mirror of https://github.com/dreamhunter2333/cloudflare_temp_email.git synced 2026-05-06 20:32:55 +08:00

Files

Dream Hunter c5893a2944 chore: upgrade dependencies (#881 )

* chore: upgrade dependencies

- dompurify 3.3.1 → 3.3.2
- naive-ui 2.43.2 → 2.44.0
- vue-i18n 11.2.8 → 11.3.0
- @cloudflare/workers-types 4.20260305.1 → 4.20260307.1
- @types/node 25.3.3 → 25.3.5
- wrangler 4.70.0 → 4.71.0 (all subprojects)

* feat: upgrade @simplewebauthn packages from v10 to v13

Breaking changes addressed:
- [v11] startRegistration/startAuthentication now take object param
- [v11] registrationInfo.credential replaces flat destructuring
- [v11] authenticator param renamed to credential in verifyAuthenticationResponse
- [v13] @simplewebauthn/types removed, types imported from @simplewebauthn/server

Packages:
- @simplewebauthn/server: 10.0.1 → 13.2.3
- @simplewebauthn/browser: 10.0.0 → 13.2.2
- @simplewebauthn/types: removed (deprecated)

* test: add passkey API E2E tests

- User registration and login flow
- register_request/authenticate_request return valid WebAuthn options
- authenticate_response with invalid credential returns 404
- register_response with invalid credential returns error
- Passkey list empty for new user
- Rename/delete operations with validation

* fix: use UI login instead of localStorage injection in browser passkey test

The localStorage approach doesn't work with VueUse's useStorage because
it doesn't detect external changes during page navigation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: hash password before registration to match frontend login behavior

The frontend hashes passwords with SHA-256 before sending to the API.
Registration via API must use the same hashed password so that UI login
matches the stored value.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: allow crypto.subtle in Docker browser tests

The frontend uses crypto.subtle for password hashing, which requires
a secure context (HTTPS or localhost). In Docker, the frontend runs
at http://frontend:5173 which is not a secure context. Add Chromium
flag to treat this origin as secure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: serve frontend over HTTPS in Docker for WebAuthn secure context

WebAuthn (navigator.credentials) and crypto.subtle both require a
secure context (HTTPS or localhost). The Docker frontend was serving
over HTTP, making passkey operations impossible.

Changes:
- Generate self-signed cert in Dockerfile.frontend
- Configure Vite to serve over HTTPS
- Update FRONTEND_URL to https://
- Add ignoreHTTPSErrors to Playwright browser config
- Use localStorage injection for passkey test login

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add Vite proxy to avoid mixed-content blocking in HTTPS Docker frontend

HTTPS pages cannot make HTTP API requests (mixed content). Add a Vite
proxy for all API paths so the browser makes same-origin HTTPS requests,
which Vite proxies to the HTTP worker server-to-server.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: store userJwt without JSON.stringify in localStorage

VueUse's useStorage with a string default uses raw string serialization
(no JSON wrapping). Using JSON.stringify added double quotes around the
JWT token, causing 401 Unauthorized from the worker.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: clean up passkey API test per review feedback

Remove unused variables and rename test to match actual behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-09 02:18:17 +08:00

fixtures

test: add E2E tests for webhook settings (#871 )

2026-03-06 11:35:04 +08:00

scripts

chore: upgrade dependencies (#881 )

2026-03-09 02:18:17 +08:00

tests

chore: upgrade dependencies (#881 )

2026-03-09 02:18:17 +08:00

docker-compose.yml

chore: upgrade dependencies (#881 )

2026-03-09 02:18:17 +08:00

Dockerfile.e2e

feat: add STARTTLS support for SMTP proxy server (#876 )

2026-03-06 15:05:29 +08:00

Dockerfile.frontend

chore: upgrade dependencies (#881 )

2026-03-09 02:18:17 +08:00

Dockerfile.worker

…

package-lock.json

chore(deps): bump playwright from 1.49.0 to 1.58.2 (#873 )

2026-03-06 12:40:44 +08:00

package.json

chore(deps): bump playwright from 1.49.0 to 1.58.2 (#873 )

2026-03-06 12:40:44 +08:00

playwright.config.ts

chore: upgrade dependencies (#881 )

2026-03-09 02:18:17 +08:00

README.md

…

README.md

E2E Tests

End-to-end tests for Cloudflare Temp Email using Playwright and Mailpit, fully containerized with Docker Compose.

Prerequisites

Docker and Docker Compose

Quick Start

cd e2e

# Build, start all services, run tests, and exit
npm test

# Clean up containers and volumes
npm run test:down

npm test runs docker compose up --build, which:

Starts Mailpit (SMTP on :1025, HTTP API on :8025)
Builds and starts the Worker (wrangler dev on :8787)
Builds and starts the Frontend (vite dev on :5173)
Builds and runs the E2E runner (Playwright), which waits for services, initializes the DB, and runs all tests

The exit code reflects the test result.

Test Structure

Project	Directory	What it tests
`api`	`tests/api/`	Worker API endpoints — health check, address CRUD, send mail via SMTP
`browser`	`tests/browser/`	Frontend UI — login, inbox view, reply with HTML, XSS sanitization

Services

Service	Container	Port	Purpose
Mailpit SMTP	`mailpit`	1025	Captures outgoing emails
Mailpit HTTP	`mailpit`	8025	API to verify captured emails
Worker	`worker`	8787	Backend API with E2E config
Frontend	`frontend`	5173	Vue frontend dev server

Test Results

Test results and HTML reports are exported via volumes:

e2e/test-results/ — test artifacts
e2e/playwright-report/ — HTML report

Configuration

The E2E worker uses fixtures/wrangler.toml.e2e with:

E2E_TEST_MODE = true — enables test seed endpoint
DISABLE_ADMIN_PASSWORD_CHECK = true — allows unauthenticated admin calls
DEFAULT_SEND_BALANCE = 10 — allows sending without admin approval
SMTP pointed at Mailpit container (mailpit:1025)