Inboxen

This is the complete system with everything you need to set up Inboxen.

The current maintainer of this repo is Matt Molyneaux

GPG keys

GPG keys used by Inboxen developers to sign releases:

Matt Molyneaux <[email protected]> 19F5 A8DC C917 FD00 E859 02F4 878B 5A2A 1D47 C084

Security

If you find a security issue with Inboxen, email security@moggers87.co.uk. If you wish to send an encrypted report, then please use key id 0x878B5A2A1D47C084

Once reported, all security vulnerabilities will be acted on immediately and a fix with full disclosure will go out to everyone at the same time.

Developing

You'll need the following tools:

• Git
• Python (we strongly recommend you use virtualenv too)
• PostgreSQL
• NodeJS
• GNU Make
• EditorConfig (optional)

This project comes with a .editorconfig file - we recommend installing it to avoid things like mixing tabs/spaces or accidentally saving files with DOS-style newlines.

Set yourself up with a virtual environment and run the following:

git clone https://github.com/Inboxen/Inboxen.git cd Inboxen make

When you've made your changes, remember to check your code style and run unit tests.

Python tests:

python manage.py test

JS tests:

npx grunt karma

To check code style on Python:

tox -e isort,lint

And finally, check JS code style:

npx grunt jshint

Local HTTP server

You'll need a inboxen.config file, for example:

secret_key: some_random_string debug: true tasks: always_eager: true

If you want to start a local HTTP server to test out your changes, run the following:

python manage.py runserver

You can connect to it on http://localhost:8000/.

With debug=true, you'll have the Django Debug Toolbar enabled and you can find the Inboxen styleguide at http://localhost:8000/styleguide

Pinned Dependencies

Inboxen uses pip-tools to help manage its dependencies. The direct requirements of Inboxen are kept in requirements.in and then we use the following command to pin the entire dependency graph:

pip-compile --upgrade --output-file requirements.txt requirements.in

The resulting requirements.txt can be installed to a clean virtualenv with pip to get the exact package versions that Inboxen uses in production. You can also use the pip-sync (which comes with pip-tools) to update an existing virtualenv as well as remove packages that are no longer required.

The same principal applies to requirements-dev.txt/requirements-dev.txt and any files found in extras/requirements.

If for any reason you wish to bypass pinning dependencies, requirements.in and requirements-dev.in are in the format expected by pip.

Committing and Branching

Branching

All development happens in branches off of main. Each branch should have an associated issue - if there isn't one for what you're working on then create a new issue first!

Branch names should be of the format <issue>-<description> where:

• <issue> is the issue you are working on
• <description> is a brief description of what's happening on that branch

For example, 129-pin-inboxes was the branch used for implementing the pin inbox feature

Finished branches are then merged into main. If there is someone available to review your branch, your branch should be reviewed and merged by them. Remember to add a note to CHANGELOG.md when merging!

Hotfix branches

Hotfixes should be branched from the latest deploy tag, and then be tagged themselves as a normal deployment before being merged back into main.

Commit messages

You should follow the pattern of "summary, gap, details, gap, issue references"

For example:

``` Blah blah thing

Fixes this thing, changes how we should do something else

fix #345 touch #234 ```

If you are committing on main, then make sure to end your commit message with "IN MAIN" so we know who to blame when stuff breaks.

Issues

User quota might not be working right when delete email is selected

opened on 2023-02-15 16:30:20 by moggers87

https://github.com/Inboxen/Inboxen/blob/914364c1369845626b03694ab9a7bf24ce0cdb9a/inboxen/tasks.py#L304-L310

I think this will only reduce to the number of present emails to be at the quota, not below. Also it doesn't account for important flagged emails that will not be deleted i.e. the logic here is too simple

Also the tests for this are perfunctory at best and need refactoring.

django-mptt is no longer maintained

opened on 2022-04-01 08:25:23 by moggers87

https://github.com/django-mptt/django-mptt#this-project-is-currently-unmaintained

Python 3.6 no longer supported

opened on 2022-01-18 00:30:29 by moggers87

Oops, somehow missed that one!

Support CID image sources

opened on 2021-11-20 13:17:59 by moggers87

Saw an email today with something like this:

<img src="CID:qrcode.png">

Apparently this refers to an email attachment, though none of the attachments were called qrcode.png.

Should be quit easye to transform the attachment into a data: URL and put that in the HTML, though it will be less easy to find the attachment unless there's a header the CID is specifically referring to that we can search for.

Clean up liberation data

opened on 2021-06-13 10:18:27 by moggers87

Fixes #107

Sentry?

opened on 2021-06-05 07:54:20 by moggers87

Currently Inboxen relies on logs and Django's "email the admins when something goes wrong" feature. This is fine, but often doesn't provide all the context we'd want to reproduce a bug. It can also lead to issues going unnoticed if no one is checking the logs.

Sentry is a monitoring service that collects error reports and presents them in a way that eases debugging/fixing. It's open source and you. There's a free tier and there's also the possibility of running our own instance.