fix: address 14 bugs found since v2.61.5

- Disable export resume to prevent corrupted files from append-mode
  writes with new gzip/encrypt stream headers
- Revert notifyFrom default from null to now so new accounts do not
  emit webhooks for all existing messages during first sync
- Use nullish coalescing for queueKeep so that 0 is not replaced by true
- Validate exportId in UI routes with strict pattern instead of loose
  string max
- Guard Export.fail() against deleted keys to prevent zombie Redis entries
- Clean up stale active-set entries whose export hashes have expired
- Call Export.cleanup() on worker startup to remove orphaned files
- Cap Gmail export batch size at 50 to match Outlook behavior
- Capture indexing start time once to ensure deterministic endDate
  filtering across folders
- Remove swallowed mkdir error so failures propagate properly
- Move NON_RETRYABLE_CODES Set to module scope to avoid per-error
  allocation
- Use unsigned right shift for score tiebreaker to prevent negative
  values when hash byte >= 128
- Validate DecryptStream chunk length to prevent memory exhaustion from
  malformed files
- Destroy file read stream on decrypt error to prevent resource leaks

Author: andris9

lib/api-routes/account-routes.js

@@ -195,7 +195,7 @@ async function init(args) {
 
                     logs: Joi.boolean().example(false).description('Store recent logs').default(false),
 
-                    notifyFrom: accountSchemas.notifyFrom.default(null),
+                    notifyFrom: accountSchemas.notifyFrom.default('now'),
                     syncFrom: accountSchemas.syncFrom.default(null),
 
                     proxy: settingsSchema.proxyUrl,
@@ -630,7 +630,7 @@ async function init(args) {
 
                 payload: Joi.object({
                     flush: Joi.boolean().truthy('Y', 'true', '1').falsy('N', 'false', 0).default(false).description('Only flush the account if true'),
-                    notifyFrom: accountSchemas.notifyFrom.default(null),
+                    notifyFrom: accountSchemas.notifyFrom.default('now'),
                     imapIndexer: accountSchemas.imapIndexer,
                     syncFrom: accountSchemas.syncFrom
                 }).label('RequestFlush')

lib/api-routes/export-routes.js

@@ -140,7 +140,8 @@ async function init(args) {
                     throw Boom.notFound('Export not found');
                 }
 
-                let stream = fs.createReadStream(fileInfo.filePath);
+                const fileReadStream = fs.createReadStream(fileInfo.filePath);
+                let stream = fileReadStream;
 
                 stream.on('error', err => {
                     request.logger.error({ msg: 'Export download stream error', exportId, err });
@@ -149,13 +150,15 @@ async function init(args) {
                 if (fileInfo.isEncrypted) {
                     const secret = await getSecret();
                     if (!secret) {
+                        fileReadStream.destroy();
                         throw Boom.serverUnavailable('Encryption secret not available for decryption');
                     }
                     const decryptStream = createDecryptStream(secret);
                     decryptStream.on('error', err => {
                         request.logger.error({ msg: 'Export decryption error', exportId, err });
+                        fileReadStream.destroy();
                     });
-                    stream = stream.pipe(decryptStream);
+                    stream = fileReadStream.pipe(decryptStream);
                 }
 
                 return h

lib/email-client/base-client.js

@@ -1984,7 +1984,7 @@ class BaseClient {
         // Store message in Redis
         await this.redis.hsetBuffer(`${REDIS_PREFIX}iaq:${this.account}`, queueId, msgEntry);
 
-        let queueKeep = (await settings.get('queueKeep')) || true;
+        let queueKeep = (await settings.get('queueKeep')) ?? true;
 
         // Configure delivery retry settings
         let defaultDeliveryAttempts = await settings.get('deliveryAttempts');

lib/email-client/gmail-client.js

@@ -29,6 +29,8 @@ const settings = require('../settings');
 
 const { GMAIL_API_BASE, LIST_BATCH_SIZE, request: gmailApiRequest } = require('./gmail/gmail-api');
 
+const MAX_GMAIL_BATCH_SIZE = 50;
+
 // Labels to exclude from folder listings
 const SKIP_LABELS = ['UNREAD', 'STARRED', 'IMPORTANT', 'CHAT', 'CATEGORY_PERSONAL'];
 
@@ -1369,7 +1371,7 @@ class GmailClient extends BaseClient {
 
         const results = [];
         const settingsBatchSize = await settings.get('gmailExportBatchSize');
-        const batchSize = settingsBatchSize || DEFAULT_GMAIL_EXPORT_BATCH_SIZE;
+        const batchSize = Math.min(settingsBatchSize || DEFAULT_GMAIL_EXPORT_BATCH_SIZE, MAX_GMAIL_BATCH_SIZE);
 
         for (let i = 0; i < emailIds.length; i += batchSize) {
             const batch = emailIds.slice(i, i + batchSize);

lib/export.js

@@ -130,7 +130,7 @@ class Export {
 
         const activeEntry = await tryAddToActiveSet(account, exportId);
 
-        await fs.promises.mkdir(exportPath, { recursive: true }).catch(() => {});
+        await fs.promises.mkdir(exportPath, { recursive: true });
 
         const secret = await getSecret();
         const isEncrypted = !!secret;
@@ -221,7 +221,7 @@ class Export {
         };
 
         if (data.status === 'failed') {
-            result.isResumable = data.isResumable === '1';
+            result.isResumable = false;
         }
 
         return result;
@@ -307,7 +307,7 @@ class Export {
 
         const uniqueKey = `${messageInfo.folder || ''}:${messageInfo.messageId || ''}:${messageInfo.uid || ''}`;
         const hash = crypto.createHash('sha256').update(uniqueKey).digest();
-        const tiebreaker = ((hash[0] << 16) | (hash[1] << 8) | hash[2]) % 1000000;
+        const tiebreaker = (((hash[0] << 16) | (hash[1] << 8) | hash[2]) >>> 0) % 1000000;
 
         const score = baseSeconds * 1000000 + tiebreaker;
 
@@ -378,111 +378,29 @@ class Export {
         const exportKey = getExportKey(account, exportId);
         const queueKey = getExportQueueKey(account, exportId);
 
-        const exportData = await redis.hgetall(exportKey);
-        const lastProcessedScore = Number(exportData?.lastProcessedScore) || 0;
-        const messagesQueued = Number(exportData?.messagesQueued) || 0;
-        const messagesExported = Number(exportData?.messagesExported) || 0;
-
-        const isResumable = lastProcessedScore > 0 && messagesQueued > 0 && messagesExported < messagesQueued;
-
-        const multi = redis
-            .multi()
-            .hmset(exportKey, {
-                status: 'failed',
-                error: error || 'Unknown error',
-                isResumable: isResumable ? '1' : '0'
-            })
-            .srem(ACTIVE_EXPORTS_KEY, `${account}:${exportId}`);
-
-        if (!isResumable) {
-            multi.del(queueKey);
-        }
-
-        await multi.exec();
-
-        logger.error({ msg: 'Export failed', account, exportId, error, isResumable });
-    }
-
-    static async resume(account, exportId) {
-        const exportKey = getExportKey(account, exportId);
-        const queueKey = getExportQueueKey(account, exportId);
-
         const exportData = await redis.hgetall(exportKey);
         if (!exportData || !exportData.exportId) {
-            throw createError('Export not found', 'ExportNotFound', 404);
-        }
-
-        if (exportData.status !== 'failed') {
-            throw createError(`Cannot resume export with status "${exportData.status}"`, 'InvalidExportStatus', 400);
+            // Key already deleted, just clean up active set
+            await redis.srem(ACTIVE_EXPORTS_KEY, `${account}:${exportId}`);
+            return;
         }
 
-        if (exportData.isResumable !== '1') {
-            throw createError('Export is not resumable. The export must have made progress before failing.', 'ExportNotResumable', 400);
-        }
-
-        const queueSize = await redis.zcard(queueKey);
-        if (queueSize === 0) {
-            throw createError('Export queue no longer exists', 'QueueNotFound', 400);
-        }
-
-        const activeEntry = await tryAddToActiveSet(account, exportId);
-
-        const maxAge = await getExportMaxAge();
-        const ttl = Math.ceil(maxAge / 1000);
-        const now = Date.now();
-        const newExpiresAt = now + maxAge;
-
         await redis
             .multi()
             .hmset(exportKey, {
-                status: 'queued',
-                phase: 'exporting',
-                error: '',
-                isResumable: '0',
-                expiresAt: newExpiresAt
+                status: 'failed',
+                error: error || 'Unknown error',
+                isResumable: '0'
             })
-            .expire(exportKey, ttl)
-            .expire(queueKey, ttl)
+            .del(queueKey)
+            .srem(ACTIVE_EXPORTS_KEY, `${account}:${exportId}`)
             .exec();
 
-        try {
-            await exportQueue.add(
-                'export',
-                { account, exportId, isResumed: true },
-                { jobId: `${exportId}-resume-${Date.now()}`, removeOnComplete: true, removeOnFail: true }
-            );
-        } catch (err) {
-            await redis
-                .multi()
-                .hmset(exportKey, {
-                    status: 'failed',
-                    error: exportData.error || 'Resume failed',
-                    isResumable: '1'
-                })
-                .srem(ACTIVE_EXPORTS_KEY, activeEntry)
-                .exec();
-            throw err;
-        }
-
-        logger.info({
-            msg: 'Export resumed',
-            account,
-            exportId,
-            lastProcessedScore: exportData.lastProcessedScore,
-            messagesExported: exportData.messagesExported,
-            messagesQueued: exportData.messagesQueued
-        });
+        logger.error({ msg: 'Export failed', account, exportId, error });
+    }
 
-        return {
-            exportId,
-            status: 'queued',
-            resumed: true,
-            progress: {
-                messagesExported: Number(exportData.messagesExported) || 0,
-                messagesQueued: Number(exportData.messagesQueued) || 0,
-                messagesSkipped: Number(exportData.messagesSkipped) || 0
-            }
-        };
+    static async resume(account, exportId) {
+        throw createError('Export resume is not currently supported', 'ExportNotResumable', 501);
     }
 
     static async markInterruptedAsFailed() {
@@ -499,6 +417,12 @@ class Export {
 
                 const data = await redis.hgetall(getExportKey(account, exportId));
 
+                if (!data || !data.exportId) {
+                    // Stale entry -- export hash expired, clean up active set
+                    await redis.srem(ACTIVE_EXPORTS_KEY, entry);
+                    continue;
+                }
+
                 if (data && (data.status === 'processing' || data.status === 'queued' || data.status === 'indexing')) {
                     const job = await exportQueue.getJob(exportId).catch(() => null);
                     if (job) {

lib/routes-ui.js

@@ -46,7 +46,8 @@ const {
     accountIdSchema,
     defaultAccountTypeSchema,
     googleProjectIdSchema,
-    googleWorkspaceAccountsSchema
+    googleWorkspaceAccountsSchema,
+    exportIdSchema
 } = require('./schemas');
 const fs = require('fs');
 const pathlib = require('path');
@@ -1012,7 +1013,7 @@ function applyRoutes(server, call) {
                 failAction,
                 params: Joi.object({
                     account: Joi.string().max(256).required(),
-                    exportId: Joi.string().max(256).required()
+                    exportId: exportIdSchema
                 })
             }
         }
@@ -1030,7 +1031,8 @@ function applyRoutes(server, call) {
                     throw Boom.notFound('Export not found');
                 }
 
-                let stream = fs.createReadStream(fileInfo.filePath);
+                const fileReadStream = fs.createReadStream(fileInfo.filePath);
+                let stream = fileReadStream;
 
                 stream.on('error', err => {
                     request.logger.error({ msg: 'Export download stream error', exportId, err });
@@ -1040,14 +1042,16 @@ function applyRoutes(server, call) {
                 if (fileInfo.isEncrypted) {
                     const secret = await getSecret();
                     if (!secret) {
+                        fileReadStream.destroy();
                         throw Boom.serverUnavailable('Encryption secret not available for decryption');
                     }
                     const { createDecryptStream } = require('./stream-encrypt');
                     const decryptStream = createDecryptStream(secret);
                     decryptStream.on('error', err => {
                         request.logger.error({ msg: 'Export decryption error', exportId, err });
+                        fileReadStream.destroy();
                     });
-                    stream = stream.pipe(decryptStream);
+                    stream = fileReadStream.pipe(decryptStream);
                 }
 
                 return h
@@ -1070,7 +1074,7 @@ function applyRoutes(server, call) {
                 failAction,
                 params: Joi.object({
                     account: Joi.string().max(256).required(),
-                    exportId: Joi.string().max(256).required()
+                    exportId: exportIdSchema
                 })
             }
         }

lib/stream-encrypt.js

@@ -134,6 +134,9 @@ class DecryptStream extends Transform {
 
         const iv = this.buffer.subarray(0, IV_LENGTH);
         const encryptedLength = this.buffer.readUInt32LE(IV_LENGTH);
+        if (encryptedLength > CHUNK_SIZE + 256) {
+            throw new Error('Invalid encrypted chunk length');
+        }
         const totalChunkSize = minChunkHeader + encryptedLength + AUTH_TAG_LENGTH;
 
         if (this.buffer.length < totalChunkSize) {

lib/webhooks.js

@@ -514,7 +514,7 @@ class WebhooksHandler {
     async pushToQueue(event, originalPayload, opts = {}) {
         // custom webhook routes
         let webhookRoutes = await this.getWebhookHandlers();
-        let queueKeep = (await settings.get('queueKeep')) || true;
+        let queueKeep = (await settings.get('queueKeep')) ?? true;
 
         let removePolicy = typeof queueKeep === 'number' ? { age: 24 * 3600, count: queueKeep } : queueKeep;
         let jobOpts = {