From 6577021bd72090af18f296a3d704ee5c57a8bedc Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Thu, 7 Aug 2025 15:11:55 +0200
Subject: [PATCH] Simplify PRIVATE_EMAIL_DOMAINS to default to empty string
 (#1098)

---
 .env.example                                |  4 +--
 apps/server/AliasVault.Client/entrypoint.sh |  2 +-
 dockerfiles/Dockerfile.server.allinone      |  6 ++--
 install.sh                                  | 33 ++++++++-------------
 4 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/.env.example b/.env.example
index 84e13b33a..dccb3768f 100644
--- a/.env.example
+++ b/.env.example
@@ -84,8 +84,8 @@ ADMIN_PASSWORD_GENERATED=2024-01-01T00:00:00Z
 #
 # Set the private email domains below that are allowed to be used (comma separated values).
 # Example: PRIVATE_EMAIL_DOMAINS=example.com,example2.org
-# To disable the private email domains feature, set this to "DISABLED.TLD"
-PRIVATE_EMAIL_DOMAINS=DISABLED.TLD
+# To disable the private email domains feature, keep this empty.
+PRIVATE_EMAIL_DOMAINS=
 
 # Enable TLS for SMTP.
 # ⚠️ Requires valid TLS certificates on your mail server (not provided by the AliasVault installer).
diff --git a/apps/server/AliasVault.Client/entrypoint.sh b/apps/server/AliasVault.Client/entrypoint.sh
index 0f49f6160..5290bd323 100755
--- a/apps/server/AliasVault.Client/entrypoint.sh
+++ b/apps/server/AliasVault.Client/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Set the default values
-DEFAULT_PRIVATE_EMAIL_DOMAINS="DISABLED.TLD"
+DEFAULT_PRIVATE_EMAIL_DOMAINS=""
 DEFAULT_SUPPORT_EMAIL=""
 DEFAULT_PUBLIC_REGISTRATION_ENABLED="true"
 
diff --git a/dockerfiles/Dockerfile.server.allinone b/dockerfiles/Dockerfile.server.allinone
index afa5816d1..db04a62da 100644
--- a/dockerfiles/Dockerfile.server.allinone
+++ b/dockerfiles/Dockerfile.server.allinone
@@ -190,7 +190,7 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/api && \
       echo 'export ConnectionStrings__AliasServerDbContext="Host=localhost;Database=aliasvault;Username=aliasvault;Password=${POSTGRES_PASSWORD:-defaultpassword}"'; \
       echo 'export ASPNETCORE_URLS="http://0.0.0.0:3001"'; \
       echo 'export ASPNETCORE_PATHBASE="/api"'; \
-      echo 'export PRIVATE_EMAIL_DOMAINS="${PRIVATE_EMAIL_DOMAINS:-DISABLED.TLD}"'; \
+      echo 'export PRIVATE_EMAIL_DOMAINS="${PRIVATE_EMAIL_DOMAINS:-}"'; \
       echo 'export PUBLIC_REGISTRATION_ENABLED="${PUBLIC_REGISTRATION_ENABLED:-true}"'; \
       echo 'export IP_LOGGING_ENABLED="${IP_LOGGING_ENABLED:-true}"'; \
       echo 'exec dotnet AliasVault.Api.dll'; \
@@ -204,7 +204,7 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/api && \
 RUN mkdir -p /etc/s6-overlay/s6-rc.d/client && \
     { echo '#!/command/with-contenv bash'; \
       echo '# Client service entrypoint'; \
-      echo 'DEFAULT_PRIVATE_EMAIL_DOMAINS="DISABLED.TLD"'; \
+      echo 'DEFAULT_PRIVATE_EMAIL_DOMAINS=""'; \
       echo 'DEFAULT_SUPPORT_EMAIL=""'; \
       echo 'PRIVATE_EMAIL_DOMAINS=${PRIVATE_EMAIL_DOMAINS:-$DEFAULT_PRIVATE_EMAIL_DOMAINS}'; \
       echo 'SUPPORT_EMAIL=${SUPPORT_EMAIL:-$DEFAULT_SUPPORT_EMAIL}'; \
@@ -255,7 +255,7 @@ RUN mkdir -p /etc/s6-overlay/s6-rc.d/smtp && \
     { echo '#!/command/with-contenv bash'; \
       echo 'cd /app/smtp'; \
       echo 'export ConnectionStrings__AliasServerDbContext="Host=localhost;Database=aliasvault;Username=aliasvault;Password=${POSTGRES_PASSWORD:-defaultpassword}"'; \
-      echo 'export PRIVATE_EMAIL_DOMAINS="${PRIVATE_EMAIL_DOMAINS:-DISABLED.TLD}"'; \
+      echo 'export PRIVATE_EMAIL_DOMAINS="${PRIVATE_EMAIL_DOMAINS:-}"'; \
       echo 'export SMTP_TLS_ENABLED="${SMTP_TLS_ENABLED:-false}"'; \
       echo 'exec dotnet AliasVault.SmtpService.dll'; \
     } > /etc/s6-overlay/s6-rc.d/smtp/run && \
diff --git a/install.sh b/install.sh
index b4159b489..0608981db 100755
--- a/install.sh
+++ b/install.sh
@@ -1672,7 +1672,7 @@ handle_email_configuration() {
     printf "\n"
     printf "${CYAN}Current Configuration:${NC}\n"
 
-    if [ "$CURRENT_DOMAINS" = "DISABLED.TLD" ]; then
+    if [ -z "$CURRENT_DOMAINS" ] || [ "$CURRENT_DOMAINS" = "DISABLED.TLD" ]; then
         printf "Email Server Status: ${RED}Disabled${NC}\n"
     else
         printf "Email Server Status: ${GREEN}Enabled${NC}\n"
@@ -1763,7 +1763,7 @@ handle_email_configuration() {
             fi
 
             # Disable email server
-            if ! update_env_var "PRIVATE_EMAIL_DOMAINS" "DISABLED.TLD"; then
+            if ! update_env_var "PRIVATE_EMAIL_DOMAINS" ""; then
                 printf "${RED}Failed to update configuration.${NC}\n"
                 exit 1
             fi
@@ -2673,14 +2673,14 @@ handle_ip_logging_configuration() {
 
 check_and_populate_env() {
     printf "${CYAN}ℹ Checking .env values...${NC} ${GREEN}✓${NC}\n"
-    local any_missing=false
+
+    # === Section 1: Initialize missing environment variables ===
 
     # SUPPORT_EMAIL
     if ! grep -q "^SUPPORT_EMAIL=" "$ENV_FILE"; then
         read -p "Enter server admin support email address that is shown on contact page (optional, press Enter to skip): " SUPPORT_EMAIL
         update_env_var "SUPPORT_EMAIL" "$SUPPORT_EMAIL"
         printf "  Set SUPPORT_EMAIL\n"
-        any_missing=true
     fi
 
     # JWT_KEY
@@ -2688,7 +2688,6 @@ check_and_populate_env() {
         JWT_KEY=$(openssl rand -base64 32)
         update_env_var "JWT_KEY" "$JWT_KEY"
         printf "  Set JWT_KEY\n"
-        any_missing=true
     fi
 
     # DATA_PROTECTION_CERT_PASS
@@ -2696,7 +2695,6 @@ check_and_populate_env() {
         CERT_PASS=$(openssl rand -base64 32)
         update_env_var "DATA_PROTECTION_CERT_PASS" "$CERT_PASS"
         printf "  Set DATA_PROTECTION_CERT_PASS\n"
-        any_missing=true
     fi
 
     # POSTGRES_PASSWORD
@@ -2704,46 +2702,41 @@ check_and_populate_env() {
         POSTGRES_PASS=$(openssl rand -base64 32)
         update_env_var "POSTGRES_PASSWORD" "$POSTGRES_PASS"
         printf "  Generated POSTGRES_PASSWORD\n"
-        any_missing=true
     fi
 
     # PRIVATE_EMAIL_DOMAINS
     if ! grep -q "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" || [ -z "$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
-        update_env_var "PRIVATE_EMAIL_DOMAINS" "DISABLED.TLD"
+        update_env_var "PRIVATE_EMAIL_DOMAINS" ""
         printf "  Set PRIVATE_EMAIL_DOMAINS\n"
-        any_missing=true
-    fi
-
-    # SMTP_TLS_ENABLED
-    if ! grep -q "^SMTP_TLS_ENABLED=" "$ENV_FILE"; then
-        update_env_var "SMTP_TLS_ENABLED" "false"
-        printf "  Set SMTP_TLS_ENABLED\n"
-        any_missing=true
     fi
 
     # HTTP_PORT
     if ! grep -q "^HTTP_PORT=" "$ENV_FILE" || [ -z "$(grep "^HTTP_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
         update_env_var "HTTP_PORT" "80"
         printf "  Set HTTP_PORT\n"
-        any_missing=true
     fi
     # HTTPS_PORT
     if ! grep -q "^HTTPS_PORT=" "$ENV_FILE" || [ -z "$(grep "^HTTPS_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
         update_env_var "HTTPS_PORT" "443"
         printf "  Set HTTPS_PORT\n"
-        any_missing=true
     fi
     # SMTP_PORT
     if ! grep -q "^SMTP_PORT=" "$ENV_FILE" || [ -z "$(grep "^SMTP_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
         update_env_var "SMTP_PORT" "25"
         printf "  Set SMTP_PORT\n"
-        any_missing=true
     fi
     # SMTP_TLS_PORT
     if ! grep -q "^SMTP_TLS_PORT=" "$ENV_FILE" || [ -z "$(grep "^SMTP_TLS_PORT=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
         update_env_var "SMTP_TLS_PORT" "587"
         printf "  Set SMTP_TLS_PORT\n"
-        any_missing=true
+    fi
+
+    # === Section 2: Migrations and upgrades for existing environment variables ===
+
+    # Migrate PRIVATE_EMAIL_DOMAINS from DISABLED.TLD to empty string (v0.22.0+)
+    if grep -q "^PRIVATE_EMAIL_DOMAINS=DISABLED.TLD" "$ENV_FILE"; then
+        update_env_var "PRIVATE_EMAIL_DOMAINS" ""
+        printf "  Migrated PRIVATE_EMAIL_DOMAINS (DISABLED.TLD → empty string, v0.22.0+)\n"
     fi
 }