Oliver/librechat-balances
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
librechat-balances/services/email.js
DJP 81e18f8a73 Add email notifications with one-click approve/reject from email 
When a user submits a credit request, an email is sent to all
configured NOTIFY_TO recipients with approve buttons (5M, 10M, 20M),
a custom amount option, and a reject button. Each button is a
signed HMAC-SHA256 webhook URL that expires after WEBHOOK_TTL_HOURS.

Clicking approve from email processes the top-up identical to the
admin dashboard — balance update, history log, request status change.
Double-approval protection prevents the same link from being used
twice. Portal approval still works alongside email approval.

New dependencies: nodemailer
New files: services/email.js, routes/webhooks.js
Modified: server.js, routes/requests.js, .env.example

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 09:50:44 -04:00

135 lines
6.1 KiB
JavaScript
Raw Blame History

const crypto = require('crypto');
const nodemailer = require('nodemailer');
const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET || 'change-me-webhook-secret';
const WEBHOOK_BASE_URL = (process.env.WEBHOOK_BASE_URL || 'http://localhost:3002').replace(/\/$/, '');
const WEBHOOK_TTL_HOURS = parseInt(process.env.WEBHOOK_TTL_HOURS || '72');
const NOTIFY_TO = process.env.NOTIFY_TO || '';
function getTransporter() {
return nodemailer.createTransport({
host: process.env.SMTP_HOST || 'smtp.mailgun.org',
port: parseInt(process.env.SMTP_PORT || '587'),
secure: false,
auth: {
user: process.env.SMTP_USER,
pass: process.env.SMTP_PASS,
},
});
}
function generateToken(requestId, amount, expiresAt) {
const payload = `${requestId}|${amount}|${expiresAt}`;
return crypto.createHmac('sha256', WEBHOOK_SECRET).update(payload).digest('hex');
}
function verifyToken(requestId, amount, expires, token) {
if (Date.now() > parseInt(expires)) return false;
const expected = generateToken(requestId, amount, expires);
try {
return crypto.timingSafeEqual(Buffer.from(expected, 'hex'), Buffer.from(token, 'hex'));
} catch {
return false;
}
}
function buildWebhookUrl(path, requestId, amount, expiresAt) {
const token = generateToken(requestId, amount, expiresAt);
return `${WEBHOOK_BASE_URL}/api/webhooks/${path}/${requestId}?token=${token}&amount=${amount}&expires=${expiresAt}`;
}
function buildEmail(request) {
const expiresAt = Date.now() + (WEBHOOK_TTL_HOURS * 60 * 60 * 1000);
const expiryDate = new Date(expiresAt).toLocaleDateString('en-GB', {
day: '2-digit', month: 'short', year: 'numeric', hour: '2-digit', minute: '2-digit',
});
const presets = [
{ label: 'Approve 5M', amount: 5000000, color: '#4ade80' },
{ label: 'Approve 10M', amount: 10000000, color: '#4ade80' },
{ label: 'Approve 20M', amount: 20000000, color: '#4ade80' },
];
const approveButtons = presets.map(p => {
const url = buildWebhookUrl('approve', request.id, p.amount, expiresAt);
return `<a href="${url}" style="display:inline-block;padding:12px 24px;background:${p.color};color:#000;text-decoration:none;border-radius:8px;font-weight:700;font-size:14px;font-family:'Montserrat',Arial,sans-serif;margin:4px;">${p.label}</a>`;
}).join('\n ');
const customUrl = buildWebhookUrl('custom', request.id, 'custom', expiresAt);
const rejectUrl = buildWebhookUrl('reject', request.id, 'reject', expiresAt);
return `<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="margin:0;padding:0;background:#000;font-family:'Montserrat',Arial,sans-serif;">
<table width="100%" cellpadding="0" cellspacing="0" style="background:#000;padding:40px 20px;">
<tr>
<td align="center">
<table width="520" cellpadding="0" cellspacing="0" style="background:#111;border:1px solid rgba(255,196,7,0.15);border-radius:16px;overflow:hidden;">
<tr>
<td style="padding:32px 32px 0;text-align:center;">
<div style="display:inline-block;width:48px;height:48px;background:#FFC407;border-radius:12px;line-height:48px;font-size:24px;margin-bottom:16px;">💳</div>
<h1 style="color:#FFC407;font-size:22px;margin:0 0 8px;font-family:'Montserrat',Arial,sans-serif;">New Credit Request</h1>
</td>
</tr>
<tr>
<td style="padding:24px 32px;">
<table width="100%" cellpadding="0" cellspacing="0" style="background:rgba(20,20,20,0.8);border:1px solid rgba(255,196,7,0.1);border-radius:12px;">
<tr>
<td style="padding:20px;">
<p style="color:#94a3b8;font-size:12px;text-transform:uppercase;letter-spacing:0.5px;margin:0 0 4px;">Email</p>
<p style="color:#f8fafc;font-size:16px;font-weight:600;margin:0 0 16px;">${request.email}</p>
<p style="color:#94a3b8;font-size:12px;text-transform:uppercase;letter-spacing:0.5px;margin:0 0 4px;">OMG Job Number</p>
<p style="color:#f8fafc;font-size:16px;font-weight:600;margin:0;">${request.omgJobNumber}</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="padding:0 32px;text-align:center;">
<p style="color:#94a3b8;font-size:13px;margin:0 0 16px;">Choose an action:</p>
${approveButtons}
<br style="line-height:8px;">
<a href="${customUrl}" style="display:inline-block;padding:12px 24px;background:#FFC407;color:#000;text-decoration:none;border-radius:8px;font-weight:700;font-size:14px;font-family:'Montserrat',Arial,sans-serif;margin:4px;">Custom Amount</a>
<a href="${rejectUrl}" style="display:inline-block;padding:12px 24px;background:rgba(248,113,113,0.2);color:#f87171;text-decoration:none;border-radius:8px;font-weight:700;font-size:14px;font-family:'Montserrat',Arial,sans-serif;margin:4px;border:1px solid rgba(248,113,113,0.3);">Reject</a>
</td>
</tr>
<tr>
<td style="padding:24px 32px 32px;text-align:center;">
<p style="color:#64748b;font-size:11px;margin:0;">These links expire on ${expiryDate}</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>`;
}
async function sendApprovalEmail(request) {
if (!NOTIFY_TO) {
console.log('[email] NOTIFY_TO not configured, skipping email');
return;
}
if (!process.env.SMTP_USER || !process.env.SMTP_PASS) {
console.log('[email] SMTP credentials not configured, skipping email');
return;
}
const transporter = getTransporter();
const html = buildEmail(request);
const recipients = NOTIFY_TO.split(',').map(e => e.trim()).filter(Boolean);
await transporter.sendMail({
from: process.env.SMTP_FROM || process.env.SMTP_USER,
to: recipients.join(', '),
subject: `Credit Request: ${request.email}${request.omgJobNumber}`,
html,
});
console.log(`[email] Approval notification sent to ${recipients.join(', ')} for request ${request.id}`);
}
module.exports = { generateToken, verifyToken, sendApprovalEmail };
Reference in a new issue View git blame Copy permalink