use api-key in mail service (#8257)

Chunosov · web-flow · commit 31b54bb039a5 · 2025-03-18T11:01:45.000+07:00
Signed-off-by: Nikolay Chunosov &lt;Chunosov.N@gmail.com&gt;
diff --git a/services/mail/pod-mail/README.md b/services/mail/pod-mail/README.md
@@ -9,6 +9,7 @@ It supports sending emails with multiple recipients, along with optional CC, BCC
 
 Environment variables should be set to configure the Mail Service:
 - `PORT`: The port on which the mail service listens for incoming HTTP requests.
+- `API_KEY`: An API key that clients must pass. The parameter is optional, should be provided when external access to the service is allowed.
 
 Settings for SMTP or SES email service should be specified, simultaneous use of both protocols is not supported
 
@@ -53,6 +54,8 @@ Send an email message.
 - `subject`: Required. String containing the email subject.
 - `html`: Optional. String containing HTML message body.
 - `from`: Optional. Sender's email address.
+- `headers`: Optional. An object or array of additional header fields.
+- `apiKey`: Required if the service started with `API_KEY`.
 - `attachments`: Optional. Array of objects, each object can have the following fields:
   - `filename`: Filename to be reported as the name of the attached file. Use of unicode is allowed.
   - `contentType`: Optional. Content type for the attachment, if not set will be derived from the filename property.
diff --git a/services/mail/pod-mail/src/main.ts b/services/mail/pod-mail/src/main.ts
@@ -55,8 +55,11 @@ export const main = async (): Promise<void> => {
 }
 
 export async function handleSendMail (client: MailClient, req: Request, res: Response): Promise<void> {
-  // Skip auth check, since service should be internal
-  const { from, to, subject, text, html, attachments } = req.body
+  const { from, to, subject, text, html, attachments, headers, apiKey } = req.body
+  if (process.env.API_KEY !== undefined && process.env.API_KEY !== apiKey) {
+    res.status(401).send({ err: 'Unauthorized' })
+    return
+  }
   const fromAddress = from ?? config.source
   if (text === undefined) {
     res.status(400).send({ err: "'text' is missing" })
@@ -83,6 +86,9 @@ export async function handleSendMail (client: MailClient, req: Request, res: Res
   if (html !== undefined) {
     message.html = html
   }
+  if (headers !== undefined) {
+    message.headers = headers
+  }
   if (attachments !== undefined) {
     message.attachments = getAttachments(attachments)
   }
