send verify mail to user and handle db logic

backend/src/modules/auth-module/auth.module.ts

@@ -10,7 +10,6 @@ import { VerifyModule } from '../verify-module/verify.module';
 import { AuthController } from './controller/auth.controller';
 import { UserCredentialsRepository } from './repositories/user-credentials.repository';
 import { AuthService } from './services/auth.service';
-import { EncryptionService } from './services/encryption.service';
 import { TokenManagementService } from './services/token-management.service';
 import { AccessTokenStrategy, RefreshTokenStrategy } from './strategies';
 
@@ -25,7 +24,6 @@ import { AccessTokenStrategy, RefreshTokenStrategy } from './strategies';
   providers: [
     AuthService,
     TokenManagementService,
-    EncryptionService,
     UserCredentialsRepository,
     AccessTokenStrategy,
     RefreshTokenStrategy,

backend/src/modules/auth-module/common/decorators/index.ts

@@ -1,3 +1,2 @@
 export * from './get-user-id.decorator';
 export * from './get-user.decorator';
-export * from './public.decorator';

backend/src/modules/auth-module/controller/auth.controller.ts

@@ -7,8 +7,9 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import { ApiCreatedResponse, ApiHeader, ApiTags } from '@nestjs/swagger';
+import { Public } from 'src/shared/decorator';
 
-import { GetCurrentUser, GetCurrentUserId, Public } from '../common/decorators';
+import { GetCurrentUser, GetCurrentUserId } from '../common/decorators';
 import { RefreshTokenGuard } from '../common/guards';
 import { TokensDto, UserCredentialsDto } from '../models/dto';
 import { AuthService } from '../services/auth.service';

backend/src/modules/auth-module/services/auth.service.ts

@@ -1,4 +1,5 @@
 import { ForbiddenException, Injectable } from '@nestjs/common';
+import { EncryptionService } from 'src/shared';
 
 import { PasswordConfirmationMailService } from '../../sendgrid-module/services/password-confirmation.mail.service';
 import { UserDataRepository } from '../../user-module/repositories/user-data.repository';
@@ -6,7 +7,6 @@ import { EmailVerificationService } from '../../verify-module/services/email-ver
 import { TokensDto, UserCredentialsDto } from '../models/dto';
 import { UserCredentialsRepository } from '../repositories/user-credentials.repository';
 
-import { EncryptionService } from './encryption.service';
 import { TokenManagementService } from './token-management.service';
 
 @Injectable()
@@ -15,15 +15,15 @@ export class AuthService {
     private readonly userCredentialsRepository: UserCredentialsRepository,
     private readonly userDataRepository: UserDataRepository,
     private readonly tokenManagementService: TokenManagementService,
-    private readonly encryptionService: EncryptionService,
     private readonly passwordConfirmationMailService: PasswordConfirmationMailService,
     private readonly emailVerificationService: EmailVerificationService
   ) {}
 
   public async signup(userCredentials: UserCredentialsDto): Promise<TokensDto> {
-    const passwordHashed = await this.encryptionService.hashData(
+    const passwordHashed = await EncryptionService.hashData(
       userCredentials.password
     );
+
     const user = await this.userCredentialsRepository.createUser(
       userCredentials.email,
       passwordHashed
@@ -53,7 +53,7 @@ export class AuthService {
       throw new ForbiddenException('Access Denied');
     }
 
-    const passwordMatch = await this.encryptionService.compareHash(
+    const passwordMatch = await EncryptionService.compareHash(
       userCredentials.password,
       user.hash
     );
@@ -75,7 +75,7 @@ export class AuthService {
       throw new ForbiddenException('Access Denied');
     }
 
-    const refreshTokenMatch = await this.encryptionService.compareHash(
+    const refreshTokenMatch = await EncryptionService.compareHash(
       refreshToken,
       user.hashedRt
     );
@@ -104,7 +104,7 @@ export class AuthService {
       userId,
       email
     );
-    const hashedRefreshToken = await this.encryptionService.hashData(
+    const hashedRefreshToken = await EncryptionService.hashData(
       tokens.refresh_token
     );
 

backend/src/modules/sendgrid-module/services/password-confirmation.mail.service.ts

@@ -1,5 +1,7 @@
 import { Inject, Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
 import * as SendGridMailApi from '@sendgrid/mail';
+import { UriEncoderService } from 'src/shared';
 
 import { BaseMailService } from './base.mail.service';
 import { TemplateConfigService } from './template-config.service';
@@ -11,20 +13,21 @@ export class PasswordConfirmationMailService extends BaseMailService {
 
   public constructor(
     @Inject('SEND_GRID_API_KEY') protected readonly sendGridApiKey: string,
-    private readonly templateConfigService: TemplateConfigService
+    private readonly templateConfigService: TemplateConfigService,
+    private readonly configService: ConfigService
   ) {
     super(sendGridApiKey);
   }
 
   public async sendPasswordConfirmationMail(
     to: string,
-    token: string
+    verificationToken: string
   ): Promise<void> {
     const templateId: string = this.templateConfigService.getTemplateId(
       this.PASSWORD_CONFIRMATION_EMAIL
     );
 
-    const encodedToken = encodeURIComponent(token);
+    const token = `${verificationToken}|${UriEncoderService.encodeBase64(to)}`;
 
     const mailoptions: SendGridMailApi.MailDataRequired = {
       to,
@@ -32,7 +35,7 @@ export class PasswordConfirmationMailService extends BaseMailService {
       templateId: templateId,
       dynamicTemplateData: {
         name: 'Mara',
-        buttonUrl: `http://localhost:4200/?token=${encodedToken}`,
+        buttonUrl: `${this.configService.get<string>('APP_URL')}/verify/?token=${token}`,
       },
     };
 

backend/src/modules/user-module/repositories/user-data.repository.ts

@@ -20,4 +20,11 @@ export class UserDataRepository {
 
     return this.repository.save(userData);
   }
+
+  public async updateEmailVerificationStatus(userId: string): Promise<void> {
+    await this.repository.update(
+      { user: { id: userId } },
+      { isEmailConfirmed: true }
+    );
+  }
 }

backend/src/modules/verify-module/controller/verify.controller.ts

@@ -0,0 +1,26 @@
+import { Controller, Get, HttpCode, HttpStatus, Query } from '@nestjs/common';
+import { ApiCreatedResponse, ApiTags } from '@nestjs/swagger';
+import { Public } from 'src/shared/decorator';
+
+import { EmailVerificationService } from '../services/email-verification.service';
+
+@ApiTags('Verify')
+@Controller('verify')
+export class VerifyController {
+  public constructor(
+    private readonly emailVerificationService: EmailVerificationService
+  ) {}
+
+  @ApiCreatedResponse({
+    description: 'Email verified successfully',
+    type: Boolean,
+  })
+  @Public()
+  @Get()
+  @HttpCode(HttpStatus.OK)
+  public async verifyEmail(
+    @Query('token') tokenToVerify: string
+  ): Promise<boolean> {
+    return this.emailVerificationService.verifyEmail(tokenToVerify);
+  }
+}

backend/src/modules/verify-module/repositories/email-verify.repository.ts

@@ -1,7 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { EmailVerification } from 'src/entities';
-import { Repository } from 'typeorm';
+import { MoreThan, Repository } from 'typeorm';
 
 @Injectable()
 export class EmailVerifyRepository {
@@ -21,4 +21,28 @@ export class EmailVerifyRepository {
       user: { id: userId },
     });
   }
+
+  public async findEmailVerificationByToken(token: string): Promise<boolean> {
+    const result = await this.repository.findOne({
+      where: { token, expiresAt: MoreThan(new Date()) },
+    });
+
+    return result !== null;
+  }
+
+  public async deleteEmailVerificationByToken(
+    tokenToDelete: string
+  ): Promise<EmailVerification | null> {
+    const emailVerification = await this.repository.findOne({
+      where: { token: tokenToDelete },
+      relations: ['user'],
+    });
+
+    if (emailVerification) {
+      await this.repository.delete({ token: tokenToDelete });
+      return emailVerification;
+    }
+
+    return null;
+  }
 }

backend/src/modules/verify-module/services/email-verification.service.ts

@@ -1,27 +1,69 @@
 import { randomBytes } from 'crypto';
 
 import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { EmailVerification } from 'src/entities';
+import { UriEncoderService } from 'src/shared';
 
+import { UserDataRepository } from '../../user-module/repositories/user-data.repository';
 import { EmailVerifyRepository } from '../repositories';
 
 @Injectable()
 export class EmailVerificationService {
   public constructor(
-    private readonly emailVerifyRepository: EmailVerifyRepository
+    private readonly emailVerifyRepository: EmailVerifyRepository,
+    private readonly userDataRepository: UserDataRepository,
+    private readonly configService: ConfigService
   ) {}
 
   public async generateEmailVerificationToken(userId: string): Promise<string> {
-    const token = randomBytes(32).toString('hex');
+    const verificationToken = await this.createVerificationToken();
 
     // TODO Check users local time zone and set expiration time accordingly
     const expiration = new Date(Date.now() + 24 * 60 * 60 * 1000);
 
     this.emailVerifyRepository.createEmailVerification(
-      token,
+      verificationToken,
       expiration,
       userId
     );
 
-    return token;
+    return verificationToken;
+  }
+
+  public async verifyEmail(tokenToVerify: string): Promise<boolean> {
+    const isTokenVerified =
+      await this.emailVerifyRepository.findEmailVerificationByToken(
+        tokenToVerify
+      );
+
+    if (isTokenVerified) {
+      const emailVerification =
+        await this.deleteEmailVerificationToken(tokenToVerify);
+
+      if (emailVerification && emailVerification.user) {
+        await this.userDataRepository.updateEmailVerificationStatus(
+          emailVerification.user.id
+        );
+        return true;
+      } else {
+        return false;
+      }
+    }
+    return false;
+  }
+
+  private async createVerificationToken(): Promise<string> {
+    const verifyToken = randomBytes(32).toString('hex');
+
+    return UriEncoderService.encodeUri(verifyToken);
+  }
+
+  private async deleteEmailVerificationToken(
+    tokenToDelete: string
+  ): Promise<EmailVerification | null> {
+    return await this.emailVerifyRepository.deleteEmailVerificationByToken(
+      tokenToDelete
+    );
   }
 }

backend/src/modules/verify-module/verify.module.ts

@@ -3,13 +3,20 @@ import { ConfigModule } from '@nestjs/config';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { EmailVerification } from 'src/entities';
 
+import { UserModule } from '../user-module/user.module';
+
+import { VerifyController } from './controller/verify.controller';
 import { EmailVerifyRepository } from './repositories';
 import { EmailVerificationService } from './services/email-verification.service';
 
 @Module({
-  imports: [ConfigModule, TypeOrmModule.forFeature([EmailVerification])],
+  imports: [
+    ConfigModule,
+    UserModule,
+    TypeOrmModule.forFeature([EmailVerification]),
+  ],
   providers: [EmailVerifyRepository, EmailVerificationService],
-  controllers: [],
+  controllers: [VerifyController],
   exports: [EmailVerificationService],
 })
 export class VerifyModule {}

backend/src/shared/decorator/index.ts

@@ -0,0 +1 @@
+export * from './public.decorator';

backend/src/shared/index.ts

@@ -0,0 +1,2 @@
+export * from './utils/index';
+export * from './decorator/index';

backend/src/shared/utils/encryption.service.ts

@@ -1,21 +1,22 @@
-import { Injectable } from '@nestjs/common';
 import * as argon2 from 'argon2';
 import { Options } from 'argon2';
 
-@Injectable()
 export class EncryptionService {
-  private hashOptions: Options = {
+  private static hashOptions: Options = {
     type: argon2.argon2id,
     memoryCost: 2 ** 16,
     timeCost: 3,
     parallelism: 1,
   };
 
-  public async hashData(data: string): Promise<string> {
+  public static async hashData(data: string): Promise<string> {
     return await argon2.hash(data, this.hashOptions);
   }
 
-  public async compareHash(data: string, encrypted: string): Promise<boolean> {
+  public static async compareHash(
+    data: string,
+    encrypted: string
+  ): Promise<boolean> {
     return await argon2.verify(encrypted, data);
   }
 }

backend/src/shared/utils/index.ts

@@ -0,0 +1,2 @@
+export * from './uri-encoder.service';
+export * from './encryption.service';

backend/src/shared/utils/uri-encoder.service.ts

@@ -0,0 +1,13 @@
+export class UriEncoderService {
+  public static encodeUri(uri: string): string {
+    return encodeURIComponent(uri);
+  }
+
+  public static decodeUri(uri: string): string {
+    return decodeURIComponent(uri);
+  }
+
+  public static encodeBase64(uri: string): string {
+    return btoa(UriEncoderService.encodeUri(uri));
+  }
+}

frontend/src/app/app.routes.ts

@@ -9,4 +9,11 @@ export const routes: Routes = [
         (m) => m.RegisterRootComponent
       ),
   },
+  {
+    path: 'verify',
+    loadComponent: () =>
+      import('./pages/email-verify-root/email-verify-root.component').then(
+        (m) => m.EmailVerifyRootComponent
+      ),
+  },
 ];

frontend/src/app/pages/email-verify-root/email-verify-root.component.html

@@ -0,0 +1,16 @@
+<div id="background">
+  <div class="wrapper">
+    <div class="content">
+      @if (showRedirectMessage()) {
+        <h1>Es geht gleich los!</h1>
+        <h2>
+          Danke für das bestätigen der E-Mail - Wir leiten dich zum Login
+          weiter!
+        </h2>
+      } @else {
+        <h1>Oops, da ist etwas schief gelaufen!</h1>
+        <h2>Der Link ist nicht mehr gültig</h2>
+      }
+    </div>
+  </div>
+</div>

frontend/src/app/pages/email-verify-root/email-verify-root.component.scss

@@ -0,0 +1,28 @@
+#background {
+  display: flex;
+  height: 100%;
+}
+
+.wrapper {
+  flex: 1;
+  background-color: lightsalmon;
+  display: flex;
+
+  .content{
+    flex-direction: column;
+    display: flex;
+    align-items: flex-start;
+    justify-content: center;
+    h1 {
+      font-size: 4rem;
+      margin-left: 3rem;
+      line-height: 1rem;
+    }
+    h2 {
+      margin-left: 3rem;
+    }
+    p {
+      margin-left: 3rem;
+    }
+  }
+}

frontend/src/app/pages/email-verify-root/email-verify-root.component.ts

@@ -0,0 +1,60 @@
+import {
+  ChangeDetectionStrategy,
+  Component,
+  InputSignal,
+  OnInit,
+  WritableSignal,
+  input,
+  signal,
+} from '@angular/core';
+import { Router } from '@angular/router';
+
+import { delay, filter, tap } from 'rxjs';
+
+import { VerifyApiService } from '../../api';
+
+@Component({
+  selector: 'app-email-verify-root',
+  standalone: true,
+  imports: [],
+  providers: [],
+  templateUrl: './email-verify-root.component.html',
+  styleUrl: './email-verify-root.component.scss',
+  changeDetection: ChangeDetectionStrategy.OnPush,
+})
+export class EmailVerifyRootComponent implements OnInit {
+  public token: InputSignal<string> = input<string>('');
+  public verifyStatus: WritableSignal<boolean> = signal<boolean>(false);
+  public showRedirectMessage: WritableSignal<boolean> = signal<boolean>(false);
+
+  public constructor(
+    private readonly api: VerifyApiService,
+    private readonly router: Router
+  ) {}
+
+  public ngOnInit(): void {
+    this.verifyEmail();
+  }
+
+  private verifyEmail(): void {
+    const [verifyToken, email]: string[] = this.token().split('|');
+
+    this.api
+      .verifyControllerVerifyEmail(verifyToken)
+      .pipe(
+        tap((isVerified: boolean) => {
+          this.verifyStatus.set(isVerified);
+        }),
+        filter((isVerified) => isVerified),
+        tap(() => {
+          this.showRedirectMessage.set(true);
+        }),
+        delay(10000)
+      )
+      .subscribe(() => {
+        this.router.navigate(['/signup'], {
+          queryParams: { verified: true, email: email },
+        });
+      });
+  }
+}

frontend/src/app/pages/register-root/register-root.component.ts

@@ -7,6 +7,8 @@ import {
   WritableSignal,
   signal,
   effect,
+  InputSignal,
+  input,
 } from '@angular/core';
 import {
   FormBuilder,
@@ -16,6 +18,7 @@ import {
   ReactiveFormsModule,
   Validators,
 } from '@angular/forms';
+import { Router } from '@angular/router';
 
 import { ButtonModule } from 'primeng/button';
 import { CheckboxModule } from 'primeng/checkbox';
@@ -50,6 +53,8 @@ type AuthAction = 'register' | 'signup';
   changeDetection: ChangeDetectionStrategy.OnPush,
 })
 export class RegisterRootComponent implements OnInit {
+  public verified: InputSignal<boolean> = input<boolean>(false);
+  public email: InputSignal<string> = input<string>('');
   public form: FormGroup | undefined;
   public isRegisterSignal: WritableSignal<boolean> = signal(false);
   public isSignupSignal: WritableSignal<boolean> = signal(false);
@@ -57,10 +62,12 @@ export class RegisterRootComponent implements OnInit {
   public emailInvalid: WritableSignal<string | null> = signal(null);
   public passwordInvalid: WritableSignal<string | null> = signal(null);
   public termsInvalid: WritableSignal<string | null> = signal(null);
+  private removeQueryParams: WritableSignal<boolean> = signal(false);
 
   public constructor(
     private readonly formBuilder: FormBuilder,
-    private readonly authService: AuthService
+    private readonly authService: AuthService,
+    private readonly router: Router
   ) {
     effect(() => {
       if (this.form) {
@@ -73,12 +80,21 @@ export class RegisterRootComponent implements OnInit {
           this.form.removeControl('terms');
         }
       }
+
+      if (this.removeQueryParams()) {
+        this.clearRouteParams();
+      }
     });
   }
 
   public ngOnInit(): void {
     this.initializeForm();
     this.setupValueChanges();
+
+    if (this.email() || this.verified()) {
+      this.handleRedirect();
+      this.removeQueryParams.set(true);
+    }
   }
 
   public toggleAction(action: AuthAction): void {
@@ -133,6 +149,22 @@ export class RegisterRootComponent implements OnInit {
     });
   }
 
+  private handleRedirect(): void {
+    console.log('handleRedirect');
+    if (this.verified()) {
+      this.isDisplayButtons.set(false);
+      this.isRegisterSignal.set(false);
+      this.isSignupSignal.set(true);
+    }
+    if (this.email()) {
+      this.form?.get('email')?.setValue(decodeURIComponent(atob(this.email())));
+    }
+  }
+
+  private clearRouteParams(): void {
+    this.router.navigate([], { queryParams: {} });
+  }
+
   private setupValueChanges(): void {
     this.setupEmailValueChanges();
     this.setupPasswordValueChanges();

frontend/src/app/shared/service/auth.service.ts

@@ -13,7 +13,6 @@ import { SessionStorageService } from './session-storage.service';
   providedIn: 'root',
 })
 export class AuthService {
-  private readonly _path: string = '/api/auth';
   private _access_token: string | null = null;
   private _refresh_token: string | null = null;
   private _isAuthenticated$: BehaviorSubject<boolean> =
@@ -29,7 +28,7 @@ export class AuthService {
     private readonly sessionStorageService: SessionStorageService,
     private readonly authenticationApiService: AuthenticationApiService
   ) {
-    this.autoLogin();
+    //this.autoLogin();
   }
 
   public signin(credentials: LoginCredentials): void {