feat: email templates & SMTP

.env.example

@@ -15,6 +15,19 @@ INTERNAL_API_TOKEN=""  # used for authenticating internal API requests (gives ac
 CAPTCHA_SITEKEY=
 CAPTCHA_SECRET=
 
+EMAIL_SMTP_HOST=
+EMAIL_SMTP_PORT=
+EMAIL_SMTP_TLS=
+EMAIL_SMTP_USERNAME=
+EMAIL_SMTP_PASSWORD=
+EMAIL_FROM_NAME=
+EMAIL_FROM_ADDRESS=
+EMAIL_PLATFORM_NAME="Meower"
+EMAIL_PLATFORM_LOGO=""
+EMAIL_PLATFORM_BRAND="Meower Media"
+EMAIL_PLATFORM_FRONTEND="https://meower.org"
+EMAIL_PLATFORM_SUPPORT="[email protected]"
+
 GRPC_AUTH_ADDRESS="0.0.0.0:5000"
 GRPC_AUTH_TOKEN=
 

email_templates/_base.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+    <body>
+        <div style="width: 720px; margin-left: auto; margin-right: auto; color: black;">
+            <div style="width: max-content; margin-left: auto; margin-right: auto; padding-bottom: 25px;">
+                <img src="{{ env['EMAIL_PLATFORM_LOGO'] }}" alt="{{ env['EMAIL_PLATFORM_NAME'] }} Logo" />
+            </div>
+            <div style="display: flex; flex-direction: column; gap: 25px; background-color: #f2f2f2; padding: 20px; border-radius: 6px; border-top: 7px solid #f29e2e; font-family: Arial, Helvetica, sans-serif; box-shadow: 0 0 5px rgba(0,0,0,.1);">
+                <span style="font-size: 32px; font-weight: 600;">{{ subject }}</span>
+                <span>Hey {{ name }}!</span>
+                {% block body %}{% endblock %}
+
+                {# We include the platform brand in the _lockdown.html file as well #}
+                {# because doing extends seems to cut-off the rest of the file. #}
+                {% if include_lockdown %}
+                    {% extends "_lockdown.html" %}
+                {% else %}
+                    <span>- {{ env['EMAIL_PLATFORM_BRAND'] }}</span>
+                {% endif %}
+            </div>
+        </div>
+    </body>
+</html>

email_templates/_base.txt

@@ -0,0 +1,11 @@
+Hey {{ name }}!
+
+{% block body %}{% endblock %}
+
+{# We include the platform brand in the _lockdown.txt file as well #}
+{# because doing extends seems to cut-off the rest of the file. #}
+{% if include_lockdown %}
+{% extends "_lockdown.txt" %}
+{% else %}
+- {{ env['EMAIL_PLATFORM_BRAND'] }}
+{% endif %}

email_templates/_lockdown.html

@@ -0,0 +1,9 @@
+<span>If you didn't request this, please click the button below within the next 24 hours to revert this change and secure your account.</span>
+<a
+    href="{{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/lockdown#{{ token }}"
+    target="_blank"
+    style="padding: 12px; background-color: #f29e2e; border-radius: 6px; text-decoration: none; color: white; max-width: fit-content;"
+>
+    <b>This wasn't me!</b>
+</a>
+<span>- {{ env['EMAIL_PLATFORM_BRAND'] }}</span>

email_templates/_lockdown.txt

@@ -0,0 +1,3 @@
+If you didn't request this, please follow this link within the next 24 hours to revert this change and secure your account: {{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/lockdown#{{ token }}
+
+- {{ env['EMAIL_PLATFORM_BRAND'] }}

email_templates/email_changed.html

@@ -0,0 +1,4 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>The email on your {{ env['EMAIL_PLATFORM_NAME'] }} account was recently changed.</span>
+{% endblock %}

email_templates/email_changed.txt

@@ -0,0 +1,4 @@
+{% extends "_base.txt" %}
+{% block body %}
+The email on your {{ env['EMAIL_PLATFORM_NAME'] }} account was recently changed.
+{% endblock %}

email_templates/locked.html

@@ -0,0 +1,6 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>Your {{ env['EMAIL_PLATFORM_NAME'] }} account has been locked because we believe it may have been compromised. This can happen if your {{ env['EMAIL_PLATFORM_NAME'] }} password is weak, you used the same password on another website and that website was hacked, or you accidentally gave an access token to someone else.</span>
+    <span>You will be required to reset your password using this email address ({{ address }}) before logging back in to {{ env['EMAIL_PLATFORM_NAME'] }}.</span>
+    <span>If you have any questions, please reach out to <a href="mailto:{{ env['EMAIL_PLATFORM_SUPPORT'] }}" target="_blank" style="color: black;">{{ env['EMAIL_PLATFORM_SUPPORT'] }}</a>.</span>
+{% endblock %}

email_templates/locked.txt

@@ -0,0 +1,8 @@
+{% extends "_base.txt" %}
+{% block body %}
+Your {{ env['EMAIL_PLATFORM_NAME'] }} account has been locked because we believe it may have been compromised. This can happen if your {{ env['EMAIL_PLATFORM_NAME'] }} password is weak, you used the same password on another website and that website was hacked, or you accidentally gave an access token to someone else.
+
+You will be required to reset your password using this email address ({{ address }}) before logging back in to {{ env['EMAIL_PLATFORM_NAME'] }}.
+
+If you have any questions, please reach out to {{ env['EMAIL_PLATFORM_SUPPORT'] }}.
+{% endblock %}

email_templates/mfa_added.html

@@ -0,0 +1,4 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>A multi-factor authenticator was recently added to your {{ env['EMAIL_PLATFORM_NAME'] }} account.</span>
+{% endblock %}

email_templates/mfa_added.txt

@@ -0,0 +1,4 @@
+{% extends "_base.txt" %}
+{% block body %}
+A multi-factor authenticator was recently added to your {{ env['EMAIL_PLATFORM_NAME'] }} account.
+{% endblock %}

email_templates/mfa_removed.html

@@ -0,0 +1,4 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>A multi-factor authenticator was recently removed from your {{ env['EMAIL_PLATFORM_NAME'] }} account.</span>
+{% endblock %}

email_templates/mfa_removed.txt

@@ -0,0 +1,4 @@
+{% extends "_base.txt" %}
+{% block body %}
+A multi-factor authenticator was recently removed from your {{ env['EMAIL_PLATFORM_NAME'] }} account.
+{% endblock %}

email_templates/password_changed.html

@@ -0,0 +1,4 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>The password to your {{ env['EMAIL_PLATFORM_NAME'] }} account was recently changed.</span>
+{% endblock %}

email_templates/password_changed.txt

@@ -0,0 +1,4 @@
+{% extends "_base.txt" %}
+{% block body %}
+The password to your {{ env['EMAIL_PLATFORM_NAME'] }} account was recently changed.
+{% endblock %}

email_templates/recovery.html

@@ -0,0 +1,12 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>To reset your {{ env['EMAIL_PLATFORM_NAME'] }} account password, please click the button below.</span>
+    <span>If you didn't request this, please ignore this email, no further action is required.</span>
+    <a
+        href="{{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/recovery#{{ token }}"
+        target="_blank"
+        style="padding: 12px; background-color: #f29e2e; border-radius: 6px; text-decoration: none; color: white; max-width: fit-content;"
+    >
+        <b>Reset Password</b>
+    </a>
+{% endblock %}

email_templates/recovery.txt

@@ -0,0 +1,6 @@
+{% extends "_base.txt" %}
+{% block body %}
+To reset your {{ env['EMAIL_PLATFORM_NAME'] }} account password, please follow this link: {{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/recovery#{{ token }}
+
+If you didn't request this, please ignore this email, no further action is required.
+{% endblock %}

email_templates/verify.html

@@ -0,0 +1,12 @@
+{% extends "_base.html" %}
+{% block body %}
+    <span>To confirm adding your email address ({{ email }}) to your {{ env['EMAIL_PLATFORM_NAME'] }} account, please click the button below.</span>
+    <span>If you didn't request this, please ignore this email, no further action is required.</span>
+    <a
+        href="{{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/verify#{{ token }}"
+        target="_blank"
+        style="padding: 12px; background-color: #f29e2e; border-radius: 6px; text-decoration: none; color: white; max-width: fit-content;"
+    >
+        <b>Verify Email Address</b>
+    </a>
+{% endblock %}

email_templates/verify.txt

@@ -0,0 +1,6 @@
+{% extends "_base.txt" %}
+{% block body %}
+To confirm adding your email address ({{ email }}) to your {{ env['EMAIL_PLATFORM_NAME'] }} account, please follow this link: {{ env['EMAIL_PLATFORM_FRONTEND'] }}/emails/verify#{{ token }}
+
+If you didn't request this, please ignore this email, no further action is required.
+{% endblock %}

security.py

@@ -1,6 +1,9 @@
 from hashlib import sha256
 from typing import Optional
-import time, requests, os, uuid, secrets, bcrypt, msgpack
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+from email.utils import formataddr
+import time, requests, os, uuid, secrets, bcrypt, msgpack, jinja2, smtplib
 
 from database import db, rdb
 from utils import log
@@ -43,6 +46,10 @@
 TOKEN_BYTES = 64
 
 
+email_file_loader = jinja2.FileSystemLoader("email_templates")
+email_env = jinja2.Environment(loader=email_file_loader)
+
+
 class UserFlags:
     SYSTEM = 1
     DELETED = 2
@@ -536,3 +543,44 @@ def hash_password(password: str) -> str:
 
 def check_password_hash(password: str, hashed_password: str) -> bool:
     return bcrypt.checkpw(password.encode(), hashed_password.encode())
+
+
+def send_email(template: str, to_name: str, to_address: str, token: Optional[str] = ""):
+    txt_tmpl = email_env.get_template(f"{template}.txt")
+    html_tmpl = email_env.get_template(f"{template}.html")
+
+    message = MIMEMultipart("alternative")
+    message["From"] = formataddr((os.environ["EMAIL_FROM_NAME"], os.environ["EMAIL_FROM_ADDRESS"]))
+    message["To"] = formataddr((to_name, to_address))
+
+    match template:
+        case "verify":
+            message["Subject"] = "Verify your email address"
+        case "recovery":
+            message["Subject"] = "Reset your password"
+        case "email_changed":
+            message["Subject"] = "Your email has been changed"
+        case "password_changed":
+            message["Subject"] = "Your password has been changed"
+        case "mfa_added":
+            message["Subject"] = "Multi-factor authenticator added"
+        case "mfa_removed":
+            message["Subject"] = "Multi-factor authenticator removed"
+        case "locked":
+            message["Subject"] = "Your account has been locked"
+
+    data = {
+        "subject": message["Subject"],
+        "name": to_name,
+        "address": to_address,
+        "token": token,
+        "env": os.environ
+    }
+    message.attach(MIMEText(txt_tmpl.render(data), "plain"))
+    message.attach(MIMEText(html_tmpl.render(data), "html"))
+
+    with smtplib.SMTP(os.environ["EMAIL_SMTP_HOST"], int(os.environ["EMAIL_SMTP_PORT"])) as server:
+        if os.getenv("EMAIL_SMTP_TLS"):
+            server.starttls()
+        server.login(os.environ["EMAIL_SMTP_USERNAME"], os.environ["EMAIL_SMTP_PASSWORD"])
+        server.sendmail(os.environ["EMAIL_FROM_ADDRESS"], to_address, message.as_string())

test.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+    <body>
+        <div style="width: 720px; margin-left: auto; margin-right: auto; color: black;">
+            <div style="width: max-content; margin-left: auto; margin-right: auto; padding-bottom: 25px;">
+                <img src="" alt=" Logo" />
+            </div>
+            <div style="display: flex; flex-direction: column; gap: 25px; background-color: #f2f2f2; padding: 20px; border-radius: 6px; border-top: 7px solid #f29e2e; font-family: Arial, Helvetica, sans-serif; box-shadow: 0 0 5px rgba(0,0,0,.1);">
+                <span style="font-size: 32px; font-weight: 600;">Your email has been changed</span>
+                <span>Hey !</span>
+
+    <span>The email on your  account was recently changed.</span>
+
+
+
+
+
+                    <span>If you didn't request this, please click the button below within the next 24 hours to revert this change and secure your account.</span>
+<a
+    href="/emails/lockdown#"
+    target="_blank"
+    style="padding: 12px; background-color: #f29e2e; border-radius: 6px; text-decoration: none; color: white; max-width: fit-content;"
+>
+    <b>This wasn't me!</b>
+</a>
+<span>- Meower Media</span>