igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3f94a9e0678e743083c86fb888e4cefbf1f97214
publisher-dashboard/apps/api-server/src/procedures/auth/resend-verification.ts
RevIQ 829d365e80 Implement auth procedures with code review fixes 
Add complete auth backend (Workstream D):
- Auth middleware for session/API key authentication
- Signup with password or passkey (WebAuthn)
- Login flow with device trust and email confirmation
- Password reset and email verification
- Session management and logout

Utilities created:
- cookies.ts: Cookie helpers and configuration
- crypto.ts: Token generation and hashing
- password.ts: zxcvbn validation, argon2id hashing
- geo.ts: IP/location extraction from headers
- email.ts: Stubbed email sending
- session.ts: Session creation and device trust

Code review improvements applied:
- Use ORPCError instead of Error in procedures
- Add ast-grep rule to enforce ORPCError usage
- Remove error info leakage (generic messages)
- Optimize N+1 query with JOIN in login-password
- Extract signupWithPassword/signupWithPasskey for testability
- Add 15-minute WebAuthn challenge expiry check
- Strengthen CookieOptions type definitions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 15:19:15 +08:00

55 lines
1.7 KiB
TypeScript
Raw Blame History

import type { AuthenticatedContext } from "../../context.js";
import { implement } from "@orpc/server";
import { contract } from "@reviq/api-contract";
import { TOKEN_DURATIONS } from "../../utils/cookies.js";
import { generateExpiry, generateSecureToken } from "../../utils/crypto.js";
import { sendVerificationEmail } from "../../utils/email.js";
const os = implement(contract);
/**
* Resend email verification to authenticated user
* Requires authentication
*
* Flow:
* 1. Check if email is already verified (return early if so)
* 2. Delete any existing verification tokens for this user
* 3. Generate new secure token (64 hex chars)
* 4. Create new email_verifications record with 24 hour expiry
* 5. Send verification email (stubbed)
*/
export const resendVerificationEmail = os.auth.resendVerificationEmail.handler(
async ({ context }) => {
const ctx = context as AuthenticatedContext;
// Check if email is already verified
if (ctx.user.emailVerifiedAt !== null) {
// Email already verified, return early
return;
}
// Delete any existing verification tokens for this user
await ctx.db
.deleteFrom("email_verifications")
.where("user_id", "=", ctx.user.id)
.execute();
// Generate new secure token
const token = generateSecureToken();
const expiresAt = generateExpiry(TOKEN_DURATIONS.EMAIL_VERIFICATION);
// Create new verification record
await ctx.db
.insertInto("email_verifications")
.values({
user_id: ctx.user.id,
token,
expires_at: expiresAt,
})
.execute();
// Send verification email (stubbed)
await sendVerificationEmail(ctx.user.email, token);
},
);
Reference in New Issue View Git Blame Copy Permalink