feat: add cusom email verification

Author: JayDwee

api/Cargo.lock

@@ -27,3 +27,6 @@ hex = "0.4.3"
 http-body-util = "0.1.3"
 regex = "1.11.2"
 cached = { version = "0.56.0", features = ["async"] }
+hmac = "0.12.1"
+sha2 = "0.10.9"
+jwt = "0.16.0"

api/Cargo.toml

@@ -21,6 +21,7 @@ mod meta;
 pub struct AppState {
     dynamo: aws_sdk_dynamodb::Client,
     scheduler: aws_sdk_scheduler::Client,
+    ses: aws_sdk_sesv2::Client,
     discord_bot: Arc<twilight_http::Client>,
     reqwest: Arc<reqwest::Client>,
 }
@@ -72,6 +73,7 @@ async fn main() -> Result<(), Error> {
     let app_state = AppState {
         dynamo: aws_sdk_dynamodb::Client::new(&config),
         scheduler: aws_sdk_scheduler::Client::new(&config),
+        ses: aws_sdk_sesv2::Client::new(&config),
         discord_bot,
         reqwest: Arc::new(reqwest::Client::new()),
     };

api/src/main.rs

@@ -1,66 +1,49 @@
-use aws_sdk_sesv2::{Client, Error};
-use aws_sdk_sesv2::types::{Body, Content, Destination, EmailContent, Message, Template};
+use aws_sdk_sesv2::Client;
+use aws_sdk_sesv2::types::{Destination, EmailContent, Template};
+use http::StatusCode;
+use serde::Serialize;
+use crate::discord::ise;
+
+#[derive(Serialize)]
+struct TemplateData {
+    name: String,
+    link_url: String
+}
 
-async fn send_message(
+pub async fn send_verify_email(
     client: &Client,
-    list: &str,
-    from: &str,
-    subject: &str,
-    message: &str,
-) -> Result<(), Error> {
-    // Get list of email addresses from contact list.
-    let resp = client
-        .list_contacts()
-        .contact_list_name(list)
-        .send()
-        .await?;
-
-    let contacts = resp.contacts();
-
-    let cs: Vec<String> = contacts
-        .iter()
-        .map(|i| i.email_address().unwrap_or_default().to_string())
-        .collect();
-
-    let mut dest: Destination = Destination::builder().build();
-    dest.to_addresses = Some(cs);
-    let subject_content = Content::builder()
-        .data(subject)
-        .charset("UTF-8")
-        .build()
-        .expect("building Content");
-    let body_content = Content::builder()
-        .data(message)
-        .charset("UTF-8")
-        .build()
-        .expect("building Content");
-    let body = Body::builder().text(body_content).build();
-
-    let msg = Message::builder()
-        .subject(subject_content)
-        .body(body)
-        .build();
-
-    let coupons = std::fs::read_to_string("../resources/newsletter/sample_coupons.json")
-        .unwrap_or_else(|_| r#"{"coupons":[]}"#.to_string());
+    global_name: &str,
+    email_addr: String,
+    token: &str,
+) -> Result<(), StatusCode> {
+    let env = std::env::var("DEPLOYMENT_ENV").expect("DEPLOYMENT_ENV must be set");
+    let mut host = "koalabot.uk".to_string();
+    if env != "prod" {
+        host = format!("{}.{}", env, host);
+    }
+
+    let t_data = serde_json::to_string(&TemplateData {
+        name: global_name.to_string(),
+        link_url: format!("https://{host}/verify/email/callback?token={token}").to_string(),
+    }).map_err(ise)?;
+    
     let email_content = EmailContent::builder()
         .template(
             Template::builder()
-                .template_name("kb2-verify-template-") //fixme
-                .template_data(coupons)
+                .template_name(format!("kb2-verify-template-{env}"))
+                .template_data(t_data)
                 .build(),
         )
         .build();
 
     client
         .send_email()
-        .from_email_address(from)
-        .destination(dest)
+        .from_email_address(format!("no-reply@{host}"))
+        .destination(Destination::builder().to_addresses(email_addr).build())
         .content(email_content)
         .send()
-        .await?;
-
-    println!("Email sent to list");
+        .await
+        .map_err(ise)?;
 
     Ok(())
 }

api/src/users/email.rs

@@ -1,3 +1,4 @@
+use std::collections::BTreeMap;
 use crate::AppState;
 use crate::users::models::{Link, User};
 use axum::extract::{Path, State};
@@ -7,15 +8,21 @@ use lambda_http::tracing::info;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::sync::Arc;
+use hmac::{Hmac, Mac};
+use jwt::{SignWithKey, VerifyWithKey};
+use sha2::Sha256;
 use tower_http::cors::CorsLayer;
 use twilight_model::id::Id;
 use twilight_model::id::marker::UserMarker;
 use twilight_model::user::CurrentUser;
+use crate::discord::ise;
 use crate::guilds::models::Guild;
+use crate::users::email::send_verify_email;
 
 pub fn router() -> axum::Router<AppState> {
     axum::Router::new()
         .route("/", post(post_link))
+        .route("/send-email", post(post_send_email))
         .route("/{link_address}", delete(delete_link))
         .layer(CorsLayer::permissive())
 }
@@ -69,7 +76,13 @@ async fn post_link(
             .await?
         }
         LinkOrigin::Email => {
-            todo!();
+            let key: Hmac<Sha256> = Hmac::new_from_slice(std::env::var("DISCORD_BOT_TOKEN").expect("DISCORD_BOT_TOKEN must be set").into_bytes().as_ref())
+                .map_err(ise)?;
+            let claims: BTreeMap<String, String> = link_req.token.verify_with_key(&key).map_err(ise)?;
+            if claims.get("exp").unwrap().parse::<u64>().unwrap() < chrono::Utc::now().timestamp() as u64 {
+                return Err(http::StatusCode::UNAUTHORIZED);
+            }
+            claims.get("sub").unwrap().to_string()
         }
     };
 
@@ -170,3 +183,26 @@ async fn delete_link(
         json!({"status": "success", "message": "Link deleted"}),
     ))
 }
+
+#[derive(Clone, Serialize, Deserialize)]
+struct SendEmailRequest {
+    email: String,
+}
+
+async fn post_send_email(
+    // Path(_user_id): Path<Id<UserMarker>>,
+    Extension(current_user): Extension<CurrentUser>,
+    State(app_state): State<AppState>,
+    Json(send_email_req): Json<SendEmailRequest>,
+) -> Result<Json<serde_json::Value>, http::StatusCode> {
+    let key: Hmac<Sha256> = Hmac::new_from_slice(std::env::var("DISCORD_BOT_TOKEN").expect("DISCORD_BOT_TOKEN must be set").into_bytes().as_ref())
+        .map_err(ise)?;
+    let mut claims = BTreeMap::new();
+    claims.insert("sub", send_email_req.email.clone());
+    claims.insert("exp", (chrono::Utc::now() + chrono::Duration::hours(1)).timestamp().to_string());
+    let token_str = claims.sign_with_key(&key).map_err(ise)?;
+
+    send_verify_email(&app_state.ses, &*current_user.name, send_email_req.email, &token_str).await?;
+    
+    Ok(Json(json!({"status": "success"})))
+}

api/src/users/links.rs

@@ -1,6 +1,6 @@
 mod links;
 pub mod models;
-mod email;
+pub mod email;
 
 use std::sync::Arc;
 use crate::AppState;

api/src/users/mod.rs

@@ -8,7 +8,7 @@ data "local_file" "verify_template_txt" {
 }
 
 resource "aws_ses_template" "verify_template" {
-  name    = "kb2-verify-templacte-${var.deployment_env}"
+  name    = "kb2-verify-template-${var.deployment_env}"
   subject = "Verify your email with Koala!"
   html    = data.local_file.verify_template_html.content
   text    = data.local_file.verify_template_txt.content

infra/modules/data/ses/main.tf

@@ -110,7 +110,7 @@
                                         <table role="presentation" border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: auto;">
                                             <tbody>
                                             <tr>
-                                                <td style="font-family: Helvetica, sans-serif; font-size: 16px; vertical-align: top; border-radius: 4px; text-align: center; background-color: #0867ec;" valign="top" align="center" bgcolor="#0867ec"> <a href="{{linkUrl}}" target="_blank" style="border: solid 2px #0867ec; border-radius: 4px; box-sizing: border-box; cursor: pointer; display: inline-block; font-size: 16px; font-weight: bold; margin: 0; padding: 12px 24px; text-decoration: none; text-transform: capitalize; background-color: #0867ec; border-color: #0867ec; color: #ffffff;">Link Account</a> </td>
+                                                <td style="font-family: Helvetica, sans-serif; font-size: 16px; vertical-align: top; border-radius: 4px; text-align: center; background-color: #0867ec;" valign="top" align="center" bgcolor="#0867ec"> <a href="{{link_url}}" target="_blank" style="border: solid 2px #0867ec; border-radius: 4px; box-sizing: border-box; cursor: pointer; display: inline-block; font-size: 16px; font-weight: bold; margin: 0; padding: 12px 24px; text-decoration: none; text-transform: capitalize; background-color: #0867ec; border-color: #0867ec; color: #ffffff;">Link Account</a> </td>
                                             </tr>
                                             </tbody>
                                         </table>

infra/modules/data/ses/resources/email-template.html

@@ -1,6 +1,6 @@
 Hi {{name}},
 Someone has requested to link their Discord account to this email address. If this was you, please confirm by clicking the link below.
-{{linkUrl}}
+{{link_url}}
 
 If this was not you, please ignore this email, or if you are having further issues, please contact our support team.
 

infra/modules/data/ses/resources/email-template.txt

@@ -7,7 +7,7 @@ import {User} from "../../stores/user.js";
 
 const KB_API_URL = import.meta.env.VITE_KB_API_URL
 
-let todo = true;
+let todo = false;
 let emailInput = defineModel();
 let disableTextField = ref(false);