Docs›Welcome

Welcome to Secure Mail-Share

Rule-based Gmail sharing without exposing tokens. Connect Gmail accounts, grant scoped access by Discord ID, and let viewers read only the messages your rules allow — never the raw mailbox.

Features

Discord auth, multi-account Gmail binding, encrypted tokens, and rule-based viewing.

Security model

Refresh tokens are AES-256-GCM encrypted server-side. Browsers never touch raw Gmail payloads.

API surface

REST endpoints for Gmail accounts, access rules, and the viewer feed.

Access rules

Allowed senders, keyword filters, and per-Gmail-connection scoping.

Security model

What stays on the server, and what the browser is allowed to see.

Token encryption

Refresh tokens stored only as AES-256-GCM ciphertext with per-row IV + auth tag.

Server-side filtering

Gmail `q` filters run first; a second pass sanitizes every payload before it leaves the server.

Scoped sharing

Each rule targets one Gmail connection and one Viewer Discord ID. Empty allow rules return nothing.

API surface

Server-only endpoints. Tokens never leave the host.

POST/api/gmail/connectStart Google OAuth

GET/api/gmail/accountsList linked Gmail accounts

DELETE/api/gmail/accounts/:idUnlink and revoke related rules

GET/api/rulesList Owner rules

POST/api/rulesCreate an access rule

PATCH/api/rules/:idUpdate status / rules

GET/api/view/sharesList shares for the signed-in Viewer

GET/api/view/emailsRead sanitized emails for an active rule

Access rules

Owners create rules from the dashboard. Each rule binds one Gmail connection to one Viewer Discord ID, with allowed senders / domains and keyword filters.