Extract emails into separate package with clean interface

- Create packages/emails/ with EmailClient interface abstraction - Wrap Postmark ServerClient in adapter for clean typing - Add createLoggingEmailClient for dev mode (logs to console) - Split email templates into individual files with full test coverage - Update api-server to use new package via context injection - Remove EMAIL_DEV_MODE - now uses POSTMARK_API_KEY presence - Delete apps/api-server/src/utils/email.ts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 15:45:40 +08:00
parent f9f1dc7403
commit c2b815dd6a
34 changed files with 1626 additions and 442 deletions
--- a/apps/api-server/src/procedures/auth/forgot-password.ts
+++ b/apps/api-server/src/procedures/auth/forgot-password.ts
@@ -6,12 +6,12 @@
 * This prevents attackers from determining which emails are registered
 */

+import { sendPasswordResetEmail } from "@reviq/emails";
 import { TOKEN_DURATIONS } from "../../utils/cookies.js";
 import {
  generateExpiry,
  generateSecureBase58Token,
 } from "../../utils/crypto.js";
-import { sendPasswordResetEmail } from "../../utils/email.js";
 import { os } from "../base.js";

 export const forgotPassword = os.auth.forgotPassword.handler(
@@ -51,8 +51,15 @@ export const forgotPassword = os.auth.forgotPassword.handler(
        })
        .execute();

-      // Send password reset email (stubbed)
-      await sendPasswordResetEmail(user.email, token);
+      // Send password reset email
+      await sendPasswordResetEmail({
+        client: context.email.client,
+        fromAddress: context.email.fromAddress,
+        baseUrl: context.email.baseUrl,
+        email: user.email,
+        token,
+        expiryHours: 1,
+      });
    }

    // Always return success (anti-enumeration)