lywsvip/cloud-mail
1
0
Fork 0
mirror of https://github.com/eoao/cloud-mail.git synced 2026-05-06 13:41:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化降低所需配置简化部署

Browse Source
This commit is contained in:
eoao
2026-01-19 19:22:00 +08:00
parent a5995947ac
commit 86c408dd27
7 changed files with 273 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
.github/workflows/deploy-cloudflare.yml vendored
View File

@@ -14,56 +14,54 @@ jobs:
runs-on: ubuntu-latest
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
D1_DATABASE_ID: ${{ secrets.D1_DATABASE_ID }}
KV_NAMESPACE_ID: ${{ secrets.KV_NAMESPACE_ID }}
R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME }}
DOMAIN: ${{ secrets.DOMAIN }}
ADMIN: ${{ secrets.ADMIN }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
LINUXDO_CLIENT_ID: ${{ secrets.LINUXDO_CLIENT_ID }}
LINUXDO_CLIENT_SECRET: ${{ secrets.LINUXDO_CLIENT_SECRET }}
LINUXDO_CALLBACK_URL: ${{ secrets.LINUXDO_CALLBACK_URL }}
LINUXDO_SWITCH: ${{ secrets.LINUXDO_SWITCH }}
NAME: ${{ secrets.NAME || vars.NAME || 'cloud-mail' }}
CUSTOM_DOMAIN: ${{ secrets.CUSTOM_DOMAIN || vars.CUSTOM_DOMAIN }}
DOMAIN: ${{ secrets.DOMAIN || vars.DOMAIN }}
ADMIN: ${{ secrets.ADMIN || vars.ADMIN }}
JWT_SECRET: ${{ secrets.JWT_SECRET || vars.JWT_SECRET }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN || vars.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID || vars.CLOUDFLARE_ACCOUNT_ID }}
D1_DATABASE_ID: ${{ secrets.D1_DATABASE_ID || vars.D1_DATABASE_ID }}
KV_NAMESPACE_ID: ${{ secrets.KV_NAMESPACE_ID || vars.KV_NAMESPACE_ID }}
R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME || vars.R2_BUCKET_NAME }}
LINUXDO_CLIENT_ID: ${{ secrets.LINUXDO_CLIENT_ID || vars.LINUXDO_CLIENT_ID }}
LINUXDO_CLIENT_SECRET: ${{ secrets.LINUXDO_CLIENT_SECRET || vars.LINUXDO_CLIENT_SECRET }}
LINUXDO_CALLBACK_URL: ${{ secrets.LINUXDO_CALLBACK_URL || vars.LINUXDO_CALLBACK_URL }}
LINUXDO_SWITCH: ${{ secrets.LINUXDO_SWITCH || vars.LINUXDO_SWITCH }}
outputs:
worker_url: ${{ steps.deploy.outputs.worker_url }}
steps:
- name: ➡️ 检出代码仓库 - Checkout repository
- name: 🚚 检出代码仓库 / Checkout repository
uses: actions/checkout@v4
- name: 📦 设置 pnpm - Setup pnpm
- name: 设置 pnpm / Set up pnpm
uses: pnpm/action-setup@v4.1.0
with:
version: latest
- name: 📦 设置 Node.js - Setup Node.js
- name: 设置 Node.js / Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
cache-dependency-path: "./mail-worker/pnpm-lock.yaml"
- name: 📥 安装依赖 - Install dependencies
- name: 📦 安装依赖 / Install dependencies
run: pnpm install --frozen-lockfile
working-directory: ./mail-worker
- name: 📡 禁用 Wrangler 遥测 - Disable wrangler telemetry
- name: 📡 禁用 Wrangler 遥测 / Disable wrangler telemetry
working-directory: ./mail-worker
run: npx wrangler telemetry disable
run: pnpm wrangler telemetry disable
- name: 🛠️ 设置环境 - Set secrets
- name: 🛠️ 设置环境 / Set up environment
working-directory: ./mail-worker
run: |
echo "🔐 Starting secrets setup..."
if [ -z "$D1_DATABASE_ID" ] || [ -z "$KV_NAMESPACE_ID" ]; then
echo "❌ Required secrets (D1_DATABASE_ID or KV_NAMESPACE_ID) are not set."
exit 1
fi
echo "🔐 Starting environment setup..."
if [ -z "$JWT_SECRET" ] || grep -q '[?%#/\\]' <<< "$JWT_SECRET"; then
echo "❌ JWT_SECRET is empty or contains invalid characters (?, %, #, /, \\)"
@@ -84,55 +82,142 @@ jobs:
if [ -z "$LINUXDO_CLIENT_ID" ] || [ -z "$LINUXDO_CLIENT_SECRET" ]; then
sed -i '/^linuxdo_client_id = /,/^linuxdo_switch = /d' "$CONFIG_FILE"
fi
if [ -z "$CUSTOM_DOMAIN" ]; then
sed -i '/\[\[routes\]\]/,/^$/d' "$CONFIG_FILE"
fi
sed -i "s|\${D1_DATABASE_ID}|${D1_DATABASE_ID}|g" "$CONFIG_FILE"
sed -i "s|\${KV_NAMESPACE_ID}|${KV_NAMESPACE_ID}|g" "$CONFIG_FILE"
sed -i "s|\${R2_BUCKET_NAME}|${R2_BUCKET_NAME}|g" "$CONFIG_FILE"
sed -i "s|\${NAME}|${NAME}|g" "$CONFIG_FILE"
sed -i "s|\${CUSTOM_DOMAIN}|${CUSTOM_DOMAIN}|g" "$CONFIG_FILE"
sed -i "s|\"\${DOMAIN}\"|${DOMAIN}|g" "$CONFIG_FILE"
sed -i "s|\${ADMIN}|${ADMIN}|g" "$CONFIG_FILE"
sed -i "s|\${JWT_SECRET}|${JWT_SECRET}|g" "$CONFIG_FILE"
sed -i "s|\${R2_BUCKET_NAME}|${R2_BUCKET_NAME}|g" "$CONFIG_FILE"
sed -i "s|\${LINUXDO_CLIENT_ID}|${LINUXDO_CLIENT_ID}|g" "$CONFIG_FILE"
sed -i "s|\${LINUXDO_CLIENT_SECRET}|${LINUXDO_CLIENT_SECRET}|g" "$CONFIG_FILE"
sed -i "s|\${LINUXDO_CALLBACK_URL}|${LINUXDO_CALLBACK_URL}|g" "$CONFIG_FILE"
sed -i "s|\${LINUXDO_SWITCH}|${LINUXDO_SWITCH}|g" "$CONFIG_FILE"
echo "✅ Worker Secrets setup completed."
echo "✅ Environment setup completed."
- name: 🚀 开始部署 - Start deployment
- name: ⚡ 设置KV数据库 / Set up KV database
working-directory: ./mail-worker
run: |
CONFIG_FILE="wrangler-action.toml"
if [ -n "$KV_NAMESPACE_ID" ]; then
sed -i "s|\${KV_NAMESPACE_ID}|${KV_NAMESPACE_ID}|g" "$CONFIG_FILE"
echo "✅ Using the database from environment variables."
exit 0
fi
echo "🔍 Checking if the database exists..."
KV_LIST=$(pnpm wrangler kv namespace list)
if echo "$KV_LIST" | jq -e ".[] | select(.title == \"$NAME\")" > /dev/null; then
echo "✅ Database $NAME already exists."
KV_ID=$(echo "$KV_LIST" | jq -r ".[] | select(.title == \"$NAME\") | .id")
echo "KV_NAMESPACE_ID: $KV_ID"
else
echo "⚠️ Database $NAME does not exist. Starting creation..."
pnpm wrangler kv namespace create $NAME
KV_LIST=$(pnpm wrangler kv namespace list)
KV_ID=$(echo "$KV_LIST" | jq -r ".[] | select(.title == \"$NAME\") | .id")
fi
sed -i "s|\${KV_NAMESPACE_ID}|$KV_ID|g" "$CONFIG_FILE"
echo "✅ Setup completed."
- name: 🐬 设置D1数据库 / Set up D1 database
working-directory: ./mail-worker
run: |
CONFIG_FILE="wrangler-action.toml"
if [ -n "$D1_DATABASE_ID" ]; then
sed -i "s|\${D1_DATABASE_ID}|${D1_DATABASE_ID}|g" "$CONFIG_FILE"
echo "✅ Using the database from environment variables."
exit 0
fi
echo "🔍 Checking if the database exists..."
DB_LIST=$(pnpm wrangler d1 list --json)
if echo "$DB_LIST" | jq -e ".[] | select(.name == \"$NAME\")" > /dev/null; then
echo "✅ Database $NAME already exists."
D1_ID=$(echo "$DB_LIST" | jq -r ".[] | select(.name == \"$NAME\") | .uuid")
echo "D1_DATABASE_ID: $D1_ID"
else
echo "⚠️ Database $NAME does not exist. Starting creation..."
pnpm wrangler d1 create $NAME
DB_LIST=$(pnpm wrangler d1 list --json)
D1_ID=$(echo "$DB_LIST" | jq -r ".[] | select(.name == \"$NAME\") | .uuid")
fi
sed -i "s|\${D1_DATABASE_ID}|$D1_ID|g" "$CONFIG_FILE"
echo "✅ Setup completed."
- name: 🚀 开始部署 / Start deployment
id: deploy
working-directory: ./mail-worker
run: |
echo "🚀 Starting deployment..."
npx wrangler deploy -c wrangler-action.toml | tee deploy.log | grep -v "https://.*\.workers\.dev" | sed 's/env\.domain (.*)/env.domain (***)/'
WORKER_URL=$(grep -o "https://.*\.workers\.dev" deploy.log)
pnpm wrangler deploy -c wrangler-action.toml | tee deploy.log | grep -v "https://.*\.workers\.dev" || true
WORKER_URL=$(grep -o "https://.*\.workers\.dev" deploy.log || echo "")
echo "::add-mask::$WORKER_URL"
echo "worker_url=$WORKER_URL" >> $GITHUB_OUTPUT
echo "✅ Deployment completed."
echo "✅ Setup completed."
- name: 🗄 初始化数据库 - Initialize database
- name: 初始化数据库 / Initialize database
run: |
echo "⏳ Waiting 15s before checking initialization status..."
echo "🛠️ Starting database initialization..."
sleep 15
HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt "${{ steps.deploy.outputs.worker_url }}/api/init/${JWT_SECRET}")
RESPONSE_BODY=$(cat response.txt)
WORKER_URL="${CUSTOM_DOMAIN:-${{ steps.deploy.outputs.worker_url }}}"
echo "🔎 Checking response... (Status: $HTTP_CODE)"
if [ "$HTTP_CODE" = "200" ] && [ "$RESPONSE_BODY" = "初始化成功" -o "$RESPONSE_BODY" = "Successfully initialized" ]; then
echo "✅ Database initialization completed."
elif [ "$HTTP_CODE" = "200" ]; then
echo "❌ Database initialization error: $RESPONSE_BODY"
if [ -z "$WORKER_URL" ]; then
echo "❌ No URL available."
exit 1
fi
HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt "$WORKER_URL/api/init/${JWT_SECRET}")
RESPONSE_BODY=$(cat response.txt)
if [ "$RESPONSE_BODY" = "success" ]; then
echo "✅ Setup completed."
else
echo "❌ Database initialization check failed with HTTP status: $HTTP_CODE. response: $RESPONSE_BODY"
echo "❌ Failed. HTTP: $HTTP_CODE, Response: $RESPONSE_BODY"
exit 1
fi
- name: Delete workflow runs
- name: 📮 设置邮件接收 / Set up email receiving
run: |
echo "🛠️ Starting email receiving setup..."
WORKER_URL="${CUSTOM_DOMAIN:-${{ steps.deploy.outputs.worker_url }}}"
HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt \
-X POST \
-H "Content-Type: application/json" \
-d "{\"domainList\": $DOMAIN,\"accountId\":\"$CLOUDFLARE_ACCOUNT_ID\",\"token\":\"$CLOUDFLARE_API_TOKEN\",\"workerName\":\"$NAME\"}" \
"$WORKER_URL/api/initForward")
RESPONSE_BODY=$(cat response.txt)
if [ "$RESPONSE_BODY" = "success" ]; then
echo "✅ Setup completed."
else
echo "::error:: Email receiving setup failed."
echo "HTTP status: $HTTP_CODE. Response:"
echo "$RESPONSE_BODY" | jq . 2>/dev/null || echo "$RESPONSE_BODY"
exit 0
fi
- name: 🗑️ 删除运行记录 / Delete workflow runs
uses: GitRML/delete-workflow-runs@main
continue-on-error: true
with:
retain_days: '3'
keep_minimum_runs: '0'
retain_days: '1'
keep_minimum_runs: '0'

9
mail-worker/src/api/init-api.js
View File

@@ -1,6 +1,11 @@
import app from '../hono/hono';
import initService from '../init/init';
import { dbInit } from '../init/init';
import { initForward } from "../init/forward";
app.get('/init/:secret', (c) => {
return initService.init(c);
return dbInit.init(c);
})
app.post('/initForward', async (c) => {
return initForward(c, await c.req.json());
})

2
mail-worker/src/i18n/en.js
View File

@@ -55,12 +55,10 @@ const en = {
authExpired: 'Authentication has expired. Please sign in again',
unauthorized: 'Unauthorized',
bannedSend: 'You do not have permission to send emails',
initSuccess: 'Successfully initialized',
noDomainPermAdd: "No permission to add this domain email",
noDomainPermReg: "No permission to register this domain email",
noDomainPermRegKey: "Registration code not valid for this domain",
noDomainPermSend: "No permission to send from this domain email",
JWTMismatch: 'JWT secret mismatch',
publicTokenFail: 'Token validation failed',
notAdmin: 'The entered email is not an administrator email',
emailExistDatabase: 'Email already exists in the database',

2
mail-worker/src/i18n/zh.js
View File

@@ -55,12 +55,10 @@ const zh = {
authExpired: '身份认证失效,请重新登录',
unauthorized: '权限不足',
bannedSend: '你没有发送邮件权限',
initSuccess: '初始化成功',
noDomainPermAdd: '你没有权限添加该域名邮箱',
noDomainPermReg: '你没有权限注册该域名邮箱',
noDomainPermRegKey: '你的注册码没有权限注册该域名邮箱',
noDomainPermSend: '你没有权限使用该域名邮箱发送邮件',
JWTMismatch: 'jwt_secret 不匹配',
publicTokenFail: 'token验证失败',
notAdmin: '输入的邮箱不是管理员邮箱',
emailExistDatabase: '有邮箱已存在数据库中',

124
mail-worker/src/init/forward.js Normal file
View File

@@ -0,0 +1,124 @@
export async function initForward(c, params) {
const { workerName, domainList, token } = params;
let headers = {
Authorization: `Bearer ${token}`
};
let mainList = [];
const childList = [];
//查询DOMAIN变量对应域名
for (let domain of domainList) {
// 提取一级域名(主域名 + 顶级域名)
const parts = domain.split('.');
let paramDomain = domain
if (parts.length > 2) {
paramDomain = parts.slice(-2).join('.');
}
//结尾匹配查询域名
const res = await fetch(`https://api.cloudflare.com/client/v4/zones?name=ends_with:${paramDomain}`, {
method: 'GET',
headers
});
const body = await res.json();
if(!res.ok) {
return c.json(body);
}
const { result } = body;
result.forEach(item => {
if (domain === item.name) {
mainList.push({ domain: item.name, domainId: item.id });
} else if (domain.includes(item.name)) {
mainList.push({ domain: item.name, domainId: item.id });
childList.push({ domain, domainId: item.id });
}
})
}
mainList = [...new Set(mainList)];
if (mainList.length === 0) {
return c.text('Domain does not exist.');
}
//开启主域名电子邮件路由
for (const { domainId } of mainList) {
const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/enable`, {
method: 'POST',
headers
});
const body = await res.json();
if(!res.ok) {
return c.json(body);
}
}
//开启catch_all转发到worker
for (const { domainId } of mainList) {
const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/rules/catch_all`, {
method: 'PUT',
headers,
body: JSON.stringify({
actions: [
{
type: "worker",
value: [workerName]
}
],
matchers: [
{
type: "all"
}
],
enabled: true
})
});
const body = await res.json();
if(!res.ok) {
return c.json(body);
}
}
//开启子域名电子邮件路由
for (const { domain, domainId } of childList) {
const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/enable`, {
method: 'POST',
headers,
body: JSON.stringify({
name: domain
})
});
const body = await res.json();
if(!res.ok) {
return c.json(body);
}
}
return c.text('success');
}

9
mail-worker/src/init/init.js
View File

@@ -1,15 +1,14 @@
import settingService from '../service/setting-service';
import emailUtils from '../utils/email-utils';
import {emailConst} from "../const/entity-const";
import { t } from '../i18n/i18n'
const init = {
const dbInit = {
async init(c) {
const secret = c.req.param('secret');
if (secret !== c.env.jwt_secret) {
return c.text(t('JWTMismatch'));
return c.text('❌ JWT secret mismatch');
}
await this.intDB(c);
@@ -28,7 +27,7 @@ const init = {
await this.v2_6DB(c);
await this.v2_7DB(c);
await settingService.refresh(c);
return c.text(t('initSuccess'));
return c.text('success');
},
async v2_7DB(c) {
@@ -621,4 +620,4 @@ const init = {
await c.env.db.batch(queryList);
}
};
export default init;
export { dbInit };

7
mail-worker/wrangler-action.toml
View File

@@ -1,11 +1,14 @@
name = "cloud-mail"
name = "${NAME}"
main = "src/index.js"
compatibility_date = "2025-06-04"
workers_dev = true
[observability]
enabled = true
[[routes]]
pattern = "${CUSTOM_DOMAIN}"
custom_domain = true
[[d1_databases]]
binding = "db"
database_name = "cloud-mail" # 数据库的名称