Merge pull request #1154 from jboolean/orders-emails

Orders emails & resending magic links

Author: jboolean

backend/src/api/AuthenticationController.ts

@@ -1,5 +1,5 @@
 import * as express from 'express';
-import { BadRequest, Unauthorized } from 'http-errors';
+import { BadRequest } from 'http-errors';
 import {
   Body,
   Controller,
@@ -38,6 +38,9 @@ type UserResponse = {
   email: string | null;
 };
 
+const getApiBase = (req: express.Request): string =>
+  `${req.protocol}://${required(req.get('host'), 'host')}`;
+
 @Route('authentication')
 export class AuthenticationController extends Controller {
   @Security('user-token')
@@ -56,7 +59,7 @@ export class AuthenticationController extends Controller {
   ): Promise<LoginResponse> {
     const userId = await getUserFromRequestOrCreateAndSetCookie(req);
     const { requestedEmail, returnToPath, requireVerifiedEmail } = loginRequest;
-    const apiBase = `${req.protocol}://${required(req.get('host'), 'host')}`;
+    const apiBase = getApiBase(req);
     const result = await UserService.processLoginRequest(
       requestedEmail,
       userId,
@@ -74,7 +77,7 @@ export class AuthenticationController extends Controller {
   }
 
   /**
-   * We take the temporary token from the query string and set a permenant token in a cookie.
+   * We take the temporary token from the query string and set a permanent token in a cookie.
    * @param magicToken A temporary token sent in a magic link
    * @param res
    * @param returnToPath The path to attach to the frontend base URL and redirect to after login
@@ -97,7 +100,23 @@ export class AuthenticationController extends Controller {
     const userId = UserService.getUserIdFromToken(magicToken);
 
     if (!userId) {
-      throw new Unauthorized('The link contains in invalid or expired token');
+      res.status(401).type('text/plain');
+
+      // If it's just expired, send a new link
+      const userIdExpired = UserService.getUserIdFromToken(magicToken, {
+        ignoreExpiration: true,
+      });
+      if (typeof userIdExpired !== 'undefined') {
+        await UserService.sendMagicLinkToUser(
+          userIdExpired,
+          getApiBase(req),
+          returnToPath
+        );
+        res.send('This link has expired. A new one has been emailed to you.');
+        return;
+      }
+      res.send('This link contains an invalid token');
+      return;
     }
 
     await UserService.markEmailVerified(userId);

backend/src/business/email/templates/MagicLinkTemplate.ts

@@ -1,17 +1,17 @@
 import EmailTemplate from '../EmailTemplate';
 import EmailStreamType from './EmailStreamType';
-import Senders from './Senders';
 import {
-  MagicLinkTemplateData,
   MagicLinkMetadata,
+  MagicLinkTemplateData,
 } from './MagicLinkEmailTemplateData';
+import Senders from './Senders';
 
 class MagicLinkTemplate extends EmailTemplate<
   MagicLinkTemplateData,
   MagicLinkMetadata
 > {
   alias = 'magic-link';
-  from = Senders.PERSONAL;
+  from = Senders.SYSTEM;
   streamType = EmailStreamType.TRANSACTIONAL;
 }
 

backend/src/business/email/templates/OrderCustomizeTemplate.ts

@@ -0,0 +1,15 @@
+import EmailTemplate from '../EmailTemplate';
+import EmailStreamType from './EmailStreamType';
+import { OrderMetadata, OrderTemplateData } from './OrderEmailTemplateData';
+import Senders from './Senders';
+
+class OrderCustomizeTemplate extends EmailTemplate<
+  OrderTemplateData,
+  OrderMetadata
+> {
+  alias = 'order-customize';
+  from = Senders.SYSTEM;
+  streamType = EmailStreamType.TRANSACTIONAL;
+}
+
+export default new OrderCustomizeTemplate();

backend/src/business/email/templates/OrderEmailTemplateData.ts

@@ -0,0 +1,8 @@
+export interface OrderTemplateData {
+  ordersUrl: string;
+}
+
+export interface OrderMetadata {
+  userId: string;
+  orderId: string;
+}

backend/src/business/email/templates/Senders.ts

@@ -1,4 +1,5 @@
 const Senders = {
   PERSONAL: 'Julian from 1940s.nyc <[email protected]>',
+  SYSTEM: '1940s.nyc <[email protected]>',
 } as const;
 export default Senders;

backend/src/business/merch/MerchOrderService.ts

@@ -7,10 +7,18 @@ import MerchInternalVariant from '../../enum/MerchInternalVariant';
 import MerchOrderFulfillmentState from '../../enum/MerchOrderFulfillmentState';
 import MerchOrderState from '../../enum/MerchOrderState';
 import MerchProvider from '../../enum/MerchProvider';
+import EmailService from '../email/EmailService';
+import OrderCustomizeTemplate from '../email/templates/OrderCustomizeTemplate';
+import * as UserService from '../users/UserService';
 import absurd from '../utils/absurd';
+import isProduction from '../utils/isProduction';
 import required from '../utils/required';
 import * as PrintfulService from './PrintfulService';
 
+const API_BASE = isProduction()
+  ? 'http://api.1940s.nyc'
+  : 'http://dev.1940s.nyc:3000';
+
 export async function createMerchOrder(
   userId: number,
   stripeCheckoutSessionId: string,
@@ -48,7 +56,32 @@ export async function createMerchOrder(
     });
     await itemRepository.save(items);
 
-    return orderRepository.findOneByOrFail({ id: order.id });
+    order = await orderRepository.findOneByOrFail({ id: order.id });
+
+    const user = await UserService.getUser(userId);
+
+    if (user.email) {
+      // There really should be an email at this point, set earlier in the Stripe webhook
+
+      const orderCustomizeEmail = OrderCustomizeTemplate.createTemplatedEmail({
+        to: user.email,
+        templateContext: {
+          ordersUrl: UserService.createMagicLinkUrl(
+            API_BASE,
+            userId,
+            '/orders'
+          ).toString(),
+        },
+        metadata: {
+          orderId: order.id.toString(),
+          userId: user.id.toString(),
+        },
+      });
+
+      await EmailService.sendTemplateEmail(orderCustomizeEmail);
+    }
+
+    return order;
   });
 }
 

backend/src/business/users/UserService.ts

@@ -35,11 +35,19 @@ function createUserTokenForMagicLink(userId: number): string {
   });
 }
 
-export function getUserIdFromToken(token: string): number | undefined {
+export function getUserIdFromToken(
+  token: string,
+  {
+    ignoreExpiration = false,
+  }: {
+    ignoreExpiration?: boolean;
+  } = {}
+): number | undefined {
   try {
     const { sub } = jwt.verify(token, JWT_SECRET, {
       algorithms: ['HS256'],
       issuer: ISSUER,
+      ignoreExpiration,
     }) as { sub: string };
 
     if (!sub.startsWith(SUBJECT_PREFIX)) {
@@ -127,12 +135,11 @@ export async function createUser(
   return { token, userId: user.id };
 }
 
-async function sendMagicLink(
-  emailAddress: string,
-  userId: number,
+export function createMagicLinkUrl(
   apiBase: string,
+  userId: number,
   returnToPath?: string
-): Promise<void> {
+): URL {
   const loginUrl: URL = new URL(
     '/authentication/login-with-magic-link',
     apiBase
@@ -147,6 +154,16 @@ async function sendMagicLink(
   }
 
   loginUrl.search = params.toString();
+  return loginUrl;
+}
+
+async function sendMagicLink(
+  emailAddress: string,
+  userId: number,
+  apiBase: string,
+  returnToPath?: string
+): Promise<void> {
+  const loginUrl = createMagicLinkUrl(apiBase, userId, returnToPath);
 
   const emailMessage = MagicLinkTemplate.createTemplatedEmail({
     to: emailAddress,
@@ -164,6 +181,19 @@ async function sendMagicLink(
   await EmailService.sendTemplateEmail(emailMessage);
 }
 
+export async function sendMagicLinkToUser(
+  userId: number,
+  apiBase: string,
+  returnToPath?: string
+): Promise<void> {
+  const user = await getUser(userId);
+  if (!user.email) {
+    return;
+  }
+
+  return sendMagicLink(user.email, userId, apiBase, returnToPath);
+}
+
 /**
  * The user wishes to log into the account with email, which may or may not exist.
  * This determines what to do, which ultimately drives the UI.