feat: implement SMTP email service, adding env also adding email verification

backend/.env.example

@@ -21,3 +21,14 @@ S3_ENDPOINT="https://<account_id>.r2.cloudflarestorage.com"    # Cloudflare R2 e
 S3_ACCOUNT_ID="your_cloudflare_account_id"    # Your Cloudflare account ID
 S3_PUBLIC_URL="https://pub-xxx.r2.dev"        # Your R2 public bucket URL
 
+# mail
+# Set to false to disable all email functionality
+MAIL_ENABLED=false
+
+MAIL_HOST=smtp.example.com
+MAIL_USER=user@example.com
+MAIL_PASSWORD=topsecret
+MAIL_FROM=noreply@example.com
+MAIL_PORT=587
+MAIL_DOMAIN=your_net
+

backend/package.json

@@ -31,6 +31,7 @@
     "@aws-sdk/client-s3": "^3.758.0",
     "@huggingface/hub": "latest",
     "@huggingface/transformers": "latest",
+    "@nestjs-modules/mailer": "^2.0.2",
     "@nestjs/apollo": "^12.2.0",
     "@nestjs/axios": "^3.0.3",
     "@nestjs/common": "^10.0.0",
@@ -59,6 +60,7 @@
     "graphql-ws": "^5.16.0",
     "lodash": "^4.17.21",
     "markdown-to-txt": "^2.0.1",
+    "nodemailer": "^6.10.0",
     "normalize-path": "^3.0.0",
     "openai": "^4.77.0",
     "p-queue-es5": "^6.0.2",

backend/src/app.module.ts

@@ -15,6 +15,7 @@ import { AppResolver } from './app.resolver';
 import { APP_INTERCEPTOR } from '@nestjs/core';
 import { LoggingInterceptor } from 'src/interceptor/LoggingInterceptor';
 import { PromptToolModule } from './prompt-tool/prompt-tool.module';
+import { MailModule } from './mail/mail.module';
 
 // TODO(Sma1lboy): move to a separate file
 function isProduction(): boolean {
@@ -47,6 +48,7 @@ function isProduction(): boolean {
     TokenModule,
     ChatModule,
     PromptToolModule,
+    MailModule,
     TypeOrmModule.forFeature([User]),
   ],
   providers: [

backend/src/auth/auth.module.ts

@@ -9,6 +9,7 @@ import { User } from 'src/user/user.model';
 import { AuthResolver } from './auth.resolver';
 import { RefreshToken } from './refresh-token/refresh-token.model';
 import { JwtCacheModule } from 'src/jwt-cache/jwt-cache.module';
+import { MailModule } from 'src/mail/mail.module';
 
 @Module({
   imports: [
@@ -23,6 +24,7 @@ import { JwtCacheModule } from 'src/jwt-cache/jwt-cache.module';
       inject: [ConfigService],
     }),
     JwtCacheModule,
+    MailModule,
   ],
   providers: [AuthService, AuthResolver],
   exports: [AuthService, JwtModule],

backend/src/auth/auth.resolver.ts

@@ -18,6 +18,15 @@ export class RefreshTokenResponse {
   refreshToken: string;
 }
 
+@ObjectType()
+export class EmailConfirmationResponse {
+  @Field()
+  message: string;
+
+  @Field({ nullable: true })
+  success?: boolean;
+}
+
 @Resolver()
 export class AuthResolver {
   constructor(private readonly authService: AuthService) {}
@@ -33,4 +42,11 @@ export class AuthResolver {
   ): Promise<RefreshTokenResponse> {
     return this.authService.refreshToken(refreshToken);
   }
+
+  @Mutation(() => EmailConfirmationResponse)
+  async confirmEmail(
+    @Args('token') token: string,
+  ): Promise<EmailConfirmationResponse> {
+    return this.authService.confirmEmail(token);
+  }
 }

backend/src/auth/auth.service.ts

@@ -19,23 +19,127 @@
 import { RefreshToken } from './refresh-token/refresh-token.model';
 import { randomUUID } from 'crypto';
 import { compare, hash } from 'bcrypt';
-import { RefreshTokenResponse } from './auth.resolver';
+import {
+  EmailConfirmationResponse,
+  RefreshTokenResponse,
+} from './auth.resolver';
+import { MailService } from 'src/mail/mail.service';
 
 @Injectable()
 export class AuthService {
+  private readonly isMailEnabled: boolean;
+
   constructor(
     @InjectRepository(User)
     private userRepository: Repository<User>,
     private jwtService: JwtService,
     private jwtCacheService: JwtCacheService,
     private configService: ConfigService,
+    private mailService: MailService,
     @InjectRepository(Menu)
     private menuRepository: Repository<Menu>,
     @InjectRepository(Role)
     private roleRepository: Repository<Role>,
     @InjectRepository(RefreshToken)
     private refreshTokenRepository: Repository<RefreshToken>,
-  ) {}
+  ) {
+    // Read the MAIL_ENABLED environment variable, default to 'true'
+    this.isMailEnabled =
+      this.configService.get<string>('MAIL_ENABLED', 'true').toLowerCase() ===
+      'true';
+  }
+
+  async confirmEmail(token: string): Promise<EmailConfirmationResponse> {
+    try {
+      const payload = await this.jwtService.verifyAsync(token);
+
+      // Check if payload has the required email field
+      if (!payload || !payload.email) {
+        return {
+          message: 'Invalid token format',
+          success: false,
+        };
+      }
+
+      // Find user and update
+      const user = await this.userRepository.findOne({
+        where: { email: payload.email },
+      });
+
+      if (user && !user.isEmailConfirmed) {
+        user.isEmailConfirmed = true;
+        await this.userRepository.save(user);
+
+        return {
+          message: 'Email confirmed successfully!',
+          success: true,
+        };
+      }
+
+      return {
+        message: 'Email already confirmed or user not found.',
+        success: false,
+      };
+    } catch (error) {
+      return {
+        message: 'Invalid or expired token',
+        success: false,
+      };
+    }
+  }
+
+  async sendVerificationEmail(user: User): Promise<EmailConfirmationResponse> {
+    // Generate confirmation token
+    const verifyToken = this.jwtService.sign(
+      { email: user.email },
+      { expiresIn: '30m' },
+    );
+
+    // Send confirmation email
+    await this.mailService.sendConfirmationEmail(user.email, verifyToken);
+
+    // update user last time send email time
+    user.lastEmailSendTime = new Date();
+    await this.userRepository.save(user);
+
+    return {
+      message: 'Verification email sent successfully!',
+      success: true,
+    };
+  }
+
+  async resendVerificationEmail(email: string) {
+    const user = await this.userRepository.findOne({
+      where: { email },
+    });
+
+    if (!user) {
+      throw new Error('User not found');
+    }
+
+    if (user.isEmailConfirmed) {
+      return { message: 'Email already confirmed!' };
+    }
+
+    // Check if a cooldown period has passed (e.g., 1 minute)
+    const cooldownPeriod = 1 * 60 * 1000; // 1 minute in milliseconds
+    if (
+      user.lastEmailSendTime &&
+      new Date().getTime() - user.lastEmailSendTime.getTime() < cooldownPeriod
+    ) {
+      const timeLeft = Math.ceil(
+        (cooldownPeriod -
+          (new Date().getTime() - user.lastEmailSendTime.getTime())) /
+          1000,
+      );
+      return {
+        message: `Please wait ${timeLeft} seconds before requesting another email`,
+        success: false,
+      };
+    }
+
+    return this.sendVerificationEmail(user);
+  }
 
   async register(registerUserInput: RegisterUserInput): Promise<User> {
     const { username, email, password } = registerUserInput;
@@ -50,13 +154,31 @@
     }
 
     const hashedPassword = await hash(password, 10);
-    const newUser = this.userRepository.create({
-      username,
-      email,
-      password: hashedPassword,
-    });
 
-    return this.userRepository.save(newUser);
+    let newUser;
+    if (this.isMailEnabled) {
+      newUser = this.userRepository.create({
+        username,
+        email,
+        password: hashedPassword,
+        isEmailConfirmed: false,
+      });
+    } else {
+      newUser = this.userRepository.create({
+        username,
+        email,
+        password: hashedPassword,
+        isEmailConfirmed: true,
+      });
+    }
+
+    await this.userRepository.save(newUser);
+
+    if (this.isMailEnabled) {
+      await this.sendVerificationEmail(newUser);
+    }
+
+    return newUser;
   }
 
   async login(loginUserInput: LoginUserInput): Promise<RefreshTokenResponse> {
@@ -70,6 +192,10 @@
       throw new UnauthorizedException('Invalid credentials');
     }
 
+    if (!user.isEmailConfirmed) {
+      throw new Error('Email not confirmed. Please check your inbox.');
+    }
+
     const isPasswordValid = await compare(password, user.password);
 
     if (!isPasswordValid) {
@@ -113,6 +239,7 @@
       return false;
     }
   }
+
   async logout(token: string): Promise<boolean> {
     try {
       await this.jwtService.verifyAsync(token);
@@ -125,7 +252,7 @@
       }
 
       return true;
     } catch (error) {
       return false;
     }
   }

backend/src/mail/mail.module.ts

@@ -0,0 +1,47 @@
+import { MailerModule } from '@nestjs-modules/mailer';
+import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter';
+import { Module } from '@nestjs/common';
+import { MailService } from './mail.service';
+import { join } from 'path';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from 'src/user/user.model';
+import { JwtModule } from '@nestjs/jwt';
+
+@Module({
+  imports: [
+    ConfigModule,
+    TypeOrmModule.forFeature([User]),
+    MailerModule.forRootAsync({
+      // imports: [ConfigModule], // import module if not enabled globally
+      useFactory: async (config: ConfigService) => ({
+        // transport: config.get("MAIL_TRANSPORT"),
+        // or
+        transport: {
+          host: config.get('MAIL_HOST'),
+          port: config.get<number>('MAIL_PORT'),
+          secure: false,
+          auth: {
+            user: config.get('MAIL_USER'),
+            pass: config.get('MAIL_PASSWORD'),
+          },
+        },
+        defaults: {
+          from: `"Your App" <${config.get<string>('MAIL_FROM')}>`,
+        },
+        template: {
+          dir: join(__dirname, 'templates'),
+          adapter: new HandlebarsAdapter(),
+          options: {
+            strict: true,
+          },
+        },
+      }),
+      inject: [ConfigService],
+    }),
+    JwtModule,
+  ],
+  providers: [MailService],
+  exports: [MailService],
+})
+export class MailModule {}

backend/src/mail/mail.service.ts

@@ -0,0 +1,59 @@
+import { Injectable } from '@nestjs/common';
+import { MailerService } from '@nestjs-modules/mailer';
+import { InjectRepository } from '@nestjs/typeorm';
+import { User } from 'src/user/user.model';
+import { Repository } from 'typeorm';
+import { ConfigService } from '@nestjs/config';
+
+@Injectable()
+export class MailService {
+  constructor(
+    @InjectRepository(User)
+    private userRepository: Repository<User>,
+    private readonly mailerService: MailerService,
+    private configService: ConfigService,
+  ) {}
+
+  async sendConfirmationEmail(email: string, token: string) {
+    const confirmUrl = `https://${this.configService.get('MAIL_DOMAIN')}/auth/confirm?token=${token}`;
+
+    await this.mailerService.sendMail({
+      to: email,
+      subject: 'Confirm Your Email',
+      template: './confirmation',
+      context: { confirmUrl }, // Data for template
+    });
+  }
+
+  async sendPasswordResetEmail(user: User, token: string) {
+    const frontendUrl = this.configService.get('FRONTEND_URL');
+    const url = `${frontendUrl}/reset-password?token=${token}`;
+
+    await this.mailerService.sendMail({
+      to: user.email,
+      subject: 'Password Reset Request',
+      template: './passwordReset',
+      context: {
+        name: user.username,
+        firstName: user.username,
+        url,
+      },
+    });
+  }
+
+  // async sendConfirmationEmail(user: User, token: string) {
+  //   const frontendUrl = this.configService.get('FRONTEND_URL');
+  //   const url = `${frontendUrl}/confirm-email?token=${token}`;
+
+  //   await this.mailerService.sendMail({
+  //     to: user.email,
+  //     subject: 'Welcome! Confirm Your Email',
+  //     template: './confirmation', // This will use the confirmation.hbs template
+  //     context: { // Data to be sent to the template
+  //       name: user.username,
+  //       firstName: user.firstName || user.username,
+  //       url,
+  //     },
+  //   });
+  // }
+}