feat: password reset flow and email verification

- Add forgot-password and reset-password pages and API routes - Add email verification with token generation on registration - Add resend-verification endpoint with 60s rate limit - Add shared email utility (nodemailer, Migadu SMTP) - Add VerificationBanner in dashboard layout - Add PasswordResetToken and EmailVerificationToken models - Add emailVerified field to User model - Extend NextAuth session with isEmailVerified - Add forgot-password link to login page - Wire EMAIL_PASSWORD env var in docker-compose
2026-02-10 16:47:06 +00:00
parent 0e4ffce4fa
commit 539d35b649
16 changed files with 1026 additions and 6 deletions
--- a/apps/web/src/lib/email.ts
+++ b/apps/web/src/lib/email.ts
@@ -0,0 +1,36 @@
+import nodemailer from "nodemailer";
+
+interface SendEmailOptions {
+  to: string;
+  subject: string;
+  html: string;
+}
+
+export async function sendEmail({ to, subject, html }: SendEmailOptions) {
+  const password = process.env.EMAIL_PASSWORD;
+
+  if (!password) {
+    console.warn(
+      "[email] EMAIL_PASSWORD not set — skipping email send to:",
+      to
+    );
+    return;
+  }
+
+  const transporter = nodemailer.createTransport({
+    host: "smtp.migadu.com",
+    port: 465,
+    secure: true,
+    auth: {
+      user: "hunter@repi.fun",
+      pass: password,
+    },
+  });
+
+  await transporter.sendMail({
+    from: "AgentLens <hunter@repi.fun>",
+    to,
+    subject,
+    html,
+  });
+}