sendMailByBinding(c, address, reqJson);
     }
     else {

worker/src/types.d.ts

@@ -83,6 +83,7 @@ type Bindings = {
 
     // SMTP config
     SMTP_CONFIG: string | object | undefined
+    SEND_MAIL_DOMAINS: string | string[] | undefined
 
     // telegram config
     TELEGRAM_BOT_TOKEN: string