security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00
parent 1dc99eb681
commit a0105956e4
35 changed files with 4928 additions and 0 deletions
--- a/web/src/views/email_rules.ejs
+++ b/web/src/views/email_rules.ejs
@@ -0,0 +1,110 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Mastermind — Email Rules</title>
+  <style>
+    body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Arial,sans-serif;margin:0;background:#0b0f14;color:#e8eef7}
+    header{background:#111824;border-bottom:1px solid #233043;padding:14px 16px;position:sticky;top:0}
+    main{max-width:1200px;margin:0 auto;padding:16px}
+    .card{background:#111824;border:1px solid #233043;border-radius:12px;padding:14px;margin:12px 0}
+    a{color:#7cc4ff;text-decoration:none}
+    .muted{color:#a9b7c6}
+    input,select{padding:12px;border-radius:10px;border:1px solid #233043;background:#0e1520;color:#e8eef7;width:100%}
+    button{padding:12px 14px;border-radius:10px;border:1px solid #233043;background:#1c2a3d;color:#e8eef7}
+    table{width:100%;border-collapse:collapse}
+    th,td{border-bottom:1px solid #233043;padding:10px 6px;text-align:left;color:#a9b7c6;font-size:13px;vertical-align:top}
+    th{color:#e8eef7}
+    .grid{display:grid;grid-template-columns:repeat(12,1fr);gap:12px}
+    .col4{grid-column:span 12}
+    @media(min-width:900px){.col4{grid-column:span 4}}
+  </style>
+</head>
+<body>
+<header>
+  <div style="display:flex;justify-content:space-between;align-items:center;gap:10px">
+    <div style="font-weight:700">Email Rules</div>
+    <div style="display:flex;gap:10px">
+      <a href="/admin/email">Email Accounts</a>
+      <a href="/">Dashboard</a>
+      <a href="/logout">Logout</a>
+    </div>
+  </div>
+</header>
+
+<main>
+  <div class="card">
+    <h2 style="margin:0 0 8px">Create rule</h2>
+    <form method="post" action="/admin/email-rules/create" class="grid">
+      <div class="col4">
+        <label class="muted">Project</label>
+        <select name="projectId" required>
+          <% projects.forEach(p => { %>
+            <option value="<%= p.id %>"><%= p.name %> (<%= p.job_number || '—' %>)</option>
+          <% }) %>
+        </select>
+      </div>
+      <div class="col4">
+        <label class="muted">Match type</label>
+        <select name="matchType">
+          <option value="from_domain">From domain</option>
+          <option value="from_contains">From contains</option>
+          <option value="subject_contains">Subject contains</option>
+          <option value="body_contains">Body contains</option>
+          <option value="thread_key">Thread key</option>
+        </select>
+      </div>
+      <div class="col4">
+        <label class="muted">Match value</label>
+        <input name="matchValue" placeholder="@gc.com or 0222600001 or project name" required />
+      </div>
+      <div class="col4">
+        <label class="muted">Priority (lower = earlier)</label>
+        <input name="priority" value="100" />
+      </div>
+      <div style="grid-column:span 12">
+        <button type="submit">Add rule</button>
+      </div>
+    </form>
+  </div>
+
+  <div class="card">
+    <h2 style="margin:0 0 8px">Rules</h2>
+    <div style="overflow:auto">
+      <table>
+        <thead>
+          <tr>
+            <th>Enabled</th>
+            <th>Priority</th>
+            <th>Project</th>
+            <th>Type</th>
+            <th>Value</th>
+            <th></th>
+          </tr>
+        </thead>
+        <tbody>
+          <% rules.forEach(r => { %>
+            <tr>
+              <td><%= r.enabled ? 'yes' : 'no' %></td>
+              <td><%= r.priority %></td>
+              <td><%= r.project_name %></td>
+              <td><%= r.match_type %></td>
+              <td><%= r.match_value %></td>
+              <td>
+                <form method="post" action="/admin/email-rules/<%= r.id %>/toggle" style="display:inline">
+                  <button type="submit"><%= r.enabled ? 'Disable' : 'Enable' %></button>
+                </form>
+                <form method="post" action="/admin/email-rules/<%= r.id %>/delete" onsubmit="return confirm('Delete rule?');" style="display:inline">
+                  <button type="submit" style="background:#2b1216;border-color:#5a1e28">Delete</button>
+                </form>
+              </td>
+            </tr>
+          <% }) %>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</main>
+</body>
+</html>