diff --git a/.github/workflows/deploy-cloudflare.yml b/.github/workflows/deploy-cloudflare.yml index ebe3b54..5a6fa34 100644 --- a/.github/workflows/deploy-cloudflare.yml +++ b/.github/workflows/deploy-cloudflare.yml @@ -14,56 +14,54 @@ jobs: runs-on: ubuntu-latest env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - D1_DATABASE_ID: ${{ secrets.D1_DATABASE_ID }} - KV_NAMESPACE_ID: ${{ secrets.KV_NAMESPACE_ID }} - R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME }} - DOMAIN: ${{ secrets.DOMAIN }} - ADMIN: ${{ secrets.ADMIN }} - JWT_SECRET: ${{ secrets.JWT_SECRET }} - LINUXDO_CLIENT_ID: ${{ secrets.LINUXDO_CLIENT_ID }} - LINUXDO_CLIENT_SECRET: ${{ secrets.LINUXDO_CLIENT_SECRET }} - LINUXDO_CALLBACK_URL: ${{ secrets.LINUXDO_CALLBACK_URL }} - LINUXDO_SWITCH: ${{ secrets.LINUXDO_SWITCH }} + NAME: ${{ secrets.NAME || vars.NAME || 'cloud-mail' }} + CUSTOM_DOMAIN: ${{ secrets.CUSTOM_DOMAIN || vars.CUSTOM_DOMAIN }} + DOMAIN: ${{ secrets.DOMAIN || vars.DOMAIN }} + ADMIN: ${{ secrets.ADMIN || vars.ADMIN }} + JWT_SECRET: ${{ secrets.JWT_SECRET || vars.JWT_SECRET }} + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN || vars.CLOUDFLARE_API_TOKEN }} + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID || vars.CLOUDFLARE_ACCOUNT_ID }} + D1_DATABASE_ID: ${{ secrets.D1_DATABASE_ID || vars.D1_DATABASE_ID }} + KV_NAMESPACE_ID: ${{ secrets.KV_NAMESPACE_ID || vars.KV_NAMESPACE_ID }} + R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME || vars.R2_BUCKET_NAME }} + LINUXDO_CLIENT_ID: ${{ secrets.LINUXDO_CLIENT_ID || vars.LINUXDO_CLIENT_ID }} + LINUXDO_CLIENT_SECRET: ${{ secrets.LINUXDO_CLIENT_SECRET || vars.LINUXDO_CLIENT_SECRET }} + LINUXDO_CALLBACK_URL: ${{ secrets.LINUXDO_CALLBACK_URL || vars.LINUXDO_CALLBACK_URL }} + LINUXDO_SWITCH: ${{ secrets.LINUXDO_SWITCH || vars.LINUXDO_SWITCH }} outputs: worker_url: ${{ steps.deploy.outputs.worker_url }} + steps: - - name: ➡️ 检出代码仓库 - Checkout repository + - name: 🚚 检出代码仓库 / Checkout repository uses: actions/checkout@v4 - - name: 📦 设置 pnpm - Setup pnpm + - name: ⚙ 设置 pnpm / Set up pnpm uses: pnpm/action-setup@v4.1.0 with: version: latest - - name: 📦 设置 Node.js - Setup Node.js + - name: ⚙ 设置 Node.js / Set up Node.js uses: actions/setup-node@v4 with: node-version: "20" cache: "pnpm" cache-dependency-path: "./mail-worker/pnpm-lock.yaml" - - name: 📥 安装依赖 - Install dependencies + - name: 📦 安装依赖 / Install dependencies run: pnpm install --frozen-lockfile working-directory: ./mail-worker - - name: 📡 禁用 Wrangler 遥测 - Disable wrangler telemetry + - name: 📡 禁用 Wrangler 遥测 / Disable wrangler telemetry working-directory: ./mail-worker - run: npx wrangler telemetry disable + run: pnpm wrangler telemetry disable - - name: 🛠️ 设置环境 - Set secrets + - name: 🛠️ 设置环境 / Set up environment working-directory: ./mail-worker run: | - echo "🔐 Starting secrets setup..." - - if [ -z "$D1_DATABASE_ID" ] || [ -z "$KV_NAMESPACE_ID" ]; then - echo "❌ Required secrets (D1_DATABASE_ID or KV_NAMESPACE_ID) are not set." - exit 1 - fi + echo "🔐 Starting environment setup..." if [ -z "$JWT_SECRET" ] || grep -q '[?%#/\\]' <<< "$JWT_SECRET"; then echo "❌ JWT_SECRET is empty or contains invalid characters (?, %, #, /, \\)" @@ -84,55 +82,142 @@ jobs: if [ -z "$LINUXDO_CLIENT_ID" ] || [ -z "$LINUXDO_CLIENT_SECRET" ]; then sed -i '/^linuxdo_client_id = /,/^linuxdo_switch = /d' "$CONFIG_FILE" fi + + if [ -z "$CUSTOM_DOMAIN" ]; then + sed -i '/\[\[routes\]\]/,/^$/d' "$CONFIG_FILE" + fi - sed -i "s|\${D1_DATABASE_ID}|${D1_DATABASE_ID}|g" "$CONFIG_FILE" - sed -i "s|\${KV_NAMESPACE_ID}|${KV_NAMESPACE_ID}|g" "$CONFIG_FILE" - sed -i "s|\${R2_BUCKET_NAME}|${R2_BUCKET_NAME}|g" "$CONFIG_FILE" + sed -i "s|\${NAME}|${NAME}|g" "$CONFIG_FILE" + sed -i "s|\${CUSTOM_DOMAIN}|${CUSTOM_DOMAIN}|g" "$CONFIG_FILE" sed -i "s|\"\${DOMAIN}\"|${DOMAIN}|g" "$CONFIG_FILE" sed -i "s|\${ADMIN}|${ADMIN}|g" "$CONFIG_FILE" sed -i "s|\${JWT_SECRET}|${JWT_SECRET}|g" "$CONFIG_FILE" + sed -i "s|\${R2_BUCKET_NAME}|${R2_BUCKET_NAME}|g" "$CONFIG_FILE" sed -i "s|\${LINUXDO_CLIENT_ID}|${LINUXDO_CLIENT_ID}|g" "$CONFIG_FILE" sed -i "s|\${LINUXDO_CLIENT_SECRET}|${LINUXDO_CLIENT_SECRET}|g" "$CONFIG_FILE" sed -i "s|\${LINUXDO_CALLBACK_URL}|${LINUXDO_CALLBACK_URL}|g" "$CONFIG_FILE" sed -i "s|\${LINUXDO_SWITCH}|${LINUXDO_SWITCH}|g" "$CONFIG_FILE" - echo "✅ Worker Secrets setup completed." + echo "✅ Environment setup completed." - - name: 🚀 开始部署 - Start deployment + - name: ⚡ 设置KV数据库 / Set up KV database + working-directory: ./mail-worker + run: | + + CONFIG_FILE="wrangler-action.toml" + + if [ -n "$KV_NAMESPACE_ID" ]; then + sed -i "s|\${KV_NAMESPACE_ID}|${KV_NAMESPACE_ID}|g" "$CONFIG_FILE" + echo "✅ Using the database from environment variables." + exit 0 + fi + + echo "🔍 Checking if the database exists..." + KV_LIST=$(pnpm wrangler kv namespace list) + + if echo "$KV_LIST" | jq -e ".[] | select(.title == \"$NAME\")" > /dev/null; then + echo "✅ Database $NAME already exists." + KV_ID=$(echo "$KV_LIST" | jq -r ".[] | select(.title == \"$NAME\") | .id") + echo "KV_NAMESPACE_ID: $KV_ID" + else + echo "⚠️ Database $NAME does not exist. Starting creation..." + pnpm wrangler kv namespace create $NAME + KV_LIST=$(pnpm wrangler kv namespace list) + KV_ID=$(echo "$KV_LIST" | jq -r ".[] | select(.title == \"$NAME\") | .id") + fi + + sed -i "s|\${KV_NAMESPACE_ID}|$KV_ID|g" "$CONFIG_FILE" + echo "✅ Setup completed." + + - name: 🐬 设置D1数据库 / Set up D1 database + working-directory: ./mail-worker + run: | + + CONFIG_FILE="wrangler-action.toml" + + if [ -n "$D1_DATABASE_ID" ]; then + sed -i "s|\${D1_DATABASE_ID}|${D1_DATABASE_ID}|g" "$CONFIG_FILE" + echo "✅ Using the database from environment variables." + exit 0 + fi + + echo "🔍 Checking if the database exists..." + DB_LIST=$(pnpm wrangler d1 list --json) + + if echo "$DB_LIST" | jq -e ".[] | select(.name == \"$NAME\")" > /dev/null; then + echo "✅ Database $NAME already exists." + D1_ID=$(echo "$DB_LIST" | jq -r ".[] | select(.name == \"$NAME\") | .uuid") + echo "D1_DATABASE_ID: $D1_ID" + else + echo "⚠️ Database $NAME does not exist. Starting creation..." + pnpm wrangler d1 create $NAME + DB_LIST=$(pnpm wrangler d1 list --json) + D1_ID=$(echo "$DB_LIST" | jq -r ".[] | select(.name == \"$NAME\") | .uuid") + fi + + sed -i "s|\${D1_DATABASE_ID}|$D1_ID|g" "$CONFIG_FILE" + echo "✅ Setup completed." + + - name: 🚀 开始部署 / Start deployment id: deploy working-directory: ./mail-worker run: | echo "🚀 Starting deployment..." - npx wrangler deploy -c wrangler-action.toml | tee deploy.log | grep -v "https://.*\.workers\.dev" | sed 's/env\.domain (.*)/env.domain (***)/' - WORKER_URL=$(grep -o "https://.*\.workers\.dev" deploy.log) + pnpm wrangler deploy -c wrangler-action.toml | tee deploy.log | grep -v "https://.*\.workers\.dev" || true + WORKER_URL=$(grep -o "https://.*\.workers\.dev" deploy.log || echo "") echo "::add-mask::$WORKER_URL" echo "worker_url=$WORKER_URL" >> $GITHUB_OUTPUT - echo "✅ Deployment completed." + echo "✅ Setup completed." - - name: 🗄️ 初始化数据库 - Initialize database + - name: ♻️ 初始化数据库 / Initialize database run: | - - echo "⏳ Waiting 15s before checking initialization status..." + echo "🛠️ Starting database initialization..." sleep 15 - HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt "${{ steps.deploy.outputs.worker_url }}/api/init/${JWT_SECRET}") - RESPONSE_BODY=$(cat response.txt) + WORKER_URL="${CUSTOM_DOMAIN:-${{ steps.deploy.outputs.worker_url }}}" - echo "🔎 Checking response... (Status: $HTTP_CODE)" - - if [ "$HTTP_CODE" = "200" ] && [ "$RESPONSE_BODY" = "初始化成功" -o "$RESPONSE_BODY" = "Successfully initialized" ]; then - echo "✅ Database initialization completed." - elif [ "$HTTP_CODE" = "200" ]; then - echo "❌ Database initialization error: $RESPONSE_BODY" + if [ -z "$WORKER_URL" ]; then + echo "❌ No URL available." exit 1 + fi + + HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt "$WORKER_URL/api/init/${JWT_SECRET}") + RESPONSE_BODY=$(cat response.txt) + + if [ "$RESPONSE_BODY" = "success" ]; then + echo "✅ Setup completed." else - echo "❌ Database initialization check failed with HTTP status: $HTTP_CODE. response: $RESPONSE_BODY" + echo "❌ Failed. HTTP: $HTTP_CODE, Response: $RESPONSE_BODY" exit 1 fi - - name: Delete workflow runs + - name: 📮 设置邮件接收 / Set up email receiving + run: | + + echo "🛠️ Starting email receiving setup..." + + WORKER_URL="${CUSTOM_DOMAIN:-${{ steps.deploy.outputs.worker_url }}}" + + HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt \ + -X POST \ + -H "Content-Type: application/json" \ + -d "{\"domainList\": $DOMAIN,\"accountId\":\"$CLOUDFLARE_ACCOUNT_ID\",\"token\":\"$CLOUDFLARE_API_TOKEN\",\"workerName\":\"$NAME\"}" \ + "$WORKER_URL/api/initForward") + + RESPONSE_BODY=$(cat response.txt) + + if [ "$RESPONSE_BODY" = "success" ]; then + echo "✅ Setup completed." + else + echo "::error:: Email receiving setup failed." + echo "HTTP status: $HTTP_CODE. Response:" + echo "$RESPONSE_BODY" | jq . 2>/dev/null || echo "$RESPONSE_BODY" + exit 0 + fi + + - name: 🗑️ 删除运行记录 / Delete workflow runs uses: GitRML/delete-workflow-runs@main continue-on-error: true with: - retain_days: '3' - keep_minimum_runs: '0' \ No newline at end of file + retain_days: '1' + keep_minimum_runs: '0' diff --git a/mail-worker/src/api/init-api.js b/mail-worker/src/api/init-api.js index f55518b..a5cdb79 100644 --- a/mail-worker/src/api/init-api.js +++ b/mail-worker/src/api/init-api.js @@ -1,6 +1,11 @@ import app from '../hono/hono'; -import initService from '../init/init'; +import { dbInit } from '../init/init'; +import { initForward } from "../init/forward"; app.get('/init/:secret', (c) => { - return initService.init(c); + return dbInit.init(c); +}) + +app.post('/initForward', async (c) => { + return initForward(c, await c.req.json()); }) diff --git a/mail-worker/src/i18n/en.js b/mail-worker/src/i18n/en.js index 24b0d94..5ef624a 100644 --- a/mail-worker/src/i18n/en.js +++ b/mail-worker/src/i18n/en.js @@ -55,12 +55,10 @@ const en = { authExpired: 'Authentication has expired. Please sign in again', unauthorized: 'Unauthorized', bannedSend: 'You do not have permission to send emails', - initSuccess: 'Successfully initialized', noDomainPermAdd: "No permission to add this domain email", noDomainPermReg: "No permission to register this domain email", noDomainPermRegKey: "Registration code not valid for this domain", noDomainPermSend: "No permission to send from this domain email", - JWTMismatch: 'JWT secret mismatch', publicTokenFail: 'Token validation failed', notAdmin: 'The entered email is not an administrator email', emailExistDatabase: 'Email already exists in the database', diff --git a/mail-worker/src/i18n/zh.js b/mail-worker/src/i18n/zh.js index 9c3edcf..351415f 100644 --- a/mail-worker/src/i18n/zh.js +++ b/mail-worker/src/i18n/zh.js @@ -55,12 +55,10 @@ const zh = { authExpired: '身份认证失效,请重新登录', unauthorized: '权限不足', bannedSend: '你没有发送邮件权限', - initSuccess: '初始化成功', noDomainPermAdd: '你没有权限添加该域名邮箱', noDomainPermReg: '你没有权限注册该域名邮箱', noDomainPermRegKey: '你的注册码没有权限注册该域名邮箱', noDomainPermSend: '你没有权限使用该域名邮箱发送邮件', - JWTMismatch: 'jwt_secret 不匹配', publicTokenFail: 'token验证失败', notAdmin: '输入的邮箱不是管理员邮箱', emailExistDatabase: '有邮箱已存在数据库中', diff --git a/mail-worker/src/init/forward.js b/mail-worker/src/init/forward.js new file mode 100644 index 0000000..a0cd925 --- /dev/null +++ b/mail-worker/src/init/forward.js @@ -0,0 +1,124 @@ +export async function initForward(c, params) { + + const { workerName, domainList, token } = params; + + let headers = { + Authorization: `Bearer ${token}` + }; + + let mainList = []; + const childList = []; + + //查询DOMAIN变量对应域名 + for (let domain of domainList) { + + // 提取一级域名(主域名 + 顶级域名) + const parts = domain.split('.'); + + let paramDomain = domain + if (parts.length > 2) { + paramDomain = parts.slice(-2).join('.'); + } + + //结尾匹配查询域名 + const res = await fetch(`https://api.cloudflare.com/client/v4/zones?name=ends_with:${paramDomain}`, { + method: 'GET', + headers + }); + + const body = await res.json(); + + if(!res.ok) { + return c.json(body); + } + + const { result } = body; + + result.forEach(item => { + + if (domain === item.name) { + mainList.push({ domain: item.name, domainId: item.id }); + } else if (domain.includes(item.name)) { + mainList.push({ domain: item.name, domainId: item.id }); + childList.push({ domain, domainId: item.id }); + } + + }) + + } + + mainList = [...new Set(mainList)]; + + if (mainList.length === 0) { + return c.text('Domain does not exist.'); + } + + //开启主域名电子邮件路由 + for (const { domainId } of mainList) { + + const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/enable`, { + method: 'POST', + headers + }); + + const body = await res.json(); + + if(!res.ok) { + return c.json(body); + } + + } + + + //开启catch_all转发到worker + for (const { domainId } of mainList) { + + const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/rules/catch_all`, { + method: 'PUT', + headers, + body: JSON.stringify({ + actions: [ + { + type: "worker", + value: [workerName] + } + ], + matchers: [ + { + type: "all" + } + ], + enabled: true + }) + }); + + const body = await res.json(); + + if(!res.ok) { + return c.json(body); + } + + } + + //开启子域名电子邮件路由 + for (const { domain, domainId } of childList) { + + const res = await fetch(`https://api.cloudflare.com/client/v4/zones/${domainId}/email/routing/enable`, { + method: 'POST', + headers, + body: JSON.stringify({ + name: domain + }) + }); + + const body = await res.json(); + + if(!res.ok) { + return c.json(body); + } + + } + + return c.text('success'); + +} diff --git a/mail-worker/src/init/init.js b/mail-worker/src/init/init.js index c339662..6da53f4 100644 --- a/mail-worker/src/init/init.js +++ b/mail-worker/src/init/init.js @@ -1,15 +1,14 @@ import settingService from '../service/setting-service'; import emailUtils from '../utils/email-utils'; import {emailConst} from "../const/entity-const"; -import { t } from '../i18n/i18n' -const init = { +const dbInit = { async init(c) { const secret = c.req.param('secret'); if (secret !== c.env.jwt_secret) { - return c.text(t('JWTMismatch')); + return c.text('❌ JWT secret mismatch'); } await this.intDB(c); @@ -28,7 +27,7 @@ const init = { await this.v2_6DB(c); await this.v2_7DB(c); await settingService.refresh(c); - return c.text(t('initSuccess')); + return c.text('success'); }, async v2_7DB(c) { @@ -621,4 +620,4 @@ const init = { await c.env.db.batch(queryList); } }; -export default init; +export { dbInit }; diff --git a/mail-worker/wrangler-action.toml b/mail-worker/wrangler-action.toml index 81ee330..0245726 100644 --- a/mail-worker/wrangler-action.toml +++ b/mail-worker/wrangler-action.toml @@ -1,11 +1,14 @@ -name = "cloud-mail" +name = "${NAME}" main = "src/index.js" compatibility_date = "2025-06-04" -workers_dev = true [observability] enabled = true +[[routes]] +pattern = "${CUSTOM_DOMAIN}" +custom_domain = true + [[d1_databases]] binding = "db" database_name = "cloud-mail" # 数据库的名称