iExecBlockchainComputing
diff --git a/‎dapp/CHANGELOG.md‎
Lines changed: 11 additions & 5 deletions b/‎dapp/CHANGELOG.md‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎dapp/src/sendEmail.js‎
Lines changed: 49 additions & 34 deletions b/‎dapp/src/sendEmail.js‎
Lines changed: 49 additions & 34 deletions
diff --git a/‎dapp/src/validateInputs.js‎
Lines changed: 0 additions & 27 deletions b/‎dapp/src/validateInputs.js‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎dapp/src/validation.js‎
Lines changed: 77 additions & 0 deletions b/‎dapp/src/validation.js‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎dapp/tests/_test_inputs_/dataInvalidEmail.zip‎
92.3 KB b/‎dapp/tests/_test_inputs_/dataInvalidEmail.zip‎
92.3 KB
diff --git a/‎dapp/tests/_test_inputs_/dataNoEmail.zip‎
92 KB b/‎dapp/tests/_test_inputs_/dataNoEmail.zip‎
92 KB
@@ -2,11 +2,17 @@
 
 All notable changes to this project will be documented in this file.
 
+## Next
+
+### Changed
+
+- Check email address syntax before trying to send the email.
+
 ## [0.7.0]
 
 ### Changed
 
-- use `@iexec/dataprotector-deserializer` for handling dataprotector v2 protected data
+- use `@iexec/dataprotector-deserializer` for handling dataprotector v2 protected data.
 
 ## [0.6.0]
 
@@ -25,19 +31,19 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - Allow developer to specify the sender Name associated to the sender:
-- **senderName** _(optional)_: the email sender name, it must be between 3 and 20 characters long. It will be displayed as `"<senderName> via Web3mail"` in the `"From"` email header.
+  - **senderName** _(optional)_: the email sender name, it must be between 3 and 20 characters long. It will be displayed as `"<senderName> via Web3mail"` in the `"From"` email header.
 
 ## [0.3.0]
 
 ### Changed
 
-- Migrate from sconify 5.7.5-v9 to sconify 5.7.5-v12
+- Migrate from sconify 5.7.5-v9 to sconify 5.7.5-v12.
 
 ## [0.2.0]
 
 ### Changed
 
-- add support for `options` in `IEXEC_REQUESTER_SECRET_3` (optional)
-- add support for html content via `"contentType": "text/html"` in `options`
+- add support for `options` in `IEXEC_REQUESTER_SECRET_3` (optional).
+- add support for html content via `"contentType": "text/html"` in `options`.
 
 ## [0.1.0] Initial release
@@ -3,7 +3,12 @@ const {
   IExecDataProtectorDeserializer,
 } = require('@iexec/dataprotector-deserializer');
 const sendEmail = require('./emailService');
-const validateInputs = require('./validateInputs');
+const {
+  validateWorkerEnv,
+  validateAppSecret,
+  validateRequesterSecret,
+  validateProtectedData,
+} = require('./validation');
 const {
   downloadEncryptedContent,
   decryptContent,
@@ -20,64 +25,74 @@ async function writeTaskOutput(path, message) {
 }
 
 async function start() {
-  // Parse the developer secret environment variable
-  let developerSecret;
+  const { IEXEC_OUT, IEXEC_APP_DEVELOPER_SECRET, IEXEC_REQUESTER_SECRET_1 } =
+    process.env;
+
+  // Check worker env
+  const workerEnv = validateWorkerEnv({ IEXEC_OUT });
+
+  // Parse the app developer secret environment variable
+  let appDeveloperSecret;
   try {
-    developerSecret = JSON.parse(process.env.IEXEC_APP_DEVELOPER_SECRET);
+    appDeveloperSecret = JSON.parse(IEXEC_APP_DEVELOPER_SECRET);
   } catch {
     throw Error('Failed to parse the developer secret');
   }
+  appDeveloperSecret = validateAppSecret(appDeveloperSecret);
+
+  // Parse the requester secret environment variable
   let requesterSecret;
   try {
-    requesterSecret = process.env.IEXEC_REQUESTER_SECRET_1
-      ? JSON.parse(process.env.IEXEC_REQUESTER_SECRET_1)
+    requesterSecret = IEXEC_REQUESTER_SECRET_1
+      ? JSON.parse(IEXEC_REQUESTER_SECRET_1)
       : {};
   } catch {
     throw Error('Failed to parse requester secret');
   }
+  requesterSecret = validateRequesterSecret(requesterSecret);
 
-  const deserializer = new IExecDataProtectorDeserializer();
-  const email = await deserializer.getValue('email', 'string');
+  // Get the secret email address from the protected data
+  let protectedData;
+  try {
+    const deserializer = new IExecDataProtectorDeserializer();
+    protectedData = {
+      email: await deserializer.getValue('email', 'string'),
+    };
+  } catch (e) {
+    throw Error(`Failed to parse ProtectedData: ${e.message}`);
+  }
+  validateProtectedData(protectedData);
 
-  const unsafeEnvVars = {
-    iexecOut: process.env.IEXEC_OUT,
-    mailJetApiKeyPublic: developerSecret.MJ_APIKEY_PUBLIC,
-    mailJetApiKeyPrivate: developerSecret.MJ_APIKEY_PRIVATE,
-    mailJetSender: developerSecret.MJ_SENDER,
-    emailSubject: requesterSecret.emailSubject,
-    emailContentMultiAddr: requesterSecret.emailContentMultiAddr,
-    contentType: requesterSecret.contentType,
-    senderName: requesterSecret.senderName,
-    emailContentEncryptionKey: requesterSecret.emailContentEncryptionKey,
-  };
-  const envVars = validateInputs(unsafeEnvVars);
   const encryptedEmailContent = await downloadEncryptedContent(
-    envVars.emailContentMultiAddr
+    requesterSecret.emailContentMultiAddr
   );
-  const emailContent = decryptContent(
+  const requesterEmailContent = decryptContent(
     encryptedEmailContent,
-    envVars.emailContentEncryptionKey
+    requesterSecret.emailContentEncryptionKey
   );
 
   const response = await sendEmail({
-    email,
-    mailJetApiKeyPublic: envVars.mailJetApiKeyPublic,
-    mailJetApiKeyPrivate: envVars.mailJetApiKeyPrivate,
-    emailSubject: envVars.emailSubject,
-    emailContent,
-    mailJetSender: envVars.mailJetSender,
-    contentType: envVars.contentType,
-    senderName: envVars.senderName,
+    // from protected data
+    email: protectedData.email,
+    // from app developer secrets
+    mailJetApiKeyPublic: appDeveloperSecret.MJ_APIKEY_PUBLIC,
+    mailJetApiKeyPrivate: appDeveloperSecret.MJ_APIKEY_PRIVATE,
+    mailJetSender: appDeveloperSecret.MJ_SENDER,
+    // from requester secret
+    emailContent: requesterEmailContent,
+    emailSubject: requesterSecret.emailSubject,
+    contentType: requesterSecret.contentType,
+    senderName: requesterSecret.senderName,
   });
 
   await writeTaskOutput(
-    `${envVars.iexecOut}/result.txt`,
+    `${workerEnv.IEXEC_OUT}/result.txt`,
     JSON.stringify(response, null, 2)
   );
   await writeTaskOutput(
-    `${envVars.iexecOut}/computed.json`,
+    `${workerEnv.IEXEC_OUT}/computed.json`,
     JSON.stringify({
-      'deterministic-output-path': `${envVars.iexecOut}/result.txt`,
+      'deterministic-output-path': `${workerEnv.IEXEC_OUT}/result.txt`,
     })
   );
 }
 
@@ -0,0 +1,77 @@
+const Joi = require('joi');
+
+const workerEnvSchema = Joi.object({
+  IEXEC_OUT: Joi.string().required(),
+});
+
+function validateWorkerEnv(envVars) {
+  const { error, value } = workerEnvSchema.validate(envVars, {
+    abortEarly: false,
+  });
+  if (error) {
+    const validationErrors = error.details.map((detail) => detail.message);
+    throw new Error(`Worker environment error: ${validationErrors.join('; ')}`);
+  }
+  return value;
+}
+
+const appSecretSchema = Joi.object({
+  MJ_APIKEY_PUBLIC: Joi.string().required(),
+  MJ_APIKEY_PRIVATE: Joi.string().required(),
+  MJ_SENDER: Joi.string().email().required(),
+});
+
+function validateAppSecret(obj) {
+  const { error, value } = appSecretSchema.validate(obj, {
+    abortEarly: false,
+  });
+  if (error) {
+    const validationErrors = error.details.map((detail) => detail.message);
+    throw new Error(`App secret error: ${validationErrors.join('; ')}`);
+  }
+  return value;
+}
+
+const protectedDataEmailSchema = Joi.object({
+  email: Joi.string().email().required(),
+});
+
+function validateProtectedData(obj) {
+  const { error, value } = protectedDataEmailSchema.validate(obj, {
+    abortEarly: false,
+  });
+  if (error) {
+    const validationErrors = error.details.map((detail) => detail.message);
+    throw new Error(`ProtectedData error: ${validationErrors.join('; ')}`);
+  }
+  return value;
+}
+
+const requesterSecretSchema = Joi.object({
+  emailSubject: Joi.string().required(),
+  emailContentMultiAddr: Joi.string()
+    .pattern(/^\/(ipfs|p2p)\//)
+    .message('"emailContentMultiAddr" must be a multiAddr')
+    .required(),
+  emailContentEncryptionKey: Joi.string().base64(),
+  contentType: Joi.string().valid('text/plain', 'text/html'),
+  senderName: Joi.string().min(3).max(20),
+});
+
+function validateRequesterSecret(obj) {
+  const { error, value } = requesterSecretSchema.validate(obj, {
+    abortEarly: false,
+  });
+  if (error) {
+    const validationErrors = error.details.map((detail) => detail.message);
+    throw new Error(`Requester secret error: ${validationErrors.join('; ')}`);
+  }
+  return value;
+}
+
+module.exports = {
+  validateWorkerEnv,
+  validateAppSecret,
+  validateRequesterSecret,
+  validateProtectedData,
+};