Email Verification System & Role-Based Access Control #18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduce `migrate` script to handle database migrations - Update configuration to include `DB_NAME` - Modify resource schema - Update user API routes for better clarity and consistency
- Added SUPERADMIN_PASSWORD and SUPERADMIN_EMAIL to the config schema. - Introduced isSuperAdmin field in the user schema. - Replaced resource data with a new structure in the migration file for initial resources. - Updated role definitions in the migration file to include new roles and permissions. - Removed old JSON files for resources and roles as they are now embedded in migration scripts.
- Implement Role-Based Access Control (RBAC) system - Add migration scripts for initial resources, roles, and users - Update user schema to use role identifier instead of ObjectId - Simplify resource types to 'api' and 'client' - Remove unused CRUD endpoints from resource and role APIs - Update authentication flow to include user permissions - Standardize user object structure across auth flows - Update repository follow endpoint path - Remove pagination from resource search
Add email verification system for local authentication strategy: - Add SendGrid integration for sending verification emails - Require email verification before allowing login - Add verification token and expiry fields to User schema - Implement verification endpoints (/verify-email and /resend-verification) - Add rate limiting for verification email requests - Add debug email routes for development environment - Update registration flow to send verification email - Add error handling for verification-related errors BREAKING CHANGE: Local authentication now requires email verification before login
**Refactor Email Verification Process and Update Configuration** - **Update `.gitignore`:** - Added `**/debug/**` to ignore debug directories. - Added `.DS_Store` to ignore macOS system files. - **Configuration Schema (`src/configs/config.schema.js`):** - Removed `SENDGRID_VERIFICATION_TEMPLATE_ID` field. - **User Schema (`src/domains/user/schema.js`):** - Added `verificationEmailSentAt` field to track when the verification email was last sent. - **User Service (`src/domains/user/service.js`):** - Changed verification token expiry from 1 minute to 24 hours. - Updated logic to use `verificationEmailSentAt` for rate limiting resend attempts. - Enhanced logging for debug mode. - **Email Service (`src/libraries/email/emailService.js`):** - Simplified debug mode configuration. - Added `loadTemplate` function to compile HTML email templates. - Refactored `sendVerificationEmail` to use HTML templates instead of SendGrid dynamic templates. - Improved debug email saving with HTML content.
- Add API endpoint to update user roles (/update-role/:id) - Add roleId field to User schema with Role reference - Refactor migrations to use constants for role names - Improve demo user creation with proper password hashing - Remove redundant migration 004 - Update resource logging to use identifiers instead of IDs
- Add proper session saving in login endpoint with explicit save calls - Update user verification flow to set proper role and activation state - Standardize API endpoint naming for user operations - Add verifiedAt timestamp to track when users complete verification - Clean up console logs and improve logging messages - Fix session userId storage to consistently use string format The main changes focus on ensuring sessions are properly saved during login and standardizing how we handle user verification and activation states.
|
foyzulkarim
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR implements email verification functionality for new user registrations and establishes a comprehensive role-based access control (RBAC) system. It also includes cleanup of unused domain modules and improvements to the repository structure.
Key Changes
Email Verification
Role-Based Access Control
Code Cleanup
Security Improvements
Configuration Changes
SENDGRID_API_KEYSENDGRID_FROM_EMAILSUPERADMIN_EMAILSUPERADMIN_PASSWORDDB_NAMETesting
Migration Instructions
npm run migrateto apply database changesNotes
EMAIL_DEBUG=trueRelated client PR
foyzulkarim/commitstreams-client#30