eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
29306008e44a8829c9dbbebc4da10238beab9a02
worldmonitor/scripts/lib/resend-from.cjs
Elie Habib 29306008e4 fix(email): route Intelligence Brief off the alerts@ mailbox (#3321) 
* fix(email): route Intelligence Brief off the alerts@ mailbox

The daily "WorldMonitor Intelligence Brief" email was shipping from
`alerts@worldmonitor.app` with a display name that — if the Railway env
override dropped the `Name <…>` wrapper — Gmail/Outlook fell back to
rendering the local-part ("alerts" / "alert") as the sender name.
Recipients saw a scary-looking "alert" in their inbox for what is
actually a curated editorial read.

Split the sender so editorial mail can't share the `alerts@` mailbox
with incident pushes:

- New env var `RESEND_FROM_BRIEF` (default `WorldMonitor Brief
  <brief@worldmonitor.app>`) consumed by seed-digest-notifications.mjs.
- Falls back to `RESEND_FROM_EMAIL`, then to the built-in default, so
  existing deploys keep working and the rollout is a single Railway
  env flip on the digest service.
- notification-relay.cjs (realtime push alerts) intentionally keeps
  `RESEND_FROM_EMAIL` / `alerts@` — accurate for that path.
- .env.example documents the display-name rule so the bare-address
  trap can't re-introduce the bug.

Rollout: set `RESEND_FROM_BRIEF=WorldMonitor Brief <brief@worldmonitor.app>`
on the `seed-digest-notifications` Railway service. Domain-level Resend
verification already covers the new local-part; no DNS change needed.

* fix(email): runtime normalize sender to prevent bare-address regression

PR review feedback from codex:

  > P2 — RESEND_FROM_BRIEF is consumed verbatim, so an operator can
  > still set brief@worldmonitor.app without a display name and
  > recreate the same Gmail/Outlook rendering bug for the daily brief.
  > Today that protection is only documentation in .env.example, not
  > runtime enforcement.

Add a small shared helper `scripts/lib/resend-from.cjs` that coerces a
bare email address into a "Name <addr>" wrapper with a loud warning
log, and wire it into the digest path.

- Bare-address input (e.g. `brief@worldmonitor.app`) is rewritten to
  `WorldMonitor Brief <brief@worldmonitor.app>` so Gmail/Outlook stop
  falling back to the local-part as the display name.
- Coercion emits a single `console.warn` line per boot so operators
  see the signal in Railway logs and can fix the underlying env.
- Fail-safe (not fail-closed) — a misconfigured env does NOT take the
  cron down.

Also resolves the P3 doc-vs-runtime divergence by reverting
.env.example's RESEND_FROM_EMAIL default from "WorldMonitor Alerts
<...>" back to "WorldMonitor <...>" to match the existing
notification-relay.cjs runtime default. The realtime-alert path will
get the same normalizer treatment in a follow-up PR that cohesively
touches notification-relay.cjs + Dockerfile.relay.

tests: 7 new cases in tests/resend-sender-normalize.test.mjs covering
empty/null/whitespace input, wrapped passthrough, trim, bare-address
coercion, warning emission, no-warning on wrapped, console.warn default
sink. Runs under `npm run test:data`.
2026-04-23 08:51:27 +04:00

33 lines
1.5 KiB
JavaScript
Raw Blame History

'use strict';
/**
* Coerce a Resend `from:` value into a form that renders a friendly
* display name in Gmail / Outlook / Apple Mail. When the value is a
* bare email address (no "Name <addr@domain>" wrapper), clients fall
* back to the local-part as the sender name — so `alerts@worldmonitor.app`
* shows up as "alerts" in the inbox, which reads like an incident
* alarm when the mail is actually a curated editorial brief.
*
* We coerce (rather than fail-closed) so a misconfigured Railway env
* does NOT take the cron down; the coercion emits a loud warning so
* operators can see and fix the misconfiguration in logs.
*
* @param {string | null | undefined} raw - env value (possibly empty).
* @param {string} defaultDisplayName - friendly name to wrap bare addresses with.
* @param {(msg: string) => void} [warn] - warning sink (default: console.warn).
* @returns {string | null} normalized sender, or null when raw is empty.
*/
function normalizeResendSender(raw, defaultDisplayName, warn) {
const warnFn = typeof warn === 'function' ? warn : (m) => console.warn(m);
const value = typeof raw === 'string' ? raw.trim() : '';
if (!value) return null;
if (value.includes('<') && value.includes('>')) return value;
warnFn(
`[resend] sender "${value}" lacks display name — coercing to "${defaultDisplayName} <${value}>". ` +
`Set the env var in "Name <addr@domain>" form to silence this.`,
);
return `${defaultDisplayName} <${value}>`;
}
module.exports = { normalizeResendSender };
Reference in New Issue View Git Blame Copy Permalink