feat(mail): add ACKIFY_MAIL_INSECURE_SKIP_VERIFY option (#6)

* feat(mail): add option to skip TLS certificate verification

Add ACKIFY_MAIL_INSECURE_SKIP_VERIFY environment variable to allow
bypassing TLS certificate verification for self-signed certificates.

This is useful for development/testing environments with self-signed
SMTP certificates while maintaining secure defaults (false by default).

* docs: add ACKIFY_MAIL_INSECURE_SKIP_VERIFY documentation

.env.example

@@ -57,6 +57,7 @@ ACKIFY_OAUTH_PROVIDER=google
 # ACKIFY_MAIL_FROM_NAME=Ackify
 # ACKIFY_MAIL_TLS=true
 # ACKIFY_MAIL_STARTTLS=true
+# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
 
 # Security Configuration
 ACKIFY_OAUTH_COOKIE_SECRET=your_base64_encoded_secret_key

backend/internal/infrastructure/config/config.go

@@ -62,18 +62,19 @@ type LoggerConfig struct {
 }
 
 type MailConfig struct {
-	Host          string
-	Port          int
-	Username      string
-	Password      string
-	TLS           bool
-	StartTLS      bool
-	Timeout       string
-	From          string
-	FromName      string
-	SubjectPrefix string
-	TemplateDir   string
-	DefaultLocale string
+	Host               string
+	Port               int
+	Username           string
+	Password           string
+	TLS                bool
+	StartTLS           bool
+	InsecureSkipVerify bool
+	Timeout            string
+	From               string
+	FromName           string
+	SubjectPrefix      string
+	TemplateDir        string
+	DefaultLocale      string
 }
 
 type ChecksumConfig struct {
@@ -181,6 +182,7 @@ func Load() (*Config, error) {
 		config.Mail.Password = getEnv("ACKIFY_MAIL_PASSWORD", "")
 		config.Mail.TLS = getEnvBool("ACKIFY_MAIL_TLS", true)
 		config.Mail.StartTLS = getEnvBool("ACKIFY_MAIL_STARTTLS", true)
+		config.Mail.InsecureSkipVerify = getEnvBool("ACKIFY_MAIL_INSECURE_SKIP_VERIFY", false)
 		config.Mail.Timeout = getEnv("ACKIFY_MAIL_TIMEOUT", "10s")
 		config.Mail.From = getEnv("ACKIFY_MAIL_FROM", "")
 		config.Mail.FromName = getEnv("ACKIFY_MAIL_FROM_NAME", config.App.Organisation)

backend/internal/infrastructure/email/sender.go

@@ -96,9 +96,16 @@ func (s *SMTPSender) Send(ctx context.Context, msg Message) error {
 	if s.config.TLS {
 		// Implicit TLS/SSL (typically port 465)
 		d.SSL = true
+		d.TLSConfig = &tls.Config{
+			ServerName:         s.config.Host,
+			InsecureSkipVerify: s.config.InsecureSkipVerify,
+		}
 	} else if s.config.StartTLS {
 		// Explicit TLS via STARTTLS (typically port 587)
-		d.TLSConfig = &tls.Config{ServerName: s.config.Host}
+		d.TLSConfig = &tls.Config{
+			ServerName:         s.config.Host,
+			InsecureSkipVerify: s.config.InsecureSkipVerify,
+		}
 		d.StartTLSPolicy = mail.MandatoryStartTLS
 	}
 

docs/en/configuration/email-setup.md

@@ -45,6 +45,11 @@ ACKIFY_MAIL_TLS=true
 # Enable STARTTLS (default: true)
 ACKIFY_MAIL_STARTTLS=true
 
+# Disable TLS certificate verification (default: false)
+# Useful for self-signed certificates in development/testing
+# /!\ DO NOT USE IN PRODUCTION
+ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
+
 # Connection timeout (default: 10s)
 ACKIFY_MAIL_TIMEOUT=10s
 
@@ -120,6 +125,8 @@ ACKIFY_MAIL_PASSWORD=secure_password
 ACKIFY_MAIL_FROM=ackify@company.com
 ACKIFY_MAIL_TLS=true
 ACKIFY_MAIL_STARTTLS=true
+# For self-signed certificates only (/!\ not in production)
+# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
 ```
 
 ## Email Templates
@@ -290,6 +297,16 @@ Verify:
 - Your server allows outgoing connections on the SMTP port
 - `ACKIFY_MAIL_TLS=true` if the server requires TLS
 
+### Error "tls: failed to verify certificate: x509: certificate signed by unknown authority"
+
+This error occurs with self-signed certificates. **For development/testing environments only**:
+
+```bash
+ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
+```
+
+/!\ **Warning**: This option disables TLS certificate verification. NEVER use in production!
+
 ### Error "Authentication failed"
 
 Verify:

docs/fr/configuration/email-setup.md

@@ -45,6 +45,11 @@ ACKIFY_MAIL_TLS=true
 # Activer STARTTLS (défaut: true)
 ACKIFY_MAIL_STARTTLS=true
 
+# Désactiver la vérification des certificats TLS (défaut: false)
+# Utile pour les certificats auto-signés en développement/test
+# /!\ NE PAS UTILISER EN PRODUCTION
+ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
+
 # Timeout de connexion (défaut: 10s)
 ACKIFY_MAIL_TIMEOUT=10s
 
@@ -120,6 +125,8 @@ ACKIFY_MAIL_PASSWORD=secure_password
 ACKIFY_MAIL_FROM=ackify@company.com
 ACKIFY_MAIL_TLS=true
 ACKIFY_MAIL_STARTTLS=true
+# Pour certificats auto-signés uniquement (/!\ pas en production)
+# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
 ```
 
 ## Templates Email
@@ -290,6 +297,16 @@ Vérifier :
 - Votre serveur autorise les connexions sortantes sur le port SMTP
 - `ACKIFY_MAIL_TLS=true` si le serveur requiert TLS
 
+### Erreur "tls: failed to verify certificate: x509: certificate signed by unknown authority"
+
+Cette erreur se produit avec des certificats auto-signés. **Pour les environnements de développement/test uniquement** :
+
+```bash
+ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
+```
+
+/!\ **Attention** : Cette option désactive la vérification des certificats TLS. Ne JAMAIS l'utiliser en production !
+
 ### Erreur "Authentication failed"
 
 Vérifier :

install/.env.example

@@ -84,6 +84,7 @@ ACKIFY_OAUTH_CLIENT_SECRET=your_oauth_client_secret
 # SMTP Security Settings
 # ACKIFY_MAIL_TLS=true
 # ACKIFY_MAIL_STARTTLS=true
+# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
 # ACKIFY_MAIL_TIMEOUT=10s
 
 # Email Template Configuration