Replace AWS SES with SMTP email provider

[hdagudelo]

Summary

This PR replaces AWS SES email implementation with SMTP-based email delivery using Nodemailer.

Changes

• Removed AWS SES dependency (@aws-sdk/client-ses)
• Replaced SESClient with Nodemailer transporter
• Added SMTP configuration via environment variables
• Added ENABLE_EMAIL toggle to safely disable email in production/testing
• Improved environment variable handling for SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS

Environment variables

SMTP_HOST=smtp.server.com
SMTP_PORT=587
SMTP_USER=your_user
SMTP_PASS=your_password
FROM_EMAIL=noreply@domain.com
ENABLE_EMAIL=true

Testing

• Verified email sending via SMTP
• Ensured backward compatibility with existing API flows
• Disabled AWS SES completely

Notes

This improves portability and removes dependency on AWS SES.

Deployment Notes

This backend is TypeScript-based and requires compilation after deployment changes.

Required production steps:

1. Install dependencies:
   npm install

2. Build application:
   npm run build

3. Restart backend service:
   docker restart worklenz-backend
   OR systemctl restart worklenz-backend

Important:

• Changes in src/shared/email.ts only take effect after build.
• This PR does NOT include compiled output.
• CI/CD or production must run build step.

Summary by CodeRabbit

• Chores
  • Enhanced email delivery infrastructure with improved operational flexibility and increased stability. All email functionality continues to operate normally without disruption. System administrators have access to improved configuration options for email setup. The change maintains full backward compatibility and requires no action from users.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The file worklenz-backend/src/shared/email.ts replaces the AWS SES transport with a Nodemailer SMTP transporter configured via SMTP_HOST, SMTP_PORT, SMTP_USER, and SMTP_PASS environment variables. An ENABLE_EMAIL environment gate is added to short-circuit sending. The success return value changes from the SES MessageId to the constant string "SMTP_OK". Public signatures remain unchanged.

Changes

SMTP Transport Migration

Layer / File(s)	Summary
SMTP transporter setup, email gate, and sendMail call worklenz-backend/src/shared/email.ts	Removes @aws-sdk/client-ses imports and SESClient initialization; creates a Nodemailer SMTP transporter from SMTP_HOST/SMTP_PORT/SMTP_USER/SMTP_PASS. Adds an early-return null guard when ENABLE_EMAIL !== "true". Replaces sesClient.send(SendEmailCommand) with transporter.sendMail() using from, comma-joined to, subject, and html; returns "SMTP_OK" on success instead of the SES MessageId.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hopped away from SES one day,
Found an SMTP trail along the way.
ENABLE_EMAIL guards the burrow tight,
transporter.sendMail() sends with delight,
"SMTP_OK" — the warren's all right! ✉️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the main change: replacing AWS SES email service with SMTP-based email provider via Nodemailer.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

worklenz-backend/src/shared/email.ts (1)

86-86: ⚡ Quick win

Remove unused charset variable.

This variable was used by the AWS SES implementation but is no longer referenced after the migration to Nodemailer.

♻️ Proposed fix

-    const charset = "UTF-8";
-
     await transporter.sendMail({

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@worklenz-backend/src/shared/email.ts` at line 86, The `charset` variable is
no longer used after the migration from AWS SES to Nodemailer. Remove the unused
variable declaration `const charset = "UTF-8";` from the email.ts file since no
code references it anymore.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@worklenz-backend/src/shared/email.ts`:
- Around line 8-16: The nodemailer transporter configuration in the email.ts
file has `secure: false` hardcoded, which only works correctly for port 587
(STARTTLS) but fails for port 465 (SMTPS) which requires `secure: true`. Make
the `secure` property dynamic by checking the SMTP_PORT value: if the port is
465, set `secure: true`; otherwise set it to `false`. This ensures the
transporter configuration works correctly regardless of which SMTP port is
configured.

---

Nitpick comments:
In `@worklenz-backend/src/shared/email.ts`:
- Line 86: The `charset` variable is no longer used after the migration from AWS
SES to Nodemailer. Remove the unused variable declaration `const charset =
"UTF-8";` from the email.ts file since no code references it anymore.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 36634285-a7c5-4f4c-9f29-c1e5b9ced9d1

📥 Commits

Reviewing files that changed from the base of the PR and between c4c3268 and 354a061.

📒 Files selected for processing (1)

• worklenz-backend/src/shared/email.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Hardcoded secure: false may break port 465 (SMTPS) configurations.

Port 587 uses STARTTLS (where secure: false is correct), but port 465 requires secure: true for implicit TLS. Users configuring SMTP_PORT=465 will experience connection failures.

🔧 Proposed fix to auto-detect secure mode

 const transporter = nodemailer.createTransport({
   host: process.env.SMTP_HOST,
   port: Number(process.env.SMTP_PORT || 587),
-  secure: false,
+  secure: Number(process.env.SMTP_PORT || 587) === 465,
   auth: {
     user: process.env.SMTP_USER,
     pass: process.env.SMTP_PASS,
   },
 });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const transporter = nodemailer.createTransport({
	host: process.env.SMTP_HOST,
	port: Number(process.env.SMTP_PORT || 587),
	secure: false,
	auth: {
	user: process.env.SMTP_USER,
	pass: process.env.SMTP_PASS,
	},
	});
	const transporter = nodemailer.createTransport({
	host: process.env.SMTP_HOST,
	port: Number(process.env.SMTP_PORT || 587),
	secure: Number(process.env.SMTP_PORT || 587) === 465,
	auth: {
	user: process.env.SMTP_USER,
	pass: process.env.SMTP_PASS,
	},
	});

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@worklenz-backend/src/shared/email.ts` around lines 8 - 16, The nodemailer
transporter configuration in the email.ts file has `secure: false` hardcoded,
which only works correctly for port 587 (STARTTLS) but fails for port 465
(SMTPS) which requires `secure: true`. Make the `secure` property dynamic by
checking the SMTP_PORT value: if the port is 465, set `secure: true`; otherwise
set it to `false`. This ensures the transporter configuration works correctly
regardless of which SMTP port is configured.