Merge branch 'main' into chore-readme-ci-update

Author: Sma1lboy

.gitignore

@@ -16,4 +16,6 @@ models/
 
 */**/database.sqlite
 ./backend/src/database.sqlite
-.codefox
+.codefox
+
+.env

backend/.env

@@ -0,0 +1,34 @@
+# Server Configuration
+PORT=8080
+
+# DEV PROD OR TEST
+NODE_ENV="DEV" 
+# JWT Configuration
+JWT_SECRET="your_jwt_secret_here"
+JWT_REFRESH="your_jwt_refresh_secret_here"
+SALT_ROUNDS=10
+
+# OpenAI Configuration
+OPENAI_BASE_URI="http://localhost:3001"
+
+# S3/Cloudflare R2 Configuration (Optional)
+# If not provided, local file storage will be used
+S3_ACCESS_KEY_ID="your_s3_access_key_id"      # Must be 32 characters for Cloudflare R2
+S3_SECRET_ACCESS_KEY="your_s3_secret_access_key"
+S3_REGION="auto"                              # Use 'auto' for Cloudflare R2
+S3_BUCKET_NAME="your_bucket_name"
+S3_ENDPOINT="https://<account_id>.r2.cloudflarestorage.com"    # Cloudflare R2 endpoint
+S3_ACCOUNT_ID="your_cloudflare_account_id"    # Your Cloudflare account ID
+S3_PUBLIC_URL="https://pub-xxx.r2.dev"        # Your R2 public bucket URL
+
+# mail
+# Set to false to disable all email functionality
+MAIL_ENABLED=false
+
+MAIL_HOST=smtp.example.com
+MAIL_USER=user@example.com
+MAIL_PASSWORD=topsecret
+MAIL_FROM=noreply@example.com
+MAIL_PORT=587
+MAIL_DOMAIN=your_net
+

backend/.env.development

@@ -55,4 +55,5 @@ log-*/
 
 
 # Backend
-/backend/package-lock.json
+/backend/package-lock.json
+.env

backend/.env.example

@@ -28,8 +28,10 @@
   },
   "dependencies": {
     "@apollo/server": "^4.11.0",
+    "@aws-sdk/client-s3": "^3.758.0",
     "@huggingface/hub": "latest",
     "@huggingface/transformers": "latest",
+    "@nestjs-modules/mailer": "^2.0.2",
     "@nestjs/apollo": "^12.2.0",
     "@nestjs/axios": "^3.0.3",
     "@nestjs/common": "^10.0.0",
@@ -45,6 +47,7 @@
     "@types/toposort": "^2.0.7",
     "axios": "^1.7.7",
     "bcrypt": "^5.1.1",
+    "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "dotenv": "^16.4.7",
     "eslint-plugin-unused-imports": "^4.1.4",
@@ -53,9 +56,11 @@
     "gpt-3-encoder": "^1.1.4",
     "graphql": "^16.9.0",
     "graphql-subscriptions": "^2.0.0",
+    "graphql-upload-minimal": "^1.6.1",
     "graphql-ws": "^5.16.0",
     "lodash": "^4.17.21",
     "markdown-to-txt": "^2.0.1",
+    "nodemailer": "^6.10.0",
     "normalize-path": "^3.0.0",
     "openai": "^4.77.0",
     "p-queue-es5": "^6.0.2",

backend/.gitignore

@@ -15,6 +15,7 @@ import { AppResolver } from './app.resolver';
 import { APP_INTERCEPTOR } from '@nestjs/core';
 import { LoggingInterceptor } from 'src/interceptor/LoggingInterceptor';
 import { PromptToolModule } from './prompt-tool/prompt-tool.module';
+import { MailModule } from './mail/mail.module';
 
 // TODO(Sma1lboy): move to a separate file
 function isProduction(): boolean {
@@ -47,6 +48,7 @@ function isProduction(): boolean {
     TokenModule,
     ChatModule,
     PromptToolModule,
+    MailModule,
     TypeOrmModule.forFeature([User]),
   ],
   providers: [

backend/package.json

@@ -9,6 +9,7 @@ import { User } from 'src/user/user.model';
 import { AuthResolver } from './auth.resolver';
 import { RefreshToken } from './refresh-token/refresh-token.model';
 import { JwtCacheModule } from 'src/jwt-cache/jwt-cache.module';
+import { MailModule } from 'src/mail/mail.module';
 
 @Module({
   imports: [
@@ -23,6 +24,7 @@ import { JwtCacheModule } from 'src/jwt-cache/jwt-cache.module';
       inject: [ConfigService],
     }),
     JwtCacheModule,
+    MailModule,
   ],
   providers: [AuthService, AuthResolver],
   exports: [AuthService, JwtModule],

backend/src/app.module.ts

@@ -18,6 +18,15 @@ export class RefreshTokenResponse {
   refreshToken: string;
 }
 
+@ObjectType()
+export class EmailConfirmationResponse {
+  @Field()
+  message: string;
+
+  @Field({ nullable: true })
+  success?: boolean;
+}
+
 @Resolver()
 export class AuthResolver {
   constructor(private readonly authService: AuthService) {}
@@ -33,4 +42,11 @@ export class AuthResolver {
   ): Promise<RefreshTokenResponse> {
     return this.authService.refreshToken(refreshToken);
   }
+
+  @Mutation(() => EmailConfirmationResponse)
+  async confirmEmail(
+    @Args('token') token: string,
+  ): Promise<EmailConfirmationResponse> {
+    return this.authService.confirmEmail(token);
+  }
 }

backend/src/auth/auth.module.ts

@@ -19,23 +19,127 @@ import { Role } from './role/role.model';
 import { RefreshToken } from './refresh-token/refresh-token.model';
 import { randomUUID } from 'crypto';
 import { compare, hash } from 'bcrypt';
-import { RefreshTokenResponse } from './auth.resolver';
+import {
+  EmailConfirmationResponse,
+  RefreshTokenResponse,
+} from './auth.resolver';
+import { MailService } from 'src/mail/mail.service';
 
 @Injectable()
 export class AuthService {
+  private readonly isMailEnabled: boolean;
+
   constructor(
     @InjectRepository(User)
     private userRepository: Repository<User>,
     private jwtService: JwtService,
     private jwtCacheService: JwtCacheService,
     private configService: ConfigService,
+    private mailService: MailService,
     @InjectRepository(Menu)
     private menuRepository: Repository<Menu>,
     @InjectRepository(Role)
     private roleRepository: Repository<Role>,
     @InjectRepository(RefreshToken)
     private refreshTokenRepository: Repository<RefreshToken>,
-  ) {}
+  ) {
+    // Read the MAIL_ENABLED environment variable, default to 'true'
+    this.isMailEnabled =
+      this.configService.get<string>('MAIL_ENABLED', 'true').toLowerCase() ===
+      'true';
+  }
+
+  async confirmEmail(token: string): Promise<EmailConfirmationResponse> {
+    try {
+      const payload = await this.jwtService.verifyAsync(token);
+
+      // Check if payload has the required email field
+      if (!payload || !payload.email) {
+        return {
+          message: 'Invalid token format',
+          success: false,
+        };
+      }
+
+      // Find user and update
+      const user = await this.userRepository.findOne({
+        where: { email: payload.email },
+      });
+
+      if (user && !user.isEmailConfirmed) {
+        user.isEmailConfirmed = true;
+        await this.userRepository.save(user);
+
+        return {
+          message: 'Email confirmed successfully!',
+          success: true,
+        };
+      }
+
+      return {
+        message: 'Email already confirmed or user not found.',
+        success: false,
+      };
+    } catch (error) {
+      return {
+        message: 'Invalid or expired token',
+        success: false,
+      };
+    }
+  }
+
+  async sendVerificationEmail(user: User): Promise<EmailConfirmationResponse> {
+    // Generate confirmation token
+    const verifyToken = this.jwtService.sign(
+      { email: user.email },
+      { expiresIn: '30m' },
+    );
+
+    // Send confirmation email
+    await this.mailService.sendConfirmationEmail(user.email, verifyToken);
+
+    // update user last time send email time
+    user.lastEmailSendTime = new Date();
+    await this.userRepository.save(user);
+
+    return {
+      message: 'Verification email sent successfully!',
+      success: true,
+    };
+  }
+
+  async resendVerificationEmail(email: string) {
+    const user = await this.userRepository.findOne({
+      where: { email },
+    });
+
+    if (!user) {
+      throw new Error('User not found');
+    }
+
+    if (user.isEmailConfirmed) {
+      return { message: 'Email already confirmed!' };
+    }
+
+    // Check if a cooldown period has passed (e.g., 1 minute)
+    const cooldownPeriod = 1 * 60 * 1000; // 1 minute in milliseconds
+    if (
+      user.lastEmailSendTime &&
+      new Date().getTime() - user.lastEmailSendTime.getTime() < cooldownPeriod
+    ) {
+      const timeLeft = Math.ceil(
+        (cooldownPeriod -
+          (new Date().getTime() - user.lastEmailSendTime.getTime())) /
+          1000,
+      );
+      return {
+        message: `Please wait ${timeLeft} seconds before requesting another email`,
+        success: false,
+      };
+    }
+
+    return this.sendVerificationEmail(user);
+  }
 
   async register(registerUserInput: RegisterUserInput): Promise<User> {
     const { username, email, password } = registerUserInput;
@@ -50,13 +154,31 @@ export class AuthService {
     }
 
     const hashedPassword = await hash(password, 10);
-    const newUser = this.userRepository.create({
-      username,
-      email,
-      password: hashedPassword,
-    });
 
-    return this.userRepository.save(newUser);
+    let newUser;
+    if (this.isMailEnabled) {
+      newUser = this.userRepository.create({
+        username,
+        email,
+        password: hashedPassword,
+        isEmailConfirmed: false,
+      });
+    } else {
+      newUser = this.userRepository.create({
+        username,
+        email,
+        password: hashedPassword,
+        isEmailConfirmed: true,
+      });
+    }
+
+    await this.userRepository.save(newUser);
+
+    if (this.isMailEnabled) {
+      await this.sendVerificationEmail(newUser);
+    }
+
+    return newUser;
   }
 
   async login(loginUserInput: LoginUserInput): Promise<RefreshTokenResponse> {
@@ -70,6 +192,10 @@ export class AuthService {
       throw new UnauthorizedException('Invalid credentials');
     }
 
+    if (!user.isEmailConfirmed) {
+      throw new Error('Email not confirmed. Please check your inbox.');
+    }
+
     const isPasswordValid = await compare(password, user.password);
 
     if (!isPasswordValid) {
@@ -113,6 +239,7 @@ export class AuthService {
       return false;
     }
   }
+
   async logout(token: string): Promise<boolean> {
     try {
       await this.jwtService.verifyAsync(token);