feat: Improve the email verification flow

Author: LubomirGeorgiev

src/app/(auth)/verify-email/page.tsx

@@ -1,12 +1,7 @@
 import { Metadata } from "next";
-import { notFound, redirect } from "next/navigation";
-import { getCloudflareContext } from "@opennextjs/cloudflare";
-import { getVerificationTokenKey } from "@/utils/auth-utils";
-import { getDB } from "@/db";
-import { userTable } from "@/db/schema";
-import { eq } from "drizzle-orm";
-import { updateAllSessionsOfUser } from "@/utils/kv-session";
-import { withRateLimit, RATE_LIMITS } from "@/utils/with-rate-limit";
+import { getSessionFromCookie } from "@/utils/auth";
+import { redirect } from "next/navigation";
+import VerifyEmailClientComponent from "./verify-email.client";
 
 export const metadata: Metadata = {
   title: "Verify Email",
@@ -16,64 +11,18 @@ export const metadata: Metadata = {
 export default async function VerifyEmailPage({
   searchParams,
 }: {
-  searchParams: Promise<{ token?: string }>
+  searchParams: Promise<{ token?: string }>;
 }) {
+  const session = await getSessionFromCookie();
   const token = (await searchParams).token;
 
-  if (!token) {
-    return notFound();
+  if (session?.user.emailVerified) {
+    return redirect('/dashboard');
   }
 
-  const { env } = getCloudflareContext();
-
-  const success = await withRateLimit(async () => {
-    const verificationTokenStr = await env.NEXT_CACHE_WORKERS_KV.get(getVerificationTokenKey(token));
-
-    if (!verificationTokenStr) {
-      return false;
-    }
-
-    const verificationToken = JSON.parse(verificationTokenStr) as {
-      userId: string;
-      expiresAt: string;
-    };
-
-    // Check if token is expired (although KV should have auto-deleted it)
-    if (new Date() > new Date(verificationToken.expiresAt)) {
-      return false;
-    }
-
-    const db = getDB();
-
-    // Find user
-    const user = await db.query.userTable.findFirst({
-      where: eq(userTable.id, verificationToken.userId),
-    });
-
-    if (!user) {
-      return false;
-    }
-
-    // Update user's email verification status
-    await db.update(userTable)
-      .set({ emailVerified: new Date() })
-      .where(eq(userTable.id, verificationToken.userId));
-
-    // Update all sessions of the user to reflect the new email verification status
-    await updateAllSessionsOfUser(verificationToken.userId);
-
-    // Delete the used token
-    await env.NEXT_CACHE_WORKERS_KV.delete(getVerificationTokenKey(token));
-
-    // Add a small delay to ensure all updates are processed
-    await new Promise((resolve) => setTimeout(resolve, 500));
-
-    return true;
-  }, RATE_LIMITS.EMAIL);
-
-  if (success) {
-    redirect("/dashboard");
+  if (!token) {
+    return redirect('/sign-in');
   }
 
-  return notFound();
+  return <VerifyEmailClientComponent />;
 }

src/app/(auth)/verify-email/verify-email.action.ts

@@ -0,0 +1,83 @@
+"use server";
+
+import "server-only";
+import { getCloudflareContext } from "@opennextjs/cloudflare";
+import { getVerificationTokenKey } from "@/utils/auth-utils";
+import { getDB } from "@/db";
+import { userTable } from "@/db/schema";
+import { eq } from "drizzle-orm";
+import { updateAllSessionsOfUser } from "@/utils/kv-session";
+import { withRateLimit, RATE_LIMITS } from "@/utils/with-rate-limit";
+import { verifyEmailSchema } from "@/schemas/verify-email.schema";
+import { createServerAction, ZSAError } from "zsa";
+
+export const verifyEmailAction = createServerAction()
+  .input(verifyEmailSchema)
+  .handler(async ({ input }) => {
+    return withRateLimit(
+      async () => {
+        const { env } = getCloudflareContext();
+        const verificationTokenStr = await env.NEXT_CACHE_WORKERS_KV.get(getVerificationTokenKey(input.token));
+
+        if (!verificationTokenStr) {
+          throw new ZSAError(
+            "NOT_FOUND",
+            "Verification token not found or expired"
+          );
+        }
+
+        const verificationToken = JSON.parse(verificationTokenStr) as {
+          userId: string;
+          expiresAt: string;
+        };
+
+        // Check if token is expired (although KV should have auto-deleted it)
+        if (new Date() > new Date(verificationToken.expiresAt)) {
+          throw new ZSAError(
+            "NOT_FOUND",
+            "Verification token not found or expired"
+          );
+        }
+
+        const db = getDB();
+
+        // Find user
+        const user = await db.query.userTable.findFirst({
+          where: eq(userTable.id, verificationToken.userId),
+        });
+
+        if (!user) {
+          throw new ZSAError(
+            "NOT_FOUND",
+            "User not found"
+          );
+        }
+
+        try {
+          // Update user's email verification status
+          await db.update(userTable)
+            .set({ emailVerified: new Date() })
+            .where(eq(userTable.id, verificationToken.userId));
+
+          // Update all sessions of the user to reflect the new email verification status
+          await updateAllSessionsOfUser(verificationToken.userId);
+
+          // Delete the used token
+          await env.NEXT_CACHE_WORKERS_KV.delete(getVerificationTokenKey(input.token));
+
+          // Add a small delay to ensure all updates are processed
+          await new Promise((resolve) => setTimeout(resolve, 500));
+
+          return { success: true };
+        } catch (error) {
+          console.error(error);
+
+          throw new ZSAError(
+            "INTERNAL_SERVER_ERROR",
+            "An unexpected error occurred"
+          );
+        }
+      },
+      RATE_LIMITS.EMAIL
+    );
+  });

src/app/(auth)/verify-email/verify-email.client.tsx

@@ -0,0 +1,120 @@
+"use client";
+
+import { useEffect, useRef } from "react";
+import { useRouter, useSearchParams } from "next/navigation";
+import { toast } from "sonner";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import { Button } from "@/components/ui/button";
+import { useServerAction } from "zsa-react";
+import { verifyEmailAction } from "./verify-email.action";
+import { verifyEmailSchema } from "@/schemas/verify-email.schema";
+import { Spinner } from "@/components/ui/spinner";
+
+export default function VerifyEmailClientComponent() {
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const token = searchParams.get("token");
+  const hasCalledVerification = useRef(false);
+
+  const { execute: handleVerification, isPending, error } = useServerAction(verifyEmailAction, {
+    onError: ({ err }) => {
+      toast.dismiss();
+      toast.error(err.message || "Failed to verify email");
+    },
+    onStart: () => {
+      toast.loading("Verifying your email...");
+    },
+    onSuccess: () => {
+      toast.dismiss();
+      toast.success("Email verified successfully");
+
+      router.refresh();
+
+      setTimeout(() => {
+        router.push("/dashboard");
+      }, 500);
+    },
+  });
+
+  useEffect(() => {
+    if (token && !hasCalledVerification.current) {
+      const result = verifyEmailSchema.safeParse({ token });
+      if (result.success) {
+        hasCalledVerification.current = true;
+        handleVerification(result.data);
+      } else {
+        toast.error("Invalid verification token");
+        router.push("/sign-in");
+      }
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [token]);
+
+  if (isPending) {
+    return (
+      <div className="container mx-auto px-4 flex items-center justify-center min-h-screen">
+        <Card className="w-full max-w-md">
+          <CardHeader className="text-center">
+            <div className="flex flex-col items-center space-y-4">
+              <Spinner size="large" />
+              <CardTitle>Verifying Email</CardTitle>
+              <CardDescription>
+                Please wait while we verify your email address...
+              </CardDescription>
+            </div>
+          </CardHeader>
+        </Card>
+      </div>
+    );
+  }
+
+  if (error) {
+    return (
+      <div className="container mx-auto px-4 flex items-center justify-center min-h-screen">
+        <Card className="w-full max-w-md">
+          <CardHeader>
+            <CardTitle>Verification failed</CardTitle>
+            <CardDescription>
+              {error?.message || "Failed to verify email"}
+            </CardDescription>
+          </CardHeader>
+          <CardContent>
+            <Button
+              variant="outline"
+              className="w-full"
+              onClick={() => router.push("/sign-in")}
+            >
+              Back to sign in
+            </Button>
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
+  if (!token) {
+    return (
+      <div className="container mx-auto px-4 flex items-center justify-center min-h-screen">
+        <Card className="w-full max-w-md">
+          <CardHeader>
+            <CardTitle>Invalid verification link</CardTitle>
+            <CardDescription>
+              The verification link is invalid. Please request a new verification email.
+            </CardDescription>
+          </CardHeader>
+          <CardContent>
+            <Button
+              variant="outline"
+              className="w-full"
+              onClick={() => router.push("/sign-in")}
+            >
+              Back to sign in
+            </Button>
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
+  return null;
+}

src/app/(dashboard)/layout.tsx

@@ -10,7 +10,7 @@ export default async function DashboardLayout({ children }: { children: React.Re
   const session = await getSessionFromCookie()
 
   if (!session) {
-    redirect('/')
+    return redirect('/')
   }
 
   return (

src/app/(settings)/settings/[...segment]/page.tsx

@@ -46,7 +46,7 @@ export default async function SettingsPage() {
   const session = await getSessionFromCookie();
 
   if (!session) {
-    redirect("/sign-in");
+    return redirect("/sign-in");
   }
 
   return (

src/app/(settings)/settings/layout.tsx

@@ -18,7 +18,7 @@ export default async function SettingsLayout({
   const session = await getSessionFromCookie();
 
   if (!session) {
-    redirect("/sign-in");
+    return redirect("/sign-in");
   }
 
   return (

src/app/(settings)/settings/page.tsx

@@ -46,7 +46,7 @@ export default async function SettingsPage() {
   const session = await getSessionFromCookie();
 
   if (!session) {
-    redirect("/sign-in");
+    return redirect("/sign-in");
   }
 
   return (

src/app/(settings)/settings/security/page.tsx

@@ -19,7 +19,7 @@ export default async function SecurityPage() {
   const session = await getSessionFromCookie();
 
   if (!session) {
-    redirect("/sign-in");
+    return redirect("/sign-in");
   }
 
   const db = getDB();

src/app/(settings)/settings/sessions/page.tsx

@@ -13,7 +13,7 @@ export default async function SessionsPage() {
   const [sessions, error] = await getSessionsAction()
 
   if (error) {
-    redirect('/')
+    return redirect('/')
   }
 
   return (

src/components/email-verification-dialog.tsx

@@ -14,6 +14,8 @@ import { resendVerificationAction } from "@/app/(auth)/resend-verification.actio
 import { toast } from "sonner";
 import { useState } from "react";
 import { EMAIL_VERIFICATION_TOKEN_EXPIRATION_SECONDS } from "@/constants";
+import { Alert } from "@heroui/react"
+import isProd from "@/utils/is-prod";
 
 export function EmailVerificationDialog() {
   const { session } = useSessionStore();
@@ -54,6 +56,15 @@ export function EmailVerificationDialog() {
           <DialogDescription>
             Please verify your email address to access all features. We sent a verification link to {session.user.email}.
             The verification link will expire in {Math.floor(EMAIL_VERIFICATION_TOKEN_EXPIRATION_SECONDS / 3600)} hours.
+
+            {!isProd && (
+              <Alert
+                color="warning"
+                title="Development mode"
+                description="You can find the verification link in the console."
+                className="mt-4 mb-2"
+              />
+            )}
           </DialogDescription>
         </DialogHeader>
         <div className="flex flex-col gap-4">