From be757bc61be9d4474af7ae14de199c7d00de55c0 Mon Sep 17 00:00:00 2001 From: Jetsung Chan Date: Thu, 4 Jan 2024 12:01:41 +0800 Subject: [PATCH] init --- .editorconfig | 13 ++ .github/workflows/build-deoply.yml | 16 +++ .gitignore | 7 + .prettierrc | 19 +++ LICENSE | 201 +++++++++++++++++++++++++++++ README.md | 153 ++++++++++++++++++++++ package.json | 16 +++ src/index.test.ts | 24 ++++ src/index.ts | 104 +++++++++++++++ tsconfig.json | 27 ++++ wrangler.toml | 7 + 11 files changed, 587 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/workflows/build-deoply.yml create mode 100644 .gitignore create mode 100644 .prettierrc create mode 100644 LICENSE create mode 100644 README.md create mode 100644 package.json create mode 100644 src/index.test.ts create mode 100644 src/index.ts create mode 100644 tsconfig.json create mode 100644 wrangler.toml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..64ab260 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +# http://editorconfig.org +root = true + +[*] +indent_style = tab +tab_width = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.yml] +indent_style = space diff --git a/.github/workflows/build-deoply.yml b/.github/workflows/build-deoply.yml new file mode 100644 index 0000000..44f310f --- /dev/null +++ b/.github/workflows/build-deoply.yml @@ -0,0 +1,16 @@ +name: Deploy to Cloudflare + +on: + push: + branches: ['main', 'test'] + +jobs: + deploy: + runs-on: ubuntu-latest + name: Deploy + steps: + - uses: actions/checkout@v4 + - name: Deploy + uses: cloudflare/wrangler-action@v3 + with: + apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f115960 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.DS_Store +/node_modules +*-lock.* +*.lock +*.log + +/dist diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..313df85 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,19 @@ +{ + "semi": false, + "printWidth": 100, + "singleQuote": true, + "bracketSpacing": true, + "insertPragma": false, + "requirePragma": false, + "jsxSingleQuote": false, + "bracketSameLine": false, + "embeddedLanguageFormatting": "auto", + "htmlWhitespaceSensitivity": "css", + "vueIndentScriptAndStyle": true, + "quoteProps": "consistent", + "proseWrap": "preserve", + "trailingComma": "es5", + "arrowParens": "avoid", + "useTabs": true, + "tabWidth": 2 +} diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d08c529 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright 2023 Jetsung Chan + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..ab61bb3 --- /dev/null +++ b/README.md @@ -0,0 +1,153 @@ +# 邮件过滤处理 + +CloudFlare 邮箱转发(`Catch-all`)过滤规则服务。 + +## 特征 + +- 支持收件人白名单 +- 支持多邮箱发件人白名单 +- 支持多邮箱发件人黑名单 +- 支持指定发件人域名黑名单 +- 支持邮件标题过滤 + +## 部署教程 + +### 通过 GitHub Actions 发布至 CloudFlare + +1. 从 CloudFlare 获取 `CLOUDFLARE_API_TOKEN` 值,并设置到项目。 + + > `https://github.com///settings/secrets/actions` + +2. **可选**)设置`别名`。创建 `KV`、,并绑定到此 Workers 服务。 + - 2.1a 手动后台绑定,(`Settings` -> `Variables` -> `KV Namespace Bindings` -> `Add binding` -> `Variable name (data)`, `选择创建的 KV`) + - 2.1b 通过命令行创建。按照**本地部署**的第 6 步,创建和保存 `KV` + +### 本地部署到 CloudFlare + +1. 注册 [CloudFlare 账号](https://www.cloudflare.com/),并且设置 **Workers** 域名 (比如:`xxx.workers.dev`) + +2. 安装 [Wrangler 命令行工具](https://developers.cloudflare.com/workers/wrangler/)。 + ```bash + npm install -g wrangler + ``` +3. 登录 `Wrangler`(可能需要扶梯): + + ```bash + # 若登录不成功,可能需要使用代理。 + wrangler login + ``` + +4. 拉取本项目,并进入该项目目录: + + ```bash + git clone https://github.com/servless/worker-email.git + cd worker-email + ``` + +5. 修改 `wrangler.toml` 文件中的 `name`(proj)为服务名 `xxx`(访问域名为:`proj.xxx.workers.dev`) + +6. 创建 **Workers** 和 **KV**,并绑定 `KV` 到 `Workers` + + 1. **创建 KV,并设置 email 对象值** + + 创建名为 `data` 的 `namespace` + + ```bash + wrangler kv:namespace create data + ``` + + 得到 + + ```bash + ⛅️ wrangler 2.19.0 + -------------------- + 🌀 Creating namespace with title "email-data" + ✨ Success! + Add the following to your configuration file in your kv_namespaces array: + { binding = "data", id = "2870141d9f274c6db12d170e01e0b953" } + ``` + + 将上述命令得到的 `kv_namespaces` 保存到 `wrangler.toml` 中,即 + + ```bash + # 替换当前项目该文件内相关的数据,即只需要将 id 的值替换为上一步骤得到的值 + kv_namespaces = [ + { binding = "data", id = "2870141d9f274c6db12d170e01e0b953" } + ] + ``` + + 2. 设置邮箱相关值 + + - 1. 设置接收邮箱 + **注意:** 此邮箱必须已经在 CloudFlare 通过验证。 + + ```bash + # json 格式 + wrangler kv:key put --binding=data 'forward' 'dest@email.com' + ``` + + - 2. 收件人白名单列表 + 设置后,若收件人不在白名单中,则会立即拒收件,不会执行后续规则的检测。 + + ```bash + # json 格式 + wrangler kv:key put --binding=data 'target' '["me@myemail.com"]' + ``` + + - 3. 发件人白名单列表 + 设置后,若发件人不在白名单中,则会立即拒收件,不会执行后续规则的检测。 + + ```bash + # json 格式 + wrangler kv:key put --binding=data 'allow' '["ex1@email.com"]' + ``` + + - 4. 发件人黑名单列表 + + ```bash + wrangler kv:key put --binding=data 'block' '["ex1@email.com","ex2@email.com"]' + ``` + + - 5. 发件人黑名单域名列表 + + ```bash + wrangler kv:key put --binding=data 'block_domains' '["abc.com","block.com"]' + ``` + + - 6. `Subject` 过滤词列表 + + ```bash + wrangler kv:key put --binding=data 'filter_words' '["财务"]' + ``` + +7. 发布 + + ```bash + wrangler deploy + ``` + + 发布成功将会显示对应的网址 + + ```bash + Proxy environment variables detected. We'll use your proxy for fetch requests. + ⛅️ wrangler 2.19.0 + -------------------- + Your worker has access to the following bindings: + - KV Namespaces: + - data: 2870141d9f274c6db12d170e01e0b953 + Total Upload: 0.90 KiB / gzip: 0.37 KiB + Uploaded email (0.87 sec) + Published email (3.85 sec) + https://email.xxx.workers.dev + Current Deployment ID: 85d498d5-57c7-4970-8844-e5057a3d29f7 + ``` + +8. 在`指定的域名` -> `Email` -> `Email Routing` -> `Routes` -> `Catch-all address` -> `Edit` -> `Action` (`Send to A Worker`), `Destination` (`email`,该 Worker 服务) + +9. 设置目标邮箱(按第 8 步,在 `Routes` 中),`Destination addresses` -> `Add destination address` 添加收件箱地址。 + +## 仓库镜像 + +- https://git.jetsung.com/servless/worker-email +- https://framagit.org/servless/worker-email +- https://github.com/servless/worker-email diff --git a/package.json b/package.json new file mode 100644 index 0000000..05da6de --- /dev/null +++ b/package.json @@ -0,0 +1,16 @@ +{ + "name": "template-worker-typescript", + "version": "0.0.0", + "private": true, + "scripts": { + "deploy": "wrangler deploy src/index.ts", + "dev": "wrangler dev src/index.ts --local", + "publish": "wrangler deploy", + "start-stackblitz": "WRANGLER_SEND_METRICS=false wrangler dev src/index.ts --local", + "test": "vitest" + }, + "devDependencies": { + "@cloudflare/workers-types": "^3.0.0", + "vitest": "^0.24.5" + } +} \ No newline at end of file diff --git a/src/index.test.ts b/src/index.test.ts new file mode 100644 index 0000000..1ce4ba6 --- /dev/null +++ b/src/index.test.ts @@ -0,0 +1,24 @@ +import { unstable_dev } from 'wrangler'; +import type { UnstableDevWorker } from 'wrangler'; +import { describe, expect, it, beforeAll, afterAll } from 'vitest'; + +describe('Worker', () => { + let worker: UnstableDevWorker; + + beforeAll(async () => { + worker = await unstable_dev('src/index.ts', {}, { disableExperimentalWarning: true }); + }); + + afterAll(async () => { + await worker.stop(); + }); + + it('should return 200 response', async () => { + const req = new Request('http://falcon', { method: 'GET' }); + const resp = await worker.fetch(req); + expect(resp.status).toBe(200); + + const text = await resp.text(); + expect(text).toBe('request method: GET'); + }); +}); diff --git a/src/index.ts b/src/index.ts new file mode 100644 index 0000000..42f7937 --- /dev/null +++ b/src/index.ts @@ -0,0 +1,104 @@ +export interface EmailMessage { + readonly from: string + readonly to: string + readonly headers: Headers + readonly raw: ReadableStream + readonly rawSize: number + + setReject(reason: String): void + forward(rcptTo: string, headers?: Headers): Promise +} + +export interface Env { + data: any +} + +export default { + async email(message: EmailMessage, env: Env, ctx: Content) { + const [forward, targets, allows, blocks, block_domains, filter_words] = await Promise.all([ + env.data.get('forward'), + env.data.get('target'), + env.data.get('allow'), + env.data.get('block'), + env.data.get('block_domains'), + env.data.get('filter_words'), + ]) + + // 取正文 + // const { value, done } = await message.raw.getReader().read(); + // if (!done) { + // const rawEmailContent = String.fromCharCode(...value); + // console.log('Raw Email Content:', rawEmailContent); + // } else { + // console.error('Failed to read raw email content.'); + // } + + // 取 header + // const headerKeys = Array.from(message.headers.keys()); + // console.log(headerKeys); + // ["content-type","date","dkim-signature","from","message-id","mime-version","subject","to","x-lms-return-path"] + + if (!forward) { + console.error('Not found forward email') + message.setReject('Not found forward email') + return + } + + const targetList: string[] = JSON.parse(targets) + if (targetList !== null && targetList.length > 0) { + if (targetList.indexOf(message.to) == -1) { + console.error(`Target address is not allow: ${message.to}`) + message.setReject('Target address is not allow') + return + } + } + + const allowList: string[] = JSON.parse(allows) + if (allowList !== null && allowList.length > 0) { + if (allowList.indexOf(message.from) == -1) { + console.error(`Address is not allow: ${message.from}`) + message.setReject('Address is not allow') + return + } + } + + const blockList: string[] = JSON.parse(blocks) + if (blockList !== null && blockList.length > 0) { + if (blockList.indexOf(message.from) != -1) { + console.error(`Address is blocked: ${message.from}`) + message.setReject('Address is blocked') + return + } + } + + const blockDomains: string[] = JSON.parse(block_domains) + if (blockDomains !== null && blockDomains.length > 0) { + for (let i = 0; i < blockDomains.length; i++) { + const item = blockDomains[i] + if (message.from.includes(item)) { + console.error(`Domain(${item}) is blocked: ${message.from}`) + message.setReject('Domain is blocked') + return + } + } + } + + const subject = message.headers.get('subject') ?? '' + const filterWords: string[] = JSON.parse(filter_words) + if (filterWords !== null && filterWords.length > 0) { + // console.log(`filterWords count: ${filterWords.length}`) + + for (let i = 0; i < filterWords.length; i++) { + const item = filterWords[i] + if (subject.includes(item)) { + console.error(`SPAM Title(${item}): ${subject}`) + message.setReject('Spam Title') + return + } + } + } + + await message.forward(forward) + console.log('forward success') + }, +} diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 0000000..c1e221f --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,27 @@ +{ + "compilerOptions": { + "noEmit": true, + "module": "esnext", + "target": "es2020", + "lib": [ + "es2020" + ], + "strict": true, + "alwaysStrict": true, + "preserveConstEnums": true, + "moduleResolution": "node", + "sourceMap": true, + "types": [ + "@cloudflare/workers-types" + ], + "noImplicitAny": false + }, + "include": [ + "src" + ], + "exclude": [ + "node_modules", + "dist", + "test" + ] +} \ No newline at end of file diff --git a/wrangler.toml b/wrangler.toml new file mode 100644 index 0000000..4ecff55 --- /dev/null +++ b/wrangler.toml @@ -0,0 +1,7 @@ +name = "email" # todo +main = "./src/index.ts" +compatibility_date = "2023-05-06" + +kv_namespaces = [ + { binding = "data", id = "2870141d9f274c6db12d170e01e0b953" } +]