Extract emails into separate package with clean interface

- Create packages/emails/ with EmailClient interface abstraction
- Wrap Postmark ServerClient in adapter for clean typing
- Add createLoggingEmailClient for dev mode (logs to console)
- Split email templates into individual files with full test coverage
- Update api-server to use new package via context injection
- Remove EMAIL_DEV_MODE - now uses POSTMARK_API_KEY presence
- Delete apps/api-server/src/utils/email.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/constants.ts

@@ -36,10 +36,7 @@ export const EMAIL_FROM = Bun.env.EMAIL_FROM ?? "noreply@reviq.io";
 /** Base URL for generating email links */
 export const BASE_URL = Bun.env.BASE_URL ?? "http://localhost:6827";
 
-/** Dev mode: log emails instead of sending (default: true) */
-export const EMAIL_DEV_MODE = Bun.env.EMAIL_DEV_MODE !== "false";
-
-/** Postmark API key (required when EMAIL_DEV_MODE is false) */
+/** Postmark API key (optional - uses logging client if not set) */
 export const POSTMARK_API_KEY = Bun.env.POSTMARK_API_KEY;
 
 // ===== Token Expiration Times =====

apps/api-server/src/context.ts

@@ -3,8 +3,18 @@
  */
 
 import type { Database } from "@reviq/db-schema";
+import type { EmailClient } from "@reviq/emails";
 import type { Kysely } from "kysely";
 
+/**
+ * Email configuration for the API
+ */
+export interface EmailConfig {
+  client: EmailClient;
+  fromAddress: string;
+  baseUrl: string;
+}
+
 /**
  * Base API context available to all handlers
  */
@@ -23,6 +33,8 @@ export interface APIContext {
   resHeaders: Headers;
   /** Client IP address from direct connection (fallback when no proxy headers) */
   clientIP?: string | null;
+  /** Email client and configuration */
+  email: EmailConfig;
 }
 
 /**

apps/api-server/src/index.ts

@@ -2,10 +2,17 @@ import type { APIContext } from "./context.js";
 import { LoggingHandlerPlugin } from "@orpc/experimental-pino";
 import { RPCHandler } from "@orpc/server/fetch";
 import { createDb } from "@reviq/db";
+import {
+  createLoggingEmailClient,
+  createPostmarkClient,
+} from "@reviq/emails";
 import pino from "pino";
 import {
+  BASE_URL,
   DEFAULT_PORT,
   DEFAULT_RP_NAME,
+  EMAIL_FROM,
+  POSTMARK_API_KEY,
   getAllowedOrigins,
 } from "./constants.js";
 import { router } from "./router.js";
@@ -24,6 +31,16 @@ if (!databaseUrl) {
   throw new Error("DATABASE_URL environment variable is required");
 }
 const db = createDb(databaseUrl);
+
+// Create email client - use Postmark if API key is set, otherwise log to console
+const emailClient = POSTMARK_API_KEY
+  ? createPostmarkClient(POSTMARK_API_KEY)
+  : createLoggingEmailClient();
+
+if (!POSTMARK_API_KEY) {
+  logger.info("POSTMARK_API_KEY not set - emails will be logged to console");
+}
+
 const handler = new RPCHandler(router, {
   plugins: [
     new LoggingHandlerPlugin({
@@ -62,6 +79,11 @@ Bun.serve({
         reqHeaders: request.headers,
         resHeaders,
         clientIP,
+        email: {
+          client: emailClient,
+          fromAddress: EMAIL_FROM,
+          baseUrl: BASE_URL,
+        },
       };
 
       const { response } = await handler.handle(request, {

apps/api-server/src/procedures/auth/forgot-password.ts

@@ -6,12 +6,12 @@
  * This prevents attackers from determining which emails are registered
  */
 
+import { sendPasswordResetEmail } from "@reviq/emails";
 import { TOKEN_DURATIONS } from "../../utils/cookies.js";
 import {
   generateExpiry,
   generateSecureBase58Token,
 } from "../../utils/crypto.js";
-import { sendPasswordResetEmail } from "../../utils/email.js";
 import { os } from "../base.js";
 
 export const forgotPassword = os.auth.forgotPassword.handler(
@@ -51,8 +51,15 @@ export const forgotPassword = os.auth.forgotPassword.handler(
         })
         .execute();
 
-      // Send password reset email (stubbed)
-      await sendPasswordResetEmail(user.email, token);
+      // Send password reset email
+      await sendPasswordResetEmail({
+        client: context.email.client,
+        fromAddress: context.email.fromAddress,
+        baseUrl: context.email.baseUrl,
+        email: user.email,
+        token,
+        expiryHours: 1,
+      });
     }
 
     // Always return success (anti-enumeration)

apps/api-server/src/procedures/auth/login-password.ts

@@ -4,8 +4,8 @@
  */
 
 import { ORPCError } from "@orpc/server";
+import { sendLoginConfirmationEmail } from "@reviq/emails";
 import { COOKIE_NAMES, getCookie } from "../../utils/cookies.js";
-import { sendLoginConfirmationEmail } from "../../utils/email.js";
 import { verifyPassword } from "../../utils/password.js";
 import { isDeviceTrusted } from "../../utils/session.js";
 import { os } from "../base.js";
@@ -108,7 +108,14 @@ export const loginPassword = os.auth.loginPassword.handler(
     } else {
       // Device is untrusted - send confirmation email with existing token
       // The same base58 token is used for both cookie lookup and email confirmation
-      await sendLoginConfirmationEmail(result.email, result.token);
+      await sendLoginConfirmationEmail({
+        client: context.email.client,
+        fromAddress: context.email.fromAddress,
+        baseUrl: context.email.baseUrl,
+        email: result.email,
+        token: result.token,
+        expiryMinutes: 15,
+      });
     }
 
     return { success: true };

apps/api-server/src/procedures/auth/resend-verification.ts

@@ -10,12 +10,12 @@
  * 5. Send verification email (stubbed)
  */
 
+import { sendVerificationEmail } from "@reviq/emails";
 import { TOKEN_DURATIONS } from "../../utils/cookies.js";
 import {
   generateExpiry,
   generateSecureBase58Token,
 } from "../../utils/crypto.js";
-import { sendVerificationEmail } from "../../utils/email.js";
 import { authMiddleware, os } from "../base.js";
 
 export const resendVerificationEmail = os.auth.resendVerificationEmail
@@ -47,8 +47,15 @@ export const resendVerificationEmail = os.auth.resendVerificationEmail
       })
       .execute();
 
-    // Send verification email (stubbed)
-    await sendVerificationEmail(context.user.email, token);
+    // Send verification email
+    await sendVerificationEmail({
+      client: context.email.client,
+      fromAddress: context.email.fromAddress,
+      baseUrl: context.email.baseUrl,
+      email: context.user.email,
+      token,
+      expiryHours: 24,
+    });
 
     return { success: true };
   });

apps/api-server/src/procedures/auth/signup.ts

@@ -10,6 +10,7 @@ import type {
 import type { Kysely } from "kysely";
 import type { RPInfo } from "../../utils/webauthn.js";
 import { ORPCError } from "@orpc/server";
+import { sendVerificationEmail } from "@reviq/emails";
 import { verifyRegistrationResponse } from "@simplewebauthn/server";
 import {
   COOKIE_NAMES,
@@ -21,7 +22,6 @@ import {
   generateExpiry,
   generateSecureBase58Token,
 } from "../../utils/crypto.js";
-import { sendVerificationEmail } from "../../utils/email.js";
 import { getGeoInfo, getUserAgent } from "../../utils/geo.js";
 import { hashPassword, validatePassword } from "../../utils/password.js";
 import { createSession } from "../../utils/session.js";
@@ -300,8 +300,15 @@ export const signup = os.auth.signup.handler(async ({ input, context }) => {
     })
     .execute();
 
-  // Send verification email (stubbed)
-  await sendVerificationEmail(email, verificationToken);
+  // Send verification email
+  await sendVerificationEmail({
+    client: context.email.client,
+    fromAddress: context.email.fromAddress,
+    baseUrl: context.email.baseUrl,
+    email,
+    token: verificationToken,
+    expiryHours: 24,
+  });
 
   return { success: true };
 });

apps/api-server/src/procedures/orgs/invites.ts

@@ -3,12 +3,12 @@
  */
 
 import { ORPCError } from "@orpc/server";
+import { sendOrgInviteEmail } from "@reviq/emails";
 import { ORG_INVITE_EXPIRY_DAYS } from "../../constants.js";
 import {
   generateExpiry,
   generateSecureBase58Token,
 } from "../../utils/crypto.js";
-import { sendOrgInviteEmail } from "../../utils/email.js";
 import { authMiddleware, os } from "../base.js";
 import { getMembership, lookupOrgBySlug, requireRole } from "./helpers.js";
 
@@ -122,7 +122,17 @@ export const invitesCreate = os.orgs.invites.create
 
     // Send invitation email
     const inviterName = context.user.displayName ?? context.user.email;
-    await sendOrgInviteEmail(email, token, org.displayName, inviterName, role);
+    await sendOrgInviteEmail({
+      client: context.email.client,
+      fromAddress: context.email.fromAddress,
+      baseUrl: context.email.baseUrl,
+      email,
+      token,
+      orgName: org.displayName,
+      inviterName,
+      role,
+      expiryDays: ORG_INVITE_EXPIRY_DAYS,
+    });
 
     return { success: true };
   });

apps/api-server/src/utils/email.ts

@@ -1,419 +0,0 @@
-/**
- * Email sending utilities using Postmark
- * Implements Workstream G: Email Service (Backend)
- */
-
-import type { OrgRole } from "@reviq/db-schema";
-import { DurationFormat } from "@formatjs/intl-durationformat";
-import { ServerClient } from "postmark";
-import {
-  BASE_URL,
-  EMAIL_DEV_MODE,
-  EMAIL_FROM,
-  EMAIL_VERIFICATION_EXPIRY_HOURS,
-  LOGIN_CONFIRMATION_EXPIRY_MINUTES,
-  ORG_INVITE_EXPIRY_DAYS,
-  PASSWORD_RESET_EXPIRY_HOURS,
-  POSTMARK_API_KEY,
-} from "../constants.js";
-
-// ===== Types =====
-
-/**
- * Email send result
- */
-export interface EmailResult {
-  success: boolean;
-  messageId?: string;
-  error?: string;
-}
-
-// ===== Postmark Client =====
-
-let postmarkClient: ServerClient | null = null;
-
-const getPostmarkClient = (): ServerClient => {
-  if (!postmarkClient) {
-    if (!POSTMARK_API_KEY) {
-      throw new Error(
-        "POSTMARK_API_KEY is required when EMAIL_DEV_MODE is false",
-      );
-    }
-    postmarkClient = new ServerClient(POSTMARK_API_KEY);
-  }
-  return postmarkClient;
-};
-
-// ===== URL Helpers =====
-
-/**
- * Build a URL with query parameters using the URL constructor
- */
-const buildUrl = (path: string, params: Record<string, string>): string => {
-  const url = new URL(path, BASE_URL);
-  for (const [key, value] of Object.entries(params)) {
-    url.searchParams.set(key, value);
-  }
-  return url.toString();
-};
-
-// ===== HTML Escaping =====
-
-/**
- * Escape HTML special characters to prevent XSS
- */
-const escapeHtml = (unsafe: string): string =>
-  unsafe
-    .replace(/&/g, "&amp;")
-    .replace(/</g, "&lt;")
-    .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;")
-    .replace(/'/g, "&#039;");
-
-// ===== Core Email Function =====
-
-interface SendEmailParams {
-  to: string;
-  subject: string;
-  htmlBody: string;
-  textBody: string;
-}
-
-/**
- * Send an email via Postmark (or log in dev mode)
- */
-const sendEmail = async (params: SendEmailParams): Promise<EmailResult> => {
-  const { to, subject, htmlBody, textBody } = params;
-
-  // Dev mode: log instead of sending
-  if (EMAIL_DEV_MODE) {
-    console.log("=== DEV MODE EMAIL ===");
-    console.log(`To: ${to}`);
-    console.log(`Subject: ${subject}`);
-    console.log(`Body:\n${textBody}`);
-    console.log("======================");
-    return { success: true, messageId: "dev-mode" };
-  }
-
-  try {
-    const client = getPostmarkClient();
-    const result = await client.sendEmail({
-      From: EMAIL_FROM,
-      To: to,
-      Subject: subject,
-      HtmlBody: htmlBody,
-      TextBody: textBody,
-    });
-    return { success: true, messageId: result.MessageID };
-  } catch (error) {
-    const message = error instanceof Error ? error.message : "Unknown error";
-    console.error(`Failed to send email to ${to}:`, message);
-    return { success: false, error: message };
-  }
-};
-
-// ===== Template Helpers =====
-
-const durationFormatter = new DurationFormat("en", { style: "long" });
-
-const formatExpiryHours = (hours: number): string =>
-  durationFormatter.format({ hours });
-
-const formatExpiryMinutes = (minutes: number): string =>
-  durationFormatter.format({ minutes });
-
-const formatExpiryDays = (days: number): string =>
-  durationFormatter.format({ days });
-
-const roleLabels: Record<OrgRole, string> = {
-  owner: "Owner",
-  admin: "Admin",
-  member: "Member",
-};
-
-const formatRoleDisplay = (role: OrgRole): string => roleLabels[role];
-
-/**
- * Get the correct article (a/an) for a role
- */
-const getArticleForRole = (role: OrgRole): string => {
-  return role === "owner" || role === "admin" ? "an" : "a";
-};
-
-// ===== Email Templates =====
-
-// Common styles
-const emailStyles = `font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 20px; background-color: #f5f5f5;`;
-const containerStyles =
-  "max-width: 600px; margin: 0 auto; background: white; border-radius: 8px; padding: 40px;";
-const headingStyles = "margin: 0 0 24px; font-size: 24px; color: #1a1a1a;";
-const paragraphStyles =
-  "margin: 0 0 24px; font-size: 16px; color: #4a4a4a; line-height: 1.5;";
-const buttonStyles =
-  "display: inline-block; background-color: #0066cc; color: white; padding: 12px 24px; border-radius: 6px; text-decoration: none; font-weight: 500;";
-const footerStyles = "margin: 24px 0 0; font-size: 14px; color: #6a6a6a;";
-
-// Verification Email
-const buildVerificationEmailHtml = (
-  verifyUrl: string,
-  expiresIn: string,
-): string => `
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-</head>
-<body style="${emailStyles}">
-  <div style="${containerStyles}">
-    <h1 style="${headingStyles}">Verify your email</h1>
-    <p style="${paragraphStyles}">Please verify your email address by clicking the button below:</p>
-    <a href="${verifyUrl}" style="${buttonStyles}">Verify Email</a>
-    <p style="${footerStyles}">This link expires in ${expiresIn}.</p>
-    <p style="${footerStyles}">If you didn't create an account, you can safely ignore this email.</p>
-  </div>
-</body>
-</html>
-`;
-
-const buildVerificationEmailText = (
-  verifyUrl: string,
-  expiresIn: string,
-): string =>
-  `Verify your email
-
-Please verify your email address by clicking the link below:
-
-${verifyUrl}
-
-This link expires in ${expiresIn}.
-
-If you didn't create an account, you can safely ignore this email.
-`;
-
-// Password Reset Email
-const buildPasswordResetEmailHtml = (
-  resetUrl: string,
-  expiresIn: string,
-): string => `
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-</head>
-<body style="${emailStyles}">
-  <div style="${containerStyles}">
-    <h1 style="${headingStyles}">Reset your password</h1>
-    <p style="${paragraphStyles}">We received a request to reset your password. Click the button below to choose a new password:</p>
-    <a href="${resetUrl}" style="${buttonStyles}">Reset Password</a>
-    <p style="${footerStyles}">This link expires in ${expiresIn}.</p>
-    <p style="${footerStyles}">If you didn't request a password reset, you can safely ignore this email. Your password will remain unchanged.</p>
-  </div>
-</body>
-</html>
-`;
-
-const buildPasswordResetEmailText = (
-  resetUrl: string,
-  expiresIn: string,
-): string =>
-  `Reset your password
-
-We received a request to reset your password. Click the link below to choose a new password:
-
-${resetUrl}
-
-This link expires in ${expiresIn}.
-
-If you didn't request a password reset, you can safely ignore this email. Your password will remain unchanged.
-`;
-
-// Login Confirmation Email
-const buildLoginConfirmationEmailHtml = (
-  confirmUrl: string,
-  expiresIn: string,
-): string => `
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-</head>
-<body style="${emailStyles}">
-  <div style="${containerStyles}">
-    <h1 style="${headingStyles}">Confirm your login</h1>
-    <p style="${paragraphStyles}">Someone is trying to sign in to your account. If this was you, click the button below to confirm:</p>
-    <a href="${confirmUrl}" style="${buttonStyles}">Confirm Login</a>
-    <p style="${footerStyles}">This link expires in ${expiresIn}.</p>
-    <p style="${footerStyles}">If you didn't try to sign in, you can safely ignore this email. Someone may have entered your email address by mistake.</p>
-  </div>
-</body>
-</html>
-`;
-
-const buildLoginConfirmationEmailText = (
-  confirmUrl: string,
-  expiresIn: string,
-): string =>
-  `Confirm your login
-
-Someone is trying to sign in to your account. If this was you, click the link below to confirm:
-
-${confirmUrl}
-
-This link expires in ${expiresIn}.
-
-If you didn't try to sign in, you can safely ignore this email. Someone may have entered your email address by mistake.
-`;
-
-// Org Invite Email
-const buildOrgInviteEmailHtml = (
-  email: string,
-  orgName: string,
-  inviterName: string,
-  role: OrgRole,
-  inviteUrl: string,
-  expiresIn: string,
-): string => {
-  const safeOrgName = escapeHtml(orgName);
-  const safeInviterName = escapeHtml(inviterName);
-  const safeEmail = escapeHtml(email);
-  const roleDisplay = formatRoleDisplay(role);
-  const article = getArticleForRole(role);
-
-  return `
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-</head>
-<body style="${emailStyles}">
-  <div style="${containerStyles}">
-    <h1 style="${headingStyles}">You've been invited to join ${safeOrgName}</h1>
-    <p style="${paragraphStyles}">${safeInviterName} has invited you to join <strong>${safeOrgName}</strong> as ${article} <strong>${roleDisplay}</strong>.</p>
-    <a href="${inviteUrl}" style="${buttonStyles}">Accept Invitation</a>
-    <p style="${footerStyles}">This invitation expires in ${expiresIn}.</p>
-    <p style="${footerStyles}">This invitation was sent to ${safeEmail}. If you weren't expecting this invitation, you can safely ignore this email.</p>
-  </div>
-</body>
-</html>
-`;
-};
-
-const buildOrgInviteEmailText = (
-  email: string,
-  orgName: string,
-  inviterName: string,
-  role: OrgRole,
-  inviteUrl: string,
-  expiresIn: string,
-): string => {
-  const roleDisplay = formatRoleDisplay(role);
-  const article = getArticleForRole(role);
-
-  return `You've been invited to join ${orgName}
-
-${inviterName} has invited you to join ${orgName} as ${article} ${roleDisplay}.
-
-Click the link below to accept the invitation:
-
-${inviteUrl}
-
-This invitation expires in ${expiresIn}.
-
-This invitation was sent to ${email}. If you weren't expecting this invitation, you can safely ignore this email.
-`;
-};
-
-// ===== Email Helpers =====
-
-/**
- * Send verification email to user
- */
-export async function sendVerificationEmail(
-  email: string,
-  token: string,
-): Promise<EmailResult> {
-  const url = buildUrl("/auth/verify", { token });
-  const expiresIn = formatExpiryHours(EMAIL_VERIFICATION_EXPIRY_HOURS);
-
-  return sendEmail({
-    to: email,
-    subject: "Verify your email address",
-    htmlBody: buildVerificationEmailHtml(url, expiresIn),
-    textBody: buildVerificationEmailText(url, expiresIn),
-  });
-}
-
-/**
- * Send login confirmation email (for untrusted device flow)
- */
-export async function sendLoginConfirmationEmail(
-  email: string,
-  token: string,
-): Promise<EmailResult> {
-  const url = buildUrl("/auth/confirm", { token });
-  const expiresIn = formatExpiryMinutes(LOGIN_CONFIRMATION_EXPIRY_MINUTES);
-
-  return sendEmail({
-    to: email,
-    subject: "Confirm your login",
-    htmlBody: buildLoginConfirmationEmailHtml(url, expiresIn),
-    textBody: buildLoginConfirmationEmailText(url, expiresIn),
-  });
-}
-
-/**
- * Send password reset email
- */
-export async function sendPasswordResetEmail(
-  email: string,
-  token: string,
-): Promise<EmailResult> {
-  const url = buildUrl("/auth/reset-password", { token });
-  const expiresIn = formatExpiryHours(PASSWORD_RESET_EXPIRY_HOURS);
-
-  return sendEmail({
-    to: email,
-    subject: "Reset your password",
-    htmlBody: buildPasswordResetEmailHtml(url, expiresIn),
-    textBody: buildPasswordResetEmailText(url, expiresIn),
-  });
-}
-
-/**
- * Send org invite email
- */
-export async function sendOrgInviteEmail(
-  email: string,
-  token: string,
-  orgName: string,
-  inviterName: string,
-  role: OrgRole,
-): Promise<EmailResult> {
-  const url = buildUrl("/invite/accept", { token });
-  const expiresIn = formatExpiryDays(ORG_INVITE_EXPIRY_DAYS);
-
-  return sendEmail({
-    to: email,
-    subject: `You've been invited to join ${orgName}`,
-    htmlBody: buildOrgInviteEmailHtml(
-      email,
-      orgName,
-      inviterName,
-      role,
-      url,
-      expiresIn,
-    ),
-    textBody: buildOrgInviteEmailText(
-      email,
-      orgName,
-      inviterName,
-      role,
-      url,
-      expiresIn,
-    ),
-  });
-}