feat(web): Check Spam API (#1914)

Author: gabrielmfern

.github/workflows/tests.yml

@@ -70,6 +70,9 @@ jobs:
 
       - name: Run Tests
         run: pnpm test
+        env:  
+          SPAM_ASSASSIN_HOST: ${{ secrets.SPAM_ASSASSIN_HOST }}
+          SPAM_ASSASSIN_PORT: ${{ secrets.SPAM_ASSASSIN_PORT }}
 
   build:
     runs-on: buildjet-4vcpu-ubuntu-2204

apps/web/package.json

@@ -6,8 +6,8 @@
     "dev": "next dev",
     "build": "next build",
     "start": "next start",
-    "test:watch": "vitest --config ../../vitest.config.ts --bail 1",
-    "test": "vitest run --config ../../vitest.config.ts --bail 1",
+    "test:watch": "vitest --bail 1",
+    "test": "vitest run --bail 1",
     "pattern:dev": "email dev -d ./components",
     "pattern:build": "email build -d ./components"
   },
@@ -30,6 +30,7 @@
     "vaul": "1.1.1"
   },
   "devDependencies": {
+    "@next/env": "15.1.7",
     "@radix-ui/colors": "1.0.1",
     "@radix-ui/react-select": "2.1.2",
     "@radix-ui/react-slot": "1.1.0",

apps/web/src/app/api/check-spam/__snapshots__/check-spam.spec.tsx.snap

@@ -0,0 +1,25 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`checkSpam() 1`] = `
+{
+  "checks": [
+    {
+      "description": "BODY: Money back guarantee",
+      "name": "MONEY_BACK",
+      "points": 2.5,
+    },
+    {
+      "description": "BODY: HTML and text parts are different",
+      "name": "MPART_ALT_DIFF",
+      "points": 0.7,
+    },
+    {
+      "description": "Refers to an erectile drug",
+      "name": "DRUGS_ERECTILE",
+      "points": 2.2,
+    },
+  ],
+  "isSpam": true,
+  "points": 5.4,
+}
+`;

apps/web/src/app/api/check-spam/check-spam.spec.tsx

@@ -0,0 +1,20 @@
+import { render } from '@react-email/components';
+import { checkSpam } from './check-spam';
+
+test('checkSpam()', async () => {
+  const template = (
+    <html lang="en">
+      <body>
+        This email is spam. We sell rolexss for cheap. Get your viagra. We also
+        sell weight loss pills today. Money back guaranteed. sEnd me $500 and
+        I'll send you back $700. don't tell anyone. Send this email to ten
+        friends
+      </body>
+    </html>
+  );
+  const html = await render(template);
+  // const plainText = await render(template, { plainText: true });
+  const plainText = 'Completely different content from the original';
+
+  expect(await checkSpam(html, plainText)).toMatchSnapshot();
+});

apps/web/src/app/api/check-spam/check-spam.ts

@@ -0,0 +1,29 @@
+import { parsePointingTableRows } from '@/utils/spam-assassin/parse-pointing-table-rows';
+import { sendToSpamd } from '@/utils/spam-assassin/send-to-spamd';
+
+export async function checkSpam(html: string, plainText: string) {
+  const response = await sendToSpamd(html, plainText);
+
+  const tableRows = parsePointingTableRows(response);
+
+  const filteredRows = tableRows.filter(
+    (row) =>
+      !row.description.toLowerCase().includes('header') &&
+      !row.ruleName.includes('HEADER') &&
+      row.pts !== 0,
+  );
+
+  const checks = filteredRows.map((row) => ({
+    name: row.ruleName,
+    description: row.description,
+    points: row.pts,
+  }));
+
+  const points = checks.reduce((acc, check) => acc + check.points, 0);
+
+  return {
+    checks,
+    isSpam: points >= 5.0,
+    points,
+  };
+}

apps/web/src/app/api/check-spam/route.ts

@@ -0,0 +1,34 @@
+import { type NextRequest, NextResponse } from 'next/server';
+import { ZodError, z } from 'zod';
+import { checkSpam } from './check-spam';
+
+export const dynamic = 'force-dynamic';
+
+export function OPTIONS() {
+  return Promise.resolve(NextResponse.json({}));
+}
+
+const bodySchema = z.object({
+  html: z.string(),
+  plainText: z.string(),
+});
+
+export async function POST(req: NextRequest) {
+  try {
+    const { html, plainText } = bodySchema.parse(await req.json());
+
+    return NextResponse.json(await checkSpam(html, plainText));
+  } catch (exception) {
+    if (exception instanceof Error) {
+      return NextResponse.json(
+        { error: exception.message },
+        { status: exception instanceof ZodError ? 400 : 500 },
+      );
+    }
+
+    return NextResponse.json(
+      { error: 'Something went wrong' },
+      { status: 500 },
+    );
+  }
+}

apps/web/src/utils/spam-assassin/__snapshots__/parse-pointing-table-rows.spec.ts.snap

@@ -0,0 +1,61 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`parsePointingTableRows() 1`] = `
+[
+  {
+    "description": "Missing Subject: header",
+    "pts": 1.8,
+    "ruleName": "MISSING_SUBJECT",
+  },
+  {
+    "description": "Missing Date: header",
+    "pts": 1.4,
+    "ruleName": "MISSING_DATE",
+  },
+  {
+    "description": "Missing Message-Id: header",
+    "pts": 0.1,
+    "ruleName": "MISSING_MID",
+  },
+  {
+    "description": "Missing From: header",
+    "pts": 1,
+    "ruleName": "MISSING_FROM",
+  },
+  {
+    "description": "Informational: message has no Received headers",
+    "pts": -0,
+    "ruleName": "NO_RECEIVED",
+  },
+  {
+    "description": "Missing To: header",
+    "pts": 1.2,
+    "ruleName": "MISSING_HEADERS",
+  },
+  {
+    "description": "Informational: message was not relayed via SMTP",
+    "pts": -0,
+    "ruleName": "NO_RELAYS",
+  },
+  {
+    "description": "BODY: Money back guarantee",
+    "pts": 2.5,
+    "ruleName": "MONEY_BACK",
+  },
+  {
+    "description": "BODY: HTML included in message",
+    "pts": 0,
+    "ruleName": "HTML_MESSAGE",
+  },
+  {
+    "description": "Message appears to be missing most RFC-822 headers",
+    "pts": 0,
+    "ruleName": "NO_HEADERS_MESSAGE",
+  },
+  {
+    "description": "Refers to an erectile drug",
+    "pts": 2.2,
+    "ruleName": "DRUGS_ERECTILE",
+  },
+]
+`;

apps/web/src/utils/spam-assassin/parse-pointing-table-rows.spec.ts

@@ -0,0 +1,89 @@
+import { parsePointingTableRows } from './parse-pointing-table-rows';
+
+const spamdResponse = `Received: from localhost by gabriels-computer
+        with SpamAssassin (version 4.0.1);
+        Mon, 10 Feb 2025 09:21:23 -0300
+X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on gabriels-computer
+X-Spam-Flag: YES
+X-Spam-Level: **********
+X-Spam-Status: Yes, score=10.2 required=5.0 tests=DRUGS_ERECTILE,HTML_MESSAGE,
+        MISSING_DATE,MISSING_FROM,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,
+        MONEY_BACK,NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS autolearn=no
+        autolearn_force=no version=4.0.1
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="----------=_67A9EF43.EC247F5D"
+
+This is a multi-part message in MIME format.
+
+------------=_67A9EF43.EC247F5D
+Content-Type: text/plain; charset=UTF-8
+Content-Disposition: inline
+Content-Transfer-Encoding: 8bit
+
+Spam detection software, running on the system "gabriels-computer",
+has identified this incoming email as possible spam.  The original
+message has been attached to this so you can view it or label
+similar future email.  If you have any questions, see
+root@localhost for details.
+
+Content preview:  This email is spam. We sell rolexss for cheap. Get your viagra.
+   We also sell weight loss pills today. Money back guaranteed. sEnd me $500
+   and I'll send you back $700. don't tell anyone. Send this emai [...] 
+
+Content analysis details:   (10.2 points, 5.0 required)
+
+ pts rule name              description
+---- ---------------------- --------------------------------------------------
+ 1.8 MISSING_SUBJECT        Missing Subject: header                           
+ 1.4 MISSING_DATE           Missing Date: header                              
+ 0.1 MISSING_MID            Missing Message-Id: header                        
+ 1.0 MISSING_FROM           Missing From: header                              
+-0.0 NO_RECEIVED            Informational: message has no Received headers    
+ 1.2 MISSING_HEADERS        Missing To: header                                
+-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
+ 2.5 MONEY_BACK             BODY: Money back guarantee                        
+ 0.0 HTML_MESSAGE           BODY: HTML included in message
+ 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers
+ 2.2 DRUGS_ERECTILE         Refers to an erectile drug
+
+The original message was not completely plain text, and may be unsafe to
+open with some email clients; in particular, it may contain a virus,
+or confirm that your address can receive spam.  If you wish to view
+it, it may be safer to save it to a file and open it with an editor.
+
+
+------------=_67A9EF43.EC247F5D
+Content-Type: message/rfc822; x-spam-type=original
+Content-Description: original message before SpamAssassin
+Content-Disposition: attachment
+Content-Transfer-Encoding: 8bit
+
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="Part_af7eace217e10ccb689dd03f0d264877"
+
+--Part_af7eace217e10ccb689dd03f0d264877
+Content-Type: text/plain; charset="UTF-8"
+
+This email is spam. We sell rolexss for cheap. Get your viagra. We also
+sell weight loss pills today. Money back guaranteed. sEnd me $500 and
+I'll send you back $700. don't tell anyone. Send this email to ten
+friends
+
+--Part_af7eace217e10ccb689dd03f0d264877
+Content-Type: text/html; charset="UTF-8"
+
+<html>
+  <body>
+    What
+  </body>
+</html>
+
+--Part_af7eace217e10ccb689dd03f0d264877--
+
+
+------------=_67A9EF43.EC247F5D--
+`;
+
+test('parsePointingTableRows()', () => {
+  expect(parsePointingTableRows(spamdResponse)).toMatchSnapshot();
+});

apps/web/src/utils/spam-assassin/parse-pointing-table-rows.ts

@@ -0,0 +1,64 @@
+export const parsePointingTableRows = (response: string) => {
+  const tableHeader =
+    /pts\s+rule\s+name\s+description\s+(?<ptsWidth>-+) (?<ruleNameWidth>-+) (?<descriptionWidth>-+) *(?:\r\n|\n|\r)*/;
+  const tableStartMatch = response.match(tableHeader);
+
+  if (
+    tableStartMatch === null ||
+    tableStartMatch.index === undefined ||
+    tableStartMatch.groups === undefined
+  ) {
+    throw new Error('Could not find spam checking points table');
+  }
+
+  const ptsWidth = tableStartMatch.groups.ptsWidth!.length;
+  const ruleNameWidth = tableStartMatch.groups.ruleNameWidth!.length;
+  const descriptionWidth = tableStartMatch.groups.descriptionWidth!.length;
+  const columnsRegex = new RegExp(
+    `^(?<pts>.{${ptsWidth}}) (?<ruleName>.{${ruleNameWidth}}) (?<description>.{${descriptionWidth}}|.+$)`,
+  );
+
+  const rows: {
+    pts: number;
+    ruleName: string;
+    description: string;
+  }[] = [];
+
+  const responseFromTableStart = response.slice(
+    tableStartMatch.index + tableStartMatch[0].length,
+  );
+  for (const line of responseFromTableStart.split(/\r\n|\n|\r/)) {
+    if (line.trim().length === 0) break;
+
+    const match = line.match(columnsRegex);
+    if (match?.groups === undefined) {
+      throw new Error('Could not match the columns in the row', {
+        cause: {
+          line,
+          match,
+        },
+      });
+    }
+    const pts = match.groups.pts!;
+    const ruleName = match.groups.ruleName!;
+    const description = match.groups.description!;
+
+    try {
+      rows.push({
+        pts: Number.parseFloat(pts),
+        ruleName: ruleName.trim(),
+        description: description.trim(),
+      });
+    } catch (exception) {
+      throw new Error('could not parse points to insert into rows array', {
+        cause: {
+          exception,
+          line,
+          match,
+        },
+      });
+    }
+  }
+
+  return rows;
+};