GithubBackup/cloudflare_temp_email
1
0
Fork 0
mirror of https://github.com/dreamhunter2333/cloudflare_temp_email.git synced 2026-06-28 02:42:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add daily request limit and refactor access control (#759)

Browse Source 
- Add daily request limit per IP in blacklist settings (1-1,000,000/day)
- Refactor access control logic: merge blacklist and rate limit checks
- Remove RATE_LIMIT_API_DAILY_REQUESTS env var, use database config instead
- Move x-custom-auth check earlier in middleware chain
- Add comprehensive English documentation (31 new guide pages)
- Improve code structure and error handling

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Dream Hunter
2025-11-08 12:46:30 +08:00
committed by GitHub
parent eaeac8ebec
commit b337a44e62
44 changed files with 1983 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -4,8 +4,8 @@
## v1.0.7
- feat: |Admin| 新增 IP 黑名单功能,用于限制访问频率较高的 API
- feat: |Admin| 新增 `RATE_LIMIT_API_DAILY_REQUESTS` 配置,用于限制每日 API 请求次数
- fix: |Admin| IP 黑名单检查增加错误处理,提高系统稳定性
- feat: |Admin| 新增 ASN 组织黑名单功能,支持基于 ASN 组织名称过滤请求(支持文本匹配和正则表达式)
- feat: |Admin| 新增浏览器指纹黑名单功能,支持基于浏览器指纹过滤请求(支持精确匹配和正则表达式)
## v1.0.6

40
frontend/src/views/admin/IpBlacklistSettings.vue
View File

@@ -26,6 +26,12 @@ const { t } = useI18n({
tip_ip: 'IP Blacklist: Supports text matching (e.g., "192.168.1") or regex (e.g., "^10\\.0\\.0\\.5$").',
tip_asn: 'ASN Organization: Block by ISP/provider. Case-insensitive text matching or regex.',
tip_fingerprint: 'Browser Fingerprint: Block by browser fingerprint. Supports exact matching or regex patterns.',
tip_daily_limit: 'Daily Limit: Restrict the maximum number of requests per IP address per day (1-1000000).',
tip_scope: 'Applies to: Create Address, Send Mail, External Send Mail API, User Registration, Verify Code',
enable_daily_limit: 'Enable Daily Request Limit',
enable_daily_limit_tip: 'Limit the number of API requests per IP address per day',
daily_request_limit: 'Daily Request Limit',
daily_request_limit_placeholder: 'Enter limit (e.g., 1000)',
},
zh: {
title: 'IP 黑名单设置',
@@ -43,6 +49,12 @@ const { t } = useI18n({
tip_ip: 'IP 黑名单:支持文本匹配(如 "192.168.1")或正则表达式(如 "^10\\.0\\.0\\.5$")。',
tip_asn: 'ASN 组织:根据运营商/ISP 拉黑。支持不区分大小写的文本匹配或正则表达式。',
tip_fingerprint: '浏览器指纹:根据浏览器指纹拉黑。支持完全匹配或正则表达式。',
tip_daily_limit: '每日限流:限制单个 IP 地址每天最多请求次数1-1000000。',
tip_scope: '作用范围:创建邮箱地址、发送邮件、外部发送邮件 API、用户注册、验证码验证',
enable_daily_limit: '启用每日请求限流',
enable_daily_limit_tip: '限制每个 IP 地址每天的 API 请求次数',
daily_request_limit: '每日请求次数上限',
daily_request_limit_placeholder: '输入限制次数例如1000',
}
}
});
@@ -51,6 +63,8 @@ const enabled = ref(false)
const ipBlacklist = ref([])
const asnBlacklist = ref([])
const fingerprintBlacklist = ref([])
const enableDailyLimit = ref(false)
const dailyRequestLimit = ref(1000)
const fetchData = async () => {
try {
@@ -60,6 +74,8 @@ const fetchData = async () => {
ipBlacklist.value = res.blacklist || []
asnBlacklist.value = res.asnBlacklist || []
fingerprintBlacklist.value = res.fingerprintBlacklist || []
enableDailyLimit.value = res.enableDailyLimit || false
dailyRequestLimit.value = res.dailyRequestLimit || 1000
} catch (error) {
message.error(error.message || "error");
} finally {
@@ -77,6 +93,8 @@ const save = async () => {
blacklist: ipBlacklist.value || [],
asnBlacklist: asnBlacklist.value || [],
fingerprintBlacklist: fingerprintBlacklist.value || [],
enableDailyLimit: enableDailyLimit.value,
dailyRequestLimit: dailyRequestLimit.value
})
})
message.success(t('successTip'))
@@ -104,9 +122,11 @@ onMounted(async () => {
<n-space vertical :size="20">
<n-alert :show-icon="false" :bordered="false" type="info">
<div style="line-height: 1.8;">
<div><strong>{{ t("tip_scope") }}</strong></div>
<div> {{ t("tip_ip") }}</div>
<div> {{ t("tip_asn") }}</div>
<div> {{ t("tip_fingerprint") }}</div>
<div> {{ t("tip_daily_limit") }}</div>
</div>
</n-alert>
@@ -164,6 +184,26 @@ onMounted(async () => {
</template>
</n-select>
</n-form-item-row>
<n-divider />
<n-form-item-row :label="t('enable_daily_limit')">
<n-switch v-model:value="enableDailyLimit" :round="false" />
<n-text depth="3" style="margin-left: 10px; font-size: 12px;">
{{ t('enable_daily_limit_tip') }}
</n-text>
</n-form-item-row>
<n-form-item-row :label="t('daily_request_limit')">
<n-input-number
v-model:value="dailyRequestLimit"
:min="1"
:max="1000000"
:placeholder="t('daily_request_limit_placeholder')"
:disabled="!enableDailyLimit"
style="width: 100%;"
/>
</n-form-item-row>
</n-space>
</n-card>
</div>

123
vitepress-docs/docs/.vitepress/en.ts
View File

@@ -2,13 +2,16 @@ import { defineConfig, type DefaultTheme } from 'vitepress'
export const en = defineConfig({
title: "Temp Mail Doc",
lang: 'zh-Hans',
lang: 'en-US',
description: 'CloudFlare Free sending and receiving of temporary domain name mailboxes',
themeConfig: {
outline: 'deep',
nav: nav(),
sidebar: {
'/en/guide/': { base: '/en/guide/', items: sidebarGuide() },
},
editLink: {
pattern: 'https://github.com/dreamhunter2333/cloudflare_temp_email/edit/main/vitepress-docs/docs/:path',
text: 'Edit this page on GitHub'
@@ -18,6 +21,31 @@ export const en = defineConfig({
message: 'Based on MIT license',
copyright: `Copyright © 2023-${new Date().getFullYear()} Dream Hunter`
},
docFooter: {
prev: 'Previous',
next: 'Next'
},
outline: {
level: 'deep',
label: 'On this page'
},
lastUpdated: {
text: 'Last updated',
formatOptions: {
dateStyle: 'short',
timeStyle: 'medium'
}
},
langMenuLabel: 'Language',
returnToTopLabel: 'Return to top',
sidebarMenuLabel: 'Menu',
darkModeSwitchLabel: 'Theme',
lightModeSwitchTitle: 'Switch to light mode',
darkModeSwitchTitle: 'Switch to dark mode'
}
})
@@ -29,15 +57,16 @@ function nav(): DefaultTheme.NavItem[] {
},
{
text: 'Guide',
link: '/en/cli',
link: '/en/guide/quick-start',
activeMatch: '/en/guide/'
},
{
text: 'Service Status',
link: '/status',
link: '/en/status',
},
{
text: 'Reference',
link: '/reference',
link: '/en/reference',
},
{
text: process.env.TAG_NAME || 'v0.2.2',
@@ -54,3 +83,87 @@ function nav(): DefaultTheme.NavItem[] {
}
]
}
function sidebarGuide(): DefaultTheme.SidebarItem[] {
return [
{
text: 'Introduction',
collapsed: false,
items: [
{ text: 'What is Temporary Email', link: 'what-is-temp-mail' },
{ text: 'Star History', link: 'star-history' },
{ text: 'Quick Start', link: 'quick-start' },
]
},
{
text: 'Deploy via Command Line',
collapsed: false,
items: [
{ text: 'CLI Prerequisites', link: 'cli/pre-requisite' },
{ text: 'D1 Database', link: 'cli/d1' },
{ text: 'Cloudflare Workers Backend', link: 'cli/worker' },
{ text: 'Configure Email Routing', link: 'email-routing.md' },
{ text: 'Cloudflare Pages Frontend', link: 'cli/pages' },
{ text: 'Configure Email Sending', link: 'config-send-mail' },
]
},
{
text: 'Deploy via User Interface',
collapsed: false,
items: [
{ text: 'D1 Database', link: 'ui/d1' },
{ text: 'Cloudflare Workers Backend', link: 'ui/worker' },
{ text: 'Configure Email Routing', link: 'email-routing.md' },
{ text: 'Cloudflare Pages Frontend', link: 'ui/pages' },
{ text: 'Configure Email Sending', link: 'config-send-mail' },
]
},
{
text: 'Deploy via Github Actions',
collapsed: true,
items: [
{ text: 'Github Actions Prerequisites', link: 'actions/pre-requisite' },
{ text: 'D1 Database', link: 'actions/d1' },
{ text: 'Github Actions Configuration', link: 'actions/github-action' },
{ text: 'Configure Email Routing', link: 'email-routing.md' },
{ text: 'Configure Email Sending', link: 'config-send-mail' },
{ text: 'Auto-Update Configuration', link: 'actions/auto-update' },
]
},
{
text: 'General',
collapsed: false,
items: [
{ text: 'Worker Variables', link: 'worker-vars' },
{ text: 'Common Issues', link: 'common-issues' },
]
},
{
text: 'Additional Features',
collapsed: false,
items: [
{ text: 'Configure SMTP IMAP Proxy', link: 'feature/config-smtp-proxy' },
{ text: 'Send Email API', link: 'feature/send-mail-api' },
{ text: 'View Email API', link: 'feature/mail-api' },
{ text: 'Configure Subdomain Email', link: 'feature/subdomain' },
{ text: 'Configure Telegram Bot', link: 'feature/telegram' },
{ text: 'Configure S3 Attachments', link: 'feature/s3-attachment' },
{ text: 'Configure WASM Email Parser', link: 'feature/mail_parser_wasm_worker' },
{ text: 'Configure Webhook', link: 'feature/webhook' },
{ text: 'New Address API', link: 'feature/new-address-api' },
{ text: 'OAuth2 Third-party Login', link: 'feature/user-oauth2' },
{ text: 'Enhance with Other Workers', link: 'feature/another-worker-enhanced' },
{ text: 'Add Google Ads', link: 'feature/google-ads.md' },
]
},
{
text: 'Feature Overview',
collapsed: false,
items: [
{ text: 'Admin Console', link: 'feature/admin' },
{ text: 'Admin User Management', link: 'feature/admin-user-management' },
]
},
{ text: 'Reference', base: "/en/", link: 'reference' }
]
}

10
vitepress-docs/docs/en/guide/actions/auto-update.md Normal file
View File

@@ -0,0 +1,10 @@
# How to Configure Auto-Update for GitHub Actions Deployment
::: warning Notice
If you encounter any issues, please report them via `GitHub Issues`. Thank you.
Auto-update will not execute SQL files for the D1 database. When the database schema changes, you need to execute them manually.
:::
1. Open the `Actions` page of the repository, find `Upstream Sync`, and click `enable workflow` to enable the `workflow`
2. If `Upstream Sync` fails, go to the repository homepage and click `Sync` to synchronize manually
3. You can customize the update interval by modifying the `schedule` configuration in `Upstream Sync`, refer to [cron expressions](https://crontab.guru/)

17
vitepress-docs/docs/en/guide/actions/d1.md Normal file
View File

@@ -0,0 +1,17 @@
# Initialize/Update D1 Database
## Create Database
Open the Cloudflare console, select `Workers & Pages` -> `D1` -> `Create Database`, and click to create the database
![d1](/ui_install/d1.png)
After creation, you can see the D1 database in the Cloudflare console and obtain the database `name` and `database ID`
## Initialize Database
After deployment is complete, go to the admin page's `Quick Setup` -> `Database` section and click the `Initialize Database` button to initialize the database
## Update Database Schema
Refer to [Update D1 via Command Line](/en/guide/cli/d1) or [Update D1 via UI](/en/guide/ui/d1)

61
vitepress-docs/docs/en/guide/actions/github-action.md Normal file
View File

@@ -0,0 +1,61 @@
# Deploy via GitHub Actions
::: warning Notice
Currently only supports Worker and Pages deployment.
If you encounter any issues, please report them via `GitHub Issues`. Thank you.
The `worker.dev` domain is inaccessible in China, please use a custom domain
:::
## Deployment Steps
### Fork Repository and Enable Actions
- Fork this repository on GitHub
- Open the `Actions` page of the repository
- Find `Deploy Backend` and click `enable workflow` to enable the `workflow`
- If you need separate frontend and backend deployment, find `Deploy Frontend` and click `enable workflow` to enable the `workflow`
### Configure Secrets
Then go to the repository page `Settings` -> `Secrets and variables` -> `Actions` -> `Repository secrets`, and add the following `secrets`:
- Common `secrets`
| Name | Description |
| ----------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| `CLOUDFLARE_ACCOUNT_ID` | Cloudflare Account ID, [Reference Documentation](https://developers.cloudflare.com/workers/wrangler/ci-cd/#cloudflare-account-id) |
| `CLOUDFLARE_API_TOKEN` | Cloudflare API Token, [Reference Documentation](https://developers.cloudflare.com/workers/wrangler/ci-cd/#api-token) |
- Worker backend `secrets`
| Name | Description |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| `BACKEND_TOML` | Backend configuration file, [see here](/en/guide/cli/worker.html#modify-wrangler-toml-configuration-file) |
| `DEBUG_MODE` | (Optional) Whether to enable debug mode, set to `true` to enable. By default, worker deployment logs are not output to GitHub Actions page, enabling this will output them |
| `BACKEND_USE_MAIL_WASM_PARSER` | (Optional) Whether to use WASM to parse emails, set to `true` to enable. For features, refer to [Configure Worker to use WASM Email Parser](/en/guide/feature/mail_parser_wasm_worker) |
| `USE_WORKER_ASSETS` | (Optional) Deploy Worker with frontend assets, set to `true` to enable |
- Pages frontend `secrets`
> [!warning] Notice
> If you choose to deploy Worker with frontend assets, these `secrets` are not required
| Name | Description |
| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `FRONTEND_ENV` | Frontend configuration file, please copy the content from `frontend/.env.example`, [and modify according to this guide](/en/guide/cli/pages.html) |
| `FRONTEND_NAME` | The project name you created in Cloudflare Pages, can be created via [UI](https://temp-mail-docs.awsl.uk/en/guide/ui/pages.html) or [Command Line](https://temp-mail-docs.awsl.uk/en/guide/cli/pages.html) |
| `FRONTEND_BRANCH` | (Optional) Branch for pages deployment, can be left unconfigured, defaults to `production` |
| `PAGE_TOML` | (Optional) Required when using page functions to forward backend requests. Please copy the content from `pages/wrangler.toml` and modify the `service` field to your worker backend name according to actual situation |
| `TG_FRONTEND_NAME` | (Optional) The project name you created in Cloudflare Pages, same as `FRONTEND_NAME`. Fill this in if you need Telegram Mini App functionality |
### Deploy
- Open the `Actions` page of the repository
- Find `Deploy Backend` and click `Run workflow` to select a branch and deploy manually
- If you need separate frontend and backend deployment, find `Deploy Frontend` and click `Run workflow` to select a branch and deploy manually
## How to Configure Auto-Update
1. Open the `Actions` page of the repository, find `Upstream Sync`, and click `enable workflow` to enable the `workflow`
2. If `Upstream Sync` fails, go to the repository homepage and click `Sync` to synchronize manually

10
vitepress-docs/docs/en/guide/actions/pre-requisite.md Normal file
View File

@@ -0,0 +1,10 @@
# GitHub Actions Deployment Prerequisites
## GitHub Account
- A GitHub account is required
- A stable network connection
## Fork Repository
- Fork [this repository](https://github.com/dreamhunter2333/cloudflare_temp_email.git) on GitHub

30
vitepress-docs/docs/en/guide/cli/d1.md Normal file
View File

@@ -0,0 +1,30 @@
# Initialize/Update D1 Database
When executing the wrangler login command for the first time, you will be prompted to log in. Follow the prompts to complete the login process.
## Initialize Database
```bash
cd worker
cp wrangler.toml.template wrangler.toml
# Create D1 and execute schema.sql
wrangler d1 create dev
wrangler d1 execute dev --file=../db/schema.sql --remote
```
After creation, you can see the D1 database in the Cloudflare console.
![D1](/readme_assets/d1.png)
## Update Database Schema
For `schema` updates, please confirm your previously deployed version.
Check the [Changelog](https://github.com/dreamhunter2333/cloudflare_temp_email/blob/main/CHANGELOG.md)
Find the `patch` file you need to execute and run it, for example:
```bash
cd worker
wrangler d1 execute dev --file=../db/2024-01-13-patch.sql --remote
wrangler d1 execute dev --file=../db/2024-04-03-patch.sql --remote
```

51
vitepress-docs/docs/en/guide/cli/pages.md Normal file
View File

@@ -0,0 +1,51 @@
# Cloudflare Pages Frontend
> [!warning] Notice
> Choose one of the following methods
## Deploy Worker with Frontend Assets
Refer to [Deploy Worker](/en/guide/cli/worker#deploy-worker-with-frontend-optional)
## Separate Frontend and Backend Deployment
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
```bash
cd frontend
pnpm install
cp .env.example .env.prod
```
Modify the `.env.prod` file.
Change `VITE_API_BASE` to the `worker` `url` created in the previous step. Do not add `/` at the end.
For example: `VITE_API_BASE=https://xxx.xxx.workers.dev`
```bash
pnpm build --emptyOutDir
# The first deployment will prompt you to create a project, for production branch enter production
pnpm run deploy
```
After deployment, you can see your project in the Cloudflare console. You can configure a custom domain for `pages`.
![pages](/readme_assets/pages.png)
## Forward Backend Requests Through Page Functions
Forwarding requests from page functions to the worker backend can achieve faster response times.
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
If your worker backend name is not `cloudflare_temp_email`, please modify `pages/wrangler.toml`.
```bash
cd frontend
pnpm install
# If you want to enable Cloudflare Zero Trust, you need to use pnpm build:pages:nopwa to disable caching
pnpm build:pages
cd ../pages
pnpm run deploy
```

17
vitepress-docs/docs/en/guide/cli/pre-requisite.md Normal file
View File

@@ -0,0 +1,17 @@
# Prerequisites
## Installing wrangler
Install wrangler
```bash
npm install wrangler -g
```
## Clone the Project
```bash
git clone https://github.com/dreamhunter2333/cloudflare_temp_email.git
# Switch to the latest tag or the branch you want to deploy, you can also use the main branch directly
# git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
```

147
vitepress-docs/docs/en/guide/cli/worker.md Normal file
View File

@@ -0,0 +1,147 @@
# Cloudflare Worker Backend
> [!warning] Notice
> The `worker.dev` domain is not accessible in China, please use a custom domain
## Initialize Project
```bash
cd worker
pnpm install
cp wrangler.toml.template wrangler.toml
```
## Create KV Cache
> [!NOTE]
> If you want to enable user registration and need to send email verification, you need to create a `KV` cache. You can skip this step if not needed.
> If you need Telegram Bot, you need to create a `KV` cache. You can skip this step if not needed.
Create KV cache through command line, or create it in the Cloudflare console, then copy the corresponding configuration to the `wrangler.toml` file.
```bash
wrangler kv:namespace create DEV
```
## Modify `wrangler.toml` Configuration File
> [!NOTE] Note
> For more variable configurations, please check [Worker Variables Documentation](/en/guide/worker-vars)
```toml
name = "cloudflare_temp_email"
main = "src/worker.ts"
compatibility_date = "2024-09-23"
compatibility_flags = [ "nodejs_compat" ]
# If you want to use a custom domain, you need to add routes configuration
# routes = [
# { pattern = "temp-email-api.xxxxx.xyz", custom_domain = true },
# ]
# If you want to deploy a worker with frontend assets, you need to add assets configuration
# [assets]
# directory = "../frontend/dist/"
# binding = "ASSETS"
# run_worker_first = true
# If you want to use scheduled tasks to clean up emails, uncomment the following and modify the cron expression
# [triggers]
# crons = [ "0 0 * * *" ]
# Send emails through Cloudflare
# send_email = [
# { name = "SEND_MAIL" },
# ]
[vars]
# Email name prefix, can be configured as an empty string or not configured if no prefix is needed
PREFIX = "tmp"
# All domains used for temporary email, supports multiple domains
DOMAINS = ["xxx.xxx1" , "xxx.xxx2"]
# Secret key for generating JWT, JWT is used for user login and authentication
JWT_SECRET = "xxx"
# Admin console password, if not configured, console access is not allowed
# ADMIN_PASSWORDS = ["123", "456"]
# Whether to allow users to create emails, not allowed if not configured
ENABLE_USER_CREATE_EMAIL = true
# Allow users to delete emails, not allowed if not configured
ENABLE_USER_DELETE_EMAIL = true
# D1 database name and ID can be viewed in the Cloudflare console
[[d1_databases]]
binding = "DB"
database_name = "xxx" # D1 database name
database_id = "xxx" # D1 database ID
# KV config for user registration email verification, can be skipped if user registration is not enabled or registration verification is not enabled
# [[kv_namespaces]]
# binding = "KV"
# id = "xxxx"
# Rate limit configuration for new address /api/new_address
# [[unsafe.bindings]]
# name = "RATE_LIMITER"
# type = "ratelimit"
# namespace_id = "1001"
# # 10 requests per minute
# simple = { limit = 10, period = 60 }
# Bind other workers to process emails, for example, using auth-inbox AI capabilities to parse verification codes or activation links
# [[services]]
# binding = "AUTH_INBOX"
# service = "auth-inbox"
```
## Deploy Worker with Frontend (Optional)
> [!NOTE]
> If you don't need a [worker with frontend], you can skip this step.
> Refer to the frontend deployment documentation later for separate frontend and backend deployment.
Ensure the frontend assets are built to the `frontend/dist` directory.
```bash
cd frontend
pnpm install --no-frozen-lockfile
pnpm build:pages
```
Add the following configuration to the `wrangler.toml` file in the `worker` directory.
```toml
[assets]
directory = "../frontend/dist/"
binding = "ASSETS"
run_worker_first = true
```
## Telegram Bot Configuration
> [!NOTE]
> If you don't need Telegram Bot, you can skip this step.
Please create a Telegram Bot first, then get the `token`, and execute the following command to add the `token` to secrets.
```bash
pnpm wrangler secret put TELEGRAM_BOT_TOKEN
```
## Deploy
The first deployment will prompt you to create a project. For the `production` branch, enter `production`.
```bash
pnpm run deploy
```
After successful deployment, you can see the `worker` `url` in the routes, and the console will also output the `worker` `url`.
![worker](/readme_assets/worker.png)
> [!NOTE]
> Open the `worker` `url`, if it displays `OK`, the deployment is successful.
>
> Open `/health_check`, if it displays `OK`, the deployment is successful.

41
vitepress-docs/docs/en/guide/common-issues.md Normal file
View File

@@ -0,0 +1,41 @@
# Common Issues
> [!NOTE] Note
> If you don't find a solution here, please search or ask in `Github Issues`, or ask in the Telegram group.
## General
| Issue | Solution |
| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------- |
| Sending emails to authenticated forwarding addresses using Cloudflare Workers | Use CF's API for sending, only supports recipient addresses bound to CF, i.e., CF EMAIL forwarding destination addresses |
| Binding multiple domains | Each domain needs to configure email forwarding to worker |
## Worker Related
| Issue | Solution |
| ------------------------------------------------------------------ | --------------------------------------------------------------------------- |
| `Uncaught Error: No such module "path". imported from "worker.js"` | [Reference](/en/guide/ui/worker) |
| `No such module "node:stream". imported from "worker.js"` | [Reference](/en/guide/ui/worker) |
| `Subdomain cannot send emails` | [Reference](https://github.com/dreamhunter2333/cloudflare_temp_email/issues/515) |
| `Failed to send verify code: No balance` | Set unlimited emails in admin console or increase quota on the sending permission page |
| `Github OAuth unable to get email 400 Failed to get user email` | GitHub user needs to set email to public |
| `Cannot read properties of undefined (reading 'map')` | Worker variables not set successfully |
## Pages Related
| Issue | Solution |
| --------------- | --------------------------------------------------------- |
| `network error` | Use incognito mode or clear browser cache and DNS cache |
## Telegram Bot
| Issue | Solution |
| -------------------------------------------------------------------------- | -------------------------------------------------------------- |
| `Telgram Bot failed to get email: 400: Bad Request:BUTTON_URL_INVALID` | tg mini app URL is incorrect, should be the pages URL |
| `Telegram bot bind error: bind adress count reach the limit` | Need to set worker variable `TG_MAX_ADDRESS` |
## Github Actions
| Issue | Solution |
| ---------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| After Github Action deployment, CF always shows preview branch | Go to CF pages settings to confirm that the frontend branch matches the Github Action frontend deployment branch |

84
vitepress-docs/docs/en/guide/config-send-mail.md Normal file
View File

@@ -0,0 +1,84 @@
# Configure Email Sending
::: warning Note
All three methods can be configured simultaneously. When sending emails, it will prioritize using `resend`, if `resend` is not configured, it will use `smtp`.
If a Cloudflare authenticated forwarding email address is configured, CF's internal API will be prioritized for sending emails
:::
## Send Emails Using Resend
Register at `https://resend.com/domains` and add DNS records according to the instructions.
Create an `api key` on the `API KEYS` page.
Then execute the following command to add `RESEND_TOKEN` to secrets:
> [!NOTE]
> If you find this troublesome, you can also put it directly in plain text under `[vars]` in `wrangler.toml`, but this is not recommended
If you deployed through the UI, you can add it under `Variables and Secrets` in the Cloudflare UI interface.
```bash
# Switch to worker directory
cd worker
wrangler secret put RESEND_TOKEN
```
If you have multiple domains with different `api keys`, you can add multiple secrets in `wrangler.toml`, named `RESEND_TOKEN_` + `<UPPERCASE DOMAIN WITH . REPLACED BY _>`, for example:
```bash
wrangler secret put RESEND_TOKEN_XXX_COM
wrangler secret put RESEND_TOKEN_DREAMHUNTER2333_XYZ
```
## Send Emails Using SMTP
The format of `SMTP_CONFIG` is as follows, where key is the domain name and value is the SMTP configuration. For SMTP configuration format details, refer to [zou-yu/worker-mailer](https://github.com/zou-yu/worker-mailer/blob/main/README_zh-CN.md)
```json
{
"awsl.uk": {
"host": "smtp.xxx.com",
"port": 465,
"secure": true,
"authType": [
"plain",
"login"
],
"credentials": {
"username": "username",
"password": "password"
}
}
}
```
Then execute the following command to add `SMTP_CONFIG` to secrets:
> [!NOTE]
> If you find this troublesome, you can also put it directly in plain text under `[vars]` in `wrangler.toml`, but this is not recommended
If you deployed through the UI, you can add it under `Variables and Secrets` in the Cloudflare UI interface.
```bash
# Switch to worker directory
cd worker
wrangler secret put SMTP_CONFIG
```
## Send Emails to Authenticated Forwarding Addresses on Cloudflare
Only supported for CLI deployment, add `send_email` configuration in `wrangler.toml`.
The destination email address must be an authenticated email address on Cloudflare, which has significant limitations. If you need to send emails to other addresses, you can use `resend` or `smtp` to send emails.
```toml
# Send emails through Cloudflare
send_email = [
{ name = "SEND_MAIL" },
]
```
Admin console account configuration `Verified address list (can send emails through CF internal API)`

9
vitepress-docs/docs/en/guide/email-routing.md Normal file
View File

@@ -0,0 +1,9 @@
# Cloudflare Email Routing
1. In the CF console for the corresponding domain under `Email Routing`, configure the `Email DNS records`. If there are multiple domains, you need to configure `Email DNS records` for each domain.
2. Before binding an email address to your Worker, you need to enable email routing and have at least one verified email address (destination address).
3. Configure the `Catch-all address` in the routing rules of each domain's `Email Routing` to send to `worker`.
![email](/readme_assets/email.png)

11
vitepress-docs/docs/en/guide/feature/admin-user-management.md Normal file
View File

@@ -0,0 +1,11 @@
# Admin User Management
## User Management Page
![admin-user-management](/feature/admin-user-management.png)
## User Settings
Configure user login and authentication settings here
![admin-user-page](/feature/admin-user-page.png)

15
vitepress-docs/docs/en/guide/feature/admin.md Normal file
View File

@@ -0,0 +1,15 @@
# Admin Console
> [!NOTE]
> You need to configure `ADMIN_PASSWORDS` or `ADMIN_USER_ROLE` to access the admin console
> Admin role configuration: if the user role equals ADMIN_USER_ROLE, they can access the admin console
After deploying the frontend application, click the upper-left logo 5 times or visit the `/admin` path to enter the management console.
You need to configure `ADMIN_PASSWORDS` in the backend or ensure the current user role is `ADMIN_USER_ROLE`, otherwise access to the console will be denied.
![admin](/feature/admin.png)
## If your website is for private access only, you can disable this check
`DISABLE_ADMIN_PASSWORD_CHECK = true`

144
vitepress-docs/docs/en/guide/feature/another-worker-enhanced.md Normal file
View File

@@ -0,0 +1,144 @@
# Enhancement via Another Worker
> The core capability of temporary email is email management. Other workers can enhance temporary email functionality, for example, auth-inbox AI can parse verification codes or activation links
> This feature only triggers other workers and executes after webhook
> [!NOTE]
> If you want to use worker enhancement, please create a worker that can be called via RPC in advance, details below
> References:
> - https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/rpc/
> - https://developers.cloudflare.com/workers/runtime-apis/rpc/
> - auth-inbox project: https://github.com/TooonyChen/AuthInbox
## Create Another Worker (using auth-inbox AI verification code parsing as an example)
### Transform Worker to Extend WorkerEntrypoint
A simple worker code that acts as a callee providing RPC method calls is as follows (the rpcEmail method is an example)
(Using the already modified project https://github.com/oneisall8955/AuthInbox-fork)
src/index.ts file
```js
import { WorkerEntrypoint } from "cloudflare:workers";
interface Env {
DB: D1Database;
// ...
}
export default class extends WorkerEntrypoint<Env> {
async fetch(request: Request): Promise<Response> {
console.log("Original fetch interface parameter is request,env,ctx");
console.log("After modifying to WorkerEntrypoint style, there's only one parameter request, getting environment variables and context has slight changes");
// Environment variable and context changes see:
// https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/rpc/#bindings-env
// https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/rpc/#lifecycle-methods-ctx
const env: Env = this.env;
const ctx: ExecutionContext = this.ctx;
console.log("Subsequent logic remains unchanged");
return new Response('ok', { status: 200 });
}
// Main functionality
async email(message: ForwardableEmailMessage): Promise<void> {
console.log("Original fetch interface parameter is message,env,ctx");
console.log("After modifying to WorkerEntrypoint style, there's only one parameter message, getting environment variables and context is the same as fetch method");
const env: Env = this.env;
const ctx: ExecutionContext = this.ctx;
console.log("After receiving email routing request, subsequent logic remains unchanged");
}
// Expose RPC interface to handle email requests from other workers
async rpcEmail(requestBody: string): Promise<void> {
console.log(`Received request from another worker (temporary email service cloudflare_temp_email), request body: ${requestBody}`);
// requestBody is in JSON format, sent by temporary email service, format as follows
// type RPCEmailMessage = {
// from: string | undefined | null,
// to: string | undefined | null,
// rawEmail: string | undefined | null,
// headers: Map<string, string>,
// }
// ... todo ...
}
}
```
### Deploy Another Worker
After modification, or using auth-inbox as an example, deploy to Cloudflare Worker. See https://github.com/TooonyChen/AuthInbox, or use the already modified project https://github.com/oneisall8955/AuthInbox-fork
## Configure Temporary Email Service to Use Specified Worker Enhancement
## Bind Service
### Configure via wrangler.toml
```toml
[[services]]
binding = "AUTH_INBOX"
service = "auth-inbox"
```
Here `binding = "AUTH_INBOX"` can be customized to any string, `service = "auth-inbox"` is the name of the deployed worker that provides RPC interface calls.
### User Interface Configuration
In Settings - Bindings, add binding, select binding service.
Fill in the variable name with a custom name, can be any string, for example `AUTH_INBOX`.
Select the service created in the previous step for service binding, for example `auth-inbox`.
![another-worker-enhanced-01.png](/feature/another-worker-enhanced-01.png)
![another-worker-enhanced-02.png](/feature/another-worker-enhanced-02.png)
## Environment Variable Configuration
### Configure via wrangler.toml
```toml
ENABLE_ANOTHER_WORKER = true
ANOTHER_WORKER_LIST ="""
[
{
"binding":"AUTH_INBOX",
"method":"rpcEmail",
"keywords":[
"","","","","","","","","","","","","","","","","","",
"account","activation","verify","verification","activate","confirmation","email","code","validate","registration","login","code","expire","confirm"
]
}
]
"""
```
Environment variable explanation:
- ENABLE_ANOTHER_WORKER = true: Default is false, set to true to enable other workers to process emails
- ANOTHER_WORKER_LIST is a JSON array, each object contains 3 fields
- binding: *Required, must match the binding = "XXX" specified in the services section*, in the example it's AUTH_INBOX
- method: Optional, default is rpcEmail, refers to which RPC method of this worker to call for processing
- keywords: Keyword array, case-insensitive. Used for filtering, if the *parsed email text* matches these keywords, this worker is triggered and the worker's `method` method is called
### User Interface Configuration
In Settings - Environment Variables, add environment variables
- ENABLE_ANOTHER_WORKER = true
- ANOTHER_WORKER_LIST is the JSON array string mentioned above, no further explanation needed, see above for detailed description
```json
[
{
"binding":"AUTH_INBOX",
"method":"rpcEmail",
"keywords":[
"验证码","激活码","激活链接","确认链接","验证邮箱","确认邮件","账号激活","邮件验证","账户确认","安全码","认证码","安全验证","登陆码","确认码","启用账户","激活账户","账号验证","注册确认",
"account","activation","verify","verification","activate","confirmation","email","code","validate","registration","login","code","expire","confirm"
]
}
]
```
![another-worker-enhanced-03.png](/feature/another-worker-enhanced-03.png)
## Testing
Send an email to the temporary mailbox, observe the worker logs, or check the verification code on the panel provided by auth-inbox
![another-worker-enhanced-04.png](/feature/another-worker-enhanced-04.png)

60
vitepress-docs/docs/en/guide/feature/config-smtp-proxy.md Normal file
View File

@@ -0,0 +1,60 @@
# Setting Up SMTP IMAP Proxy Service
::: warning Notice
If you are using `resend`, you can directly use `resend`'s `SMTP` service without needing this service
:::
## Why Do You Need SMTP IMAP Proxy Service
`SMTP` and `IMAP` have a wider range of application scenarios
## How to Set Up SMTP IMAP Proxy Service
### Local Run
```bash
cd smtp_proxy_server/
# Copy configuration file and modify it
# Your worker address, proxy_url=https://temp-email-api.xxx.xxx
# Your SMTP service port, port=8025
cp .env.example .env
python3 -m venv venv
./venv/bin/python3 -m pip install -r requirements.txt
./venv/bin/python3 main.py
```
### Docker Run
```bash
cd smtp_proxy_server/
docker-compose up -d
```
Modify the environment variables in docker-compose.yaml, note to choose the appropriate `tag`
`proxy_url` is the URL address of the `worker`
```yaml
services:
smtp_proxy_server:
image: ghcr.io/dreamhunter2333/cloudflare_temp_email/smtp_proxy_server:latest
# build:
# context: .
# dockerfile: dockerfile
container_name: "smtp_proxy_server"
ports:
- "8025:8025"
- "11143:11143"
environment:
- proxy_url=https://temp-email-api.xxx.xxx
- port=8025
- imap_port=11143
```
## Using Thunderbird to Login
Download [Thunderbird](https://www.thunderbird.net/en-US/)
For password, enter the `email address credential`
![imap](/feature/imap.png)

29
vitepress-docs/docs/en/guide/feature/google-ads.md Normal file
View File

@@ -0,0 +1,29 @@
# Adding Google Ads to Your Website
## Command Line Deployment
Modify the `.env.prod` file
Add the following two variables, refer to [Google AdSense](https://www.google.com/adsense/start/) for specific values
```txt
VITE_GOOGLE_AD_CLIENT=ca-pub-123456
VITE_GOOGLE_AD_SLOT=123456
```
Then execute the following commands to redeploy pages.
```bash
pnpm build --emptyOutDir
# For first deployment, you'll be prompted to create a project, fill in production for the production branch
pnpm run deploy
```
## GitHub Action Deployment
Modify `FRONTEND_ENV`, add the following two variables, refer to [Google AdSense](https://www.google.com/adsense/start/) for specific values, then redeploy pages.
```txt
VITE_GOOGLE_AD_CLIENT=ca-pub-123456
VITE_GOOGLE_AD_SLOT=123456
```

66
vitepress-docs/docs/en/guide/feature/mail-api.md Normal file
View File

@@ -0,0 +1,66 @@
# Mail API
## Viewing Emails via Mail API
This is a `python` example using the `requests` library to view emails.
```python
limit = 10
offset = 0
res = requests.get(
f"https://<your-worker-address>/api/mails?limit={limit}&offset={offset}",
headers={
"Authorization": f"Bearer {your-JWT-password}",
# "x-custom-auth": "<your-website-password>", # If custom password is enabled
"Content-Type": "application/json"
}
)
```
## Admin Mail API
Supports `address` filter and `keyword` filter
```python
import requests
url = "https://<your-worker-address>/admin/mails"
querystring = {
"limit":"20",
"offset":"0",
# address and keyword are optional parameters
"address":"xxxx@awsl.uk",
"keyword":"xxxx"
}
headers = {"x-admin-auth": "<your-Admin-password>"}
response = requests.get(url, headers=headers, params=querystring)
print(response.json())
```
## User Mail API
Supports `address` filter and `keyword` filter
```python
import requests
url = "https://<your-worker-address>/user_api/mails"
querystring = {
"limit":"20",
"offset":"0",
# address and keyword are optional parameters
"address":"xxxx@awsl.uk",
"keyword":"xxxx"
}
headers = {"x-admin-auth": "<your-Admin-password>"}
response = requests.get(url, headers=headers, params=querystring)
print(response.json())
```

82
vitepress-docs/docs/en/guide/feature/mail_parser_wasm_worker.md Normal file
View File

@@ -0,0 +1,82 @@
# mail-parser-wasm-worker
> [!NOTE]
> If you are using webhook forwarding or telegram bot to receive emails, but the email content is garbled or cannot be parsed, and you have higher requirements for parsing, you can use this feature.
## UI Deployment
1. Download [worker-with-wasm-mail-parser.zip](https://github.com/dreamhunter2333/cloudflare_temp_email/releases/latest/download/worker-with-wasm-mail-parser.zip)
2. Go back to `Overview`, find the worker you just created, click `Edit Code`, delete the original files, upload `worker.js` and files with `wasm` extension, click `Deploy`
> [!NOTE]
> To upload, first click Explorer in the left menu,
> Right-click in the file list window and find `Upload` in the context menu,
> Please refer to the screenshot below
>
> Reference: [issues156](https://github.com/dreamhunter2333/cloudflare_temp_email/issues/156#issuecomment-2079453822)
![worker2](/ui_install/worker-2.png)
![worker-upload](/ui_install/worker-upload.png)
## CLI Deployment
### Modify Code
```bash
cd worker
pnpm add mail-parser-wasm-worker
```
Edit `worker/src/common.ts`, uncomment this code to use mail-parser-wasm-worker to parse emails
```ts
export const commonParseMail = async (raw_mail: string | undefined | null): Promise<{
sender: string,
subject: string,
text: string,
html: string
} | undefined> => {
if (!raw_mail) {
return undefined;
}
// Uncomment this code to use mail-parser-wasm-worker to parse emails start
// TODO: WASM parse email
try {
const { parse_message_wrapper } = await import('mail-parser-wasm-worker');
const parsedEmail = parse_message_wrapper(raw_mail);
return {
sender: parsedEmail.sender || "",
subject: parsedEmail.subject || "",
text: parsedEmail.text || "",
headers: parsedEmail.headers || [],
html: parsedEmail.body_html || "",
};
} catch (e) {
console.error("Failed use mail-parser-wasm-worker to parse email", e);
}
// Uncomment this code to use mail-parser-wasm-worker to parse emails end
try {
const { default: PostalMime } = await import('postal-mime');
const parsedEmail = await PostalMime.parse(raw_mail);
return {
sender: parsedEmail.from ? `${parsedEmail.from.name} <${parsedEmail.from.address}>` : "",
subject: parsedEmail.subject || "",
text: parsedEmail.text || "",
html: parsedEmail.html || "",
};
}
catch (e) {
console.error("Failed use PostalMime to parse email", e);
}
return undefined;
}
```
### Deploy
```bash
cd worker
pnpm run deploy
```

92
vitepress-docs/docs/en/guide/feature/new-address-api.md Normal file
View File

@@ -0,0 +1,92 @@
# Create New Email Address API
## Create Email Address via Admin API
This is a `python` example using the `requests` library to send emails.
```python
res = requests.post(
# Replace xxxx.xxxx with your worker domain
"https://xxxx.xxxx/admin/new_address",
json={
# Enable prefix (True/False)
"enablePrefix": True,
"name": "<email_name>",
"domain": "<email_domain>",
},
headers={
'x-admin-auth': "<your_website_admin_password>",
"Content-Type": "application/json"
}
)
# Returns {"jwt": "<Jwt>"}
print(res.json())
```
## Batch Create Random Username Email Addresses API Example
### Batch Create Email Addresses via Admin API
This is a `python` example using the `requests` library to send emails.
```python
import requests
import random
import string
from concurrent.futures import ThreadPoolExecutor, as_completed
def generate_random_name():
# Generate 5 lowercase letters
letters1 = ''.join(random.choices(string.ascii_lowercase, k=5))
# Generate 1-3 digits
numbers = ''.join(random.choices(string.digits, k=random.randint(1, 3)))
# Generate 1-3 lowercase letters
letters2 = ''.join(random.choices(string.ascii_lowercase, k=random.randint(1, 3)))
# Combine into final name
return letters1 + numbers + letters2
def fetch_email_data(name):
try:
res = requests.post(
"https://<worker_domain>/admin/new_address",
json={
"enablePrefix": True,
"name": name,
"domain": "<email_domain>",
},
headers={
'x-admin-auth': "<your_website_admin_password>",
"Content-Type": "application/json"
}
)
if res.status_code == 200:
response_data = res.json()
email = response_data.get("address", "no address")
jwt = response_data.get("jwt", "no jwt")
return f"{email}----{jwt}\n"
else:
print(f"Request failed, status code: {res.status_code}")
return None
except requests.RequestException as e:
print(f"Request error: {e}")
return None
def generate_and_save_emails(num_emails):
with ThreadPoolExecutor(max_workers=30) as executor, open('email.txt', 'a') as file:
futures = [executor.submit(fetch_email_data, generate_random_name()) for _ in range(num_emails)]
for future in as_completed(futures):
result = future.result()
if result:
file.write(result)
# Generate 10 emails and append to existing file
generate_and_save_emails(10)
```

34
vitepress-docs/docs/en/guide/feature/s3-attachment.md Normal file
View File

@@ -0,0 +1,34 @@
# Configure S3 Attachments
## Configuration
> [!NOTE]
> If you don't need S3 attachments, you can skip this step
Create an R2 bucket in Cloudflare. You can also use other S3 services (please submit an issue if you encounter bugs).
Reference: [Configure Cloudflare R2 cors](https://developers.cloudflare.com/r2/buckets/cors/#add-cors-policies-from-the-dashboard)
Reference: [Cloudflare R2 s3 token](https://developers.cloudflare.com/r2/api/s3/tokens/) to create a token, obtain `ENDPOINT`, `Access Key ID` and `Secret Access Key`, then execute the following commands to add them to secrets
> [!NOTE]
> You can also add `secrets` in the Cloudflare worker UI interface
```bash
cd worker
pnpm wrangler secret put S3_ENDPOINT
pnpm wrangler secret put S3_ACCESS_KEY_ID
pnpm wrangler secret put S3_SECRET_ACCESS_KEY
# Note: Replace bucket with your bucket name
pnpm wrangler secret put S3_BUCKET
```
## Usage
Save attachment
![S3 save](/feature/s3-save.png)
Download attachment
![S3 download](/public/feature/s3-download.png)

67
vitepress-docs/docs/en/guide/feature/send-mail-api.md Normal file
View File

@@ -0,0 +1,67 @@
# Send Email API
## Send Email via HTTP API
This is a `python` example using the `requests` library to send emails.
```python
send_body = {
"from_name": "Sender Name",
"to_name": "Recipient Name",
"to_mail": "Recipient Address",
"subject": "Email Subject",
"is_html": False, # Set whether it's HTML based on content
"content": "<Email content: html or text>",
}
res = requests.post(
"http://localhost:8787/api/send_mail",
json=send_body, headers={
"Authorization": f"Bearer {your_JWT_password}",
# "x-custom-auth": "<your_website_password>", # If custom password is enabled
"Content-Type": "application/json"
}
)
# Using body authentication
send_body = {
"token": "<your_JWT_password>",
"from_name": "Sender Name",
"to_name": "Recipient Name",
"to_mail": "Recipient Address",
"subject": "Email Subject",
"is_html": False, # Set whether it's HTML based on content
"content": "<Email content: html or text>",
}
res = requests.post(
"http://localhost:8787/external/api/send_mail",
json=send_body, headers={
"Content-Type": "application/json"
}
)
```
## Send Email via SMTP
Please first refer to [Configure SMTP Proxy](/en/guide/feature/config-smtp-proxy.html).
This is a `python` example using the `smtplib` library to send emails.
`JWT Token Password`: This is the email login password, which can be viewed in the password menu in the UI interface.
```python
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
with smtplib.SMTP('localhost', 8025) as smtp:
smtp.login("jwt", "Enter your JWT token password here")
message = MIMEMultipart()
message['From'] = "Me <me@awsl.uk>"
message['To'] = "Admin <admin@awsl.uk>"
message['Subject'] = "Test Subject"
message.attach(MIMEText("Test Content", 'html'))
smtp.sendmail("me@awsl.uk", "admin@awsl.uk", message.as_string())
```

11
vitepress-docs/docs/en/guide/feature/subdomain.md Normal file
View File

@@ -0,0 +1,11 @@
# Configure Subdomain Email
::: warning Note
Subdomain emails may not be able to send emails. It is recommended to use main domain emails for sending and subdomain emails only for receiving.
Mail channel is no longer supported. The reference below is limited to the receiving part only.
:::
Reference
- [Configure Subdomain Email](https://github.com/dreamhunter2333/cloudflare_temp_email/issues/164#issuecomment-2082612710)

66
vitepress-docs/docs/en/guide/feature/telegram.md Normal file
View File

@@ -0,0 +1,66 @@
# Configure Telegram Bot
Try it here: [@cf_temp_mail_bot](https://t.me/cf_temp_mail_bot)
::: warning Note
The default `worker.dev` domain certificate for worker is not supported by Telegram. Please use a custom domain when configuring Telegram Bot.
:::
> [!NOTE]
> If you want to use Telegram Bot, please bind `KV` first
>
> If you don't need Telegram Bot, you can skip this step
>
> If you want Telegram to have stronger email parsing capabilities, refer to [Configure worker to use wasm for email parsing](/en/guide/feature/mail_parser_wasm_worker)
## Telegram Bot Configuration
Please first create a Telegram Bot, obtain the `token`, then execute the following command to add the `token` to secrets
> [!NOTE]
> If you find it troublesome, you can also put it in plain text under `[vars]` in `wrangler.toml`, but this is not recommended
If you deployed via UI, you can add it under `Variables and Secrets` in the Cloudflare UI interface
```bash
# Switch to worker directory
cd worker
pnpm wrangler secret put TELEGRAM_BOT_TOKEN
```
## Bot
- Can set whitelist users
- Click `Initialize` to complete the configuration.
- Click `View Status` to check the current configuration status.
![telegram](/feature/telegram.png)
## Mini App
Can be deployed via command line or UI interface
### UI Deployment
For other steps, refer to `Frontend and Backend Separation Deployment` in [UI Deployment](/en/guide/cli/pages)
> [!NOTE]
> Download the zip from here, [telegram-frontend.zip](https://github.com/dreamhunter2333/cloudflare_temp_email/releases/latest/download/telegram-frontend.zip)
>
> Modify the index-xxx.js file in the zip, where xx is a random string
>
> Search for `https://temp-email-api.xxx.xxx`, replace it with your worker domain, then deploy the new zip file
### Command Line Deployment
```bash
cd frontend
pnpm install
cp .env.example .env.prod
# --project-name can create a separate pages for mini app, you can also share one pages, but may encounter js loading issues
pnpm run deploy:telegram --project-name=<your_project_name>
```
- After deployment, please fill in the web URL in the `Settings` -> `Telegram Mini App` page `Telegram Mini App URL` in the admin backend.
- Please execute `/setmenubutton` in `@BotFather`, then enter your web address to set the `Open App` button in the lower left corner.
- Please execute `/newapp` in `@BotFather` to create a new app and register the mini app.

26
vitepress-docs/docs/en/guide/feature/user-oauth2.md Normal file
View File

@@ -0,0 +1,26 @@
# OAuth2 Third-Party Login
> [!WARNING] Note
> Third-party login will automatically register an account using the user's email (emails with the same address will be considered the same account)
>
> This account is the same as a registered account and can also set a password through the forgot password feature
## Register OAuth2 on Third-Party Platforms
### GitHub
- Please first create an OAuth App, then obtain the `Client ID` and `Client Secret`
Reference: [Creating an OAuth App](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app)
### Authentik
- [Authentik OAuth2 Provider](https://docs.goauthentik.io/docs/providers/oauth2/)
## Configure OAuth2 in Admin Backend
![oauth2](/feature/oauth2.png)
## Test User Login Page
![oauth2 login](/feature/oauth2-login.png)

44
vitepress-docs/docs/en/guide/feature/webhook.md Normal file
View File

@@ -0,0 +1,44 @@
# Configure Webhook
> [!NOTE]
> If you want to use webhook, please bind `KV` first and configure the `worker` variable `ENABLE_WEBHOOK = true`
>
> If you want webhook to have stronger email parsing capabilities, refer to [Configure worker to use wasm for email parsing](/en/guide/feature/mail_parser_wasm_worker)
## Prerequisites
You need to set up your own `webhook service` or use a `third-party platform`. This service needs to be able to receive `POST` requests and parse `json` data.
This project uses [songquanpeng/message-pusher](https://github.com/songquanpeng/message-pusher) as an example webhook service.
- You can use the service provided by [msgpusher.com](https://msgpusher.com)
- You can also self-host the `message-pusher` service, refer to [songquanpeng/message-pusher](https://github.com/songquanpeng/message-pusher)
## Admin Configure Global Webhook
![telegram](/feature/admin-mail-webhook.png)
## Admin Allow Email to Use Webhook
![telegram](/feature/admin-webhook-settings.png)
## Configure Webhook for a Specific Email
![telegram](/feature/address-webhook.png)
## Webhook Data Format
To get the url, you need to configure the worker's `FRONTEND_URL` to your frontend address, or you can construct the url yourself using `id` = `${FRONTEND_URL}?mail_id=${id}`
```json
{
"id": "${id}",
"url": "${url}",
"from": "${from}",
"to": "${to}",
"subject": "${subject}",
"raw": "${raw}",
"parsedText": "${parsedText}",
"parsedHtml": "${parsedHtml}",
}
```

42
vitepress-docs/docs/en/guide/quick-start.md Normal file
View File

@@ -0,0 +1,42 @@
# Quick Start
## Before You Begin
You need a `good network environment` and a `Cloudflare account`. Open the [Cloudflare Dashboard](https://dash.cloudflare.com/)
Please choose one of the three deployment methods below:
- [Deploy via Command Line](/en/guide/cli/pre-requisite)
- [Deploy via User Interface](/en/guide/ui/d1)
- [Deploy via Github Actions](/en/guide/actions/pre-requisite)
### You can also refer to detailed tutorials provided by the community
- [【Tutorial】Beginner-Friendly Guide to Building Your Own Cloudflare Temporary Email (Domain Email)](https://linux.do/t/topic/316819/1)
## Upgrade Process
First, confirm your current version, then visit the [Release page](https://github.com/dreamhunter2333/cloudflare_temp_email/releases/) and [CHANGELOG page](https://github.com/dreamhunter2333/cloudflare_temp_email/blob/main/CHANGELOG.md) to find your current version.
> [!WARNING] Warning
> Pay attention to `Breaking Changes` which require `database SQL execution` or `configuration changes`.
Then review all changes from your current version onwards. Note that `Breaking Changes` require `database SQL execution` or `configuration changes`, while other feature updates can be configured as needed.
Then refer to the documentation below to use `CLI` or `UI` to redeploy the `worker` and `pages` over the previous deployment.
### CLI Deployment
- [Update D1 via Command Line](/en/guide/cli/d1)
- [Deploy Worker via Command Line](/en/guide/cli/worker)
- [Deploy Pages via Command Line](/en/guide/cli/pages)
### UI Deployment
- [Update D1 via User Interface](/en/guide/ui/d1)
- [Deploy Worker via User Interface](/en/guide/ui/worker)
- [Deploy Pages via User Interface](/en/guide/ui/pages)
### Github Actions Deployment
- [How to Configure Auto-Update with Github Actions](/en/guide/actions/auto-update)

7
vitepress-docs/docs/en/guide/star-history.md Normal file
View File

@@ -0,0 +1,7 @@
# Star History
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=dreamhunter2333/cloudflare_temp_email&type=Date&theme=dark" />
<source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=dreamhunter2333/cloudflare_temp_email&type=Date" />
<img alt="Star History Chart" src="https://api.star-history.com/svg?repos=dreamhunter2333/cloudflare_temp_email&type=Date" />
</picture>

31
vitepress-docs/docs/en/guide/ui/d1.md Normal file
View File

@@ -0,0 +1,31 @@
# Initialize/Update D1 Database
## Create Database
Open the Cloudflare console, select `Storage & Databases` -> `D1 SQL Database` -> `Create Database`, and click to create the database.
![d1](/ui_install/d1.png)
After creation, we can see the D1 database in the Cloudflare console.
## Initialize Database
::: warning Note
You can also skip initializing the database and after deployment is complete, go to the admin page's `Quick Setup` -> `Database` section and click the `Initialize Database` button to initialize the database.
:::
Open the `Console` tab, enter the content from the [db/schema.sql](https://github.com/dreamhunter2333/cloudflare_temp_email/blob/main/db/schema.sql) file in the repository, and click `Execute` to run it.
![d1](/ui_install/d1-exec.png)
## Update Database Schema
For `schema` updates, please confirm the version you previously deployed.
Check the [Changelog](https://github.com/dreamhunter2333/cloudflare_temp_email/blob/main/CHANGELOG.md)
Find the `patch` file that needs to be executed, for example: `db/2024-01-13-patch.sql`
Open the `Console` tab, enter the content of the `patch` file, and click `Execute` to run it.
![d1](/ui_install/d1-exec.png)

105
vitepress-docs/docs/en/guide/ui/pages.md Normal file
View File

@@ -0,0 +1,105 @@
# Cloudflare Pages Frontend
<script setup>
import { ref } from 'vue'
import JSZip from 'jszip';
const domain = ref("")
const downloadUrl = ref("")
const tip = ref("Download")
const generate = async () => {
try {
const response = await fetch("/ui_install/frontend.zip");
const arrayBuffer = await response.arrayBuffer();
var zip = new JSZip();
await zip.loadAsync(arrayBuffer);
let target_content = ""
let target_path = ""
const directory = zip.folder("assets");
if (directory) {
for (const [relativePath, zipEntry] of Object.entries(directory.files)) {
console.log(relativePath);
if (relativePath.startsWith("assets/index-") && relativePath.endsWith(".js")){
let content = await zipEntry.async("string");
content = content.replace("https://temp-email-api.xxx.xxx", domain.value);
target_path = relativePath;
zip.file(relativePath, content);
break;
}
}
}
if (!target_path) {
tip.value = "Generation failed";
downloadUrl.value = '';
}
const blob = await zip.generateAsync({ type: "blob" });
const url = window.URL.createObjectURL(blob);
downloadUrl.value = url;
} catch (error) {
console.error("Error: ", error);
}
}
</script>
1. Click `Compute (Workers)` -> `Workers & Pages` -> `Create`
![create pages](/ui_install/worker_home.png)
2. Select `Pages`, choose `Use direct upload`
![pages](/ui_install/pages.png)
3. Enter the address of the deployed worker. The address should not include a trailing `/`. Click generate, and if successful, a download button will appear. You will get a zip package.
- The worker domain here is the backend API domain. For example, if I deployed at `https://temp-email-api.awsl.uk`, then fill in `https://temp-email-api.awsl.uk`
- If your domain is `https://temp-email-api.xxx.workers.dev`, then fill in `https://temp-email-api.xxx.workers.dev`
> [!warning] Note
> The `worker.dev` domain is not accessible in China, please use a custom domain.
<div :class="$style.container">
<input :class="$style.input" type="text" v-model="domain" placeholder="Please enter address"></input>
<button :class="$style.button" @click="generate">Generate</button>
<a v-if="downloadUrl" :href="downloadUrl" download="frontend.zip">{{ tip }}</a>
</div>
> [!NOTE]
> You can also deploy manually. Download the zip from here: [frontend.zip](https://github.com/dreamhunter2333/cloudflare_temp_email/releases/latest/download/frontend.zip)
>
> Modify the index-xxx.js file in the archive, where xx is a random string
>
> Search for `https://temp-email-api.xxx.xxx` and replace it with your worker's domain, then deploy the new zip file
4. Select `Pages`, click `Create Pages`, modify the name, upload the downloaded zip package, and then click `Deploy`
![pages1](/ui_install/pages-1.png)
5. Open the `Pages` you just deployed, click `Custom Domain`. Here you can add your own domain, or you can use the automatically generated `*.pages.dev` domain. If you can open the domain, the deployment is successful.
![pages domain](/ui_install/pages-domain.png)
<style module>
.container {
display: flex;
justify-content: center;
align-items: center;
height: 100%;
}
.input {
border: 2px solid deepskyblue;
margin-right: 10px;
width: 75%;
border-radius: 5px;
}
.button {
background-color: deepskyblue;
padding: 5px 10px;
border-radius: 5px;
margin-right: 10px;
}
.button:hover {
background-color: green;
}
</style>

107
vitepress-docs/docs/en/guide/ui/worker.md Normal file
View File

@@ -0,0 +1,107 @@
# Cloudflare Workers Backend
> [!warning] Note
> The `worker.dev` domain is not accessible in China, please use a custom domain.
1. Click `Compute (Workers)` -> `Workers & Pages` -> `Create`
![create worker](/ui_install/worker_home.png)
2. Select `Worker`, click `Create Worker`, modify the name and then click `Deploy`
![worker1](/ui_install/worker-1.png)
![worker2](/ui_install/worker-2.png)
3. Go back to `Workers & Pages`, find the worker you just created, click `Settings` -> `Runtime`, modify `Compatibility flags`, manually add `nodejs_compat`, and the compatibility date also needs to be later than the date shown in the image.
![worker-runtime](/ui_install/worker-runtime.png)
4. Download [worker.js](https://github.com/dreamhunter2333/cloudflare_temp_email/releases/latest/download/worker.js)
5. Go back to `Overview`, find the worker you just created, click `Edit Code`, delete the original file, upload `worker.js`, and click `Deploy`
> [!NOTE]
> To upload, first click Explorer in the left menu,
> then right-click in the file list window and find `Upload` in the context menu,
> please refer to the screenshots below
>
> Reference: [issues156](https://github.com/dreamhunter2333/cloudflare_temp_email/issues/156#issuecomment-2079453822)
![worker3](/ui_install/worker-3.png)
![worker-upload](/ui_install/worker-upload.png)
6. Click `Settings` -> `Variables and Secrets`, add variables as shown in the image
![worker-var](/ui_install/worker-var.png)
> [!NOTE] Note
> For more variable configuration, please see [Worker Variables Documentation](/en/guide/worker-vars)
>
> Note that the outermost quotes are not needed for string format variables
>
> For `USER_ROLES`, please configure in this format: `[{"domains":["awsl.uk","dreamhunter2333.xyz"],"role":"vip","prefix":"vip"},{"domains":["awsl.uk","dreamhunter2333.xyz"],"role":"admin","prefix":""}]`
Recommended variable list
| Variable Name | Type | Description | Example |
| -------------------------- | ----------- | ---------------------------------------------------------------------- | ------------------------------------ |
| `PREFIX` | Text | Default prefix for new email names, can be omitted if no prefix needed | `tmp` |
| `DOMAINS` | JSON | All domains for temporary email, supports multiple domains | `["awsl.uk", "dreamhunter2333.xyz"]` |
| `JWT_SECRET` | Text/Secret | Secret for generating JWT, JWT is used for login and authentication | `xxx` |
| `ADMIN_PASSWORDS` | JSON | Admin console password, console access not allowed if not configured | `["123", "456"]` |
| `ENABLE_USER_CREATE_EMAIL` | Text/JSON | Whether to allow users to create emails, not allowed if not configured | `true` |
| `ENABLE_USER_DELETE_EMAIL` | Text/JSON | Whether to allow users to delete emails, not allowed if not configured | `true` |
7. Click `Settings` -> `Bindings`, click `Add Binding`, enter the name as shown, select the D1 database you just created, and click `Add Binding`
> [!NOTE] Important
> Note that the binding name for `D1 Database` here must be `DB`
![worker-bindings](/ui_install/worker-bindings.png)
![worker-d1-1](/ui_install/worker-d1-1.png)
![worker-d1-2](/ui_install/worker-d1-2.png)
8. Click `Settings` -> `Triggers`, here you can add your own domain, or you can use the automatically generated `*.workers.dev` domain. Record this domain, as it will be needed when deploying the frontend later.
> [!NOTE]
> Open the `worker` `url`, if it displays `OK`, the deployment is successful
>
> Open `/health_check`, if it displays `OK`, the deployment is successful
![worker3](/ui_install/worker-3.png)
9. If you want to enable the user registration feature and need to send email verification, you need to create a `KV` cache. You can skip this step if not needed.
> [!NOTE] Important
> If you want to enable the user registration feature and need to send email verification, you need to create a `KV` cache. You can skip this step if not needed.
>
> Note that the binding name for `KV` here must be `KV`
Click `Storage & Databases` -> `KV` -> `Create Namespace`, as shown in the image, click `Create Namespace`
![worker-kv](/ui_install/worker-kv.png)
![worker-kv-0](/ui_install/worker-kv-0.png)
Then click `Settings` -> `Bindings`, click `Add Binding`, enter the name as shown, select the KV you just created, and click `Add Binding`
![worker-bindings](/ui_install/worker-bindings.png)
![worker-kv-1](/ui_install/worker-kv-1.png)
![worker-kv-2](/ui_install/worker-kv-2.png)
10. Telegram Bot Configuration
> [!NOTE]
> If you don't need Telegram Bot, you can skip this step
Please first create a Telegram Bot, then get the `token`, add the `token` to `Variables and Secrets`, variable name: `TELEGRAM_BOT_TOKEN`
11. If you want to use the scheduled task to clean emails in the admin page, you need to add a scheduled task in `Settings` -> `Trigger Events` -> `Cron Triggers`.
> [!NOTE]
> Select `cron` expression, enter `0 0 * * *` (this expression means run daily at midnight), click `Add` to add. Please adjust this expression according to your needs.

7
vitepress-docs/docs/en/guide/what-is-temp-mail.md Normal file
View File

@@ -0,0 +1,7 @@
# Introduction to Temporary Email
## What is Temporary Email
A temporary email, also known as disposable email or temporary email address, is a virtual mailbox used for temporarily receiving emails. Unlike regular mailboxes, temporary emails are designed to provide an anonymous and temporary email receiving solution.
Temporary emails are often provided by websites or online service providers. Users can use temporary email addresses when they need to register or receive verification emails, without exposing their real email address. The benefit of this is to protect personal privacy.

143
vitepress-docs/docs/en/guide/worker-vars.md Normal file
View File

@@ -0,0 +1,143 @@
# Worker Variables
> [!NOTE] Note
> For CLI deployment syntax, please refer to `worker/wrangler.toml.template`
## Required Variables
| Variable Name | Type | Description | Example |
| -------------------------- | ----------- | ------------------------------------------------------------ | ------------------------------------ |
| `DOMAINS` | JSON | All domains for temporary email, supports multiple domains | `["awsl.uk", "dreamhunter2333.xyz"]` |
| `JWT_SECRET` | Text/Secret | Secret key for generating JWT, used for login and authentication | `xxx` |
| `ADMIN_PASSWORDS` | JSON | Admin console passwords, console access disabled if not configured | `["123", "456"]` |
| `ENABLE_USER_CREATE_EMAIL` | Text/JSON | Whether to allow users to create mailboxes, disabled if not configured | `true` |
| `ENABLE_USER_DELETE_EMAIL` | Text/JSON | Whether to allow users to delete emails, disabled if not configured | `true` |
## Console Related Variables
| Variable Name | Type | Description | Example |
| ------------------------------ | --------- | -------------------------------------------------- | ---------------- |
| `PASSWORDS` | JSON | Website private passwords, required after configuration | `["123", "456"]` |
| `DISABLE_ADMIN_PASSWORD_CHECK` | Text/JSON | Warning: Admin console without password or user check | `false` |
## Email Related Variables
| Variable Name | Type | Description | Example |
| ------------------------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- |
| `PREFIX` | Text | Default prefix for new `email address` names, can be left unconfigured if no prefix needed | `tmp` |
| `MIN_ADDRESS_LEN` | Number | Minimum length of `email address` name | `1` |
| `MAX_ADDRESS_LEN` | Number | Maximum length of `email address` name | `30` |
| `DISABLE_CUSTOM_ADDRESS_NAME` | Text/JSON | Disable custom email address names, if set to true, users cannot enter custom names and they will be auto-generated | `true` |
| `ADDRESS_CHECK_REGEX` | Text | Regular expression for `email address` name, used for validation only | `^(?!.*admin).*` |
| `ADDRESS_REGEX` | Text | Regular expression to replace illegal symbols in `email address` name, symbols not in the regex will be replaced. Default is `[^a-z0-9]` if not set. Use with caution as some symbols may prevent email reception | `[^a-z0-9]` |
| `DEFAULT_DOMAINS` | JSON | Default domains available to users (not logged in or users without assigned roles) | `["awsl.uk", "dreamhunter2333.xyz"]` |
| `CREATE_ADDRESS_DEFAULT_DOMAIN_FIRST` | Text/JSON | Whether to prioritize default domain when creating new addresses, if set to true, will use the first domain when no domain is specified, mainly for telegram bot scenarios | `false` |
| `DOMAIN_LABELS` | JSON | For Chinese domains, you can use DOMAIN_LABELS to display Chinese names | `["中文.awsl.uk", "dreamhunter2333.xyz"]` |
| `ENABLE_AUTO_REPLY` | Text/JSON | Allow automatic email replies | `true` |
| `DEFAULT_SEND_BALANCE` | Text/JSON | Default email sending balance, will be 0 if not set | `1` |
| `ENABLE_ADDRESS_PASSWORD` | Text/JSON | Enable address password feature, when enabled, passwords will be auto-generated for new addresses, supports password login and modification | `true` |
## Email Reception Related Variables
| Variable Name | Type | Description | Example |
| ------------------------------- | --------- | -------------------------------------------------------------------------------------- | -------------------------- |
| `BLACK_LIST` | Text | Blacklist for filtering senders, comma separated | `gov.cn,edu.cn` |
| `ENABLE_CHECK_JUNK_MAIL` | Text/JSON | Whether to enable junk mail checking, used with the following two lists | `false` |
| `JUNK_MAIL_CHECK_LIST` | JSON | Junk mail check configuration, marked as junk if any item `exists` and `fails` | `["spf", "dkim", "dmarc"]` |
| `JUNK_MAIL_FORCE_PASS_LIST` | JSON | Junk mail check configuration, marked as junk if any item `does not exist` or `fails` | `["spf", "dkim", "dmarc"]` |
| `FORWARD_ADDRESS_LIST` | JSON | Global forward address list, disabled if not configured, all emails will be forwarded to listed addresses when enabled | `["xxx@xxx.com"]` |
| `REMOVE_EXCEED_SIZE_ATTACHMENT` | Text/JSON | If attachment exceeds 2MB, remove it, email may lose some information due to parsing | `true` |
| `REMOVE_ALL_ATTACHMENT` | Text/JSON | Remove all attachments, email may lose some information due to parsing | `true` |
> [!NOTE]
> `Junk mail checking` and `attachment removal` require email parsing, free tier CPU is limited, may cause large email parsing timeout
>
> If you want stronger email parsing capabilities
>
> Refer to [Configure worker to use wasm for email parsing](/en/guide/feature/mail_parser_wasm_worker)
## Webhook Related Variables
| Variable Name | Type | Description | Example |
| ---------------- | --------- | -------------------------------------------- | ------------------ |
| `ENABLE_WEBHOOK` | Text/JSON | Whether to enable webhook | `true` |
| `FRONTEND_URL` | Text | Frontend URL, used for sending webhook email URLs | `https://xxxx.xxx` |
> [!NOTE]
> Webhook functionality requires email parsing, free tier CPU is limited, may cause large email parsing timeout
>
> If you want stronger email parsing capabilities
>
> Refer to [Configure worker to use wasm for email parsing](/en/guide/feature/mail_parser_wasm_worker)
## User Related Variables
| Variable Name | Type | Description | Example |
| ------------------------------------- | --------- | ---------------------------------------------------------------------------------------------- | ------- |
| `USER_DEFAULT_ROLE` | Text | Default role for new users, only effective when email verification is enabled | `vip` |
| `ADMIN_USER_ROLE` | Text | Admin role configuration, if user role equals ADMIN_USER_ROLE, user can access admin console | `admin` |
| `USER_ROLES` | JSON | - | See below |
| `DISABLE_ANONYMOUS_USER_CREATE_EMAIL` | Text/JSON | Disable anonymous user mailbox creation, if set to true, users can only create addresses after login | `true` |
| `NO_LIMIT_SEND_ROLE` | Text | Roles that can send unlimited emails, multiple roles separated by comma `vip,admin` | `vip` |
> [!NOTE] USER_ROLES User Role Configuration
>
> - If `domains` is empty, `DEFAULT_DOMAINS` will be used
> - If prefix is null, the default prefix will be used, if prefix is an empty string, no prefix will be used
>
> When deploying through UI, configure `USER_ROLES` in this format: `[{"domains":["awsl.uk","dreamhunter2333.xyz"],"role":"vip","prefix":"vip"},{"domains":["awsl.uk","dreamhunter2333.xyz"],"role":"admin","prefix":""}]`
>
> When deploying via CLI, refer to `worker/wrangler.toml.template` and configure `USER_ROLES` in this format: `[{ domains = ["awsl.uk", "dreamhunter2333.xyz"], role = "vip", prefix = "vip" }, { domains = ["awsl.uk", "dreamhunter2333.xyz"], role = "admin", prefix = "" }]`
## Web Related Variables
| Variable Name | Type | Description | Example |
| -------------------------- | ----------- | -------------------------------------------------------- | --------------------- |
| `DEFAULT_LANG` | Text | Worker error message default language, zh/en | `zh` |
| `TITLE` | Text | Custom frontend page website title, supports html | `Custom Title` |
| `ANNOUNCEMENT` | Text | Custom frontend page announcement, supports html | `Custom Announcement` |
| `ALWAYS_SHOW_ANNOUNCEMENT` | Text/JSON | Whether to always show announcement (even if unchanged), default `false` | `true` |
| `COPYRIGHT` | Text | Custom frontend footer text, supports html | `Dream Hunter` |
| `ADMIN_CONTACT` | Text | Admin contact information, can be any string, hidden if not configured | `xxx@gmail.com` |
| `DISABLE_SHOW_GITHUB` | Text/JSON | Whether to show GitHub link | `true` |
| `CF_TURNSTILE_SITE_KEY` | Text/Secret | Turnstile CAPTCHA configuration | `xxx` |
| `CF_TURNSTILE_SECRET_KEY` | Text/Secret | Turnstile CAPTCHA configuration | `xxx` |
## Telegram Bot Related Variables
| Variable Name | Type | Description | Example |
| ---------------- | ------ | ---------------------------------------------------------------------------------------- | ------- |
| `TG_MAX_ADDRESS` | Number | Maximum number of mailboxes that can be bound to telegram bot | `5` |
| `TG_BOT_INFO` | Text | Optional, telegram BOT_INFO, predefined BOT_INFO can reduce webhook latency | `{}` |
> [!NOTE]
> Telegram functionality requires email parsing, free tier CPU is limited, may cause large email parsing timeout
>
> If you want stronger email parsing capabilities
>
> Refer to [Configure worker to use wasm for email parsing](/en/guide/feature/mail_parser_wasm_worker)
## Other Variables
| Variable Name | Type | Description | Example |
| ----------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `ENABLE_ANOTHER_WORKER` | Text/JSON | Whether to enable other workers to process emails | `false` |
| `ANOTHER_WORKER_LIST` | JSON | - Configuration for other workers to process emails, multiple workers can be configured <br/> - Filter by keywords, call the bound worker's method (default method name is rpcEmail)<br/> - keywords are required, otherwise the worker will not be triggered | See below |
> [!NOTE]
> `ANOTHER_WORKER_LIST` configuration example
>
> ```toml
> #ANOTHER_WORKER_LIST ="""
> #[
> # {
> # "binding":"AUTH_INBOX",
> # "method":"rpcEmail",
> # "keywords":[
> # "验证码","激活码","激活链接","确认链接","验证邮箱","确认邮件","账号激活","邮件验证","账户确认","安全码","认证码","安全验证","登陆码","确认码","启用账户","激活账户","账号验证","注册确认",
> # "account","activation","verify","verification","activate","confirmation","email","code","validate","registration","login","code","expire","confirm"
> # ]
> # }
> #]
> #
> ```

39
vitepress-docs/docs/en/index.md
View File

@@ -3,22 +3,29 @@
layout: home
hero:
name: "Temporary mailbox document"
tagline: "Build CloudFlare to send and receive free temporary domain name mailboxes"
name: "Temporary Email Docs"
tagline: "Build Free CloudFlare Temporary Domain Email with Send & Receive"
actions:
- theme: brand
text: Try it now
link: https://mail.awsl.uk/en
- theme: alt
text: command line deployment
link: /en/cli
- theme: brand
text: Try it now
link: https://mail.awsl.uk/
- theme: alt
text: CLI Deployment
link: /en/guide/quick-start
- theme: alt
text: Deploy via UI
link: /en/guide/quick-start
- theme: alt
text: Deploy via Github Actions
link: /en/guide/quick-start
features:
- title: Free hosting on CloudFlare, no server required
details: Cloudflare D1 database, Cloudflare Pages frontend, Cloudflare Workers backend, Cloudflare Email Routing
- title: Only domain name required for private deployment
details: Support password login email, access authorization can be used as a private site, support attachment function
- title: Use rust wasm to parse emails
details: Use rust wasm to parse emails, support various RFC standards for emails, support attachments, extremely fast
- title: Support sending emails
details: Support sending txt or html emails through domain name mailboxesSupport DKIM signature
- title: Private deployment with only a domain name, free hosting on CloudFlare, no server required
details: Support password login for mailboxes, user registration, access password for private sites, attachment support.
- title: Email parsing using Rust WASM
details: Parse emails with Rust WASM, support various RFC email standards, support attachments, extremely fast
- title: Telegram Bot and Webhook support
details: Forward emails to Telegram or webhook, Telegram Bot supports mailbox binding, view emails, Telegram Mini App
- title: Send emails (UI/API/SMTP)
details: Send txt or html emails via domain mailboxes, DKIM signature support, send via UI/API/SMTP
---

6
vitepress-docs/docs/en/reference.md Normal file
View File

@@ -0,0 +1,6 @@
# Reference
- https://developers.cloudflare.com/d1/
- https://developers.cloudflare.com/pages/
- https://developers.cloudflare.com/workers/
- https://developers.cloudflare.com/email-routing/

8
vitepress-docs/docs/en/status.md Normal file
View File

@@ -0,0 +1,8 @@
# Service Status
[Status Link](https://uptime.aks.awsl.icu/status/temp-email)
| Service | Status |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Backend](https://temp-email-api.awsl.uk/) | ![](https://uptime.aks.awsl.icu/api/badge/10/status) ![](https://uptime.aks.awsl.icu/api/badge/10/uptime) ![](https://uptime.aks.awsl.icu/api/badge/10/ping) ![](https://uptime.aks.awsl.icu/api/badge/10/avg-response) ![](https://uptime.aks.awsl.icu/api/badge/10/cert-exp) ![](https://uptime.aks.awsl.icu/api/badge/10/response) |
| [Frontend](https://mail.awsl.uk/) | ![](https://uptime.aks.awsl.icu/api/badge/12/status) ![](https://uptime.aks.awsl.icu/api/badge/12/uptime) ![](https://uptime.aks.awsl.icu/api/badge/12/ping) ![](https://uptime.aks.awsl.icu/api/badge/12/avg-response) ![](https://uptime.aks.awsl.icu/api/badge/12/cert-exp) ![](https://uptime.aks.awsl.icu/api/badge/12/response) |

1
vitepress-docs/docs/zh/guide/actions/github-action.md
View File

@@ -46,6 +46,7 @@
| `FRONTEND_ENV` | 前端配置文件,请复制 `frontend/.env.example` 的内容,[并参考此处修改](/zh/guide/cli/pages.html) |
| `FRONTEND_NAME` | 你在 Cloudflare Pages 创建的项目名称,可通过 [用户界面](https://temp-mail-docs.awsl.uk/zh/guide/ui/pages.html) 或者 [命令行](https://temp-mail-docs.awsl.uk/zh/guide/cli/pages.html) 创建 |
| `FRONTEND_BRANCH` | (可选) pages 部署的分支,可不配置,默认 `production` |
| `PAGE_TOML` | (可选) 使用 page functions 转发后端请求时需要配置,请复制 `pages/wrangler.toml` 的内容,并根据实际情况修改 `service` 字段为你的 worker 后端名称 |
| `TG_FRONTEND_NAME` | (可选) 你在 Cloudflare Pages 创建的项目名称,同 `FRONTEND_NAME`,如果需要 Telegram Mini App 功能,请填写 |
### 部署

2
vitepress-docs/docs/zh/guide/feature/new-address-api.md
View File

@@ -51,7 +51,7 @@ def generate_random_name():
def fetch_email_data(name):
try:
res = requests.post(
"https://<worker 域名>",
"https://<worker 域名>/admin/new_address",
json={
"enablePrefix": True,
"name": name,

81
worker/src/admin_api/ip_blacklist_settings.ts
View File

@@ -16,7 +16,9 @@ async function getIpBlacklistSettings(c: Context<HonoCustomType>): Promise<Respo
enabled: false,
blacklist: [],
asnBlacklist: [],
fingerprintBlacklist: []
fingerprintBlacklist: [],
enableDailyLimit: false,
dailyRequestLimit: 1000
});
}
@@ -35,6 +37,23 @@ async function saveIpBlacklistSettings(c: Context<HonoCustomType>): Promise<Resp
return c.text("Invalid blacklist value", 400);
}
if (!Array.isArray(settings.asnBlacklist)) {
return c.text("Invalid asnBlacklist value", 400);
}
if (!Array.isArray(settings.fingerprintBlacklist)) {
return c.text("Invalid fingerprintBlacklist value", 400);
}
if (typeof settings.enableDailyLimit !== 'boolean') {
return c.text("Invalid enableDailyLimit value", 400);
}
const limit = Number(settings.dailyRequestLimit);
if (isNaN(limit) || limit < 1 || limit > 1000000) {
return c.text("Invalid dailyRequestLimit value (must be between 1 and 1000000)", 400);
}
// Add size limit
const MAX_BLACKLIST_SIZE = 1000;
if (settings.blacklist.length > MAX_BLACKLIST_SIZE) {
@@ -44,55 +63,41 @@ async function saveIpBlacklistSettings(c: Context<HonoCustomType>): Promise<Resp
);
}
if (settings.asnBlacklist.length > MAX_BLACKLIST_SIZE) {
return c.text(
`ASN blacklist exceeds maximum size (${MAX_BLACKLIST_SIZE} entries)`,
400
);
}
if (settings.fingerprintBlacklist.length > MAX_BLACKLIST_SIZE) {
return c.text(
`Fingerprint blacklist exceeds maximum size (${MAX_BLACKLIST_SIZE} entries)`,
400
);
}
// Sanitize patterns (trim and remove empty strings)
// Both regex and plain strings are allowed
const sanitizedBlacklist = settings.blacklist
.map(pattern => pattern.trim())
.filter(pattern => pattern.length > 0);
// Validate and sanitize ASN blacklist if provided
let sanitizedAsnBlacklist: string[] = [];
if (settings.asnBlacklist) {
if (!Array.isArray(settings.asnBlacklist)) {
return c.text("Invalid asnBlacklist value", 400);
}
const sanitizedAsnBlacklist = settings.asnBlacklist
.map(pattern => pattern.trim())
.filter(pattern => pattern.length > 0);
if (settings.asnBlacklist.length > MAX_BLACKLIST_SIZE) {
return c.text(
`ASN blacklist exceeds maximum size (${MAX_BLACKLIST_SIZE} entries)`,
400
);
}
sanitizedAsnBlacklist = settings.asnBlacklist
.map(pattern => pattern.trim())
.filter(pattern => pattern.length > 0);
}
// Validate and sanitize fingerprint blacklist if provided
let sanitizedFingerprintBlacklist: string[] = [];
if (settings.fingerprintBlacklist) {
if (!Array.isArray(settings.fingerprintBlacklist)) {
return c.text("Invalid fingerprintBlacklist value", 400);
}
if (settings.fingerprintBlacklist.length > MAX_BLACKLIST_SIZE) {
return c.text(
`Fingerprint blacklist exceeds maximum size (${MAX_BLACKLIST_SIZE} entries)`,
400
);
}
sanitizedFingerprintBlacklist = settings.fingerprintBlacklist
.map(pattern => pattern.trim())
.filter(pattern => pattern.length > 0);
}
const sanitizedFingerprintBlacklist = settings.fingerprintBlacklist
.map(pattern => pattern.trim())
.filter(pattern => pattern.length > 0);
const sanitizedSettings: IpBlacklistSettings = {
enabled: settings.enabled,
blacklist: sanitizedBlacklist,
asnBlacklist: sanitizedAsnBlacklist,
fingerprintBlacklist: sanitizedFingerprintBlacklist
fingerprintBlacklist: sanitizedFingerprintBlacklist,
enableDailyLimit: settings.enableDailyLimit,
dailyRequestLimit: settings.dailyRequestLimit
};
await saveSetting(

119
worker/src/ip_blacklist.ts
View File

@@ -6,10 +6,12 @@ import { CONSTANTS } from './constants';
* IP Blacklist Settings stored in database
*/
export type IpBlacklistSettings = {
enabled: boolean;
blacklist: string[]; // Array of regex patterns or plain strings
enabled?: boolean;
blacklist?: string[]; // Array of regex patterns or plain strings
asnBlacklist?: string[]; // Array of ASN organization patterns (e.g., "Google LLC", "Amazon")
fingerprintBlacklist?: string[]; // Array of browser fingerprint patterns
enableDailyLimit?: boolean; // Enable daily request limit per IP
dailyRequestLimit?: number; // Maximum requests per IP per day
}
/**
@@ -59,21 +61,19 @@ function isBlacklisted(value: string | null | undefined, blacklist: string[], ca
const flags = caseSensitive ? '' : 'i';
const regex = new RegExp(normalizedPattern, flags);
return regex.test(normalizedValue);
} else {
// Plain string mode: substring matching
if (caseSensitive) {
return normalizedValue.includes(normalizedPattern);
} else {
return normalizedValue.toLowerCase().includes(normalizedPattern.toLowerCase());
}
}
// Plain string mode: substring matching
if (caseSensitive) {
return normalizedValue.includes(normalizedPattern);
}
return normalizedValue.toLowerCase().includes(normalizedPattern.toLowerCase());
} catch (error) {
console.warn(`Pattern "${normalizedPattern}" failed regex parsing, using plain matching`);
if (caseSensitive) {
return normalizedValue.includes(normalizedPattern);
} else {
return normalizedValue.toLowerCase().includes(normalizedPattern.toLowerCase());
}
return normalizedValue.toLowerCase().includes(normalizedPattern.toLowerCase());
}
});
}
@@ -82,49 +82,30 @@ function isBlacklisted(value: string | null | undefined, blacklist: string[], ca
* Get IP blacklist settings from database
*
* @param c - Hono context
* @returns IP blacklist settings
* @returns IP blacklist settings (may be null or have undefined fields)
*/
export async function getIpBlacklistSettings(
c: Context<HonoCustomType>
): Promise<IpBlacklistSettings> {
const dbSettings = await getJsonSetting<IpBlacklistSettings>(
): Promise<IpBlacklistSettings | null> {
return await getJsonSetting<IpBlacklistSettings>(
c, CONSTANTS.IP_BLACKLIST_SETTINGS_KEY
);
if (dbSettings) {
return {
enabled: dbSettings.enabled || false,
blacklist: dbSettings.blacklist || [],
asnBlacklist: dbSettings.asnBlacklist || [],
fingerprintBlacklist: dbSettings.fingerprintBlacklist || []
};
}
// Return default settings
return {
enabled: false,
blacklist: [],
asnBlacklist: [],
fingerprintBlacklist: []
};
}
/**
* Middleware to check IP blacklist for rate-limited endpoints
* Returns 403 response if IP is blacklisted, null if any error occurs
* Middleware to check access control (blacklist and rate limiting) for rate-limited endpoints
* Returns 403/429 response if blocked, null if allowed or any error occurs
*
* @param c - Hono context
* @returns Response if blacklisted, null otherwise (including errors)
* @returns Response if blocked, null otherwise (including errors)
*/
export async function checkIpBlacklist(
export async function checkAccessControl(
c: Context<HonoCustomType>
): Promise<Response | null> {
try {
// Get IP blacklist settings from database
const settings = await getIpBlacklistSettings(c);
// Check if blacklist feature is enabled
if (!settings.enabled) {
if (!settings) {
return null;
}
@@ -134,38 +115,56 @@ export async function checkIpBlacklist(
return null;
}
// Check if IP is blacklisted (case-sensitive matching)
if (settings.blacklist && settings.blacklist.length > 0) {
if (isBlacklisted(reqIp, settings.blacklist, true)) {
console.warn(`Blocked blacklisted IP: ${reqIp} for path: ${c.req.path}`);
return c.text(`Access denied: IP ${reqIp} is blacklisted`, 403);
// Check if blacklist feature is enabled
if (settings.enabled) {
// Check if IP is blacklisted (case-sensitive matching)
if (settings.blacklist && settings.blacklist.length > 0) {
if (isBlacklisted(reqIp, settings.blacklist, true)) {
console.warn(`Blocked blacklisted IP: ${reqIp} for path: ${c.req.path}`);
return c.text(`Access denied: IP ${reqIp} is blacklisted`, 403);
}
}
// Check ASN organization blacklist
if (settings.asnBlacklist && settings.asnBlacklist.length > 0) {
const asOrganization = c.req.raw.cf?.asOrganization;
// Check ASN with case-insensitive matching
if (asOrganization && isBlacklisted(asOrganization as string, settings.asnBlacklist, false)) {
console.warn(`Blocked blacklisted ASN: ${asOrganization} (IP: ${reqIp}) for path: ${c.req.path}`);
return c.text(`Access denied: ASN organization is blacklisted`, 403);
}
}
// Check browser fingerprint blacklist
if (settings.fingerprintBlacklist && settings.fingerprintBlacklist.length > 0) {
const fingerprint = c.req.raw.headers.get("x-fingerprint");
// Check fingerprint with case-sensitive matching
if (fingerprint && isBlacklisted(fingerprint, settings.fingerprintBlacklist, true)) {
console.warn(`Blocked blacklisted fingerprint: ${fingerprint} (IP: ${reqIp}) for path: ${c.req.path}`);
return c.text(`Access denied: Browser fingerprint is blacklisted`, 403);
}
}
}
// Check ASN organization blacklist
if (settings.asnBlacklist && settings.asnBlacklist.length > 0) {
const asOrganization = c.req.raw.cf?.asOrganization;
// Check ASN with case-insensitive matching
if (asOrganization && isBlacklisted(asOrganization as string, settings.asnBlacklist, false)) {
console.warn(`Blocked blacklisted ASN: ${asOrganization} (IP: ${reqIp}) for path: ${c.req.path}`);
return c.text(`Access denied: ASN organization is blacklisted`, 403);
}
}
// Check daily request limit (independent of blacklist feature)
if (settings.enableDailyLimit && settings.dailyRequestLimit && c.env.KV) {
const daily_count_key = `limit|${reqIp}|${new Date().toISOString().slice(0, 10)}`;
const dailyLimit = settings.dailyRequestLimit;
const current_count = parseInt(await c.env.KV.get(daily_count_key) || "0", 10);
// Check browser fingerprint blacklist
if (settings.fingerprintBlacklist && settings.fingerprintBlacklist.length > 0) {
const fingerprint = c.req.raw.headers.get("x-fingerprint");
// Check fingerprint with case-sensitive matching
if (fingerprint && isBlacklisted(fingerprint, settings.fingerprintBlacklist, true)) {
console.warn(`Blocked blacklisted fingerprint: ${fingerprint} (IP: ${reqIp}) for path: ${c.req.path}`);
return c.text(`Access denied: Browser fingerprint is blacklisted`, 403);
if (current_count && current_count >= dailyLimit) {
console.warn(`Blocked IP ${reqIp} exceeded daily limit of ${dailyLimit} requests for path: ${c.req.path}`);
return c.text(`IP=${reqIp} Exceeded daily limit of ${dailyLimit} requests`, 429);
}
// Increment counter with 24-hour expiration
await c.env.KV.put(daily_count_key, ((current_count || 0) + 1).toString(), { expirationTtl: 24 * 60 * 60 });
}
return null;
} catch (error) {
// Log error but don't block request
console.error('Error checking IP blacklist:', error);
console.error('Error checking IP blacklist and rate limit:', error);
return null;
}
}

3
worker/src/types.d.ts vendored
View File

@@ -86,9 +86,6 @@ type Bindings = {
// webhook config
FRONTEND_URL: string | undefined
// rate limiter config
RATE_LIMIT_API_DAILY_REQUESTS: number | string | undefined
}
type JwtPayload = {

45
worker/src/worker.ts
View File

@@ -14,7 +14,7 @@ import i18n from './i18n';
import { email } from './email';
import { scheduled } from './scheduled';
import { getAdminPasswords, getPasswords, getBooleanValue, getStringArray } from './utils';
import { checkIpBlacklist } from './ip_blacklist';
import { checkAccessControl } from './ip_blacklist';
const API_PATHS = [
"/api/",
@@ -49,6 +49,17 @@ app.use('/*', async (c, next) => {
const lang = c.req.raw.headers.get("x-lang");
if (lang) { c.set("lang", lang); }
const msgs = i18n.getMessages(lang || c.env.DEFAULT_LANG);
// check header x-custom-auth
const passwords = getPasswords(c);
if (passwords && passwords.length > 0) {
const auth = c.req.raw.headers.get("x-custom-auth");
if (!auth || !passwords.includes(auth)) {
return c.text(msgs.CustomAuthPasswordMsg, 401)
}
}
// rate limit for specific endpoints
if (
c.req.path.startsWith("/api/new_address")
|| c.req.path.startsWith("/api/send_mail")
@@ -56,12 +67,6 @@ app.use('/*', async (c, next) => {
|| c.req.path.startsWith("/user_api/register")
|| c.req.path.startsWith("/user_api/verify_code")
) {
// Check IP blacklist first (early rejection for blacklisted IPs)
const blacklistResponse = await checkIpBlacklist(c);
if (blacklistResponse) {
return blacklistResponse;
}
const reqIp = c.req.raw.headers.get("cf-connecting-ip")
if (reqIp && c.env.RATE_LIMITER) {
const { success } = await c.env.RATE_LIMITER.limit(
@@ -71,18 +76,10 @@ app.use('/*', async (c, next) => {
return c.text(`IP=${reqIp} Rate limit exceeded for ${c.req.path}`, 429)
}
}
try {
if (reqIp && c.env.KV && c.env.RATE_LIMIT_API_DAILY_REQUESTS) {
const daily_count_key = `limit|${reqIp}|${new Date().toISOString().slice(0, 10)}`
const dailyLimit = parseInt(c.env.RATE_LIMIT_API_DAILY_REQUESTS.toString(), 10);
const current_count = parseInt(await c.env.KV.get(daily_count_key) || "0", 10);
if (current_count && current_count >= dailyLimit) {
return c.text(`IP=${reqIp} Exceeded daily limit of ${dailyLimit} requests`, 429);
}
await c.env.KV.put(daily_count_key, ((current_count || 0) + 1).toString(), { expirationTtl: 24 * 60 * 60 });
}
} catch (e) {
console.error(e);
// Check access control (blacklist and daily limit)
const accessControlResponse = await checkAccessControl(c);
if (accessControlResponse) {
return accessControlResponse;
}
}
// webhook check
@@ -148,16 +145,6 @@ const checkoutUserRolePayload = async (
// api auth
app.use('/api/*', async (c, next) => {
// check header x-custom-auth
const passwords = getPasswords(c);
if (passwords && passwords.length > 0) {
const auth = c.req.raw.headers.get("x-custom-auth");
if (!auth || !passwords.includes(auth)) {
const lang = c.req.raw.headers.get("x-lang") || c.env.DEFAULT_LANG;
const messages = i18n.getMessages(lang);
return c.text(messages.CustomAuthPasswordMsg, 401)
}
}
if (c.req.path.startsWith("/api/new_address")) {
await checkUserPayload(c);
await next();