add email verification after account registration

This commit is contained in:
Krrish Ghimire
2026-07-08 22:55:22 +05:45
parent 212785725f
commit 77c4cfc777
26 changed files with 1386 additions and 53 deletions

View File

@@ -2,8 +2,10 @@ package com.krrishg;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.scheduling.annotation.EnableScheduling;
@SpringBootApplication
@EnableScheduling
public class IndieApplication {
public static void main(String[] args) {

View File

@@ -40,5 +40,11 @@ public class SchemaMigration {
} catch (Exception e) {
log.warn("Could not add ssl_email column: {}", e.getMessage());
}
try {
jdbcTemplate.execute("ALTER TABLE users DROP CONSTRAINT IF EXISTS users_provider_check");
log.info("Dropped provider check constraint from users");
} catch (Exception e) {
log.warn("Could not drop provider check constraint: {}", e.getMessage());
}
}
}

View File

@@ -4,6 +4,11 @@ import com.krrishg.dto.AuthResponse;
import com.krrishg.dto.LoginRequest;
import com.krrishg.dto.RefreshTokenRequest;
import com.krrishg.dto.RegisterRequest;
import com.krrishg.dto.RegistrationResponse;
import com.krrishg.dto.ResendVerificationRequest;
import com.krrishg.dto.SetPasswordRequest;
import com.krrishg.dto.VerifyEmailRequest;
import com.krrishg.dto.VerifyEmailResponse;
import com.krrishg.service.AuthService;
import jakarta.validation.Valid;
import org.springframework.http.HttpStatus;
@@ -24,8 +29,8 @@ public class AuthController {
}
@PostMapping("/register")
public ResponseEntity<AuthResponse> register(@Valid @RequestBody RegisterRequest request) {
AuthResponse response = authService.register(request);
public ResponseEntity<RegistrationResponse> register(@Valid @RequestBody RegisterRequest request) {
RegistrationResponse response = authService.register(request);
return ResponseEntity.status(HttpStatus.CREATED).body(response);
}
@@ -45,4 +50,22 @@ public class AuthController {
public ResponseEntity<Void> logout() {
return ResponseEntity.noContent().build();
}
@PostMapping("/verify-email")
public ResponseEntity<VerifyEmailResponse> verifyEmail(@Valid @RequestBody VerifyEmailRequest request) {
VerifyEmailResponse response = authService.verifyEmail(request);
return ResponseEntity.ok(response);
}
@PostMapping("/resend-verification")
public ResponseEntity<RegistrationResponse> resendVerification(@Valid @RequestBody ResendVerificationRequest request) {
RegistrationResponse response = authService.resendVerification(request);
return ResponseEntity.ok(response);
}
@PostMapping("/set-password")
public ResponseEntity<Void> setPassword(@Valid @RequestBody SetPasswordRequest request) {
authService.setPassword(request);
return ResponseEntity.ok().build();
}
}

View File

@@ -0,0 +1,14 @@
package com.krrishg.dto;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class RegistrationResponse {
private String message;
}

View File

@@ -0,0 +1,16 @@
package com.krrishg.dto;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
public class ResendVerificationRequest {
@NotBlank
@Email
private String email;
}

View File

@@ -0,0 +1,19 @@
package com.krrishg.dto;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
public class SetPasswordRequest {
@NotBlank
private String setupToken;
@NotBlank
@Size(min = 8, max = 100)
private String password;
}

View File

@@ -0,0 +1,14 @@
package com.krrishg.dto;
import jakarta.validation.constraints.NotBlank;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
public class VerifyEmailRequest {
@NotBlank
private String token;
}

View File

@@ -0,0 +1,15 @@
package com.krrishg.dto;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class VerifyEmailResponse {
private String message;
private String setupToken;
}

View File

@@ -39,6 +39,14 @@ public class User {
@Builder.Default
private boolean emailVerified = false;
@Enumerated(EnumType.STRING)
@Column(name = "provider", nullable = false)
@Builder.Default
private AuthProvider provider = AuthProvider.LOCAL;
@Column(name = "provider_id")
private String providerId;
@Convert(converter = MapToJsonConverter.class)
@Column(name = "llm_api_keys", columnDefinition = "TEXT")
private Map<String, String> llmApiKeys;
@@ -58,7 +66,7 @@ public class User {
private LocalDateTime updatedAt;
@PrePersist
void onCreate() {
public void onCreate() {
if (id == null) {
id = UUID.randomUUID();
}

View File

@@ -0,0 +1,58 @@
package com.krrishg.model;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.Id;
import jakarta.persistence.PrePersist;
import jakarta.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.time.LocalDateTime;
import java.util.UUID;
@Entity
@Table(name = "verification_tokens")
@Data
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class VerificationToken {
@Id
@Column(name = "id")
private UUID id;
@Column(name = "user_id", nullable = false)
private UUID userId;
@Column(name = "token", nullable = false, unique = true)
private String token;
@Column(name = "setup_token")
private String setupToken;
@Column(name = "setup_token_used")
@Builder.Default
private boolean setupTokenUsed = false;
@Column(name = "expiry_date", nullable = false)
private LocalDateTime expiryDate;
@Column(name = "used")
@Builder.Default
private boolean used = false;
@Column(name = "created_at", nullable = false, updatable = false)
private LocalDateTime createdAt;
@PrePersist
public void onCreate() {
if (id == null) {
id = UUID.randomUUID();
}
createdAt = LocalDateTime.now();
}
}

View File

@@ -0,0 +1,20 @@
package com.krrishg.repository;
import com.krrishg.model.VerificationToken;
import org.springframework.data.jpa.repository.JpaRepository;
import java.time.LocalDateTime;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
public interface VerificationTokenRepository extends JpaRepository<VerificationToken, UUID> {
Optional<VerificationToken> findByToken(String token);
Optional<VerificationToken> findBySetupToken(String setupToken);
void deleteByUserId(UUID userId);
List<VerificationToken> findByUsedFalseAndExpiryDateBefore(LocalDateTime now);
}

View File

@@ -4,31 +4,67 @@ import com.krrishg.config.TokenService;
import com.krrishg.dto.AuthResponse;
import com.krrishg.dto.LoginRequest;
import com.krrishg.dto.RefreshTokenRequest;
import com.krrishg.dto.RegistrationResponse;
import com.krrishg.dto.RegisterRequest;
import com.krrishg.dto.ResendVerificationRequest;
import com.krrishg.dto.SetPasswordRequest;
import com.krrishg.dto.VerifyEmailRequest;
import com.krrishg.dto.VerifyEmailResponse;
import com.krrishg.model.User;
import com.krrishg.model.VerificationToken;
import com.krrishg.repository.UserRepository;
import com.krrishg.repository.VerificationTokenRepository;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.time.LocalDateTime;
import java.util.Optional;
import java.util.UUID;
@Service
@RequiredArgsConstructor
public class AuthService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final TokenService jwtConfig;
private final VerificationTokenRepository verificationTokenRepository;
private final EmailService emailService;
private final int tokenExpirationMinutes;
public AuthService(UserRepository userRepository,
PasswordEncoder passwordEncoder,
TokenService jwtConfig,
VerificationTokenRepository verificationTokenRepository,
EmailService emailService,
@Value("${indie.app.verification-token-expiration-minutes}") int tokenExpirationMinutes) {
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
this.jwtConfig = jwtConfig;
this.verificationTokenRepository = verificationTokenRepository;
this.emailService = emailService;
this.tokenExpirationMinutes = tokenExpirationMinutes;
}
@Transactional
public AuthResponse register(RegisterRequest request) {
public RegistrationResponse register(RegisterRequest request) {
String email = request.getEmail().toLowerCase().strip();
if (userRepository.existsByEmail(email)) {
throw new IllegalArgumentException("Email already registered");
Optional<User> existingUser = userRepository.findByEmail(email);
if (existingUser.isPresent()) {
if (existingUser.get().isEmailVerified()) {
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
User user = existingUser.get();
verificationTokenRepository.deleteByUserId(user.getId());
VerificationToken token = createVerificationToken(user.getId());
verificationTokenRepository.save(token);
emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken());
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
User user = User.builder()
@@ -39,7 +75,12 @@ public class AuthService {
.build();
user = userRepository.save(user);
return generateAuthResponse(user);
VerificationToken token = createVerificationToken(user.getId());
verificationTokenRepository.save(token);
emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken());
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
public AuthResponse login(LoginRequest request) {
@@ -51,9 +92,95 @@ public class AuthService {
throw new IllegalArgumentException("Invalid email or password");
}
if (!user.isEmailVerified()) {
throw new IllegalArgumentException("Please verify your email address before logging in");
}
return generateAuthResponse(user);
}
@Transactional
public VerifyEmailResponse verifyEmail(VerifyEmailRequest request) {
VerificationToken token = verificationTokenRepository.findByToken(request.getToken())
.orElseThrow(() -> new IllegalArgumentException("Invalid verification token"));
if (token.isUsed()) {
throw new IllegalArgumentException("Verification token has already been used");
}
if (token.getExpiryDate().isBefore(LocalDateTime.now())) {
throw new IllegalArgumentException("Verification token has expired");
}
User user = userRepository.findById(token.getUserId())
.orElseThrow(() -> new IllegalArgumentException("User not found"));
user.setEmailVerified(true);
userRepository.save(user);
token.setUsed(true);
String setupToken = UUID.randomUUID().toString();
token.setSetupToken(setupToken);
token.setSetupTokenUsed(false);
verificationTokenRepository.save(token);
return VerifyEmailResponse.builder()
.message("Email verified successfully")
.setupToken(setupToken)
.build();
}
@Transactional
public RegistrationResponse resendVerification(ResendVerificationRequest request) {
String email = request.getEmail().toLowerCase().strip();
Optional<User> existingUser = userRepository.findByEmail(email);
if (existingUser.isEmpty()) {
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
User user = existingUser.get();
if (user.isEmailVerified()) {
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
verificationTokenRepository.deleteByUserId(user.getId());
VerificationToken token = createVerificationToken(user.getId());
verificationTokenRepository.save(token);
emailService.sendVerificationEmail(user.getEmail(), user.getName(), token.getToken());
return new RegistrationResponse("If this email is available, a verification link has been sent.");
}
@Transactional
public void setPassword(SetPasswordRequest request) {
VerificationToken token = verificationTokenRepository.findBySetupToken(request.getSetupToken())
.orElseThrow(() -> new IllegalArgumentException("Invalid setup token"));
if (!token.isUsed()) {
throw new IllegalArgumentException("Email must be verified first");
}
if (token.isSetupTokenUsed()) {
throw new IllegalArgumentException("Setup token has already been used");
}
if (token.getExpiryDate().isBefore(LocalDateTime.now())) {
throw new IllegalArgumentException("Setup token has expired");
}
User user = userRepository.findById(token.getUserId())
.orElseThrow(() -> new IllegalArgumentException("User not found"));
user.setPassword(passwordEncoder.encode(request.getPassword()));
userRepository.save(user);
token.setSetupTokenUsed(true);
verificationTokenRepository.save(token);
}
public AuthResponse refreshToken(RefreshTokenRequest request) {
try {
Claims claims = jwtConfig.validateToken(request.getRefreshToken());
@@ -68,6 +195,15 @@ public class AuthService {
}
}
private VerificationToken createVerificationToken(UUID userId) {
return VerificationToken.builder()
.userId(userId)
.token(UUID.randomUUID().toString())
.expiryDate(LocalDateTime.now().plusMinutes(tokenExpirationMinutes))
.used(false)
.build();
}
private AuthResponse generateAuthResponse(User user) {
String accessToken = jwtConfig.generateAccessToken(user);
String refreshToken = jwtConfig.generateRefreshToken(user);

View File

@@ -0,0 +1,56 @@
package com.krrishg.service;
import com.krrishg.model.VerificationToken;
import com.krrishg.repository.UserRepository;
import com.krrishg.repository.VerificationTokenRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.time.LocalDateTime;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
@Service
public class CleanupService {
private static final Logger log = LoggerFactory.getLogger(CleanupService.class);
private final UserRepository userRepository;
private final VerificationTokenRepository verificationTokenRepository;
public CleanupService(UserRepository userRepository,
VerificationTokenRepository verificationTokenRepository) {
this.userRepository = userRepository;
this.verificationTokenRepository = verificationTokenRepository;
}
@Scheduled(cron = "0 0 */6 * * ?")
@Transactional
public void cleanupStaleUnverifiedAccounts() {
LocalDateTime cutoff = LocalDateTime.now().minusHours(24);
List<VerificationToken> staleTokens = verificationTokenRepository
.findByUsedFalseAndExpiryDateBefore(cutoff);
if (staleTokens.isEmpty()) {
return;
}
List<UUID> userIds = staleTokens.stream()
.map(VerificationToken::getUserId)
.collect(Collectors.toList());
for (UUID userId : userIds) {
userRepository.findById(userId).ifPresent(user -> {
if (!user.isEmailVerified()) {
userRepository.delete(user);
verificationTokenRepository.deleteByUserId(userId);
log.info("Cleaned up unverified account: {} ({})", user.getEmail(), userId);
}
});
}
}
}

View File

@@ -0,0 +1,80 @@
package com.krrishg.service;
import jakarta.mail.MessagingException;
import jakarta.mail.internet.MimeMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.stereotype.Service;
@Service
public class EmailService {
private static final Logger log = LoggerFactory.getLogger(EmailService.class);
private final JavaMailSender mailSender;
private final String baseUrl;
public EmailService(JavaMailSender mailSender,
@Value("${indie.app.base-url}") String baseUrl) {
this.mailSender = mailSender;
this.baseUrl = baseUrl;
}
public void sendVerificationEmail(String to, String name, String token) {
String link = baseUrl + "/verify-email?token=" + token;
String subject = "Verify your Indie account";
String html = """
<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 0; background-color: #f9fafb;">
<table width="100%%" cellpadding="0" cellspacing="0" style="padding: 40px 20px;">
<tr><td align="center">
<table width="480" cellpadding="0" cellspacing="0" style="background: #ffffff; border-radius: 12px; overflow: hidden; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
<tr><td style="padding: 40px 32px 24px; text-align: center;">
<h1 style="margin: 0; font-size: 32px; color: #4f46e5;">Indie</h1>
</td></tr>
<tr><td style="padding: 0 32px 16px;">
<p style="margin: 0 0 8px; font-size: 16px; color: #374151;">Hi %s,</p>
<p style="margin: 0 0 24px; font-size: 16px; color: #374151; line-height: 1.5;">
Someone created an account with this email address. If this was you, click the button below to verify your email and set your password.
</p>
<table cellpadding="0" cellspacing="0" style="margin: 0 auto 24px;">
<tr><td align="center" style="background: #4f46e5; border-radius: 8px; padding: 12px 32px;">
<a href="%s" style="color: #ffffff; font-size: 16px; font-weight: 600; text-decoration: none; display: inline-block;">Verify Email Address</a>
</td></tr>
</table>
<p style="margin: 0 0 8px; font-size: 14px; color: #9ca3af;">This link expires in 24 hours.</p>
<p style="margin: 0; font-size: 14px; color: #9ca3af;">If you didn't create this account, you can safely ignore this email.</p>
</td></tr>
<tr><td style="padding: 24px 32px; background: #f9fafb; border-top: 1px solid #e5e7eb;">
<p style="margin: 0; font-size: 12px; color: #9ca3af; text-align: center;">Indie Platform</p>
</td></tr>
</table>
</td></tr>
</table>
</body>
</html>
""".formatted(name, link);
sendHtml(to, subject, html);
}
private void sendHtml(String to, String subject, String html) {
try {
MimeMessage message = mailSender.createMimeMessage();
MimeMessageHelper helper = new MimeMessageHelper(message, true, "UTF-8");
helper.setTo(to);
helper.setSubject(subject);
helper.setText(html, true);
mailSender.send(message);
log.info("Verification email sent to {}", to);
} catch (MessagingException e) {
log.error("Failed to send verification email to {}", to, e);
throw new RuntimeException("Failed to send verification email", e);
}
}
}