We need to implement an "Email Verification" feature that ensures users verify their email addresses before they can log in. This feature should send a verification email to the user's registered email address with a verification link. We will use Nodemailer to set up an SMTP server for sending the emails.
Tasks:
Update Registration Process:
[ ] Modify the registration endpoint to create a new user with an unverified status.
[ ] Generate a secure verification token and save it to the database with an expiration time.
Setup Nodemailer:
[ ] Install Nodemailer: npm install nodemailer
[ ] Configure Nodemailer with SMTP settings (e.g., using Gmail, Mailgun, or any other SMTP service).
Send Verification Email:
[ ] Create an email template for the verification email.
[ ] Use Nodemailer to send the email with the verification link, including the secure token in the link.
Create Verification API Endpoint:
[ ] Create an API endpoint /api/auth/verify-email to handle email verification requests.
[ ] Validate the token and ensure it has not expired.
[ ] Update the user's status to verified if the token is valid.
Update Login Process:
[ ] Modify the login endpoint to check if the user's email is verified.
[ ] Prevent login if the email is not verified and return an appropriate error message.
Security Considerations:
[ ] Ensure the token is securely generated and stored.
[ ] Implement rate limiting on the verification endpoint to prevent abuse.
[ ] Ensure the verification link expires after a certain period (e.g., 24 hours).
Additional Information:
SMTP Server Configuration:
Example configuration for Nodemailer:
const nodemailer = require('nodemailer');
let transporter = nodemailer.createTransport({
host: 'smtp.example.com',
port: 587,
secure: false, // true for 465, false for other ports
auth: {
user: 'your-email@example.com', // generated ethereal user
pass: 'your-email-password', // generated ethereal password
},
});
let mailOptions = {
from: '"Your App Name" your-email@example.com', // sender address
to: 'user@example.com', // list of receivers
subject: 'Email Verification', // Subject line
text: 'Please click the link below to verify your email address.', // plain text body
html: 'Please click the link below to verify your email address:', // html body
};
Description:
We need to implement an "Email Verification" feature that ensures users verify their email addresses before they can log in. This feature should send a verification email to the user's registered email address with a verification link. We will use Nodemailer to set up an SMTP server for sending the emails.
Tasks:
Update Registration Process:
Setup Nodemailer:
npm install nodemailer
Send Verification Email:
Create Verification API Endpoint:
/api/auth/verify-email
to handle email verification requests.Update Login Process:
Security Considerations:
Additional Information:
SMTP Server Configuration:
let transporter = nodemailer.createTransport({ host: 'smtp.example.com', port: 587, secure: false, // true for 465, false for other ports auth: { user: 'your-email@example.com', // generated ethereal user pass: 'your-email-password', // generated ethereal password }, });
let mailOptions = { from: '"Your App Name" your-email@example.com', // sender address to: 'user@example.com', // list of receivers subject: 'Email Verification', // Subject line text: 'Please click the link below to verify your email address.', // plain text body html: 'Please click the link below to verify your email address:', // html body };
transporter.sendMail(mailOptions, (error, info) => { if (error) { return console.log(error); } console.log('Message sent: %s', info.messageId); console.log('Preview URL: %s', nodemailer.getTestMessageUrl(info)); });
Expiration Handling:
References:
Labels:
Please review the tasks and provide any feedback or additional requirements. Once approved, we can start working on this feature.