diff --git a/backend/services/email/core/TemplateManager.js b/backend/services/email/core/TemplateManager.js index 7cd2421..f48048b 100644 --- a/backend/services/email/core/TemplateManager.js +++ b/backend/services/email/core/TemplateManager.js @@ -1,6 +1,7 @@ const fs = require("fs").promises; const path = require("path"); const logger = require("../../../utils/logger"); +const { escapeHtml } = require("./emailUtils"); /** * TemplateManager handles loading, caching, and rendering email templates @@ -10,6 +11,14 @@ const logger = require("../../../utils/logger"); * - Rendering templates with variable substitution * - Providing fallback templates when files can't be loaded */ +// Critical templates that must be preloaded at startup for auth flows +const CRITICAL_TEMPLATES = [ + "emailVerificationToUser", + "passwordResetToUser", + "passwordChangedToUser", + "personalInfoChangedToUser", +]; + class TemplateManager { constructor() { // Singleton pattern - return existing instance if already created @@ -17,15 +26,76 @@ class TemplateManager { return TemplateManager.instance; } - this.templates = new Map(); + this.templates = new Map(); // Cached template content + this.templateNames = new Set(); // Discovered template names this.initialized = false; this.initializationPromise = null; + this.templatesDir = path.join( + __dirname, + "..", + "..", + "..", + "templates", + "emails" + ); TemplateManager.instance = this; } /** - * Initialize the template manager by loading all email templates + * Discover all available templates by scanning the templates directory + * Only reads filenames, not content (for fast startup) + * @returns {Promise} + */ + async discoverTemplates() { + try { + const files = await fs.readdir(this.templatesDir); + for (const file of files) { + if (file.endsWith(".html")) { + this.templateNames.add(file.replace(".html", "")); + } + } + logger.info("Discovered email templates", { + count: this.templateNames.size, + }); + } catch (error) { + logger.error("Failed to discover email templates", { + templatesDir: this.templatesDir, + error, + }); + throw error; + } + } + + /** + * Load a single template from disk (lazy loading) + * @param {string} templateName - Name of the template (without .html extension) + * @returns {Promise} Template content + */ + async loadTemplate(templateName) { + // Return cached template if already loaded + if (this.templates.has(templateName)) { + return this.templates.get(templateName); + } + + const templatePath = path.join(this.templatesDir, `${templateName}.html`); + try { + const content = await fs.readFile(templatePath, "utf-8"); + this.templates.set(templateName, content); + logger.debug("Loaded template", { templateName }); + return content; + } catch (error) { + logger.error("Failed to load template", { + templateName, + templatePath, + error, + }); + throw error; + } + } + + /** + * Initialize the template manager by discovering templates and preloading critical ones * @returns {Promise} */ async initialize() { @@ -39,133 +109,35 @@ class TemplateManager { // Start initialization and store the promise this.initializationPromise = (async () => { - await this.loadEmailTemplates(); - this.initialized = true; - logger.info("Email Template Manager initialized successfully"); - })(); + // Discover all available templates (fast - only reads filenames) + await this.discoverTemplates(); - return this.initializationPromise; - } - - /** - * Load all email templates from disk into memory - * @returns {Promise} - */ - async loadEmailTemplates() { - const templatesDir = path.join( - __dirname, - "..", - "..", - "..", - "templates", - "emails" - ); - - // Critical templates that must load for the app to function - const criticalTemplates = [ - "emailVerificationToUser.html", - "passwordResetToUser.html", - "passwordChangedToUser.html", - "personalInfoChangedToUser.html", - ]; - - try { - const templateFiles = [ - "conditionCheckReminderToUser.html", - "rentalConfirmationToUser.html", - "emailVerificationToUser.html", - "passwordResetToUser.html", - "passwordChangedToUser.html", - "personalInfoChangedToUser.html", - "lateReturnToCS.html", - "damageReportToCS.html", - "lostItemToCS.html", - "rentalRequestToOwner.html", - "rentalRequestConfirmationToRenter.html", - "rentalCancellationConfirmationToUser.html", - "rentalCancellationNotificationToUser.html", - "rentalDeclinedToRenter.html", - "rentalApprovalConfirmationToOwner.html", - "rentalCompletionThankYouToRenter.html", - "rentalCompletionCongratsToOwner.html", - "payoutReceivedToOwner.html", - "firstListingCelebrationToOwner.html", - "itemDeletionToOwner.html", - "alphaInvitationToUser.html", - "feedbackConfirmationToUser.html", - "feedbackNotificationToAdmin.html", - "newMessageToUser.html", - "forumCommentToPostAuthor.html", - "forumReplyToCommentAuthor.html", - "forumAnswerAcceptedToCommentAuthor.html", - "forumThreadActivityToParticipant.html", - "forumPostClosed.html", - "forumItemRequestNotification.html", - "forumPostDeletionToAuthor.html", - "forumCommentDeletionToAuthor.html", - "paymentDeclinedToRenter.html", - "paymentMethodUpdatedToOwner.html", - "authenticationRequiredToRenter.html", - "payoutFailedToOwner.html", - "accountDisconnectedToOwner.html", - "payoutsDisabledToOwner.html", - "disputeAlertToAdmin.html", - "disputeLostAlertToAdmin.html", - "userBannedNotification.html", - ]; - - const failedTemplates = []; - - for (const templateFile of templateFiles) { - try { - const templatePath = path.join(templatesDir, templateFile); - const templateContent = await fs.readFile(templatePath, "utf-8"); - const templateName = path.basename(templateFile, ".html"); - this.templates.set(templateName, templateContent); - logger.debug("Loaded template", { templateName }); - } catch (error) { - logger.error("Failed to load template", { - templateFile, - templatePath: path.join(templatesDir, templateFile), - error, - }); - failedTemplates.push(templateFile); + // Preload critical templates for auth flows + const missingCritical = []; + for (const templateName of CRITICAL_TEMPLATES) { + if (!this.templateNames.has(templateName)) { + missingCritical.push(templateName); + } else { + await this.loadTemplate(templateName); } } - logger.info("Loaded email templates", { - loaded: this.templates.size, - total: templateFiles.length, - }); - - // Check if critical templates are missing - const missingCriticalTemplates = criticalTemplates.filter( - (template) => !this.templates.has(path.basename(template, ".html")) - ); - - if (missingCriticalTemplates.length > 0) { + if (missingCritical.length > 0) { const error = new Error( - `Critical email templates failed to load: ${missingCriticalTemplates.join( - ", " - )}` + `Critical email templates not found: ${missingCritical.join(", ")}` ); - error.missingTemplates = missingCriticalTemplates; + error.missingTemplates = missingCritical; throw error; } - // Warn if non-critical templates failed - if (failedTemplates.length > 0) { - logger.warn("Non-critical templates failed to load, using fallback versions", { - failedTemplates, - }); - } - } catch (error) { - logger.error("Failed to load email templates", { - templatesDir, - error, + this.initialized = true; + logger.info("Email Template Manager initialized successfully", { + discovered: this.templateNames.size, + preloaded: CRITICAL_TEMPLATES.length, }); - throw error; // Re-throw to fail server startup - } + })(); + + return this.initializationPromise; } /** @@ -181,24 +153,36 @@ class TemplateManager { await this.initialize(); } - let template = this.templates.get(templateName); + let template; - if (!template) { + // Check if template exists in our discovered templates + if (this.templateNames.has(templateName)) { + // Lazy load the template if not already cached + template = await this.loadTemplate(templateName); + } else { logger.error("Template not found, using fallback", { templateName, - availableTemplates: Array.from(this.templates.keys()), + discoveredTemplates: Array.from(this.templateNames), }); template = this.getFallbackTemplate(templateName); - } else { - logger.debug("Template found", { templateName }); } let rendered = template; try { Object.keys(variables).forEach((key) => { + // Variables ending in 'Html' or 'Section' contain trusted HTML content + // (e.g., refundSection, stripeSection, earningsSection) - don't escape these + const isTrustedHtml = key.endsWith("Html") || key.endsWith("Section"); + let value = variables[key] || ""; + + // Escape HTML in user-provided values to prevent XSS + if (!isTrustedHtml && typeof value === "string") { + value = escapeHtml(value); + } + const regex = new RegExp(`{{${key}}}`, "g"); - rendered = rendered.replace(regex, variables[key] || ""); + rendered = rendered.replace(regex, value); }); } catch (error) { logger.error("Error rendering template", { @@ -212,25 +196,27 @@ class TemplateManager { } /** - * Get a fallback template when the HTML file is not available - * @param {string} templateName - Name of the template - * @returns {string} Fallback HTML template + * Get a generic fallback template when the HTML file is not available + * This is used as a last resort when a template cannot be loaded + * @param {string} templateName - Name of the template (for logging) + * @returns {string} Generic fallback HTML template */ getFallbackTemplate(templateName) { - const baseTemplate = ` + logger.warn("Using generic fallback template", { templateName }); + + return ` - {{title}} + Village Share @@ -240,7 +226,9 @@ class TemplateManager {
- {{content}} +

Hi {{recipientName}},

+

{{title}}

+

{{message}}

This email was sent from Village Share. If you have any questions, please contact support.

@@ -249,315 +237,6 @@ class TemplateManager { `; - - const templates = { - conditionCheckReminderToUser: baseTemplate.replace( - "{{content}}", - ` -

{{title}}

-

{{message}}

-

Rental Item: {{itemName}}

-

Deadline: {{deadline}}

-

Please complete this condition check as soon as possible to ensure proper documentation.

- ` - ), - - rentalConfirmationToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

{{title}}

-

{{message}}

-

Item: {{itemName}}

-

Rental Period: {{startDate}} to {{endDate}}

-

Thank you for using Village Share!

- ` - ), - - emailVerificationToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

Verify Your Email Address

-

Thank you for registering with Village Share! Please verify your email address by clicking the button below.

-

Verify Email Address

-

If the button doesn't work, copy and paste this link into your browser: {{verificationUrl}}

-

This link will expire in 24 hours.

- ` - ), - - passwordResetToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

Reset Your Password

-

We received a request to reset the password for your Village Share account. Click the button below to choose a new password.

-

Reset Password

-

If the button doesn't work, copy and paste this link into your browser: {{resetUrl}}

-

This link will expire in 1 hour.

-

If you didn't request this, you can safely ignore this email.

- ` - ), - - passwordChangedToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

Your Password Has Been Changed

-

This is a confirmation that the password for your Village Share account ({{email}}) has been successfully changed.

-

Changed on: {{timestamp}}

-

For your security, all existing sessions have been logged out.

-

Didn't change your password? If you did not make this change, please contact our support team immediately.

- ` - ), - - rentalRequestToOwner: baseTemplate.replace( - "{{content}}", - ` -

Hi {{ownerName}},

-

New Rental Request for {{itemName}}

-

{{renterName}} would like to rent your item.

-

Rental Period: {{startDate}} to {{endDate}}

-

Total Amount: \${{totalAmount}}

-

Your Earnings: \${{payoutAmount}}

-

Delivery Method: {{deliveryMethod}}

-

Intended Use: {{intendedUse}}

-

Review & Respond

-

Please respond to this request within 24 hours.

- ` - ), - - rentalRequestConfirmationToRenter: baseTemplate.replace( - "{{content}}", - ` -

Hi {{renterName}},

-

Your Rental Request Has Been Submitted!

-

Your request to rent {{itemName}} has been sent to the owner.

-

Item: {{itemName}}

-

Rental Period: {{startDate}} to {{endDate}}

-

Delivery Method: {{deliveryMethod}}

-

Total Amount: \${{totalAmount}}

-

{{paymentMessage}}

-

You'll receive an email notification once the owner responds to your request.

-

View My Rentals

- ` - ), - - rentalCancellationConfirmationToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

Rental Cancelled Successfully

-

This confirms that your rental for {{itemName}} has been cancelled.

-

Item: {{itemName}}

-

Start Date: {{startDate}}

-

End Date: {{endDate}}

-

Cancelled On: {{cancelledAt}}

- {{refundSection}} - ` - ), - - rentalCancellationNotificationToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{recipientName}},

-

Rental Cancellation Notice

-

{{cancellationMessage}}

-

Item: {{itemName}}

-

Start Date: {{startDate}}

-

End Date: {{endDate}}

-

Cancelled On: {{cancelledAt}}

- {{additionalInfo}} -

If you have any questions or concerns, please reach out to our support team.

- ` - ), - - payoutReceivedToOwner: baseTemplate.replace( - "{{content}}", - ` -

Hi {{ownerName}},

-

Earnings Received: \${{payoutAmount}}

-

Great news! Your earnings from the rental of {{itemName}} have been transferred to your account.

-

Rental Details

-

Item: {{itemName}}

-

Rental Period: {{startDate}} to {{endDate}}

-

Transfer ID: {{stripeTransferId}}

-

Earnings Breakdown

-

Rental Amount: \${{totalAmount}}

-

Community Upkeep Fee (10%): -\${{platformFee}}

-

Your Earnings: \${{payoutAmount}}

-

Funds are typically available in your bank account within 2-3 business days.

-

View Earnings Dashboard

-

Thank you for being a valued member of the Village Share community!

- ` - ), - - rentalDeclinedToRenter: baseTemplate.replace( - "{{content}}", - ` -

Hi {{renterName}},

-

Rental Request Declined

-

Thank you for your interest in renting {{itemName}}. Unfortunately, the owner is unable to accept your rental request at this time.

-

Request Details

-

Item: {{itemName}}

-

Start Date: {{startDate}}

-

End Date: {{endDate}}

-

Delivery Method: {{deliveryMethod}}

- {{ownerMessage}} -
-

What happens next?

-

{{paymentMessage}}

-

We encourage you to explore other similar items available for rent on Village Share. There are many great options waiting for you!

-
-

Browse Available Items

-

If you have any questions or concerns, please don't hesitate to contact our support team.

- ` - ), - - rentalApprovalConfirmationToOwner: baseTemplate.replace( - "{{content}}", - ` -

Hi {{ownerName}},

-

You've Approved the Rental Request!

-

You've successfully approved the rental request for {{itemName}}.

-

Rental Details

-

Item: {{itemName}}

-

Renter: {{renterName}}

-

Start Date: {{startDate}}

-

End Date: {{endDate}}

-

Your Earnings: \${{payoutAmount}}

- {{stripeSection}} -

What's Next?

-
    -
  • Coordinate with the renter on pickup details
    • -
  • Take photos of the item's condition before handoff
    • -
  • Provide any care instructions or usage tips
    • -
-

View Rental Details

- ` - ), - - rentalCompletionThankYouToRenter: baseTemplate.replace( - "{{content}}", - ` -

Hi {{renterName}},

-

Thank You for Returning On Time!

-

You've successfully returned {{itemName}} on time. On-time returns like yours help build trust in the Village Share community!

-

Rental Summary

-

Item: {{itemName}}

-

Rental Period: {{startDate}} to {{endDate}}

-

Returned On: {{returnedDate}}

- {{reviewSection}} -

Browse Available Items

- ` - ), - - rentalCompletionCongratsToOwner: baseTemplate.replace( - "{{content}}", - ` -

Hi {{ownerName}},

-

Congratulations on Completing a Rental!

-

{{itemName}} has been successfully returned on time. Great job!

-

Rental Summary

-

Item: {{itemName}}

-

Renter: {{renterName}}

-

Rental Period: {{startDate}} to {{endDate}}

- {{earningsSection}} - {{stripeSection}} -

View My Listings

- ` - ), - - feedbackConfirmationToUser: baseTemplate.replace( - "{{content}}", - ` -

Hi {{userName}},

-

Thank You for Your Feedback!

-

We've received your feedback and our team will review it carefully.

-
- {{feedbackText}} -
-

Submitted: {{submittedAt}}

-

Your input helps us improve Village Share for everyone. We take all feedback seriously and use it to make the platform better.

-

If your feedback requires a response, our team will reach out to you directly.

- ` - ), - - feedbackNotificationToAdmin: baseTemplate.replace( - "{{content}}", - ` -

New Feedback Received

-

From: {{userName}} ({{userEmail}})

-

User ID: {{userId}}

-

Submitted: {{submittedAt}}

-

Feedback Content

-
- {{feedbackText}} -
-

Technical Context

-

Feedback ID: {{feedbackId}}

-

Page URL: {{url}}

-

User Agent: {{userAgent}}

-

Please review this feedback and take appropriate action if needed.

- ` - ), - - paymentDeclinedToRenter: baseTemplate.replace( - "{{content}}", - ` -

Hi {{renterFirstName}},

-

Payment Issue with Your Rental Request

-

The owner tried to approve your rental for {{itemName}}, but there was an issue processing your payment.

-

What Happened

-

{{declineReason}}

-
-

What You Can Do

-

Please update your payment method so the owner can complete the approval of your rental request.

-
-

Once you update your payment method, the owner will be notified and can try to approve your rental again.

- ` - ), - - paymentMethodUpdatedToOwner: baseTemplate.replace( - "{{content}}", - ` -

Hi {{ownerFirstName}},

-

Payment Method Updated

-

The renter has updated their payment method for the rental of {{itemName}}.

-
-

Ready to Approve

-

You can now try approving the rental request again. The renter's new payment method will be charged when you approve.

-
-

Review & Approve Rental

- ` - ), - - userBannedNotification: baseTemplate.replace( - "{{content}}", - ` -

Hi {{userName}},

-

Your Account Has Been Suspended

-

Your Village Share account has been suspended by our moderation team.

-
-

Reason for Suspension:

-

{{banReason}}

-
-

You have been logged out of all devices and cannot log in to your account.

-

If you believe this suspension was made in error, please contact {{supportEmail}}.

- ` - ), - }; - - return ( - templates[templateName] || - baseTemplate.replace( - "{{content}}", - ` -

{{title}}

-

{{message}}

- ` - ) - ); } } diff --git a/backend/services/email/core/emailUtils.js b/backend/services/email/core/emailUtils.js index 9d0fa85..bd6ed50 100644 --- a/backend/services/email/core/emailUtils.js +++ b/backend/services/email/core/emailUtils.js @@ -90,9 +90,26 @@ function formatCurrency(amount, currency = "USD") { }).format(amount / 100); } +/** + * Escape HTML special characters to prevent XSS attacks + * Converts characters that could be interpreted as HTML into safe entities + * @param {*} str - Value to escape (will be converted to string) + * @returns {string} HTML-escaped string safe for insertion into HTML + */ +function escapeHtml(str) { + if (str === null || str === undefined) return ""; + return String(str) + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); +} + module.exports = { htmlToPlainText, formatEmailDate, formatShortDate, formatCurrency, + escapeHtml, }; diff --git a/backend/tests/unit/services/email/TemplateManager.test.js b/backend/tests/unit/services/email/TemplateManager.test.js index fe23bcc..0dc0fc2 100644 --- a/backend/tests/unit/services/email/TemplateManager.test.js +++ b/backend/tests/unit/services/email/TemplateManager.test.js @@ -2,7 +2,22 @@ jest.mock('fs', () => ({ promises: { readFile: jest.fn(), + readdir: jest.fn(), }, + // Include sync methods needed by logger + existsSync: jest.fn().mockReturnValue(true), + mkdirSync: jest.fn(), + statSync: jest.fn().mockReturnValue({ isDirectory: () => true }), + readdirSync: jest.fn().mockReturnValue([]), + unlinkSync: jest.fn(), +})); + +// Mock the logger to avoid file system issues in tests +jest.mock('../../../../utils/logger', () => ({ + info: jest.fn(), + error: jest.fn(), + warn: jest.fn(), + debug: jest.fn(), })); // Clear singleton between tests @@ -15,6 +30,12 @@ beforeEach(() => { describe('TemplateManager', () => { const fs = require('fs').promises; + // Helper to set up common mocks + const setupMocks = (templateFiles = []) => { + fs.readdir.mockResolvedValue(templateFiles.map((t) => `${t}.html`)); + fs.readFile.mockResolvedValue('{{content}}'); + }; + describe('constructor', () => { it('should create a new instance', () => { const TemplateManager = require('../../../../services/email/core/TemplateManager'); @@ -22,6 +43,7 @@ describe('TemplateManager', () => { const manager = new TemplateManager(); expect(manager).toBeDefined(); expect(manager.templates).toBeInstanceOf(Map); + expect(manager.templateNames).toBeInstanceOf(Set); expect(manager.initialized).toBe(false); }); @@ -34,10 +56,89 @@ describe('TemplateManager', () => { }); }); + describe('discoverTemplates', () => { + it('should discover all HTML templates in directory', async () => { + const templateFiles = [ + 'emailVerificationToUser.html', + 'passwordResetToUser.html', + 'rentalConfirmationToUser.html', + 'README.md', // Should be ignored + ]; + fs.readdir.mockResolvedValue(templateFiles); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await manager.discoverTemplates(); + + expect(manager.templateNames.size).toBe(3); // Only .html files + expect(manager.templateNames.has('emailVerificationToUser')).toBe(true); + expect(manager.templateNames.has('passwordResetToUser')).toBe(true); + expect(manager.templateNames.has('rentalConfirmationToUser')).toBe(true); + expect(manager.templateNames.has('README')).toBe(false); + }); + + it('should throw error if directory read fails', async () => { + fs.readdir.mockRejectedValue(new Error('Directory not found')); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await expect(manager.discoverTemplates()).rejects.toThrow('Directory not found'); + }); + }); + + describe('loadTemplate', () => { + it('should load template from disk on first access', async () => { + fs.readFile.mockResolvedValue('Template Content'); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + const content = await manager.loadTemplate('testTemplate'); + + expect(content).toBe('Template Content'); + expect(fs.readFile).toHaveBeenCalledTimes(1); + }); + + it('should return cached template on subsequent access', async () => { + fs.readFile.mockResolvedValue('Template Content'); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await manager.loadTemplate('testTemplate'); + await manager.loadTemplate('testTemplate'); + await manager.loadTemplate('testTemplate'); + + expect(fs.readFile).toHaveBeenCalledTimes(1); // Only read once + }); + + it('should throw error if template file not found', async () => { + fs.readFile.mockRejectedValue(new Error('ENOENT: no such file')); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await expect(manager.loadTemplate('nonExistent')).rejects.toThrow('ENOENT'); + }); + }); + describe('initialize', () => { - it('should load all templates on initialization', async () => { - // Mock fs.readFile to return template content - fs.readFile.mockResolvedValue('{{content}}'); + const criticalTemplates = [ + 'emailVerificationToUser', + 'passwordResetToUser', + 'passwordChangedToUser', + 'personalInfoChangedToUser', + ]; + + it('should discover templates and preload critical ones', async () => { + setupMocks(criticalTemplates); const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; @@ -46,26 +147,28 @@ describe('TemplateManager', () => { await manager.initialize(); expect(manager.initialized).toBe(true); - expect(fs.readFile).toHaveBeenCalled(); + expect(fs.readdir).toHaveBeenCalledTimes(1); + // Should have loaded all 4 critical templates + expect(fs.readFile).toHaveBeenCalledTimes(4); }); it('should not re-initialize if already initialized', async () => { - fs.readFile.mockResolvedValue('{{content}}'); + setupMocks(criticalTemplates); const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); await manager.initialize(); - const callCount = fs.readFile.mock.calls.length; + const readCallCount = fs.readFile.mock.calls.length; await manager.initialize(); - expect(fs.readFile.mock.calls.length).toBe(callCount); + expect(fs.readFile.mock.calls.length).toBe(readCallCount); }); it('should wait for existing initialization if in progress', async () => { - fs.readFile.mockResolvedValue('{{content}}'); + setupMocks(criticalTemplates); const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; @@ -74,50 +177,45 @@ describe('TemplateManager', () => { // Start two initializations concurrently await Promise.all([manager.initialize(), manager.initialize()]); - // Should only load templates once - const uniquePaths = new Set(fs.readFile.mock.calls.map((call) => call[0])); - expect(uniquePaths.size).toBeLessThanOrEqual(fs.readFile.mock.calls.length); + // Should only discover once + expect(fs.readdir).toHaveBeenCalledTimes(1); }); - it('should throw error if critical templates fail to load', async () => { - // All template files fail to load - fs.readFile.mockRejectedValue(new Error('File not found')); + it('should throw error if critical templates are not found', async () => { + // Only discover non-critical templates + setupMocks(['rentalConfirmationToUser', 'feedbackToUser']); const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); - await expect(manager.initialize()).rejects.toThrow('Critical email templates failed to load'); + await expect(manager.initialize()).rejects.toThrow('Critical email templates not found'); }); - it('should succeed if critical templates load but non-critical fail', async () => { - const criticalTemplates = [ - 'emailVerificationToUser', - 'passwordResetToUser', - 'passwordChangedToUser', - 'personalInfoChangedToUser', - ]; - - fs.readFile.mockImplementation((path) => { - const isCritical = criticalTemplates.some((t) => path.includes(t)); - if (isCritical) { - return Promise.resolve('Template content'); - } - return Promise.reject(new Error('File not found')); - }); + it('should succeed if critical templates exist even if non-critical are missing', async () => { + // Discover critical templates plus some others + setupMocks([...criticalTemplates, 'rentalConfirmationToUser']); const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); - // Should not throw since critical templates loaded await expect(manager.initialize()).resolves.not.toThrow(); expect(manager.initialized).toBe(true); + expect(manager.templateNames.size).toBe(5); }); }); describe('renderTemplate', () => { + const criticalTemplates = [ + 'emailVerificationToUser', + 'passwordResetToUser', + 'passwordChangedToUser', + 'personalInfoChangedToUser', + ]; + beforeEach(() => { + fs.readdir.mockResolvedValue([...criticalTemplates, 'testTemplate'].map((t) => `${t}.html`)); fs.readFile.mockResolvedValue('Hello {{name}}, your email is {{email}}'); }); @@ -128,9 +226,6 @@ describe('TemplateManager', () => { await manager.initialize(); - // Manually set a template for testing - manager.templates.set('testTemplate', 'Hello {{name}}, your email is {{email}}'); - const result = await manager.renderTemplate('testTemplate', { name: 'John', email: 'john@example.com', @@ -139,14 +234,32 @@ describe('TemplateManager', () => { expect(result).toBe('Hello John, your email is john@example.com'); }); - it('should replace all occurrences of a variable', async () => { + it('should lazy load non-critical templates on first render', async () => { const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); await manager.initialize(); - manager.templates.set('testTemplate', '{{name}} {{name}} {{name}}'); + // At this point, only critical templates are loaded + const initialLoadCount = fs.readFile.mock.calls.length; + expect(initialLoadCount).toBe(4); // Only critical templates + + // Render a non-critical template + await manager.renderTemplate('testTemplate', { name: 'John', email: 'test@example.com' }); + + // Should have loaded one more template + expect(fs.readFile.mock.calls.length).toBe(5); + }); + + it('should replace all occurrences of a variable', async () => { + fs.readFile.mockResolvedValue('{{name}} {{name}} {{name}}'); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await manager.initialize(); const result = await manager.renderTemplate('testTemplate', { name: 'John', @@ -155,15 +268,15 @@ describe('TemplateManager', () => { expect(result).toBe('John John John'); }); - it('should replace missing variables with empty string', async () => { + it('should not replace unspecified variables', async () => { + fs.readFile.mockResolvedValue('Hello {{name}}, {{missing}}'); + const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); await manager.initialize(); - manager.templates.set('testTemplate', 'Hello {{name}}, {{missing}}'); - const result = await manager.renderTemplate('testTemplate', { name: 'John', }); @@ -171,7 +284,7 @@ describe('TemplateManager', () => { expect(result).toBe('Hello John, {{missing}}'); }); - it('should use fallback template when template not found', async () => { + it('should use fallback template when template not discovered', async () => { const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); @@ -181,11 +294,13 @@ describe('TemplateManager', () => { const result = await manager.renderTemplate('nonExistentTemplate', { title: 'Test Title', message: 'Test Message', + recipientName: 'John', }); // Should return fallback template content expect(result).toContain('Test Title'); expect(result).toContain('Test Message'); + expect(result).toContain('John'); expect(result).toContain('Village Share'); }); @@ -196,86 +311,143 @@ describe('TemplateManager', () => { expect(manager.initialized).toBe(false); - await manager.renderTemplate('someTemplate', {}); + await manager.renderTemplate('testTemplate', {}); expect(manager.initialized).toBe(true); }); it('should handle empty variables object', async () => { + fs.readFile.mockResolvedValue('No variables'); + const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); await manager.initialize(); - manager.templates.set('testTemplate', 'No variables'); - const result = await manager.renderTemplate('testTemplate', {}); expect(result).toBe('No variables'); }); it('should handle null or undefined variable values', async () => { + fs.readFile.mockResolvedValue('Hello {{name}}'); + const TemplateManager = require('../../../../services/email/core/TemplateManager'); TemplateManager.instance = null; const manager = new TemplateManager(); await manager.initialize(); - manager.templates.set('testTemplate', 'Hello {{name}}'); - const result = await manager.renderTemplate('testTemplate', { name: null, }); expect(result).toBe('Hello '); }); + + it('should escape HTML in variables to prevent XSS', async () => { + fs.readFile.mockResolvedValue('Hello {{name}}'); + + const TemplateManager = require('../../../../services/email/core/TemplateManager'); + TemplateManager.instance = null; + const manager = new TemplateManager(); + + await manager.initialize(); + + const result = await manager.renderTemplate('testTemplate', { + name: '', + }); + + expect(result).toContain('<script>'); + expect(result).toContain('</script>'); + expect(result).not.toContain('