Implement publish notification emails

Author: Turbo87

src/controllers/krate/publish.rs

@@ -2,7 +2,9 @@
 
 use crate::app::AppState;
 use crate::auth::AuthCheck;
-use crate::worker::jobs::{self, CheckTyposquat, UpdateDefaultVersion};
+use crate::worker::jobs::{
+    self, CheckTyposquat, SendPublishNotificationsJob, UpdateDefaultVersion,
+};
 use axum::body::Bytes;
 use axum::Json;
 use cargo_manifest::{Dependency, DepsSet, TargetDepsSet};
@@ -442,6 +444,8 @@ pub async fn publish(app: AppState, req: BytesRequest) -> AppResult<Json<GoodCra
 
             jobs::enqueue_sync_to_index(&krate.name, conn)?;
 
+            SendPublishNotificationsJob::new(version.id).enqueue(conn)?;
+
             // If this is a new version for an existing crate it is sufficient
             // to update the default version asynchronously in a background job.
             if inserted_default_versions == 0 {

src/tests/krate/publish/snapshots/all__krate__publish__basics__new_krate-4.snap

@@ -2,4 +2,16 @@
 source: src/tests/krate/publish/basics.rs
 expression: app.emails_snapshot()
 ---
+To: foo@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_new@1.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
 
+Hello foo!
+
+A new version of the package foo_new (1.0.0) was published by your account =
+(https://crates.io/users/foo) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.

src/tests/snapshots/all__owners__new_crate_owner-2.snap

@@ -2,6 +2,21 @@
 source: src/tests/owners.rs
 expression: app.emails_snapshot()
 ---
+To: foo@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_owner@1.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Hello foo!
+
+A new version of the package foo_owner (1.0.0) was published by your accoun=
+t (https://crates.io/users/foo) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.
+----------------------------------------
+
 To: Bar@example.com
 From: noreply@crates.io
 Subject: crates.io: Ownership invitation for "foo_owner"
@@ -14,3 +29,33 @@ Visit https://crates.io/accept-invite/[invite-token] to accept =
 this invitation,
 or go to https://crates.io/me/pending-invites to manage all of your crate o=
 wnership invitations.
+----------------------------------------
+
+To: foo@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_owner@2.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Hello foo!
+
+A new version of the package foo_owner (2.0.0) was published by Bar (https:=
+//crates.io/users/Bar) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.
+----------------------------------------
+
+To: Bar@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_owner@2.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Hello Bar!
+
+A new version of the package foo_owner (2.0.0) was published by your accoun=
+t (https://crates.io/users/Bar) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.

src/tests/snapshots/all__owners__new_crate_owner.snap

@@ -2,6 +2,21 @@
 source: src/tests/owners.rs
 expression: app.emails_snapshot()
 ---
+To: foo@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_owner@1.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+Hello foo!
+
+A new version of the package foo_owner (1.0.0) was published by your accoun=
+t (https://crates.io/users/foo) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.
+----------------------------------------
+
 To: Bar@example.com
 From: noreply@crates.io
 Subject: crates.io: Ownership invitation for "foo_owner"

src/tests/snapshots/all__team__publish_owned.snap

@@ -2,4 +2,16 @@
 source: src/tests/team.rs
 expression: app.emails_snapshot()
 ---
+To: user-all-teams@example.com
+From: noreply@crates.io
+Subject: crates.io: Successfully published foo_team_owned@2.0.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
 
+Hello user-all-teams!
+
+A new version of the package foo_team_owned (2.0.0) was published by user-o=
+ne-team (https://crates.io/users/user-one-team) at [0000-00-00T00:00:00Z].
+
+If you have questions or security concerns, you can contact us at help@crat=
+es.io.

src/worker/jobs/mod.rs

@@ -15,6 +15,7 @@ mod git;
 mod index_version_downloads_archive;
 mod readmes;
 pub mod rss;
+mod send_publish_notifications;
 mod sync_admins;
 mod typosquat;
 mod update_default_version;
@@ -29,6 +30,7 @@ pub use self::expiry_notification::SendTokenExpiryNotifications;
 pub use self::git::{NormalizeIndex, SquashIndex, SyncToGitIndex, SyncToSparseIndex};
 pub use self::index_version_downloads_archive::IndexVersionDownloadsArchive;
 pub use self::readmes::RenderAndUploadReadme;
+pub use self::send_publish_notifications::SendPublishNotificationsJob;
 pub use self::sync_admins::SyncAdmins;
 pub use self::typosquat::CheckTyposquat;
 pub use self::update_default_version::UpdateDefaultVersion;

src/worker/jobs/send_publish_notifications.rs

@@ -0,0 +1,162 @@
+use crate::email::Email;
+use crate::models::OwnerKind;
+use crate::schema::{crate_owners, crates, emails, users, versions};
+use crate::tasks::spawn_blocking;
+use crate::worker::Environment;
+use anyhow::anyhow;
+use chrono::{NaiveDateTime, SecondsFormat};
+use crates_io_worker::BackgroundJob;
+use diesel::prelude::*;
+use diesel_async::{AsyncPgConnection, RunQueryDsl};
+use std::sync::Arc;
+
+/// Background job that sends email notifications to all crate owners when a
+/// new crate version is published.
+#[derive(Serialize, Deserialize)]
+pub struct SendPublishNotificationsJob {
+    version_id: i32,
+}
+
+impl SendPublishNotificationsJob {
+    pub fn new(version_id: i32) -> Self {
+        Self { version_id }
+    }
+}
+
+impl BackgroundJob for SendPublishNotificationsJob {
+    const JOB_NAME: &'static str = "send_publish_notifications";
+
+    type Context = Arc<Environment>;
+
+    async fn run(&self, ctx: Self::Context) -> anyhow::Result<()> {
+        let mut conn = ctx.deadpool.get().await?;
+
+        // Get crate name, version and other publish details
+        let publish_details = PublishDetails::for_version(self.version_id, &mut conn).await?;
+
+        let publish_time = publish_details
+            .publish_time
+            .and_utc()
+            .to_rfc3339_opts(SecondsFormat::Secs, true);
+
+        // Find names and email addresses of all crate owners
+        let recipients = crate_owners::table
+            .filter(crate_owners::deleted.eq(false))
+            .filter(crate_owners::owner_kind.eq(OwnerKind::User))
+            .filter(crate_owners::crate_id.eq(publish_details.crate_id))
+            .inner_join(users::table)
+            .inner_join(emails::table.on(users::id.eq(emails::user_id)))
+            .filter(emails::verified.eq(true))
+            .select((users::gh_login, emails::email))
+            .load::<(String, String)>(&mut conn)
+            .await?;
+
+        // Sending emails is currently a blocking operation, so we have to use
+        // `spawn_blocking()` to run it in a separate thread.
+        spawn_blocking(move || {
+            let results = recipients
+                .into_iter()
+                .map(|(ref recipient, email_address)| {
+                    let krate = &publish_details.krate;
+                    let version = &publish_details.version;
+
+                    let publisher_info = match &publish_details.publisher {
+                        Some(publisher) if publisher == recipient => &format!(
+                            " by your account (https://{domain}/users/{publisher})",
+                            domain = ctx.config.domain_name
+                        ),
+                        Some(publisher) => &format!(
+                            " by {publisher} (https://{domain}/users/{publisher})",
+                            domain = ctx.config.domain_name
+                        ),
+                        None => "",
+                    };
+
+                    let email = PublishNotificationEmail {
+                        recipient,
+                        krate,
+                        version,
+                        publish_time: &publish_time,
+                        publisher_info,
+                    };
+
+                    ctx.emails.send(&email_address, email).inspect_err(|err| {
+                        warn!("Failed to send publish notification for {krate}@{version} to {email_address}: {err}")
+                    })
+                })
+                .collect::<Vec<_>>();
+
+            // Check if any of the emails succeeded to send, in which case we
+            // consider the job successful enough and not worth retrying.
+            match results.iter().any(|result| result.is_ok()) {
+                true => Ok(()),
+                false => Err(anyhow!("Failed to send publish notifications")),
+            }
+        })
+        .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(Debug, Queryable, Selectable)]
+struct PublishDetails {
+    #[diesel(select_expression = crates::columns::id)]
+    crate_id: i32,
+    #[diesel(select_expression = crates::columns::name)]
+    krate: String,
+    #[diesel(select_expression = versions::columns::num)]
+    version: String,
+    #[diesel(select_expression = versions::columns::created_at)]
+    publish_time: NaiveDateTime,
+    #[diesel(select_expression = users::columns::gh_login.nullable())]
+    publisher: Option<String>,
+}
+
+impl PublishDetails {
+    async fn for_version(version_id: i32, conn: &mut AsyncPgConnection) -> QueryResult<Self> {
+        versions::table
+            .find(version_id)
+            .inner_join(crates::table)
+            .left_join(users::table)
+            .select(PublishDetails::as_select())
+            .first(conn)
+            .await
+    }
+}
+
+/// Email template for notifying crate owners about a new crate version
+/// being published.
+#[derive(Debug, Clone)]
+struct PublishNotificationEmail<'a> {
+    recipient: &'a str,
+    krate: &'a str,
+    version: &'a str,
+    publish_time: &'a str,
+    publisher_info: &'a str,
+}
+
+impl Email for PublishNotificationEmail<'_> {
+    fn subject(&self) -> String {
+        let Self { krate, version, .. } = self;
+        format!("crates.io: Successfully published {krate}@{version}")
+    }
+
+    fn body(&self) -> String {
+        let Self {
+            recipient,
+            krate,
+            version,
+            publish_time,
+            publisher_info,
+        } = self;
+
+        format!(
+            "Hello {recipient}!
+
+A new version of the package {krate} ({version}) was published{publisher_info} at {publish_time}.
+
+If you have questions or security concerns, you can contact us at [email protected]."
+        )
+    }
+}

src/worker/mod.rs

@@ -36,6 +36,7 @@ impl RunnerExt for Runner<Arc<Environment>> {
             .register_job_type::<jobs::UpdateDownloads>()
             .register_job_type::<jobs::UpdateDefaultVersion>()
             .register_job_type::<jobs::SendTokenExpiryNotifications>()
+            .register_job_type::<jobs::SendPublishNotificationsJob>()
             .register_job_type::<jobs::rss::SyncCrateFeed>()
             .register_job_type::<jobs::rss::SyncCratesFeed>()
             .register_job_type::<jobs::rss::SyncUpdatesFeed>()