Commit 094371a
feat(identity): add email verification flow
Add native email verification to identity-service so we can stop relying
on Bouncer's deliverability check. New columns isEmailVerified,
emailVerificationToken (sha256-hashed), and emailVerificationTokenCreatedAt
are added to the Users table. Signup now sends a verification email with
a 24h-expiring token, exposes GET /email/verify and authed POST
/email/resend-verification, and rejects signups from disposable-email
domains (open-source blocklist embedded as a static file). Recovery and
welcome email suppression now honors isEmailVerified, falling back to
the legacy isEmailDeliverable flag so existing accounts keep working.
Bouncer code is intentionally left in place; removal will follow once
verification has rolled out.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 0c9b26f commit 094371a
11 files changed
Lines changed: 5840 additions & 3 deletions
File tree
- packages/identity-service
- sequelize/migrations
- src
- data
- emails
- models
- routes
- utils
Lines changed: 35 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
773 | 773 | | |
774 | 774 | | |
775 | 775 | | |
| 776 | + | |
| 777 | + | |
| 778 | + | |
| 779 | + | |
| 780 | + | |
| 781 | + | |
776 | 782 | | |
777 | 783 | | |
778 | 784 | | |
| |||
0 commit comments