From 34db3ae2a997498edaa70404807d0e770dad6edb Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Fri, 11 Nov 2022 19:03:08 +0100
Subject: [PATCH] fix: hide and disallow email recipients if disabled

---
 backend/src/email/email.service.ts            |  5 +-
 frontend/.env.example                         |  3 +-
 frontend/next.config.js                       |  3 +-
 .../upload/modals/showCreateUploadModal.tsx   | 55 ++++++++++---------
 4 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/backend/src/email/email.service.ts b/backend/src/email/email.service.ts
index cfbeab2..838f5be 100644
--- a/backend/src/email/email.service.ts
+++ b/backend/src/email/email.service.ts
@@ -1,4 +1,4 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, InternalServerErrorException } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import { User } from "@prisma/client";
 import * as nodemailer from "nodemailer";
@@ -19,6 +19,9 @@ export class EmailService {
   });
 
   async sendMail(recipientEmail: string, shareId: string, creator: User) {
+    if (this.config.get("EMAIL_RECIPIENTS_ENABLED") == "false")
+      throw new InternalServerErrorException("Email service disabled");
+
     const shareUrl = `${this.config.get("APP_URL")}/share/${shareId}`;
     const creatorIdentifier =
       creator.firstName && creator.lastName
diff --git a/frontend/.env.example b/frontend/.env.example
index 65ef8ee..8050237 100644
--- a/frontend/.env.example
+++ b/frontend/.env.example
@@ -1,4 +1,5 @@
 SHOW_HOME_PAGE=true
 ALLOW_REGISTRATION=true
 MAX_FILE_SIZE=1000000000
-ALLOW_UNAUTHENTICATED_SHARES=false
\ No newline at end of file
+ALLOW_UNAUTHENTICATED_SHARES=false
+EMAIL_RECIPIENTS_ENABLED=false
\ No newline at end of file
diff --git a/frontend/next.config.js b/frontend/next.config.js
index 9940531..d0c3fc5 100644
--- a/frontend/next.config.js
+++ b/frontend/next.config.js
@@ -5,7 +5,8 @@ const nextConfig = {
     ALLOW_REGISTRATION: process.env.ALLOW_REGISTRATION,
     SHOW_HOME_PAGE: process.env.SHOW_HOME_PAGE,
     MAX_FILE_SIZE: process.env.MAX_FILE_SIZE,
-    ALLOW_UNAUTHENTICATED_SHARES: process.env.ALLOW_UNAUTHENTICATED_SHARES
+    ALLOW_UNAUTHENTICATED_SHARES: process.env.ALLOW_UNAUTHENTICATED_SHARES,
+    EMAIL_RECIPIENTS_ENABLED: process.env.EMAIL_RECIPIENTS_ENABLED
   }
 }
 
diff --git a/frontend/src/components/upload/modals/showCreateUploadModal.tsx b/frontend/src/components/upload/modals/showCreateUploadModal.tsx
index cca6171..d660b4a 100644
--- a/frontend/src/components/upload/modals/showCreateUploadModal.tsx
+++ b/frontend/src/components/upload/modals/showCreateUploadModal.tsx
@@ -225,31 +225,36 @@ const CreateUploadModalBody = ({
             {ExpirationPreview({ form })}
           </Text>
           <Accordion>
-            <Accordion.Item value="recipients" sx={{ borderBottom: "none" }}>
-              <Accordion.Control>Email recipients</Accordion.Control>
-              <Accordion.Panel>
-                <MultiSelect
-                  data={form.values.recipients}
-                  placeholder="Enter email recipients"
-                  searchable
-                  {...form.getInputProps("recipients")}
-                  creatable
-                  getCreateLabel={(query) => `+ ${query}`}
-                  onCreate={(query) => {
-                    if (!query.match(/^\S+@\S+\.\S+$/)) {
-                      form.setFieldError("recipients", "Invalid email address");
-                    } else {
-                      form.setFieldError("recipients", null);
-                      form.setFieldValue("recipients", [
-                        ...form.values.recipients,
-                        query,
-                      ]);
-                      return query;
-                    }
-                  }}
-                />
-              </Accordion.Panel>
-            </Accordion.Item>
+            {publicRuntimeConfig.EMAIL_RECIPIENTS_ENABLED == "true" && (
+              <Accordion.Item value="recipients" sx={{ borderBottom: "none" }}>
+                <Accordion.Control>Email recipients</Accordion.Control>
+                <Accordion.Panel>
+                  <MultiSelect
+                    data={form.values.recipients}
+                    placeholder="Enter email recipients"
+                    searchable
+                    {...form.getInputProps("recipients")}
+                    creatable
+                    getCreateLabel={(query) => `+ ${query}`}
+                    onCreate={(query) => {
+                      if (!query.match(/^\S+@\S+\.\S+$/)) {
+                        form.setFieldError(
+                          "recipients",
+                          "Invalid email address"
+                        );
+                      } else {
+                        form.setFieldError("recipients", null);
+                        form.setFieldValue("recipients", [
+                          ...form.values.recipients,
+                          query,
+                        ]);
+                        return query;
+                      }
+                    }}
+                  />
+                </Accordion.Panel>
+              </Accordion.Item>
+            )}
             <Accordion.Item value="security" sx={{ borderBottom: "none" }}>
               <Accordion.Control>Security options</Accordion.Control>
               <Accordion.Panel>