GithubBackup/cloudflare_temp_email
1
0
Fork 0
mirror of https://github.com/dreamhunter2333/cloudflare_temp_email.git synced 2026-06-29 03:12:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement address password authentication feature (#731)

Browse Source 
* feat: implement address password authentication feature

- Add password field to address table for storing hashed passwords
- Implement address authentication APIs (login, change password)
- Add automatic password generation for new addresses
- Support password login alongside credential login in frontend
- Add password management in account settings and admin panel
- Add ENABLE_ADDRESS_PASSWORD environment variable for feature control
- Update documentation and i18n support
- Enhance security with SHA-256 password hashing

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* feat: upgrade dependencies

---------

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Dream Hunter
2025-09-26 14:52:05 +08:00
committed by GitHub
parent 6ae90be3bf
commit a905ba5f06
35 changed files with 1552 additions and 1105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -4,6 +4,7 @@
## main(v1.0.6)
- feat: |DB| update db schema add index
- feat: |地址密码| 增加地址密码登录功能, 通过 `ENABLE_ADDRESS_PASSWORD` 配置启用
## v1.0.5

1
README.md
View File

@@ -40,6 +40,7 @@
- 🆓 **完全免费** - 基于 Cloudflare 免费服务构建,零成本运行
-**高性能** - Rust WASM 邮件解析,响应速度极快
- 🎨 **现代化界面** - 响应式设计,支持多语言,操作简便
- 🔐 **地址密码** - 支持为邮箱地址设置独立密码,增强安全性 (通过 `ENABLE_ADDRESS_PASSWORD` 启用)
## 📚 部署文档 - 快速开始

4
db/2025-09-23-patch.sql Normal file
View File

@@ -0,0 +1,4 @@
ALTER TABLE
address
ADD
password TEXT;

2
db/schema.sql
View File

@@ -14,6 +14,7 @@ CREATE INDEX IF NOT EXISTS idx_raw_mails_created_at ON raw_mails(created_at);
CREATE TABLE IF NOT EXISTS address (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE,
password TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
@@ -55,6 +56,7 @@ CREATE TABLE IF NOT EXISTS sendbox (
);
CREATE INDEX IF NOT EXISTS idx_sendbox_address ON sendbox(address);
CREATE INDEX IF NOT EXISTS idx_sendbox_created_at ON sendbox(created_at);
CREATE TABLE IF NOT EXISTS settings (

4
frontend/package.json
View File

@@ -31,7 +31,7 @@
"naive-ui": "^2.43.1",
"postal-mime": "^2.4.4",
"vooks": "^0.2.12",
"vue": "^3.5.21",
"vue": "^3.5.22",
"vue-clipboard3": "^2.0.0",
"vue-i18n": "^11.1.12",
"vue-router": "^4.5.1"
@@ -48,7 +48,7 @@
"vite-plugin-wasm": "^3.5.0",
"workbox-build": "^7.3.0",
"workbox-window": "^7.3.0",
"wrangler": "^4.37.0"
"wrangler": "^4.40.1"
},
"packageManager": "pnpm@10.10.0+sha512.d615db246fe70f25dcfea6d8d73dee782ce23e2245e3c4f6f888249fb568149318637dca73c2c5c8ef2a4ca0d5657fb9567188bfab47f566d1ee6ce987815c39"
}

940
frontend/pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

1
frontend/src/api/index.js
View File

@@ -86,6 +86,7 @@ const getOpenSettings = async (message, notification) => {
cfTurnstileSiteKey: res["cfTurnstileSiteKey"] || "",
enableWebhook: res["enableWebhook"] || false,
isS3Enabled: res["isS3Enabled"] || false,
enableAddressPassword: res["enableAddressPassword"] || false,
});
if (openSettings.value.needAuth) {
showAuth.value = true;

3
frontend/src/store/index.js
View File

@@ -36,6 +36,7 @@ export const useGlobalState = createGlobalState(
isS3Enabled: false,
showGithub: true,
disableAdminPasswordCheck: false,
enableAddressPassword: false,
})
const settings = ref({
fetched: false,
@@ -63,6 +64,7 @@ export const useGlobalState = createGlobalState(
const auth = useStorage('auth', '');
const adminAuth = useStorage('adminAuth', '');
const jwt = useStorage('jwt', '');
const addressPassword = useSessionStorage('addressPassword', '');
const adminTab = useSessionStorage('adminTab', "account");
const adminMailTabAddress = ref("");
const adminSendBoxTabAddress = ref("");
@@ -145,6 +147,7 @@ export const useGlobalState = createGlobalState(
userOauth2SessionState,
userOauth2SessionClientID,
useSimpleIndex,
addressPassword,
}
},
)

51
frontend/src/views/admin/Account.vue
View File

@@ -9,7 +9,7 @@ import { NButton, NMenu } from 'naive-ui';
import { MenuFilled } from '@vicons/material'
const {
loading, adminTab,
loading, adminTab, openSettings,
adminMailTabAddress, adminSendBoxTabAddress
} = useGlobalState()
const message = useMessage()
@@ -39,6 +39,9 @@ const { t } = useI18n({
clearSentItemsTip: 'Are you sure to clear sent items for this email?',
actions: 'Actions',
success: 'Success',
resetPassword: 'Reset Password',
newPassword: 'New Password',
passwordResetSuccess: 'Password reset successfully',
},
zh: {
name: '名称',
@@ -63,6 +66,9 @@ const { t } = useI18n({
clearSentItemsTip: '确定要清空这个邮箱的发件箱吗?',
actions: '操作',
success: '成功',
resetPassword: '重置密码',
newPassword: '新密码',
passwordResetSuccess: '密码重置成功',
}
}
});
@@ -72,6 +78,9 @@ const curEmailCredential = ref("")
const curDeleteAddressId = ref(0);
const curClearInboxAddressId = ref(0);
const curClearSentItemsAddressId = ref(0);
const showResetPassword = ref(false);
const curResetPasswordAddressId = ref(0);
const newPassword = ref('');
const addressQuery = ref("")
@@ -134,6 +143,22 @@ const clearSentItems = async () => {
}
}
const resetPassword = async () => {
try {
await api.fetch(`/admin/address/${curResetPasswordAddressId.value}/reset_password`, {
method: 'POST',
body: JSON.stringify({
password: newPassword.value
})
});
message.success(t("passwordResetSuccess"));
newPassword.value = '';
showResetPassword.value = false;
} catch (error) {
message.error(error.message || "error");
}
}
const fetchData = async () => {
try {
addressQuery.value = addressQuery.value.trim()
@@ -296,6 +321,19 @@ const columns = [
),
show: row.send_count > 0
},
{
label: () => h(NButton,
{
text: true,
onClick: () => {
curResetPasswordAddressId.value = row.id;
showResetPassword.value = true;
}
},
{ default: () => t('resetPassword') }
),
show: openSettings.value?.enableAddressPassword
},
{
label: () => h(NButton,
{
@@ -365,6 +403,17 @@ onMounted(async () => {
</n-button>
</template>
</n-modal>
<n-modal v-model:show="showResetPassword" preset="dialog" :title="t('resetPassword')">
<n-form-item :label="t('newPassword')">
<n-input v-model:value="newPassword" type="password" placeholder="" show-password-on="click" />
</n-form-item>
<template #action>
<n-button :loading="loading" @click="resetPassword" size="small" tertiary type="info">
{{ t('resetPassword') }}
</n-button>
</template>
</n-modal>
<n-input-group>
<n-input v-model:value="addressQuery" clearable :placeholder="t('addressQueryTip')"
@keydown.enter="fetchData" />

35
frontend/src/views/admin/CreateAccount.vue
View File

@@ -15,10 +15,13 @@ const { t } = useI18n({
en: {
address: 'Address',
enablePrefix: 'If enable Prefix',
creatNewEmail: 'Get New Email',
creatNewEmail: 'Create New Email',
fillInAllFields: 'Please fill in all fields',
successTip: 'Success Created',
addressCredential: 'Mail Address Credential',
addressCredentialTip: 'Please copy the Mail Address Credential and you can use it to login to your email account.',
addressPassword: 'Address Password',
linkWithAddressCredential: 'Open to auto login email link',
},
zh: {
address: '地址',
@@ -27,6 +30,9 @@ const { t } = useI18n({
fillInAllFields: '请填写完整信息',
successTip: '创建成功',
addressCredential: '邮箱地址凭证',
addressCredentialTip: '请复制邮箱地址凭证,你可以使用它登录你的邮箱。',
addressPassword: '地址密码',
linkWithAddressCredential: '打开即可自动登录邮箱的链接',
}
}
});
@@ -36,6 +42,8 @@ const emailName = ref("")
const emailDomain = ref("")
const showReultModal = ref(false)
const result = ref("")
const addressPassword = ref("")
const createdAddress = ref("")
const newEmail = async () => {
if (!emailName.value || !emailDomain.value) {
@@ -52,6 +60,8 @@ const newEmail = async () => {
})
})
result.value = res["jwt"];
addressPassword.value = res["password"] || '';
createdAddress.value = res["address"] || '';
message.success(t('successTip'))
showReultModal.value = true
} catch (error) {
@@ -59,6 +69,10 @@ const newEmail = async () => {
}
}
const getUrlWithJwt = () => {
return `${window.location.origin}/?jwt=${result.value}`
}
onMounted(async () => {
if (openSettings.prefix) {
enablePrefix.value = true
@@ -70,10 +84,25 @@ onMounted(async () => {
<template>
<div class="center">
<n-modal v-model:show="showReultModal" preset="dialog" :title="t('addressCredential')">
<p>{{ t('addressCredential') }}</p>
<n-card :bordered="false" embedded>
<span>
<p>{{ t("addressCredentialTip") }}</p>
</span>
<n-card embedded>
<b>{{ result }}</b>
</n-card>
<n-card embedded v-if="addressPassword">
<p><b>{{ createdAddress }}</b></p>
<p>{{ t('addressPassword') }}: <b>{{ addressPassword }}</b></p>
</n-card>
<n-card embedded>
<n-collapse>
<n-collapse-item :title='t("linkWithAddressCredential")'>
<n-card embedded>
<b>{{ getUrlWithJwt() }}</b>
</n-card>
</n-collapse-item>
</n-collapse>
</n-card>
</n-modal>
<n-card :bordered="false" embedded style="max-width: 600px;">
<n-form-item-row v-if="openSettings.prefix" :label="t('enablePrefix')">

98
frontend/src/views/common/Login.vue
View File

@@ -9,7 +9,7 @@ import Turnstile from '../../components/Turnstile.vue'
import { useGlobalState } from '../../store'
import { api } from '../../api'
import { getRouterPathWithLang } from '../../utils'
import { getRouterPathWithLang, hashPassword } from '../../utils'
const props = defineProps({
bindUserAddress: {
@@ -39,7 +39,7 @@ const router = useRouter()
const {
jwt, loading, openSettings,
showAddressCredential, userSettings
showAddressCredential, userSettings, addressPassword
} = useGlobalState()
const tabValue = ref('signin')
@@ -47,8 +47,47 @@ const credential = ref('')
const emailName = ref("")
const emailDomain = ref("")
const cfToken = ref("")
const loginMethod = ref('credential') // 'credential' or 'password'
const loginAddress = ref('')
const loginPassword = ref('')
// 根据 openSettings 初始化登录方式
const initLoginMethod = () => {
if (openSettings.value?.enableAddressPassword) {
loginMethod.value = 'password';
} else {
loginMethod.value = 'credential';
}
}
const login = async () => {
if (loginMethod.value === 'password') {
// Password login
if (!loginAddress.value || !loginPassword.value) {
message.error(t('emailPasswordRequired'));
return;
}
try {
const res = await api.fetch('/api/address_login', {
method: 'POST',
body: JSON.stringify({
email: loginAddress.value,
password: await hashPassword(loginPassword.value)
})
});
jwt.value = res.jwt;
await api.getSettings();
try {
await props.bindUserAddress();
} catch (error) {
message.error(`${t('bindUserAddressError')}: ${error.message}`);
}
await router.push(getRouterPathWithLang("/", locale.value));
} catch (error) {
message.error(error.message || "error");
}
return;
}
if (!credential.value) {
message.error(t('credentialInput'));
return;
@@ -85,6 +124,11 @@ const { locale, t } = useI18n({
bindUserInfo: 'Logged in user, login without binding email or create new email address will bind to current user',
bindUserAddressError: 'Error when bind email address to user',
autoGeneratedName: 'Auto-generated name',
passwordLogin: 'Password Login',
credentialLogin: 'Credential Login',
email: 'Email',
password: 'Password',
emailPasswordRequired: 'Email and password are required',
},
zh: {
login: '登录',
@@ -102,6 +146,11 @@ const { locale, t } = useI18n({
bindUserInfo: '已登录用户, 登录未绑定邮箱或创建新邮箱地址将绑定到当前用户',
bindUserAddressError: '绑定邮箱地址到用户时错误',
autoGeneratedName: '自动生成名称',
passwordLogin: '密码登录',
credentialLogin: '凭据登录',
email: '邮箱',
password: '密码',
emailPasswordRequired: '邮箱和密码不能为空',
}
}
});
@@ -157,6 +206,8 @@ const newEmail = async () => {
cfToken.value
);
jwt.value = res["jwt"];
addressPassword.value = res["password"] || '';
settings.value.address = res["address"] || '';
await api.getSettings();
await router.push(getRouterPathWithLang("/", locale.value));
showAddressCredential.value = true;
@@ -212,6 +263,7 @@ onMounted(async () => {
await api.getOpenSettings(message, notification);
}
emailDomain.value = domainsOptions.value ? domainsOptions.value[0]?.value : "";
initLoginMethod();
});
</script>
@@ -223,9 +275,29 @@ onMounted(async () => {
<n-tabs v-if="openSettings.fetched" v-model:value="tabValue" size="large" justify-content="space-evenly">
<n-tab-pane name="signin" :tab="loginAndBindTag">
<n-form>
<n-form-item-row :label="t('credential')" required>
<n-input v-model:value="credential" type="textarea" :autosize="{ minRows: 3 }" />
</n-form-item-row>
<div v-if="loginMethod === 'password'">
<n-form-item-row :label="t('email')" required>
<n-input v-model:value="loginAddress" />
</n-form-item-row>
<n-form-item-row :label="t('password')" required>
<n-input v-model:value="loginPassword" type="password" show-password-on="click" />
</n-form-item-row>
</div>
<div v-else>
<n-form-item-row :label="t('credential')" required>
<n-input v-model:value="credential" type="textarea" :autosize="{ minRows: 3 }" />
</n-form-item-row>
</div>
<div class="switch-login-button">
<n-button v-if="openSettings?.enableAddressPassword"
@click="loginMethod === 'password' ? loginMethod = 'credential' : loginMethod = 'password'"
type="info" quaternary size="tiny">
{{ loginMethod === 'password' ? t('credentialLogin') : t('passwordLogin') }}
</n-button>
</div>
<n-button @click="login" :loading="loading" type="primary" block secondary strong>
<template #icon>
<n-icon :component="EmailOutlined" />
@@ -244,19 +316,21 @@ onMounted(async () => {
<n-spin :show="generateNameLoading">
<n-form>
<span>
<p v-if="!openSettings.disableCustomAddressName">{{ t("getNewEmailTip1") + addressRegex.source }}</p>
<p v-if="!openSettings.disableCustomAddressName">{{ t("getNewEmailTip1") +
addressRegex.source }}</p>
<p v-if="!openSettings.disableCustomAddressName">{{ t("getNewEmailTip2") }}</p>
<p>{{ t("getNewEmailTip3") }}</p>
</span>
<n-button v-if="!openSettings.disableCustomAddressName" @click="generateName" style="margin-bottom: 10px;">
<n-button v-if="!openSettings.disableCustomAddressName" @click="generateName"
style="margin-bottom: 10px;">
{{ t('generateName') }}
</n-button>
<n-input-group>
<n-input-group-label v-if="addressPrefix">
{{ addressPrefix }}
</n-input-group-label>
<n-input v-if="!openSettings.disableCustomAddressName" v-model:value="emailName" show-count :minlength="openSettings.minAddressLen"
:maxlength="openSettings.maxAddressLen" />
<n-input v-if="!openSettings.disableCustomAddressName" v-model:value="emailName" show-count
:minlength="openSettings.minAddressLen" :maxlength="openSettings.maxAddressLen" />
<n-input v-else :value="t('autoGeneratedName')" disabled />
<n-input-group-label>@</n-input-group-label>
<n-select v-model:value="emailDomain" :consistent-menu-width="false"
@@ -294,6 +368,12 @@ onMounted(async () => {
margin-top: 10px;
}
.switch-login-button {
display: flex;
justify-content: center;
margin: 10px 0;
}
.n-form {
text-align: left;
}

54
frontend/src/views/index/AccountSettings.vue
View File

@@ -5,6 +5,7 @@ import { useRouter } from 'vue-router'
import { useGlobalState } from '../../store'
import { api } from '../../api'
import { hashPassword } from '../../utils'
import { getRouterPathWithLang } from '../../utils'
const {
@@ -17,6 +18,9 @@ const showLogout = ref(false)
const showDeleteAccount = ref(false)
const showClearInbox = ref(false)
const showClearSentItems = ref(false)
const showChangePassword = ref(false)
const newPassword = ref('')
const confirmPassword = ref('')
const { locale, t } = useI18n({
messages: {
en: {
@@ -31,6 +35,11 @@ const { locale, t } = useI18n({
clearInboxConfirm: "Are you sure to clear all emails in your inbox?",
clearSentItemsConfirm: "Are you sure to clear all emails in your sent items?",
success: "Success",
changePassword: "Change Password",
newPassword: "New Password",
confirmPassword: "Confirm Password",
passwordMismatch: "Passwords do not match",
passwordChanged: "Password changed successfully",
},
zh: {
logout: '退出登录',
@@ -44,6 +53,11 @@ const { locale, t } = useI18n({
clearInboxConfirm: "确定要清空你收件箱中的所有邮件吗?",
clearSentItemsConfirm: "确定要清空你发件箱中的所有邮件吗?",
success: "成功",
changePassword: "修改密码",
newPassword: "新密码",
confirmPassword: "确认密码",
passwordMismatch: "密码不匹配",
passwordChanged: "密码修改成功",
}
}
});
@@ -92,6 +106,27 @@ const clearSentItems = async () => {
showClearSentItems.value = false;
}
};
const changePassword = async () => {
if (newPassword.value !== confirmPassword.value) {
message.error(t("passwordMismatch"));
return;
}
try {
await api.fetch(`/api/address_change_password`, {
method: 'POST',
body: JSON.stringify({
new_password: await hashPassword(newPassword.value)
})
});
message.success(t("passwordChanged"));
newPassword.value = '';
confirmPassword.value = '';
showChangePassword.value = false;
} catch (error) {
message.error(error.message || "error");
}
};
</script>
<template>
@@ -100,6 +135,9 @@ const clearSentItems = async () => {
<n-button @click="showAddressCredential = true" type="primary" secondary block strong>
{{ t('showAddressCredential') }}
</n-button>
<n-button v-if="openSettings?.enableAddressPassword" @click="showChangePassword = true" type="info" secondary block strong>
{{ t('changePassword') }}
</n-button>
<n-button v-if="openSettings.enableUserDeleteEmail" @click="showClearInbox = true" type="warning" secondary
block strong>
{{ t('clearInbox') }}
@@ -148,6 +186,22 @@ const clearSentItems = async () => {
</n-button>
</template>
</n-modal>
<n-modal v-model:show="showChangePassword" preset="dialog" :title="t('changePassword')">
<n-form :model="{ newPassword, confirmPassword }">
<n-form-item :label="t('newPassword')">
<n-input v-model:value="newPassword" type="password" placeholder="" show-password-on="click" />
</n-form-item>
<n-form-item :label="t('confirmPassword')">
<n-input v-model:value="confirmPassword" type="password" placeholder="" show-password-on="click" />
</n-form-item>
</n-form>
<template #action>
<n-button :loading="loading" @click="changePassword" size="small" tertiary type="info">
{{ t('changePassword') }}
</n-button>
</template>
</n-modal>
</div>
</template>

8
frontend/src/views/index/AddressBar.vue
View File

@@ -19,7 +19,7 @@ const router = useRouter()
const {
jwt, settings, showAddressCredential, userJwt,
isTelegram, openSettings
isTelegram, openSettings, addressPassword
} = useGlobalState()
const { locale, t } = useI18n({
@@ -34,6 +34,7 @@ const { locale, t } = useI18n({
addressCredential: 'Mail Address Credential',
linkWithAddressCredential: 'Open to auto login email link',
addressCredentialTip: 'Please copy the Mail Address Credential and you can use it to login to your email account.',
addressPassword: 'Address Password',
userLogin: 'User Login',
},
zh: {
@@ -46,6 +47,7 @@ const { locale, t } = useI18n({
addressCredential: '邮箱地址凭证',
linkWithAddressCredential: '打开即可自动登录邮箱的链接',
addressCredentialTip: '请复制邮箱地址凭证,你可以使用它登录你的邮箱。',
addressPassword: '地址密码',
userLogin: '用户登录',
}
}
@@ -149,6 +151,10 @@ onMounted(async () => {
<n-card embedded>
<b>{{ jwt }}</b>
</n-card>
<n-card embedded v-if="addressPassword">
<p><b>{{ settings.address }}</b></p>
<p>{{ t('addressPassword') }}: <b>{{ addressPassword }}</b></p>
</n-card>
<n-card embedded>
<n-collapse>
<n-collapse-item :title='t("linkWithAddressCredential")'>

2
pages/package.json
View File

@@ -11,7 +11,7 @@
"author": "",
"license": "ISC",
"devDependencies": {
"wrangler": "^4.37.0"
"wrangler": "^4.40.1"
},
"packageManager": "pnpm@10.10.0+sha512.d615db246fe70f25dcfea6d8d73dee782ce23e2245e3c4f6f888249fb568149318637dca73c2c5c8ef2a4ca0d5657fb9567188bfab47f566d1ee6ce987815c39"
}

1
vitepress-docs/docs/zh/guide/worker-vars.md
View File

@@ -35,6 +35,7 @@
| `DOMAIN_LABELS` | JSON | 对于中文域名,可以使用 DOMAIN_LABELS 显示域名的中文展示名称 | `["中文.awsl.uk", "dreamhunter2333.xyz"]` |
| `ENABLE_AUTO_REPLY` | 文本/JSON | 允许自动回复邮件 | `true` |
| `DEFAULT_SEND_BALANCE` | 文本/JSON | 默认发送邮件余额,如果不设置,将为 0 | `1` |
| `ENABLE_ADDRESS_PASSWORD` | 文本/JSON | 启用邮箱地址密码功能,启用后创建新地址时会自动生成密码,并支持密码登录和修改 | `true` |
## 接受邮件相关变量

4
vitepress-docs/package.json
View File

@@ -4,9 +4,9 @@
"version": "1.0.6",
"type": "module",
"devDependencies": {
"@types/node": "^24.4.0",
"@types/node": "^24.5.2",
"vitepress": "^1.6.4",
"wrangler": "^4.37.0"
"wrangler": "^4.40.1"
},
"scripts": {
"dev": "vitepress dev docs",

695
vitepress-docs/pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

14
worker/package.json
View File

@@ -11,20 +11,20 @@
"build": "wrangler deploy --dry-run --outdir dist --minify"
},
"devDependencies": {
"@cloudflare/workers-types": "^4.20250913.0",
"@cloudflare/workers-types": "^4.20250926.0",
"@eslint/js": "9.18.0",
"@simplewebauthn/types": "10.0.0",
"@types/node": "^22.18.3",
"@types/node": "^22.18.6",
"eslint": "9.18.0",
"globals": "^15.15.0",
"typescript-eslint": "^8.43.0",
"wrangler": "^4.37.0"
"typescript-eslint": "^8.44.1",
"wrangler": "^4.40.1"
},
"dependencies": {
"@aws-sdk/client-s3": "^3.888.0",
"@aws-sdk/s3-request-presigner": "^3.888.0",
"@aws-sdk/client-s3": "3.888.0",
"@aws-sdk/s3-request-presigner": "3.888.0",
"@simplewebauthn/server": "10.0.1",
"hono": "^4.9.7",
"hono": "^4.9.8",
"jsonpath-plus": "^10.3.0",
"mimetext": "^3.0.27",
"postal-mime": "^2.4.4",

537
worker/pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

6
worker/src/admin_api/db_api.ts
View File

@@ -19,6 +19,7 @@ CREATE INDEX IF NOT EXISTS idx_raw_mails_created_at ON raw_mails(created_at);
CREATE TABLE IF NOT EXISTS address (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE,
password TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
@@ -136,6 +137,11 @@ export default {
},
migrate: async (c: Context<HonoCustomType>) => {
const version = await utils.getSetting(c, CONSTANTS.DB_VERSION_KEY);
if (version == "v0.0.2") {
// example migration from v0.0.2 to v0.0.3
const query = `ALTER TABLE address ADD password TEXT;`
await c.env.DB.exec(query);
}
if (version != CONSTANTS.DB_VERSION) {
// TODO: Perform migration logic here
// remove all \r and \n characters from the query string

27
worker/src/admin_api/index.ts
View File

@@ -2,7 +2,7 @@ import { Hono } from 'hono'
import { Jwt } from 'hono/utils/jwt'
import i18n from '../i18n'
import { sendAdminInternalMail, getJsonSetting, saveSetting, getUserRoles } from '../utils'
import { sendAdminInternalMail, getJsonSetting, saveSetting, getUserRoles, getBooleanValue, hashPassword } from '../utils'
import { newAddress, handleListQuery } from '../common'
import { CONSTANTS } from '../constants'
import cleanup_api from './cleanup_api'
@@ -56,6 +56,7 @@ api.post('/admin/new_address', async (c) => {
checkAllowDomains: false,
enableCheckNameRegex: false,
});
return c.json(res);
} catch (e) {
return c.text(`${msgs.FailedCreateAddressMsg}: ${(e as Error).message}`, 400)
@@ -131,6 +132,30 @@ api.get('/admin/show_password/:id', async (c) => {
})
})
api.post('/admin/address/:id/reset_password', async (c) => {
const { id } = c.req.param();
const { password } = await c.req.json();
// 检查功能是否启用
if (!getBooleanValue(c.env.ENABLE_ADDRESS_PASSWORD)) {
return c.text("Password management is disabled", 403);
}
if (!password) {
return c.text("Password is required", 400);
}
const hashedPassword = await hashPassword(password);
const { success } = await c.env.DB.prepare(
`UPDATE address SET password = ?, updated_at = datetime('now') WHERE id = ?`
).bind(hashedPassword, id).run();
if (!success) {
return c.text("Failed to reset password", 500);
}
return c.json({ success: true });
})
// mail api
api.get('/admin/mails', admin_mail_api.getMails);
api.get('/admin/mails_unknow', admin_mail_api.getUnknowMails);

3
worker/src/commom_api.ts
View File

@@ -40,7 +40,8 @@ api.get('/open_api/settings', async (c) => {
"isS3Enabled": isS3Enabled(c),
"version": CONSTANTS.VERSION,
"showGithub": !utils.getBooleanValue(c.env.DISABLE_SHOW_GITHUB),
"disableAdminPasswordCheck": utils.getBooleanValue(c.env.DISABLE_ADMIN_PASSWORD_CHECK)
"disableAdminPasswordCheck": utils.getBooleanValue(c.env.DISABLE_ADMIN_PASSWORD_CHECK),
"enableAddressPassword": utils.getBooleanValue(c.env.ENABLE_ADDRESS_PASSWORD)
});
})

40
worker/src/common.ts
View File

@@ -1,7 +1,7 @@
import { Context } from 'hono';
import { Jwt } from 'hono/utils/jwt'
import { getBooleanValue, getDomains, getStringValue, getIntValue, getUserRoles, getDefaultDomains, getJsonSetting, getAnotherWorkerList } from './utils';
import { getBooleanValue, getDomains, getStringValue, getIntValue, getUserRoles, getDefaultDomains, getJsonSetting, getAnotherWorkerList, hashPassword } from './utils';
import { unbindTelegramByAddress } from './telegram_api/common';
import { CONSTANTS } from './constants';
import { AdminWebhookSettings, WebhookMail, WebhookSettings } from './models';
@@ -82,6 +82,37 @@ export async function updateAddressUpdatedAt(
}
}
export const generateRandomPassword = (): string => {
const charset = "abcdefghijklmnopqrstuvwxyz0123456789";
let password = "";
for (let i = 0; i < 8; i++) {
password += charset.charAt(Math.floor(Math.random() * charset.length));
}
return password;
}
const generatePasswordForAddress = async (
c: Context<HonoCustomType>,
address: string
): Promise<string | null> => {
if (!getBooleanValue(c.env.ENABLE_ADDRESS_PASSWORD)) {
return null;
}
const plainPassword = generateRandomPassword();
const hashedPassword = await hashPassword(plainPassword);
const { success } = await c.env.DB.prepare(
`UPDATE address SET password = ?, updated_at = datetime('now') WHERE name = ?`
).bind(hashedPassword, address).run();
if (!success) {
console.warn("Failed to set generated password for address:", address);
return null;
}
return plainPassword;
}
export const newAddress = async (
c: Context<HonoCustomType>,
{
@@ -100,7 +131,7 @@ export const newAddress = async (
checkAllowDomains?: boolean,
enableCheckNameRegex?: boolean,
}
): Promise<{ address: string, jwt: string }> => {
): Promise<{ address: string, jwt: string, password?: string | null }> => {
// trim whitespace and remove special characters
name = name.trim().replace(getNameRegex(c), '')
// check name
@@ -166,6 +197,10 @@ export const newAddress = async (
const address_id = await c.env.DB.prepare(
`SELECT id FROM address where name = ?`
).bind(name).first<number>("id");
// 如果启用地址密码功能,自动生成密码
const generatedPassword = await generatePasswordForAddress(c, name);
// create jwt
const jwt = await Jwt.sign({
address: name,
@@ -174,6 +209,7 @@ export const newAddress = async (
return {
jwt: jwt,
address: name,
password: generatedPassword,
}
}

2
worker/src/constants.ts
View File

@@ -3,7 +3,7 @@ export const CONSTANTS = {
// DB Version
DB_VERSION_KEY: 'db_version',
DB_VERSION: "v0.0.2",
DB_VERSION: "v0.0.3",
// DB settings
ADDRESS_BLOCK_LIST_KEY: 'address_block_list',

8
worker/src/i18n/en.ts
View File

@@ -38,6 +38,14 @@ const messages: LocaleMessages = {
Oauth2FailedGetUserInfoMsg: "Failed to get user info from Oauth2 provider",
Oauth2FailedGetAccessTokenMsg: "Failed to get access token from Oauth2 provider",
Oauth2FailedGetUserEmailMsg: "Failed to get user email from Oauth2 provider",
PasswordChangeDisabledMsg: "Password change is disabled",
NewPasswordRequiredMsg: "New password is required",
InvalidAddressTokenMsg: "Invalid address token",
FailedUpdatePasswordMsg: "Failed to update password",
PasswordLoginDisabledMsg: "Password login is disabled",
EmailPasswordRequiredMsg: "Email and password are required",
AddressNotFoundMsg: "Address not found",
}
export default messages;

8
worker/src/i18n/type.ts
View File

@@ -36,4 +36,12 @@ export type LocaleMessages = {
Oauth2FailedGetUserInfoMsg: string
Oauth2FailedGetAccessTokenMsg: string
Oauth2FailedGetUserEmailMsg: string
PasswordChangeDisabledMsg: string
NewPasswordRequiredMsg: string
InvalidAddressTokenMsg: string
FailedUpdatePasswordMsg: string
PasswordLoginDisabledMsg: string
EmailPasswordRequiredMsg: string
AddressNotFoundMsg: string
}

8
worker/src/i18n/zh.ts
View File

@@ -38,6 +38,14 @@ const messages: LocaleMessages = {
Oauth2FailedGetUserInfoMsg: "从 Oauth2 提供商获取用户信息失败",
Oauth2FailedGetAccessTokenMsg: "从 Oauth2 提供商获取访问令牌失败",
Oauth2FailedGetUserEmailMsg: "从 Oauth2 提供商获取用户邮箱失败",
PasswordChangeDisabledMsg: "密码修改已禁用",
NewPasswordRequiredMsg: "新密码不能为空",
InvalidAddressTokenMsg: "无效的地址令牌",
FailedUpdatePasswordMsg: "更新密码失败",
PasswordLoginDisabledMsg: "密码登录已禁用",
EmailPasswordRequiredMsg: "邮箱和密码不能为空",
AddressNotFoundMsg: "邮箱地址不存在",
}
export default messages;

79
worker/src/mails_api/address_auth.ts Normal file
View File

@@ -0,0 +1,79 @@
import { Context } from 'hono';
import i18n from '../i18n';
import { getBooleanValue, hashPassword } from '../utils';
import { Jwt } from 'hono/utils/jwt';
export default {
// 修改地址密码
changePassword: async (c: Context<HonoCustomType>) => {
const { new_password } = await c.req.json();
const lang = c.get("lang") || c.env.DEFAULT_LANG;
const msgs = i18n.getMessages(lang);
const { address, address_id } = c.get("jwtPayload");
// 检查功能是否启用
if (!getBooleanValue(c.env.ENABLE_ADDRESS_PASSWORD)) {
return c.text(msgs.PasswordChangeDisabledMsg, 403);
}
if (!new_password) {
return c.text(msgs.NewPasswordRequiredMsg, 400);
}
if (!address || !address_id) {
return c.text(msgs.InvalidAddressTokenMsg, 400);
}
// 更新密码
const { success } = await c.env.DB.prepare(
`UPDATE address SET password = ?, updated_at = datetime('now') WHERE id = ?`
).bind(new_password, address_id).run();
if (!success) {
return c.text(msgs.FailedUpdatePasswordMsg, 500);
}
return c.json({ success: true });
},
// 地址密码登录
login: async (c: Context<HonoCustomType>) => {
const { email, password, cf_token } = await c.req.json();
const lang = c.get("lang") || c.env.DEFAULT_LANG;
const msgs = i18n.getMessages(lang);
// 检查功能是否启用
if (!getBooleanValue(c.env.ENABLE_ADDRESS_PASSWORD)) {
return c.text(msgs.PasswordLoginDisabledMsg, 403);
}
if (!email || !password) {
return c.text(msgs.EmailPasswordRequiredMsg, 400);
}
// 查找地址
const address = await c.env.DB.prepare(
`SELECT * FROM address WHERE name = ?`
).bind(email).first();
if (!address) {
return c.text(msgs.AddressNotFoundMsg, 404);
}
// 验证密码
if (address.password !== password) {
return c.text(msgs.InvalidEmailOrPasswordMsg, 401);
}
// 创建JWT
const jwt = await Jwt.sign({
address: address.name,
address_id: address.id
}, c.env.JWT_SECRET, "HS256");
return c.json({
jwt: jwt,
address: address.name
});
}
};

4
worker/src/mails_api/index.ts
View File

@@ -7,6 +7,7 @@ import { CONSTANTS } from '../constants'
import auto_reply from './auto_reply'
import webhook_settings from './webhook_settings';
import s3_attachment from './s3_attachment';
import address_auth from './address_auth';
export const api = new Hono<HonoCustomType>()
@@ -198,3 +199,6 @@ api.delete('/api/clear_sent_items', async (c) => {
success: success
})
})
api.post('/api/address_change_password', address_auth.changePassword)
api.post('/api/address_login', address_auth.login)

2
worker/src/telegram_api/common.ts
View File

@@ -6,7 +6,7 @@ import { deleteAddressWithData, newAddress, generateRandomName } from "../common
export const tgUserNewAddress = async (
c: Context<HonoCustomType>, userId: string, address: string
): Promise<{ address: string, jwt: string }> => {
): Promise<{ address: string, jwt: string, password?: string | null }> => {
if (c.env.RATE_LIMITER) {
const { success } = await c.env.RATE_LIMITER.limit(
{ key: `${CONSTANTS.TG_KV_PREFIX}:${userId}` }

1
worker/src/telegram_api/telegram.ts
View File

@@ -101,6 +101,7 @@ export function newTelegramBot(c: Context<HonoCustomType>, token: string): Teleg
const res = await tgUserNewAddress(c, userId.toString(), address);
return await ctx.reply(`创建地址成功:\n`
+ `地址: ${res.address}\n`
+ (res.password ? `密码: \`${res.password}\`\n` : '')
+ `凭证: \`${res.jwt}\`\n`,
{
parse_mode: "Markdown"

1
worker/src/types.d.ts vendored
View File

@@ -40,6 +40,7 @@ type Bindings = {
ENABLE_USER_CREATE_EMAIL: string | boolean | undefined
DISABLE_ANONYMOUS_USER_CREATE_EMAIL: string | boolean | undefined
ENABLE_USER_DELETE_EMAIL: string | boolean | undefined
ENABLE_ADDRESS_PASSWORD: string | boolean | undefined
ENABLE_INDEX_ABOUT: string | boolean | undefined
DEFAULT_SEND_BALANCE: number | string | undefined
NO_LIMIT_SEND_ROLE: string | undefined | null

7
worker/src/utils.ts
View File

@@ -296,6 +296,13 @@ export const checkUserPassword = (password: string) => {
return true;
}
export const hashPassword = async (password: string): Promise<string> => {
// use crypto to hash password
const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password));
const hashArray = Array.from(new Uint8Array(digest));
return hashArray.map(byte => byte.toString(16).padStart(2, '0')).join('');
}
export default {
getJsonObjectValue,
getSetting,

4
worker/src/worker.ts
View File

@@ -148,6 +148,10 @@ app.use('/api/*', async (c, next) => {
) {
await checkoutUserRolePayload(c);
}
if (c.req.path.startsWith("/api/address_login")) {
await next();
return;
}
try {
return await jwt({ secret: c.env.JWT_SECRET, alg: "HS256" })(c, next);

2
worker/wrangler.toml.template
View File

@@ -70,6 +70,8 @@ ENABLE_USER_DELETE_EMAIL = true
ENABLE_AUTO_REPLY = false
# Allow webhook
# ENABLE_WEBHOOK = true
# Enable address password feature, if set true, will generate password for new address and support password login and change
# ENABLE_ADDRESS_PASSWORD = false
# Footer text
# COPYRIGHT = "Dream Hunter"
# DISABLE_SHOW_GITHUB = true