From e4ea49c05f9403c036db6b68246ed61cf65bcef7 Mon Sep 17 00:00:00 2001
From: Hongbo Wu <hongbo@omnivore.app>
Date: Thu, 21 Jul 2022 22:32:09 +0800
Subject: [PATCH] add confirm-email router

---
 packages/api/src/routers/auth/auth_router.ts | 58 +++++++++++++++++++-
 packages/api/src/services/create_user.ts     |  2 +-
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/packages/api/src/routers/auth/auth_router.ts b/packages/api/src/routers/auth/auth_router.ts
index 4c29d3b3c..b439b2bf2 100644
--- a/packages/api/src/routers/auth/auth_router.ts
+++ b/packages/api/src/routers/auth/auth_router.ts
@@ -38,10 +38,16 @@ import {
   StatusType,
   UserData,
 } from '../../datalayer/user/model'
-import { comparePassword, hashPassword } from '../../utils/auth'
+import {
+  comparePassword,
+  getClaimsByToken,
+  hashPassword,
+} from '../../utils/auth'
 import { createUser, sendConfirmationEmail } from '../../services/create_user'
 import { isErrorWithCode } from '../../resolvers'
 import { initModels } from '../../server'
+import { getRepository } from '../../entity/utils'
+import { User } from '../../entity/user'
 
 const logger = buildLogger('app.dispatch')
 const signToken = promisify(jwt.sign)
@@ -445,7 +451,7 @@ export function authRouter() {
 
         res.redirect(`${env.client.url}/email-login?message=SIGNUP_SUCCESS`)
       } catch (e) {
-        logger.error('email-signup exception:', e)
+        logger.info('email-signup exception:', e)
         if (isErrorWithCode(e)) {
           return res.redirect(
             `${env.client.url}/email-signup?errorCodes=${e.errorCode}`
@@ -456,5 +462,53 @@ export function authRouter() {
     }
   )
 
+  router.options(
+    '/confirm-email',
+    cors<express.Request>({ ...corsConfig, maxAge: 600 })
+  )
+
+  router.get(
+    '/confirm-email/:token',
+    cors<express.Request>(corsConfig),
+    async (req: express.Request, res: express.Response) => {
+      const token = req.params.token
+
+      try {
+        // verify token
+        const claims = await getClaimsByToken(token)
+        if (!claims) {
+          return res.redirect(
+            `${env.client.url}/confirm-email?errorCodes=INVALID_TOKEN`
+          )
+        }
+
+        const user = await getRepository(User).findOneBy({ id: claims.uid })
+        if (!user) {
+          return res.redirect(
+            `${env.client.url}/confirm-email?errorCodes=USER_NOT_FOUND`
+          )
+        }
+
+        if (user.status === StatusType.Pending) {
+          await getRepository(User).update(
+            { id: user.id },
+            { status: StatusType.Active }
+          )
+        }
+
+        res.redirect(`${env.client.url}/email-login?message=EMAIL_VERIFIED`)
+      } catch (e) {
+        logger.info('confirm-email exception:', e)
+        if (e instanceof jwt.TokenExpiredError) {
+          return res.redirect(
+            `${env.client.url}/confirm-email?errorCodes=TOKEN_EXPIRED`
+          )
+        }
+
+        res.redirect(`${env.client.url}/confirm-email?errorCodes=INVALID_TOKEN`)
+      }
+    }
+  )
+
   return router
 }
diff --git a/packages/api/src/services/create_user.ts b/packages/api/src/services/create_user.ts
index fc340c870..4e1a93578 100644
--- a/packages/api/src/services/create_user.ts
+++ b/packages/api/src/services/create_user.ts
@@ -138,7 +138,7 @@ export const sendConfirmationEmail = async (user: {
 }): Promise<boolean> => {
   // generate confirmation link
   const confirmationToken = generateVerificationToken(user.id)
-  const confirmationLink = `${env.client.url}/confirm-email/${confirmationToken}`
+  const confirmationLink = `${env.client.url}/api/auth/confirm-email/${confirmationToken}`
   // send email
   return sendEmail({
     from: `Omnivore <${env.sender.message}>`,