From d5c19d021dcd8f1ad33b131caa3526c55e039641 Mon Sep 17 00:00:00 2001
From: Glenn de Haan <glenn@dehaan.cloud>
Date: Thu, 10 Oct 2024 19:36:07 +0200
Subject: [PATCH] Removed _locales.json implementation. Added language
 parameter to mail.js. Implemented regex check to translation.js. Added
 language dropdown to email component. Added languages.js

---
 locales/_locales.json         |  3 ---
 modules/mail.js               |  5 +++--
 modules/translation.js        | 12 ++++++------
 server.js                     |  4 +++-
 template/components/email.ejs | 10 ++++++++++
 utils/languages.js            |  7 +++++++
 6 files changed, 29 insertions(+), 12 deletions(-)
 delete mode 100644 locales/_locales.json
 create mode 100644 utils/languages.js

diff --git a/locales/_locales.json b/locales/_locales.json
deleted file mode 100644
index a259b5c..0000000
--- a/locales/_locales.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "en": "English"
-}
diff --git a/modules/mail.js b/modules/mail.js
index 379a339..7757637 100644
--- a/modules/mail.js
+++ b/modules/mail.js
@@ -44,12 +44,13 @@ module.exports = {
      *
      * @param to
      * @param voucher
+     * @param language
      * @return {Promise<unknown>}
      */
-    send: (to, voucher) => {
+    send: (to, voucher, language) => {
         return new Promise(async (resolve, reject) => {
             // Create new translator
-            const t = translation('email');
+            const t = translation('email', language);
 
             // Attempt to send mail via SMTP transport
             const result = await transport.sendMail({
diff --git a/modules/translation.js b/modules/translation.js
index c0bb1c5..9a65149 100644
--- a/modules/translation.js
+++ b/modules/translation.js
@@ -18,6 +18,12 @@ const variables = require('./variables');
  * @return {(function(key: string): (string))}
  */
 module.exports = (module, language = 'en', fallback = 'en') => {
+    // Prevent users from escaping the filesystem
+    if(!new RegExp(/^[a-zA-Z]*$/).test(language)) {
+        log.error(`[Translation] Detected path escalation! Forcing fallback and skipping user input...`);
+        language = fallback;
+    }
+
     // Check if translation file exists
     if(!fs.existsSync(`${__dirname}/../locales/${language}/${module}.json`)) {
         log.warn(`[Translation] Missing translation file: ${__dirname}/../locales/${language}/${module}.json`);
@@ -25,17 +31,11 @@ module.exports = (module, language = 'en', fallback = 'en') => {
         log.warn(`[Translation] Using fallback: ${__dirname}/../locales/${language}/${module}.json`);
     }
 
-    // Get locales mapping
-    const locales = JSON.parse(fs.readFileSync(`${__dirname}/../locales/_locales.json`, 'utf-8'));
     // Get translation file
     const translations = JSON.parse(fs.readFileSync(`${__dirname}/../locales/${language}/${module}.json`, 'utf-8'));
 
     // Return translate function
     return (key) => {
-        if(key === '_locales') {
-            return locales;
-        }
-
         // Check if key exists within translation file
         if(typeof translations[key] === 'undefined') {
             log.warn(`[Translation][${language}] Missing for key: ${key}`);
diff --git a/server.js b/server.js
index 476b7b5..c731b5c 100644
--- a/server.js
+++ b/server.js
@@ -35,6 +35,7 @@ const types = require('./utils/types');
 const time = require('./utils/time');
 const bytes = require('./utils/bytes');
 const status = require('./utils/status');
+const languages = require('./utils/languages');
 
 /**
  * Setup Express app
@@ -298,6 +299,7 @@ if(variables.serviceWeb) {
                 baseUrl: req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : '',
                 timeConvert: time,
                 bytesConvert: bytes,
+                languages,
                 voucher,
                 updated: cache.updated
             });
@@ -324,7 +326,7 @@ if(variables.serviceWeb) {
         });
 
         if(voucher) {
-            const emailResult = await mail.send(req.body.email, voucher).catch((e) => {
+            const emailResult = await mail.send(req.body.email, voucher, req.body.language).catch((e) => {
                 res.cookie('flashMessage', JSON.stringify({type: 'error', message: e}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
             });
 
diff --git a/template/components/email.ejs b/template/components/email.ejs
index fc2a49f..90a2575 100644
--- a/template/components/email.ejs
+++ b/template/components/email.ejs
@@ -24,6 +24,16 @@
                                                 <input type="email" id="email" name="email" required class="mt-2 block w-full rounded-md border-0 py-1.5 text-gray-900 dark:text-white dark:bg-white/5 ring-1 ring-inset ring-gray-300 dark:ring-white/10 focus:ring-2 focus:ring-sky-600 sm:text-sm sm:leading-6">
                                             </div>
                                         </div>
+                                        <div>
+                                            <label for="language" class="block text-sm font-medium leading-6 text-gray-900 dark:text-white">Language</label>
+                                            <div class="mt-2">
+                                                <select id="language" name="language" class="mt-2 block w-full rounded-md border-0 py-1.5 pl-3 pr-10 text-gray-900 dark:text-white dark:bg-white/5 ring-1 ring-inset ring-gray-300 dark:ring-white/10 focus:ring-2 focus:ring-sky-600 sm:text-sm sm:leading-6 [&_*]:text-black">
+                                                    <% Object.keys(languages).forEach((language) => { %>
+                                                        <option value="<%= language %>"><%= languages[language] %> (<%= language %>)</option>
+                                                    <% }); %>
+                                                </select>
+                                            </div>
+                                        </div>
                                     </div>
                                 </div>
                             </div>
diff --git a/utils/languages.js b/utils/languages.js
new file mode 100644
index 0000000..8405269
--- /dev/null
+++ b/utils/languages.js
@@ -0,0 +1,7 @@
+/**
+ * Exports all languages
+ */
+module.exports = {
+    en: 'English',
+    nl: 'Dutch'
+};