Skip to content

Commit

Permalink
Add magic link auth (#225)
Browse files Browse the repository at this point in the history
  • Loading branch information
dcramer authored Oct 8, 2024
1 parent fd91ffa commit ee8ff9f
Show file tree
Hide file tree
Showing 22 changed files with 724 additions and 92 deletions.
76 changes: 76 additions & 0 deletions .cursorrules
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
You are a Senior Frontend Developer and an Expert in React, Next.js, tRPC, TypeScript, TailwindCSS, HTML and CSS. You are thoughtful, give nuanced answers, and are brilliant at reasoning. You carefully provide accurate, factual, thoughtful answers, and are a genius at reasoning.

Follow the user’s requirements carefully & to the letter.

- First think step-by-step - describe your plan for what to build in pseudocode, written out in great detail.
- Confirm, then write code!
- Always write correct, best practice, DRY principle (Dont Repeat Yourself), bug free, fully functional and working code also it should be aligned to listed rules down below at # Code Implementation Guidelines .
- Focus on easy and readability code, over being performant.
- Fully implement all requested functionality.
- Leave NO todo’s, placeholders or missing pieces.
- Ensure code is complete! Verify thoroughly finalised.
- Include all required imports, and ensure proper naming of key components.
- Be concise Minimize any other prose.
- If you think there might not be a correct answer, you say so.
- If you do not know the answer, say so, instead of guessing

**Coding Environment**

The user asks questions about the following coding languages and frameworks:

- React
- Next.js
- Drizzle
- tRPC
- Vitest
- TypeScript
- TailwindCSS
- HTML
- CSS

**Code Implementation Guidelines**

Follow these rules when you write code:

- Use early returns whenever possible to make the code more readable.
- Always use Tailwind classes for styling HTML elements; avoid using CSS or  tags.
- Use “class:” instead of the tertiary operator in class tags whenever possible.
- Use descriptive variable and function/const names. Also, event functions should be named with a “handle” prefix, like “handleClick” for onClick and “handleKeyDown” for onKeyDown.
- Implement accessibility features on elements. For example, a  tag should have a tabindex=“0”, aria-label, on:click, and on:keydown, and similar attributes.
- Usefunctions instead of consts, for example, “function toggle() {}”. Also, define a type if possible.

When you are dealing with authentication code, ensure you are using the correct libraries and following best practices.

For example, when identifying an account during a login flow, if the account cannot be found, we avoid leaking information by throwing a `TRPCError` with a `NOT_FOUND` code, and an `Account not found.` message.

**Test Implementation Guidelines**

Follow these rules when you write tests:

- Use Vitest, do not use Jest.
- When you are testing for errors, use `waitError` to wait for the error to be thrown. For example:

```
import waitError from "@peated/server/lib/test/waitError";

const err = await waitError(
caller.authPasswordResetConfirm({
token,
password: "testpassword",
}),
);
```

- In addition to using `waitError`, utilize snapshots for the resulting error. For example, `expect(err).toMatchInlineSnapshot();`
- Prefer dependency injection over mocking when the called functions make it possible.
- When calling tRPC endpoints that are not expected to error, await on the caller. Do not test the Promise directly. For example:

```
const caller = createCaller();

const data = await caller.authRegister({
username: "foo",
email: "[email protected]",
password: "example",
});
```
3 changes: 2 additions & 1 deletion .vscode/settings.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@
"**/app/**/layout.tsx": "${dirname} - Layout",
"**/component/**/index.tsx": "${dirname} - Component"
},
"scm.showHistoryGraph": false
"scm.showHistoryGraph": false,
"makefile.configureOnOpen": false
}
20 changes: 20 additions & 0 deletions apps/server/src/lib/auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import { random } from "../lib/rand";
import { serialize } from "../serializers";
import { UserSerializer } from "../serializers/user";
import { logError } from "./log";
import { absoluteUrl } from "./urls";

// I love to ESM.
import type { JwtPayload } from "jsonwebtoken";
Expand Down Expand Up @@ -120,3 +121,22 @@ export async function createUser(
if (!user) throw new Error("Unable to create user");
return user;
}

export async function generateMagicLink(user: User, redirectTo = "/") {
const token = {
id: user.id,
email: user.email,
createdAt: new Date().toISOString(),
};

const signedToken = await signPayload(token);
const url = absoluteUrl(
config.URL_PREFIX,
`/auth/magic-link?token=${signedToken}&redirectTo=${encodeURIComponent(redirectTo)}`,
);

return {
token: signedToken,
url,
};
}
76 changes: 56 additions & 20 deletions apps/server/src/lib/email.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import cuid2 from "@paralleldrive/cuid2";
import { Template as MagicLinkEmailTemplate } from "@peated/email/templates/magicLinkEmail";
import { Template as NewCommentTemplate } from "@peated/email/templates/newCommentEmail";
import { Template as PasswordResetEmailTemplate } from "@peated/email/templates/passwordResetEmail";
import { Template as VerifyEmailTemplate } from "@peated/email/templates/verifyEmail";
Expand All @@ -20,7 +21,7 @@ import {
type User,
} from "../db/schema";
import type { EmailVerifySchema, PasswordResetSchema } from "../schemas";
import { signPayload } from "./auth";
import { generateMagicLink, signPayload } from "./auth";
import { logError } from "./log";

let mailTransport: Transporter<SMTPTransport.SentMessageInfo>;
Expand Down Expand Up @@ -127,12 +128,11 @@ export async function notifyComment({
for (const email of emailList) {
try {
await transport.sendMail({
from: `"${config.SMTP_FROM_NAME}" <${config.SMTP_FROM}>`,
...getMailDefaults(),
to: email,
subject: "New Comment on Tasting",
text: `View this comment on Peated: ${commentUrl}\n\n${comment.comment}`,
html,
replyTo: `"${config.SMTP_FROM_NAME}" <${config.SMTP_REPLY_TO || config.SMTP_FROM}>`,
});
} catch (err) {
logError(err);
Expand All @@ -147,6 +147,7 @@ export async function sendVerificationEmail({
user: User;
transport?: Transporter<SMTPTransport.SentMessageInfo>;
}) {
// TODO: error out
if (!hasEmailSupport()) return;

if (!transport) {
Expand All @@ -167,13 +168,12 @@ export async function sendVerificationEmail({

try {
await transport.sendMail({
from: `"${config.SMTP_FROM_NAME}" <${config.SMTP_FROM}>`,
...getMailDefaults(),
to: user.email,
subject: "Account Verification",
// TODO:
text: `Your account requires verification: ${verifyUrl}`,
html,
replyTo: `"${config.SMTP_FROM_NAME}" <${config.SMTP_REPLY_TO || config.SMTP_FROM}>`,
});
} catch (err) {
logError(err);
Expand All @@ -187,6 +187,7 @@ export async function sendPasswordResetEmail({
user: User;
transport?: Transporter<SMTPTransport.SentMessageInfo>;
}) {
// TODO: error out
if (!hasEmailSupport()) return;

if (!transport) {
Expand All @@ -210,20 +211,55 @@ export async function sendPasswordResetEmail({
PasswordResetEmailTemplate({ baseUrl: config.URL_PREFIX, resetUrl }),
);

try {
await transport.sendMail({
from: `"${config.SMTP_FROM_NAME}" <${config.SMTP_FROM}>`,
to: user.email,
subject: "Reset Password",
// TODO:
text: `A password reset was requested for your account.\n\nIf you don't recognize this request, you can ignore this.\n\nTo continue: ${resetUrl}`,
html,
replyTo: `"${config.SMTP_FROM_NAME}" <${config.SMTP_REPLY_TO || config.SMTP_FROM}>`,
headers: {
References: `${cuid2.createId()}@peated.com`,
},
});
} catch (err) {
logError(err);
await transport.sendMail({
...getMailDefaults(),
to: user.email,
subject: "Reset Password",
// TODO:
text: `A password reset was requested for your account.\n\nIf you don't recognize this request, you can ignore this.\n\nTo continue: ${resetUrl}`,
html,
headers: {
References: `${cuid2.createId()}@peated.com`,
},
});
}

export async function sendMagicLinkEmail({
user,
transport = mailTransport,
}: {
user: User;
transport?: Transporter<SMTPTransport.SentMessageInfo>;
}) {
// TODO: error out
if (!hasEmailSupport()) return;

if (!transport) {
if (!mailTransport) mailTransport = createMailTransport();
transport = mailTransport;
}

const magicLink = await generateMagicLink(user);

const html = await render(
MagicLinkEmailTemplate({
baseUrl: config.URL_PREFIX,
magicLinkUrl: magicLink.url,
}),
);

await transport.sendMail({
...getMailDefaults(),
to: user.email,
subject: "Magic Link for Peated",
text: `Click the following link to log in to Peated: ${magicLink.url}`,
html: html,
});
}

function getMailDefaults() {
return {
from: `"${config.SMTP_FROM_NAME}" <${config.SMTP_FROM}>`,
replyTo: `"${config.SMTP_FROM_NAME}" <${config.SMTP_REPLY_TO || config.SMTP_FROM}>`,
};
}
1 change: 1 addition & 0 deletions apps/server/src/schemas/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ export * from "./externalSites";
export * from "./flights";
export * from "./follows";
export * from "./friends";
export * from "./magicLink";
export * from "./notifications";
export * from "./regions";
export * from "./reviews";
Expand Down
10 changes: 10 additions & 0 deletions apps/server/src/schemas/magicLink.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import { z } from "zod";
import { zDatetime } from "./common";

export const MagicLinkSchema = z.object({
id: z.number(),
email: z.string().email(),
createdAt: zDatetime,
});

export type MagicLink = z.infer<typeof MagicLinkSchema>;
4 changes: 4 additions & 0 deletions apps/server/src/trpc/router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import type { Context } from "./context";
import auth from "./routes/auth";
import authBasic from "./routes/authBasic";
import authGoogle from "./routes/authGoogle";
import authMagicLinkConfirm from "./routes/authMagicLinkConfirm";
import authMagicLinkSend from "./routes/authMagicLinkSend";
import authPasswordReset from "./routes/authPasswordReset";
import authPasswordResetConfirm from "./routes/authPasswordResetConfirm";
import authRegister from "./routes/authRegister";
Expand Down Expand Up @@ -118,6 +120,8 @@ export const appRouter = router({
auth,
authBasic,
authGoogle,
authMagicLinkConfirm,
authMagicLinkSend,
authRegister,
authPasswordReset,
authPasswordResetConfirm,
Expand Down
108 changes: 108 additions & 0 deletions apps/server/src/trpc/routes/authMagicLinkConfirm.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
import { createAccessToken, verifyPayload } from "@peated/server/lib/auth";
import waitError from "@peated/server/lib/test/waitError";
import { beforeEach, describe, expect, test, vi } from "vitest";
import { createCaller } from "../router";

// Mock the auth functions
vi.mock("@peated/server/lib/auth", () => ({
createAccessToken: vi.fn(),
verifyPayload: vi.fn(),
}));

describe("authMagicLinkConfirm", () => {
beforeEach(() => {
vi.clearAllMocks();
});

test("confirms magic link for active user", async ({ fixtures }) => {
const user = await fixtures.User({ active: true, verified: false });
const caller = createCaller({ user: null });
const token = "valid-token";

vi.mocked(verifyPayload).mockResolvedValue({
id: user.id,
email: user.email,
createdAt: new Date().toISOString(),
});

vi.mocked(createAccessToken).mockResolvedValue("mocked-access-token");

const result = await caller.authMagicLinkConfirm({ token });

expect(result.user.id).toBe(user.id);
expect(result.user.verified).toBe(true);
expect(result.accessToken).toBe("mocked-access-token");
expect(createAccessToken).toHaveBeenCalledWith(
expect.objectContaining({ id: user.id }),
);
});

test("throws error for invalid token", async ({ fixtures }) => {
const caller = createCaller({ user: null });
const token = "invalid-token";

vi.mocked(verifyPayload).mockRejectedValue(new Error("Invalid token"));

const error = await waitError(caller.authMagicLinkConfirm({ token }));

expect(error).toMatchInlineSnapshot(
`[TRPCError: Invalid magic link token.]`,
);
});

test("throws error for expired token", async ({ fixtures }) => {
const user = await fixtures.User({ active: true });
const caller = createCaller({ user: null });
const token = "expired-token";

const expiredDate = new Date();
expiredDate.setMinutes(expiredDate.getMinutes() - 11); // 11 minutes ago

vi.mocked(verifyPayload).mockResolvedValue({
id: user.id,
email: user.email,
createdAt: expiredDate.toISOString(),
});

const error = await waitError(caller.authMagicLinkConfirm({ token }));

expect(error).toMatchInlineSnapshot(
`[TRPCError: Invalid magic link token.]`,
);
});

test("throws error for inactive user", async ({ fixtures }) => {
const user = await fixtures.User({ active: false });
const caller = createCaller({ user: null });
const token = "valid-token";

vi.mocked(verifyPayload).mockResolvedValue({
id: user.id,
email: user.email,
createdAt: new Date().toISOString(),
});

const error = await waitError(caller.authMagicLinkConfirm({ token }));

expect(error).toMatchInlineSnapshot(
`[TRPCError: Invalid magic link token.]`,
);
});

test("throws error for non-existent user", async ({ fixtures }) => {
const caller = createCaller({ user: null });
const token = "valid-token";

vi.mocked(verifyPayload).mockResolvedValue({
id: "non-existent-id",
email: "[email protected]",
createdAt: new Date().toISOString(),
});

const error = await waitError(caller.authMagicLinkConfirm({ token }));

expect(error).toMatchInlineSnapshot(
`[TRPCError: Invalid magic link token.]`,
);
});
});
Loading

0 comments on commit ee8ff9f

Please sign in to comment.