github/OpenArchiver
1
1
Fork 0
mirror of https://github.com/LogicLabs-OU/OpenArchiver.git synced 2026-04-06 00:31:57 +02:00
Code Issues 161 Packages Projects Releases Wiki Activity

Compare commits

base: github:dev
Branches Tags
github:main github:gh-pages github:v0.5.1-dev github:v0.4.3-release github:ee-legalhold github:ee-retention github:v0.4.3-dev github:wayneshn-patch-1 github:v0.4.3-pre github:v0.4.2-fix github:v0.4.2-dev github:v0.4.1-dev github:mailbox-processing-opt github:v0.4.0-fix github:ee-init github:docs-ocr github:v0.3.x-fixes github:issue-templates github:security-update github:create-funding-yml github:display-versions github:attachment-ocr github:docs github:user-api-key github:demo-mode github:v0.3.0 github:system-settings github:wip github:CLA-v2 github:role-based-access github:dev
github:v0.5.0 github:v0.4.2 github:v0.4.1 github:v0.4.0 github:v0.3.4 github:v0.3.3 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.2.1 github:v0.2.0 github:v0.1.2 github:v0.1.1 github:v0.1.0
...
compare: github:system-settings
Branches Tags
github:gh-pages github:main github:v0.5.1-dev github:v0.4.3-release github:ee-legalhold github:ee-retention github:v0.4.3-dev github:wayneshn-patch-1 github:v0.4.3-pre github:v0.4.2-fix github:v0.4.2-dev github:v0.4.1-dev github:mailbox-processing-opt github:v0.4.0-fix github:ee-init github:docs-ocr github:v0.3.x-fixes github:issue-templates github:security-update github:create-funding-yml github:display-versions github:attachment-ocr github:docs github:user-api-key github:demo-mode github:v0.3.0 github:system-settings github:wip github:CLA-v2 github:role-based-access github:dev
github:v0.5.0 github:v0.4.2 github:v0.4.1 github:v0.4.0 github:v0.3.4 github:v0.3.3 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.2.1 github:v0.2.0 github:v0.1.2 github:v0.1.1 github:v0.1.0

32 Commits
dev ... system-set

Author SHA1 Message Date
Wayne
4b6c9d9e18 Copy locale files in backend build 2025-08-31 15:09:10 +03:00
Wayne
0eb0c670c9 Docs site title 2025-08-29 16:28:37 +03:00
Wayne
723a222816 Translation revamp for frontend and backend, adding systems docs 2025-08-29 16:28:04 +03:00
Wayne
739c437b0a Formatting code 2025-08-29 15:20:02 +03:00
Wayne
535fde1426 feat(backend): Implement i18n for API responses 
This commit introduces internationalization (i18n) to the backend API using the `i18next` library.

Hardcoded error and response messages in the API controllers have been replaced with translation keys, which are processed by the new i18next middleware. This allows for API responses to be translated into different languages.

The following dependencies were added:
- `i18next`
- `i18next-fs-backend`
- `i18next-http-middleware`
 2025-08-29 15:17:54 +03:00
Wayne
cd5f8fa313 Adding greek translation 2025-08-29 13:56:28 +03:00
Wayne
8675f90606 Merge branch 'main' into system-settings 2025-08-28 19:34:50 +03:00
Wayne
67cef40e5c feat: Add internationalization (i18n) support to frontend 
This commit introduces internationalization (i18n) to the frontend using the `sveltekit-i18n` library, allowing the user interface to be translated into multiple languages.

Key changes:
- Added translation files for 10 languages (en, de, es, fr, etc.).
- Replaced hardcoded text strings throughout the frontend components and pages with translation keys.
- Added a language selector to the system settings page, allowing administrators to set the default application language.
- Updated the backend settings API to store and expose the new language configuration.
 2025-08-28 19:22:21 +03:00
Wayne
159f7d8777 Multi-language support 2025-08-28 19:17:36 +03:00
Wei S.
baff1195c7 Feat: System settings (#66) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

* Remove inherent behavior, index userEmail, adding docs for IAM policies

* Format

* System settings setup

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-28 14:12:05 +03:00
Wei S.
f1da17e484 Fix: storage chart legend overflow (#70) 
* Fix storage chart legend overflow

* fix storage legend overflow

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-24 16:10:24 +02:00
Wei S.
a2c55f36ee Cla v2 (#68) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

* Remove inherent behavior, index userEmail, adding docs for IAM policies

* Format

* CLA v2

* cla-v2

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-24 15:03:05 +02:00
Wei S.
9fdba4cd61 Role based access: Adding docs to docs site (#67) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

* Remove inherent behavior, index userEmail, adding docs for IAM policies

* Format

* Adding IAM policy documentation to Docs site

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-24 14:52:08 +02:00
Wayne
feeda60b7e Merge branch 'main' into system-settings 2025-08-24 14:09:22 +02:00
Wei S.
108c646596 CLA-v2 
CLA-v2: Clarifying LogicLabs OÜ is the entity contributors are signing the agreement with.
 2025-08-24 15:05:15 +03:00
Wei S.
61e44c81f7 Role based access (#61) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

* Remove inherent behavior, index userEmail, adding docs for IAM policies

* Format

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-23 23:19:51 +03:00
Wayne
c2782ff9c6 System settings setup 2025-08-23 20:36:54 +03:00
Wayne
32c016dbfe Resolve conflict 2025-08-22 13:51:33 +03:00
Wayne
317f034c56 Format 2025-08-22 13:47:48 +03:00
Wayne
faadc2fad6 Remove inherent behavior, index userEmail, adding docs for IAM policies 2025-08-22 13:43:00 +03:00
Wei S.
f651aeab0e Role based access (#60) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-22 00:51:56 +03:00
Wayne
3ab76f5c2d Fix: fix old "Super Admin" role in existing db 2025-08-22 00:47:51 +03:00
Wei S.
3fb4290934 Role based access (#59) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-21 23:53:21 +03:00
Wayne
5b5bb019fc Merge branch 'main' into role-based-access 2025-08-21 23:52:26 +03:00
Wei S.
8c33b63bdf feat: Role based access control (#58) 
* Format checked, contributing.md update

* Middleware setup

* IAP API, create user/roles in frontend

* RBAC using CASL library

* Switch to CASL, secure search, resource-level access control

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-21 23:45:06 +03:00
Wayne
db38dde86f Switch to CASL, secure search, resource-level access control 2025-08-21 23:39:02 +03:00
Wayne
d81abc657b RBAC using CASL library 2025-08-20 01:08:51 +03:00
David Girón
2b325f3461 feat: optimize Dockerfile (#47) 
* define base image arg

* create base stage with common content

* chmod executable entrypoint file

this avoids re-copying the same file as is being modified in the docker
layer

* cache npm downloaded packages

avoids re-downloading deps if cache content is available
 2025-08-19 12:17:32 +03:00
Wayne
720160a3d8 IAP API, create user/roles in frontend 2025-08-19 11:20:30 +03:00
Til Wegener
4d3c164bc0 Fix UI size display and ingestion history graph (#50) 
* fix: unify size display, improve graph interpolation & time readability

* fix display human-readable sizes in ingestion chart

* display human-readable sizes in ingestion chart

* fix: format code

* fix keep fallback for item.name
 2025-08-19 11:06:31 +03:00
Wayne
2987f159dd Middleware setup 2025-08-18 14:09:02 +03:00
Wei S.
7288286fd9 Format checked, contributing.md update (#49) 
Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
 2025-08-17 17:42:49 +03:00
129 changed files with 10376 additions and 844 deletions
Expand all files Collapse all files

27
.github/CLA-v2.md vendored Normal file
View File

@@ -0,0 +1,27 @@
# Contributor License Agreement (CLA)
Version: 2
This Agreement is for your protection as a Contributor as well as the protection of the maintainers of the Open Archiver software; it does not change your rights to use your own Contributions for any other purpose. Open Archiver is developed and maintained by LogicLabs OÜ, a private limited company established under the laws of the Republic of Estonia.
You accept and agree to the following terms and conditions for Your present and future Contributions submitted to LogicLabs OÜ. Except for the license granted herein to LogicLabs OÜ and recipients of software distributed by LogicLabs OÜ, You reserve all right, title, and interest in and to Your Contributions.
1. Definitions.
"You" (or "Your") shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with LogicLabs OÜ. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor.
"Contribution" shall mean any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to LogicLabs OÜ for inclusion in, or documentation of, any of the products owned or managed by LogicLabs OÜ (the "Work"). For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to LogicLabs OÜ or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, LogicLabs OÜ for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
2. Grant of Copyright License. Subject to the terms and conditions of this Agreement, You grant to LogicLabs OÜ and to recipients of software distributed by LogicLabs OÜ a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
3. Grant of Patent License. Subject to the terms and conditions of this Agreement, You grant to LogicLabs OÜ and to recipients of software distributed by LogicLabs OÜ a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
4. You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to LogicLabs OÜ, or that your employer has executed a separate Contributor License Agreement with LogicLabs OÜ.
5. You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
6. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
7. Should You wish to submit work that is not Your original creation, You may submit it to LogicLabs OÜ separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as "Submitted on behalf of a third-party: [named here]".
8. You agree to notify LogicLabs OÜ of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.

4
.github/workflows/cla.yml vendored
View File

@@ -23,8 +23,8 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
path-to-signatures: 'signatures/version1/cla.json'
path-to-document: 'https://github.com/LogicLabs-OU/OpenArchiver/tree/main/.github/CLA.md'
path-to-signatures: 'signatures/version2/cla.json'
path-to-document: 'https://github.com/LogicLabs-OU/OpenArchiver/blob/main/.github/CLA-v2.md'
branch: 'main'
allowlist: 'wayneshn'

31
docker/Dockerfile
View File

@@ -1,21 +1,29 @@
# Dockerfile for Open Archiver
# 1. Build Stage: Install all dependencies and build the project
FROM node:22-alpine AS build
ARG BASE_IMAGE=node:22-alpine
# 0. Base Stage: Define all common dependencies and setup
FROM ${BASE_IMAGE} AS base
WORKDIR /app
# Install pnpm
RUN npm install -g pnpm
RUN --mount=type=cache,target=/root/.npm \
npm install -g pnpm
# Copy manifests and lockfile
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml* ./
COPY packages/backend/package.json ./packages/backend/
COPY packages/frontend/package.json ./packages/frontend/
COPY packages/types/package.json ./packages/types/
# 1. Build Stage: Install all dependencies and build the project
FROM base AS build
COPY packages/frontend/svelte.config.js ./packages/frontend/
# Install all dependencies. Use --shamefully-hoist to create a flat node_modules structure
RUN pnpm install --shamefully-hoist --frozen-lockfile --prod=false
ENV PNPM_HOME="/pnpm"
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --shamefully-hoist --frozen-lockfile --prod=false
# Copy the rest of the source code
COPY . .
@@ -24,20 +32,8 @@ COPY . .
RUN pnpm build
# 2. Production Stage: Install only production dependencies and copy built artifacts
FROM node:22-alpine AS production
WORKDIR /app
FROM base AS production
# Install pnpm
RUN npm install -g pnpm
# Copy manifests and lockfile
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml* ./
COPY packages/backend/package.json ./packages/backend/
COPY packages/frontend/package.json ./packages/frontend/
COPY packages/types/package.json ./packages/types/
# Install production dependencies
# RUN pnpm install --shamefully-hoist --frozen-lockfile --prod=true
# Copy built application from build stage
COPY --from=build /app/packages/backend/dist ./packages/backend/dist
@@ -48,7 +44,6 @@ COPY --from=build /app/packages/backend/src/database/migrations ./packages/backe
# Copy the entrypoint script and make it executable
COPY docker/docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Expose the port the app runs on
EXPOSE 4000

0
docker/docker-entrypoint.sh Normal file → Executable file
View File

17
docs/.vitepress/config.mts
View File

@@ -10,8 +10,9 @@ export default defineConfig({
'data-website-id': '2c8b452e-eab5-4f82-8ead-902d8f8b976f',
},
],
['link', { rel: 'icon', href: '/logo-sq.svg' }],
],
title: 'Open Archiver',
title: 'Open Archiver Docs',
description: 'Official documentation for the Open Archiver project.',
themeConfig: {
search: {
@@ -53,6 +54,16 @@ export default defineConfig({
{ text: 'PST Import', link: '/user-guides/email-providers/pst' },
],
},
{
text: 'Settings',
collapsed: true,
items: [
{
text: 'System',
link: '/user-guides/settings/system',
},
],
},
],
},
{
@@ -73,6 +84,10 @@ export default defineConfig({
items: [
{ text: 'Overview', link: '/services/' },
{ text: 'Storage Service', link: '/services/storage-service' },
{
text: 'IAM Service',
items: [{ text: 'IAM Policies', link: '/services/iam-service/iam-policy' }],
},
],
},
],

141
docs/services/IAM-service/iam-policies.md
View File

@@ -1,141 +0,0 @@
# IAM Policies Guide
This document provides a comprehensive guide to the Identity and Access Management (IAM) policies in Open Archiver. Our policy structure is inspired by AWS IAM, providing a powerful and flexible way to manage permissions.
## 1. Policy Structure
A policy is a JSON object that consists of one or more statements. Each statement includes an `Effect`, `Action`, and `Resource`.
```json
{
"Effect": "Allow",
"Action": ["archive:read", "archive:search"],
"Resource": ["archive/all"]
}
```
- **`Effect`**: Specifies whether the statement results in an `Allow` or `Deny`. An explicit `Deny` always overrides an `Allow`.
- **`Action`**: A list of operations that the policy grants or denies permission to perform. Actions are formatted as `service:operation`.
- **`Resource`**: A list of resources to which the actions apply. Resources are specified in a hierarchical format. Wildcards (`*`) can be used.
## 2. Wildcard Support
Our IAM system supports wildcards (`*`) in both `Action` and `Resource` fields to provide flexible permission management, as defined in the `PolicyValidator`.
### Action Wildcards
You can use wildcards to grant broad permissions for actions:
- **Global Wildcard (`*`)**: A standalone `*` in the `Action` field grants permission for all possible actions across all services.
```json
"Action": ["*"]
```
- **Service-Level Wildcard (`service:*`)**: A wildcard at the end of an action string grants permission for all actions within that specific service.
```json
"Action": ["archive:*"]
```
### Resource Wildcards
Wildcards can also be used to specify resources:
- **Global Wildcard (`*`)**: A standalone `*` in the `Resource` field applies the policy to all resources in the system.
```json
"Resource": ["*"]
```
- **Partial Wildcards**: Some services allow wildcards at specific points in the resource path to refer to all resources of a certain type. For example, to target all ingestion sources:
```json
"Resource": ["ingestion-source/*"]
```
## 3. Actions and Resources by Service
The following sections define the available actions and resources, categorized by their respective services.
### Service: `archive`
The `archive` service pertains to all actions related to accessing and managing archived emails.
**Actions:**
| Action | Description |
| :--------------- | :--------------------------------------------------------------------- |
| `archive:read` | Grants permission to read the content and metadata of archived emails. |
| `archive:search` | Grants permission to perform search queries against the email archive. |
| `archive:export` | Grants permission to export search results or individual emails. |
**Resources:**
| Resource | Description |
| :------------------------------------ | :--------------------------------------------------------------------------------------- |
| `archive/all` | Represents the entire email archive. |
| `archive/ingestion-source/{sourceId}` | Scopes the action to emails from a specific ingestion source. |
| `archive/mailbox/{email}` | Scopes the action to a single, specific mailbox, usually identified by an email address. |
| `archive/custodian/{custodianId}` | Scopes the action to emails belonging to a specific custodian. |
---
### Service: `ingestion`
The `ingestion` service covers the management of email ingestion sources.
**Actions:**
| Action | Description |
| :----------------------- | :--------------------------------------------------------------------------- |
| `ingestion:createSource` | Grants permission to create a new ingestion source. |
| `ingestion:readSource` | Grants permission to view the details of ingestion sources. |
| `ingestion:updateSource` | Grants permission to modify the configuration of an ingestion source. |
| `ingestion:deleteSource` | Grants permission to delete an ingestion source. |
| `ingestion:manageSync` | Grants permission to trigger, pause, or force a sync on an ingestion source. |
**Resources:**
| Resource | Description |
| :---------------------------- | :-------------------------------------------------------- |
| `ingestion-source/*` | Represents all ingestion sources. |
| `ingestion-source/{sourceId}` | Scopes the action to a single, specific ingestion source. |
---
### Service: `system`
The `system` service is for managing system-level settings, users, and roles.
**Actions:**
| Action | Description |
| :---------------------- | :-------------------------------------------------- |
| `system:readSettings` | Grants permission to view system settings. |
| `system:updateSettings` | Grants permission to modify system settings. |
| `system:readUsers` | Grants permission to list and view user accounts. |
| `system:createUser` | Grants permission to create new user accounts. |
| `system:updateUser` | Grants permission to modify existing user accounts. |
| `system:deleteUser` | Grants permission to delete user accounts. |
| `system:assignRole` | Grants permission to assign roles to users. |
**Resources:**
| Resource | Description |
| :--------------------- | :---------------------------------------------------- |
| `system/settings` | Represents the system configuration. |
| `system/users` | Represents all user accounts within the system. |
| `system/user/{userId}` | Scopes the action to a single, specific user account. |
---
### Service: `dashboard`
The `dashboard` service relates to viewing analytics and overview information.
**Actions:**
| Action | Description |
| :--------------- | :-------------------------------------------------------------- |
| `dashboard:read` | Grants permission to view all dashboard widgets and statistics. |
**Resources:**
| Resource | Description |
| :------------ | :------------------------------------------ |
| `dashboard/*` | Represents all components of the dashboard. |

289
docs/services/iam-service.md Normal file
View File

@@ -0,0 +1,289 @@
# IAM Policies
This document provides a guide to creating and managing IAM policies in Open Archiver. It is intended for developers and administrators who need to configure granular access control for users and roles.
## Policy Structure
IAM policies are defined as an array of JSON objects, where each object represents a single permission rule. The structure of a policy object is as follows:
```json
{
"action": "read" OR ["read", "create"],
"subject": "ingestion" OR ["ingestion", "dashboard"],
"conditions": {
"field_name": "value"
},
"inverted": false OR true,
}
```
- `action`: The action(s) to be performed on the subject. Can be a single string or an array of strings.
- `subject`: The resource(s) or entity on which the action is to be performed. Can be a single string or an array of strings.
- `conditions`: (Optional) A set of conditions that must be met for the permission to be granted.
- `inverted`: (Optional) When set to `true`, this inverts the rule, turning it from a "can" rule into a "cannot" rule. This is useful for creating exceptions to broader permissions.
## Actions
The following actions are available for use in IAM policies:
- `manage`: A wildcard action that grants all permissions on a subject (`create`, `read`, `update`, `delete`, `search`, `sync`).
- `create`: Allows the user to create a new resource.
- `read`: Allows the user to view a resource.
- `update`: Allows the user to modify an existing resource.
- `delete`: Allows the user to delete a resource.
- `search`: Allows the user to search for resources.
- `sync`: Allows the user to synchronize a resource.
## Subjects
The following subjects are available for use in IAM policies:
- `all`: A wildcard subject that represents all resources.
- `archive`: Represents archived emails.
- `ingestion`: Represents ingestion sources.
- `settings`: Represents system settings.
- `users`: Represents user accounts.
- `roles`: Represents user roles.
- `dashboard`: Represents the dashboard.
## Advanced Conditions with MongoDB-Style Queries
Conditions are the key to creating fine-grained access control rules. They are defined as a JSON object where each key represents a field on the subject, and the value defines the criteria for that field.
All conditions within a single rule are implicitly joined with an **AND** logic. This means that for a permission to be granted, the resource must satisfy _all_ specified conditions.
The power of this system comes from its use of a subset of [MongoDB's query language](https://www.mongodb.com/docs/manual/), which provides a flexible and expressive way to define complex rules. These rules are translated into native queries for both the PostgreSQL database (via Drizzle ORM) and the Meilisearch engine.
### Supported Operators and Examples
Here is a detailed breakdown of the supported operators with examples.
#### `$eq` (Equal)
This is the default operator. If you provide a simple key-value pair, it is treated as an equality check.
```json
// This rule...
{ "status": "active" }
// ...is equivalent to this:
{ "status": { "$eq": "active" } }
```
**Use Case**: Grant access to an ingestion source only if its status is `active`.
#### `$ne` (Not Equal)
Matches documents where the field value is not equal to the specified value.
```json
{ "provider": { "$ne": "pst_import" } }
```
**Use Case**: Allow a user to see all ingestion sources except for PST imports.
#### `$in` (In Array)
Matches documents where the field value is one of the values in the specified array.
```json
{
"id": {
"$in": ["INGESTION_ID_1", "INGESTION_ID_2"]
}
}
```
**Use Case**: Grant an auditor access to a specific list of ingestion sources.
#### `$nin` (Not In Array)
Matches documents where the field value is not one of the values in the specified array.
```json
{ "provider": { "$nin": ["pst_import", "eml_import"] } }
```
**Use Case**: Hide all manual import sources from a specific user role.
#### `$lt` / `$lte` (Less Than / Less Than or Equal)
Matches documents where the field value is less than (`$lt`) or less than or equal to (`$lte`) the specified value. This is useful for numeric or date-based comparisons.
```json
{ "sentAt": { "$lt": "2024-01-01T00:00:00.000Z" } }
```
#### `$gt` / `$gte` (Greater Than / Greater Than or Equal)
Matches documents where the field value is greater than (`$gt`) or greater than or equal to (`$gte`) the specified value.
```json
{ "sentAt": { "$lt": "2024-01-01T00:00:00.000Z" } }
```
#### `$exists`
Matches documents that have (or do not have) the specified field.
```json
// Grant access only if a 'lastSyncStatusMessage' exists
{ "lastSyncStatusMessage": { "$exists": true } }
```
## Inverted Rules: Creating Exceptions with `cannot`
By default, all rules are "can" rules, meaning they grant permissions. However, you can create a "cannot" rule by adding `"inverted": true` to a policy object. This is extremely useful for creating exceptions to broader permissions.
A common pattern is to grant broad access and then use an inverted rule to carve out a specific restriction.
**Use Case**: Grant a user access to all ingestion sources _except_ for one specific source.
This is achieved with two rules:
1. A "can" rule that grants `read` access to the `ingestion` subject.
2. An inverted "cannot" rule that denies `read` access for the specific ingestion `id`.
```json
[
{
"action": "read",
"subject": "ingestion"
},
{
"inverted": true,
"action": "read",
"subject": "ingestion",
"conditions": {
"id": "SPECIFIC_INGESTION_ID_TO_EXCLUDE"
}
}
]
```
## Policy Evaluation Logic
The system evaluates policies by combining all relevant rules for a user. The logic is simple:
- A user has permission if at least one `can` rule allows it.
- A permission is denied if a `cannot` (`"inverted": true`) rule explicitly forbids it, even if a `can` rule allows it. `cannot` rules always take precedence.
### Dynamic Policies with Placeholders
To create dynamic policies that are specific to the current user, you can use the `${user.id}` placeholder in the `conditions` object. This placeholder will be replaced with the ID of the current user at runtime.
## Special Permissions for User and Role Management
It is important to note that while `read` access to `users` and `roles` can be granted granularly, any actions that modify these resources (`create`, `update`, `delete`) are restricted to Super Admins.
A user must have the `{ "action": "manage", "subject": "all" }` permission (Typically a Super Admin role) to manage users and roles. This is a security measure to prevent unauthorized changes to user accounts and permissions.
## Policy Examples
Here are several examples based on the default roles in the system, demonstrating how to combine actions, subjects, and conditions to achieve specific access control scenarios.
### Administrator
This policy grants a user full access to all resources using wildcards.
```json
[
{
"action": "manage",
"subject": "all"
}
]
```
### End-User
This policy allows a user to view the dashboard, create new ingestion sources, and fully manage the ingestion sources they own.
```json
[
{
"action": "read",
"subject": "dashboard"
},
{
"action": "create",
"subject": "ingestion"
},
{
"action": "manage",
"subject": "ingestion",
"conditions": {
"userId": "${user.id}"
}
},
{
"action": "manage",
"subject": "archive",
"conditions": {
"ingestionSource.userId": "${user.id}" // also needs to give permission to archived emails created by the user
}
}
]
```
### Global Read-Only Auditor
This policy grants read and search access across most of the application's resources, making it suitable for an auditor who needs to view data without modifying it.
```json
[
{
"action": ["read", "search"],
"subject": ["ingestion", "archive", "dashboard", "users", "roles"]
}
]
```
### Ingestion Admin
This policy grants full control over all ingestion sources and archives, but no other resources.
```json
[
{
"action": "manage",
"subject": "ingestion"
}
]
```
### Auditor for Specific Ingestion Sources
This policy demonstrates how to grant access to a specific list of ingestion sources using the `$in` operator.
```json
[
{
"action": ["read", "search"],
"subject": "ingestion",
"conditions": {
"id": {
"$in": ["INGESTION_ID_1", "INGESTION_ID_2"]
}
}
}
]
```
### Limit Access to a Specific Mailbox
This policy grants a user access to a specific ingestion source, but only allows them to see emails belonging to a single user within that source.
This is achieved by defining two specific `can` rules: The rule grants `read` and `search` access to the `archive` subject, but the `userEmail` must match.
```json
[
{
"action": ["read", "search"],
"subject": "archive",
"conditions": {
"userEmail": "user1@example.com"
}
}
]
```

289
docs/services/iam-service/iam-policy.md Normal file
View File

@@ -0,0 +1,289 @@
# IAM Policy
This document provides a guide to creating and managing IAM policies in Open Archiver. It is intended for developers and administrators who need to configure granular access control for users and roles.
## Policy Structure
IAM policies are defined as an array of JSON objects, where each object represents a single permission rule. The structure of a policy object is as follows:
```json
{
"action": "read" OR ["read", "create"],
"subject": "ingestion" OR ["ingestion", "dashboard"],
"conditions": {
"field_name": "value"
},
"inverted": false OR true,
}
```
- `action`: The action(s) to be performed on the subject. Can be a single string or an array of strings.
- `subject`: The resource(s) or entity on which the action is to be performed. Can be a single string or an array of strings.
- `conditions`: (Optional) A set of conditions that must be met for the permission to be granted.
- `inverted`: (Optional) When set to `true`, this inverts the rule, turning it from a "can" rule into a "cannot" rule. This is useful for creating exceptions to broader permissions.
## Actions
The following actions are available for use in IAM policies:
- `manage`: A wildcard action that grants all permissions on a subject (`create`, `read`, `update`, `delete`, `search`, `sync`).
- `create`: Allows the user to create a new resource.
- `read`: Allows the user to view a resource.
- `update`: Allows the user to modify an existing resource.
- `delete`: Allows the user to delete a resource.
- `search`: Allows the user to search for resources.
- `sync`: Allows the user to synchronize a resource.
## Subjects
The following subjects are available for use in IAM policies:
- `all`: A wildcard subject that represents all resources.
- `archive`: Represents archived emails.
- `ingestion`: Represents ingestion sources.
- `settings`: Represents system settings.
- `users`: Represents user accounts.
- `roles`: Represents user roles.
- `dashboard`: Represents the dashboard.
## Advanced Conditions with MongoDB-Style Queries
Conditions are the key to creating fine-grained access control rules. They are defined as a JSON object where each key represents a field on the subject, and the value defines the criteria for that field.
All conditions within a single rule are implicitly joined with an **AND** logic. This means that for a permission to be granted, the resource must satisfy _all_ specified conditions.
The power of this system comes from its use of a subset of [MongoDB's query language](https://www.mongodb.com/docs/manual/), which provides a flexible and expressive way to define complex rules. These rules are translated into native queries for both the PostgreSQL database (via Drizzle ORM) and the Meilisearch engine.
### Supported Operators and Examples
Here is a detailed breakdown of the supported operators with examples.
#### `$eq` (Equal)
This is the default operator. If you provide a simple key-value pair, it is treated as an equality check.
```json
// This rule...
{ "status": "active" }
// ...is equivalent to this:
{ "status": { "$eq": "active" } }
```
**Use Case**: Grant access to an ingestion source only if its status is `active`.
#### `$ne` (Not Equal)
Matches documents where the field value is not equal to the specified value.
```json
{ "provider": { "$ne": "pst_import" } }
```
**Use Case**: Allow a user to see all ingestion sources except for PST imports.
#### `$in` (In Array)
Matches documents where the field value is one of the values in the specified array.
```json
{
"id": {
"$in": ["INGESTION_ID_1", "INGESTION_ID_2"]
}
}
```
**Use Case**: Grant an auditor access to a specific list of ingestion sources.
#### `$nin` (Not In Array)
Matches documents where the field value is not one of the values in the specified array.
```json
{ "provider": { "$nin": ["pst_import", "eml_import"] } }
```
**Use Case**: Hide all manual import sources from a specific user role.
#### `$lt` / `$lte` (Less Than / Less Than or Equal)
Matches documents where the field value is less than (`$lt`) or less than or equal to (`$lte`) the specified value. This is useful for numeric or date-based comparisons.
```json
{ "sentAt": { "$lt": "2024-01-01T00:00:00.000Z" } }
```
#### `$gt` / `$gte` (Greater Than / Greater Than or Equal)
Matches documents where the field value is greater than (`$gt`) or greater than or equal to (`$gte`) the specified value.
```json
{ "sentAt": { "$lt": "2024-01-01T00:00:00.000Z" } }
```
#### `$exists`
Matches documents that have (or do not have) the specified field.
```json
// Grant access only if a 'lastSyncStatusMessage' exists
{ "lastSyncStatusMessage": { "$exists": true } }
```
## Inverted Rules: Creating Exceptions with `cannot`
By default, all rules are "can" rules, meaning they grant permissions. However, you can create a "cannot" rule by adding `"inverted": true` to a policy object. This is extremely useful for creating exceptions to broader permissions.
A common pattern is to grant broad access and then use an inverted rule to carve out a specific restriction.
**Use Case**: Grant a user access to all ingestion sources _except_ for one specific source.
This is achieved with two rules:
1. A "can" rule that grants `read` access to the `ingestion` subject.
2. An inverted "cannot" rule that denies `read` access for the specific ingestion `id`.
```json
[
{
"action": "read",
"subject": "ingestion"
},
{
"inverted": true,
"action": "read",
"subject": "ingestion",
"conditions": {
"id": "SPECIFIC_INGESTION_ID_TO_EXCLUDE"
}
}
]
```
## Policy Evaluation Logic
The system evaluates policies by combining all relevant rules for a user. The logic is simple:
- A user has permission if at least one `can` rule allows it.
- A permission is denied if a `cannot` (`"inverted": true`) rule explicitly forbids it, even if a `can` rule allows it. `cannot` rules always take precedence.
### Dynamic Policies with Placeholders
To create dynamic policies that are specific to the current user, you can use the `${user.id}` placeholder in the `conditions` object. This placeholder will be replaced with the ID of the current user at runtime.
## Special Permissions for User and Role Management
It is important to note that while `read` access to `users` and `roles` can be granted granularly, any actions that modify these resources (`create`, `update`, `delete`) are restricted to Super Admins.
A user must have the `{ "action": "manage", "subject": "all" }` permission (Typically a Super Admin role) to manage users and roles. This is a security measure to prevent unauthorized changes to user accounts and permissions.
## Policy Examples
Here are several examples based on the default roles in the system, demonstrating how to combine actions, subjects, and conditions to achieve specific access control scenarios.
### Administrator
This policy grants a user full access to all resources using wildcards.
```json
[
{
"action": "manage",
"subject": "all"
}
]
```
### End-User
This policy allows a user to view the dashboard, create new ingestion sources, and fully manage the ingestion sources they own.
```json
[
{
"action": "read",
"subject": "dashboard"
},
{
"action": "create",
"subject": "ingestion"
},
{
"action": "manage",
"subject": "ingestion",
"conditions": {
"userId": "${user.id}"
}
},
{
"action": "manage",
"subject": "archive",
"conditions": {
"ingestionSource.userId": "${user.id}" // also needs to give permission to archived emails created by the user
}
}
]
```
### Global Read-Only Auditor
This policy grants read and search access across most of the application's resources, making it suitable for an auditor who needs to view data without modifying it.
```json
[
{
"action": ["read", "search"],
"subject": ["ingestion", "archive", "dashboard", "users", "roles"]
}
]
```
### Ingestion Admin
This policy grants full control over all ingestion sources and archives, but no other resources.
```json
[
{
"action": "manage",
"subject": "ingestion"
}
]
```
### Auditor for Specific Ingestion Sources
This policy demonstrates how to grant access to a specific list of ingestion sources using the `$in` operator.
```json
[
{
"action": ["read", "search"],
"subject": "ingestion",
"conditions": {
"id": {
"$in": ["INGESTION_ID_1", "INGESTION_ID_2"]
}
}
}
]
```
### Limit Access to a Specific Mailbox
This policy grants a user access to a specific ingestion source, but only allows them to see emails belonging to a single user within that source.
This is achieved by defining two specific `can` rules: The rule grants `read` and `search` access to the `archive` subject, but the `userEmail` must match.
```json
[
{
"action": ["read", "search"],
"subject": "archive",
"conditions": {
"userEmail": "user1@example.com"
}
}
]
```

32
docs/user-guides/settings/system.md Normal file
View File

@@ -0,0 +1,32 @@
# System Settings
System settings allow administrators to configure the global look and theme of the application. These settings apply to all users.
## Configuration
### Language
This setting determines the default display language for the application UI. The selected language will be used for all interface elements, including menus, labels, and messages.
> **Important:** When the language is changed, the backend (API) language will only change after a restart of the server. The frontend will update immediately.
Supported languages:
- English
- German
- French
- Estonian
- Spanish
- Italian
- Portuguese
- Dutch
- Greek
- Japanese
### Default Theme
This setting controls the default color theme for the application. Users can choose between light, dark, or system default. The system default theme will sync with the user's operating system theme.
### Support Email
This setting allows administrators to provide a public-facing email address for user support inquiries. This email address may be displayed on error pages or in other areas where users may need to contact support.

7
packages/backend/package.json
View File

@@ -5,7 +5,8 @@
"main": "dist/index.js",
"scripts": {
"dev": "ts-node-dev --respawn --transpile-only src/index.ts ",
"build": "tsc",
"build": "tsc && pnpm copy-assets",
"copy-assets": "cp -r src/locales dist/locales",
"start": "node dist/index.js",
"start:ingestion-worker": "node dist/workers/ingestion.worker.js",
"start:indexing-worker": "node dist/workers/indexing.worker.js",
@@ -22,6 +23,7 @@
"@aws-sdk/client-s3": "^3.844.0",
"@aws-sdk/lib-storage": "^3.844.0",
"@azure/msal-node": "^3.6.3",
"@casl/ability": "^6.7.3",
"@microsoft/microsoft-graph-client": "^3.0.7",
"@open-archiver/types": "workspace:*",
"archiver": "^7.0.1",
@@ -39,6 +41,9 @@
"express-validator": "^7.2.1",
"google-auth-library": "^10.1.0",
"googleapis": "^152.0.0",
"i18next": "^25.4.2",
"i18next-fs-backend": "^2.6.0",
"i18next-http-middleware": "^3.8.0",
"imapflow": "^1.0.191",
"jose": "^6.0.11",
"mailparser": "^3.7.4",

28
packages/backend/src/api/controllers/archived-email.controller.ts
View File

@@ -8,36 +8,48 @@ export class ArchivedEmailController {
const { ingestionSourceId } = req.params;
const page = parseInt(req.query.page as string, 10) || 1;
const limit = parseInt(req.query.limit as string, 10) || 10;
const userId = req.user?.sub;
if (!userId) {
return res.status(401).json({ message: req.t('errors.unauthorized') });
}
const result = await ArchivedEmailService.getArchivedEmails(
ingestionSourceId,
page,
limit
limit,
userId
);
return res.status(200).json(result);
} catch (error) {
console.error('Get archived emails error:', error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public getArchivedEmailById = async (req: Request, res: Response): Promise<Response> => {
try {
const { id } = req.params;
const email = await ArchivedEmailService.getArchivedEmailById(id);
const userId = req.user?.sub;
if (!userId) {
return res.status(401).json({ message: req.t('errors.unauthorized') });
}
const email = await ArchivedEmailService.getArchivedEmailById(id, userId);
if (!email) {
return res.status(404).json({ message: 'Archived email not found' });
return res.status(404).json({ message: req.t('archivedEmail.notFound') });
}
return res.status(200).json(email);
} catch (error) {
console.error(`Get archived email by id ${req.params.id} error:`, error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public deleteArchivedEmail = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
@@ -47,11 +59,11 @@ export class ArchivedEmailController {
console.error(`Delete archived email ${req.params.id} error:`, error);
if (error instanceof Error) {
if (error.message === 'Archived email not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('archivedEmail.notFound') });
}
return res.status(500).json({ message: error.message });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
}

61
packages/backend/src/api/controllers/auth.controller.ts
View File

@@ -1,10 +1,13 @@
import type { Request, Response } from 'express';
import { AuthService } from '../../services/AuthService';
import { UserService } from '../../services/UserService';
import { IamService } from '../../services/IamService';
import { db } from '../../database';
import * as schema from '../../database/schema';
import { sql } from 'drizzle-orm';
import { eq, sql } from 'drizzle-orm';
import 'dotenv/config';
import { AuthorizationService } from '../../services/AuthorizationService';
import { CaslPolicy } from '@open-archiver/types';
export class AuthController {
#authService: AuthService;
@@ -24,7 +27,7 @@ export class AuthController {
const { email, password, first_name, last_name } = req.body;
if (!email || !password || !first_name || !last_name) {
return res.status(400).json({ message: 'Email, password, and name are required' });
return res.status(400).json({ message: req.t('auth.setup.allFieldsRequired') });
}
try {
@@ -34,7 +37,7 @@ export class AuthController {
const userCount = Number(userCountResult[0].count);
if (userCount > 0) {
return res.status(403).json({ message: 'Setup has already been completed.' });
return res.status(403).json({ message: req.t('auth.setup.alreadyCompleted') });
}
const newUser = await this.#userService.createAdminUser(
@@ -45,7 +48,7 @@ export class AuthController {
return res.status(201).json(result);
} catch (error) {
console.error('Setup error:', error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
@@ -53,32 +56,60 @@ export class AuthController {
const { email, password } = req.body;
if (!email || !password) {
return res.status(400).json({ message: 'Email and password are required' });
return res.status(400).json({ message: req.t('auth.login.emailAndPasswordRequired') });
}
try {
const result = await this.#authService.login(email, password);
if (!result) {
return res.status(401).json({ message: 'Invalid credentials' });
return res.status(401).json({ message: req.t('auth.login.invalidCredentials') });
}
return res.status(200).json(result);
} catch (error) {
console.error('Login error:', error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public status = async (req: Request, res: Response): Promise<Response> => {
try {
const userCountResult = await db
.select({ count: sql<number>`count(*)` })
.from(schema.users);
const userCount = Number(userCountResult[0].count);
const needsSetup = userCount === 0;
const users = await db.select().from(schema.users);
/**
* Check the situation where the only user has "Super Admin" role, but they don't actually have Super Admin permission because the role was set up in an earlier version, we need to change that "Super Admin" role to the one used in the current version.
*/
if (users.length === 1) {
const iamService = new IamService();
const userRoles = await iamService.getRolesForUser(users[0].id);
if (userRoles.some((r) => r.name === 'Super Admin')) {
const authorizationService = new AuthorizationService();
const hasAdminPermission = await authorizationService.can(
users[0].id,
'manage',
'all'
);
if (!hasAdminPermission) {
const suerAdminPolicies: CaslPolicy[] = [
{
action: 'manage',
subject: 'all',
},
];
await db
.update(schema.roles)
.set({
policies: suerAdminPolicies,
slug: 'predefined_super_admin',
})
.where(eq(schema.roles.name, 'Super Admin'));
}
}
}
// in case user uses older version with admin user variables, we will create the admin user using those variables.
if (needsSetup && process.env.ADMIN_EMAIL && process.env.ADMIN_PASSWORD) {
const needsSetupUser = users.length === 0;
if (needsSetupUser && process.env.ADMIN_EMAIL && process.env.ADMIN_PASSWORD) {
await this.#userService.createAdminUser(
{
email: process.env.ADMIN_EMAIL,
@@ -90,10 +121,10 @@ export class AuthController {
);
return res.status(200).json({ needsSetup: false });
}
return res.status(200).json({ needsSetup });
return res.status(200).json({ needsSetupUser });
} catch (error) {
console.error('Status check error:', error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
}

132
packages/backend/src/api/controllers/iam.controller.ts
View File

@@ -1,7 +1,9 @@
import { Request, Response } from 'express';
import { IamService } from '../../services/IamService';
import { PolicyValidator } from '../../iam-policy/policy-validator';
import type { PolicyStatement } from '@open-archiver/types';
import type { CaslPolicy } from '@open-archiver/types';
import { logger } from '../../config/logger';
import { config } from '../../config';
export class IamController {
#iamService: IamService;
@@ -12,10 +14,15 @@ export class IamController {
public getRoles = async (req: Request, res: Response): Promise<void> => {
try {
const roles = await this.#iamService.getRoles();
let roles = await this.#iamService.getRoles();
if (!roles.some((r) => r.slug?.includes('predefined_'))) {
// create pre defined roles
logger.info({}, 'Creating predefined roles');
await this.createDefaultRoles();
}
res.status(200).json(roles);
} catch (error) {
res.status(500).json({ error: 'Failed to get roles.' });
res.status(500).json({ message: req.t('iam.failedToGetRoles') });
}
};
@@ -27,45 +34,128 @@ export class IamController {
if (role) {
res.status(200).json(role);
} else {
res.status(404).json({ error: 'Role not found.' });
res.status(404).json({ message: req.t('iam.roleNotFound') });
}
} catch (error) {
res.status(500).json({ error: 'Failed to get role.' });
res.status(500).json({ message: req.t('iam.failedToGetRole') });
}
};
public createRole = async (req: Request, res: Response): Promise<void> => {
const { name, policy } = req.body;
public createRole = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const { name, policies } = req.body;
if (!name || !policy) {
res.status(400).json({ error: 'Missing required fields: name and policy.' });
if (!name || !policies) {
res.status(400).json({ message: req.t('iam.missingRoleFields') });
return;
}
for (const statement of policy) {
const { valid, reason } = PolicyValidator.isValid(statement as PolicyStatement);
if (!valid) {
res.status(400).json({ error: `Invalid policy statement: ${reason}` });
return;
}
}
try {
const role = await this.#iamService.createRole(name, policy);
for (const statement of policies) {
const { valid, reason } = PolicyValidator.isValid(statement as CaslPolicy);
if (!valid) {
res.status(400).json({ message: `${req.t('iam.invalidPolicy')} ${reason}` });
return;
}
}
const role = await this.#iamService.createRole(name, policies);
res.status(201).json(role);
} catch (error) {
res.status(500).json({ error: 'Failed to create role.' });
console.log(error);
res.status(500).json({ message: req.t('iam.failedToCreateRole') });
}
};
public deleteRole = async (req: Request, res: Response): Promise<void> => {
public deleteRole = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const { id } = req.params;
try {
await this.#iamService.deleteRole(id);
res.status(204).send();
} catch (error) {
res.status(500).json({ error: 'Failed to delete role.' });
res.status(500).json({ message: req.t('iam.failedToDeleteRole') });
}
};
public updateRole = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const { id } = req.params;
const { name, policies } = req.body;
if (!name && !policies) {
res.status(400).json({ message: req.t('iam.missingUpdateFields') });
return;
}
if (policies) {
for (const statement of policies) {
const { valid, reason } = PolicyValidator.isValid(statement as CaslPolicy);
if (!valid) {
res.status(400).json({ message: `${req.t('iam.invalidPolicy')} ${reason}` });
return;
}
}
}
try {
const role = await this.#iamService.updateRole(id, { name, policies });
res.status(200).json(role);
} catch (error) {
res.status(500).json({ message: req.t('iam.failedToUpdateRole') });
}
};
private createDefaultRoles = async () => {
try {
// end user who can manage its own data, and create new ingestions.
await this.#iamService.createRole(
'End user',
[
{
action: 'read',
subject: 'dashboard',
},
{
action: 'create',
subject: 'ingestion',
},
{
action: 'manage',
subject: 'ingestion',
conditions: {
userId: '${user.id}',
},
},
{
action: 'manage',
subject: 'archive',
conditions: {
'ingestionSource.userId': '${user.id}',
},
},
],
'predefined_end_user'
);
// read only
await this.#iamService.createRole(
'Read only',
[
{
action: ['read', 'search'],
subject: ['ingestion', 'archive', 'dashboard', 'users', 'roles'],
},
],
'predefined_read_only_user'
);
} catch (error) {
logger.error({}, 'Failed to create default roles');
}
};
}

57
packages/backend/src/api/controllers/ingestion.controller.ts
View File

@@ -23,31 +23,38 @@ export class IngestionController {
public create = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const dto: CreateIngestionSourceDto = req.body;
const newSource = await IngestionService.create(dto);
const userId = req.user?.sub;
if (!userId) {
return res.status(401).json({ message: req.t('errors.unauthorized') });
}
const newSource = await IngestionService.create(dto, userId);
const safeSource = this.toSafeIngestionSource(newSource);
return res.status(201).json(safeSource);
} catch (error: any) {
logger.error({ err: error }, 'Create ingestion source error');
// Return a 400 Bad Request for connection errors
return res.status(400).json({
message:
error.message || 'Failed to create ingestion source due to a connection error.',
message: error.message || req.t('ingestion.failedToCreate'),
});
}
};
public findAll = async (req: Request, res: Response): Promise<Response> => {
try {
const sources = await IngestionService.findAll();
const userId = req.user?.sub;
if (!userId) {
return res.status(401).json({ message: req.t('errors.unauthorized') });
}
const sources = await IngestionService.findAll(userId);
const safeSources = sources.map(this.toSafeIngestionSource);
return res.status(200).json(safeSources);
} catch (error) {
console.error('Find all ingestion sources error:', error);
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
@@ -60,15 +67,15 @@ export class IngestionController {
} catch (error) {
console.error(`Find ingestion source by id ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public update = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
@@ -79,15 +86,15 @@ export class IngestionController {
} catch (error) {
console.error(`Update ingestion source ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public delete = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
@@ -96,32 +103,32 @@ export class IngestionController {
} catch (error) {
console.error(`Delete ingestion source ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public triggerInitialImport = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
await IngestionService.triggerInitialImport(id);
return res.status(202).json({ message: 'Initial import triggered successfully.' });
return res.status(202).json({ message: req.t('ingestion.initialImportTriggered') });
} catch (error) {
console.error(`Trigger initial import for ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public pause = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
@@ -131,26 +138,26 @@ export class IngestionController {
} catch (error) {
console.error(`Pause ingestion source ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
public triggerForceSync = async (req: Request, res: Response): Promise<Response> => {
if (config.app.isDemo) {
return res.status(403).json({ message: 'This operation is not allowed in demo mode.' });
return res.status(403).json({ message: req.t('errors.demoMode') });
}
try {
const { id } = req.params;
await IngestionService.triggerForceSync(id);
return res.status(202).json({ message: 'Force sync triggered successfully.' });
return res.status(202).json({ message: req.t('ingestion.forceSyncTriggered') });
} catch (error) {
console.error(`Trigger force sync for ${req.params.id} error:`, error);
if (error instanceof Error && error.message === 'Ingestion source not found') {
return res.status(404).json({ message: error.message });
return res.status(404).json({ message: req.t('ingestion.notFound') });
}
return res.status(500).json({ message: 'An internal server error occurred' });
return res.status(500).json({ message: req.t('errors.internalServerError') });
}
};
}

27
packages/backend/src/api/controllers/search.controller.ts
View File

@@ -12,22 +12,31 @@ export class SearchController {
public search = async (req: Request, res: Response): Promise<void> => {
try {
const { keywords, page, limit, matchingStrategy } = req.query;
const userId = req.user?.sub;
if (!keywords) {
res.status(400).json({ message: 'Keywords are required' });
if (!userId) {
res.status(401).json({ message: req.t('errors.unauthorized') });
return;
}
const results = await this.searchService.searchEmails({
query: keywords as string,
page: page ? parseInt(page as string) : 1,
limit: limit ? parseInt(limit as string) : 10,
matchingStrategy: matchingStrategy as MatchingStrategies,
});
if (!keywords) {
res.status(400).json({ message: req.t('search.keywordsRequired') });
return;
}
const results = await this.searchService.searchEmails(
{
query: keywords as string,
page: page ? parseInt(page as string) : 1,
limit: limit ? parseInt(limit as string) : 10,
matchingStrategy: matchingStrategy as MatchingStrategies,
},
userId
);
res.status(200).json(results);
} catch (error) {
const message = error instanceof Error ? error.message : 'An unknown error occurred';
const message = error instanceof Error ? error.message : req.t('errors.unknown');
res.status(500).json({ message });
}
};

25
packages/backend/src/api/controllers/settings.controller.ts Normal file
View File

@@ -0,0 +1,25 @@
import type { Request, Response } from 'express';
import { SettingsService } from '../../services/SettingsService';
const settingsService = new SettingsService();
export const getSettings = async (req: Request, res: Response) => {
try {
const settings = await settingsService.getSettings();
res.status(200).json(settings);
} catch (error) {
// A more specific error could be logged here
res.status(500).json({ message: req.t('settings.failedToRetrieve') });
}
};
export const updateSettings = async (req: Request, res: Response) => {
try {
// Basic validation can be performed here if necessary
const updatedSettings = await settingsService.updateSettings(req.body);
res.status(200).json(updatedSettings);
} catch (error) {
// A more specific error could be logged here
res.status(500).json({ message: req.t('settings.failedToUpdate') });
}
};

8
packages/backend/src/api/controllers/storage.controller.ts
View File

@@ -10,7 +10,7 @@ export class StorageController {
const unsafePath = req.query.path as string;
if (!unsafePath) {
res.status(400).send('File path is required');
res.status(400).send(req.t('storage.filePathRequired'));
return;
}
@@ -24,7 +24,7 @@ export class StorageController {
const fullPath = path.join(basePath, normalizedPath);
if (!fullPath.startsWith(basePath)) {
res.status(400).send('Invalid file path');
res.status(400).send(req.t('storage.invalidFilePath'));
return;
}
@@ -34,7 +34,7 @@ export class StorageController {
try {
const fileExists = await this.storageService.exists(safePath);
if (!fileExists) {
res.status(404).send('File not found');
res.status(404).send(req.t('storage.fileNotFound'));
return;
}
@@ -44,7 +44,7 @@ export class StorageController {
fileStream.pipe(res);
} catch (error) {
console.error('Error downloading file:', error);
res.status(500).send('Error downloading file');
res.status(500).send(req.t('storage.downloadError'));
}
};
}

66
packages/backend/src/api/controllers/user.controller.ts Normal file
View File

@@ -0,0 +1,66 @@
import { Request, Response } from 'express';
import { UserService } from '../../services/UserService';
import * as schema from '../../database/schema';
import { sql } from 'drizzle-orm';
import { db } from '../../database';
import { config } from '../../config';
const userService = new UserService();
export const getUsers = async (req: Request, res: Response) => {
const users = await userService.findAll();
res.json(users);
};
export const getUser = async (req: Request, res: Response) => {
const user = await userService.findById(req.params.id);
if (!user) {
return res.status(404).json({ message: req.t('user.notFound') });
}
res.json(user);
};
export const createUser = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const { email, first_name, last_name, password, roleId } = req.body;
const newUser = await userService.createUser(
{ email, first_name, last_name, password },
roleId
);
res.status(201).json(newUser);
};
export const updateUser = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const { email, first_name, last_name, roleId } = req.body;
const updatedUser = await userService.updateUser(
req.params.id,
{ email, first_name, last_name },
roleId
);
if (!updatedUser) {
return res.status(404).json({ message: req.t('user.notFound') });
}
res.json(updatedUser);
};
export const deleteUser = async (req: Request, res: Response) => {
if (config.app.isDemo) {
return res.status(403).json({ message: req.t('errors.demoMode') });
}
const userCountResult = await db.select({ count: sql<number>`count(*)` }).from(schema.users);
const isOnlyUser = Number(userCountResult[0].count) === 1;
if (isOnlyUser) {
return res.status(400).json({
message: req.t('user.cannotDeleteOnlyUser'),
});
}
await userService.deleteUser(req.params.id);
res.status(204).send();
};

38
packages/backend/src/api/middleware/requirePermission.ts Normal file
View File

@@ -0,0 +1,38 @@
import { AuthorizationService } from '../../services/AuthorizationService';
import type { Request, Response, NextFunction } from 'express';
import { AppActions, AppSubjects } from '@open-archiver/types';
export const requirePermission = (
action: AppActions,
subjectName: AppSubjects,
rejectMessage?: string
) => {
return async (req: Request, res: Response, next: NextFunction) => {
const userId = req.user?.sub;
if (!userId) {
return res.status(401).json({ message: 'Unauthorized' });
}
let resourceObject = undefined;
// Logic to fetch resourceObject if needed for condition-based checks...
const authorizationService = new AuthorizationService();
const hasPermission = await authorizationService.can(
userId,
action,
subjectName,
resourceObject
);
if (!hasPermission) {
const message = rejectMessage
? req.t(rejectMessage)
: req.t('errors.noPermissionToAction');
return res.status(403).json({
message,
});
}
next();
};
};

19
packages/backend/src/api/routes/archived-email.routes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { ArchivedEmailController } from '../controllers/archived-email.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createArchivedEmailRouter = (
@@ -12,11 +13,23 @@ export const createArchivedEmailRouter = (
// Secure all routes in this module
router.use(requireAuth(authService));
router.get('/ingestion-source/:ingestionSourceId', archivedEmailController.getArchivedEmails);
router.get(
'/ingestion-source/:ingestionSourceId',
requirePermission('read', 'archive'),
archivedEmailController.getArchivedEmails
);
router.get('/:id', archivedEmailController.getArchivedEmailById);
router.get(
'/:id',
requirePermission('read', 'archive'),
archivedEmailController.getArchivedEmailById
);
router.delete('/:id', archivedEmailController.deleteArchivedEmail);
router.delete(
'/:id',
requirePermission('delete', 'archive'),
archivedEmailController.deleteArchivedEmail
);
return router;
};

31
packages/backend/src/api/routes/dashboard.routes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { dashboardController } from '../controllers/dashboard.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createDashboardRouter = (authService: AuthService): Router => {
@@ -8,11 +9,31 @@ export const createDashboardRouter = (authService: AuthService): Router => {
router.use(requireAuth(authService));
router.get('/stats', dashboardController.getStats);
router.get('/ingestion-history', dashboardController.getIngestionHistory);
router.get('/ingestion-sources', dashboardController.getIngestionSources);
router.get('/recent-syncs', dashboardController.getRecentSyncs);
router.get('/indexed-insights', dashboardController.getIndexedInsights);
router.get(
'/stats',
requirePermission('read', 'dashboard', 'dashboard.permissionRequired'),
dashboardController.getStats
);
router.get(
'/ingestion-history',
requirePermission('read', 'dashboard', 'dashboard.permissionRequired'),
dashboardController.getIngestionHistory
);
router.get(
'/ingestion-sources',
requirePermission('read', 'dashboard', 'dashboard.permissionRequired'),
dashboardController.getIngestionSources
);
router.get(
'/recent-syncs',
requirePermission('read', 'dashboard', 'dashboard.permissionRequired'),
dashboardController.getRecentSyncs
);
router.get(
'/indexed-insights',
requirePermission('read', 'dashboard', 'dashboard.permissionRequired'),
dashboardController.getIndexedInsights
);
return router;
};

42
packages/backend/src/api/routes/iam.routes.ts
View File

@@ -1,36 +1,42 @@
import { Router } from 'express';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import type { IamController } from '../controllers/iam.controller';
import type { AuthService } from '../../services/AuthService';
export const createIamRouter = (iamController: IamController): Router => {
export const createIamRouter = (iamController: IamController, authService: AuthService): Router => {
const router = Router();
router.use(requireAuth(authService));
/**
* @route GET /api/v1/iam/roles
* @description Gets all roles.
* @access Private
*/
router.get('/roles', requireAuth, iamController.getRoles);
router.get('/roles', requirePermission('read', 'roles'), iamController.getRoles);
router.get('/roles/:id', requirePermission('read', 'roles'), iamController.getRoleById);
/**
* @route GET /api/v1/iam/roles/:id
* @description Gets a role by ID.
* @access Private
* Only super admin has the ability to modify existing roles or create new roles.
*/
router.get('/roles/:id', requireAuth, iamController.getRoleById);
router.post(
'/roles',
requirePermission('manage', 'all', 'iam.requiresSuperAdminRole'),
iamController.createRole
);
/**
* @route POST /api/v1/iam/roles
* @description Creates a new role.
* @access Private
*/
router.post('/roles', requireAuth, iamController.createRole);
router.delete(
'/roles/:id',
requirePermission('manage', 'all', 'iam.requiresSuperAdminRole'),
iamController.deleteRole
);
/**
* @route DELETE /api/v1/iam/roles/:id
* @description Deletes a role.
* @access Private
*/
router.delete('/roles/:id', requireAuth, iamController.deleteRole);
router.put(
'/roles/:id',
requirePermission('manage', 'all', 'iam.requiresSuperAdminRole'),
iamController.updateRole
);
return router;
};

25
packages/backend/src/api/routes/ingestion.routes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { IngestionController } from '../controllers/ingestion.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createIngestionRouter = (
@@ -12,21 +13,29 @@ export const createIngestionRouter = (
// Secure all routes in this module
router.use(requireAuth(authService));
router.post('/', ingestionController.create);
router.post('/', requirePermission('create', 'ingestion'), ingestionController.create);
router.get('/', ingestionController.findAll);
router.get('/', requirePermission('read', 'ingestion'), ingestionController.findAll);
router.get('/:id', ingestionController.findById);
router.get('/:id', requirePermission('read', 'ingestion'), ingestionController.findById);
router.put('/:id', ingestionController.update);
router.put('/:id', requirePermission('update', 'ingestion'), ingestionController.update);
router.delete('/:id', ingestionController.delete);
router.delete('/:id', requirePermission('delete', 'ingestion'), ingestionController.delete);
router.post('/:id/import', ingestionController.triggerInitialImport);
router.post(
'/:id/import',
requirePermission('create', 'ingestion'),
ingestionController.triggerInitialImport
);
router.post('/:id/pause', ingestionController.pause);
router.post('/:id/pause', requirePermission('update', 'ingestion'), ingestionController.pause);
router.post('/:id/sync', ingestionController.triggerForceSync);
router.post(
'/:id/sync',
requirePermission('sync', 'ingestion'),
ingestionController.triggerForceSync
);
return router;
};

3
packages/backend/src/api/routes/search.routes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { SearchController } from '../controllers/search.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createSearchRouter = (
@@ -11,7 +12,7 @@ export const createSearchRouter = (
router.use(requireAuth(authService));
router.get('/', searchController.search);
router.get('/', requirePermission('search', 'archive'), searchController.search);
return router;
};

25
packages/backend/src/api/routes/settings.routes.ts Normal file
View File

@@ -0,0 +1,25 @@
import { Router } from 'express';
import * as settingsController from '../controllers/settings.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createSettingsRouter = (authService: AuthService): Router => {
const router = Router();
// Public route to get non-sensitive settings. settings read should not be scoped with a permission because all end users need the settings data in the frontend. However, for sensitive settings data, we need to add a new permission subject to limit access. So this route should only expose non-sensitive settings data.
/**
* @returns SystemSettings
*/
router.get('/', settingsController.getSettings);
// Protected route to update settings
router.put(
'/',
requireAuth(authService),
requirePermission('manage', 'settings', 'settings.noPermissionToUpdate'),
settingsController.updateSettings
);
return router;
};

3
packages/backend/src/api/routes/storage.routes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { StorageController } from '../controllers/storage.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createStorageRouter = (
@@ -12,7 +13,7 @@ export const createStorageRouter = (
// Secure all routes in this module
router.use(requireAuth(authService));
router.get('/download', storageController.downloadFile);
router.get('/download', requirePermission('read', 'archive'), storageController.downloadFile);
return router;
};

6
packages/backend/src/api/routes/test.routes.ts
View File

@@ -1,6 +0,0 @@
import { Router } from 'express';
import { ingestionQueue } from '../../jobs/queues';
const router: Router = Router();
export default router;

3
packages/backend/src/api/routes/upload.routes.ts
View File

@@ -2,13 +2,14 @@ import { Router } from 'express';
import { uploadFile } from '../controllers/upload.controller';
import { requireAuth } from '../middleware/requireAuth';
import { AuthService } from '../../services/AuthService';
import { requirePermission } from '../middleware/requirePermission';
export const createUploadRouter = (authService: AuthService): Router => {
const router = Router();
router.use(requireAuth(authService));
router.post('/', uploadFile);
router.post('/', requirePermission('create', 'ingestion'), uploadFile);
return router;
};

38
packages/backend/src/api/routes/user.routes.ts Normal file
View File

@@ -0,0 +1,38 @@
import { Router } from 'express';
import * as userController from '../controllers/user.controller';
import { requireAuth } from '../middleware/requireAuth';
import { requirePermission } from '../middleware/requirePermission';
import { AuthService } from '../../services/AuthService';
export const createUserRouter = (authService: AuthService): Router => {
const router = Router();
router.use(requireAuth(authService));
router.get('/', requirePermission('read', 'users'), userController.getUsers);
router.get('/:id', requirePermission('read', 'users'), userController.getUser);
/**
* Only super admin has the ability to modify existing users or create new users.
*/
router.post(
'/',
requirePermission('manage', 'all', 'user.requiresSuperAdminRole'),
userController.createUser
);
router.put(
'/:id',
requirePermission('manage', 'all', 'user.requiresSuperAdminRole'),
userController.updateUser
);
router.delete(
'/:id',
requirePermission('manage', 'all', 'user.requiresSuperAdminRole'),
userController.deleteUser
);
return router;
};

2
packages/backend/src/database/migrations/0015_wakeful_norman_osborn.sql Normal file
View File

@@ -0,0 +1,2 @@
ALTER TABLE "ingestion_sources" ADD COLUMN "user_id" uuid;--> statement-breakpoint
ALTER TABLE "ingestion_sources" ADD CONSTRAINT "ingestion_sources_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE cascade ON UPDATE no action;

2
packages/backend/src/database/migrations/0016_lonely_mariko_yashida.sql Normal file
View File

@@ -0,0 +1,2 @@
ALTER TABLE "roles" ADD COLUMN "slug" text;--> statement-breakpoint
ALTER TABLE "roles" ADD CONSTRAINT "roles_slug_unique" UNIQUE("slug");

4
packages/backend/src/database/migrations/0017_tranquil_shooting_star.sql Normal file
View File

@@ -0,0 +1,4 @@
CREATE TABLE "system_settings" (
"id" serial PRIMARY KEY NOT NULL,
"config" jsonb NOT NULL
);

1067
packages/backend/src/database/migrations/meta/0015_snapshot.json Normal file
View File

File diff suppressed because it is too large Load Diff

1078
packages/backend/src/database/migrations/meta/0016_snapshot.json Normal file
View File

File diff suppressed because it is too large Load Diff

1103
packages/backend/src/database/migrations/meta/0017_snapshot.json Normal file
View File

File diff suppressed because it is too large Load Diff

21
packages/backend/src/database/migrations/meta/_journal.json
View File

@@ -106,6 +106,27 @@
"when": 1754831765718,
"tag": "0014_foamy_vapor",
"breakpoints": true
},
{
"idx": 15,
"version": "7",
"when": 1755443936046,
"tag": "0015_wakeful_norman_osborn",
"breakpoints": true
},
{
"idx": 16,
"version": "7",
"when": 1755780572342,
"tag": "0016_lonely_mariko_yashida",
"breakpoints": true
},
{
"idx": 17,
"version": "7",
"when": 1755961566627,
"tag": "0017_tranquil_shooting_star",
"breakpoints": true
}
]
}

1
packages/backend/src/database/schema.ts
View File

@@ -5,3 +5,4 @@ export * from './schema/compliance';
export * from './schema/custodians';
export * from './schema/ingestion-sources';
export * from './schema/users';
export * from './schema/system-settings';

10
packages/backend/src/database/schema/ingestion-sources.ts
View File

@@ -1,4 +1,6 @@
import { jsonb, pgEnum, pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core';
import { users } from './users';
import { relations } from 'drizzle-orm';
export const ingestionProviderEnum = pgEnum('ingestion_provider', [
'google_workspace',
@@ -21,6 +23,7 @@ export const ingestionStatusEnum = pgEnum('ingestion_status', [
export const ingestionSources = pgTable('ingestion_sources', {
id: uuid('id').primaryKey().defaultRandom(),
userId: uuid('user_id').references(() => users.id, { onDelete: 'cascade' }),
name: text('name').notNull(),
provider: ingestionProviderEnum('provider').notNull(),
credentials: text('credentials'),
@@ -32,3 +35,10 @@ export const ingestionSources = pgTable('ingestion_sources', {
createdAt: timestamp('created_at', { withTimezone: true }).notNull().defaultNow(),
updatedAt: timestamp('updated_at', { withTimezone: true }).notNull().defaultNow(),
});
export const ingestionSourcesRelations = relations(ingestionSources, ({ one }) => ({
user: one(users, {
fields: [ingestionSources.userId],
references: [users.id],
}),
}));

7
packages/backend/src/database/schema/system-settings.ts Normal file
View File

@@ -0,0 +1,7 @@
import { pgTable, serial, jsonb } from 'drizzle-orm/pg-core';
import type { SystemSettings } from '@open-archiver/types';
export const systemSettings = pgTable('system_settings', {
id: serial('id').primaryKey(),
config: jsonb('config').$type<SystemSettings>().notNull(),
});

5
packages/backend/src/database/schema/users.ts
View File

@@ -1,6 +1,6 @@
import { relations, sql } from 'drizzle-orm';
import { pgTable, text, timestamp, uuid, primaryKey, jsonb } from 'drizzle-orm/pg-core';
import type { PolicyStatement } from '@open-archiver/types';
import type { CaslPolicy } from '@open-archiver/types';
/**
* The `users` table stores the core user information for authentication and identification.
@@ -40,9 +40,10 @@ export const roles = pgTable('roles', {
id: uuid('id').primaryKey().defaultRandom(),
name: text('name').notNull().unique(),
policies: jsonb('policies')
.$type<PolicyStatement[]>()
.$type<CaslPolicy[]>()
.notNull()
.default(sql`'[]'::jsonb`),
slug: text('slug').unique(),
createdAt: timestamp('created_at').defaultNow().notNull(),
updatedAt: timestamp('updated_at').defaultNow().notNull(),
});

95
packages/backend/src/helpers/mongoToDrizzle.ts Normal file
View File

@@ -0,0 +1,95 @@
import { SQL, and, or, not, eq, gt, gte, lt, lte, inArray, isNull, sql } from 'drizzle-orm';
const camelToSnakeCase = (str: string) =>
str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
const relationToTableMap: Record<string, string> = {
ingestionSource: 'ingestion_sources',
// TBD: Add other relations here as needed
};
function getDrizzleColumn(key: string): SQL {
const keyParts = key.split('.');
if (keyParts.length > 1) {
const relationName = keyParts[0];
const columnName = camelToSnakeCase(keyParts[1]);
const tableName = relationToTableMap[relationName];
if (tableName) {
return sql.raw(`"${tableName}"."${columnName}"`);
}
}
return sql`${sql.identifier(camelToSnakeCase(key))}`;
}
export function mongoToDrizzle(query: Record<string, any>): SQL | undefined {
const conditions: (SQL | undefined)[] = [];
for (const key in query) {
const value = query[key];
if (key === '$or') {
conditions.push(or(...(value as any[]).map(mongoToDrizzle).filter(Boolean)));
continue;
}
if (key === '$and') {
conditions.push(and(...(value as any[]).map(mongoToDrizzle).filter(Boolean)));
continue;
}
if (key === '$not') {
const subQuery = mongoToDrizzle(value);
if (subQuery) {
conditions.push(not(subQuery));
}
continue;
}
const column = getDrizzleColumn(key);
if (typeof value === 'object' && value !== null) {
const operator = Object.keys(value)[0];
const operand = value[operator];
switch (operator) {
case '$eq':
conditions.push(eq(column, operand));
break;
case '$ne':
conditions.push(not(eq(column, operand)));
break;
case '$gt':
conditions.push(gt(column, operand));
break;
case '$gte':
conditions.push(gte(column, operand));
break;
case '$lt':
conditions.push(lt(column, operand));
break;
case '$lte':
conditions.push(lte(column, operand));
break;
case '$in':
conditions.push(inArray(column, operand));
break;
case '$nin':
conditions.push(not(inArray(column, operand)));
break;
case '$exists':
conditions.push(operand ? not(isNull(column)) : isNull(column));
break;
default:
// Unsupported operator
}
} else {
conditions.push(eq(column, value));
}
}
if (conditions.length === 0) {
return undefined;
}
return and(...conditions.filter((c): c is SQL => c !== undefined));
}

100
packages/backend/src/helpers/mongoToMeli.ts Normal file
View File

@@ -0,0 +1,100 @@
import { db } from '../database';
import { ingestionSources } from '../database/schema';
import { eq } from 'drizzle-orm';
const snakeToCamelCase = (str: string): string => {
return str.replace(/_([a-z])/g, (match, letter) => letter.toUpperCase());
};
function getMeliColumn(key: string): string {
const keyParts = key.split('.');
if (keyParts.length > 1) {
const relationName = keyParts[0];
const columnName = keyParts[1];
return `${relationName}.${columnName}`;
}
return snakeToCamelCase(key);
}
function quoteIfString(value: any): any {
if (typeof value === 'string') {
return `"${value}"`;
}
return value;
}
export async function mongoToMeli(query: Record<string, any>): Promise<string> {
const conditions: string[] = [];
for (const key of Object.keys(query)) {
const value = query[key];
if (key === '$or') {
const orConditions = await Promise.all(value.map(mongoToMeli));
conditions.push(`(${orConditions.join(' OR ')})`);
continue;
}
if (key === '$and') {
const andConditions = await Promise.all(value.map(mongoToMeli));
conditions.push(`(${andConditions.join(' AND ')})`);
continue;
}
if (key === '$not') {
conditions.push(`NOT (${await mongoToMeli(value)})`);
continue;
}
const column = getMeliColumn(key);
if (typeof value === 'object' && value !== null) {
const operator = Object.keys(value)[0];
const operand = value[operator];
switch (operator) {
case '$eq':
conditions.push(`${column} = ${quoteIfString(operand)}`);
break;
case '$ne':
conditions.push(`${column} != ${quoteIfString(operand)}`);
break;
case '$gt':
conditions.push(`${column} > ${operand}`);
break;
case '$gte':
conditions.push(`${column} >= ${operand}`);
break;
case '$lt':
conditions.push(`${column} < ${operand}`);
break;
case '$lte':
conditions.push(`${column} <= ${operand}`);
break;
case '$in':
conditions.push(`${column} IN [${operand.map(quoteIfString).join(', ')}]`);
break;
case '$nin':
conditions.push(`${column} NOT IN [${operand.map(quoteIfString).join(', ')}]`);
break;
case '$exists':
conditions.push(`${column} ${operand ? 'EXISTS' : 'NOT EXISTS'}`);
break;
default:
// Unsupported operator
}
} else {
if (column === 'ingestionSource.userId') {
// for the userId placeholder. (Await for a more elegant solution)
const ingestionsIds = await db
.select({ id: ingestionSources.id })
.from(ingestionSources)
.where(eq(ingestionSources.userId, value));
conditions.push(
`ingestionSourceId IN [${ingestionsIds.map((i) => quoteIfString(i.id)).join(', ')}]`
);
} else {
conditions.push(`${column} = ${quoteIfString(value)}`);
}
}
}
return conditions.join(' AND ');
}

118
packages/backend/src/iam-policy/ability.ts Normal file
View File

@@ -0,0 +1,118 @@
// packages/backend/src/iam-policy/ability.ts
import { createMongoAbility, MongoAbility, RawRuleOf } from '@casl/ability';
import { CaslPolicy, AppActions, AppSubjects } from '@open-archiver/types';
import { ingestionSources, archivedEmails, users, roles } from '../database/schema';
import { InferSelectModel } from 'drizzle-orm';
// Define the application's ability type
export type AppAbility = MongoAbility<[AppActions, AppSubjects]>;
// Helper type for raw rules
export type AppRawRule = RawRuleOf<AppAbility>;
// Represents the possible object types that can be passed as subjects for permission checks.
export type SubjectObject =
| InferSelectModel<typeof ingestionSources>
| InferSelectModel<typeof archivedEmails>
| InferSelectModel<typeof users>
| InferSelectModel<typeof roles>
| AppSubjects;
// Function to create an ability instance from policies stored in the database
export function createAbilityFor(policies: CaslPolicy[]) {
// We will not expand policies, if a role needs access to ingestion X and its archived emails, the policy should also grant access to archives belonging to ingestion X
// const allPolicies = expandPolicies(policies);
return createMongoAbility<AppAbility>(policies as AppRawRule[]);
}
/**
* @deprecated This function should not be used since we don't need the inheritable behavior anymore.
* Translates conditions on an 'ingestion' subject to equivalent conditions on an 'archive' subject.
* This is used to implement inherent permissions, where permission on an ingestion source
* implies permission on the emails it has ingested.
* @param conditions The original conditions object for the 'ingestion' subject.
* @returns A new conditions object for the 'archive' subject.
*/
function translateIngestionConditionsToArchive(
conditions: Record<string, any>
): Record<string, any> {
if (!conditions || typeof conditions !== 'object') {
return conditions;
}
const translated: Record<string, any> = {};
for (const key in conditions) {
const value = conditions[key];
// Handle logical operators recursively
if (['$or', '$and', '$nor'].includes(key) && Array.isArray(value)) {
translated[key] = value.map((v) => translateIngestionConditionsToArchive(v));
continue;
}
if (key === '$not' && typeof value === 'object' && value !== null) {
translated[key] = translateIngestionConditionsToArchive(value);
continue;
}
// Translate field names
let newKey = key;
if (key === 'id') {
newKey = 'ingestionSourceId';
} else if (['userId', 'name', 'provider', 'status'].includes(key)) {
newKey = `ingestionSource.${key}`;
}
translated[newKey] = value;
}
return translated;
}
/**
* @deprecated This function should not be used since we don't need the inheritable behavior anymore.
* Expands the given set of policies to include inherent permissions.
* For example, a permission on an 'ingestion' source is expanded to grant
* the same permission on 'archive' records related to that source.
* @param policies The original array of CASL policies.
* @returns A new array of policies including the expanded, inherent permissions.
*/
function expandPolicies(policies: CaslPolicy[]): CaslPolicy[] {
const expandedPolicies: CaslPolicy[] = JSON.parse(JSON.stringify(policies));
// Create a set of all actions that are already explicitly defined for the 'archive' subject.
const existingArchiveActions = new Set<string>();
policies.forEach((p) => {
if (p.subject === 'archive') {
const actions = Array.isArray(p.action) ? p.action : [p.action];
actions.forEach((a) => existingArchiveActions.add(a));
}
// Only expand `can` rules for the 'ingestion' subject.
if (p.subject === 'ingestion' && !p.inverted) {
const policyActions = Array.isArray(p.action) ? p.action : [p.action];
// Check if any action in the current ingestion policy already has an explicit archive policy.
const hasExplicitArchiveRule = policyActions.some(
(a) => existingArchiveActions.has(a) || existingArchiveActions.has('manage')
);
// If a more specific rule for 'archive' already exists, do not expand this ingestion rule,
// as it would create a conflicting, overly permissive rule.
if (hasExplicitArchiveRule) {
return;
}
const archivePolicy: CaslPolicy = {
...JSON.parse(JSON.stringify(p)),
subject: 'archive',
};
if (p.conditions) {
archivePolicy.conditions = translateIngestionConditionsToArchive(p.conditions);
}
expandedPolicies.push(archivePolicy);
}
});
policies.forEach((policy) => {});
return expandedPolicies;
}

116
packages/backend/src/iam-policy/iam-definitions.ts
View File

@@ -1,116 +0,0 @@
/**
* @file This file serves as the single source of truth for all Identity and Access Management (IAM)
* definitions within Open Archiver. Centralizing these definitions is an industry-standard practice
* that offers several key benefits:
*
* 1. **Prevents "Magic Strings"**: Avoids the use of hardcoded strings for actions and resources
* throughout the codebase, reducing the risk of typos and inconsistencies.
* 2. **Single Source of Truth**: Provides a clear, comprehensive, and maintainable list of all
* possible permissions in the system.
* 3. **Enables Validation**: Allows for the creation of a robust validation function that can
* programmatically check if a policy statement is valid before it is saved.
* 4. **Simplifies Auditing**: Makes it easy to audit and understand the scope of permissions
* that can be granted.
*
* The structure is inspired by AWS IAM, using a `service:operation` format for actions and a
* hierarchical, slash-separated path for resources.
*/
// ===================================================================================
// SERVICE: archive
// ===================================================================================
const ARCHIVE_ACTIONS = {
READ: 'archive:read',
SEARCH: 'archive:search',
EXPORT: 'archive:export',
} as const;
const ARCHIVE_RESOURCES = {
ALL: 'archive/all',
INGESTION_SOURCE: 'archive/ingestion-source/*',
MAILBOX: 'archive/mailbox/*',
CUSTODIAN: 'archive/custodian/*',
} as const;
// ===================================================================================
// SERVICE: ingestion
// ===================================================================================
const INGESTION_ACTIONS = {
CREATE_SOURCE: 'ingestion:createSource',
READ_SOURCE: 'ingestion:readSource',
UPDATE_SOURCE: 'ingestion:updateSource',
DELETE_SOURCE: 'ingestion:deleteSource',
MANAGE_SYNC: 'ingestion:manageSync', // Covers triggering, pausing, and forcing syncs
} as const;
const INGESTION_RESOURCES = {
ALL: 'ingestion-source/*',
SOURCE: 'ingestion-source/{sourceId}',
} as const;
// ===================================================================================
// SERVICE: system
// ===================================================================================
const SYSTEM_ACTIONS = {
READ_SETTINGS: 'system:readSettings',
UPDATE_SETTINGS: 'system:updateSettings',
READ_USERS: 'system:readUsers',
CREATE_USER: 'system:createUser',
UPDATE_USER: 'system:updateUser',
DELETE_USER: 'system:deleteUser',
ASSIGN_ROLE: 'system:assignRole',
} as const;
const SYSTEM_RESOURCES = {
SETTINGS: 'system/settings',
USERS: 'system/users',
USER: 'system/user/{userId}',
} as const;
// ===================================================================================
// SERVICE: dashboard
// ===================================================================================
const DASHBOARD_ACTIONS = {
READ: 'dashboard:read',
} as const;
const DASHBOARD_RESOURCES = {
ALL: 'dashboard/*',
} as const;
// ===================================================================================
// EXPORTED DEFINITIONS
// ===================================================================================
/**
* A comprehensive set of all valid IAM actions in the system.
* This is used by the policy validator to ensure that any action in a policy is recognized.
*/
export const ValidActions: Set<string> = new Set([
...Object.values(ARCHIVE_ACTIONS),
...Object.values(INGESTION_ACTIONS),
...Object.values(SYSTEM_ACTIONS),
...Object.values(DASHBOARD_ACTIONS),
]);
/**
* An object containing regular expressions for validating resource formats.
* The validator uses these patterns to ensure that resource strings in a policy
* conform to the expected structure.
*
* Logic:
* - The key represents the service (e.g., 'archive').
* - The value is a RegExp that matches all valid resource formats for that service.
* - This allows for flexible validation. For example, `archive/*` is a valid pattern,
* as is `archive/email/123-abc`.
*/
export const ValidResourcePatterns = {
archive: /^archive\/(all|ingestion-source\/[^\/]+|mailbox\/[^\/]+|custodian\/[^\/]+)$/,
ingestion: /^ingestion-source\/(\*|[^\/]+)$/,
system: /^system\/(settings|users|user\/[^\/]+)$/,
dashboard: /^dashboard\/\*$/,
};

107
packages/backend/src/iam-policy/policy-validator.ts
View File

@@ -1,106 +1,99 @@
import type { PolicyStatement } from '@open-archiver/types';
import { ValidActions, ValidResourcePatterns } from './iam-definitions';
import type { CaslPolicy, AppActions, AppSubjects } from '@open-archiver/types';
// Create sets of valid actions and subjects for efficient validation
const validActions: Set<AppActions> = new Set([
'manage',
'create',
'read',
'update',
'delete',
'search',
'export',
'sync',
]);
const validSubjects: Set<AppSubjects> = new Set([
'archive',
'ingestion',
'settings',
'users',
'roles',
'dashboard',
'all',
]);
/**
* @class PolicyValidator
*
* This class provides a static method to validate an IAM policy statement.
* This class provides a static method to validate a CASL policy.
* It is designed to be used before a policy is saved to the database, ensuring that
* only valid and well-formed policies are stored.
*
* The verification logic is based on the centralized definitions in `iam-definitions.ts`.
* The verification logic is based on the centralized definitions in `packages/types/src/iam.types.ts`.
*/
export class PolicyValidator {
/**
* Validates a single policy statement to ensure its actions and resources are valid.
* Validates a single policy statement to ensure its actions and subjects are valid.
*
* @param {PolicyStatement} statement - The policy statement to validate.
* @param {CaslPolicy} policy - The policy to validate.
* @returns {{valid: boolean; reason?: string}} - An object containing a boolean `valid` property
* and an optional `reason` string if validation fails.
*/
public static isValid(statement: PolicyStatement): { valid: boolean; reason: string } {
if (!statement || !statement.Action || !statement.Resource || !statement.Effect) {
return { valid: false, reason: 'Policy statement is missing required fields.' };
public static isValid(policy: CaslPolicy): { valid: boolean; reason: string } {
if (!policy || !policy.action || !policy.subject) {
return {
valid: false,
reason: 'Policy is missing required fields "action" or "subject".',
};
}
// 1. Validate Actions
for (const action of statement.Action) {
const actions = Array.isArray(policy.action) ? policy.action : [policy.action];
for (const action of actions) {
const { valid, reason } = this.isActionValid(action);
if (!valid) {
return { valid: false, reason };
}
}
// 2. Validate Resources
for (const resource of statement.Resource) {
const { valid, reason } = this.isResourceValid(resource);
// 2. Validate Subjects
const subjects = Array.isArray(policy.subject) ? policy.subject : [policy.subject];
for (const subject of subjects) {
const { valid, reason } = this.isSubjectValid(subject);
if (!valid) {
return { valid: false, reason };
}
}
// 3. (Optional) Validate Conditions, Fields, etc. in the future if needed.
return { valid: true, reason: 'valid' };
}
/**
* Checks if a single action string is valid.
*
* Logic:
* - If the action contains a wildcard (e.g., 'archive:*'), it checks if the service part
* (e.g., 'archive') is a recognized service.
* - If there is no wildcard, it checks if the full action string (e.g., 'archive:read')
* exists in the `ValidActions` set.
* Checks if a single action string is a valid AppAction.
*
* @param {string} action - The action string to validate.
* @returns {{valid: boolean; reason?: string}} - An object indicating validity and a reason for failure.
*/
private static isActionValid(action: string): { valid: boolean; reason: string } {
if (action === '*') {
return { valid: true, reason: 'valid' };
}
if (action.endsWith(':*')) {
const service = action.split(':')[0];
if (service in ValidResourcePatterns) {
return { valid: true, reason: 'valid' };
}
return {
valid: false,
reason: `Invalid service '${service}' in action wildcard '${action}'.`,
};
}
if (ValidActions.has(action)) {
private static isActionValid(action: AppActions): { valid: boolean; reason: string } {
if (validActions.has(action)) {
return { valid: true, reason: 'valid' };
}
return { valid: false, reason: `Action '${action}' is not a valid action.` };
}
/**
* Checks if a single resource string has a valid format.
* Checks if a single subject string is a valid AppSubject.
*
* Logic:
* - It extracts the service name from the resource string (e.g., 'archive' from 'archive/all').
* - It looks up the corresponding regular expression for that service in `ValidResourcePatterns`.
* - It tests the resource string against the pattern. If the service does not exist or the
* pattern does not match, the resource is considered invalid.
*
* @param {string} resource - The resource string to validate.
* @param {string} subject - The subject string to validate.
* @returns {{valid: boolean; reason?: string}} - An object indicating validity and a reason for failure.
*/
private static isResourceValid(resource: string): { valid: boolean; reason: string } {
const service = resource.split('/')[0];
if (service === '*') {
private static isSubjectValid(subject: AppSubjects): { valid: boolean; reason: string } {
if (validSubjects.has(subject)) {
return { valid: true, reason: 'valid' };
}
if (service in ValidResourcePatterns) {
const pattern = ValidResourcePatterns[service as keyof typeof ValidResourcePatterns];
if (pattern.test(resource)) {
return { valid: true, reason: 'valid' };
}
return {
valid: false,
reason: `Resource '${resource}' does not match the expected format for the '${service}' service.`,
};
}
return { valid: false, reason: `Invalid service '${service}' in resource '${resource}'.` };
return { valid: false, reason: `Subject '${subject}' is not a valid subject.` };
}
}

6
packages/backend/src/iam-policy/test-policies/admin.json Normal file
View File

@@ -0,0 +1,6 @@
[
{
"action": "manage",
"subject": "all"
}
]

17
packages/backend/src/iam-policy/test-policies/auditor-specific-mailbox.json Normal file
View File

@@ -0,0 +1,17 @@
[
{
"action": ["read", "search"],
"subject": "ingestion",
"conditions": {
"id": "f16b7ed2-4e54-4283-9556-c633726f9405"
}
},
{
"inverted": true,
"action": ["read", "search"],
"subject": "archive",
"conditions": {
"userEmail": "dev@openarchiver.com"
}
}
]

14
packages/backend/src/iam-policy/test-policies/auditor-specific-sources.json Normal file
View File

@@ -0,0 +1,14 @@
[
{
"action": ["read", "search"],
"subject": "ingestion",
"conditions": {
"id": {
"$in": [
"aeafbe44-d41c-4015-ac27-504f6e0c511a",
"f16b7ed2-4e54-4283-9556-c633726f9405"
]
}
}
}
]

17
packages/backend/src/iam-policy/test-policies/end-user.json Normal file
View File

@@ -0,0 +1,17 @@
[
{
"action": "create",
"subject": "ingestion"
},
{
"action": "read",
"subject": "dashboard"
},
{
"action": "manage",
"subject": "ingestion",
"conditions": {
"userId": "${user.id}"
}
}
]

6
packages/backend/src/iam-policy/test-policies/ingestion-admin.json Normal file
View File

@@ -0,0 +1,6 @@
[
{
"action": "manage",
"subject": "ingestion"
}
]

6
packages/backend/src/iam-policy/test-policies/read-only-all.json Normal file
View File

@@ -0,0 +1,6 @@
[
{
"action": ["read", "search"],
"subject": ["ingestion", "archive", "dashboard", "users", "roles"]
}
]

9
packages/backend/src/iam-policy/test-policies/single-ingestion-access.json Normal file
View File

@@ -0,0 +1,9 @@
[
{
"action": "manage",
"subject": "ingestion",
"conditions": {
"id": "f3d7c025-060f-4f1f-a0e6-cdd32e6e07af"
}
}
]

10
packages/backend/src/iam-policy/test-policies/user-manager.json Normal file
View File

@@ -0,0 +1,10 @@
[
{
"action": "manage",
"subject": "users"
},
{
"action": "read",
"subject": "roles"
}
]

46
packages/backend/src/index.ts
View File

@@ -15,12 +15,19 @@ import { createStorageRouter } from './api/routes/storage.routes';
import { createSearchRouter } from './api/routes/search.routes';
import { createDashboardRouter } from './api/routes/dashboard.routes';
import { createUploadRouter } from './api/routes/upload.routes';
import testRouter from './api/routes/test.routes';
import { createUserRouter } from './api/routes/user.routes';
import { createSettingsRouter } from './api/routes/settings.routes';
import { AuthService } from './services/AuthService';
import { UserService } from './services/UserService';
import { IamService } from './services/IamService';
import { StorageService } from './services/StorageService';
import { SearchService } from './services/SearchService';
import { SettingsService } from './services/SettingsService';
import i18next from 'i18next';
import FsBackend from 'i18next-fs-backend';
import i18nextMiddleware from 'i18next-http-middleware';
import path from 'path';
import { logger } from './config/logger';
// Load environment variables
dotenv.config();
@@ -34,6 +41,22 @@ if (!PORT_BACKEND || !JWT_SECRET || !JWT_EXPIRES_IN) {
);
}
// --- i18next Initialization ---
const initializeI18next = async () => {
const systemSettings = await settingsService.getSettings();
const defaultLanguage = systemSettings?.language || 'en';
logger.info({ language: defaultLanguage }, 'Default language');
await i18next.use(FsBackend).init({
lng: defaultLanguage,
fallbackLng: defaultLanguage,
ns: ['translation'],
defaultNS: 'translation',
backend: {
loadPath: path.resolve(__dirname, './locales/{{lng}}/{{ns}}.json'),
},
});
};
// --- Dependency Injection Setup ---
const userService = new UserService();
@@ -47,6 +70,7 @@ const searchService = new SearchService();
const searchController = new SearchController();
const iamService = new IamService();
const iamController = new IamController(iamService);
const settingsService = new SettingsService();
// --- Express App Initialization ---
const app = express();
@@ -58,8 +82,10 @@ const archivedEmailRouter = createArchivedEmailRouter(archivedEmailController, a
const storageRouter = createStorageRouter(storageController, authService);
const searchRouter = createSearchRouter(searchController, authService);
const dashboardRouter = createDashboardRouter(authService);
const iamRouter = createIamRouter(iamController);
const iamRouter = createIamRouter(iamController, authService);
const uploadRouter = createUploadRouter(authService);
const userRouter = createUserRouter(authService);
const settingsRouter = createSettingsRouter(authService);
// upload route is added before middleware because it doesn't use the json middleware.
app.use('/v1/upload', uploadRouter);
@@ -67,6 +93,9 @@ app.use('/v1/upload', uploadRouter);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// i18n middleware
app.use(i18nextMiddleware.handle(i18next));
app.use('/v1/auth', authRouter);
app.use('/v1/iam', iamRouter);
app.use('/v1/ingestion-sources', ingestionRouter);
@@ -74,7 +103,8 @@ app.use('/v1/archived-emails', archivedEmailRouter);
app.use('/v1/storage', storageRouter);
app.use('/v1/search', searchRouter);
app.use('/v1/dashboard', dashboardRouter);
app.use('/v1/test', testRouter);
app.use('/v1/users', userRouter);
app.use('/v1/settings', settingsRouter);
// Example of a protected route
app.get('/v1/protected', requireAuth(authService), (req, res) => {
@@ -91,15 +121,19 @@ app.get('/', (req, res) => {
// --- Server Start ---
const startServer = async () => {
try {
// Initialize i18next
await initializeI18next();
logger.info({}, 'i18next initialized');
// Configure the Meilisearch index on startup
console.log('Configuring email index...');
logger.info({}, 'Configuring email index...');
await searchService.configureEmailIndex();
app.listen(PORT_BACKEND, () => {
console.log(`Backend listening at http://localhost:${PORT_BACKEND}`);
logger.info({}, `Backend listening at http://localhost:${PORT_BACKEND}`);
});
} catch (error) {
console.error('Failed to start the server:', error);
logger.error({ error }, 'Failed to start the server:', error);
process.exit(1);
}
};

62
packages/backend/src/locales/de/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "E-Mail, Passwort und Name sind erforderlich",
"alreadyCompleted": "Die Einrichtung wurde bereits abgeschlossen."
},
"login": {
"emailAndPasswordRequired": "E-Mail und Passwort sind erforderlich",
"invalidCredentials": "Ungültige Anmeldeinformationen"
}
},
"errors": {
"internalServerError": "Ein interner Serverfehler ist aufgetreten",
"demoMode": "Dieser Vorgang ist im Demo-Modus nicht zulässig.",
"unauthorized": "Unbefugt",
"unknown": "Ein unbekannter Fehler ist aufgetreten",
"noPermissionToAction": "Sie haben keine Berechtigung, die aktuelle Aktion auszuführen."
},
"user": {
"notFound": "Benutzer nicht gefunden",
"cannotDeleteOnlyUser": "Sie versuchen, den einzigen Benutzer in der Datenbank zu löschen, dies ist nicht gestattet.",
"requiresSuperAdminRole": "Die Rolle des Super-Admins ist erforderlich, um Benutzer zu verwalten."
},
"iam": {
"failedToGetRoles": "Rollen konnten nicht abgerufen werden.",
"roleNotFound": "Rolle nicht gefunden.",
"failedToGetRole": "Rolle konnte nicht abgerufen werden.",
"missingRoleFields": "Fehlende erforderliche Felder: Name und Richtlinie.",
"invalidPolicy": "Ungültige Richtlinienanweisung:",
"failedToCreateRole": "Rolle konnte nicht erstellt werden.",
"failedToDeleteRole": "Rolle konnte nicht gelöscht werden.",
"missingUpdateFields": "Fehlende Felder zum Aktualisieren: Name oder Richtlinien.",
"failedToUpdateRole": "Rolle konnte nicht aktualisiert werden.",
"requiresSuperAdminRole": "Die Rolle des Super-Admins ist erforderlich, um Rollen zu verwalten."
},
"settings": {
"failedToRetrieve": "Einstellungen konnten nicht abgerufen werden",
"failedToUpdate": "Einstellungen konnten nicht aktualisiert werden",
"noPermissionToUpdate": "Sie haben keine Berechtigung, die Systemeinstellungen zu aktualisieren."
},
"dashboard": {
"permissionRequired": "Sie benötigen die Leseberechtigung für das Dashboard, um Dashboard-Daten anzuzeigen."
},
"ingestion": {
"failedToCreate": "Die Erfassungsquelle konnte aufgrund eines Verbindungsfehlers nicht erstellt werden.",
"notFound": "Erfassungsquelle nicht gefunden",
"initialImportTriggered": "Erstimport erfolgreich ausgelöst.",
"forceSyncTriggered": "Erzwungene Synchronisierung erfolgreich ausgelöst."
},
"archivedEmail": {
"notFound": "Archivierte E-Mail nicht gefunden"
},
"search": {
"keywordsRequired": "Schlüsselwörter sind erforderlich"
},
"storage": {
"filePathRequired": "Dateipfad ist erforderlich",
"invalidFilePath": "Ungültiger Dateipfad",
"fileNotFound": "Datei nicht gefunden",
"downloadError": "Fehler beim Herunterladen der Datei"
}
}

62
packages/backend/src/locales/el/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "Το email, ο κωδικός πρόσβασης και το όνομα είναι υποχρεωτικά",
"alreadyCompleted": "Η εγκατάσταση έχει ήδη ολοκληρωθεί."
},
"login": {
"emailAndPasswordRequired": "Το email και ο κωδικός πρόσβασης είναι υποχρεωτικά",
"invalidCredentials": "Μη έγκυρα διαπιστευτήρια"
}
},
"errors": {
"internalServerError": "Παρουσιάστηκε ένα εσωτερικό σφάλμα διακομιστή",
"demoMode": "Αυτή η λειτουργία δεν επιτρέπεται σε λειτουργία επίδειξης.",
"unauthorized": "Μη εξουσιοδοτημένο",
"unknown": "Παρουσιάστηκε ένα άγνωστο σφάλμα",
"noPermissionToAction": "Δεν έχετε την άδεια να εκτελέσετε την τρέχουσα ενέργεια."
},
"user": {
"notFound": "Ο χρήστης δεν βρέθηκε",
"cannotDeleteOnlyUser": "Προσπαθείτε να διαγράψετε τον μοναδικό χρήστη στη βάση δεδομένων, αυτό δεν επιτρέπεται.",
"requiresSuperAdminRole": "Απαιτείται ο ρόλος του Super Admin για τη διαχείριση των χρηστών."
},
"iam": {
"failedToGetRoles": "Η λήψη των ρόλων απέτυχε.",
"roleNotFound": "Ο ρόλος δεν βρέθηκε.",
"failedToGetRole": "Η λήψη του ρόλου απέτυχε.",
"missingRoleFields": "Λείπουν τα απαιτούμενα πεδία: όνομα και πολιτική.",
"invalidPolicy": "Μη έγκυρη δήλωση πολιτικής:",
"failedToCreateRole": "Η δημιουργία του ρόλου απέτυχε.",
"failedToDeleteRole": "Η διαγραφή του ρόλου απέτυχε.",
"missingUpdateFields": "Λείπουν πεδία για ενημέρωση: όνομα ή πολιτικές.",
"failedToUpdateRole": "Η ενημέρωση του ρόλου απέτυχε.",
"requiresSuperAdminRole": "Απαιτείται ο ρόλος του Super Admin για τη διαχείριση των ρόλων."
},
"settings": {
"failedToRetrieve": "Η ανάκτηση των ρυθμίσεων απέτυχε",
"failedToUpdate": "Η ενημέρωση των ρυθμίσεων απέτυχε",
"noPermissionToUpdate": "Δεν έχετε άδεια να ενημερώσετε τις ρυθμίσεις του συστήματος."
},
"dashboard": {
"permissionRequired": "Χρειάζεστε την άδεια ανάγνωσης του πίνακα ελέγχου για να δείτε τα δεδομένα του πίνακα ελέγχου."
},
"ingestion": {
"failedToCreate": "Η δημιουργία της πηγής πρόσληψης απέτυχε λόγω σφάλματος σύνδεσης.",
"notFound": "Η πηγή πρόσληψης δεν βρέθηκε",
"initialImportTriggered": "Η αρχική εισαγωγή ενεργοποιήθηκε με επιτυχία.",
"forceSyncTriggered": "Ο εξαναγκασμένος συγχρονισμός ενεργοποιήθηκε με επιτυχία."
},
"archivedEmail": {
"notFound": "Το αρχειοθετημένο email δεν βρέθηκε"
},
"search": {
"keywordsRequired": "Οι λέξεις-κλειδιά είναι υποχρεωτικές"
},
"storage": {
"filePathRequired": "Η διαδρομή του αρχείου είναι υποχρεωτική",
"invalidFilePath": "Μη έγκυρη διαδρομή αρχείου",
"fileNotFound": "Το αρχείο δεν βρέθηκε",
"downloadError": "Σφάλμα κατά τη λήψη του αρχείου"
}
}

62
packages/backend/src/locales/en/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "Email, password, and name are required",
"alreadyCompleted": "Setup has already been completed."
},
"login": {
"emailAndPasswordRequired": "Email and password are required",
"invalidCredentials": "Invalid credentials"
}
},
"errors": {
"internalServerError": "An internal server error occurred",
"demoMode": "This operation is not allowed in demo mode.",
"unauthorized": "Unauthorized",
"unknown": "An unknown error occurred",
"noPermissionToAction": "You don't have the permission to perform the current action."
},
"user": {
"notFound": "User not found",
"cannotDeleteOnlyUser": "You are trying to delete the only user in the database, this is not allowed.",
"requiresSuperAdminRole": "Super Admin role is required to manage users."
},
"iam": {
"failedToGetRoles": "Failed to get roles.",
"roleNotFound": "Role not found.",
"failedToGetRole": "Failed to get role.",
"missingRoleFields": "Missing required fields: name and policy.",
"invalidPolicy": "Invalid policy statement:",
"failedToCreateRole": "Failed to create role.",
"failedToDeleteRole": "Failed to delete role.",
"missingUpdateFields": "Missing fields to update: name or policies.",
"failedToUpdateRole": "Failed to update role.",
"requiresSuperAdminRole": "Super Admin role is required to manage roles."
},
"settings": {
"failedToRetrieve": "Failed to retrieve settings",
"failedToUpdate": "Failed to update settings",
"noPermissionToUpdate": "You do not have permission to update system settings."
},
"dashboard": {
"permissionRequired": "You need the dashboard read permission to view dashboard data."
},
"ingestion": {
"failedToCreate": "Failed to create ingestion source due to a connection error.",
"notFound": "Ingestion source not found",
"initialImportTriggered": "Initial import triggered successfully.",
"forceSyncTriggered": "Force sync triggered successfully."
},
"archivedEmail": {
"notFound": "Archived email not found"
},
"search": {
"keywordsRequired": "Keywords are required"
},
"storage": {
"filePathRequired": "File path is required",
"invalidFilePath": "Invalid file path",
"fileNotFound": "File not found",
"downloadError": "Error downloading file"
}
}

62
packages/backend/src/locales/es/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "Se requieren correo electrónico, contraseña y nombre",
"alreadyCompleted": "La configuración ya se ha completado."
},
"login": {
"emailAndPasswordRequired": "Se requieren correo electrónico y contraseña",
"invalidCredentials": "Credenciales no válidas"
}
},
"errors": {
"internalServerError": "Ocurrió un error interno del servidor",
"demoMode": "Esta operación no está permitida en modo de demostración.",
"unauthorized": "No autorizado",
"unknown": "Ocurrió un error desconocido",
"noPermissionToAction": "No tienes permiso para realizar la acción actual."
},
"user": {
"notFound": "Usuario no encontrado",
"cannotDeleteOnlyUser": "Estás intentando eliminar al único usuario de la base de datos, esto no está permitido.",
"requiresSuperAdminRole": "Se requiere el rol de Superadministrador para gestionar usuarios."
},
"iam": {
"failedToGetRoles": "Error al obtener los roles.",
"roleNotFound": "Rol no encontrado.",
"failedToGetRole": "Error al obtener el rol.",
"missingRoleFields": "Faltan campos obligatorios: nombre y política.",
"invalidPolicy": "Declaración de política no válida:",
"failedToCreateRole": "Error al crear el rol.",
"failedToDeleteRole": "Error al eliminar el rol.",
"missingUpdateFields": "Faltan campos para actualizar: nombre o políticas.",
"failedToUpdateRole": "Error al actualizar el rol.",
"requiresSuperAdminRole": "Se requiere el rol de Superadministrador para gestionar los roles."
},
"settings": {
"failedToRetrieve": "Error al recuperar la configuración",
"failedToUpdate": "Error al actualizar la configuración",
"noPermissionToUpdate": "No tienes permiso para actualizar la configuración del sistema."
},
"dashboard": {
"permissionRequired": "Necesitas el permiso de lectura del panel de control para ver los datos del panel."
},
"ingestion": {
"failedToCreate": "Error al crear la fuente de ingesta debido a un error de conexión.",
"notFound": "Fuente de ingesta no encontrada",
"initialImportTriggered": "Importación inicial activada correctamente.",
"forceSyncTriggered": "Sincronización forzada activada correctamente."
},
"archivedEmail": {
"notFound": "Correo electrónico archivado no encontrado"
},
"search": {
"keywordsRequired": "Se requieren palabras clave"
},
"storage": {
"filePathRequired": "Se requiere la ruta del archivo",
"invalidFilePath": "Ruta de archivo no válida",
"fileNotFound": "Archivo no encontrado",
"downloadError": "Error al descargar el archivo"
}
}

62
packages/backend/src/locales/et/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "E-post, parool ja nimi on kohustuslikud",
"alreadyCompleted": "Seadistamine on juba lõpule viidud."
},
"login": {
"emailAndPasswordRequired": "E-post ja parool on kohustuslikud",
"invalidCredentials": "Valed sisselogimisandmed"
}
},
"errors": {
"internalServerError": "Ilmnes sisemine serveriviga",
"demoMode": "See toiming pole demorežiimis lubatud.",
"unauthorized": "Volitamata",
"unknown": "Ilmnes tundmatu viga",
"noPermissionToAction": "Teil pole praeguse toimingu tegemiseks luba."
},
"user": {
"notFound": "Kasutajat ei leitud",
"cannotDeleteOnlyUser": "Püüate kustutada andmebaasi ainsat kasutajat, see pole lubatud.",
"requiresSuperAdminRole": "Kasutajate haldamiseks on vajalik superadministraatori roll."
},
"iam": {
"failedToGetRoles": "Rollide hankimine ebaõnnestus.",
"roleNotFound": "Rolli ei leitud.",
"failedToGetRole": "Rolli hankimine ebaõnnestus.",
"missingRoleFields": "Puuduvad kohustuslikud väljad: nimi ja poliitika.",
"invalidPolicy": "Kehtetu poliitika avaldus:",
"failedToCreateRole": "Rolli loomine ebaõnnestus.",
"failedToDeleteRole": "Rolli kustutamine ebaõnnestus.",
"missingUpdateFields": "Uuendamiseks puuduvad väljad: nimi või poliitikad.",
"failedToUpdateRole": "Rolli värskendamine ebaõnnestus.",
"requiresSuperAdminRole": "Rollide haldamiseks on vajalik superadministraatori roll."
},
"settings": {
"failedToRetrieve": "Seadete toomine ebaõnnestus",
"failedToUpdate": "Seadete värskendamine ebaõnnestus",
"noPermissionToUpdate": "Teil pole süsteemi seadete värskendamiseks luba."
},
"dashboard": {
"permissionRequired": "Armatuurlaua andmete vaatamiseks on teil vaja armatuurlaua lugemisluba."
},
"ingestion": {
"failedToCreate": "Söötmeallika loomine ebaõnnestus ühenduse vea tõttu.",
"notFound": "Söötmeallikat ei leitud",
"initialImportTriggered": "Esialgne import käivitati edukalt.",
"forceSyncTriggered": "Sundsünkroonimine käivitati edukalt."
},
"archivedEmail": {
"notFound": "Arhiveeritud e-kirja ei leitud"
},
"search": {
"keywordsRequired": "Märksõnad on kohustuslikud"
},
"storage": {
"filePathRequired": "Faili tee on kohustuslik",
"invalidFilePath": "Kehtetu faili tee",
"fileNotFound": "Faili ei leitud",
"downloadError": "Faili allalaadimisel ilmnes viga"
}
}

62
packages/backend/src/locales/fr/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "L'e-mail, le mot de passe et le nom sont requis",
"alreadyCompleted": "La configuration est déjà terminée."
},
"login": {
"emailAndPasswordRequired": "L'e-mail et le mot de passe sont requis",
"invalidCredentials": "Identifiants invalides"
}
},
"errors": {
"internalServerError": "Une erreur interne du serveur s'est produite",
"demoMode": "Cette opération n'est pas autorisée en mode démo.",
"unauthorized": "Non autorisé",
"unknown": "Une erreur inconnue s'est produite",
"noPermissionToAction": "Vous n'avez pas la permission d'effectuer l'action en cours."
},
"user": {
"notFound": "Utilisateur non trouvé",
"cannotDeleteOnlyUser": "Vous essayez de supprimer le seul utilisateur de la base de données, ce n'est pas autorisé.",
"requiresSuperAdminRole": "Le rôle de Super Admin est requis pour gérer les utilisateurs."
},
"iam": {
"failedToGetRoles": "Échec de la récupération des rôles.",
"roleNotFound": "Rôle non trouvé.",
"failedToGetRole": "Échec de la récupération du rôle.",
"missingRoleFields": "Champs obligatoires manquants : nom et politique.",
"invalidPolicy": "Déclaration de politique invalide :",
"failedToCreateRole": "Échec de la création du rôle.",
"failedToDeleteRole": "Échec de la suppression du rôle.",
"missingUpdateFields": "Champs à mettre à jour manquants : nom ou politiques.",
"failedToUpdateRole": "Échec de la mise à jour du rôle.",
"requiresSuperAdminRole": "Le rôle de Super Admin est requis pour gérer les rôles."
},
"settings": {
"failedToRetrieve": "Échec de la récupération des paramètres",
"failedToUpdate": "Échec de la mise à jour des paramètres",
"noPermissionToUpdate": "Vous n'avez pas la permission de mettre à jour les paramètres système."
},
"dashboard": {
"permissionRequired": "Vous avez besoin de la permission de lecture du tableau de bord pour afficher les données du tableau de bord."
},
"ingestion": {
"failedToCreate": "Échec de la création de la source d'ingestion en raison d'une erreur de connexion.",
"notFound": "Source d'ingestion non trouvée",
"initialImportTriggered": "Importation initiale déclenchée avec succès.",
"forceSyncTriggered": "Synchronisation forcée déclenchée avec succès."
},
"archivedEmail": {
"notFound": "E-mail archivé non trouvé"
},
"search": {
"keywordsRequired": "Des mots-clés sont requis"
},
"storage": {
"filePathRequired": "Le chemin du fichier est requis",
"invalidFilePath": "Chemin de fichier invalide",
"fileNotFound": "Fichier non trouvé",
"downloadError": "Erreur lors du téléchargement du fichier"
}
}

62
packages/backend/src/locales/it/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "Email, password e nome sono obbligatori",
"alreadyCompleted": "La configurazione è già stata completata."
},
"login": {
"emailAndPasswordRequired": "Email and password are required",
"invalidCredentials": "Credenziali non valide"
}
},
"errors": {
"internalServerError": "Si è verificato un errore interno del server",
"demoMode": "Questa operazione non è consentita in modalità demo.",
"unauthorized": "Non autorizzato",
"unknown": "Si è verificato un errore sconosciuto",
"noPermissionToAction": "Non hai il permesso di eseguire l'azione corrente."
},
"user": {
"notFound": "Utente non trovato",
"cannotDeleteOnlyUser": "Stai tentando di eliminare l'unico utente nel database, ciò non è consentito.",
"requiresSuperAdminRole": "È richiesto il ruolo di Super Admin per gestire gli utenti."
},
"iam": {
"failedToGetRoles": "Impossibile ottenere i ruoli.",
"roleNotFound": "Ruolo non trovato.",
"failedToGetRole": "Impossibile ottenere il ruolo.",
"missingRoleFields": "Campi obbligatori mancanti: nome e policy.",
"invalidPolicy": "Dichiarazione di policy non valida:",
"failedToCreateRole": "Impossibile creare il ruolo.",
"failedToDeleteRole": "Impossibile eliminare il ruolo.",
"missingUpdateFields": "Campi da aggiornare mancanti: nome o policy.",
"failedToUpdateRole": "Impossibile aggiornare il ruolo.",
"requiresSuperAdminRole": "È richiesto il ruolo di Super Admin per gestire i ruoli."
},
"settings": {
"failedToRetrieve": "Impossibile recuperare le impostazioni",
"failedToUpdate": "Impossibile aggiornare le impostazioni",
"noPermissionToUpdate": "Non hai il permesso di aggiornare le impostazioni di sistema."
},
"dashboard": {
"permissionRequired": "È necessaria l'autorizzazione di lettura della dashboard per visualizzare i dati della dashboard."
},
"ingestion": {
"failedToCreate": "Impossibile creare l'origine di inserimento a causa di un errore di connessione.",
"notFound": "Origine di inserimento non trovata",
"initialImportTriggered": "Importazione iniziale attivata con successo.",
"forceSyncTriggered": "Sincronizzazione forzata attivata con successo."
},
"archivedEmail": {
"notFound": "Email archiviata non trovata"
},
"search": {
"keywordsRequired": "Le parole chiave sono obbligatorie"
},
"storage": {
"filePathRequired": "Il percorso del file è obbligatorio",
"invalidFilePath": "Percorso del file non valido",
"fileNotFound": "File non trovato",
"downloadError": "Errore durante il download del file"
}
}

62
packages/backend/src/locales/ja/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "メールアドレス、パスワード、名前は必須です",
"alreadyCompleted": "セットアップはすでに完了しています。"
},
"login": {
"emailAndPasswordRequired": "メールアドレスとパスワードは必須です",
"invalidCredentials": "無効な認証情報"
}
},
"errors": {
"internalServerError": "内部サーバーエラーが発生しました",
"demoMode": "この操作はデモモードでは許可されていません。",
"unauthorized": "不正なアクセス",
"unknown": "不明なエラーが発生しました",
"noPermissionToAction": "現在の操作を実行する権限がありません。"
},
"user": {
"notFound": "ユーザーが見つかりません",
"cannotDeleteOnlyUser": "データベース内の唯一のユーザーを削除しようとしていますが、これは許可されていません。",
"requiresSuperAdminRole": "ユーザーを管理するには、スーパー管理者ロールが必要です。"
},
"iam": {
"failedToGetRoles": "役割の取得に失敗しました。",
"roleNotFound": "役割が見つかりません。",
"failedToGetRole": "役割の取得に失敗しました。",
"missingRoleFields": "必須フィールドがありません:名前とポリシー。",
"invalidPolicy": "無効なポリシーステートメント:",
"failedToCreateRole": "役割の作成に失敗しました。",
"failedToDeleteRole": "役割の削除に失敗しました。",
"missingUpdateFields": "更新するフィールドがありません:名前またはポリシー。",
"failedToUpdateRole": "役割の更新に失敗しました。",
"requiresSuperAdminRole": "役割を管理するには、スーパー管理者ロールが必要です。"
},
"settings": {
"failedToRetrieve": "設定の取得に失敗しました",
"failedToUpdate": "設定の更新に失敗しました",
"noPermissionToUpdate": "システム設定を更新する権限がありません。"
},
"dashboard": {
"permissionRequired": "ダッシュボードのデータを表示するには、ダッシュボードの読み取り権限が必要です。"
},
"ingestion": {
"failedToCreate": "接続エラーのため、取り込みソースの作成に失敗しました。",
"notFound": "取り込みソースが見つかりません",
"initialImportTriggered": "初期インポートが正常にトリガーされました。",
"forceSyncTriggered": "強制同期が正常にトリガーされました。"
},
"archivedEmail": {
"notFound": "アーカイブされたメールが見つかりません"
},
"search": {
"keywordsRequired": "キーワードは必須です"
},
"storage": {
"filePathRequired": "ファイルパスは必須です",
"invalidFilePath": "無効なファイルパス",
"fileNotFound": "ファイルが見つかりません",
"downloadError": "ファイルのダウンロード中にエラーが発生しました"
}
}

62
packages/backend/src/locales/nl/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "E-mail, wachtwoord en naam zijn verplicht",
"alreadyCompleted": "De installatie is al voltooid."
},
"login": {
"emailAndPasswordRequired": "E-mail en wachtwoord zijn verplicht",
"invalidCredentials": "Ongeldige inloggegevens"
}
},
"errors": {
"internalServerError": "Er is een interne serverfout opgetreden",
"demoMode": "Deze bewerking is niet toegestaan in de demomodus.",
"unauthorized": "Ongeautoriseerd",
"unknown": "Er is een onbekende fout opgetreden",
"noPermissionToAction": "U heeft geen toestemming om de huidige actie uit te voeren."
},
"user": {
"notFound": "Gebruiker niet gevonden",
"cannotDeleteOnlyUser": "U probeert de enige gebruiker in de database te verwijderen, dit is niet toegestaan.",
"requiresSuperAdminRole": "De rol van Super Admin is vereist om gebruikers te beheren."
},
"iam": {
"failedToGetRoles": "Kan rollen niet ophalen.",
"roleNotFound": "Rol niet gevonden.",
"failedToGetRole": "Kan rol niet ophalen.",
"missingRoleFields": "Ontbrekende verplichte velden: naam en beleid.",
"invalidPolicy": "Ongeldige beleidsverklaring:",
"failedToCreateRole": "Kan rol niet aanmaken.",
"failedToDeleteRole": "Kan rol niet verwijderen.",
"missingUpdateFields": "Ontbrekende velden om bij te werken: naam of beleid.",
"failedToUpdateRole": "Kan rol niet bijwerken.",
"requiresSuperAdminRole": "De rol van Super Admin is vereist om rollen te beheren."
},
"settings": {
"failedToRetrieve": "Kan instellingen niet ophalen",
"failedToUpdate": "Kan instellingen niet bijwerken",
"noPermissionToUpdate": "U heeft geen toestemming om de systeeminstellingen bij te werken."
},
"dashboard": {
"permissionRequired": "U heeft de leesrechten voor het dashboard nodig om dashboardgegevens te bekijken."
},
"ingestion": {
"failedToCreate": "Kan de opnamebron niet aanmaken vanwege een verbindingsfout.",
"notFound": "Opnamebron niet gevonden",
"initialImportTriggered": "Initiële import succesvol geactiveerd.",
"forceSyncTriggered": "Geforceerde synchronisatie succesvol geactiveerd."
},
"archivedEmail": {
"notFound": "Gearchiveerde e-mail niet gevonden"
},
"search": {
"keywordsRequired": "Trefwoorden zijn verplicht"
},
"storage": {
"filePathRequired": "Bestandspad is verplicht",
"invalidFilePath": "Ongeldig bestandspad",
"fileNotFound": "Bestand niet gevonden",
"downloadError": "Fout bij het downloaden van het bestand"
}
}

62
packages/backend/src/locales/pt/translation.json Normal file
View File

@@ -0,0 +1,62 @@
{
"auth": {
"setup": {
"allFieldsRequired": "E-mail, senha e nome são obrigatórios",
"alreadyCompleted": "A configuração já foi concluída."
},
"login": {
"emailAndPasswordRequired": "E-mail e senha são obrigatórios",
"invalidCredentials": "Credenciais inválidas"
}
},
"errors": {
"internalServerError": "Ocorreu um erro interno do servidor",
"demoMode": "Esta operação não é permitida no modo de demonstração.",
"unauthorized": "Não autorizado",
"unknown": "Ocorreu um erro desconhecido",
"noPermissionToAction": "Você não tem permissão para executar a ação atual."
},
"user": {
"notFound": "Usuário não encontrado",
"cannotDeleteOnlyUser": "Você está tentando excluir o único usuário no banco de dados, isso não é permitido.",
"requiresSuperAdminRole": "A função de Super Admin é necessária para gerenciar usuários."
},
"iam": {
"failedToGetRoles": "Falha ao obter as funções.",
"roleNotFound": "Função não encontrada.",
"failedToGetRole": "Falha ao obter a função.",
"missingRoleFields": "Campos obrigatórios ausentes: nome e política.",
"invalidPolicy": "Declaração de política inválida:",
"failedToCreateRole": "Falha ao criar a função.",
"failedToDeleteRole": "Falha ao excluir a função.",
"missingUpdateFields": "Campos ausentes para atualização: nome ou políticas.",
"failedToUpdateRole": "Falha ao atualizar a função.",
"requiresSuperAdminRole": "A função de Super Admin é necessária para gerenciar as funções."
},
"settings": {
"failedToRetrieve": "Falha ao recuperar as configurações",
"failedToUpdate": "Falha ao atualizar as configurações",
"noPermissionToUpdate": "Você não tem permissão para atualizar as configurações do sistema."
},
"dashboard": {
"permissionRequired": "Você precisa da permissão de leitura do painel para visualizar os dados do painel."
},
"ingestion": {
"failedToCreate": "Falha ao criar a fonte de ingestão devido a um erro de conexão.",
"notFound": "Fonte de ingestão não encontrada",
"initialImportTriggered": "Importação inicial acionada com sucesso.",
"forceSyncTriggered": "Sincronização forçada acionada com sucesso."
},
"archivedEmail": {
"notFound": "E-mail arquivado não encontrado"
},
"search": {
"keywordsRequired": "Palavras-chave são obrigatórias"
},
"storage": {
"filePathRequired": "O caminho do arquivo é obrigatório",
"invalidFilePath": "Caminho de arquivo inválido",
"fileNotFound": "Arquivo não encontrado",
"downloadError": "Erro ao baixar o arquivo"
}
}

57
packages/backend/src/services/ArchivedEmailService.ts
View File

@@ -1,6 +1,13 @@
import { count, desc, eq, asc, and } from 'drizzle-orm';
import { db } from '../database';
import { archivedEmails, attachments, emailAttachments } from '../database/schema';
import {
archivedEmails,
attachments,
emailAttachments,
ingestionSources,
} from '../database/schema';
import { FilterBuilder } from './FilterBuilder';
import { AuthorizationService } from './AuthorizationService';
import type {
PaginatedArchivedEmails,
ArchivedEmail,
@@ -41,25 +48,41 @@ export class ArchivedEmailService {
public static async getArchivedEmails(
ingestionSourceId: string,
page: number,
limit: number
limit: number,
userId: string
): Promise<PaginatedArchivedEmails> {
const offset = (page - 1) * limit;
const { drizzleFilter } = await FilterBuilder.create(userId, 'archive', 'read');
const where = and(eq(archivedEmails.ingestionSourceId, ingestionSourceId), drizzleFilter);
const [total] = await db
const countQuery = db
.select({
count: count(archivedEmails.id),
})
.from(archivedEmails)
.where(eq(archivedEmails.ingestionSourceId, ingestionSourceId));
.leftJoin(ingestionSources, eq(archivedEmails.ingestionSourceId, ingestionSources.id));
const items = await db
if (where) {
countQuery.where(where);
}
const [total] = await countQuery;
const itemsQuery = db
.select()
.from(archivedEmails)
.where(eq(archivedEmails.ingestionSourceId, ingestionSourceId))
.leftJoin(ingestionSources, eq(archivedEmails.ingestionSourceId, ingestionSources.id))
.orderBy(desc(archivedEmails.sentAt))
.limit(limit)
.offset(offset);
if (where) {
itemsQuery.where(where);
}
const results = await itemsQuery;
const items = results.map((r) => r.archived_emails);
return {
items: items.map((item) => ({
...item,
@@ -73,16 +96,28 @@ export class ArchivedEmailService {
};
}
public static async getArchivedEmailById(emailId: string): Promise<ArchivedEmail | null> {
const [email] = await db
.select()
.from(archivedEmails)
.where(eq(archivedEmails.id, emailId));
public static async getArchivedEmailById(
emailId: string,
userId: string
): Promise<ArchivedEmail | null> {
const email = await db.query.archivedEmails.findFirst({
where: eq(archivedEmails.id, emailId),
with: {
ingestionSource: true,
},
});
if (!email) {
return null;
}
const authorizationService = new AuthorizationService();
const canRead = await authorizationService.can(userId, 'read', 'archive', email);
if (!canRead) {
return null;
}
let threadEmails: ThreadEmail[] = [];
if (email.threadId) {

8
packages/backend/src/services/AuthService.ts
View File

@@ -63,7 +63,13 @@ export class AuthService {
roles: roles,
});
return { accessToken, user: userWithoutPassword };
return {
accessToken,
user: {
...userWithoutPassword,
role: null,
},
};
}
public async verifyToken(token: string): Promise<AuthTokenPayload | null> {

25
packages/backend/src/services/AuthorizationService.ts Normal file
View File

@@ -0,0 +1,25 @@
import { IamService } from './IamService';
import { createAbilityFor, SubjectObject } from '../iam-policy/ability';
import { subject, Subject } from '@casl/ability';
import { AppActions, AppSubjects } from '@open-archiver/types';
export class AuthorizationService {
private iamService: IamService;
constructor() {
this.iamService = new IamService();
}
public async can(
userId: string,
action: AppActions,
resource: AppSubjects,
resourceObject?: SubjectObject
): Promise<boolean> {
const ability = await this.iamService.getAbilityForUser(userId);
const subjectInstance = resourceObject
? subject(resource, resourceObject as Record<PropertyKey, any>)
: resource;
return ability.can(action, subjectInstance as AppSubjects);
}
}

58
packages/backend/src/services/FilterBuilder.ts Normal file
View File

@@ -0,0 +1,58 @@
import { SQL, sql } from 'drizzle-orm';
import { IamService } from './IamService';
import { rulesToQuery } from '@casl/ability/extra';
import { mongoToDrizzle } from '../helpers/mongoToDrizzle';
import { mongoToMeli } from '../helpers/mongoToMeli';
import { AppActions, AppSubjects } from '@open-archiver/types';
export class FilterBuilder {
public static async create(
userId: string,
resourceType: AppSubjects,
action: AppActions
): Promise<{
drizzleFilter: SQL | undefined;
searchFilter: string | undefined;
}> {
const iamService = new IamService();
const ability = await iamService.getAbilityForUser(userId);
// If the user has an unconditional `can` rule and no `cannot` rules,
// they have full access and we can skip building a complex query.
const rules = ability.rulesFor(action, resourceType);
const hasUnconditionalCan = rules.some(
(rule) => rule.inverted === false && !rule.conditions
);
const cannotConditions = rules
.filter((rule) => rule.inverted === true && rule.conditions)
.map((rule) => rule.conditions as object);
if (hasUnconditionalCan && cannotConditions.length === 0) {
return { drizzleFilter: undefined, searchFilter: undefined }; // Full access
}
let query = rulesToQuery(ability, action, resourceType, (rule) => rule.conditions);
if (hasUnconditionalCan && cannotConditions.length > 0) {
// If there's a broad `can` rule, the final query should be an AND of all
// the `cannot` conditions, effectively excluding them.
const andConditions = cannotConditions.map((condition) => {
const newCondition: Record<string, any> = {};
for (const key in condition) {
newCondition[key] = { $ne: (condition as any)[key] };
}
return newCondition;
});
query = { $and: andConditions };
}
if (query === null) {
return { drizzleFilter: undefined, searchFilter: undefined }; // Full access
}
if (Object.keys(query).length === 0) {
return { drizzleFilter: sql`1=0`, searchFilter: 'ingestionSourceId = "-1"' }; // No access
}
return { drizzleFilter: mongoToDrizzle(query), searchFilter: await mongoToMeli(query) };
}
}

68
packages/backend/src/services/IamService.ts
View File

@@ -1,9 +1,24 @@
import { db } from '../database';
import { roles } from '../database/schema/users';
import type { Role, PolicyStatement } from '@open-archiver/types';
import { roles, userRoles, users } from '../database/schema/users';
import type { Role, CaslPolicy, User } from '@open-archiver/types';
import { eq } from 'drizzle-orm';
import { createAbilityFor, AppAbility } from '../iam-policy/ability';
export class IamService {
/**
* Retrieves all roles associated with a given user.
* @param userId The ID of the user.
* @returns A promise that resolves to an array of Role objects.
*/
public async getRolesForUser(userId: string): Promise<Role[]> {
const userRolesResult = await db
.select()
.from(userRoles)
.where(eq(userRoles.userId, userId))
.leftJoin(roles, eq(userRoles.roleId, roles.id));
return userRolesResult.map((r) => r.roles).filter((r): r is Role => r !== null);
}
public async getRoles(): Promise<Role[]> {
return db.select().from(roles);
}
@@ -13,12 +28,57 @@ export class IamService {
return role;
}
public async createRole(name: string, policy: PolicyStatement[]): Promise<Role> {
const [role] = await db.insert(roles).values({ name, policies: policy }).returning();
public async createRole(name: string, policy: CaslPolicy[], slug?: string): Promise<Role> {
const [role] = await db
.insert(roles)
.values({
name: name,
slug: slug || name.toLocaleLowerCase().replaceAll('', '_'),
policies: policy,
})
.returning();
return role;
}
public async deleteRole(id: string): Promise<void> {
await db.delete(roles).where(eq(roles.id, id));
}
public async updateRole(
id: string,
{ name, policies }: Partial<Pick<Role, 'name' | 'policies'>>
): Promise<Role> {
const [role] = await db
.update(roles)
.set({ name, policies })
.where(eq(roles.id, id))
.returning();
return role;
}
public async getAbilityForUser(userId: string): Promise<AppAbility> {
const user = await db.query.users.findFirst({
where: eq(users.id, userId),
});
if (!user) {
// Or handle this case as you see fit, maybe return an ability with no permissions
throw new Error('User not found');
}
const userRoles = await this.getRolesForUser(userId);
const allPolicies = userRoles.flatMap((role) => role.policies || []);
// Interpolate policies
const interpolatedPolicies = this.interpolatePolicies(allPolicies, {
...user,
role: null,
} as User);
return createAbilityFor(interpolatedPolicies);
}
private interpolatePolicies(policies: CaslPolicy[], user: User): CaslPolicy[] {
const userPoliciesString = JSON.stringify(policies);
const interpolatedPoliciesString = userPoliciesString.replace(/\$\{user\.id\}/g, user.id);
return JSON.parse(interpolatedPoliciesString);
}
}

21
packages/backend/src/services/IndexingService.ts
View File

@@ -66,7 +66,11 @@ export class IndexingService {
.where(eq(emailAttachments.emailId, emailId));
}
const document = await this.createEmailDocument(email, emailAttachmentsResult);
const document = await this.createEmailDocument(
email,
emailAttachmentsResult,
email.userEmail
);
await this.searchService.addDocuments('emails', [document], 'id');
}
@@ -92,8 +96,10 @@ export class IndexingService {
email,
attachments,
ingestionSourceId,
archivedEmailId
archivedEmailId,
email.userEmail || ''
);
console.log(document);
await this.searchService.addDocuments('emails', [document], 'id');
}
@@ -104,7 +110,8 @@ export class IndexingService {
email: EmailObject,
attachments: AttachmentsType,
ingestionSourceId: string,
archivedEmailId: string
archivedEmailId: string,
userEmail: string //the owner of the email inbox
): Promise<EmailDocument> {
const extractedAttachments = [];
for (const attachment of attachments) {
@@ -122,8 +129,10 @@ export class IndexingService {
// skip attachment or fail the job
}
}
console.log('email.userEmail', userEmail);
return {
id: archivedEmailId,
userEmail: userEmail,
from: email.from[0]?.address,
to: email.to.map((i: EmailAddress) => i.address) || [],
cc: email.cc?.map((i: EmailAddress) => i.address) || [],
@@ -141,7 +150,8 @@ export class IndexingService {
*/
private async createEmailDocument(
email: typeof archivedEmails.$inferSelect,
attachments: Attachment[]
attachments: Attachment[],
userEmail: string //the owner of the email inbox
): Promise<EmailDocument> {
const attachmentContents = await this.extractAttachmentContents(attachments);
@@ -155,9 +165,10 @@ export class IndexingService {
'';
const recipients = email.recipients as DbRecipients;
console.log('email.userEmail', email.userEmail);
return {
id: email.id,
userEmail: userEmail,
from: email.senderEmail,
to: recipients.to?.map((r) => r.address) || [],
cc: recipients.cc?.map((r) => r.address) || [],

23
packages/backend/src/services/IngestionService.ts
View File

@@ -25,6 +25,7 @@ import { IndexingService } from './IndexingService';
import { SearchService } from './SearchService';
import { DatabaseService } from './DatabaseService';
import { config } from '../config/index';
import { FilterBuilder } from './FilterBuilder';
export class IngestionService {
private static decryptSource(
@@ -49,11 +50,15 @@ export class IngestionService {
return ['pst_import', 'eml_import'];
}
public static async create(dto: CreateIngestionSourceDto): Promise<IngestionSource> {
public static async create(
dto: CreateIngestionSourceDto,
userId: string
): Promise<IngestionSource> {
const { providerConfig, ...rest } = dto;
const encryptedCredentials = CryptoService.encryptObject(providerConfig);
const valuesToInsert = {
userId,
...rest,
status: 'pending_auth' as const,
credentials: encryptedCredentials,
@@ -81,11 +86,15 @@ export class IngestionService {
}
}
public static async findAll(): Promise<IngestionSource[]> {
const sources = await db
.select()
.from(ingestionSources)
.orderBy(desc(ingestionSources.createdAt));
public static async findAll(userId: string): Promise<IngestionSource[]> {
const { drizzleFilter } = await FilterBuilder.create(userId, 'ingestion', 'read');
let query = db.select().from(ingestionSources).$dynamic();
if (drizzleFilter) {
query = query.where(drizzleFilter);
}
const sources = await query.orderBy(desc(ingestionSources.createdAt));
return sources.flatMap((source) => {
const decrypted = this.decryptSource(source);
return decrypted ? [decrypted] : [];
@@ -398,6 +407,8 @@ export class IngestionService {
searchService,
storageService
);
//assign userEmail
email.userEmail = userEmail;
await indexingService.indexByEmail(email, source.id, archivedEmail.id);
} catch (error) {
logger.error({

28
packages/backend/src/services/SearchService.ts
View File

@@ -1,6 +1,7 @@
import { Index, MeiliSearch, SearchParams } from 'meilisearch';
import { config } from '../config';
import type { SearchQuery, SearchResult, EmailDocument, TopSender } from '@open-archiver/types';
import { FilterBuilder } from './FilterBuilder';
export class SearchService {
private client: MeiliSearch;
@@ -47,7 +48,7 @@ export class SearchService {
return index.deleteDocuments({ filter });
}
public async searchEmails(dto: SearchQuery): Promise<SearchResult> {
public async searchEmails(dto: SearchQuery, userId: string): Promise<SearchResult> {
const { query, filters, page = 1, limit = 10, matchingStrategy = 'last' } = dto;
const index = await this.getIndex<EmailDocument>('emails');
@@ -70,6 +71,20 @@ export class SearchService {
searchParams.filter = filterStrings.join(' AND ');
}
// Create a filter based on the user's permissions.
// This ensures that the user can only search for emails they are allowed to see.
const { searchFilter } = await FilterBuilder.create(userId, 'archive', 'read');
if (searchFilter) {
// Convert the MongoDB-style filter from CASL to a MeiliSearch filter string.
if (searchParams.filter) {
// If there are existing filters, append the access control filter.
searchParams.filter = `${searchParams.filter} AND ${searchFilter}`;
} else {
// Otherwise, just use the access control filter.
searchParams.filter = searchFilter;
}
}
console.log('searchParams', searchParams);
const searchResults = await index.search(query, searchParams);
return {
@@ -116,8 +131,17 @@ export class SearchService {
'bcc',
'attachments.filename',
'attachments.content',
'userEmail',
],
filterableAttributes: [
'from',
'to',
'cc',
'bcc',
'timestamp',
'ingestionSourceId',
'userEmail',
],
filterableAttributes: ['from', 'to', 'cc', 'bcc', 'timestamp', 'ingestionSourceId'],
sortableAttributes: ['timestamp'],
});
}

55
packages/backend/src/services/SettingsService.ts Normal file
View File

@@ -0,0 +1,55 @@
import { db } from '../database';
import { systemSettings } from '../database/schema/system-settings';
import type { SystemSettings } from '@open-archiver/types';
import { eq } from 'drizzle-orm';
const DEFAULT_SETTINGS: SystemSettings = {
language: 'en',
theme: 'system',
supportEmail: null,
};
export class SettingsService {
/**
* Retrieves the current system settings.
* If no settings exist, it initializes and returns the default settings.
* @returns The system settings.
*/
public async getSettings(): Promise<SystemSettings> {
const settings = await db.select().from(systemSettings).limit(1);
if (settings.length === 0) {
return this.createDefaultSettings();
}
return settings[0].config;
}
/**
* Updates the system settings by merging the new configuration with the existing one.
* @param newConfig - A partial object of the new settings configuration.
* @returns The updated system settings.
*/
public async updateSettings(newConfig: Partial<SystemSettings>): Promise<SystemSettings> {
const currentConfig = await this.getSettings();
const mergedConfig = { ...currentConfig, ...newConfig };
// Since getSettings ensures a record always exists, we can directly update.
const [result] = await db.update(systemSettings).set({ config: mergedConfig }).returning();
return result.config;
}
/**
* Creates and saves the default system settings.
* This is called internally when no settings are found.
* @returns The newly created default settings.
*/
private async createDefaultSettings(): Promise<SystemSettings> {
const [result] = await db
.insert(systemSettings)
.values({ config: DEFAULT_SETTINGS })
.returning();
return result.config;
}
}

140
packages/backend/src/services/UserService.ts
View File

@@ -1,9 +1,8 @@
import { db } from '../database';
import * as schema from '../database/schema';
import { and, eq, asc, sql } from 'drizzle-orm';
import { eq, sql } from 'drizzle-orm';
import { hash } from 'bcryptjs';
import type { PolicyStatement, User } from '@open-archiver/types';
import { PolicyValidator } from '../iam-policy/policy-validator';
import type { CaslPolicy, User } from '@open-archiver/types';
export class UserService {
/**
@@ -23,11 +22,91 @@ export class UserService {
* @param id The ID of the user to find.
* @returns The user object if found, otherwise null.
*/
public async findById(id: string): Promise<typeof schema.users.$inferSelect | null> {
public async findById(id: string): Promise<User | null> {
const user = await db.query.users.findFirst({
where: eq(schema.users.id, id),
with: {
userRoles: {
with: {
role: true,
},
},
},
});
return user || null;
if (!user) return null;
return {
...user,
role: user.userRoles[0]?.role || null,
};
}
public async findAll(): Promise<User[]> {
const users = await db.query.users.findMany({
with: {
userRoles: {
with: {
role: true,
},
},
},
});
return users.map((u) => ({
...u,
role: u.userRoles[0]?.role || null,
}));
}
public async createUser(
userDetails: Pick<User, 'email' | 'first_name' | 'last_name'> & { password?: string },
roleId: string
): Promise<typeof schema.users.$inferSelect> {
const { email, first_name, last_name, password } = userDetails;
const hashedPassword = password ? await hash(password, 10) : undefined;
const newUser = await db
.insert(schema.users)
.values({
email,
first_name,
last_name,
password: hashedPassword,
})
.returning();
await db.insert(schema.userRoles).values({
userId: newUser[0].id,
roleId: roleId,
});
return newUser[0];
}
public async updateUser(
id: string,
userDetails: Partial<Pick<User, 'email' | 'first_name' | 'last_name'>>,
roleId?: string
): Promise<typeof schema.users.$inferSelect | null> {
const updatedUser = await db
.update(schema.users)
.set(userDetails)
.where(eq(schema.users.id, id))
.returning();
if (roleId) {
await db.delete(schema.userRoles).where(eq(schema.userRoles.userId, id));
await db.insert(schema.userRoles).values({
userId: id,
roleId: roleId,
});
}
return updatedUser[0] || null;
}
public async deleteUser(id: string): Promise<void> {
await db.delete(schema.users).where(eq(schema.users.id, id));
}
/**
@@ -66,29 +145,7 @@ export class UserService {
})
.returning();
// find super admin role
let superAdminRole = await db.query.roles.findFirst({
where: eq(schema.roles.name, 'Super Admin'),
});
if (!superAdminRole) {
const suerAdminPolicies: PolicyStatement[] = [
{
Effect: 'Allow',
Action: ['*'],
Resource: ['*'],
},
];
superAdminRole = (
await db
.insert(schema.roles)
.values({
name: 'Super Admin',
policies: suerAdminPolicies,
})
.returning()
)[0];
}
const superAdminRole = await this.createAdminRole();
await db.insert(schema.userRoles).values({
userId: newUser[0].id,
@@ -97,4 +154,31 @@ export class UserService {
return newUser[0];
}
public async createAdminRole() {
// find super admin role
let superAdminRole = await db.query.roles.findFirst({
where: eq(schema.roles.name, 'Super Admin'),
});
if (!superAdminRole) {
const suerAdminPolicies: CaslPolicy[] = [
{
action: 'manage',
subject: 'all',
},
];
superAdminRole = (
await db
.insert(schema.roles)
.values({
name: 'Super Admin',
slug: 'predefined_super_admin',
policies: suerAdminPolicies,
})
.returning()
)[0];
}
return superAdminRole;
}
}

1
packages/backend/src/services/ingestion-connectors/ImapConnector.ts
View File

@@ -193,7 +193,6 @@ export class ImapConnector implements IEmailConnector {
// Initialize with last synced UID, not the maximum UID in mailbox
this.newMaxUids[mailboxPath] = lastUid || 0;
// Only fetch if the mailbox has messages, to avoid errors on empty mailboxes with some IMAP servers.
if (mailbox.exists > 0) {
const BATCH_SIZE = 250; // A configurable batch size

1
packages/frontend/package.json
View File

@@ -23,6 +23,7 @@
"lucide-svelte": "^0.525.0",
"postal-mime": "^2.4.4",
"svelte-persisted-store": "^0.12.0",
"sveltekit-i18n": "^2.4.2",
"tailwind-merge": "^3.3.1",
"tailwind-variants": "^1.0.0"
},

12
packages/frontend/src/lib/components/custom/EmailPreview.svelte
View File

@@ -1,6 +1,7 @@
<script lang="ts">
import PostalMime, { type Email } from 'postal-mime';
import type { Buffer } from 'buffer';
import { t } from '$lib/translations';
let {
raw,
@@ -51,13 +52,16 @@
<div class="mt-2 rounded-md border bg-white p-4">
{#if isLoading}
<p>Loading email preview...</p>
<p>{$t('components.email_preview.loading')}</p>
{:else if emailHtml}
<iframe title="Email Preview" srcdoc={emailHtml()} class="h-[600px] w-full border-none"
<iframe
title={$t('archive.email_preview')}
srcdoc={emailHtml()}
class="h-[600px] w-full border-none"
></iframe>
{:else if raw}
<p>Could not render email preview.</p>
<p>{$t('components.email_preview.render_error')}</p>
{:else}
<p class="text-gray-500">Raw .eml file not available for this email.</p>
<p class="text-gray-500">{$t('components.email_preview.not_available')}</p>
{/if}
</div>

7
packages/frontend/src/lib/components/custom/EmailThread.svelte
View File

@@ -2,6 +2,7 @@
import { goto } from '$app/navigation';
import type { ArchivedEmail } from '@open-archiver/types';
import { ScrollArea } from '$lib/components/ui/scroll-area/index.js';
import { t } from '$lib/translations';
let {
thread,
@@ -47,16 +48,16 @@
goto(`/dashboard/archived-emails/${item.id}`, {
invalidateAll: true,
});
}}>{item.subject || 'No Subject'}</a
}}>{item.subject || $t('app.archive.no_subject')}</a
>
{:else}
{item.subject || 'No Subject'}
{item.subject || $t('app.archive.no_subject')}
{/if}
</h4>
<div
class="flex flex-col space-y-2 text-sm font-normal leading-none text-gray-400"
>
<span>From: {item.senderEmail}</span>
<span>{$t('app.archive.from')}: {item.senderEmail}</span>
<time class="">{new Date(item.sentAt).toLocaleString()}</time>
</div>
</div>

13
packages/frontend/src/lib/components/custom/Footer.svelte
View File

@@ -1,12 +1,17 @@
<footer class=" bg-muted py-6 md:py-0">
<script lang="ts">
import { t } from '$lib/translations';
</script>
<footer class="bg-muted py-6 md:py-0">
<div
class="container mx-auto flex flex-col items-center justify-center gap-4 md:h-24 md:flex-row"
>
<div class="flex flex-col items-center gap-2">
<p class=" text-balance text-center text-xs font-medium leading-loose">
<p class="text-balance text-center text-xs font-medium leading-loose">
© {new Date().getFullYear()}
<a href="https://openarchiver.com/" target="_blank">Open Archiver</a>. All rights
reserved.
<a href="https://openarchiver.com/" target="_blank">Open Archiver</a>. {$t(
'app.components.footer.all_rights_reserved'
)}
</p>
</div>
</div>

97
packages/frontend/src/lib/components/custom/IngestionSourceForm.svelte
View File

@@ -11,6 +11,7 @@
import { setAlert } from '$lib/components/custom/alert/alert-state.svelte';
import { api } from '$lib/api.client';
import { Loader2 } from 'lucide-svelte';
import { t } from '$lib/translations';
let {
source = null,
onSubmit,
@@ -20,11 +21,26 @@
} = $props();
const providerOptions = [
{ value: 'generic_imap', label: 'Generic IMAP' },
{ value: 'google_workspace', label: 'Google Workspace' },
{ value: 'microsoft_365', label: 'Microsoft 365' },
{ value: 'pst_import', label: 'PST Import' },
{ value: 'eml_import', label: 'EML Import' },
{
value: 'generic_imap',
label: $t('app.components.ingestion_source_form.provider_generic_imap'),
},
{
value: 'google_workspace',
label: $t('app.components.ingestion_source_form.provider_google_workspace'),
},
{
value: 'microsoft_365',
label: $t('app.components.ingestion_source_form.provider_microsoft_365'),
},
{
value: 'pst_import',
label: $t('app.components.ingestion_source_form.provider_pst_import'),
},
{
value: 'eml_import',
label: $t('app.components.ingestion_source_form.provider_eml_import'),
},
];
let formData: CreateIngestionSourceDto = $state({
@@ -42,7 +58,8 @@
});
const triggerContent = $derived(
providerOptions.find((p) => p.value === formData.provider)?.label ?? 'Select a provider'
providerOptions.find((p) => p.value === formData.provider)?.label ??
$t('app.components.ingestion_source_form.select_provider')
);
let isSubmitting = $state(false);
@@ -89,7 +106,7 @@
fileUploading = false;
setAlert({
type: 'error',
title: 'Upload Failed, please try again',
title: $t('app.components.ingestion_source_form.upload_failed'),
message: JSON.stringify(error),
duration: 5000,
show: true,
@@ -100,11 +117,11 @@
<form onsubmit={handleSubmit} class="grid gap-4 py-4">
<div class="grid grid-cols-4 items-center gap-4">
<Label for="name" class="text-left">Name</Label>
<Label for="name" class="text-left">{$t('app.ingestions.name')}</Label>
<Input id="name" bind:value={formData.name} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="provider" class="text-left">Provider</Label>
<Label for="provider" class="text-left">{$t('app.ingestions.provider')}</Label>
<Select.Root name="provider" bind:value={formData.provider} type="single">
<Select.Trigger class="col-span-3">
{triggerContent}
@@ -119,16 +136,22 @@
{#if formData.provider === 'google_workspace'}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="serviceAccountKeyJson" class="text-left">Service Account Key (JSON)</Label>
<Label for="serviceAccountKeyJson" class="text-left"
>{$t('app.components.ingestion_source_form.service_account_key')}</Label
>
<Textarea
placeholder="Paste your service account key JSON content"
placeholder={$t(
'app.components.ingestion_source_form.service_account_key_placeholder'
)}
id="serviceAccountKeyJson"
bind:value={formData.providerConfig.serviceAccountKeyJson}
class="col-span-3 max-h-32"
/>
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="impersonatedAdminEmail" class="text-left">Impersonated Admin Email</Label>
<Label for="impersonatedAdminEmail" class="text-left"
>{$t('app.components.ingestion_source_form.impersonated_admin_email')}</Label
>
<Input
id="impersonatedAdminEmail"
bind:value={formData.providerConfig.impersonatedAdminEmail}
@@ -137,30 +160,40 @@
</div>
{:else if formData.provider === 'microsoft_365'}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="clientId" class="text-left">Application (Client) ID</Label>
<Label for="clientId" class="text-left"
>{$t('app.components.ingestion_source_form.client_id')}</Label
>
<Input id="clientId" bind:value={formData.providerConfig.clientId} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="clientSecret" class="text-left">Client Secret Value</Label>
<Label for="clientSecret" class="text-left"
>{$t('app.components.ingestion_source_form.client_secret')}</Label
>
<Input
id="clientSecret"
type="password"
placeholder="Enter the secret Value, not the Secret ID"
placeholder={$t('app.components.ingestion_source_form.client_secret_placeholder')}
bind:value={formData.providerConfig.clientSecret}
class="col-span-3"
/>
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="tenantId" class="text-left">Directory (Tenant) ID</Label>
<Label for="tenantId" class="text-left"
>{$t('app.components.ingestion_source_form.tenant_id')}</Label
>
<Input id="tenantId" bind:value={formData.providerConfig.tenantId} class="col-span-3" />
</div>
{:else if formData.provider === 'generic_imap'}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="host" class="text-left">Host</Label>
<Label for="host" class="text-left"
>{$t('app.components.ingestion_source_form.host')}</Label
>
<Input id="host" bind:value={formData.providerConfig.host} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="port" class="text-left">Port</Label>
<Label for="port" class="text-left"
>{$t('app.components.ingestion_source_form.port')}</Label
>
<Input
id="port"
type="number"
@@ -169,11 +202,13 @@
/>
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="username" class="text-left">Username</Label>
<Label for="username" class="text-left"
>{$t('app.components.ingestion_source_form.username')}</Label
>
<Input id="username" bind:value={formData.providerConfig.username} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="password" class="text-left">Password</Label>
<Label for="password" class="text-left">{$t('auth.password')}</Label>
<Input
id="password"
type="password"
@@ -182,12 +217,16 @@
/>
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="secure" class="text-left">Use TLS</Label>
<Label for="secure" class="text-left"
>{$t('app.components.ingestion_source_form.use_tls')}</Label
>
<Checkbox id="secure" bind:checked={formData.providerConfig.secure} />
</div>
{:else if formData.provider === 'pst_import'}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="pst-file" class="text-left">PST File</Label>
<Label for="pst-file" class="text-left"
>{$t('app.components.ingestion_source_form.pst_file')}</Label
>
<div class="col-span-3 flex flex-row items-center space-x-2">
<Input
id="pst-file"
@@ -203,7 +242,9 @@
</div>
{:else if formData.provider === 'eml_import'}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="eml-file" class="text-left">EML File</Label>
<Label for="eml-file" class="text-left"
>{$t('app.components.ingestion_source_form.eml_file')}</Label
>
<div class="col-span-3 flex flex-row items-center space-x-2">
<Input
id="eml-file"
@@ -220,12 +261,10 @@
{/if}
{#if formData.provider === 'google_workspace' || formData.provider === 'microsoft_365'}
<Alert.Root>
<Alert.Title>Heads up!</Alert.Title>
<Alert.Title>{$t('app.components.ingestion_source_form.heads_up')}</Alert.Title>
<Alert.Description>
<div class="my-1">
Please note that this is an organization-wide operation. This kind of ingestions
will import and index <b>all</b> email inboxes in your organization. If you want
to import only specific email inboxes, use the IMAP connector.
{@html $t('app.components.ingestion_source_form.org_wide_warning')}
</div>
</Alert.Description>
</Alert.Root>
@@ -233,9 +272,9 @@
<Dialog.Footer>
<Button type="submit" disabled={isSubmitting || fileUploading}>
{#if isSubmitting}
Submitting...
{$t('app.components.common.submitting')}
{:else}
Submit
{$t('app.components.common.submit')}
{/if}
</Button>
</Dialog.Footer>

50
packages/frontend/src/lib/components/custom/RoleForm.svelte Normal file
View File

@@ -0,0 +1,50 @@
<script lang="ts">
import type { Role, CaslPolicy } from '@open-archiver/types';
import { Button } from '$lib/components/ui/button';
import { Input } from '$lib/components/ui/input';
import { Textarea } from '$lib/components/ui/textarea';
import { Label } from '$lib/components/ui/label';
import { t } from '$lib/translations';
let { role, onSubmit }: { role: Role | null; onSubmit: (formData: Partial<Role>) => void } =
$props();
let name = $state(role?.name || '');
let policies = $state(JSON.stringify(role?.policies || [], null, 2));
const handleSubmit = () => {
try {
const parsedPolicies: CaslPolicy[] = JSON.parse(policies);
onSubmit({ name, policies: parsedPolicies });
} catch (error) {
alert($t('app.components.role_form.invalid_json'));
}
};
</script>
<form
onsubmit={(e) => {
e.preventDefault();
handleSubmit();
}}
class="grid gap-4 py-4"
>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="name" class="text-right">{$t('app.roles.name')}</Label>
<Input id="name" bind:value={name} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="policies" class="text-right"
>{$t('app.components.role_form.policies_json')}</Label
>
<Textarea
id="policies"
bind:value={policies}
class="col-span-3 max-h-96 overflow-y-auto"
rows={10}
/>
</div>
<div class="flex justify-end">
<Button type="submit">{$t('app.components.common.save')}</Button>
</div>
</form>

9
packages/frontend/src/lib/components/custom/ThemeSwitcher.svelte
View File

@@ -3,6 +3,7 @@
import { Button } from '$lib/components/ui/button';
import * as DropdownMenu from '$lib/components/ui/dropdown-menu';
import { Sun, Moon, Laptop } from 'lucide-svelte';
import { t } from '$lib/translations';
</script>
<DropdownMenu.Root>
@@ -14,21 +15,21 @@
<Moon
class="absolute h-[1.2rem] w-[1.2rem] rotate-90 scale-0 transition-all dark:rotate-0 dark:scale-100"
/>
<span class="sr-only">Toggle theme</span>
<span class="sr-only">{$t('app.components.theme_switcher.toggle_theme')}</span>
</Button>
</DropdownMenu.Trigger>
<DropdownMenu.Content align="end">
<DropdownMenu.Item onclick={() => ($theme = 'light')}>
<Sun class="mr-2 h-4 w-4" />
<span>Light</span>
<span>{$t('app.system_settings.light')}</span>
</DropdownMenu.Item>
<DropdownMenu.Item onclick={() => ($theme = 'dark')}>
<Moon class="mr-2 h-4 w-4" />
<span>Dark</span>
<span>{$t('app.system_settings.dark')}</span>
</DropdownMenu.Item>
<DropdownMenu.Item onclick={() => ($theme = 'system')}>
<Laptop class="mr-2 h-4 w-4" />
<span>System</span>
<span>{$t('app.system_settings.system')}</span>
</DropdownMenu.Item>
</DropdownMenu.Content>
</DropdownMenu.Root>

103
packages/frontend/src/lib/components/custom/UserForm.svelte Normal file
View File

@@ -0,0 +1,103 @@
<script lang="ts">
import type { User, Role } from '@open-archiver/types';
import { Button } from '$lib/components/ui/button';
import { Input } from '$lib/components/ui/input';
import { Label } from '$lib/components/ui/label';
import * as Select from '$lib/components/ui/select';
import * as Dialog from '$lib/components/ui/dialog';
import { t } from '$lib/translations';
let {
user = null,
roles,
onSubmit,
}: {
user?: User | null;
roles: Role[];
onSubmit: (data: any) => Promise<void>;
} = $props();
let formData = $state({
first_name: user?.first_name ?? '',
last_name: user?.last_name ?? '',
email: user?.email ?? '',
password: '',
roleId: user?.role?.id ?? roles[0]?.id ?? '',
});
const triggerContent = $derived(
roles.find((r) => r.id === formData.roleId)?.name ??
$t('app.components.user_form.select_role')
);
let isSubmitting = $state(false);
const handleSubmit = async (event: Event) => {
event.preventDefault();
isSubmitting = true;
try {
const dataToSubmit: any = { ...formData };
if (!user) {
// only send password on create
dataToSubmit.password = formData.password;
} else {
delete dataToSubmit.password;
}
if (dataToSubmit.password === '') {
delete dataToSubmit.password;
}
await onSubmit(dataToSubmit);
} finally {
isSubmitting = false;
}
};
</script>
<form onsubmit={handleSubmit} class="grid gap-4 py-4">
<div class="grid grid-cols-4 items-center gap-4">
<Label for="first_name" class="text-left">{$t('app.setup.first_name')}</Label>
<Input id="first_name" bind:value={formData.first_name} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="last_name" class="text-left">{$t('app.setup.last_name')}</Label>
<Input id="last_name" bind:value={formData.last_name} class="col-span-3" />
</div>
<div class="grid grid-cols-4 items-center gap-4">
<Label for="email" class="text-left">{$t('app.users.email')}</Label>
<Input id="email" type="email" bind:value={formData.email} class="col-span-3" />
</div>
{#if !user}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="password" class="text-left">{$t('app.auth.password')}</Label>
<Input
id="password"
type="password"
bind:value={formData.password}
class="col-span-3"
/>
</div>
{/if}
<div class="grid grid-cols-4 items-center gap-4">
<Label for="role" class="text-left">{$t('app.users.role')}</Label>
<Select.Root name="role" bind:value={formData.roleId} type="single">
<Select.Trigger class="col-span-3">
{triggerContent}
</Select.Trigger>
<Select.Content>
{#each roles as role}
<Select.Item value={role.id}>{role.name}</Select.Item>
{/each}
</Select.Content>
</Select.Root>
</div>
<Dialog.Footer>
<Button type="submit" disabled={isSubmitting}>
{#if isSubmitting}
{$t('app.components.common.submitting')}
{:else}
{$t('app.components.common.submit')}
{/if}
</Button>
</Dialog.Footer>
</form>

19
packages/frontend/src/lib/components/custom/charts/IngestionHistoryChart.svelte
View File

@@ -1,14 +1,15 @@
<script lang="ts">
import * as Chart from '$lib/components/ui/chart/index.js';
import { AreaChart } from 'layerchart';
import { curveCatmullRom } from 'd3-shape';
import { curveMonotoneX } from 'd3-shape';
import type { ChartConfig } from '$lib/components/ui/chart';
import { t } from '$lib/translations';
export let data: { date: Date; count: number }[];
const chartConfig = {
count: {
label: 'Emails Ingested',
label: $t('app.components.charts.emails_ingested'),
color: 'var(--chart-1)',
},
} satisfies ChartConfig;
@@ -39,16 +40,24 @@
props={{
xAxis: {
format: (d) =>
new Date(d).toLocaleDateString('en-US', {
new Date(d).toLocaleDateString(undefined, {
month: 'short',
day: 'numeric',
}),
},
area: { curve: curveCatmullRom },
area: { curve: curveMonotoneX },
}}
>
{#snippet tooltip()}
<Chart.Tooltip />
<Chart.Tooltip
labelFormatter={(value) =>
(value instanceof Date ? value : new Date(value)).toLocaleString(undefined, {
month: 'short',
day: 'numeric',
hour: '2-digit',
minute: '2-digit',
})}
/>
{/snippet}
</AreaChart>
</Chart.Container>

15
packages/frontend/src/lib/components/custom/charts/StorageBySourceChart.svelte
View File

@@ -3,17 +3,22 @@
import { PieChart } from 'layerchart';
import type { IngestionSourceStats } from '@open-archiver/types';
import type { ChartConfig } from '$lib/components/ui/chart';
import { formatBytes } from '$lib/utils';
import { t } from '$lib/translations';
export let data: IngestionSourceStats[];
const chartConfig = {
storageUsed: {
label: 'Storage Used',
label: $t('app.components.charts.storage_used'),
},
} satisfies ChartConfig;
</script>
<Chart.Container config={chartConfig} class="h-full min-h-[300px] w-full">
<Chart.Container
config={chartConfig}
class="flex h-full w-full flex-col overflow-y-auto [&_.lc-legend-swatch-group]:overflow-x-auto "
>
<PieChart
{data}
key="name"
@@ -29,7 +34,11 @@
]}
>
{#snippet tooltip()}
<Chart.Tooltip></Chart.Tooltip>
<Chart.Tooltip>
{#snippet formatter({ value, item })}
{item.payload.name}: {formatBytes(value as number)}
{/snippet}
</Chart.Tooltip>
{/snippet}
</PieChart>
</Chart.Container>

3
packages/frontend/src/lib/components/custom/charts/TopSendersChart.svelte
View File

@@ -3,12 +3,13 @@
import { BarChart } from 'layerchart';
import type { TopSender } from '@open-archiver/types';
import type { ChartConfig } from '$lib/components/ui/chart';
import { t } from '$lib/translations';
export let data: TopSender[];
const chartConfig = {
count: {
label: 'Emails',
label: $t('app.components.charts.emails'),
},
} satisfies ChartConfig;
</script>

4
packages/frontend/src/lib/components/ui/chart/chart-tooltip.svelte
View File

@@ -105,10 +105,10 @@
indicator === "dot" && "items-center"
)}
>
{#if formatter && item.value !== undefined && item.name}
{#if formatter && item.value !== undefined}
{@render formatter({
value: item.value,
name: item.name,
name: item.name || '',
item,
index: i,
payload: tooltipCtx.payload,

10
packages/frontend/src/lib/components/ui/radio-group/index.ts Normal file
View File

@@ -0,0 +1,10 @@
import Root from "./radio-group.svelte";
import Item from "./radio-group-item.svelte";
export {
Root,
Item,
//
Root as RadioGroup,
Item as RadioGroupItem,
};

31
packages/frontend/src/lib/components/ui/radio-group/radio-group-item.svelte Normal file
View File

@@ -0,0 +1,31 @@
<script lang="ts">
import { RadioGroup as RadioGroupPrimitive } from "bits-ui";
import CircleIcon from "@lucide/svelte/icons/circle";
import { cn, type WithoutChildrenOrChild } from "$lib/utils.js";
let {
ref = $bindable(null),
class: className,
...restProps
}: WithoutChildrenOrChild<RadioGroupPrimitive.ItemProps> = $props();
</script>
<RadioGroupPrimitive.Item
bind:ref
data-slot="radio-group-item"
class={cn(
"border-input text-primary focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive dark:bg-input/30 shadow-xs aspect-square size-4 shrink-0 rounded-full border outline-none transition-[color,box-shadow] focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50",
className
)}
{...restProps}
>
{#snippet children({ checked })}
<div data-slot="radio-group-indicator" class="relative flex items-center justify-center">
{#if checked}
<CircleIcon
class="fill-primary absolute left-1/2 top-1/2 size-2 -translate-x-1/2 -translate-y-1/2"
/>
{/if}
</div>
{/snippet}
</RadioGroupPrimitive.Item>

19
packages/frontend/src/lib/components/ui/radio-group/radio-group.svelte Normal file
View File

@@ -0,0 +1,19 @@
<script lang="ts">
import { RadioGroup as RadioGroupPrimitive } from "bits-ui";
import { cn } from "$lib/utils.js";
let {
ref = $bindable(null),
class: className,
value = $bindable(""),
...restProps
}: RadioGroupPrimitive.RootProps = $props();
</script>
<RadioGroupPrimitive.Root
bind:ref
bind:value
data-slot="radio-group"
class={cn("grid gap-3", className)}
{...restProps}
/>

260
packages/frontend/src/lib/translations/de.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Anmelden",
"login_tip": "Geben Sie unten Ihre E-Mail-Adresse ein, um sich bei Ihrem Konto anzumelden.",
"email": "Email",
"password": "Passwort"
},
"common": {
"working": "Arbeiten"
},
"archive": {
"title": "Archiv",
"no_subject": "Kein Betreff",
"from": "Von",
"sent": "Gesendet",
"recipients": "Empfänger",
"to": "An",
"meta_data": "Metadaten",
"folder": "Ordner",
"tags": "Tags",
"size": "Größe",
"email_preview": "E-Mail-Vorschau",
"attachments": "Anhänge",
"download": "Herunterladen",
"actions": "Aktionen",
"download_eml": "E-Mail herunterladen (.eml)",
"delete_email": "E-Mail löschen",
"email_thread": "E-Mail-Thread",
"delete_confirmation_title": "Möchten Sie diese E-Mail wirklich löschen?",
"delete_confirmation_description": "Diese Aktion kann nicht rückgängig gemacht werden und entfernt die E-Mail und ihre Anhänge dauerhaft.",
"deleting": "Löschen",
"confirm": "Bestätigen",
"cancel": "Abbrechen",
"not_found": "E-Mail nicht gefunden."
},
"ingestions": {
"title": "Erfassungsquellen",
"ingestion_sources": "Erfassungsquellen",
"bulk_actions": "Massenaktionen",
"force_sync": "Synchronisierung erzwingen",
"delete": "Löschen",
"create_new": "Neu erstellen",
"name": "Name",
"provider": "Anbieter",
"status": "Status",
"active": "Aktiv",
"created_at": "Erstellt am",
"actions": "Aktionen",
"last_sync_message": "Letzte Synchronisierungsnachricht",
"empty": "Leer",
"open_menu": "Menü öffnen",
"edit": "Bearbeiten",
"create": "Erstellen",
"ingestion_source": "Erfassungsquelle",
"edit_description": "Nehmen Sie hier Änderungen an Ihrer Erfassungsquelle vor.",
"create_description": "Fügen Sie eine neue Erfassungsquelle hinzu, um mit der Archivierung von E-Mails zu beginnen.",
"read": "Lesen",
"docs_here": "Dokumente hier",
"delete_confirmation_title": "Möchten Sie diese Erfassung wirklich löschen?",
"delete_confirmation_description": "Dadurch werden alle archivierten E-Mails, Anhänge, Indizierungen und Dateien, die mit dieser Erfassung verknüpft sind, gelöscht. Wenn Sie nur die Synchronisierung neuer E-Mails beenden möchten, können Sie stattdessen die Erfassung anhalten.",
"deleting": "Löschen",
"confirm": "Bestätigen",
"cancel": "Abbrechen",
"bulk_delete_confirmation_title": "Möchten Sie wirklich {{count}} ausgewählte Erfassungen löschen?",
"bulk_delete_confirmation_description": "Dadurch werden alle archivierten E-Mails, Anhänge, Indizierungen und Dateien, die mit diesen Erfassungen verknüpft sind, gelöscht. Wenn Sie nur die Synchronisierung neuer E-Mails beenden möchten, können Sie stattdessen die Erfassungen anhalten."
},
"search": {
"title": "Suche",
"description": "Suchen Sie nach archivierten E-Mails.",
"email_search": "E-Mail-Suche",
"placeholder": "Suche nach Stichwort, Absender, Empfänger...",
"search_button": "Suche",
"search_options": "Suchoptionen",
"strategy_fuzzy": "Fuzzy",
"strategy_verbatim": "Wörtlich",
"strategy_frequency": "Frequenz",
"select_strategy": "Wählen Sie eine Strategie",
"error": "Fehler",
"found_results_in": "{{total}} Ergebnisse in {{seconds}}s gefunden",
"found_results": "{{total}} Ergebnisse gefunden",
"from": "Von",
"to": "An",
"in_email_body": "Im E-Mail-Text",
"in_attachment": "Im Anhang: {{filename}}",
"prev": "Zurück",
"next": "Weiter"
},
"roles": {
"title": "Rollenverwaltung",
"role_management": "Rollenverwaltung",
"create_new": "Neu erstellen",
"name": "Name",
"created_at": "Erstellt am",
"actions": "Aktionen",
"open_menu": "Menü öffnen",
"view_policy": "Richtlinie anzeigen",
"edit": "Bearbeiten",
"delete": "Löschen",
"no_roles_found": "Keine Rollen gefunden.",
"role_policy": "Rollenrichtlinie",
"viewing_policy_for_role": "Richtlinie für Rolle anzeigen: {{name}}",
"create": "Erstellen",
"role": "Rolle",
"edit_description": "Nehmen Sie hier Änderungen an der Rolle vor.",
"create_description": "Fügen Sie dem System eine neue Rolle hinzu.",
"delete_confirmation_title": "Möchten Sie diese Rolle wirklich löschen?",
"delete_confirmation_description": "Diese Aktion kann nicht rückgängig gemacht werden. Dadurch wird die Rolle dauerhaft gelöscht.",
"deleting": "Löschen",
"confirm": "Bestätigen",
"cancel": "Abbrechen"
},
"system_settings": {
"title": "Systemeinstellungen",
"system_settings": "Systemeinstellungen",
"description": "Globale Anwendungseinstellungen verwalten.",
"language": "Sprache",
"default_theme": "Standardthema",
"light": "Hell",
"dark": "Dunkel",
"system": "System",
"support_email": "Support-E-Mail",
"saving": "Speichern",
"save_changes": "Änderungen speichern"
},
"users": {
"title": "Benutzerverwaltung",
"user_management": "Benutzerverwaltung",
"create_new": "Neu erstellen",
"name": "Name",
"email": "Email",
"role": "Rolle",
"created_at": "Erstellt am",
"actions": "Aktionen",
"open_menu": "Menü öffnen",
"edit": "Bearbeiten",
"delete": "Löschen",
"no_users_found": "Keine Benutzer gefunden.",
"create": "Erstellen",
"user": "Benutzer",
"edit_description": "Nehmen Sie hier Änderungen am Benutzer vor.",
"create_description": "Fügen Sie dem System einen neuen Benutzer hinzu.",
"delete_confirmation_title": "Möchten Sie diesen Benutzer wirklich löschen?",
"delete_confirmation_description": "Diese Aktion kann nicht rückgängig gemacht werden. Dadurch wird der Benutzer dauerhaft gelöscht und seine Daten von unseren Servern entfernt.",
"deleting": "Löschen",
"confirm": "Bestätigen",
"cancel": "Abbrechen"
},
"setup": {
"title": "Einrichtung",
"description": "Richten Sie das anfängliche Administratorkonto für Open Archiver ein.",
"welcome": "Willkommen",
"create_admin_account": "Erstellen Sie das erste Administratorkonto, um loszulegen.",
"first_name": "Vorname",
"last_name": "Nachname",
"email": "Email",
"password": "Passwort",
"creating_account": "Konto wird erstellt",
"create_account": "Konto erstellen"
},
"layout": {
"dashboard": "Dashboard",
"ingestions": "Erfassungen",
"archived_emails": "Archivierte E-Mails",
"search": "Suche",
"settings": "Einstellungen",
"system": "System",
"users": "Benutzer",
"roles": "Rollen",
"logout": "Abmelden"
},
"components": {
"charts": {
"emails_ingested": "E-Mails aufgenommen",
"storage_used": "Speicher verwendet",
"emails": "E-Mails"
},
"common": {
"submitting": "Übermittlung...",
"submit": "Übermitteln",
"save": "Speichern"
},
"email_preview": {
"loading": "E-Mail-Vorschau wird geladen...",
"render_error": "E-Mail-Vorschau konnte nicht gerendert werden.",
"not_available": "Rohe .eml-Datei für diese E-Mail nicht verfügbar."
},
"footer": {
"all_rights_reserved": "Alle Rechte vorbehalten."
},
"ingestion_source_form": {
"provider_generic_imap": "Generisches IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "PST-Import",
"provider_eml_import": "EML-Import",
"select_provider": "Wählen Sie einen Anbieter",
"service_account_key": "Dienstkontoschlüssel (JSON)",
"service_account_key_placeholder": "Fügen Sie den JSON-Inhalt Ihres Dienstkontoschlüssels ein",
"impersonated_admin_email": "Impersonierte Admin-E-Mail",
"client_id": "Anwendungs-(Client-)ID",
"client_secret": "Client-Geheimniswert",
"client_secret_placeholder": "Geben Sie den Geheimniswert ein, nicht die Geheimnis-ID",
"tenant_id": "Verzeichnis-(Mandanten-)ID",
"host": "Host",
"port": "Port",
"username": "Benutzername",
"use_tls": "TLS verwenden",
"pst_file": "PST-Datei",
"eml_file": "EML-Datei",
"heads_up": "Achtung!",
"org_wide_warning": "Bitte beachten Sie, dass dies ein organisationsweiter Vorgang ist. Diese Art von Erfassungen importiert und indiziert <b>alle</b> E-Mail-Postfächer in Ihrer Organisation. Wenn Sie nur bestimmte E-Mail-Postfächer importieren möchten, verwenden Sie den IMAP-Connector.",
"upload_failed": "Hochladen fehlgeschlagen, bitte versuchen Sie es erneut"
},
"role_form": {
"policies_json": "Richtlinien (JSON)",
"invalid_json": "Ungültiges JSON-Format für Richtlinien."
},
"theme_switcher": {
"toggle_theme": "Thema umschalten"
},
"user_form": {
"select_role": "Wählen Sie eine Rolle aus"
}
},
"dashboard_page": {
"title": "Dashboard",
"meta_description": "Übersicht über Ihr E-Mail-Archiv.",
"header": "Dashboard",
"create_ingestion": "Erfassung erstellen",
"no_ingestion_header": "Sie haben keine Erfassungsquelle eingerichtet.",
"no_ingestion_text": "Fügen Sie eine Erfassungsquelle hinzu, um mit der Archivierung Ihrer Posteingänge zu beginnen.",
"total_emails_archived": "Insgesamt archivierte E-Mails",
"total_storage_used": "Insgesamt genutzter Speicherplatz",
"failed_ingestions": "Fehlgeschlagene Erfassungen (letzte 7 Tage)",
"ingestion_history": "Erfassungsverlauf",
"no_ingestion_history": "Kein Erfassungsverlauf verfügbar.",
"storage_by_source": "Speicher nach Erfassungsquelle",
"no_ingestion_sources": "Keine Erfassungsquellen verfügbar.",
"indexed_insights": "Indizierte Einblicke",
"top_10_senders": "Top 10 Absender",
"no_indexed_insights": "Keine indizierten Einblicke verfügbar."
},
"archived_emails_page": {
"title": "Archivierte E-Mails",
"header": "Archivierte E-Mails",
"select_ingestion_source": "Wählen Sie eine Erfassungsquelle aus",
"date": "Datum",
"subject": "Betreff",
"sender": "Absender",
"inbox": "Posteingang",
"path": "Pfad",
"actions": "Aktionen",
"view": "Ansehen",
"no_emails_found": "Keine archivierten E-Mails gefunden.",
"prev": "Zurück",
"next": "Weiter"
}
}
}

260
packages/frontend/src/lib/translations/el.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Σύνδεση",
"login_tip": "Εισαγάγετε το email σας παρακάτω για να συνδεθείτε στον λογαριασμό σας.",
"email": "Email",
"password": "Κωδικός πρόσβασης"
},
"common": {
"working": "Επεξεργασία"
},
"archive": {
"title": "Αρχείο",
"no_subject": "Χωρίς θέμα",
"from": "Από",
"sent": "Απεσταλμένα",
"recipients": "Παραλήπτες",
"to": "Προς",
"meta_data": "Μεταδεδομένα",
"folder": "Φάκελος",
"tags": "Ετικέτες",
"size": "Μέγεθος",
"email_preview": "Προεπισκόπηση email",
"attachments": "Συνημμένα",
"download": "Λήψη",
"actions": "Ενέργειες",
"download_eml": "Λήψη email (.eml)",
"delete_email": "Διαγραφή email",
"email_thread": "Συνομιλία email",
"delete_confirmation_title": "Είστε βέβαιοι ότι θέλετε να διαγράψετε αυτό το email;",
"delete_confirmation_description": "Αυτή η ενέργεια δεν μπορεί να αναιρεθεί και θα διαγράψει οριστικά το email και τα συνημμένα του.",
"deleting": "Διαγραφή",
"confirm": "Επιβεβαίωση",
"cancel": "Άκυρο",
"not_found": "Το email δεν βρέθηκε."
},
"ingestions": {
"title": "Πηγές εισαγωγής",
"ingestion_sources": "Πηγές εισαγωγής",
"bulk_actions": "Μαζικές ενέργειες",
"force_sync": "Εξαναγκασμένος συγχρονισμός",
"delete": "Διαγραφή",
"create_new": "Δημιουργία νέου",
"name": "Όνομα",
"provider": "Πάροχος",
"status": "Κατάσταση",
"active": "Ενεργό",
"created_at": "Δημιουργήθηκε στις",
"actions": "Ενέργειες",
"last_sync_message": "Τελευταίο μήνυμα συγχρονισμού",
"empty": "Κενό",
"open_menu": "Άνοιγμα μενού",
"edit": "Επεξεργασία",
"create": "Δημιουργία",
"ingestion_source": "Πηγή εισαγωγής",
"edit_description": "Κάντε αλλαγές στην πηγή εισαγωγής σας εδώ.",
"create_description": "Προσθέστε μια νέα πηγή εισαγωγής για να ξεκινήσετε την αρχειοθέτηση των email.",
"read": "Διαβάστε",
"docs_here": "την τεκμηρίωση εδώ",
"delete_confirmation_title": "Είστε βέβαιοι ότι θέλετε να διαγράψετε αυτήν την εισαγωγή;",
"delete_confirmation_description": "Αυτό θα διαγράψει όλα τα αρχειοθετημένα email, τα συνημμένα, την ευρετηρίαση και τα αρχεία που σχετίζονται με αυτήν την εισαγωγή. Εάν θέλετε μόνο να σταματήσετε τον συγχρονισμό νέων email, μπορείτε να θέσετε σε παύση την εισαγωγή.",
"deleting": "Διαγραφή",
"confirm": "Επιβεβαίωση",
"cancel": "Άκυρο",
"bulk_delete_confirmation_title": "Είστε βέβαιοι ότι θέλετε να διαγράψετε τις {{count}} επιλεγμένες εισαγωγές;",
"bulk_delete_confirmation_description": "Αυτό θα διαγράψει όλα τα αρχειοθετημένα email, τα συνημμένα, την ευρετηρίαση και τα αρχεία που σχετίζονται με αυτές τις εισαγωγές. Εάν θέλετε μόνο να σταματήσετε τον συγχρονισμό νέων email, μπορείτε να θέσετε σε παύση τις εισαγωγές."
},
"search": {
"title": "Αναζήτηση",
"description": "Αναζήτηση για αρχειοθετημένα email.",
"email_search": "Αναζήτηση email",
"placeholder": "Αναζήτηση με λέξη-κλειδί, αποστολέα, παραλήπτη...",
"search_button": "Αναζήτηση",
"search_options": "Επιλογές αναζήτησης",
"strategy_fuzzy": "Ασαφής",
"strategy_verbatim": "Κατά λέξη",
"strategy_frequency": "Συχνότητα",
"select_strategy": "Επιλέξτε μια στρατηγική",
"error": "Σφάλμα",
"found_results_in": "Βρέθηκαν {{total}} αποτελέσματα σε {{seconds}}s",
"found_results": "Βρέθηκαν {{total}} αποτελέσματα",
"from": "Από",
"to": "Προς",
"in_email_body": "Στο σώμα του email",
"in_attachment": "Στο συνημμένο: {{filename}}",
"prev": "Προηγούμενο",
"next": "Επόμενο"
},
"roles": {
"title": "Διαχείριση ρόλων",
"role_management": "Διαχείριση ρόλων",
"create_new": "Δημιουργία νέου",
"name": "Όνομα",
"created_at": "Δημιουργήθηκε στις",
"actions": "Ενέργειες",
"open_menu": "Άνοιγμα μενού",
"view_policy": "Προβολή πολιτικής",
"edit": "Επεξεργασία",
"delete": "Διαγραφή",
"no_roles_found": "Δεν βρέθηκαν ρόλοι.",
"role_policy": "Πολιτική ρόλου",
"viewing_policy_for_role": "Προβολή πολιτικής για τον ρόλο: {{name}}",
"create": "Δημιουργία",
"role": "Ρόλος",
"edit_description": "Κάντε αλλαγές στον ρόλο εδώ.",
"create_description": "Προσθέστε έναν νέο ρόλο στο σύστημα.",
"delete_confirmation_title": "Είστε βέβαιοι ότι θέλετε να διαγράψετε αυτόν τον ρόλο;",
"delete_confirmation_description": "Αυτή η ενέργεια δεν μπορεί να αναιρεθεί. Αυτό θα διαγράψει οριστικά τον ρόλο.",
"deleting": "Διαγραφή",
"confirm": "Επιβεβαίωση",
"cancel": "Άκυρο"
},
"system_settings": {
"title": "Ρυθμίσεις συστήματος",
"system_settings": "Ρυθμίσεις συστήματος",
"description": "Διαχείριση καθολικών ρυθμίσεων εφαρμογής.",
"language": "Γλώσσα",
"default_theme": "Προεπιλεγμένο θέμα",
"light": "Φωτεινό",
"dark": "Σκοτεινό",
"system": "Σύστημα",
"support_email": "Email υποστήριξης",
"saving": "Αποθήκευση",
"save_changes": "Αποθήκευση αλλαγών"
},
"users": {
"title": "Διαχείριση χρηστών",
"user_management": "Διαχείριση χρηστών",
"create_new": "Δημιουργία νέου",
"name": "Όνομα",
"email": "Email",
"role": "Ρόλος",
"created_at": "Δημιουργήθηκε στις",
"actions": "Ενέργειες",
"open_menu": "Άνοιγμα μενού",
"edit": "Επεξεργασία",
"delete": "Διαγραφή",
"no_users_found": "Δεν βρέθηκαν χρήστες.",
"create": "Δημιουργία",
"user": "Χρήστης",
"edit_description": "Κάντε αλλαγές στον χρήστη εδώ.",
"create_description": "Προσθέστε έναν νέο χρήστη στο σύστημα.",
"delete_confirmation_title": "Είστε βέβαιοι ότι θέλετε να διαγράψετε αυτόν τον χρήστη;",
"delete_confirmation_description": "Αυτή η ενέργεια δεν μπορεί να αναιρεθεί. Αυτό θα διαγράψει οριστικά τον χρήστη και θα αφαιρέσει τα δεδομένα του από τους διακομιστές μας.",
"deleting": "Διαγραφή",
"confirm": "Επιβεβαίωση",
"cancel": "Άκυρο"
},
"components": {
"charts": {
"emails_ingested": "Εισερχόμενα email",
"storage_used": "Χρησιμοποιημένος χώρος αποθήκευσης",
"emails": "Email"
},
"common": {
"submitting": "Υποβολή...",
"submit": "Υποβολή",
"save": "Αποθήκευση"
},
"email_preview": {
"loading": "Φόρτωση προεπισκόπησης email...",
"render_error": "Δεν ήταν δυνατή η απόδοση της προεπισκόπησης email.",
"not_available": "Το ακατέργαστο αρχείο .eml δεν είναι διαθέσιμο για αυτό το email."
},
"footer": {
"all_rights_reserved": "Με επιφύλαξη παντός δικαιώματος."
},
"ingestion_source_form": {
"provider_generic_imap": "Γενικό IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "Εισαγωγή PST",
"provider_eml_import": "Εισαγωγή EML",
"select_provider": "Επιλέξτε έναν πάροχο",
"service_account_key": "Κλειδί λογαριασμού υπηρεσίας (JSON)",
"service_account_key_placeholder": "Επικολλήστε το περιεχόμενο JSON του κλειδιού του λογαριασμού υπηρεσίας σας",
"impersonated_admin_email": "Email διαχειριστή που έχει πλαστοπροσωπηθεί",
"client_id": "Αναγνωριστικό εφαρμογής (πελάτη)",
"client_secret": "Τιμή μυστικού πελάτη",
"client_secret_placeholder": "Εισαγάγετε την τιμή του μυστικού, όχι το αναγνωριστικό του μυστικού",
"tenant_id": "Αναγνωριστικό καταλόγου (μισθωτή)",
"host": "Κεντρικός υπολογιστής",
"port": "Θύρα",
"username": "Όνομα χρήστη",
"use_tls": "Χρήση TLS",
"pst_file": "Αρχείο PST",
"eml_file": "Αρχείο EML",
"heads_up": "Προσοχή!",
"org_wide_warning": "Λάβετε υπόψη ότι αυτή είναι μια λειτουργία σε επίπεδο οργανισμού. Αυτό το είδος εισαγωγής θα εισαγάγει και θα ευρετηριάσει <b>όλα</b> τα εισερχόμενα email στον οργανισμό σας. Εάν θέλετε να εισαγάγετε μόνο συγκεκριμένα εισερχόμενα email, χρησιμοποιήστε τη σύνδεση IMAP.",
"upload_failed": "Η μεταφόρτωση απέτυχε, δοκιμάστε ξανά"
},
"role_form": {
"policies_json": "Πολιτικές (JSON)",
"invalid_json": "Μη έγκυρη μορφή JSON για τις πολιτικές."
},
"theme_switcher": {
"toggle_theme": "Εναλλαγή θέματος"
},
"user_form": {
"select_role": "Επιλέξτε έναν ρόλο"
}
},
"setup": {
"title": "Εγκατάσταση",
"description": "Ρυθμίστε τον αρχικό λογαριασμό διαχειριστή για το Open Archiver.",
"welcome": "Καλώς ορίσατε",
"create_admin_account": "Δημιουργήστε τον πρώτο λογαριασμό διαχειριστή για να ξεκινήσετε.",
"first_name": "Όνομα",
"last_name": "Επώνυμο",
"email": "Email",
"password": "Κωδικός πρόσβασης",
"creating_account": "Δημιουργία λογαριασμού",
"create_account": "Δημιουργία λογαριασμού"
},
"layout": {
"dashboard": "Πίνακας ελέγχου",
"ingestions": "Εισαγωγές",
"archived_emails": "Αρχειοθετημένα email",
"search": "Αναζήτηση",
"settings": "Ρυθμίσεις",
"system": "Σύστημα",
"users": "Χρήστες",
"roles": "Ρόλοι",
"logout": "Αποσύνδεση"
},
"archived_emails_page": {
"title": "Αρχειοθετημένα email",
"header": "Αρχειοθετημένα email",
"select_ingestion_source": "Επιλέξτε μια πηγή εισαγωγής",
"date": "Ημερομηνία",
"subject": "Θέμα",
"sender": "Αποστολέας",
"inbox": "Εισερχόμενα",
"path": "Διαδρομή",
"actions": "Ενέργειες",
"view": "Προβολή",
"no_emails_found": "Δεν βρέθηκαν αρχειοθετημένα email.",
"prev": "Προηγούμενο",
"next": "Επόμενο"
},
"dashboard_page": {
"title": "Πίνακας ελέγχου",
"meta_description": "Επισκόπηση του αρχείου email σας.",
"header": "Πίνακας ελέγχου",
"create_ingestion": "Δημιουργία εισαγωγής",
"no_ingestion_header": "Δεν έχετε ρυθμίσει καμία πηγή εισαγωγής.",
"no_ingestion_text": "Προσθέστε μια πηγή εισαγωγής για να ξεκινήσετε την αρχειοθέτηση των εισερχομένων σας.",
"total_emails_archived": "Συνολικά αρχειοθετημένα email",
"total_storage_used": "Συνολικός χρησιμοποιημένος χώρος αποθήκευσης",
"failed_ingestions": "Αποτυχημένες εισαγωγές (Τελευταίες 7 ημέρες)",
"ingestion_history": "Ιστορικό εισαγωγής",
"no_ingestion_history": "Δεν υπάρχει διαθέσιμο ιστορικό εισαγωγής.",
"storage_by_source": "Αποθήκευση ανά πηγή εισαγωγής",
"no_ingestion_sources": "Δεν υπάρχουν διαθέσιμες πηγές εισαγωγής.",
"indexed_insights": "Ευρετηριασμένες πληροφορίες",
"top_10_senders": "Οι 10 κορυφαίοι αποστολείς",
"no_indexed_insights": "Δεν υπάρχουν διαθέσιμες ευρετηριασμένες πληροφορίες."
}
}
}

260
packages/frontend/src/lib/translations/en.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Login",
"login_tip": "Enter your email below to login to your account.",
"email": "Email",
"password": "Password"
},
"common": {
"working": "Working"
},
"archive": {
"title": "Archive",
"no_subject": "No Subject",
"from": "From",
"sent": "Sent",
"recipients": "Recipients",
"to": "To",
"meta_data": "Meta Data",
"folder": "Folder",
"tags": "Tags",
"size": "Size",
"email_preview": "Email Preview",
"attachments": "Attachments",
"download": "Download",
"actions": "Actions",
"download_eml": "Download Email (.eml)",
"delete_email": "Delete Email",
"email_thread": "Email Thread",
"delete_confirmation_title": "Are you sure you want to delete this email?",
"delete_confirmation_description": "This action cannot be undone and will permanently remove the email and its attachments.",
"deleting": "Deleting",
"confirm": "Confirm",
"cancel": "Cancel",
"not_found": "Email not found."
},
"ingestions": {
"title": "Ingestion Sources",
"ingestion_sources": "Ingestion Sources",
"bulk_actions": "Bulk Actions",
"force_sync": "Force Sync",
"delete": "Delete",
"create_new": "Create New",
"name": "Name",
"provider": "Provider",
"status": "Status",
"active": "Active",
"created_at": "Created At",
"actions": "Actions",
"last_sync_message": "Last sync message",
"empty": "Empty",
"open_menu": "Open menu",
"edit": "Edit",
"create": "Create",
"ingestion_source": "Ingestion Source",
"edit_description": "Make changes to your ingestion source here.",
"create_description": "Add a new ingestion source to start archiving emails.",
"read": "Read",
"docs_here": "docs here",
"delete_confirmation_title": "Are you sure you want to delete this ingestion?",
"delete_confirmation_description": "This will delete all archived emails, attachments, indexing, and files associated with this ingestion. If you only want to stop syncing new emails, you can pause the ingestion instead.",
"deleting": "Deleting",
"confirm": "Confirm",
"cancel": "Cancel",
"bulk_delete_confirmation_title": "Are you sure you want to delete {{count}} selected ingestions?",
"bulk_delete_confirmation_description": "This will delete all archived emails, attachments, indexing, and files associated with these ingestions. If you only want to stop syncing new emails, you can pause the ingestions instead."
},
"search": {
"title": "Search",
"description": "Search for archived emails.",
"email_search": "Email Search",
"placeholder": "Search by keyword, sender, recipient...",
"search_button": "Search",
"search_options": "Search options",
"strategy_fuzzy": "Fuzzy",
"strategy_verbatim": "Verbatim",
"strategy_frequency": "Frequency",
"select_strategy": "Select a strategy",
"error": "Error",
"found_results_in": "Found {{total}} results in {{seconds}}s",
"found_results": "Found {{total}} results",
"from": "From",
"to": "To",
"in_email_body": "In email body",
"in_attachment": "In attachment: {{filename}}",
"prev": "Prev",
"next": "Next"
},
"roles": {
"title": "Role Management",
"role_management": "Role Management",
"create_new": "Create New",
"name": "Name",
"created_at": "Created At",
"actions": "Actions",
"open_menu": "Open menu",
"view_policy": "View Policy",
"edit": "Edit",
"delete": "Delete",
"no_roles_found": "No roles found.",
"role_policy": "Role Policy",
"viewing_policy_for_role": "Viewing policy for role: {{name}}",
"create": "Create",
"role": "Role",
"edit_description": "Make changes to the role here.",
"create_description": "Add a new role to the system.",
"delete_confirmation_title": "Are you sure you want to delete this role?",
"delete_confirmation_description": "This action cannot be undone. This will permanently delete the role.",
"deleting": "Deleting",
"confirm": "Confirm",
"cancel": "Cancel"
},
"system_settings": {
"title": "System Settings",
"system_settings": "System Settings",
"description": "Manage global application settings.",
"language": "Language",
"default_theme": "Default theme",
"light": "Light",
"dark": "Dark",
"system": "System",
"support_email": "Support Email",
"saving": "Saving",
"save_changes": "Save Changes"
},
"users": {
"title": "User Management",
"user_management": "User Management",
"create_new": "Create New",
"name": "Name",
"email": "Email",
"role": "Role",
"created_at": "Created At",
"actions": "Actions",
"open_menu": "Open menu",
"edit": "Edit",
"delete": "Delete",
"no_users_found": "No users found.",
"create": "Create",
"user": "User",
"edit_description": "Make changes to the user here.",
"create_description": "Add a new user to the system.",
"delete_confirmation_title": "Are you sure you want to delete this user?",
"delete_confirmation_description": "This action cannot be undone. This will permanently delete the user and remove their data from our servers.",
"deleting": "Deleting",
"confirm": "Confirm",
"cancel": "Cancel"
},
"components": {
"charts": {
"emails_ingested": "Emails Ingested",
"storage_used": "Storage Used",
"emails": "Emails"
},
"common": {
"submitting": "Submitting...",
"submit": "Submit",
"save": "Save"
},
"email_preview": {
"loading": "Loading email preview...",
"render_error": "Could not render email preview.",
"not_available": "Raw .eml file not available for this email."
},
"footer": {
"all_rights_reserved": "All rights reserved."
},
"ingestion_source_form": {
"provider_generic_imap": "Generic IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "PST Import",
"provider_eml_import": "EML Import",
"select_provider": "Select a provider",
"service_account_key": "Service Account Key (JSON)",
"service_account_key_placeholder": "Paste your service account key JSON content",
"impersonated_admin_email": "Impersonated Admin Email",
"client_id": "Application (Client) ID",
"client_secret": "Client Secret Value",
"client_secret_placeholder": "Enter the secret Value, not the Secret ID",
"tenant_id": "Directory (Tenant) ID",
"host": "Host",
"port": "Port",
"username": "Username",
"use_tls": "Use TLS",
"pst_file": "PST File",
"eml_file": "EML File",
"heads_up": "Heads up!",
"org_wide_warning": "Please note that this is an organization-wide operation. This kind of ingestions will import and index <b>all</b> email inboxes in your organization. If you want to import only specific email inboxes, use the IMAP connector.",
"upload_failed": "Upload Failed, please try again"
},
"role_form": {
"policies_json": "Policies (JSON)",
"invalid_json": "Invalid JSON format for policies."
},
"theme_switcher": {
"toggle_theme": "Toggle theme"
},
"user_form": {
"select_role": "Select a role"
}
},
"setup": {
"title": "Setup",
"description": "Set up the initial administrator account for Open Archiver.",
"welcome": "Welcome",
"create_admin_account": "Create the first administrator account to get started.",
"first_name": "First name",
"last_name": "Last name",
"email": "Email",
"password": "Password",
"creating_account": "Creating Account",
"create_account": "Create Account"
},
"layout": {
"dashboard": "Dashboard",
"ingestions": "Ingestions",
"archived_emails": "Archived emails",
"search": "Search",
"settings": "Settings",
"system": "System",
"users": "Users",
"roles": "Roles",
"logout": "Logout"
},
"archived_emails_page": {
"title": "Archived emails",
"header": "Archived Emails",
"select_ingestion_source": "Select an ingestion source",
"date": "Date",
"subject": "Subject",
"sender": "Sender",
"inbox": "Inbox",
"path": "Path",
"actions": "Actions",
"view": "View",
"no_emails_found": "No archived emails found.",
"prev": "Prev",
"next": "Next"
},
"dashboard_page": {
"title": "Dashboard",
"meta_description": "Overview of your email archive.",
"header": "Dashboard",
"create_ingestion": "Create an ingestion",
"no_ingestion_header": "You don't have any ingestion source set up.",
"no_ingestion_text": "Add an ingestion source to start archiving your inboxes.",
"total_emails_archived": "Total Emails Archived",
"total_storage_used": "Total Storage Used",
"failed_ingestions": "Failed Ingestions (Last 7 Days)",
"ingestion_history": "Ingestion History",
"no_ingestion_history": "No ingestion history available.",
"storage_by_source": "Storage by Ingestion Source",
"no_ingestion_sources": "No ingestion sources available.",
"indexed_insights": "Indexed insights",
"top_10_senders": "Top 10 Senders",
"no_indexed_insights": "No indexed insights available."
}
}
}

260
packages/frontend/src/lib/translations/es.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Iniciar sesión",
"login_tip": "Ingrese su correo electrónico a continuación para iniciar sesión en su cuenta.",
"email": "Correo electrónico",
"password": "Contraseña"
},
"common": {
"working": "Trabajando"
},
"archive": {
"title": "Archivo",
"no_subject": "Sin asunto",
"from": "De",
"sent": "Enviado",
"recipients": "Destinatarios",
"to": "Para",
"meta_data": "Metadatos",
"folder": "Carpeta",
"tags": "Etiquetas",
"size": "Tamaño",
"email_preview": "Vista previa del correo electrónico",
"attachments": "Archivos adjuntos",
"download": "Descargar",
"actions": "Acciones",
"download_eml": "Descargar correo electrónico (.eml)",
"delete_email": "Eliminar correo electrónico",
"email_thread": "Hilo de correo electrónico",
"delete_confirmation_title": "¿Está seguro de que desea eliminar este correo electrónico?",
"delete_confirmation_description": "Esta acción no se puede deshacer y eliminará permanentemente el correo electrónico y sus archivos adjuntos.",
"deleting": "Eliminando",
"confirm": "Confirmar",
"cancel": "Cancelar",
"not_found": "Correo electrónico no encontrado."
},
"ingestions": {
"title": "Fuentes de ingesta",
"ingestion_sources": "Fuentes de ingesta",
"bulk_actions": "Acciones masivas",
"force_sync": "Forzar sincronización",
"delete": "Eliminar",
"create_new": "Crear nuevo",
"name": "Nombre",
"provider": "Proveedor",
"status": "Estado",
"active": "Activo",
"created_at": "Creado el",
"actions": "Acciones",
"last_sync_message": "Último mensaje de sincronización",
"empty": "Vacío",
"open_menu": "Abrir menú",
"edit": "Editar",
"create": "Crear",
"ingestion_source": "Fuente de ingesta",
"edit_description": "Realice cambios en su fuente de ingesta aquí.",
"create_description": "Agregue una nueva fuente de ingesta para comenzar a archivar correos electrónicos.",
"read": "Leer",
"docs_here": "documentos aquí",
"delete_confirmation_title": "¿Está seguro de que desea eliminar esta ingesta?",
"delete_confirmation_description": "Esto eliminará todos los correos electrónicos archivados, archivos adjuntos, indexación y archivos asociados con esta ingesta. Si solo desea dejar de sincronizar nuevos correos electrónicos, puede pausar la ingesta en su lugar.",
"deleting": "Eliminando",
"confirm": "Confirmar",
"cancel": "Cancelar",
"bulk_delete_confirmation_title": "¿Está seguro de que desea eliminar {{count}} ingestas seleccionadas?",
"bulk_delete_confirmation_description": "Esto eliminará todos los correos electrónicos archivados, archivos adjuntos, indexación y archivos asociados con estas ingestas. Si solo desea dejar de sincronizar nuevos correos electrónicos, puede pausar las ingestas en su lugar."
},
"search": {
"title": "Buscar",
"description": "Buscar correos electrónicos archivados.",
"email_search": "Búsqueda de correo electrónico",
"placeholder": "Buscar por palabra clave, remitente, destinatario...",
"search_button": "Buscar",
"search_options": "Opciones de búsqueda",
"strategy_fuzzy": "Difuso",
"strategy_verbatim": "Literal",
"strategy_frequency": "Frecuencia",
"select_strategy": "Seleccione una estrategia",
"error": "Error",
"found_results_in": "Se encontraron {{total}} resultados en {{seconds}}s",
"found_results": "Se encontraron {{total}} resultados",
"from": "De",
"to": "Para",
"in_email_body": "En el cuerpo del correo electrónico",
"in_attachment": "En el archivo adjunto: {{filename}}",
"prev": "Anterior",
"next": "Siguiente"
},
"roles": {
"title": "Gestión de roles",
"role_management": "Gestión de roles",
"create_new": "Crear nuevo",
"name": "Nombre",
"created_at": "Creado el",
"actions": "Acciones",
"open_menu": "Abrir menú",
"view_policy": "Ver política",
"edit": "Editar",
"delete": "Eliminar",
"no_roles_found": "No se encontraron roles.",
"role_policy": "Política de roles",
"viewing_policy_for_role": "Viendo la política para el rol: {{name}}",
"create": "Crear",
"role": "Rol",
"edit_description": "Realice cambios en el rol aquí.",
"create_description": "Agregue un nuevo rol al sistema.",
"delete_confirmation_title": "¿Está seguro de que desea eliminar este rol?",
"delete_confirmation_description": "Esta acción no se puede deshacer. Esto eliminará permanentemente el rol.",
"deleting": "Eliminando",
"confirm": "Confirmar",
"cancel": "Cancelar"
},
"system_settings": {
"title": "Configuración del sistema",
"system_settings": "Configuración del sistema",
"description": "Administrar la configuración global de la aplicación.",
"language": "Idioma",
"default_theme": "Tema predeterminado",
"light": "Claro",
"dark": "Oscuro",
"system": "Sistema",
"support_email": "Correo electrónico de soporte",
"saving": "Guardando",
"save_changes": "Guardar cambios"
},
"users": {
"title": "Gestión de usuarios",
"user_management": "Gestión de usuarios",
"create_new": "Crear nuevo",
"name": "Nombre",
"email": "Correo electrónico",
"role": "Rol",
"created_at": "Creado el",
"actions": "Acciones",
"open_menu": "Abrir menú",
"edit": "Editar",
"delete": "Eliminar",
"no_users_found": "No se encontraron usuarios.",
"create": "Crear",
"user": "Usuario",
"edit_description": "Realice cambios en el usuario aquí.",
"create_description": "Agregue un nuevo usuario al sistema.",
"delete_confirmation_title": "¿Está seguro de que desea eliminar este usuario?",
"delete_confirmation_description": "Esta acción no se puede deshacer. Esto eliminará permanentemente al usuario y eliminará sus datos de nuestros servidores.",
"deleting": "Eliminando",
"confirm": "Confirmar",
"cancel": "Cancelar"
},
"setup": {
"title": "Configuración",
"description": "Configure la cuenta de administrador inicial para Open Archiver.",
"welcome": "Bienvenido",
"create_admin_account": "Cree la primera cuenta de administrador para comenzar.",
"first_name": "Nombre",
"last_name": "Apellido",
"email": "Correo electrónico",
"password": "Contraseña",
"creating_account": "Creando cuenta",
"create_account": "Crear cuenta"
},
"layout": {
"dashboard": "Tablero",
"ingestions": "Ingestas",
"archived_emails": "Correos electrónicos archivados",
"search": "Buscar",
"settings": "Configuración",
"system": "Sistema",
"users": "Usuarios",
"roles": "Roles",
"logout": "Cerrar sesión"
},
"components": {
"charts": {
"emails_ingested": "Correos electrónicos ingeridos",
"storage_used": "Almacenamiento utilizado",
"emails": "Correos electrónicos"
},
"common": {
"submitting": "Enviando...",
"submit": "Enviar",
"save": "Guardar"
},
"email_preview": {
"loading": "Cargando vista previa del correo electrónico...",
"render_error": "No se pudo renderizar la vista previa del correo electrónico.",
"not_available": "El archivo .eml sin procesar no está disponible para este correo electrónico."
},
"footer": {
"all_rights_reserved": "Todos los derechos reservados."
},
"ingestion_source_form": {
"provider_generic_imap": "IMAP genérico",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "Importación de PST",
"provider_eml_import": "Importación de EML",
"select_provider": "Seleccione un proveedor",
"service_account_key": "Clave de cuenta de servicio (JSON)",
"service_account_key_placeholder": "Pegue el contenido JSON de su clave de cuenta de servicio",
"impersonated_admin_email": "Correo electrónico de administrador suplantado",
"client_id": "ID de aplicación (cliente)",
"client_secret": "Valor secreto del cliente",
"client_secret_placeholder": "Ingrese el valor secreto, no el ID secreto",
"tenant_id": "ID de directorio (inquilino)",
"host": "Host",
"port": "Puerto",
"username": "Nombre de usuario",
"use_tls": "Usar TLS",
"pst_file": "Archivo PST",
"eml_file": "Archivo EML",
"heads_up": "¡Atención!",
"org_wide_warning": "Tenga en cuenta que esta es una operación para toda la organización. Este tipo de ingestas importará e indexará <b>todos</b> los buzones de correo electrónico de su organización. Si desea importar solo buzones de correo electrónico específicos, utilice el conector IMAP.",
"upload_failed": "Error al cargar, por favor intente de nuevo"
},
"role_form": {
"policies_json": "Políticas (JSON)",
"invalid_json": "Formato JSON no válido para las políticas."
},
"theme_switcher": {
"toggle_theme": "Cambiar tema"
},
"user_form": {
"select_role": "Seleccione un rol"
}
},
"dashboard_page": {
"title": "Tablero",
"meta_description": "Resumen de su archivo de correo electrónico.",
"header": "Tablero",
"create_ingestion": "Crear una ingesta",
"no_ingestion_header": "No tiene ninguna fuente de ingesta configurada.",
"no_ingestion_text": "Agregue una fuente de ingesta para comenzar a archivar sus bandejas de entrada.",
"total_emails_archived": "Total de correos electrónicos archivados",
"total_storage_used": "Almacenamiento total utilizado",
"failed_ingestions": "Ingestas fallidas (últimos 7 días)",
"ingestion_history": "Historial de ingesta",
"no_ingestion_history": "No hay historial de ingesta disponible.",
"storage_by_source": "Almacenamiento por fuente de ingesta",
"no_ingestion_sources": "No hay fuentes de ingesta disponibles.",
"indexed_insights": "Información indexada",
"top_10_senders": "Los 10 principales remitentes",
"no_indexed_insights": "No hay información indexada disponible."
},
"archived_emails_page": {
"title": "Correos electrónicos archivados",
"header": "Correos electrónicos archivados",
"select_ingestion_source": "Seleccione una fuente de ingesta",
"date": "Fecha",
"subject": "Asunto",
"sender": "Remitente",
"inbox": "Bandeja de entrada",
"path": "Ruta",
"actions": "Acciones",
"view": "Ver",
"no_emails_found": "No se encontraron correos electrónicos archivados.",
"prev": "Anterior",
"next": "Siguiente"
}
}
}

260
packages/frontend/src/lib/translations/et.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Logi sisse",
"login_tip": "Oma kontole sisselogimiseks sisestage allpool oma e-posti aadress.",
"email": "E-post",
"password": "Parool"
},
"common": {
"working": "Töötan"
},
"archive": {
"title": "Arhiiv",
"no_subject": "Teema puudub",
"from": "Kellelt",
"sent": "Saadetud",
"recipients": "Saajad",
"to": "Kellele",
"meta_data": "Metaandmed",
"folder": "Kaust",
"tags": "Sildid",
"size": "Suurus",
"email_preview": "E-kirja eelvaade",
"attachments": "Manused",
"download": "Laadi alla",
"actions": "Toimingud",
"download_eml": "Laadi alla e-kiri (.eml)",
"delete_email": "Kustuta e-kiri",
"email_thread": "E-kirja lõim",
"delete_confirmation_title": "Kas olete kindel, et soovite selle e-kirja kustutada?",
"delete_confirmation_description": "Seda toimingut ei saa tagasi võtta ja see eemaldab e-kirja ja selle manused jäädavalt.",
"deleting": "Kustutamine",
"confirm": "Kinnita",
"cancel": "Tühista",
"not_found": "E-kirja ei leitud."
},
"ingestions": {
"title": "Sissevõtuallikad",
"ingestion_sources": "Sissevõtuallikad",
"bulk_actions": "Hulgitoimingud",
"force_sync": "Sunni sünkroonimine",
"delete": "Kustuta",
"create_new": "Loo uus",
"name": "Nimi",
"provider": "Pakkuja",
"status": "Olek",
"active": "Aktiivne",
"created_at": "Loodud",
"actions": "Toimingud",
"last_sync_message": "Viimane sünkroonimissõnum",
"empty": "Tühi",
"open_menu": "Ava menüü",
"edit": "Muuda",
"create": "Loo",
"ingestion_source": "Sissevõtuallikas",
"edit_description": "Tehke siin oma sissevõtuallikas muudatusi.",
"create_description": "E-kirjade arhiveerimise alustamiseks lisage uus sissevõtuallikas.",
"read": "Loe",
"docs_here": "dokumendid siin",
"delete_confirmation_title": "Kas olete kindel, et soovite selle sissevõtu kustutada?",
"delete_confirmation_description": "See kustutab kõik selle sissevõtuga seotud arhiveeritud e-kirjad, manused, indekseerimise ja failid. Kui soovite ainult uute e-kirjade sünkroonimise peatada, saate sissevõtu peatada.",
"deleting": "Kustutamine",
"confirm": "Kinnita",
"cancel": "Tühista",
"bulk_delete_confirmation_title": "Kas olete kindel, et soovite kustutada {{count}} valitud sissevõttu?",
"bulk_delete_confirmation_description": "See kustutab kõik nende sissevõttudega seotud arhiveeritud e-kirjad, manused, indekseerimise ja failid. Kui soovite ainult uute e-kirjade sünkroonimise peatada, saate sissevõtud peatada."
},
"search": {
"title": "Otsing",
"description": "Otsige arhiveeritud e-kirju.",
"email_search": "E-kirja otsing",
"placeholder": "Otsige märksõna, saatja, saaja järgi...",
"search_button": "Otsi",
"search_options": "Otsinguvalikud",
"strategy_fuzzy": "Hägune",
"strategy_verbatim": "Sõnasõnaline",
"strategy_frequency": "Sagedus",
"select_strategy": "Valige strateegia",
"error": "Viga",
"found_results_in": "Leiti {{total}} tulemust {{seconds}} sekundiga",
"found_results": "Leiti {{total}} tulemust",
"from": "Kellelt",
"to": "Kellele",
"in_email_body": "E-kirja sisus",
"in_attachment": "Manuses: {{filename}}",
"prev": "Eelmine",
"next": "Järgmine"
},
"roles": {
"title": "Rollide haldamine",
"role_management": "Rollide haldamine",
"create_new": "Loo uus",
"name": "Nimi",
"created_at": "Loodud",
"actions": "Toimingud",
"open_menu": "Ava menüü",
"view_policy": "Vaata poliitikat",
"edit": "Muuda",
"delete": "Kustuta",
"no_roles_found": "Rolle ei leitud.",
"role_policy": "Rollipoliitika",
"viewing_policy_for_role": "Rolli poliitika vaatamine: {{name}}",
"create": "Loo",
"role": "Roll",
"edit_description": "Tehke siin rollis muudatusi.",
"create_description": "Lisage süsteemi uus roll.",
"delete_confirmation_title": "Kas olete kindel, et soovite selle rolli kustutada?",
"delete_confirmation_description": "Seda toimingut ei saa tagasi võtta. See kustutab rolli jäädavalt.",
"deleting": "Kustutamine",
"confirm": "Kinnita",
"cancel": "Tühista"
},
"system_settings": {
"title": "Süsteemi seaded",
"system_settings": "Süsteemi seaded",
"description": "Hallake globaalseid rakenduse seadeid.",
"language": "Keel",
"default_theme": "Vaiketeema",
"light": "Hele",
"dark": "Tume",
"system": "Süsteem",
"support_email": "Tugi e-post",
"saving": "Salvestamine",
"save_changes": "Salvesta muudatused"
},
"users": {
"title": "Kasutajate haldamine",
"user_management": "Kasutajate haldamine",
"create_new": "Loo uus",
"name": "Nimi",
"email": "E-post",
"role": "Roll",
"created_at": "Loodud",
"actions": "Toimingud",
"open_menu": "Ava menüü",
"edit": "Muuda",
"delete": "Kustuta",
"no_users_found": "Kasutajaid ei leitud.",
"create": "Loo",
"user": "Kasutaja",
"edit_description": "Tehke siin kasutajas muudatusi.",
"create_description": "Lisage süsteemi uus kasutaja.",
"delete_confirmation_title": "Kas olete kindel, et soovite selle kasutaja kustutada?",
"delete_confirmation_description": "Seda toimingut ei saa tagasi võtta. See kustutab kasutaja jäädavalt ja eemaldab tema andmed meie serveritest.",
"deleting": "Kustutamine",
"confirm": "Kinnita",
"cancel": "Tühista"
},
"setup": {
"title": "Seadistamine",
"description": "Seadistage Open Archiveri esialgne administraatorikonto.",
"welcome": "Tere tulemast",
"create_admin_account": "Alustamiseks looge esimene administraatorikonto.",
"first_name": "Eesnimi",
"last_name": "Perekonnanimi",
"email": "E-post",
"password": "Parool",
"creating_account": "Konto loomine",
"create_account": "Loo konto"
},
"layout": {
"dashboard": "Armatuurlaud",
"ingestions": "Sissevõtud",
"archived_emails": "Arhiveeritud e-kirjad",
"search": "Otsing",
"settings": "Seaded",
"system": "Süsteem",
"users": "Kasutajad",
"roles": "Rollid",
"logout": "Logi välja"
},
"components": {
"charts": {
"emails_ingested": "Sissevõetud e-kirjad",
"storage_used": "Kasutatud salvestusruum",
"emails": "E-kirjad"
},
"common": {
"submitting": "Esitamine...",
"submit": "Esita",
"save": "Salvesta"
},
"email_preview": {
"loading": "E-kirja eelvaate laadimine...",
"render_error": "E-kirja eelvaadet ei saanud renderdada.",
"not_available": "Selle e-kirja jaoks pole toores .eml-faili saadaval."
},
"footer": {
"all_rights_reserved": "Kõik õigused kaitstud."
},
"ingestion_source_form": {
"provider_generic_imap": "Üldine IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "PST import",
"provider_eml_import": "EML import",
"select_provider": "Valige pakkuja",
"service_account_key": "Teenusekonto võti (JSON)",
"service_account_key_placeholder": "Kleepige oma teenusekonto võtme JSON-sisu",
"impersonated_admin_email": "Impersoniseeritud administraatori e-post",
"client_id": "Rakenduse (kliendi) ID",
"client_secret": "Kliendi salajane väärtus",
"client_secret_placeholder": "Sisestage salajane väärtus, mitte salajane ID",
"tenant_id": "Kataloogi (üürniku) ID",
"host": "Host",
"port": "Port",
"username": "Kasutajanimi",
"use_tls": "Kasuta TLS-i",
"pst_file": "PST-fail",
"eml_file": "EML-fail",
"heads_up": "Tähelepanu!",
"org_wide_warning": "Pange tähele, et see on kogu organisatsiooni hõlmav toiming. Seda tüüpi sissevõtud impordivad ja indekseerivad <b>kõik</b> teie organisatsiooni e-posti postkastid. Kui soovite importida ainult konkreetseid e-posti postkaste, kasutage IMAP-konnektorit.",
"upload_failed": "Üleslaadimine ebaõnnestus, proovige uuesti"
},
"role_form": {
"policies_json": "Poliitikad (JSON)",
"invalid_json": "Poliitikate jaoks kehtetu JSON-vorming."
},
"theme_switcher": {
"toggle_theme": "Vaheta teemat"
},
"user_form": {
"select_role": "Valige roll"
}
},
"dashboard_page": {
"title": "Armatuurlaud",
"meta_description": "Ülevaade teie e-posti arhiivist.",
"header": "Armatuurlaud",
"create_ingestion": "Loo sissevõtt",
"no_ingestion_header": "Teil pole ühtegi sissevõtuallikat seadistatud.",
"no_ingestion_text": "Postkastide arhiveerimise alustamiseks lisage sissevõtuallikas.",
"total_emails_archived": "Arhiveeritud e-kirjade koguarv",
"total_storage_used": "Kasutatud salvestusruum kokku",
"failed_ingestions": "Ebaõnnestunud sissevõtud (viimased 7 päeva)",
"ingestion_history": "Sissevõtuajalugu",
"no_ingestion_history": "Sissevõtuajalugu pole saadaval.",
"storage_by_source": "Salvestusruum sissevõtuallika järgi",
"no_ingestion_sources": "Sissevõtuallikaid pole saadaval.",
"indexed_insights": "Indekseeritud ülevaated",
"top_10_senders": "Top 10 saatjat",
"no_indexed_insights": "Indekseeritud ülevaateid pole saadaval."
},
"archived_emails_page": {
"title": "Arhiveeritud e-kirjad",
"header": "Arhiveeritud e-kirjad",
"select_ingestion_source": "Valige sissevõtuallikas",
"date": "Kuupäev",
"subject": "Teema",
"sender": "Saatja",
"inbox": "Postkast",
"path": "Tee",
"actions": "Toimingud",
"view": "Vaade",
"no_emails_found": "Arhiveeritud e-kirju ei leitud.",
"prev": "Eelmine",
"next": "Järgmine"
}
}
}

260
packages/frontend/src/lib/translations/fr.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Connexion",
"login_tip": "Entrez votre email ci-dessous pour vous connecter à votre compte.",
"email": "Email",
"password": "Mot de passe"
},
"common": {
"working": "Travail en cours"
},
"archive": {
"title": "Archive",
"no_subject": "Pas de sujet",
"from": "De",
"sent": "Envoyé",
"recipients": "Destinataires",
"to": "À",
"meta_data": "Métadonnées",
"folder": "Dossier",
"tags": "Tags",
"size": "Taille",
"email_preview": "Aperçu de l'email",
"attachments": "Pièces jointes",
"download": "Télécharger",
"actions": "Actions",
"download_eml": "Télécharger l'email (.eml)",
"delete_email": "Supprimer l'email",
"email_thread": "Fil de discussion",
"delete_confirmation_title": "Êtes-vous sûr de vouloir supprimer cet email ?",
"delete_confirmation_description": "Cette action est irréversible et supprimera définitivement l'email et ses pièces jointes.",
"deleting": "Suppression en cours",
"confirm": "Confirmer",
"cancel": "Annuler",
"not_found": "Email non trouvé."
},
"ingestions": {
"title": "Sources d'ingestion",
"ingestion_sources": "Sources d'ingestion",
"bulk_actions": "Actions en masse",
"force_sync": "Forcer la synchronisation",
"delete": "Supprimer",
"create_new": "Créer",
"name": "Nom",
"provider": "Fournisseur",
"status": "Statut",
"active": "Actif",
"created_at": "Créé le",
"actions": "Actions",
"last_sync_message": "Dernier message de synchronisation",
"empty": "Vide",
"open_menu": "Ouvrir le menu",
"edit": "Modifier",
"create": "Créer",
"ingestion_source": "Source d'ingestion",
"edit_description": "Modifiez votre source d'ingestion ici.",
"create_description": "Ajoutez une nouvelle source d'ingestion pour commencer à archiver les emails.",
"read": "Lire",
"docs_here": "docs ici",
"delete_confirmation_title": "Êtes-vous sûr de vouloir supprimer cette ingestion ?",
"delete_confirmation_description": "Cela supprimera tous les emails archivés, les pièces jointes, l'indexation et les fichiers associés à cette ingestion. Si vous souhaitez uniquement arrêter la synchronisation des nouveaux emails, vous pouvez suspendre l'ingestion à la place.",
"deleting": "Suppression en cours",
"confirm": "Confirmer",
"cancel": "Annuler",
"bulk_delete_confirmation_title": "Êtes-vous sûr de vouloir supprimer {{count}} ingestions sélectionnées ?",
"bulk_delete_confirmation_description": "Cela supprimera tous les emails archivés, les pièces jointes, l'indexation et les fichiers associés à ces ingestions. Si vous souhaitez uniquement arrêter la synchronisation des nouveaux emails, vous pouvez suspendre les ingestions à la place."
},
"search": {
"title": "Recherche",
"description": "Rechercher des emails archivés.",
"email_search": "Recherche d'emails",
"placeholder": "Rechercher par mot-clé, expéditeur, destinataire...",
"search_button": "Rechercher",
"search_options": "Options de recherche",
"strategy_fuzzy": "Floue",
"strategy_verbatim": "Textuelle",
"strategy_frequency": "Fréquence",
"select_strategy": "Sélectionnez une stratégie",
"error": "Erreur",
"found_results_in": "{{total}} résultats trouvés en {{seconds}}s",
"found_results": "{{total}} résultats trouvés",
"from": "De",
"to": "À",
"in_email_body": "Dans le corps de l'email",
"in_attachment": "Dans la pièce jointe : {{filename}}",
"prev": "Préc",
"next": "Suiv"
},
"roles": {
"title": "Gestion des rôles",
"role_management": "Gestion des rôles",
"create_new": "Créer",
"name": "Nom",
"created_at": "Créé le",
"actions": "Actions",
"open_menu": "Ouvrir le menu",
"view_policy": "Voir la politique",
"edit": "Modifier",
"delete": "Supprimer",
"no_roles_found": "Aucun rôle trouvé.",
"role_policy": "Politique de rôle",
"viewing_policy_for_role": "Affichage de la politique pour le rôle : {{name}}",
"create": "Créer",
"role": "Rôle",
"edit_description": "Modifiez le rôle ici.",
"create_description": "Ajoutez un nouveau rôle au système.",
"delete_confirmation_title": "Êtes-vous sûr de vouloir supprimer ce rôle ?",
"delete_confirmation_description": "Cette action est irréversible. Cela supprimera définitivement le rôle.",
"deleting": "Suppression en cours",
"confirm": "Confirmer",
"cancel": "Annuler"
},
"system_settings": {
"title": "Paramètres système",
"system_settings": "Paramètres système",
"description": "Gérer les paramètres globaux de l'application.",
"language": "Langue",
"default_theme": "Thème par défaut",
"light": "Clair",
"dark": "Sombre",
"system": "Système",
"support_email": "Email de support",
"saving": "Enregistrement",
"save_changes": "Enregistrer les modifications"
},
"users": {
"title": "Gestion des utilisateurs",
"user_management": "Gestion des utilisateurs",
"create_new": "Créer",
"name": "Nom",
"email": "Email",
"role": "Rôle",
"created_at": "Créé le",
"actions": "Actions",
"open_menu": "Ouvrir le menu",
"edit": "Modifier",
"delete": "Supprimer",
"no_users_found": "Aucun utilisateur trouvé.",
"create": "Créer",
"user": "Utilisateur",
"edit_description": "Modifiez l'utilisateur ici.",
"create_description": "Ajoutez un nouvel utilisateur au système.",
"delete_confirmation_title": "Êtes-vous sûr de vouloir supprimer cet utilisateur ?",
"delete_confirmation_description": "Cette action est irréversible. Cela supprimera définitivement l'utilisateur et ses données de nos serveurs.",
"deleting": "Suppression en cours",
"confirm": "Confirmer",
"cancel": "Annuler"
},
"setup": {
"title": "Configuration",
"description": "Configurez le compte administrateur initial pour Open Archiver.",
"welcome": "Bienvenue",
"create_admin_account": "Créez le premier compte administrateur pour commencer.",
"first_name": "Prénom",
"last_name": "Nom de famille",
"email": "Email",
"password": "Mot de passe",
"creating_account": "Création du compte",
"create_account": "Créer un compte"
},
"layout": {
"dashboard": "Tableau de bord",
"ingestions": "Ingestions",
"archived_emails": "E-mails archivés",
"search": "Recherche",
"settings": "Paramètres",
"system": "Système",
"users": "Utilisateurs",
"roles": "Rôles",
"logout": "Déconnexion"
},
"components": {
"charts": {
"emails_ingested": "E-mails ingérés",
"storage_used": "Stockage utilisé",
"emails": "E-mails"
},
"common": {
"submitting": "Soumission...",
"submit": "Soumettre",
"save": "Enregistrer"
},
"email_preview": {
"loading": "Chargement de l'aperçu de l'email...",
"render_error": "Impossible de rendre l'aperçu de l'email.",
"not_available": "Le fichier .eml brut n'est pas disponible pour cet email."
},
"footer": {
"all_rights_reserved": "Tous droits réservés."
},
"ingestion_source_form": {
"provider_generic_imap": "IMAP générique",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "Importation PST",
"provider_eml_import": "Importation EML",
"select_provider": "Sélectionnez un fournisseur",
"service_account_key": "Clé de compte de service (JSON)",
"service_account_key_placeholder": "Collez le contenu JSON de votre clé de compte de service",
"impersonated_admin_email": "Email de l'administrateur impersonné",
"client_id": "ID de l'application (client)",
"client_secret": "Valeur secrète du client",
"client_secret_placeholder": "Entrez la valeur secrète, pas l'ID secret",
"tenant_id": "ID du répertoire (locataire)",
"host": "Hôte",
"port": "Port",
"username": "Nom d'utilisateur",
"use_tls": "Utiliser TLS",
"pst_file": "Fichier PST",
"eml_file": "Fichier EML",
"heads_up": "Attention !",
"org_wide_warning": "Veuillez noter qu'il s'agit d'une opération à l'échelle de l'organisation. Ce type d'ingestion importera et indexera <b>toutes</b> les boîtes de réception de votre organisation. Si vous souhaitez importer uniquement des boîtes de réception spécifiques, utilisez le connecteur IMAP.",
"upload_failed": "Échec du téléchargement, veuillez réessayer"
},
"role_form": {
"policies_json": "Politiques (JSON)",
"invalid_json": "Format JSON invalide pour les politiques."
},
"theme_switcher": {
"toggle_theme": "Changer de thème"
},
"user_form": {
"select_role": "Sélectionnez un rôle"
}
},
"dashboard_page": {
"title": "Tableau de bord",
"meta_description": "Aperçu de vos archives d'e-mails.",
"header": "Tableau de bord",
"create_ingestion": "Créer une ingestion",
"no_ingestion_header": "Vous n'avez aucune source d'ingestion configurée.",
"no_ingestion_text": "Ajoutez une source d'ingestion pour commencer à archiver vos boîtes de réception.",
"total_emails_archived": "Total des e-mails archivés",
"total_storage_used": "Stockage total utilisé",
"failed_ingestions": "Ingestions échouées (7 derniers jours)",
"ingestion_history": "Historique d'ingestion",
"no_ingestion_history": "Aucun historique d'ingestion disponible.",
"storage_by_source": "Stockage par source d'ingestion",
"no_ingestion_sources": "Aucune source d'ingestion disponible.",
"indexed_insights": "Informations indexées",
"top_10_senders": "Top 10 des expéditeurs",
"no_indexed_insights": "Aucune information indexée disponible."
},
"archived_emails_page": {
"title": "E-mails archivés",
"header": "E-mails archivés",
"select_ingestion_source": "Sélectionnez une source d'ingestion",
"date": "Date",
"subject": "Sujet",
"sender": "Expéditeur",
"inbox": "Boîte de réception",
"path": "Chemin",
"actions": "Actions",
"view": "Voir",
"no_emails_found": "Aucun e-mail archivé trouvé.",
"prev": "Préc",
"next": "Suiv"
}
}
}

129
packages/frontend/src/lib/translations/index.ts Normal file
View File

@@ -0,0 +1,129 @@
import i18n from 'sveltekit-i18n';
import type { Config } from 'sveltekit-i18n';
// Import your locales
import en from './en.json';
import de from './de.json';
import es from './es.json';
import fr from './fr.json';
import it from './it.json';
import pt from './pt.json';
import nl from './nl.json';
import ja from './ja.json';
import et from './et.json';
import el from './el.json';
// This is your config object.
// It defines the languages and how to load them.
const config: Config = {
// Define the loaders for each language
loaders: [
// English 🇬🇧
{
locale: 'en',
key: 'app', // This key matches the top-level key in your en.json
loader: async () => en.app, // We return the nested 'app' object
},
// German 🇩🇪
{
locale: 'de',
key: 'app', // This key matches the top-level key in your en.json
loader: async () => de.app, // We return the nested 'app' object
},
// Spanish 🇪🇸
{
locale: 'es',
key: 'app',
loader: async () => es.app,
},
// French 🇫🇷
{
locale: 'fr',
key: 'app',
loader: async () => fr.app,
},
// Italian 🇮🇹
{
locale: 'it',
key: 'app',
loader: async () => it.app,
},
// Portuguese 🇵🇹
{
locale: 'pt',
key: 'app',
loader: async () => pt.app,
},
// Dutch 🇳🇱
{
locale: 'nl',
key: 'app',
loader: async () => nl.app,
},
// Japanese 🇯🇵
{
locale: 'ja',
key: 'app',
loader: async () => ja.app,
},
// Estonian 🇪🇪
{
locale: 'et',
key: 'app',
loader: async () => et.app,
},
// Greek 🇬🇷
{
locale: 'el',
key: 'app',
loader: async () => el.app,
},
],
fallbackLocale: 'en',
};
// Create the i18n instance.
// export const i18nInstance = new i18n(config);
export const { t, locale, locales, loading, loadTranslations } = new i18n(config);
// Export the t store for use in components
// export const t = i18n.t;
// import i18n from 'sveltekit-i18n';
// import type { Config } from 'sveltekit-i18n';
// const config: Config = ({
// loaders: [
// {
// locale: 'en',
// key: 'app',
// loader: async () => (
// await import('./en/app.json')
// ).default,
// },
// {
// locale: 'en',
// key: 'marketing',
// loader: async () => (
// await import('./en/marketing.json')
// ).default,
// },
// {
// locale: 'fr',
// key: 'app',
// loader: async () => (
// await import('./fr/app.json')
// ).default,
// },
// {
// locale: 'fr',
// key: 'marketing',
// loader: async () => (
// await import('./fr/marketing.json')
// ).default,
// },
// ],
// fallbackLocale: 'en'
// });
// export const { t, locale, locales, loading, loadTranslations } = new i18n(config);

260
packages/frontend/src/lib/translations/it.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Accesso",
"login_tip": "Inserisci la tua email qui sotto per accedere al tuo account.",
"email": "Email",
"password": "Password"
},
"common": {
"working": "In lavorazione"
},
"archive": {
"title": "Archivio",
"no_subject": "Nessun oggetto",
"from": "Da",
"sent": "Inviato",
"recipients": "Destinatari",
"to": "A",
"meta_data": "Metadati",
"folder": "Cartella",
"tags": "Tag",
"size": "Dimensione",
"email_preview": "Anteprima email",
"attachments": "Allegati",
"download": "Scarica",
"actions": "Azioni",
"download_eml": "Scarica email (.eml)",
"delete_email": "Elimina email",
"email_thread": "Thread email",
"delete_confirmation_title": "Sei sicuro di voler eliminare questa email?",
"delete_confirmation_description": "Questa azione non può essere annullata ed eliminerà permanentemente l'email e i suoi allegati.",
"deleting": "Eliminazione in corso",
"confirm": "Conferma",
"cancel": "Annulla",
"not_found": "Email non trovata."
},
"ingestions": {
"title": "Fonti di ingestione",
"ingestion_sources": "Fonti di ingestione",
"bulk_actions": "Azioni di massa",
"force_sync": "Forza sincronizzazione",
"delete": "Elimina",
"create_new": "Crea nuovo",
"name": "Nome",
"provider": "Provider",
"status": "Stato",
"active": "Attivo",
"created_at": "Creato il",
"actions": "Azioni",
"last_sync_message": "Ultimo messaggio di sincronizzazione",
"empty": "Vuoto",
"open_menu": "Apri menu",
"edit": "Modifica",
"create": "Crea",
"ingestion_source": "Fonte di ingestione",
"edit_description": "Apporta modifiche alla tua fonte di ingestione qui.",
"create_description": "Aggiungi una nuova fonte di ingestione per iniziare ad archiviare le email.",
"read": "Leggi",
"docs_here": "documenti qui",
"delete_confirmation_title": "Sei sicuro di voler eliminare questa ingestione?",
"delete_confirmation_description": "Questo eliminerà tutte le email archiviate, gli allegati, l'indicizzazione e i file associati a questa ingestione. Se desideri solo interrompere la sincronizzazione di nuove email, puoi invece mettere in pausa l'ingestione.",
"deleting": "Eliminazione in corso",
"confirm": "Conferma",
"cancel": "Annulla",
"bulk_delete_confirmation_title": "Sei sicuro di voler eliminare {{count}} ingestioni selezionate?",
"bulk_delete_confirmation_description": "Questo eliminerà tutte le email archiviate, gli allegati, l'indicizzazione e i file associati a queste ingestioni. Se desideri solo interrompere la sincronizzazione di nuove email, puoi invece mettere in pausa le ingestioni."
},
"search": {
"title": "Cerca",
"description": "Cerca email archiviate.",
"email_search": "Ricerca email",
"placeholder": "Cerca per parola chiave, mittente, destinatario...",
"search_button": "Cerca",
"search_options": "Opzioni di ricerca",
"strategy_fuzzy": "Fuzzy",
"strategy_verbatim": "Verbatim",
"strategy_frequency": "Frequenza",
"select_strategy": "Seleziona una strategia",
"error": "Errore",
"found_results_in": "Trovati {{total}} risultati in {{seconds}}s",
"found_results": "Trovati {{total}} risultati",
"from": "Da",
"to": "A",
"in_email_body": "Nel corpo dell'email",
"in_attachment": "Nell'allegato: {{filename}}",
"prev": "Prec",
"next": "Succ"
},
"roles": {
"title": "Gestione ruoli",
"role_management": "Gestione ruoli",
"create_new": "Crea nuovo",
"name": "Nome",
"created_at": "Creato il",
"actions": "Azioni",
"open_menu": "Apri menu",
"view_policy": "Visualizza policy",
"edit": "Modifica",
"delete": "Elimina",
"no_roles_found": "Nessun ruolo trovato.",
"role_policy": "Policy ruolo",
"viewing_policy_for_role": "Visualizzazione policy per il ruolo: {{name}}",
"create": "Crea",
"role": "Ruolo",
"edit_description": "Apporta modifiche al ruolo qui.",
"create_description": "Aggiungi un nuovo ruolo al sistema.",
"delete_confirmation_title": "Sei sicuro di voler eliminare questo ruolo?",
"delete_confirmation_description": "Questa azione non può essere annullata. Questo eliminerà permanentemente il ruolo.",
"deleting": "Eliminazione in corso",
"confirm": "Conferma",
"cancel": "Annulla"
},
"system_settings": {
"title": "Impostazioni di sistema",
"system_settings": "Impostazioni di sistema",
"description": "Gestisci le impostazioni globali dell'applicazione.",
"language": "Lingua",
"default_theme": "Tema predefinito",
"light": "Chiaro",
"dark": "Scuro",
"system": "Sistema",
"support_email": "Email di supporto",
"saving": "Salvataggio",
"save_changes": "Salva modifiche"
},
"users": {
"title": "Gestione utenti",
"user_management": "Gestione utenti",
"create_new": "Crea nuovo",
"name": "Nome",
"email": "Email",
"role": "Ruolo",
"created_at": "Creato il",
"actions": "Azioni",
"open_menu": "Apri menu",
"edit": "Modifica",
"delete": "Elimina",
"no_users_found": "Nessun utente trovato.",
"create": "Crea",
"user": "Utente",
"edit_description": "Apporta modifiche all'utente qui.",
"create_description": "Aggiungi un nuovo utente al sistema.",
"delete_confirmation_title": "Sei sicuro di voler eliminare questo utente?",
"delete_confirmation_description": "Questa azione non può essere annullata. Questo eliminerà permanentemente l'utente e rimuoverà i suoi dati dai nostri server.",
"deleting": "Eliminazione in corso",
"confirm": "Conferma",
"cancel": "Annulla"
},
"setup": {
"title": "Configurazione",
"description": "Configura l'account amministratore iniziale per Open Archiver.",
"welcome": "Benvenuto",
"create_admin_account": "Crea il primo account amministratore per iniziare.",
"first_name": "Nome",
"last_name": "Cognome",
"email": "Email",
"password": "Password",
"creating_account": "Creazione account",
"create_account": "Crea account"
},
"layout": {
"dashboard": "Dashboard",
"ingestions": "Ingestioni",
"archived_emails": "Email archiviate",
"search": "Cerca",
"settings": "Impostazioni",
"system": "Sistema",
"users": "Utenti",
"roles": "Ruoli",
"logout": "Esci"
},
"components": {
"charts": {
"emails_ingested": "Email ingerite",
"storage_used": "Spazio di archiviazione utilizzato",
"emails": "Email"
},
"common": {
"submitting": "Invio in corso...",
"submit": "Invia",
"save": "Salva"
},
"email_preview": {
"loading": "Caricamento anteprima email...",
"render_error": "Impossibile visualizzare l'anteprima dell'email.",
"not_available": "File .eml non disponibile per questa email."
},
"footer": {
"all_rights_reserved": "Tutti i diritti riservati."
},
"ingestion_source_form": {
"provider_generic_imap": "IMAP generico",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "Importazione PST",
"provider_eml_import": "Importazione EML",
"select_provider": "Seleziona un provider",
"service_account_key": "Chiave account di servizio (JSON)",
"service_account_key_placeholder": "Incolla il contenuto JSON della tua chiave account di servizio",
"impersonated_admin_email": "Email amministratore impersonata",
"client_id": "ID applicazione (client)",
"client_secret": "Valore segreto client",
"client_secret_placeholder": "Inserisci il valore segreto, non l'ID segreto",
"tenant_id": "ID directory (tenant)",
"host": "Host",
"port": "Porta",
"username": "Nome utente",
"use_tls": "Usa TLS",
"pst_file": "File PST",
"eml_file": "File EML",
"heads_up": "Attenzione!",
"org_wide_warning": "Si prega di notare che questa è un'operazione a livello di organizzazione. Questo tipo di ingestione importerà e indicizzerà <b>tutte</b> le caselle di posta elettronica della tua organizzazione. Se desideri importare solo caselle di posta elettronica specifiche, utilizza il connettore IMAP.",
"upload_failed": "Caricamento non riuscito, riprova"
},
"role_form": {
"policies_json": "Policy (JSON)",
"invalid_json": "Formato JSON non valido per le policy."
},
"theme_switcher": {
"toggle_theme": "Cambia tema"
},
"user_form": {
"select_role": "Seleziona un ruolo"
}
},
"dashboard_page": {
"title": "Dashboard",
"meta_description": "Panoramica del tuo archivio email.",
"header": "Dashboard",
"create_ingestion": "Crea un'ingestione",
"no_ingestion_header": "Non hai alcuna fonte di ingestione configurata.",
"no_ingestion_text": "Aggiungi una fonte di ingestione per iniziare ad archiviare le tue caselle di posta.",
"total_emails_archived": "Email totali archiviate",
"total_storage_used": "Spazio di archiviazione totale utilizzato",
"failed_ingestions": "Ingestioni non riuscite (ultimi 7 giorni)",
"ingestion_history": "Cronologia ingestioni",
"no_ingestion_history": "Nessuna cronologia di ingestione disponibile.",
"storage_by_source": "Archiviazione per fonte di ingestione",
"no_ingestion_sources": "Nessuna fonte di ingestione disponibile.",
"indexed_insights": "Approfondimenti indicizzati",
"top_10_senders": "Top 10 mittenti",
"no_indexed_insights": "Nessun approfondimento indicizzato disponibile."
},
"archived_emails_page": {
"title": "Email archiviate",
"header": "Email archiviate",
"select_ingestion_source": "Seleziona una fonte di ingestione",
"date": "Data",
"subject": "Oggetto",
"sender": "Mittente",
"inbox": "Posta in arrivo",
"path": "Percorso",
"actions": "Azioni",
"view": "Visualizza",
"no_emails_found": "Nessuna email archiviata trovata.",
"prev": "Prec",
"next": "Succ"
}
}
}

260
packages/frontend/src/lib/translations/ja.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "ログイン",
"login_tip": "アカウントにログインするには、以下にメールアドレスを入力してください。",
"email": "メール",
"password": "パスワード"
},
"common": {
"working": "作業中"
},
"archive": {
"title": "アーカイブ",
"no_subject": "件名なし",
"from": "差出人",
"sent": "送信日時",
"recipients": "受信者",
"to": "宛先",
"meta_data": "メタデータ",
"folder": "フォルダー",
"tags": "タグ",
"size": "サイズ",
"email_preview": "メールプレビュー",
"attachments": "添付ファイル",
"download": "ダウンロード",
"actions": "アクション",
"download_eml": "メールをダウンロード (.eml)",
"delete_email": "メールを削除",
"email_thread": "メールのスレッド",
"delete_confirmation_title": "このメールを削除してもよろしいですか?",
"delete_confirmation_description": "この操作は元に戻せません。メールと添付ファイルが完全に削除されます。",
"deleting": "削除中",
"confirm": "確認",
"cancel": "キャンセル",
"not_found": "メールが見つかりません。"
},
"ingestions": {
"title": "取り込み元",
"ingestion_sources": "取り込み元",
"bulk_actions": "一括操作",
"force_sync": "強制同期",
"delete": "削除",
"create_new": "新規作成",
"name": "名前",
"provider": "プロバイダー",
"status": "ステータス",
"active": "アクティブ",
"created_at": "作成日",
"actions": "アクション",
"last_sync_message": "最終同期メッセージ",
"empty": "空",
"open_menu": "メニューを開く",
"edit": "編集",
"create": "作成",
"ingestion_source": "取り込み元",
"edit_description": "ここで取り込み元を変更します。",
"create_description": "メールのアーカイブを開始するために、新しい取り込み元を追加します。",
"read": "読む",
"docs_here": "ドキュメントはこちら",
"delete_confirmation_title": "この取り込みを削除してもよろしいですか?",
"delete_confirmation_description": "これにより、この取り込みに関連するすべてのアーカイブ済みメール、添付ファイル、インデックス、およびファイルが削除されます。新しいメールの同期を停止したいだけの場合は、代わりに取り込みを一時停止できます。",
"deleting": "削除中",
"confirm": "確認",
"cancel": "キャンセル",
"bulk_delete_confirmation_title": "選択した{{count}}件の取り込みを削除してもよろしいですか?",
"bulk_delete_confirmation_description": "これにより、これらの取り込みに関連するすべてのアーカイブ済みメール、添付ファイル、インデックス、およびファイルが削除されます。新しいメールの同期を停止したいだけの場合は、代わりに取り込みを一時停止できます。"
},
"search": {
"title": "検索",
"description": "アーカイブされたメールを検索します。",
"email_search": "メール検索",
"placeholder": "キーワード、送信者、受信者で検索...",
"search_button": "検索",
"search_options": "検索オプション",
"strategy_fuzzy": "あいまい",
"strategy_verbatim": "逐語的",
"strategy_frequency": "頻度",
"select_strategy": "戦略を選択",
"error": "エラー",
"found_results_in": "{{seconds}}秒で{{total}}件の結果が見つかりました",
"found_results": "{{total}}件の結果が見つかりました",
"from": "差出人",
"to": "宛先",
"in_email_body": "メール本文内",
"in_attachment": "添付ファイル内: {{filename}}",
"prev": "前へ",
"next": "次へ"
},
"roles": {
"title": "ロール管理",
"role_management": "ロール管理",
"create_new": "新規作成",
"name": "名前",
"created_at": "作成日",
"actions": "アクション",
"open_menu": "メニューを開く",
"view_policy": "ポリシーを表示",
"edit": "編集",
"delete": "削除",
"no_roles_found": "ロールが見つかりません。",
"role_policy": "ロールポリシー",
"viewing_policy_for_role": "ロールのポリシーを表示中: {{name}}",
"create": "作成",
"role": "ロール",
"edit_description": "ここでロールを変更します。",
"create_description": "システムに新しいロールを追加します。",
"delete_confirmation_title": "このロールを削除してもよろしいですか?",
"delete_confirmation_description": "この操作は元に戻せません。これにより、ロールが完全に削除されます。",
"deleting": "削除中",
"confirm": "確認",
"cancel": "キャンセル"
},
"system_settings": {
"title": "システム設定",
"system_settings": "システム設定",
"description": "グローバルなアプリケーション設定を管理します。",
"language": "言語",
"default_theme": "デフォルトのテーマ",
"light": "ライト",
"dark": "ダーク",
"system": "システム",
"support_email": "サポートメール",
"saving": "保存中",
"save_changes": "変更を保存"
},
"users": {
"title": "ユーザー管理",
"user_management": "ユーザー管理",
"create_new": "新規作成",
"name": "名前",
"email": "メール",
"role": "ロール",
"created_at": "作成日",
"actions": "アクション",
"open_menu": "メニューを開く",
"edit": "編集",
"delete": "削除",
"no_users_found": "ユーザーが見つかりません。",
"create": "作成",
"user": "ユーザー",
"edit_description": "ここでユーザーを変更します。",
"create_description": "システムに新しいユーザーを追加します。",
"delete_confirmation_title": "このユーザーを削除してもよろしいですか?",
"delete_confirmation_description": "この操作は元に戻せません。これにより、ユーザーが完全に削除され、データがサーバーから削除されます。",
"deleting": "削除中",
"confirm": "確認",
"cancel": "キャンセル"
},
"setup": {
"title": "セットアップ",
"description": "Open Archiverの初期管理者アカウントをセットアップします。",
"welcome": "ようこそ",
"create_admin_account": "開始するには、最初の管理者アカウントを作成してください。",
"first_name": "名",
"last_name": "姓",
"email": "メール",
"password": "パスワード",
"creating_account": "アカウント作成中",
"create_account": "アカウントを作成"
},
"layout": {
"dashboard": "ダッシュボード",
"ingestions": "取り込み",
"archived_emails": "アーカイブされたメール",
"search": "検索",
"settings": "設定",
"system": "システム",
"users": "ユーザー",
"roles": "ロール",
"logout": "ログアウト"
},
"components": {
"charts": {
"emails_ingested": "取り込まれたメール",
"storage_used": "使用済みストレージ",
"emails": "メール"
},
"common": {
"submitting": "送信中...",
"submit": "送信",
"save": "保存"
},
"email_preview": {
"loading": "メールプレビューを読み込んでいます...",
"render_error": "メールプレビューをレンダリングできませんでした。",
"not_available": "このメールの生の.emlファイルはありません。"
},
"footer": {
"all_rights_reserved": "無断複写・転載を禁じます。"
},
"ingestion_source_form": {
"provider_generic_imap": "汎用IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "PSTインポート",
"provider_eml_import": "EMLインポート",
"select_provider": "プロバイダーを選択",
"service_account_key": "サービスアカウントキー (JSON)",
"service_account_key_placeholder": "サービスアカウントキーのJSONコンテンツを貼り付けます",
"impersonated_admin_email": "偽装された管理者メール",
"client_id": "アプリケーション (クライアント) ID",
"client_secret": "クライアントシークレット値",
"client_secret_placeholder": "シークレットIDではなく、シークレット値を入力してください",
"tenant_id": "ディレクトリ (テナント) ID",
"host": "ホスト",
"port": "ポート",
"username": "ユーザー名",
"use_tls": "TLSを使用",
"pst_file": "PSTファイル",
"eml_file": "EMLファイル",
"heads_up": "ご注意ください!",
"org_wide_warning": "これは組織全体の操作であることに注意してください。この種の取り込みは、組織内の<b>すべて</b>のメールボックスをインポートしてインデックスを作成します。特定のメールボックスのみをインポートする場合は、IMAPコネクタを使用してください。",
"upload_failed": "アップロードに失敗しました。もう一度お試しください"
},
"role_form": {
"policies_json": "ポリシー (JSON)",
"invalid_json": "ポリシーのJSON形式が無効です。"
},
"theme_switcher": {
"toggle_theme": "テーマを切り替える"
},
"user_form": {
"select_role": "役割を選択"
}
},
"dashboard_page": {
"title": "ダッシュボード",
"meta_description": "メールアーカイブの概要。",
"header": "ダッシュボード",
"create_ingestion": "取り込みを作成",
"no_ingestion_header": "取り込みソースが設定されていません。",
"no_ingestion_text": "受信トレイのアーカイブを開始するには、取り込みソースを追加してください。",
"total_emails_archived": "アーカイブされたメールの総数",
"total_storage_used": "総ストレージ使用量",
"failed_ingestions": "失敗した取り込み過去7日間",
"ingestion_history": "取り込み履歴",
"no_ingestion_history": "取り込み履歴はありません。",
"storage_by_source": "取り込みソース別のストレージ",
"no_ingestion_sources": "利用可能な取り込みソースはありません。",
"indexed_insights": "インデックス付きインサイト",
"top_10_senders": "トップ10送信者",
"no_indexed_insights": "インデックス付きインサイトはありません。"
},
"archived_emails_page": {
"title": "アーカイブされたメール",
"header": "アーカイブされたメール",
"select_ingestion_source": "取り込み元を選択",
"date": "日付",
"subject": "件名",
"sender": "差出人",
"inbox": "受信トレイ",
"path": "パス",
"actions": "アクション",
"view": "表示",
"no_emails_found": "アーカイブされたメールは見つかりませんでした。",
"prev": "前へ",
"next": "次へ"
}
}
}

260
packages/frontend/src/lib/translations/nl.json Normal file
View File

@@ -0,0 +1,260 @@
{
"app": {
"auth": {
"login": "Inloggen",
"login_tip": "Voer hieronder uw e-mailadres in om in te loggen op uw account.",
"email": "E-mail",
"password": "Wachtwoord"
},
"common": {
"working": "Bezig"
},
"archive": {
"title": "Archief",
"no_subject": "Geen onderwerp",
"from": "Van",
"sent": "Verzonden",
"recipients": "Ontvangers",
"to": "Aan",
"meta_data": "Metadata",
"folder": "Map",
"tags": "Tags",
"size": "Grootte",
"email_preview": "E-mailvoorbeeld",
"attachments": "Bijlagen",
"download": "Downloaden",
"actions": "Acties",
"download_eml": "E-mail downloaden (.eml)",
"delete_email": "E-mail verwijderen",
"email_thread": "E-mailthread",
"delete_confirmation_title": "Weet u zeker dat u deze e-mail wilt verwijderen?",
"delete_confirmation_description": "Deze actie kan niet ongedaan worden gemaakt en zal de e-mail en de bijlagen permanent verwijderen.",
"deleting": "Verwijderen",
"confirm": "Bevestigen",
"cancel": "Annuleren",
"not_found": "E-mail niet gevonden."
},
"ingestions": {
"title": "Innamebronnen",
"ingestion_sources": "Innamebronnen",
"bulk_actions": "Bulkacties",
"force_sync": "Synchronisatie forceren",
"delete": "Verwijderen",
"create_new": "Nieuw aanmaken",
"name": "Naam",
"provider": "Provider",
"status": "Status",
"active": "Actief",
"created_at": "Aangemaakt op",
"actions": "Acties",
"last_sync_message": "Laatste synchronisatiebericht",
"empty": "Leeg",
"open_menu": "Menu openen",
"edit": "Bewerken",
"create": "Aanmaken",
"ingestion_source": "Innamebron",
"edit_description": "Breng hier wijzigingen aan in uw innamebron.",
"create_description": "Voeg een nieuwe innamebron toe om e-mails te archiveren.",
"read": "Lezen",
"docs_here": "documenten hier",
"delete_confirmation_title": "Weet u zeker dat u deze inname wilt verwijderen?",
"delete_confirmation_description": "Dit verwijdert alle gearchiveerde e-mails, bijlagen, indexering en bestanden die aan deze inname zijn gekoppeld. Als u alleen wilt stoppen met het synchroniseren van nieuwe e-mails, kunt u de inname in plaats daarvan pauzeren.",
"deleting": "Verwijderen",
"confirm": "Bevestigen",
"cancel": "Annuleren",
"bulk_delete_confirmation_title": "Weet u zeker dat u {{count}} geselecteerde innames wilt verwijderen?",
"bulk_delete_confirmation_description": "Dit verwijdert alle gearchiveerde e-mails, bijlagen, indexering en bestanden die aan deze innames zijn gekoppeld. Als u alleen wilt stoppen met het synchroniseren van nieuwe e-mails, kunt u de innames in plaats daarvan pauzeren."
},
"search": {
"title": "Zoeken",
"description": "Zoeken naar gearchiveerde e-mails.",
"email_search": "E-mail zoeken",
"placeholder": "Zoeken op trefwoord, afzender, ontvanger...",
"search_button": "Zoeken",
"search_options": "Zoekopties",
"strategy_fuzzy": "Fuzzy",
"strategy_verbatim": "Letterlijk",
"strategy_frequency": "Frequentie",
"select_strategy": "Selecteer een strategie",
"error": "Fout",
"found_results_in": "{{total}} resultaten gevonden in {{seconds}}s",
"found_results": "{{total}} resultaten gevonden",
"from": "Van",
"to": "Aan",
"in_email_body": "In e-mailtekst",
"in_attachment": "In bijlage: {{filename}}",
"prev": "Vorige",
"next": "Volgende"
},
"roles": {
"title": "Rollenbeheer",
"role_management": "Rollenbeheer",
"create_new": "Nieuw aanmaken",
"name": "Naam",
"created_at": "Aangemaakt op",
"actions": "Acties",
"open_menu": "Menu openen",
"view_policy": "Beleid bekijken",
"edit": "Bewerken",
"delete": "Verwijderen",
"no_roles_found": "Geen rollen gevonden.",
"role_policy": "Rollenbeleid",
"viewing_policy_for_role": "Beleid bekijken voor rol: {{name}}",
"create": "Aanmaken",
"role": "Rol",
"edit_description": "Breng hier wijzigingen aan in de rol.",
"create_description": "Voeg een nieuwe rol toe aan het systeem.",
"delete_confirmation_title": "Weet u zeker dat u deze rol wilt verwijderen?",
"delete_confirmation_description": "Deze actie kan niet ongedaan worden gemaakt. Dit zal de rol permanent verwijderen.",
"deleting": "Verwijderen",
"confirm": "Bevestigen",
"cancel": "Annuleren"
},
"system_settings": {
"title": "Systeeminstellingen",
"system_settings": "Systeeminstellingen",
"description": "Beheer de algemene applicatie-instellingen.",
"language": "Taal",
"default_theme": "Standaardthema",
"light": "Licht",
"dark": "Donker",
"system": "Systeem",
"support_email": "Ondersteunings-e-mail",
"saving": "Opslaan",
"save_changes": "Wijzigingen opslaan"
},
"users": {
"title": "Gebruikersbeheer",
"user_management": "Gebruikersbeheer",
"create_new": "Nieuw aanmaken",
"name": "Naam",
"email": "E-mail",
"role": "Rol",
"created_at": "Aangemaakt op",
"actions": "Acties",
"open_menu": "Menu openen",
"edit": "Bewerken",
"delete": "Verwijderen",
"no_users_found": "Geen gebruikers gevonden.",
"create": "Aanmaken",
"user": "Gebruiker",
"edit_description": "Breng hier wijzigingen aan in de gebruiker.",
"create_description": "Voeg een nieuwe gebruiker toe aan het systeem.",
"delete_confirmation_title": "Weet u zeker dat u deze gebruiker wilt verwijderen?",
"delete_confirmation_description": "Deze actie kan niet ongedaan worden gemaakt. Dit zal de gebruiker permanent verwijderen en hun gegevens van onze servers verwijderen.",
"deleting": "Verwijderen",
"confirm": "Bevestigen",
"cancel": "Annuleren"
},
"setup": {
"title": "Installatie",
"description": "Stel het initiële beheerdersaccount in voor Open Archiver.",
"welcome": "Welkom",
"create_admin_account": "Maak het eerste beheerdersaccount aan om te beginnen.",
"first_name": "Voornaam",
"last_name": "Achternaam",
"email": "E-mail",
"password": "Wachtwoord",
"creating_account": "Account aanmaken",
"create_account": "Account aanmaken"
},
"layout": {
"dashboard": "Dashboard",
"ingestions": "Innames",
"archived_emails": "Gearchiveerde e-mails",
"search": "Zoeken",
"settings": "Instellingen",
"system": "Systeem",
"users": "Gebruikers",
"roles": "Rollen",
"logout": "Uitloggen"
},
"components": {
"charts": {
"emails_ingested": "E-mails opgenomen",
"storage_used": "Opslag gebruikt",
"emails": "E-mails"
},
"common": {
"submitting": "Verzenden...",
"submit": "Verzenden",
"save": "Opslaan"
},
"email_preview": {
"loading": "E-mailvoorbeeld laden...",
"render_error": "Kan e-mailvoorbeeld niet weergeven.",
"not_available": "Ruwe .eml-bestand niet beschikbaar voor deze e-mail."
},
"footer": {
"all_rights_reserved": "Alle rechten voorbehouden."
},
"ingestion_source_form": {
"provider_generic_imap": "Generieke IMAP",
"provider_google_workspace": "Google Workspace",
"provider_microsoft_365": "Microsoft 365",
"provider_pst_import": "PST importeren",
"provider_eml_import": "EML importeren",
"select_provider": "Selecteer een provider",
"service_account_key": "Servicesleutel (JSON)",
"service_account_key_placeholder": "Plak de JSON-inhoud van uw servicesleutel",
"impersonated_admin_email": "Geïmpersoneerde beheerders-e-mail",
"client_id": "Applicatie (client) ID",
"client_secret": "Clientgeheimwaarde",
"client_secret_placeholder": "Voer de geheime waarde in, niet de geheime ID",
"tenant_id": "Directory (tenant) ID",
"host": "Host",
"port": "Poort",
"username": "Gebruikersnaam",
"use_tls": "TLS gebruiken",
"pst_file": "PST-bestand",
"eml_file": "EML-bestand",
"heads_up": "Let op!",
"org_wide_warning": "Houd er rekening mee dat dit een organisatiebrede bewerking is. Dit type inname importeert en indexeert <b>alle</b> e-mailboxen in uw organisatie. Als u alleen specifieke e-mailboxen wilt importeren, gebruik dan de IMAP-connector.",
"upload_failed": "Uploaden mislukt, probeer het opnieuw"
},
"role_form": {
"policies_json": "Beleid (JSON)",
"invalid_json": "Ongeldig JSON-formaat voor beleid."
},
"theme_switcher": {
"toggle_theme": "Thema wisselen"
},
"user_form": {
"select_role": "Selecteer een rol"
}
},
"dashboard_page": {
"title": "Dashboard",
"meta_description": "Overzicht van uw e-mailarchief.",
"header": "Dashboard",
"create_ingestion": "Maak een inname",
"no_ingestion_header": "U heeft geen innamebron ingesteld.",
"no_ingestion_text": "Voeg een innamebron toe om uw inboxen te archiveren.",
"total_emails_archived": "Totaal aantal gearchiveerde e-mails",
"total_storage_used": "Totaal gebruikte opslag",
"failed_ingestions": "Mislukte innames (laatste 7 dagen)",
"ingestion_history": "Innamegeschiedenis",
"no_ingestion_history": "Geen innamegeschiedenis beschikbaar.",
"storage_by_source": "Opslag per innamebron",
"no_ingestion_sources": "Geen innamebronnen beschikbaar.",
"indexed_insights": "Geïndexeerde inzichten",
"top_10_senders": "Top 10 afzenders",
"no_indexed_insights": "Geen geïndexeerde inzichten beschikbaar."
},
"archived_emails_page": {
"title": "Gearchiveerde e-mails",
"header": "Gearchiveerde e-mails",
"select_ingestion_source": "Selecteer een innamebron",
"date": "Datum",
"subject": "Onderwerp",
"sender": "Afzender",
"inbox": "Inbox",
"path": "Pad",
"actions": "Acties",
"view": "Bekijken",
"no_emails_found": "Geen gearchiveerde e-mails gevonden.",
"prev": "Vorige",
"next": "Volgende"
}
}
}

Some files were not shown because too many files have changed in this diff Show More