feat: password reset flow and email verification

- Add forgot-password and reset-password pages and API routes - Add email verification with token generation on registration - Add resend-verification endpoint with 60s rate limit - Add shared email utility (nodemailer, Migadu SMTP) - Add VerificationBanner in dashboard layout - Add PasswordResetToken and EmailVerificationToken models - Add emailVerified field to User model - Extend NextAuth session with isEmailVerified - Add forgot-password link to login page - Wire EMAIL_PASSWORD env var in docker-compose
2026-02-10 16:47:06 +00:00
parent 0e4ffce4fa
commit 539d35b649
16 changed files with 1026 additions and 6 deletions
--- a/apps/web/src/app/api/auth/register/route.ts
+++ b/apps/web/src/app/api/auth/register/route.ts
@@ -1,7 +1,9 @@
 import { NextResponse } from "next/server";
 import { hash } from "bcryptjs";
+import crypto from "crypto";
 import { z } from "zod";
 import { prisma } from "@/lib/prisma";
+import { sendEmail } from "@/lib/email";

 const registerSchema = z.object({
  email: z.email("Invalid email address"),
@@ -57,6 +59,45 @@ export async function POST(request: Request) {
      },
    });

+    // Send verification email (non-blocking — don't fail registration on email errors)
+    try {
+      const rawToken = crypto.randomBytes(32).toString("hex");
+      const tokenHash = crypto
+        .createHash("sha256")
+        .update(rawToken)
+        .digest("hex");
+
+      await prisma.emailVerificationToken.create({
+        data: {
+          userId: user.id,
+          token: tokenHash,
+          expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000), // 24 hours
+        },
+      });
+
+      const verifyUrl = `https://agentlens.vectry.tech/verify-email?token=${rawToken}`;
+      await sendEmail({
+        to: user.email,
+        subject: "Verify your AgentLens email",
+        html: `
+          <div style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 480px; margin: 0 auto; padding: 40px 20px;">
+            <h2 style="color: #e5e5e5; margin-bottom: 16px;">Verify your email</h2>
+            <p style="color: #a3a3a3; line-height: 1.6;">
+              Thanks for signing up for AgentLens. Click the link below to verify your email address.
+            </p>
+            <a href="${verifyUrl}" style="display: inline-block; margin-top: 24px; padding: 12px 24px; background-color: #10b981; color: #000; text-decoration: none; border-radius: 8px; font-weight: 600;">
+              Verify Email
+            </a>
+            <p style="color: #737373; font-size: 13px; margin-top: 32px;">
+              This link expires in 24 hours. If you didn't create an account, you can safely ignore this email.
+            </p>
+          </div>
+        `,
+      });
+    } catch (emailError) {
+      console.error("[register] Failed to send verification email:", emailError);
+    }
+
    return NextResponse.json(user, { status: 201 });
  } catch {
    return NextResponse.json(