simonknittel · simonknittel · Mar 27, 2024 · Mar 27, 2024 · Mar 27, 2024 · Mar 27, 2024
diff --git a/app/package-lock.json b/app/package-lock.json
diff --git a/app/package.json b/app/package.json
@@ -61,7 +61,7 @@
     "@tailwindcss/typography": "0.5.10",
     "@types/eslint": "8.56.6",
     "@types/lodash": "4.17.0",
-    "@types/node": "18.19.25",
+    "@types/node": "18.19.26",
     "@types/prettier": "3.0.0",
     "@types/react": "18.2.67",
     "@types/react-dom": "18.2.22",
@@ -72,7 +72,7 @@
     "csv": "6.3.8",
     "eslint": "8.57.0",
     "eslint-config-next": "14.1.4",
-    "postcss": "8.4.36",
+    "postcss": "8.4.37",
     "prettier": "3.2.5",
     "prettier-plugin-organize-imports": "3.2.4",
     "prettier-plugin-tailwindcss": "0.5.12",

diff --git a/app/src/app/api/_lib/errorHandler.ts b/app/src/app/api/_lib/errorHandler.ts
@@ -3,28 +3,31 @@ import { serializeError } from "serialize-error";
 import { ZodError } from "zod";
 import { log } from "../../../lib/logging";
 
-export default function errorHandler(error: unknown) {
+export default function errorHandler(
+  error: unknown,
+  responseInit: ResponseInit = {},
+) {
   if (error instanceof ZodError) {
     return NextResponse.json(
       {
         message: "Invalid request params or body",
         errors: error.errors,
       },
-      { status: 400 },
+      { status: 400, ...responseInit },
     );
   } else if (error instanceof Error && error.message === "Unauthorized") {
     return NextResponse.json(
       {
         message: "Unauthorized",
       },
-      { status: 401 },
+      { status: 401, ...responseInit },
     );
   } else if (error instanceof Error && error.message === "Not Found") {
     return NextResponse.json(
       {
         message: "Not Found",
       },
-      { status: 404 },
+      { status: 404, ...responseInit },
     );
   } else if (
     error instanceof Error &&
@@ -34,7 +37,7 @@ export default function errorHandler(error: unknown) {
       {
         message: "Bad request",
       },
-      { status: 400 },
+      { status: 400, ...responseInit },
     );
   }
 
@@ -46,6 +49,6 @@ export default function errorHandler(error: unknown) {
     {
       message: "Internal server error",
     },
-    { status: 500 },
+    { status: 500, ...responseInit },
   );
 }
diff --git a/app/src/app/api/confirm-email/route.ts b/app/src/app/api/confirm-email/route.ts
@@ -0,0 +1,81 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { zfd } from "zod-form-data";
+import { authenticateApi } from "../../../lib/auth/authenticateAndAuthorize";
+import { prisma } from "../../../server/db";
+import errorHandler from "../_lib/errorHandler";
+
+const paramsSchema = zfd.formData({
+  token: zfd.text(),
+});
+
+export async function GET(request: NextRequest) {
+  try {
+    /**
+     * Authenticate and authorize the request
+     */
+    const authentication = await authenticateApi();
+    authentication.authorizeApi([
+      {
+        resource: "login",
+        operation: "manage",
+      },
+    ]);
+
+    /**
+     * Validate the request body
+     */
+    const paramsData = paramsSchema.parse(request.nextUrl.searchParams);
+
+    /**
+     * Do the thing
+     */
+    const result = await prisma.emailConfirmationToken.findUnique({
+      where: {
+        userId: authentication.session.user.id,
+        email: authentication.session.user.email!,
+        token: paramsData.token,
+        expires: {
+          gt: new Date(),
+        },
+      },
+    });
+
+    if (!result)
+      return NextResponse.redirect(
+        new URL("/email-confirmation", request.url),
+        {
+          headers: {
+            "Referrer-Policy": "no-referrer",
+          },
+        },
+      );
+
+    await prisma.$transaction([
+      prisma.emailConfirmationToken.deleteMany({
+        where: {
+          userId: authentication.session.user.id,
+        },
+      }),
+      prisma.user.update({
+        where: {
+          id: authentication.session.user.id,
+        },
+        data: {
+          emailVerified: new Date(),
+        },
+      }),
+    ]);
+
+    return NextResponse.redirect(new URL("/clearance", request.url), {
+      headers: {
+        "Referrer-Policy": "no-referrer",
+      },
+    });
+  } catch (error) {
+    return errorHandler(error, {
+      headers: {
+        "Referrer-Policy": "no-referrer",
+      },
+    });
+  }
+}
diff --git a/app/src/app/confirm-email/page.tsx b/app/src/app/confirm-email/page.tsx
diff --git a/app/src/server/auth.ts b/app/src/server/auth.ts
@@ -86,7 +86,7 @@ declare module "next-auth" {
 
 const adapter = PrismaAdapter(prisma);
 
-const maxAge = 60 * 60 * 24 * 7; // 7 days
+const maxAge = 60 * 60 * 24 * 31; // 31 days
 
 /**
  * Options for NextAuth.js used to configure adapters, providers, callbacks, etc.

diff --git a/bruno-collection/App/Confirm email.bru b/bruno-collection/App/Confirm email.bru
@@ -0,0 +1,24 @@
+meta {
+  name: Confirm email
+  type: http
+  seq: 3
+}
+
+get {
+  url: {{appBaseUrl}}/api/confirm-email?token=o2r9212zkru3k4b4kxuvh9sq
+  body: none
+  auth: none
+}
+
+query {
+  token: o2r9212zkru3k4b4kxuvh9sq
+}
+
+headers {
+  Cookie: next-auth.session-token=ef528053-0266-4def-9322-c6982d23f0b6
+}
+
+script:pre-request {
+  req.setMaxRedirects(0);
+
+}
diff --git a/bun-packages/packages/email-function/src/_lib/templates/emailConfirmation.ts b/bun-packages/packages/email-function/src/_lib/templates/emailConfirmation.ts
@@ -76,7 +76,7 @@ const renderTextEmail = (templateProps: EmailConfirmationProps) => {
 Deine E-Mail-Adresse und die Datenschutzerklärung müssen bestätigt werden bevor du ${host} nutzen kannst.
 
 Öffne folgenden Link in deinem Browser um diese zu bestätigen:
-${baseUrl}/confirm-email?token=${token}
+${baseUrl}/api/confirm-email?token=${token}
 
 Falls du diese E-Mail nicht erwartet hast, melde dich bei info@sinister-incorporated.de.
 

diff --git a/bun-packages/packages/emails/emails/EmailConfirmation.tsx b/bun-packages/packages/emails/emails/EmailConfirmation.tsx
@@ -47,15 +47,15 @@ export default function Email({
               Sinister Inc
             </Text>
             <Text className="font-bold">
-              Deine E-Mail-Adresse und die <Link href={`${baseUrl}/confirm-email?token=${token}`} className="text-sinister-red-500">Datenschutzerklärung</Link> müssen bestätigt werden bevor du{" "}
+              Deine E-Mail-Adresse und die <Link href={`${baseUrl}/api/confirm-email?token=${token}`} className="text-sinister-red-500">Datenschutzerklärung</Link> müssen bestätigt werden bevor du{" "}
               <Link href={baseUrl} className="text-sinister-red-500">
                 {host}
               </Link>{" "}
               nutzen kannst.
             </Text>
             <Container className="text-center">
               <Button
-                href={`${baseUrl}/confirm-email?token=${token}`}
+                href={`${baseUrl}/api/confirm-email?token=${token}`}
                 className="rounded uppercase gap-4 text-base font-bold bg-sinister-red-500 text-neutral-50 px-6 py-4"
               >
                 Bestätigen
@@ -65,10 +65,10 @@ export default function Email({
               Falls der Button nicht funktioniert, öffne folgenden Link in
               deinem Browser:{" "}
               <Link
-                href={`${baseUrl}/confirm-email?token=${token}`}
+                href={`${baseUrl}/api/confirm-email?token=${token}`}
                 className="text-sinister-red-500"
               >
-                {baseUrl}/confirm-email?token={token}
+                {baseUrl}/api/confirm-email?token={token}
               </Link>
             </Text>
             <Text>