victor-heliomar / email-server-rust Goto Github PK

If the SMTP response is that "email receiver doesn't exist", then the server should send an error message and error code related

Criteria acceptance

• Exist a way to check the SMTP response
• The APP is catching this error and sending an error-message and an error-code

References

• https://www.restapitutorial.com/httpstatuscodes.html

Show the correct error if the user doesn't send a receiver email

Criteria acceptance:

• Have an error-message
• The server isn't crashing
• Have an code-error

References

• https://www.restapitutorial.com/httpstatuscodes.html

If who starts the server don't have configured properly the .env, then show the error properly, this is related to #1

This middleware should validate if the email that the client is trying to send contains links to other websites. If the email body contains links to other websites, then should compare it with a whitelist that the server-owner will define in the project's .env.

Criteria acceptance

• The server-owner can choose between various sites separating it with commas ",", and also can put an asterisk * to allow all links.
• In case the server is receiving an email body with URLs to other sites that aren't in the whitelist, then will return an error.
• If who is sending the email wants to enforce to send the email, then can add a query_param ?force-send=true and the email will be sent, but the risky text will be replaced with an outbound email specified by the sender
• If an outbound email isn't defined then the risky URL will be replaced with a text clarifying that the link is not available

As a security measure, the server will be capable of inserting a list of limited URLs than could be sent through email using this API, so we avoid that, for example, if the server is vulnerated and someone found how to send not allowed emails through it, we could avoid hacking tricks as is the phishing, allowing that the users only sends some allowed URLs through this server.

The related issue for this feature is this: #4

In this issue we should handle that error, showing the error properly

Criteria acceptance

• Add correct error message
• Add correct code-error

Blocked

• #4

References

• https://www.restapitutorial.com/httpstatuscodes.html

When all is ok in this endpoint, send a correct response to the client

Currently, the server works in a simple way, import the .env and use it. But it doesn't have a hardy configuration, for example: what happens if I try to run the server and not import the needed .env?, the server isn't prepared for this and will crash without leaving a suitable error message to track the error.

That's the reason why we should add a separate logic for the server configuration before starting it, initializing the needed variables, handling the errors properly, and adding other needed configurations that currently we don't have, for example, to change the address or the development/production ports

Criteria acceptance

• The server knows what should do if don't have the required .env
• The server is importing carefully the configuration and is handling errors

The current server doesn't have CORS middleware, so other users could simply send requests to the server and send unwished emails.

This CORS should allow just the origins allowed in the .env file

This task could be blocked by #1

The rate limit HTTP middleware allows restricting the maximum number of allowed HTTP requests per second. So if the server is overloaded will start to reject request from the same IP