kjjfgdsf

sfdsfsdf

server/config/index.mjs

@@ -85,11 +85,15 @@ export const config = {
     .map((e) => e.trim().toLowerCase())
     .filter(Boolean),
 
-  // Gitea Webhook (Deployment)
-  gitea: {
-    webhookSecret: process.env.GITEA_WEBHOOK_SECRET || '',
-    webhookAuthToken: process.env.GITEA_WEBHOOK_AUTH_TOKEN || process.env.GITEA_WEBHOOK_SECRET || '',
-  },
+  // Gitea Webhook (Deployment) — trim: trailing newlines in .env break HMAC/Bearer match
+  gitea: (() => {
+    const secret = (process.env.GITEA_WEBHOOK_SECRET || '').trim()
+    const auth = (process.env.GITEA_WEBHOOK_AUTH_TOKEN || '').trim()
+    return {
+      webhookSecret: secret,
+      webhookAuthToken: auth || secret,
+    }
+  })(),
 
   /** HMAC secret for Gmail/Outlook OAuth state (recommended in production) */
   oauthStateSecret: process.env.OAUTH_STATE_SECRET || '',

server/index.mjs

@@ -59,9 +59,9 @@ app.use('/api', limiters.api)
 // Static files
 app.use(express.static(join(__dirname, '..', 'public')))
 
-// Gitea webhook: raw body for X-Gitea-Signature verification (must be before JSON parser)
-// Limit 2mb so large Gitea payloads (full repo JSON) don't get rejected and cause 502
-app.use('/api/webhook', express.raw({ type: 'application/json', limit: '2mb' }))
+// Gitea webhook: raw body for X-Gitea-Signature (must match signed bytes exactly).
+// type: () => true — Gitea may send application/json; charset=utf-8 or similar; strict 'application/json' can skip parsing and leave body empty.
+app.use('/api/webhook', express.raw({ type: () => true, limit: '2mb' }))
 app.use('/api/webhook', webhookRoutes)
 
 // Body parsing (BEFORE routes, AFTER static)

server/node_modules/.package-lock.json

@@ -1,5 +1,5 @@
 {
-  "name": "email-sorter-server",
+  "name": "mailflow-server",
   "version": "2.0.0",
   "lockfileVersion": 3,
   "requires": true,
@@ -1096,6 +1096,15 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/imapflow/node_modules/nodemailer": {
+      "version": "7.0.13",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.13.tgz",
+      "integrity": "sha512-PNDFSJdP+KFgdsG3ZzMXCgquO7I6McjY2vlqILjtJd0hy8wEvtugS9xKRF2NWlPNGxvLCXlTNIae4serI7dinw==",
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
@@ -1425,6 +1434,15 @@
         "node-fetch-native-with-agent": "1.7.2"
       }
     },
+    "node_modules/node-cron": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/node-cron/-/node-cron-4.2.1.tgz",
+      "integrity": "sha512-lgimEHPE/QDgFlywTd8yTR61ptugX3Qer29efeyWw2rv259HtGBNn1vZVmp8lB9uo9wC0t/AT4iGqXxia+CJFg==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/node-fetch": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
@@ -1474,9 +1492,9 @@
       }
     },
     "node_modules/nodemailer": {
-      "version": "7.0.13",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.13.tgz",
-      "integrity": "sha512-PNDFSJdP+KFgdsG3ZzMXCgquO7I6McjY2vlqILjtJd0hy8wEvtugS9xKRF2NWlPNGxvLCXlTNIae4serI7dinw==",
+      "version": "8.0.4",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.4.tgz",
+      "integrity": "sha512-k+jf6N8PfQJ0Fe8ZhJlgqU5qJU44Lpvp2yvidH3vp1lPnVQMgi4yEEMPXg5eJS1gFIJTVq1NHBk7Ia9ARdSBdQ==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"

server/routes/webhook.mjs

@@ -66,7 +66,8 @@ router.post('/gitea', asyncHandler(async (req, res) => {
   try {
     validateGiteaWebhook(req)
   } catch (err) {
-    if (err.name === 'AuthorizationError' || err.statusCode === 401) throw err
+    // AuthorizationError uses statusCode 403, not 401 — do not rely on err.name (can be wrong on some engines)
+    if (err instanceof AuthorizationError) throw err
     log.error('Gitea Webhook: Validierung fehlgeschlagen', { error: err.message })
     return res.status(401).json({ error: 'Webhook validation failed' })
   }