Login with email

Author: omfj

apps/web/src/app/(default)/auth/logg-inn/_actions/magic-link.ts

@@ -0,0 +1,75 @@
+"use server";
+
+import crypto from "crypto";
+import { eq } from "drizzle-orm";
+
+import { verificationTokens } from "@echo-webkom/db/schemas";
+import { db } from "@echo-webkom/db/serverless";
+import { MagicLinkEmail } from "@echo-webkom/email";
+import { emailClient } from "@echo-webkom/email/client";
+
+import { BASE_URL } from "@/config";
+import { isValidEmail } from "@/utils/string";
+
+type MagicLinkResult = { success: true; message: string } | { success: false; error: string };
+
+export async function sendMagicLink(email: string): Promise<MagicLinkResult> {
+  try {
+    if (!email || !isValidEmail(email)) {
+      return {
+        success: false,
+        error: "Ugyldig e-postadresse",
+      };
+    }
+
+    // Check if user exists with this email or alternative email
+    const existingUser = await db.query.users.findFirst({
+      where: (user, { eq, or }) => or(eq(user.email, email), eq(user.alternativeEmail, email)),
+    });
+
+    if (!existingUser) {
+      return {
+        success: false,
+        error:
+          "Ingen bruker funnet med denne e-postadressen. Du må være medlem av echo for å logge inn.",
+      };
+    }
+
+    // Generate secure token
+    const token = crypto.randomBytes(32).toString("hex");
+    const expires = new Date(Date.now() + 10 * 60 * 1000); // 10 minutes from now
+
+    // Delete any existing tokens for this email
+    await db.delete(verificationTokens).where(eq(verificationTokens.identifier, email));
+
+    // Store the new token
+    await db.insert(verificationTokens).values({
+      identifier: email,
+      token,
+      expires,
+    });
+
+    // Generate magic link URL
+    const magicLinkUrl = `${BASE_URL}/api/auth/magic-link/verify?token=${token}&email=${encodeURIComponent(email)}`;
+
+    // Send email
+    await emailClient.sendEmail(
+      [email],
+      "Logg inn på echo",
+      MagicLinkEmail({
+        magicLinkUrl,
+        firstName: existingUser.name?.split(" ")[0] ?? "der",
+      }),
+    );
+
+    return {
+      success: true,
+      message: "Magic link sendt! Sjekk din e-post for å logge inn.",
+    };
+  } catch {
+    return {
+      success: false,
+      error: "En feil oppstod. Prøv igjen senere.",
+    };
+  }
+}

apps/web/src/app/(default)/auth/logg-inn/_components/sign-in-buttons.tsx

@@ -1,5 +1,6 @@
 "use client";
 
+import { useState } from "react";
 import Image from "next/image";
 import Link from "next/link";
 
@@ -8,8 +9,37 @@ import { Feide } from "@/components/icons/feide";
 import { Heading } from "@/components/typography/heading";
 import { Text } from "@/components/typography/text";
 import { Button } from "@/components/ui/button";
+import { Input } from "@/components/ui/input";
+import { sendMagicLink } from "../_actions/magic-link";
 
 export const SignInButtons = () => {
+  const [email, setEmail] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+  const [message, setMessage] = useState<{ text: string; isError: boolean } | null>(null);
+
+  const handleMagicLinkSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!email) return;
+
+    setIsLoading(true);
+    setMessage(null);
+
+    try {
+      const result = await sendMagicLink(email);
+
+      if (result.success) {
+        setMessage({ text: result.message, isError: false });
+        setEmail("");
+      } else {
+        setMessage({ text: result.error, isError: true });
+      }
+    } catch {
+      setMessage({ text: "En feil oppstod. Prøv igjen senere.", isError: true });
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
   return (
     <div className="border-muted-dark bg-muted mx-auto flex w-full max-w-[380px] flex-col rounded-xl border-2 p-8">
       <Image src={EchoLogo} alt="echo logo" width={100} height={100} className="mx-auto" />
@@ -32,6 +62,29 @@ export const SignInButtons = () => {
         </li>
       </ul>
 
+      <div className="mb-4">
+        <Text size="sm" className="mb-2 font-semibold">
+          Eller logg inn med e-post
+        </Text>
+        <form onSubmit={handleMagicLinkSubmit} className="flex flex-col gap-3">
+          <Input
+            type="email"
+            placeholder="din-epost@example.com"
+            value={email}
+            onChange={(e) => setEmail(e.target.value)}
+            required
+          />
+          <Button type="submit" disabled={!email || isLoading} className="w-full">
+            {isLoading ? "Sender..." : "Send magic link"}
+          </Button>
+          {message && (
+            <Text size="sm" className={message.isError ? "text-red-600" : "text-green-600"}>
+              {message.text}
+            </Text>
+          )}
+        </form>
+      </div>
+
       <Text size="sm" className="text-muted-foreground">
         For å kunne logge inn må du være medlem av echo.{" "}
         <Link className="underline" href="/om/vedtekter#§-2-medlemmer">

apps/web/src/app/api/auth/magic-link/verify/route.ts

@@ -0,0 +1,94 @@
+import { cookies } from "next/headers";
+import { NextResponse, type NextRequest } from "next/server";
+import { addDays } from "date-fns";
+import { and, eq } from "drizzle-orm";
+import { nanoid } from "nanoid";
+
+import { sessions, users, verificationTokens } from "@echo-webkom/db/schemas";
+import { db } from "@echo-webkom/db/serverless";
+
+import { createSessionCookie, SESSION_COOKIE_NAME } from "@/auth/session";
+
+export async function GET(request: NextRequest) {
+  try {
+    const searchParams = request.nextUrl.searchParams;
+    const token = searchParams.get("token");
+    const email = searchParams.get("email");
+
+    if (!token || !email) {
+      return NextResponse.redirect(new URL("/auth/logg-inn?error=invalid-token", request.url));
+    }
+
+    // Find and verify the token
+    const verificationToken = await db.query.verificationTokens.findFirst({
+      where: and(eq(verificationTokens.identifier, email), eq(verificationTokens.token, token)),
+    });
+
+    if (!verificationToken) {
+      return NextResponse.redirect(new URL("/auth/logg-inn?error=invalid-token", request.url));
+    }
+
+    // Check if token has expired
+    if (verificationToken.expires < new Date()) {
+      // Clean up expired token
+      await db
+        .delete(verificationTokens)
+        .where(and(eq(verificationTokens.identifier, email), eq(verificationTokens.token, token)));
+
+      return NextResponse.redirect(new URL("/auth/logg-inn?error=expired-token", request.url));
+    }
+
+    // Find the user
+    const user = await db.query.users.findFirst({
+      where: (user, { eq, or }) => or(eq(user.email, email), eq(user.alternativeEmail, email)),
+    });
+
+    if (!user) {
+      return NextResponse.redirect(new URL("/auth/logg-inn?error=user-not-found", request.url));
+    }
+
+    // Clean up the used token
+    await db
+      .delete(verificationTokens)
+      .where(and(eq(verificationTokens.identifier, email), eq(verificationTokens.token, token)));
+
+    // Update user's last sign in time
+    await db.update(users).set({ lastSignInAt: new Date() }).where(eq(users.id, user.id));
+
+    // Create or find existing session
+    let existingSession = await db.query.sessions.findFirst({
+      where: (row, { eq, and, gt }) => and(eq(row.userId, user.id), gt(row.expires, new Date())),
+    });
+
+    if (!existingSession) {
+      const sessionId = nanoid(40);
+      const expiresAt = addDays(new Date(), 30);
+      await db.insert(sessions).values({
+        sessionToken: sessionId,
+        userId: user.id,
+        expires: expiresAt,
+      });
+      existingSession = {
+        sessionToken: sessionId,
+        expires: expiresAt,
+        userId: user.id,
+      };
+    }
+
+    // Set session cookie
+    const cookieStore = await cookies();
+    const sessionCookie = await createSessionCookie(existingSession.sessionToken);
+
+    cookieStore.set(SESSION_COOKIE_NAME, sessionCookie, {
+      path: "/",
+      expires: existingSession.expires,
+      sameSite: "lax",
+      secure: process.env.NODE_ENV === "production",
+    });
+
+    return NextResponse.redirect(new URL("/", request.url));
+  } catch (error) {
+    console.error("Error verifying magic link:", error);
+    return NextResponse.redirect(new URL("/auth/logg-inn?error=verification-failed", request.url));
+  }
+}

apps/web/src/utils/string.ts

@@ -1,3 +1,5 @@
+import z from "zod";
+
 /**
  * Capitalizes the first letter of a string.
  *
@@ -92,10 +94,28 @@ export const initials = (name: string): string => {
   return `${first![0]}${second![0]}`.toUpperCase();
 };
 
+/**
+ * Truncates a string to a maximum length and adds an ellipsis if it exceeds that length.
+ * If the string is shorter than or equal to the maximum length, it is returned unchanged.
+ *
+ * @param str the string to truncate
+ * @param maxLength the maximum length of the string
+ * @returns the truncated string with an ellipsis if it exceeds the maximum length
+ */
 export const ellipsis = (str: string, maxLength: number) => {
   if (str.length <= maxLength) {
     return str;
   }
 
   return `${str.slice(0, maxLength)}...`;
 };
+
+/**
+ * Checks if a string is a valid email address.
+ *
+ * @param email the string to check
+ * @returns true if the string is a valid email address, false otherwise
+ */
+export const isValidEmail = (email: string): boolean => {
+  return z.string().email().safeParse(email).success;
+};

package.json

@@ -40,4 +40,4 @@
     "turbo": "2.5.8",
     "typescript": "5.6.3"
   }
-}
+}

packages/email/emails/magic-link.tsx

@@ -0,0 +1,75 @@
+import * as React from "react";
+import {
+  Body,
+  Button,
+  Container,
+  Head,
+  Heading,
+  Html,
+  Img,
+  Preview,
+  Section,
+  Tailwind,
+  Text,
+} from "@react-email/components";
+
+type MagicLinkProps = {
+  magicLinkUrl: string;
+  firstName?: string;
+};
+
+export default function MagicLinkEmail({ magicLinkUrl, firstName = "der" }: MagicLinkProps) {
+  return (
+    <Html>
+      <Head />
+      <Preview>Din magic link til å logge inn på echo</Preview>
+      <Tailwind>
+        <Body className="bg-white font-sans">
+          <Container className="mx-auto my-8 w-full max-w-screen-sm border border-solid border-gray-200">
+            <Section className="px-8 py-12 text-center">
+              <Img
+                src="https://cdn.sanity.io/images/pgq2pd26/production/b3eacd94f92e9041f7ece0346f27db0c9e520f60-512x512.png"
+                width="75"
+                height="75"
+                alt="echo"
+                style={{ margin: "auto" }}
+              />
+              <Heading className="text-3xl font-bold">Logg inn på echo</Heading>
+
+              <Text className="text-gray-600">Hei {firstName}!</Text>
+
+              <Text className="text-gray-600">
+                Klikk på knappen under for å logge inn på echo. Denne lenken er gyldig i 10
+                minutter.
+              </Text>
+
+              <Section className="my-8">
+                <Button
+                  className="rounded bg-blue-600 px-6 py-3 text-center text-white no-underline"
+                  href={magicLinkUrl}
+                >
+                  Logg inn
+                </Button>
+              </Section>
+
+              <Text className="text-sm text-gray-500">
+                Hvis du ikke kan klikke på knappen, kan du kopiere og lime inn denne lenken i
+                nettleseren din:
+              </Text>
+
+              <Text className="break-all text-sm text-gray-400">{magicLinkUrl}</Text>
+
+              <Text className="text-sm text-gray-500">
+                Hvis du ikke har bedt om en innloggingslenke, kan du trygt ignorere denne e-posten.
+              </Text>
+
+              <Text className="text-xs text-gray-400">
+                Denne lenken utløper automatisk etter 10 minutter av sikkerhetshensyn.
+              </Text>
+            </Section>
+          </Container>
+        </Body>
+      </Tailwind>
+    </Html>
+  );
+}

packages/email/index.ts

@@ -8,3 +8,4 @@ export { default as AccessGrantedEmail } from "./emails/access-granted";
 export { default as AccessDeniedEmail } from "./emails/access-denied";
 export { default as AccessRequestNotificationEmail } from "./emails/access-request-notification";
 export { default as EmailVerificationEmail } from "./emails/email-verification";
+export { default as MagicLinkEmail } from "./emails/magic-link";