From 4e825cc4d33b5d0f56b1907a6ac901eb9af14f15 Mon Sep 17 00:00:00 2001
From: Puyodead1 <puyodead@proton.me>
Date: Mon, 8 Jul 2024 21:23:41 -0400
Subject: [PATCH 1/3] fix `verify_email` template

---
 assets/email_templates/verify_email.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/assets/email_templates/verify_email.html b/assets/email_templates/verify_email.html
index 109fc4aa..cbd94280 100644
--- a/assets/email_templates/verify_email.html
+++ b/assets/email_templates/verify_email.html
@@ -69,7 +69,7 @@
 					>
 						<a
 							class="btn"
-							href="{emailVerificationUrl}"
+							href="{actionUrl}"
 							target="_blank"
 							style="
 								font-size: 15px;
@@ -90,8 +90,8 @@
 							Alternatively, you can directly paste this link into
 							your browser:
 						</p>
-						<a href="{emailVerificationUrl}" target="_blank" style="word-wrap: break-word;"
-							>{emailVerificationUrl}</a
+						<a href="{actionUrl}" target="_blank" style="word-wrap: break-word;"
+							>{actionUrl}</a
 						>
 					</div>
 				</div>

From 629451bbfd9698975bdb95dce4f3152bbdb3893c Mon Sep 17 00:00:00 2001
From: Puyodead1 <puyodead@proton.me>
Date: Mon, 8 Jul 2024 22:10:50 -0400
Subject: [PATCH 2/3] fix incorrect error field

---
 src/api/routes/auth/verify/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/routes/auth/verify/index.ts b/src/api/routes/auth/verify/index.ts
index 49f74277..32c3f305 100644
--- a/src/api/routes/auth/verify/index.ts
+++ b/src/api/routes/auth/verify/index.ts
@@ -85,7 +85,7 @@ router.post(
 			user = userTokenData.user;
 		} catch {
 			throw FieldErrors({
-				password: {
+				token: {
 					message: req.t("auth:password_reset.INVALID_TOKEN"),
 					code: "INVALID_TOKEN",
 				},

From bc432a4325644eb1e5040b47ed05eda699bd404f Mon Sep 17 00:00:00 2001
From: Puyodead1 <puyodead@proton.me>
Date: Mon, 8 Jul 2024 22:30:41 -0400
Subject: [PATCH 3/3] add email verification page

---
 .../email_templates/new_login_location.html   | 145 +++++++++--------
 assets/email_templates/password_changed.html  |   4 +-
 .../password_reset_request.html               | 125 ++++++++-------
 assets/email_templates/phone_removed.html     |   4 +-
 assets/email_templates/verify_email.html      |   9 +-
 assets/public/verify.html                     | 147 ++++++++++++++++++
 flake.lock                                    | Bin 1497 -> 1305 bytes
 src/api/Server.ts                             |  18 ++-
 src/util/util/email/index.ts                  |   3 +-
 9 files changed, 323 insertions(+), 132 deletions(-)
 create mode 100644 assets/public/verify.html

diff --git a/assets/email_templates/new_login_location.html b/assets/email_templates/new_login_location.html
index f1c5f8c5..b8c4a4fb 100644
--- a/assets/email_templates/new_login_location.html
+++ b/assets/email_templates/new_login_location.html
@@ -1,76 +1,87 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
+	<head>
+		<meta charset="UTF-8" />
+		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		<meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
+		<title>Verify {instanceName} Login from New Location</title>
 
-<head>
-	<meta charset="UTF-8" />
-	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
-	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-	<meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
-	<title>Verify {instanceName} Login from New Location</title>
+		<style>
+			* {
+				font-size: 16px;
+				line-height: 24px;
+				font-family: Arial, Helvetica, sans-serif;
+			}
 
-	<style>
-		* {
-			font-size: 16px;
-			line-height: 24px;
-			font-family: Arial, Helvetica, sans-serif;
-		}
+			p {
+				color: white;
+			}
 
-		p {
-			color: white;
-		}
+			.ExternalClass {
+				width: 100%;
+			}
+		</style>
+	</head>
 
-		.ExternalClass {
-			width: 100%;
-		}
-	</style>
-</head>
-
-<body>
-	<div style="background-color: #202225;">
-		<img src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
-			alt="Branding" style="
+	<body>
+		<div style="background-color: #202225">
+			<img
+				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
+				alt="Branding"
+				style="
 					width: 100%;
 					max-width: 200px;
 					margin: 0 auto;
 					display: block;
 					padding: 20px;
-				" />
-		<div style="
+				"
+			/>
+			<div
+				style="
 					width: 100%;
 					max-width: 500px;
 					margin: 0 auto;
 					padding: 40px 50px;
 					background-color: #32353b;
 					border-radius: 5px;
-				">
-			<p style="
+				"
+			>
+				<p
+					style="
 						font-weight: 600;
 						font-size: 20px;
 						letter-spacing: 0.27px;
 						line-height: 24px;
-					">
-				Hey {userUsername},
-			</p>
-			<p>
-				It looks like someone tried to log into your {instanceName}
-				account from a new location. If this is you, follow the link
-				below to authorize logging in from this location on your
-				account. If this isn't you, we suggest changing your
-				password as soon as possible.
-			</p>
-			<p>
-				<strong>IP Address:</strong> {ipAddress}
-				<br />
-				<strong>Location:</strong> {locationCity}, {locationRegion},
-				{locationCountryName}
-			</p>
-			<div>
-				<div style="
+					"
+				>
+					Hey {userUsername},
+				</p>
+				<p>
+					It looks like someone tried to log into your {instanceName}
+					account from a new location. If this is you, follow the link
+					below to authorize logging in from this location on your
+					account. If this isn't you, we suggest changing your
+					password as soon as possible.
+				</p>
+				<p>
+					<strong>IP Address:</strong> {ipAddress}
+					<br />
+					<strong>Location:</strong> {locationCity}, {locationRegion},
+					{locationCountryName}
+				</p>
+				<div>
+					<div
+						style="
 							text-align: center;
 							justify-content: center;
 							padding-bottom: 10px;
-						">
-					<a href="{actionUrl}" target="_blank" style="
+						"
+					>
+						<a
+							href="{actionUrl}"
+							target="_blank"
+							style="
 								font-size: 15px;
 								border: none;
 								text-decoration: none;
@@ -79,23 +90,31 @@
 								padding: 15px 19px;
 								background-color: #0185ff;
 								border-radius: 5px;
-							">Verify Login</a>
-				</div>
-				<hr />
-				<div style="
+							"
+							>Verify Login</a
+						>
+					</div>
+					<hr />
+					<div
+						style="
 							text-align: center;
 							justify-content: center;
 							padding-bottom: 10px;
-						">
-					<p>
-						Alternatively, you can directly paste this link into
-						your browser:
-					</p>
-					<a href="{actionUrl}" target="_blank" style="word-wrap: break-word;">{actionUrl}</a>
+						"
+					>
+						<p>
+							Alternatively, you can directly paste this link into
+							your browser:
+						</p>
+						<a
+							href="{actionUrl}"
+							target="_blank"
+							style="word-wrap: break-word"
+							>{actionUrl}</a
+						>
+					</div>
 				</div>
 			</div>
 		</div>
-	</div>
-</body>
-
+	</body>
 </html>
diff --git a/assets/email_templates/password_changed.html b/assets/email_templates/password_changed.html
index d0426279..7d368a0a 100644
--- a/assets/email_templates/password_changed.html
+++ b/assets/email_templates/password_changed.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
 	<head>
 		<meta charset="UTF-8" />
@@ -22,7 +22,7 @@
 		</style>
 	</head>
 	<body>
-		<div style="background-color: #202225;">
+		<div style="background-color: #202225">
 			<img
 				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
 				alt="Branding"
diff --git a/assets/email_templates/password_reset_request.html b/assets/email_templates/password_reset_request.html
index 2c5b6b65..0ed452cd 100644
--- a/assets/email_templates/password_reset_request.html
+++ b/assets/email_templates/password_reset_request.html
@@ -1,68 +1,79 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
+	<head>
+		<meta charset="UTF-8" />
+		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		<meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
+		<title>Password Reset Request for {instanceName}</title>
 
-<head>
-	<meta charset="UTF-8" />
-	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
-	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-	<meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
-	<title>Password Reset Request for {instanceName}</title>
+		<style>
+			* {
+				font-size: 16px;
+				line-height: 24px;
+				font-family: Arial, Helvetica, sans-serif;
+			}
 
-	<style>
-		* {
-			font-size: 16px;
-			line-height: 24px;
-			font-family: Arial, Helvetica, sans-serif;
-		}
+			p {
+				color: white;
+			}
 
-		p {
-			color: white;
-		}
+			.ExternalClass {
+				width: 100%;
+			}
+		</style>
+	</head>
 
-		.ExternalClass {
-			width: 100%;
-		}
-	</style>
-</head>
-
-<body>
-	<div style="background-color: #202225;">
-		<img src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
-			alt="Branding" style="
+	<body>
+		<div style="background-color: #202225">
+			<img
+				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
+				alt="Branding"
+				style="
 					width: 100%;
 					max-width: 200px;
 					margin: 0 auto;
 					display: block;
 					padding: 20px;
-				" />
-		<div style="
+				"
+			/>
+			<div
+				style="
 					width: 100%;
 					max-width: 500px;
 					margin: 0 auto;
 					padding: 40px 50px;
 					background-color: #32353b;
 					border-radius: 5px;
-				">
-			<p style="
+				"
+			>
+				<p
+					style="
 						font-weight: 600;
 						font-size: 20px;
 						letter-spacing: 0.27px;
 						line-height: 24px;
-					">
-				Hey {userUsername},
-			</p>
-			<p>
-				Your {instanceName} password can be reset by clicking the
-				button below. If you did not request a new password, please
-				ignore this email.
-			</p>
-			<div>
-				<div style="
+					"
+				>
+					Hey {userUsername},
+				</p>
+				<p>
+					Your {instanceName} password can be reset by clicking the
+					button below. If you did not request a new password, please
+					ignore this email.
+				</p>
+				<div>
+					<div
+						style="
 							text-align: center;
 							justify-content: center;
 							padding-bottom: 10px;
-						">
-					<a href="{actionUrl}" target="_blank" style="
+						"
+					>
+						<a
+							href="{actionUrl}"
+							target="_blank"
+							style="
 								font-size: 15px;
 								border: none;
 								text-decoration: none;
@@ -71,19 +82,25 @@
 								padding: 15px 19px;
 								background-color: #ff5f00;
 								border-radius: 5px;
-							">Reset Password</a>
-				</div>
-				<hr />
-				<div style="text-align: center">
-					<p>
-						Alternatively, you can directly paste this link into
-						your browser:
-					</p>
-					<a href="{actionUrl}" target="_blank" style="word-wrap: break-word;">{actionUrl}</a>
+							"
+							>Reset Password</a
+						>
+					</div>
+					<hr />
+					<div style="text-align: center">
+						<p>
+							Alternatively, you can directly paste this link into
+							your browser:
+						</p>
+						<a
+							href="{actionUrl}"
+							target="_blank"
+							style="word-wrap: break-word"
+							>{actionUrl}</a
+						>
+					</div>
 				</div>
 			</div>
 		</div>
-	</div>
-</body>
-
+	</body>
 </html>
diff --git a/assets/email_templates/phone_removed.html b/assets/email_templates/phone_removed.html
index 7cc552e9..bcbc8f18 100644
--- a/assets/email_templates/phone_removed.html
+++ b/assets/email_templates/phone_removed.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
 	<head>
 		<meta charset="UTF-8" />
@@ -22,7 +22,7 @@
 		</style>
 	</head>
 	<body>
-		<div style="background-color: #202225;">
+		<div style="background-color: #202225">
 			<img
 				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
 				alt="Branding"
diff --git a/assets/email_templates/verify_email.html b/assets/email_templates/verify_email.html
index cbd94280..1326f7ea 100644
--- a/assets/email_templates/verify_email.html
+++ b/assets/email_templates/verify_email.html
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
 	<head>
 		<meta charset="UTF-8" />
@@ -22,7 +22,7 @@
 		</style>
 	</head>
 	<body>
-		<div style="background-color: #202225;">
+		<div style="background-color: #202225">
 			<img
 				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
 				alt="Branding"
@@ -90,7 +90,10 @@
 							Alternatively, you can directly paste this link into
 							your browser:
 						</p>
-						<a href="{actionUrl}" target="_blank" style="word-wrap: break-word;"
+						<a
+							href="{actionUrl}"
+							target="_blank"
+							style="word-wrap: break-word"
 							>{actionUrl}</a
 						>
 					</div>
diff --git a/assets/public/verify.html b/assets/public/verify.html
new file mode 100644
index 00000000..c70d7709
--- /dev/null
+++ b/assets/public/verify.html
@@ -0,0 +1,147 @@
+<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8" />
+		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		<title>Spacebar Server</title>
+
+		<link rel="preconnect" href="https://fonts.googleapis.com" />
+		<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+		<link
+			href="https://fonts.googleapis.com/css2?family=Montserrat&display=swap"
+			rel="stylesheet"
+		/>
+
+		<style>
+			body {
+				font-family: "Montserrat", sans-serif;
+				background-color: rgb(10, 10, 10);
+				color: white;
+				font-size: 1.1rem;
+				height: 100vh;
+			}
+
+			* {
+				padding: 0;
+				margin: 0;
+			}
+
+			p {
+				margin-top: 10px;
+			}
+
+			#wordmark {
+				width: min(200px, 50%);
+				margin: 20px;
+				position: absolute;
+				top: 20px;
+				left: 20px;
+			}
+
+			.title {
+				font-size: 1.5rem;
+				font-weight: 600;
+			}
+
+			.subtitle {
+				font-size: 1.1rem;
+				font-weight: 400;
+			}
+
+			.container {
+				display: flex;
+				justify-content: center;
+				align-items: center;
+				height: 100%;
+			}
+
+			.box {
+				width: 22vw;
+				padding: 32px;
+				border-radius: 8px;
+				background-color: rgb(32, 32, 32);
+				align-items: center;
+				display: flex;
+				flex-direction: column;
+				text-align: center;
+			}
+		</style>
+	</head>
+
+	<body>
+		<div class="container">
+			<img
+				alt="Spacebar Logo"
+				id="wordmark"
+				src="https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg"
+			/>
+
+			<div class="box">
+				<p id="title" class="title">Verifying your email</p>
+				<p id="subtitle" class="subtitle">Please wait...</p>
+			</div>
+		</div>
+
+		<script>
+			window.onload = verify;
+
+			function verify() {
+				const title = document.getElementById("title");
+				const subtitle = document.getElementById("subtitle");
+
+				// if no fragment identifier in URL, error
+				if (!window.location.hash) {
+					title.innerText = "Invalid Link";
+					subtitle.innerText = "Please check the link and try again.";
+					return;
+				}
+
+				// convert fragment to a key-value pair
+				const fragment = window.location.hash.substring(1);
+				const pairs = fragment.split("&");
+				const values = {};
+				pairs.forEach((pair) => {
+					const [key, value] = pair.split("=");
+					values[key] = value;
+				});
+
+				// ensure token key is present
+				if (!values.token) {
+					title.innerText = "Invalid Link";
+					subtitle.innerText = "Please check the link and try again.";
+					return;
+				}
+
+				// make request to server
+				const token = values.token;
+				fetch("/api/auth/verify", {
+					method: "POST",
+					headers: {
+						"Content-Type": "application/json",
+					},
+					body: JSON.stringify({
+						token,
+					}),
+				})
+					.then((response) => response.json())
+					.then((data) => {
+						// check for an error response
+						if ("message" in data) {
+							title.innerText = "Email Verification Link Expired";
+							subtitle.innerText =
+								"Please request a new verification link.";
+							return;
+						}
+
+						title.innerText = "Email Verified";
+						subtitle.innerText = "You can now login.";
+					})
+					.catch((error) => {
+						title.innerText = "Email Verification Failed";
+						subtitle.innerText = error;
+					});
+			}
+		</script>
+	</body>
+</html>
diff --git a/flake.lock b/flake.lock
index ae5e8b23070de1f0618864a223c9a3c17f752ca5..844f26fa6bf673dc335b2aabc1e75e6c0d046c8c 100644
GIT binary patch
literal 1305
zcmbVL+j5&Q5Pi14qNC?}tP2RKGkvgKx1QE<GPF*gg(NV;)m#$eO#Z!q4RspQdinxr
z#hyKT&hFEA1mZ;L9DI29G#-tB8;U?r%EAx3&<OZ(S{D6r1oA2`bkqd;&pLJV{JwdD
zFp+^)XT0Vt^5P~@zU#M9WI>Zaj)~F!UY8fyO60p1Z6~lvC*{VrH}<#aYqhW!Q&u5+
zKM(dl=j$6tjLO(=tYw;gSCLoEK7un!@)+x^!HCPK@Rjc3nNE`?eA(AICDRYh4bm>w
z)IyRtP$FKl;}lD1DMtyy2*FBf$HlZmEUHvDd7fYFN(WqYo@Bn~$0Dq68!hYJ|AW;K
zd=1u$3u6C}23~K)6<RZdm_gW^S_c82!nnNmW*EcIa=)5>!UwUT<(F!ePLIjqZnKT<
z7B|syIiR(FNb*jXPU(*0OO;JViNqE$pd$>WnahZ_G?5S!hnt*BA{`<b?9hf}Xc58R
zRDQ|FZEULPB>AL_^Flb`tFicl>`>KS{47a|&e~TyaXDYZ<JOfracXUBXQ#*iy;kk?
z{L@^@5X6k(x6Qq;P_{Q`!Y<dx+k-4vd^CR0$Iz>`wsl-@>pcv3G+$Vh4VpXYDD_^R
zmPu(>lwr|%bzUSTs0BF{wV{q{Qo)fzltY9$(I#?)=@?vKtM_0?>}xE(lGPA=qxHDm
XC2)50^sdW-2c6}964wq}<LB`&k6}}t

literal 1497
zcmbu9U6YzH6o&8p6%N;R%m;*|Grdr2>$I-BL+kcBkbn$d%Ezv_v;VyTWjBt}+UX6D
z6LQX*^FGPTU^q0=Ovu9cIDAn9HS}X1$x&5?@q18(!*pAfdPK#Fx+rDR1m8Z}9K+%3
zhtr1<XI>=5Tl%&{%!~3a6QLirGtdSW1`J`dTh*xI`GOalHur`ji;Sw3<E)(T$+vpu
z%*M2a&Tbm*eodEm0GqYBTiNq%{zD`|J^5s4nX>0p=1rcoO3F}3eJ+>VteMg`tu4*v
zQ!@*tk0i07hh5-7rqnWmJYWk~a7-~q!jrC#h@QEux3XCqgyp7kjf=iyc^HH#kJUfN
z#<!jM53M}~+rlS1j5OSDqd<4@Mt>-T)WlS4&80t4#Ks`49)k%&;ET6gj6b72Uy<r-
zz1WTq+5Ta*P9A1=$$Z}9Pq@zty@#DUooucA$r+0h>>(SQz~!cp)Tdb55_<q)msyN?
z*mJQ*fu6OeQC)K5Z_Zq*^c$m<$gCJuX;E@Fz6#luZS-h4GcC`uQlsSRN!0o6$GH=5
zRNIo!ad}qp{aklw-h>IE5Fkp?pD}r?VZO5_+^Lp_`@L7v^kDuZ&v8(%9s96ctD7KV
z$#iBD+Kb7kQ`niNE{qNqA$?xOrSA9%7Qu-P7~u*H*S82~P(Z=}L<~y{y4-S2#*uyI
pU5`Os-5X%}N3A^tkN&7<dz6h66UTQW#(0u>5oW0Z#U8v4egi7jeBA&5

diff --git a/src/api/Server.ts b/src/api/Server.ts
index 472ab1d6..40d2b6dc 100644
--- a/src/api/Server.ts
+++ b/src/api/Server.ts
@@ -18,15 +18,15 @@
 
 import {
 	Config,
-	Email,
-	initDatabase,
-	initEvent,
-	JSONReplacer,
-	registerRoutes,
-	Sentry,
-	WebAuthn,
 	ConnectionConfig,
 	ConnectionLoader,
+	Email,
+	JSONReplacer,
+	Sentry,
+	WebAuthn,
+	initDatabase,
+	initEvent,
+	registerRoutes,
 } from "@spacebar/util";
 import { Request, Response, Router } from "express";
 import { Server, ServerOptions } from "lambert-server";
@@ -141,6 +141,10 @@ export class SpacebarServer extends Server {
 			res.sendFile(path.join(PUBLIC_ASSETS_FOLDER, "index.html")),
 		);
 
+		app.get("/verify", (req, res) =>
+			res.sendFile(path.join(PUBLIC_ASSETS_FOLDER, "verify.html")),
+		);
+
 		this.app.use(ErrorHandler);
 
 		Sentry.errorHandler(this.app);
diff --git a/src/util/util/email/index.ts b/src/util/util/email/index.ts
index d765f5ff..e3382794 100644
--- a/src/util/util/email/index.ts
+++ b/src/util/util/email/index.ts
@@ -141,8 +141,9 @@ export const Email: {
 	 */
 	generateLink: async function (type, id, email) {
 		const token = (await generateToken(id, email)) as string;
+		// puyodead1: this is set to api endpoint because the verification page is on the server since no clients have one, and not all 3rd party clients will have one
 		const instanceUrl =
-			Config.get().general.frontPage || "http://localhost:3001";
+			Config.get().api.endpointPublic || "http://localhost:3001";
 		const link = `${instanceUrl}/${type}#token=${token}`;
 		return link;
 	},