Refactor email transporter configuration in AuthService; update to support STARTTLS and TLS requirements based on environment variables, and adjust EMAIL_SECURE setting in production template for improved email security.

2025-10-19 13:28:03 +02:00
parent da2d913219
commit e55f20367d
2 changed files with 25 additions and 5 deletions
--- a/backend/src/services/AuthService.js
+++ b/backend/src/services/AuthService.js
@@ -22,16 +22,35 @@ class AuthService {
   */
  initializeEmailTransporter() {
    if (process.env.EMAIL_HOST && process.env.EMAIL_USER && process.env.EMAIL_PASSWORD) {
-      this.emailTransporter = nodemailer.createTransport({
+      const port = parseInt(process.env.EMAIL_PORT) || 587;
+      const secure = process.env.EMAIL_SECURE === 'true';
+      
+      // Port 587 = STARTTLS (secure: false)
+      // Port 465 = Direct SSL (secure: true)
+      const config = {
        host: process.env.EMAIL_HOST,
-        port: parseInt(process.env.EMAIL_PORT) || 587,
-        secure: process.env.EMAIL_SECURE === 'true',
+        port: port,
+        secure: secure, // true für Port 465, false für Port 587
        auth: {
          user: process.env.EMAIL_USER,
          pass: process.env.EMAIL_PASSWORD
        }
-      });
+      };
+      
+      // Für Port 587: STARTTLS aktivieren
+      if (port === 587 && !secure) {
+        config.requireTLS = process.env.EMAIL_REQUIRE_TLS !== 'false';
+        config.tls = {
+          rejectUnauthorized: process.env.NODE_ENV === 'production'
+        };
+      }
+      
+      this.emailTransporter = nodemailer.createTransport(config);
+      
      console.log('✅ Email-Transporter konfiguriert');
+      console.log('   SMTP:', process.env.EMAIL_HOST + ':' + port);
+      console.log('   Secure:', secure);
+      console.log('   STARTTLS:', port === 587 && !secure ? 'aktiviert' : 'deaktiviert');
    } else {
      console.warn('⚠️  Email-Konfiguration fehlt - Passwort-Reset-E-Mails können nicht versendet werden');
    }