admin/podcastdistributiona
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Comprehensive admin + user dashboards (production-ready)

Browse Source
This commit is contained in:
Leon Serfaty
2026-06-07 17:54:30 -04:00
parent 155507f21a
commit f033f00379
122 changed files with 7878 additions and 805 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/email/index.ts
+30 -3
View File
@@ -23,15 +23,42 @@ export async function sendEmail({ to, subject, html, text }: SendEmailInput): Pr
if (error) throw new Error(`Resend error: ${error.message}`);
}
/** Minimal branded wrapper so transactional emails share a consistent look. */
/** Escape text for safe interpolation into HTML/attribute contexts. */
function escapeHtml(value: string): string {
return value
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;");
}
/** Allow only http/https/mailto URLs; fall back to "#" for anything else (e.g. javascript:). */
function safeUrl(url: string): string {
try {
const scheme = new URL(url).protocol;
if (scheme === "http:" || scheme === "https:" || scheme === "mailto:") return url;
} catch {
// Not a parseable absolute URL — reject.
}
return "#";
}
/**
* Minimal branded wrapper so transactional emails share a consistent look.
*
* NOTE: `body` is interpolated as TRUSTED raw HTML and is intentionally NOT escaped.
* Callers must only ever pass static, trusted markup — never user-supplied input.
* `title` and `cta.label`/`cta.url` are escaped/validated for defense in depth.
*/
export function emailLayout(title: string, body: string, cta?: { label: string; url: string }) {
const button = cta
? `<a href="${cta.url}" style="display:inline-block;background:#7c3aed;color:#fff;text-decoration:none;padding:12px 20px;border-radius:8px;font-weight:600;margin-top:16px">${cta.label}</a>`
? `<a href="${escapeHtml(safeUrl(cta.url))}" style="display:inline-block;background:#7c3aed;color:#fff;text-decoration:none;padding:12px 20px;border-radius:8px;font-weight:600;margin-top:16px">${escapeHtml(cta.label)}</a>`
: "";
return `
<div style="font-family:Inter,Arial,sans-serif;max-width:480px;margin:0 auto;padding:24px;color:#0a0a0a">
<h1 style="font-size:20px;margin:0 0 12px">🎙️ PodcastYes</h1>
<h2 style="font-size:18px;margin:0 0 12px">${title}</h2>
<h2 style="font-size:18px;margin:0 0 12px">${escapeHtml(title)}</h2>
<div style="font-size:14px;line-height:1.6;color:#404040">${body}</div>
${button}
<p style="font-size:12px;color:#a3a3a3;margin-top:32px">If you didn't request this, you can ignore this email.</p>