gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

feat: add email verification system

Browse source 
Co-Authored-By: JustTemmie <git@beaver.mom>
This commit is contained in:
Radical 2025-05-27 21:57:08 +02:00
parent 862e2d6709
commit 83f031779f
14 changed files with 265 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/api/v1/auth/mod.rs
View file

@ -16,6 +16,7 @@ mod login;
mod refresh;
mod register;
mod revoke;
mod verify_email;
#[derive(Serialize)]
struct Response {
@ -37,6 +38,8 @@ pub fn web() -> Scope {
.service(login::response)
.service(refresh::res)
.service(revoke::res)
.service(verify_email::get)
.service(verify_email::post)
}
pub async fn check_access_token(access_token: &str, conn: &mut Conn) -> Result<Uuid, Error> {

103
src/api/v1/auth/verify_email.rs Normal file
View file

@ -0,0 +1,103 @@
//! `/api/v1/auth/verify-email` Endpoints for verifying user emails
use actix_web::{HttpRequest, HttpResponse, get, post, web};
use chrono::{Duration, Utc};
use serde::Deserialize;
use crate::{
api::v1::auth::check_access_token, error::Error, structs::{EmailToken, Me}, utils::get_auth_header, Data
};
#[derive(Deserialize)]
struct Query {
token: String,
}
/// `GET /api/v1/auth/verify-email` Verifies user email address
///
/// requires auth? yes
///
/// ### Query Parameters
/// token
///
/// ### Responses
/// 200 Success
/// 410 Token Expired
/// 404 Not Found
/// 401 Unauthorized
///
#[get("/verify-email")]
pub async fn get(
req: HttpRequest,
query: web::Query<Query>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let auth_header = get_auth_header(headers)?;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
let me = Me::get(&mut conn, uuid).await?;
let email_token = EmailToken::get(&mut conn, me.uuid).await?;
if query.token != email_token.token {
return Ok(HttpResponse::Unauthorized().finish());
}
if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(24) {
email_token.delete(&mut conn).await?;
return Ok(HttpResponse::Gone().finish());
}
me.verify_email(&mut conn).await?;
email_token.delete(&mut conn).await?;
Ok(HttpResponse::Ok().finish())
}
/// `POST /api/v1/auth/verify-email` Sends user verification email
///
/// requires auth? yes
///
/// ### Responses
/// 200 Email sent
/// 204 Already verified
/// 429 Too Many Requests
/// 401 Unauthorized
///
#[post("/verify-email")]
pub async fn post(
req: HttpRequest,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let auth_header = get_auth_header(headers)?;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
let me = Me::get(&mut conn, uuid).await?;
if me.email_verified {
return Ok(HttpResponse::NoContent().finish())
}
if let Ok(email_token) = EmailToken::get(&mut conn, me.uuid).await {
if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(1) {
email_token.delete(&mut conn).await?;
} else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string()))
}
}
EmailToken::new(&data, me).await?;
Ok(HttpResponse::Ok().finish())
}

24
src/config.rs
View file

@ -10,7 +10,7 @@ use url::Url;
pub struct ConfigBuilder {
database: Database,
cache_database: CacheDatabase,
web: Option<WebBuilder>,
web: WebBuilder,
instance: Option<Instance>,
bunny: BunnyBuilder,
mail: Mail,
@ -36,8 +36,9 @@ pub struct CacheDatabase {
#[derive(Debug, Deserialize)]
struct WebBuilder {
url: Option<String>,
ip: Option<String>,
port: Option<u16>,
url: Url,
_ssl: Option<bool>,
}
@ -57,7 +58,7 @@ struct BunnyBuilder {
#[derive(Debug, Deserialize, Clone)]
pub struct Mail {
pub smtp: Smtp,
pub from: String,
pub address: String,
pub tls: String,
}
@ -79,16 +80,10 @@ impl ConfigBuilder {
}
pub fn build(self) -> Config {
let web = if let Some(web) = self.web {
Web {
url: web.url.unwrap_or(String::from("0.0.0.0")),
port: web.port.unwrap_or(8080),
}
} else {
Web {
url: String::from("0.0.0.0"),
port: 8080,
}
let web = Web {
ip: self.web.ip.unwrap_or(String::from("0.0.0.0")),
port: self.web.port.unwrap_or(8080),
url: self.web.url,
};
let endpoint = match &*self.bunny.endpoint {
@ -134,8 +129,9 @@ pub struct Config {
#[derive(Debug, Clone)]
pub struct Web {
pub url: String,
pub ip: String,
pub port: u16,
pub url: Url,
}
#[derive(Debug, Clone)]

8
src/error.rs
View file

@ -19,7 +19,7 @@ use serde_json::Error as JsonError;
use thiserror::Error;
use tokio::task::JoinError;
use toml::de::Error as TomlError;
use lettre::{address::AddressError, transport::smtp::Error as SmtpError};
use lettre::{error::Error as EmailError, address::AddressError, transport::smtp::Error as SmtpError};
#[derive(Debug, Error)]
pub enum Error {
@ -56,6 +56,8 @@ pub enum Error {
#[error(transparent)]
WsClosed(#[from] actix_ws::Closed),
#[error(transparent)]
EmailError(#[from] EmailError),
#[error(transparent)]
SmtpError(#[from] SmtpError),
#[error(transparent)]
SmtpAddressError(#[from] AddressError),
@ -68,6 +70,8 @@ pub enum Error {
#[error("{0}")]
Forbidden(String),
#[error("{0}")]
TooManyRequests(String),
#[error("{0}")]
InternalServerError(String),
}
@ -87,6 +91,8 @@ impl ResponseError for Error {
Error::BunnyError(BunnyError::NotFound(_)) => StatusCode::NOT_FOUND,
Error::BadRequest(_) => StatusCode::BAD_REQUEST,
Error::Unauthorized(_) => StatusCode::UNAUTHORIZED,
Error::Forbidden(_) => StatusCode::FORBIDDEN,
Error::TooManyRequests(_) => StatusCode::TOO_MANY_REQUESTS,
_ => StatusCode::INTERNAL_SERVER_ERROR,
}
}

4
src/main.rs
View file

@ -76,7 +76,7 @@ async fn main() -> Result<(), Error> {
let mail = config.mail.clone();
let mail_client = MailClient::new(mail.smtp.credentials(), mail.smtp.server, mail.from, mail.tls)?;
let mail_client = MailClient::new(mail.smtp.credentials(), mail.smtp.server, mail.address, mail.tls)?;
let database_url = config.database.url();
@ -152,7 +152,7 @@ async fn main() -> Result<(), Error> {
.wrap(cors)
.service(api::web())
})
.bind((web.url, web.port))?
.bind((web.ip, web.port))?
.run()
.await?;

11
src/schema.rs
View file

@ -31,6 +31,15 @@ diesel::table! {
}
}
diesel::table! {
email_tokens (token, user_uuid) {
#[max_length = 64]
token -> Varchar,
user_uuid -> Uuid,
created_at -> Timestamptz,
}
}
diesel::table! {
guild_members (uuid) {
uuid -> Uuid,
@ -133,6 +142,7 @@ diesel::joinable!(access_tokens -> refresh_tokens (refresh_token));
diesel::joinable!(access_tokens -> users (uuid));
diesel::joinable!(channel_permissions -> channels (channel_uuid));
diesel::joinable!(channels -> guilds (guild_uuid));
diesel::joinable!(email_tokens -> users (user_uuid));
diesel::joinable!(guild_members -> guilds (guild_uuid));
diesel::joinable!(guild_members -> users (user_uuid));
diesel::joinable!(guilds -> users (owner_uuid));
@ -149,6 +159,7 @@ diesel::allow_tables_to_appear_in_same_query!(
access_tokens,
channel_permissions,
channels,
email_tokens,
guild_members,
guilds,
instance_permissions,

95
src/structs.rs
View file

@ -1,11 +1,10 @@
use actix_web::web::BytesMut;
use chrono::Utc;
use diesel::{
ExpressionMethods, QueryDsl, Selectable, SelectableHelper, delete, insert_into,
prelude::{Insertable, Queryable},
update,
delete, dsl::now, insert_into, prelude::{Insertable, Queryable}, update, ExpressionMethods, QueryDsl, Selectable, SelectableHelper
};
use diesel_async::{RunQueryDsl, pooled_connection::AsyncDieselConnectionManager};
use lettre::{message::{Mailbox, MessageBuilder as EmailBuilder}, transport::smtp::authentication::Credentials, AsyncSmtpTransport, AsyncTransport, Message as Email, Tokio1Executor};
use lettre::{message::{Mailbox, MessageBuilder as EmailBuilder, MultiPart}, transport::smtp::authentication::Credentials, AsyncSmtpTransport, AsyncTransport, Message as Email, Tokio1Executor};
use log::debug;
use serde::{Deserialize, Serialize};
use tokio::task;
@ -13,10 +12,7 @@ use url::Url;
use uuid::Uuid;
use crate::{
Conn, Data,
error::Error,
schema::*,
utils::{image_check, order_by_is_above},
error::Error, schema::*, utils::{generate_refresh_token, image_check, order_by_is_above}, Conn, Data
};
pub trait HasUuid {
@ -70,7 +66,7 @@ impl MailClient {
})
}
pub async fn message_builder(&self) -> EmailBuilder {
pub fn message_builder(&self) -> EmailBuilder {
Email::builder()
.from(self.mbox.clone())
}
@ -780,12 +776,12 @@ impl User {
#[diesel(table_name = users)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct Me {
uuid: Uuid,
pub uuid: Uuid,
username: String,
display_name: Option<String>,
avatar: Option<String>,
email: String,
email_verified: bool,
pub email_verified: bool,
}
impl Me {
@ -849,6 +845,17 @@ impl Me {
Ok(())
}
pub async fn verify_email(&self, conn: &mut Conn) -> Result<(), Error> {
use users::dsl;
update(users::table)
.filter(dsl::uuid.eq(self.uuid))
.set(dsl::email_verified.eq(true))
.execute(conn)
.await?;
Ok(())
}
}
#[derive(Deserialize)]
@ -856,3 +863,69 @@ pub struct StartAmountQuery {
pub start: Option<i64>,
pub amount: Option<i64>,
}
#[derive(Selectable, Queryable)]
#[diesel(table_name = email_tokens)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct EmailToken {
user_uuid: Uuid,
pub token: String,
pub created_at: chrono::DateTime<Utc>,
}
impl EmailToken {
pub async fn get(conn: &mut Conn, user_uuid: Uuid) -> Result<EmailToken, Error> {
use email_tokens::dsl;
let email_token = dsl::email_tokens
.filter(dsl::user_uuid.eq(user_uuid))
.select(EmailToken::as_select())
.get_result(conn)
.await?;
Ok(email_token)
}
pub async fn new(data: &Data, me: Me) -> Result<(), Error> {
let token = generate_refresh_token()?;
let mut conn = data.pool.get().await?;
use email_tokens::dsl;
insert_into(email_tokens::table)
.values((dsl::user_uuid.eq(me.uuid), dsl::token.eq(&token), dsl::created_at.eq(now)))
.execute(&mut conn)
.await?;
let mut verify_endpoint = data.config.web.url.join("verify-email")?;
verify_endpoint.set_query(Some(&format!("token={}", token)));
let email = data
.mail_client
.message_builder()
.to(me.email.parse()?)
.subject("Gorb E-mail Verification")
.multipart(MultiPart::alternative_plain_html(
format!("Verify your gorb.app account\n\nHello, {}!\nThanks for creating a new account on Gorb.\nThe final step to create your account is to verify your email address by visiting the page, within 24 hours.\n\n{}\n\nIf you didn't ask to verify this address, you can safely ignore this email\n\nThanks, The gorb team.", me.username, verify_endpoint),
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root{{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark){{:root{{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px){{.container{{width: 100%;}}}}body{{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header{{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button{{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover{{background-color: var(--secondary-colour);}}.content{{padding: 20px 30px;}}.footer{{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>Verify your {} Account</h1></div><div class="content"><h2>Hello, {}!</h2><p>Thanks for creating a new account on Gorb.</p><p>The final step to create your account is to verify your email address by clicking the button below, within 24 hours.</p><a href="{}" class="verify-button">VERIFY ACCOUNT</a><p>If you didn't ask to verify this address, you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.web.url.domain().unwrap(), me.username, verify_endpoint)
))?;
data
.mail_client
.send_mail(email)
.await?;
Ok(())
}
pub async fn delete(&self, conn: &mut Conn) -> Result<(), Error> {
use email_tokens::dsl;
delete(email_tokens::table)
.filter(dsl::user_uuid.eq(self.user_uuid))
.filter(dsl::token.eq(&self.token))
.execute(conn)
.await?;
Ok(())
}
}