+1

appview/db/db.go

··· 202 202 email text not null, 203 203 verified integer not null default 0, 204 204 verification_code text not null, 205 205 + last_sent text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')), 205 206 is_primary integer not null default 0, 206 207 created text not null default (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')), 207 208 unique(did, email)

+51 -6

appview/db/email.go

··· 12 12 Verified bool 13 13 Primary bool 14 14 VerificationCode string 15 15 + LastSent *time.Time 15 16 CreatedAt time.Time 16 17 } 17 18 18 19 func GetPrimaryEmail(e Execer, did string) (Email, error) { 19 20 query := ` 20 20 - select id, did, email, verified, is_primary, verification_code, created 21 21 + select id, did, email, verified, is_primary, verification_code, last_sent, created 21 22 from emails 22 23 where did = ? and is_primary = true 23 24 ` 24 25 var email Email 25 26 var createdStr string 26 26 - err := e.QueryRow(query, did).Scan(&email.ID, &email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &createdStr) 27 27 + var lastSent *string 28 28 + err := e.QueryRow(query, did).Scan(&email.ID, &email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &lastSent, &createdStr) 27 29 if err != nil { 28 30 return Email{}, err 29 31 } 30 32 email.CreatedAt, err = time.Parse(time.RFC3339, createdStr) 31 33 if err != nil { 32 34 return Email{}, err 35 35 + } 36 36 + if lastSent != nil { 37 37 + parsedTime, err := time.Parse(time.RFC3339, *lastSent) 38 38 + if err != nil { 39 39 + return Email{}, err 40 40 + } 41 41 + email.LastSent = &parsedTime 33 42 } 34 43 return email, nil 35 44 } 36 45 37 46 func GetEmail(e Execer, did string, em string) (Email, error) { 38 47 query := ` 39 39 - select id, did, email, verified, is_primary, verification_code, created 48 48 + select id, did, email, verified, is_primary, verification_code, last_sent, created 40 49 from emails 41 50 where did = ? and email = ? 42 51 ` 43 52 var email Email 44 53 var createdStr string 45 45 - err := e.QueryRow(query, did, em).Scan(&email.ID, &email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &createdStr) 54 54 + var lastSent *string 55 55 + err := e.QueryRow(query, did, em).Scan(&email.ID, &email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &lastSent, &createdStr) 46 56 if err != nil { 47 57 return Email{}, err 48 58 } 49 59 email.CreatedAt, err = time.Parse(time.RFC3339, createdStr) 50 60 if err != nil { 51 61 return Email{}, err 62 62 + } 63 63 + if lastSent != nil { 64 64 + parsedTime, err := time.Parse(time.RFC3339, *lastSent) 65 65 + if err != nil { 66 66 + return Email{}, err 67 67 + } 68 68 + email.LastSent = &parsedTime 52 69 } 53 70 return email, nil 54 71 } ··· 237 220 238 221 func GetAllEmails(e Execer, did string) ([]Email, error) { 239 222 query := ` 240 240 - select did, email, verified, is_primary, verification_code, created 223 223 + select did, email, verified, is_primary, verification_code, last_sent, created 241 224 from emails 242 225 where did = ? 243 226 ` ··· 251 234 for rows.Next() { 252 235 var email Email 253 236 var createdStr string 254 254 - err := rows.Scan(&email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &createdStr) 237 237 + var lastSent *string 238 238 + err := rows.Scan(&email.Did, &email.Address, &email.Verified, &email.Primary, &email.VerificationCode, &lastSent, &createdStr) 255 239 if err != nil { 256 240 return nil, err 257 241 } ··· 260 242 if err != nil { 261 243 return nil, err 262 244 } 245 245 + if lastSent != nil { 246 246 + parsedTime, err := time.Parse(time.RFC3339, *lastSent) 247 247 + if err != nil { 248 248 + return nil, err 249 249 + } 250 250 + email.LastSent = &parsedTime 251 251 + } 263 252 emails = append(emails, email) 264 253 } 265 254 return emails, nil 255 255 + } 256 256 + 257 257 + func UpdateVerificationCode(e Execer, did string, email string, code string) error { 258 258 + query := ` 259 259 + update emails 260 260 + set verification_code = ? 261 261 + where did = ? and email = ? 262 262 + ` 263 263 + _, err := e.Exec(query, code, did, email) 264 264 + return err 265 265 + } 266 266 + 267 267 + func UpdateLastSent(e Execer, did string, email string, lastSent time.Time) error { 268 268 + query := ` 269 269 + update emails 270 270 + set last_sent = ? 271 271 + where did = ? and email = ? 272 272 + ` 273 273 + _, err := e.Exec(query, lastSent.Format(time.RFC3339), did, email) 274 274 + return err 266 275 }

+11 -1

appview/pages/templates/settings.html

··· 103 103 </div> 104 104 </div> 105 105 <div class="flex gap-2 items-center"> 106 106 - {{ if not .Primary }} 106 106 + {{ if not .Verified }} 107 107 + <a 108 108 + class="text-sm" 109 109 + hx-post="/settings/emails/verify/resend" 110 110 + hx-swap="none" 111 111 + href="#" 112 112 + hx-vals='{"email": "{{ .Address }}"}'> 113 113 + resend verification 114 114 + </a> 115 115 + {{ end }} 116 116 + {{ if and (not .Primary) .Verified }} 107 117 <a 108 118 class="text-sm" 109 119 hx-post="/settings/emails/primary"

+1

appview/state/router.go

··· 170 170 r.Put("/emails", s.SettingsEmails) 171 171 r.Delete("/emails", s.SettingsEmails) 172 172 r.Get("/emails/verify", s.SettingsEmailsVerify) 173 173 + r.Post("/emails/verify/resend", s.SettingsEmailsVerifyResend) 173 174 r.Post("/emails/primary", s.SettingsEmailsPrimary) 174 175 }) 175 176

+107 -15

appview/state/settings.go

··· 38 38 }) 39 39 } 40 40 41 41 + // buildVerificationEmail creates an email.Email struct for verification emails 42 42 + func (s *State) buildVerificationEmail(emailAddr, did, code string) email.Email { 43 43 + verifyURL := s.verifyUrl(did, emailAddr, code) 44 44 + 45 45 + return email.Email{ 46 46 + APIKey: s.config.ResendApiKey, 47 47 + From: "noreply@notifs.tangled.sh", 48 48 + To: emailAddr, 49 49 + Subject: "Verify your Tangled email", 50 50 + Text: `Click the link below (or copy and paste it into your browser) to verify your email address. 51 51 + ` + verifyURL, 52 52 + Html: `<p>Click the link (or copy and paste it into your browser) to verify your email address.</p> 53 53 + <p><a href="` + verifyURL + `">` + verifyURL + `</a></p>`, 54 54 + } 55 55 + } 56 56 + 57 57 + // sendVerificationEmail handles the common logic for sending verification emails 58 58 + func (s *State) sendVerificationEmail(w http.ResponseWriter, did, emailAddr, code string, errorContext string) error { 59 59 + emailToSend := s.buildVerificationEmail(emailAddr, did, code) 60 60 + 61 61 + err := email.SendEmail(emailToSend) 62 62 + if err != nil { 63 63 + log.Printf("sending email: %s", err) 64 64 + s.pages.Notice(w, "settings-emails-error", fmt.Sprintf("Unable to send verification email at this moment, try again later. %s", errorContext)) 65 65 + return err 66 66 + } 67 67 + 68 68 + return nil 69 69 + } 70 70 + 41 71 func (s *State) SettingsEmails(w http.ResponseWriter, r *http.Request) { 42 72 switch r.Method { 43 73 case http.MethodGet: ··· 124 94 return 125 95 } 126 96 127 127 - err = email.SendEmail(email.Email{ 128 128 - APIKey: s.config.ResendApiKey, 129 129 - 130 130 - From: "noreply@notifs.tangled.sh", 131 131 - To: emAddr, 132 132 - Subject: "Verify your Tangled email", 133 133 - Text: `Click the link below (or copy and paste it into your browser) to verify your email address. 134 134 - ` + s.verifyUrl(did, emAddr, code), 135 135 - Html: `<p>Click the link (or copy and paste it into your browser) to verify your email address.</p> 136 136 - <p><a href="` + s.verifyUrl(did, emAddr, code) + `">` + s.verifyUrl(did, emAddr, code) + `</a></p>`, 137 137 - }) 138 138 - 139 139 - if err != nil { 140 140 - log.Printf("sending email: %s", err) 141 141 - s.pages.Notice(w, "settings-emails-error", "Unable to send verification email at this moment, try again later.") 97 97 + if err := s.sendVerificationEmail(w, did, emAddr, code, ""); err != nil { 142 98 return 143 99 } 144 100 ··· 208 192 } 209 193 210 194 http.Redirect(w, r, "/settings", http.StatusSeeOther) 195 195 + } 196 196 + 197 197 + func (s *State) SettingsEmailsVerifyResend(w http.ResponseWriter, r *http.Request) { 198 198 + if r.Method != http.MethodPost { 199 199 + s.pages.Notice(w, "settings-emails-error", "Invalid request method.") 200 200 + return 201 201 + } 202 202 + 203 203 + did := s.auth.GetDid(r) 204 204 + emAddr := r.FormValue("email") 205 205 + emAddr = strings.TrimSpace(emAddr) 206 206 + 207 207 + if !email.IsValidEmail(emAddr) { 208 208 + s.pages.Notice(w, "settings-emails-error", "Invalid email address.") 209 209 + return 210 210 + } 211 211 + 212 212 + // Check if email exists and is unverified 213 213 + existingEmail, err := db.GetEmail(s.db, did, emAddr) 214 214 + if err != nil { 215 215 + if errors.Is(err, sql.ErrNoRows) { 216 216 + s.pages.Notice(w, "settings-emails-error", "Email not found. Please add it first.") 217 217 + } else { 218 218 + log.Printf("checking for existing email: %s", err) 219 219 + s.pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 220 220 + } 221 221 + return 222 222 + } 223 223 + 224 224 + if existingEmail.Verified { 225 225 + s.pages.Notice(w, "settings-emails-error", "This email is already verified.") 226 226 + return 227 227 + } 228 228 + 229 229 + // Check if last verification email was sent less than 10 minutes ago 230 230 + if existingEmail.LastSent != nil { 231 231 + timeSinceLastSent := time.Since(*existingEmail.LastSent) 232 232 + if timeSinceLastSent < 10*time.Minute { 233 233 + waitTime := 10*time.Minute - timeSinceLastSent 234 234 + s.pages.Notice(w, "settings-emails-error", fmt.Sprintf("Please wait %d minutes before requesting another verification email.", int(waitTime.Minutes()+1))) 235 235 + return 236 236 + } 237 237 + } 238 238 + 239 239 + // Generate new verification code 240 240 + code := uuid.New().String() 241 241 + 242 242 + // Begin transaction 243 243 + tx, err := s.db.Begin() 244 244 + if err != nil { 245 245 + log.Printf("failed to start transaction: %s", err) 246 246 + s.pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 247 247 + return 248 248 + } 249 249 + defer tx.Rollback() 250 250 + 251 251 + // Update the verification code and last sent time 252 252 + if err := db.UpdateVerificationCode(tx, did, emAddr, code); err != nil { 253 253 + log.Printf("updating email verification: %s", err) 254 254 + s.pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 255 255 + return 256 256 + } 257 257 + 258 258 + // Send verification email 259 259 + if err := s.sendVerificationEmail(w, did, emAddr, code, ""); err != nil { 260 260 + return 261 261 + } 262 262 + 263 263 + // Commit transaction 264 264 + if err := tx.Commit(); err != nil { 265 265 + log.Printf("failed to commit transaction: %s", err) 266 266 + s.pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 267 267 + return 268 268 + } 269 269 + 270 270 + s.pages.Notice(w, "settings-emails-success", "Verification email resent. Click the link in the email we sent you to verify your email address.") 211 271 } 212 272 213 273 func (s *State) SettingsEmailsPrimary(w http.ResponseWriter, r *http.Request) {