GithubBackup/cloudflare_temp_email
1
0
Fork 0
mirror of https://github.com/dreamhunter2333/cloudflare_temp_email.git synced 2026-05-06 20:32:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3058817ffb32bd1dc24b548082f1149a10b1ae2
cloudflare_temp_email/e2e
History
Dream Hunter c3058817ff feat(admin): add IP whitelist (strict allowlist mode) (#920) (#971) 
* feat(admin): add IP whitelist (strict allowlist mode) (#920)

- Add enableWhitelist/whitelist fields to IpBlacklistSettings
- Implement three-layer access control: whitelist → blacklist → daily limit
- Whitelist uses exact match for IPv4/IPv6, regex for patterns
- Whitelisted IPs skip blacklist checks (trusted)
- Fail-closed when cf-connecting-ip missing under whitelist mode
- Frontend: independent whitelist toggle + empty list protection
- Backend: backward compatible (old frontends get defaults)
- E2E tests: config validation + runtime behavior
- Docs: CHANGELOG zh/en updated

Closes #920

* fix(admin): address PR review feedback on IP whitelist

- Add IPv4-mapped IPv6 (::ffff:x.x.x.x) exact match in isWhitelisted
- Include error.message in whitelist regex parse failure log
- Include actual/max size in whitelist size limit error message

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(admin): validate whitelist regex on save and preserve existing whitelist on partial update

- Reject invalid regex patterns in whitelist at save time to prevent runtime lockout
- Preserve existing enableWhitelist/whitelist from DB when older clients omit these fields

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(admin): revert P2 - keep simple ?? defaults for backward compat

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(admin): validate whitelist elements are strings before trimming

Prevents 500 error when whitelist contains non-string elements (e.g. numbers, null)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs(admin): add IP blacklist/whitelist documentation (zh + en)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(admin): fix fingerprint blacklist bypass when cf-connecting-ip absent, improve e2e tests

- Split checkBlacklist into checkFingerprintBlacklist (IP-independent) and checkIpAsnBlacklist
- Fingerprint check now runs before the !reqIp early-return to prevent bypass
- Add afterEach reset to config test group, extract RESET_SETTINGS constant
- Strengthen whitelist-blocks test to deterministic 403 assertion
- Add e2e tests: invalid regex rejection, non-string element rejection, fingerprint-blocks-without-IP

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(admin): suppress no-useless-escape lint warning in whitelist regex check

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 21:06:13 +08:00
..
fixtures
scripts
tests
feat(admin): add IP whitelist (strict allowlist mode) (#920) (#971)
2026-04-11 21:06:13 +08:00
docker-compose.yml
Dockerfile.e2e
Dockerfile.frontend
Dockerfile.worker
package-lock.json
chore(deps): bump nodemailer and imapflow in /e2e (#963)
2026-04-11 20:16:58 +08:00
package.json
chore(deps): bump nodemailer and imapflow in /e2e (#963)
2026-04-11 20:16:58 +08:00
playwright.config.ts
README.md

README.md

E2E Tests

End-to-end tests for Cloudflare Temp Email using Playwright and Mailpit, fully containerized with Docker Compose.

Prerequisites

  • Docker and Docker Compose

Quick Start

cd e2e

# Build, start all services, run tests, and exit
npm test

# Clean up containers and volumes
npm run test:down

npm test runs docker compose up --build, which:

  1. Starts Mailpit (SMTP on :1025, HTTP API on :8025)
  2. Builds and starts the Worker (wrangler dev on :8787)
  3. Builds and starts the Frontend (vite dev on :5173)
  4. Builds and runs the E2E runner (Playwright), which waits for services, initializes the DB, and runs all tests

The exit code reflects the test result.

Test Structure

Project Directory What it tests
api tests/api/ Worker API endpoints — health check, address CRUD, send mail via SMTP
browser tests/browser/ Frontend UI — login, inbox view, reply with HTML, XSS sanitization

Services

Service Container Port Purpose
Mailpit SMTP mailpit 1025 Captures outgoing emails
Mailpit HTTP mailpit 8025 API to verify captured emails
Worker worker 8787 Backend API with E2E config
Frontend frontend 5173 Vue frontend dev server

Test Results

Test results and HTML reports are exported via volumes:

  • e2e/test-results/ — test artifacts
  • e2e/playwright-report/ — HTML report

Configuration

The E2E worker uses fixtures/wrangler.toml.e2e with:

  • E2E_TEST_MODE = true — enables test seed endpoint
  • DISABLE_ADMIN_PASSWORD_CHECK = true — allows unauthenticated admin calls
  • DEFAULT_SEND_BALANCE = 10 — allows sending without admin approval
  • SMTP pointed at Mailpit container (mailpit:1025)
Reference in New Issue View Git Blame Copy Permalink