wildcard updates

README.md

@@ -59,6 +59,8 @@ Each alias is defined by a KV entry where the key is the email alias and the val
 }
 ```
 
+> To allow all domains, you can use a wildcard (`"*"`) in the **allow.domains** field. However, wildcard matching is supported only for domains. Wildcards are **not supported** for the **allow.emails** field, and any deny statements do not support wildcards (using them would effectively disable the deny functionality).
+
 Note: Currently, only the `enabled`, `forward_to`, `allow`, and `deny` fields are implemented. Other features will be added in future updates.
 
 ## API Endpoints
@@ -95,7 +97,7 @@ npx wrangler deploy
 - **src/index.js:** Main entry point handling HTTP routes and email events
 - **src/schema.js:** Contains default configuration and helper utilities
 - **src/auth.js:** API key management and authentication
-- **src/routes/email.js:** Handles email routing logic
+- **src/email/main.js:** Handles email routing logic
 - **src/routes/api.js:** API endpoints for managing configurations
 - **wrangler.toml:** Configuration for Cloudflare Worker and KV namespaces
 

src/email/main.js

@@ -72,19 +72,38 @@ export async function handleEmail(message, env, ctx) {
     // Allow list: if defined, the sender must match an allowed domain or email.
     if (config.allow) {
         let allowed = false;
-        if (config.allow.domains && config.allow.domains.includes(senderDomain)) {
+
-            allowed = true;
+        // Check allowed domains.
-            log('debug', `Sender domain ${senderDomain} is allowed.`);
+        if (config.allow.domains) {
+            for (const allowedDomain of config.allow.domains) {
+                // If the allowed domain contains a wildcard.
+                if (allowedDomain.includes('*')) {
+                    // Convert wildcard to regex: escape non-wildcard parts then replace '*' with '.*'
+                    const regexStr = '^' + allowedDomain.split('*')
+                        .map(part => part.replace(/[-/\\^$+?.()|[\]{}]/g, '\\$&'))
+                        .join('.*') + '$';
+                    const regex = new RegExp(regexStr, 'i');
+                    if (regex.test(senderDomain)) {
+                        allowed = true;
+                        log('debug', `Sender domain ${senderDomain} is allowed by wildcard ${allowedDomain}.`);
+                        break;
+                    }
+                } else if (allowedDomain.toLowerCase() === senderDomain) {
+                    allowed = true;
+                    log('debug', `Sender domain ${senderDomain} is allowed.`);
+                    break;
+                }
+            }
         }
-        if (config.allow.emails && config.allow.emails.includes(sender)) {
+
+        // Check allowed emails if not already allowed.
+        if (!allowed && config.allow.emails && config.allow.emails.includes(sender)) {
             allowed = true;
             log('debug', `Sender email ${sender} is allowed.`);
         }
+
         if (!allowed) {
             log('warn', `Sender ${sender} is not allowed for ${message.to}`);
-            // if (config.logging && config.logging.log_sender_domain) {
-            //     log('warn', `Sender domain ${senderDomain} not allowed for ${message.to}`);
-            // }
             message.setReject("Sender not allowed");
             return;
         }

wrangler-example.toml

@@ -8,4 +8,7 @@ kv_namespaces = [
 ]
 
 [vars]
-WORKER_NAME = "email-router"
+WORKER_NAME = "email-router"
+
+[observability]
+enabled = true