'use strict'; let log = require('npmlog'); let tools = require('../lib/tools'); let helpers = require('../lib/helpers'); let mailer = require('../lib/mailer'); let passport = require('../lib/passport'); let express = require('express'); let urllib = require('url'); let router = new express.Router(); let lists = require('../lib/models/lists'); let fields = require('../lib/models/fields'); let forms = require('../lib/models/forms'); let subscriptions = require('../lib/models/subscriptions'); let settings = require('../lib/models/settings'); let openpgp = require('openpgp'); let _ = require('../lib/translate')._; let util = require('util'); let hbs = require('hbs'); router.get('/subscribe/:cid', (req, res, next) => { subscriptions.subscribe(req.params.cid, req.ip, (err, subscription) => { if (!err && !subscription) { err = new Error(_('Selected subscription not found')); err.status = 404; } if (err) { return next(err); } lists.get(subscription.list, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultHomepage', 'serviceUrl', 'pgpPrivateKey', 'defaultAddress', 'defaultPostaddress', 'defaultFrom', 'disableConfirmations'], (err, configItems) => { if (err) { return next(err); } let data = { title: list.name, homepage: configItems.defaultHomepage || configItems.serviceUrl, preferences: '/subscription/' + list.cid + '/manage/' + subscription.cid, hasPubkey: !!configItems.pgpPrivateKey, defaultAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, template: { template: 'subscription/web-subscribed.mjml.hbs', layout: 'subscription/layout.mjml.hbs' } }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-subscribed', data, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); if (configItems.disableConfirmations) { return; } fields.list(list.id, (err, fieldList) => { if (err) { return log.error('Fields', err); } let encryptionKeys = []; fields.getRow(fieldList, subscription).forEach(field => { if (field.type === 'gpg' && field.value) { encryptionKeys.push(field.value.trim()); } }); let sendMail = (html, text) => { mailer.sendMail({ from: { name: configItems.defaultFrom, address: configItems.defaultAddress }, to: { name: [].concat(subscription.firstName || []).concat(subscription.lastName || []).join(' '), address: subscription.email }, subject: util.format(_('%s: Subscription Confirmed'), list.name), encryptionKeys }, { html, text, data: { title: list.name, homepage: configItems.defaultHomepage || configItems.serviceUrl, contactAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, preferencesUrl: urllib.resolve(configItems.serviceUrl, '/subscription/' + list.cid + '/manage/' + subscription.cid), unsubscribeUrl: urllib.resolve(configItems.serviceUrl, '/subscription/' + list.cid + '/unsubscribe/' + subscription.cid), } }, err => { if (err) { log.error('Subscription', err.stack); } }); }; let text = { template: 'subscription/mail-subscription-confirmed-text.hbs' }; let html = { template: 'subscription/mail-subscription-confirmed-html.mjml.hbs', layout: 'subscription/layout.mjml.hbs', type: 'mjml' }; helpers.injectCustomFormTemplates(req.query.fid || list.defaultForm, { text, html }, (err, tmpl) => { if (err) { return sendMail(html, text); } sendMail(tmpl.html, tmpl.text); }); }); }); }); }); }); router.get('/:cid', passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.cid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } let data = tools.convertKeys(req.query, { skip: ['layout'] }); data.layout = 'subscription/layout'; data.title = list.name; data.cid = list.cid; data.csrfToken = req.csrfToken(); fields.list(list.id, (err, fieldList) => { if (err && !fieldList) { fieldList = []; } data.customFields = fields.getRow(fieldList, data); data.useEditor = true; settings.list(['pgpPrivateKey', 'defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } data.hasPubkey = !!configItems.pgpPrivateKey; data.defaultAddress = configItems.defaultAddress; data.defaultPostaddress = configItems.defaultPostaddress; data.template = { template: 'subscription/web-subscribe.mjml.hbs', layout: 'subscription/layout.mjml.hbs' }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-subscribe', data, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.needsJsWarning = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); }); router.get('/:cid/confirm-notice', (req, res, next) => { lists.getByCid(req.params.cid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultHomepage', 'serviceUrl', 'defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } let data = { title: list.name, homepage: configItems.defaultHomepage || configItems.serviceUrl, defaultAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, template: { template: 'subscription/web-confirm-notice.mjml.hbs', layout: 'subscription/layout.mjml.hbs' } }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-confirm-notice', data, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.isConfirmNotice = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); router.get('/:cid/updated-notice', (req, res, next) => { lists.getByCid(req.params.cid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultHomepage', 'serviceUrl', 'defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } let data = { title: list.name, homepage: configItems.defaultHomepage || configItems.serviceUrl, defaultAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, template: { template: 'subscription/web-updated-notice.mjml.hbs', layout: 'subscription/layout.mjml.hbs' } }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-updated-notice', data, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); router.get('/:cid/unsubscribe-notice', (req, res, next) => { lists.getByCid(req.params.cid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultHomepage', 'serviceUrl', 'defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } let data = { title: list.name, layout: 'subscription/layout', homepage: configItems.defaultHomepage || configItems.serviceUrl, defaultAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, template: { template: 'subscription/web-unsubscribe-notice.mjml.hbs', layout: 'subscription/layout.mjml.hbs' } }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-unsubscribe-notice', data, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req, res, next) => { let email = (req.body.email || '').toString().trim(); if (!email) { req.flash('danger', _('Email address not set')); return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body)); } // Check if the subscriber seems legit. This is a really simple check, the only requirement is that // the subsciber has JavaScript turned on and thats it. If Mailtrain gets more targeted then this // simple check should be replaced with an actual captcha let subTime = Number(req.body.sub) || 0; // allow clock skew 24h in the past and 24h to the future let subTimeTest = !!(subTime > Date.now() - 24 * 3600 * 1000 && subTime < Date.now() + 24 * 3600 * 1000); let addressTest = !req.body.address; let testsPass = subTimeTest && addressTest; lists.getByCid(req.params.cid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } let data = {}; Object.keys(req.body).forEach(key => { if (key !== 'email' && key.charAt(0) !== '_') { data[key] = (req.body[key] || '').toString().trim(); } }); data = tools.convertKeys(data); data._address = req.body.address; data._sub = req.body.sub; data._skip = !testsPass; subscriptions.addConfirmation(list, email, req.ip, data, (err, confirmCid) => { if (!err && !confirmCid) { err = new Error(_('Could not store confirmation data')); } if (err) { req.flash('danger', err.message || err); return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body)); } res.redirect('/subscription/' + req.params.cid + '/confirm-notice'); }); }); }); router.get('/:lcid/manage/:ucid', passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } fields.list(list.id, (err, fieldList) => { if (err) { return next(err); } subscriptions.get(list.id, req.params.ucid, (err, subscription) => { if (!err && !subscription) { err = new Error(_('Subscription not found from this list')); err.status = 404; } if (err) { return next(err); } subscription.lcid = req.params.lcid; subscription.title = list.name; subscription.csrfToken = req.csrfToken(); subscription.layout = 'subscription/layout'; subscription.customFields = fields.getRow(fieldList, subscription); subscription.useEditor = true; settings.list(['pgpPrivateKey', 'defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } subscription.hasPubkey = !!configItems.pgpPrivateKey; subscription.defaultAddress = configItems.defaultAddress; subscription.defaultPostaddress = configItems.defaultPostaddress; subscription.template = { template: 'subscription/web-manage.mjml.hbs', layout: 'subscription/layout.mjml.hbs' }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-manage', subscription, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.needsJsWarning = true; data.isManagePreferences = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); }); }); router.post('/:lcid/manage', passport.parseForm, passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } subscriptions.update(list.id, req.body.cid, req.body, false, err => { if (err) { req.flash('danger', err.message || err); log.error('Subscription', err); return res.redirect('/subscription/' + encodeURIComponent(req.params.lcid) + '/manage/' + encodeURIComponent(req.body.cid) + '?' + tools.queryParams(req.body)); } res.redirect('/subscription/' + req.params.lcid + '/updated-notice'); }); }); }); router.get('/:lcid/manage-address/:ucid', passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } subscriptions.get(list.id, req.params.ucid, (err, subscription) => { if (!err && !subscription) { err = new Error(_('Subscription not found from this list')); err.status = 404; } subscription.lcid = req.params.lcid; subscription.title = list.name; subscription.csrfToken = req.csrfToken(); subscription.defaultAddress = configItems.defaultAddress; subscription.defaultPostaddress = configItems.defaultPostaddress; subscription.template = { template: 'subscription/web-manage-address.mjml.hbs', layout: 'subscription/layout.mjml.hbs' }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-manage-address', subscription, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.needsJsWarning = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); }); router.post('/:lcid/manage-address', passport.parseForm, passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } subscriptions.updateAddress(list, req.body.cid, req.body, req.ip, err => { if (err) { req.flash('danger', err.message || err); log.error('Subscription', err); return res.redirect('/subscription/' + encodeURIComponent(req.params.lcid) + '/manage-address/' + encodeURIComponent(req.body.cid) + '?' + tools.queryParams(req.body)); } req.flash('info', _('Email address updated, check your mailbox for verification instructions')); res.redirect('/subscription/' + req.params.lcid + '/manage/' + req.body.cid); }); }); }); router.get('/:lcid/unsubscribe/:ucid', passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } settings.list(['defaultAddress', 'defaultPostaddress'], (err, configItems) => { if (err) { return next(err); } subscriptions.get(list.id, req.params.ucid, (err, subscription) => { if (!err && !subscription) { err = new Error(_('Subscription not found from this list')); err.status = 404; } if (err) { return next(err); } subscription.lcid = req.params.lcid; subscription.title = list.name; subscription.csrfToken = req.csrfToken(); subscription.autosubmit = !!req.query.auto; subscription.campaign = req.query.c; subscription.defaultAddress = configItems.defaultAddress; subscription.defaultPostaddress = configItems.defaultPostaddress; subscription.template = { template: 'subscription/web-unsubscribe.mjml.hbs', layout: 'subscription/layout.mjml.hbs' }; helpers.injectCustomFormData(req.query.fid || list.defaultForm, 'subscription/web-unsubscribe', subscription, (err, data) => { if (err) { return next(err); } helpers.getMjmlTemplate(data.template, (err, htmlRenderer) => { if (err) { return next(err); } helpers.captureFlashMessages(req, res, (err, flash) => { if (err) { return next(err); } data.isWeb = true; data.flashMessages = flash; res.send(htmlRenderer(data)); }); }); }); }); }); }); }); router.post('/:lcid/unsubscribe', passport.parseForm, passport.csrfProtection, (req, res, next) => { lists.getByCid(req.params.lcid, (err, list) => { if (!err && !list) { err = new Error(_('Selected list not found')); err.status = 404; } if (err) { return next(err); } let email = req.body.email; subscriptions.unsubscribe(list.id, email, req.body.campaign, (err, subscription) => { if (err) { req.flash('danger', err.message || err); log.error('Subscription', err); return res.redirect('/subscription/' + encodeURIComponent(req.params.lcid) + '/unsubscribe/' + encodeURIComponent(req.body.cid) + '?' + tools.queryParams(req.body)); } res.redirect('/subscription/' + req.params.lcid + '/unsubscribe-notice'); fields.list(list.id, (err, fieldList) => { if (err) { return log.error('Fields', err); } let encryptionKeys = []; fields.getRow(fieldList, subscription).forEach(field => { if (field.type === 'gpg' && field.value) { encryptionKeys.push(field.value.trim()); } }); settings.list(['defaultHomepage', 'defaultFrom', 'defaultAddress', 'defaultPostaddress', 'serviceUrl', 'disableConfirmations'], (err, configItems) => { if (err) { return log.error('Settings', err); } if (configItems.disableConfirmations) { return; } let sendMail = (html, text) => { mailer.sendMail({ from: { name: configItems.defaultFrom, address: configItems.defaultAddress }, to: { name: [].concat(subscription.firstName || []).concat(subscription.lastName || []).join(' '), address: subscription.email }, subject: util.format(_('%s: Unsubscribe Confirmed'), list.name), encryptionKeys }, { html, text, data: { title: list.name, contactAddress: configItems.defaultAddress, defaultPostaddress: configItems.defaultPostaddress, subscribeUrl: urllib.resolve(configItems.serviceUrl, '/subscription/' + list.cid + '?cid=' + subscription.cid), } }, err => { if (err) { log.error('Subscription', err.stack); } }); }; let text = { template: 'subscription/mail-unsubscribe-confirmed-text.hbs' }; let html = { template: 'subscription/mail-unsubscribe-confirmed-html.mjml.hbs', layout: 'subscription/layout.mjml.hbs', type: 'mjml' }; helpers.injectCustomFormTemplates(req.query.fid || list.defaultForm, { text, html }, (err, tmpl) => { if (err) { return sendMail(html, text); } sendMail(tmpl.html, tmpl.text); }); }); }); }); }); }); router.post('/publickey', passport.parseForm, passport.csrfProtection, (req, res, next) => { settings.list(['pgpPassphrase', 'pgpPrivateKey'], (err, configItems) => { if (err) { return next(err); } if (!configItems.pgpPrivateKey) { err = new Error(_('Public key is not set')); err.status = 404; return next(err); } let privKey; try { privKey = openpgp.key.readArmored(configItems.pgpPrivateKey).keys[0]; if (configItems.pgpPassphrase && !privKey.decrypt(configItems.pgpPassphrase)) { privKey = false; } } catch (E) { // just ignore if failed } if (!privKey) { err = new Error(_('Public key is not set')); err.status = 404; return next(err); } let pubkey = privKey.toPublic().armor(); res.writeHead(200, { 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=public.asc' }); res.end(pubkey); }); }); module.exports = router;