feat: register, change and verify email addresses

[schmanu]

New Endpoints

• register email address for signer
• change email address for signer
• re-send verification code
• verify email address

Other changes

• Some of the new endpoints require params in header fields. Therefore this PR adds header params to the api operations.

Links

• Spec

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}

[usame-algan]

In the API spec, this is of type number

[schmanu]

Headers are always passed as strings, that's why I set the type for headers to always be Record<string ,string> Otherwise we have to map over the values and call toString()

[usame-algan]

So in web-core we would send Date.now().toString() as the header parameter. Will this be handled correctly by the controller in CGW? @fmrsabino

[fmrsabino]

So in web-core we would send Date.now().toString() as the header parameter. Will this be handled correctly by the controller in CGW? @fmrsabino

This is totally fine. We validate if it's a number and do proper conversion 👍
https://github.com/safe-global/safe-client-gateway/blob/d1d59c40226973bb64f481b0656ce61feefef46d/src/routes/email/guards/timestamp.guard.ts#L16-L18

[usame-algan]

Looks good so far!

I suggest to also add a deleteEmail function since we need that on the wallet side as well (API Spec)

For future iterations we will need a way to unsubscribe from notifications too but I would leave it as out-of-scope here.

[fmrsabino]

Since it's mentioned in the other authenticated endpoints. This one also requires a signature: email-retrieval-{chainId}-{safe}-{signer}-{timestamp}

[fmrsabino]

Same as my comment above. Signature would be email-delete-{chainId}-{safe}-{signer}-{timestamp}

[fmrsabino]

What does PostParams represent under the PutEndpoint?

[schmanu]

I did not duplicate the types here as they are identical.
The Params represent what kind of parameters the endpoints accept:
In both cases

• body params
• header params
• query params

[fmrsabino]

Here it should be 201.

[fmrsabino]

Does this only include successful responses? If so then only 202 should be expected. There are client related error codes returned under other conditions though.

[fmrsabino]

FYI: After safe-global/safe-client-gateway#1181 is merged, only 202 will be returned.

[fmrsabino]

This status code is not expected to be returned on this endpoint.

[schmanu]

Currently our types enforce a 200 response code this. We should look into how to make them more flexible.
Probably the success-return type could be expressed through generics instead of using the 200 code return type.

[fmrsabino]

So in web-core we would send Date.now().toString() as the header parameter. Will this be handled correctly by the controller in CGW? @fmrsabino

This is totally fine. We validate if it's a number and do proper conversion 👍
https://github.com/safe-global/safe-client-gateway/blob/d1d59c40226973bb64f481b0656ce61feefef46d/src/routes/email/guards/timestamp.guard.ts#L16-L18