diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f611a70..a5ca5d8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ - docs: |文档| 新增 Admin 删除邮件、删除邮箱地址、清空收件箱、清空发件箱 API 文档 - fix: |前端| 修复回复 HTML 格式邮件时丢失原邮件 HTML 内容的问题,优先使用 HTML 原文而非纯文本 - fix: |安全| 修复回复/转发邮件时的 XSS 风险,使用 DOMPurify 对 HTML 内容进行白名单消毒,对纯文本内容进行 HTML 转义 +- fix: |API| 修复 `requset_send_mail_access` API 路径拼写错误,改为 `request_send_mail_access` ### Testing diff --git a/CHANGELOG_EN.md b/CHANGELOG_EN.md index ab0647b2..dcc6a825 100644 --- a/CHANGELOG_EN.md +++ b/CHANGELOG_EN.md @@ -22,6 +22,7 @@ - docs: |Docs| Add Admin API documentation for delete mail, delete address, clear inbox, and clear sent items - fix: |Frontend| Fix reply to HTML email losing original HTML content, prefer HTML message over plain text - fix: |Security| Fix XSS vulnerability in reply/forward mail content, sanitize HTML with DOMPurify whitelist and escape plain text +- fix: |API| Fix typo in `requset_send_mail_access` API path, renamed to `request_send_mail_access` ### Testing diff --git a/e2e/fixtures/test-helpers.ts b/e2e/fixtures/test-helpers.ts index 849beb9c..bbc44b95 100644 --- a/e2e/fixtures/test-helpers.ts +++ b/e2e/fixtures/test-helpers.ts @@ -155,7 +155,7 @@ export async function requestSendAccess( ctx: APIRequestContext, jwt: string ): Promise { - const res = await ctx.post(`${WORKER_URL}/api/requset_send_mail_access`, { + const res = await ctx.post(`${WORKER_URL}/api/request_send_mail_access`, { headers: { Authorization: `Bearer ${jwt}` }, }); if (!res.ok()) { diff --git a/e2e/tests/api/send-access.spec.ts b/e2e/tests/api/send-access.spec.ts index 9ad3d2df..6d2fa53c 100644 --- a/e2e/tests/api/send-access.spec.ts +++ b/e2e/tests/api/send-access.spec.ts @@ -18,7 +18,7 @@ test.describe('Send Access', () => { expect(settings.send_balance).toBe(10); // Duplicate request — should fail with 400 - const dupRes = await request.post(`${WORKER_URL}/api/requset_send_mail_access`, { + const dupRes = await request.post(`${WORKER_URL}/api/request_send_mail_access`, { headers: { Authorization: `Bearer ${jwt}` }, }); expect(dupRes.status()).toBe(400); diff --git a/frontend/src/views/index/SendMail.vue b/frontend/src/views/index/SendMail.vue index 3aaeff0c..2231e467 100644 --- a/frontend/src/views/index/SendMail.vue +++ b/frontend/src/views/index/SendMail.vue @@ -96,7 +96,7 @@ const send = async () => { const requestAccess = async () => { try { - await api.fetch(`/api/requset_send_mail_access`, + await api.fetch(`/api/request_send_mail_access`, { method: 'POST', body: JSON.stringify({}) diff --git a/worker/src/mails_api/send_mail_api.ts b/worker/src/mails_api/send_mail_api.ts index 29b36f41..23d0db7f 100644 --- a/worker/src/mails_api/send_mail_api.ts +++ b/worker/src/mails_api/send_mail_api.ts @@ -13,7 +13,7 @@ import { handleListQuery } from '../common' export const api = new Hono() -api.post('/api/requset_send_mail_access', async (c) => { +api.post('/api/request_send_mail_access', async (c) => { const msgs = i18n.getMessagesbyContext(c); const { address } = c.get("jwtPayload") if (!address) {