2020-06-15 10:34:59 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const _ = require('lodash');
|
|
|
|
|
|
|
|
|
|
const invalidPatternsRegexes = [/<%[^=]([^<>%]*)%>/m, /\${([^{}]*)}/m];
|
2022-03-07 16:15:48 +01:00
|
|
|
const authorizedKeys = [
|
|
|
|
|
'URL',
|
2022-03-21 11:04:54 +01:00
|
|
|
'ADMIN_URL',
|
2022-03-07 16:15:48 +01:00
|
|
|
'SERVER_URL',
|
|
|
|
|
'CODE',
|
|
|
|
|
'USER',
|
|
|
|
|
'USER.email',
|
|
|
|
|
'USER.username',
|
|
|
|
|
'TOKEN',
|
|
|
|
|
];
|
2020-06-15 10:34:59 +02:00
|
|
|
|
|
|
|
|
const matchAll = (pattern, src) => {
|
|
|
|
|
const matches = [];
|
|
|
|
|
let match;
|
|
|
|
|
|
|
|
|
|
const regexPatternWithGlobal = RegExp(pattern, 'g');
|
2022-08-08 23:33:39 +02:00
|
|
|
// eslint-disable-next-line no-cond-assign
|
2020-06-15 10:34:59 +02:00
|
|
|
while ((match = regexPatternWithGlobal.exec(src))) {
|
|
|
|
|
const [, group] = match;
|
|
|
|
|
|
|
|
|
|
matches.push(_.trim(group));
|
|
|
|
|
}
|
|
|
|
|
return matches;
|
|
|
|
|
};
|
|
|
|
|
|
2022-08-08 23:33:39 +02:00
|
|
|
const isValidEmailTemplate = (template) => {
|
2022-08-08 15:50:34 +02:00
|
|
|
for (const reg of invalidPatternsRegexes) {
|
2020-06-15 10:34:59 +02:00
|
|
|
if (reg.test(template)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const matches = matchAll(/<%=([^<>%=]*)%>/, template);
|
|
|
|
|
for (const match of matches) {
|
|
|
|
|
if (!authorizedKeys.includes(match)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
isValidEmailTemplate,
|
|
|
|
|
};
|
