[_]: feat(email): update email encryption structure and handling#90
Conversation
- Changed the version of the EncryptionBlock from 'v1' to 'v2' to reflect new features. - Updated the `projectForCaller` function to use `previewWrappedKeys` instead of `wrappedKeys`, enhancing clarity on key usage. - Modified the `EmailService` to accommodate the new encryption structure, ensuring proper handling of encrypted previews and keys. - Adjusted related DTOs and tests to align with the updated encryption model, improving overall consistency and functionality.
📝 WalkthroughWalkthroughChangesThe email encryption contract is upgraded to v2 with recipient-labeled wrapped keys and preview-specific keys. Caller projections and encryption metadata use preview keys, while external delivery decrypts a JSON payload containing the body and attachment session key. Email encryption v2
Sequence Diagram(s)sequenceDiagram
participant EmailService
participant decryptBody
participant PayloadEnvelope
participant decryptAttachmentsForExternalDelivery
EmailService->>decryptBody: decrypt encrypted payload
decryptBody-->>EmailService: JSON payload text
EmailService->>PayloadEnvelope: parse body and attachmentsSessionKey
PayloadEnvelope-->>EmailService: decrypted body and session key
EmailService->>decryptAttachmentsForExternalDelivery: decrypt attachments with session key
decryptAttachmentsForExternalDelivery-->>EmailService: decrypted attachments
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
There was a problem hiding this comment.
🧹 Nitpick comments (2)
src/modules/email/email.service.ts (1)
244-266: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winValidate the parsed payload envelope shape, not just JSON syntax.
The
catchonly handlesJSON.parsesyntax errors. If the decrypted text is valid JSON but missing/wrong-typedbody(e.g.{}),payload.bodyisundefined, andhtmlBody(Line 195) silently falls back todto.htmlBody— which is typically absent for an encrypted send, resulting in an email delivered with no body content instead of a clear error.🛡️ Suggested fix
try { - return JSON.parse(text) as { - body: string; - attachmentsSessionKey?: string; - }; + const parsed = JSON.parse(text) as { + body?: unknown; + attachmentsSessionKey?: unknown; + }; + if (typeof parsed.body !== 'string') { + throw new Error('missing body'); + } + return parsed as { body: string; attachmentsSessionKey?: string }; } catch { throw new BadRequestException( 'Encrypted payload is not a valid body envelope', ); }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/modules/email/email.service.ts` around lines 244 - 266, Update decryptPayloadForExternalDelivery to validate the parsed JSON envelope before returning it: require a string body and, when present, a string attachmentsSessionKey. Treat missing or incorrectly typed fields like JSON parse failures by throwing BadRequestException, preventing encrypted sends from falling back to an empty body.src/modules/email/email.service.spec.ts (1)
130-164: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winTest override no longer exercises what it's testing.
envelopeoverrides body-levelwrappedKeyswith two entries, but the assertion at Line 159 checksenvelope.previewWrappedKeys(the fixture's single default entry). The override is now dead for this test's purpose — the multi-key preview-enrichment scenario this test appears to intend to cover isn't actually exercised.♻️ Suggested fix
- const envelope = newEncryptionBlock({ - wrappedKeys: [newEncryptedWrappedKey(), newEncryptedWrappedKey()], - }); + const envelope = newEncryptionBlock({ + previewWrappedKeys: [newEncryptedWrappedKey(), newEncryptedWrappedKey()], + });🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/modules/email/email.service.spec.ts` around lines 130 - 164, Update the encrypted-row fixture in the test “when page has encrypted rows, then it enriches those with the preview and wrapped keys” so the preview-level wrapped keys contain multiple entries, then keep the encryption assertion aligned with that configured preview data. Ensure the test actually exercises multi-key preview enrichment rather than overriding only the unused body-level wrappedKeys.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/modules/email/email.service.spec.ts`:
- Around line 130-164: Update the encrypted-row fixture in the test “when page
has encrypted rows, then it enriches those with the preview and wrapped keys” so
the preview-level wrapped keys contain multiple entries, then keep the
encryption assertion aligned with that configured preview data. Ensure the test
actually exercises multi-key preview enrichment rather than overriding only the
unused body-level wrappedKeys.
In `@src/modules/email/email.service.ts`:
- Around line 244-266: Update decryptPayloadForExternalDelivery to validate the
parsed JSON envelope before returning it: require a string body and, when
present, a string attachmentsSessionKey. Treat missing or incorrectly typed
fields like JSON parse failures by throwing BadRequestException, preventing
encrypted sends from falling back to an empty body.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 96e24394-1c75-415f-9f86-4ecca11c411a
📒 Files selected for processing (9)
src/modules/email/email-encryption.spec.tssrc/modules/email/email-encryption.tssrc/modules/email/email.dto.tssrc/modules/email/email.service.spec.tssrc/modules/email/email.service.tssrc/modules/email/email.types.tssrc/modules/email/server-crypto.spec.tssrc/modules/email/server-crypto.tstest/fixtures.ts



projectForCallerfunction to usepreviewWrappedKeysinstead ofwrappedKeys, enhancing clarity on key usage.EmailServiceto accommodate the new encryption structure, ensuring proper handling of encrypted previews and keys.Summary by CodeRabbit
New Features
Bug Fixes