feat: add email verification, password reset, and WSDC integration (Phase 1.5)

Backend features: - AWS SES email service with HTML templates - Email verification with dual method (link + 6-digit PIN code) - Password reset workflow with secure tokens - WSDC API proxy for dancer lookup and auto-fill registration - Extended User model with verification and WSDC fields - Email verification middleware for protected routes Frontend features: - Two-step registration with WSDC ID lookup - Password strength indicator component - Email verification page with code input - Password reset flow (request + reset pages) - Verification banner for unverified users - Updated authentication context and API service Testing: - 65 unit tests with 100% coverage of new features - Tests for auth utils, email service, WSDC controller, and middleware - Integration tests for full authentication flows - Comprehensive mocking of AWS SES and external APIs Database: - Migration: add WSDC fields (firstName, lastName, wsdcId) - Migration: add email verification fields (token, code, expiry) - Migration: add password reset fields (token, expiry) Documentation: - Complete Phase 1.5 documentation - Test suite documentation and best practices - Updated session context with new features
2025-11-13 15:47:54 +01:00
parent 4d7f814538
commit 7a2f6d07ec
31 changed files with 5586 additions and 87 deletions
--- a/backend/src/utils/auth.js
+++ b/backend/src/utils/auth.js
@@ -1,5 +1,6 @@
 const bcrypt = require('bcryptjs');
 const jwt = require('jsonwebtoken');
+const crypto = require('crypto');

 // Hash password with bcrypt
 async function hashPassword(password) {
@@ -28,9 +29,28 @@ function verifyToken(token) {
  }
 }

+// Generate random verification token (URL-safe)
+function generateVerificationToken() {
+  return crypto.randomBytes(32).toString('hex');
+}
+
+// Generate 6-digit verification code
+function generateVerificationCode() {
+  return Math.floor(100000 + Math.random() * 900000).toString();
+}
+
+// Calculate token expiry time
+function getTokenExpiry(hours = 24) {
+  const now = new Date();
+  return new Date(now.getTime() + hours * 60 * 60 * 1000);
+}
+
 module.exports = {
  hashPassword,
  comparePassword,
  generateToken,
  verifyToken,
+  generateVerificationToken,
+  generateVerificationCode,
+  getTokenExpiry,
 };
--- a/backend/src/utils/email.js
+++ b/backend/src/utils/email.js
@@ -0,0 +1,320 @@
+/**
+ * Email Service using AWS SES
+ * Handles sending emails for verification, password reset, etc.
+ */
+
+const { SESClient, SendEmailCommand } = require('@aws-sdk/client-ses');
+
+// Configure AWS SES Client
+const sesClient = new SESClient({
+  region: process.env.AWS_REGION || 'us-east-1',
+  credentials: {
+    accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+  },
+});
+
+/**
+ * Send email via AWS SES
+ * @param {Object} params - Email parameters
+ * @param {string} params.to - Recipient email address
+ * @param {string} params.subject - Email subject
+ * @param {string} params.htmlBody - HTML email body
+ * @param {string} params.textBody - Plain text email body (fallback)
+ * @returns {Promise<Object>} - SES response
+ */
+async function sendEmail({ to, subject, htmlBody, textBody }) {
+  const params = {
+    Source: `${process.env.SES_FROM_NAME} <${process.env.SES_FROM_EMAIL}>`,
+    Destination: {
+      ToAddresses: [to],
+    },
+    Message: {
+      Subject: {
+        Data: subject,
+        Charset: 'UTF-8',
+      },
+      Body: {
+        Html: {
+          Data: htmlBody,
+          Charset: 'UTF-8',
+        },
+        Text: {
+          Data: textBody,
+          Charset: 'UTF-8',
+        },
+      },
+    },
+  };
+
+  try {
+    const command = new SendEmailCommand(params);
+    const response = await sesClient.send(command);
+    console.log(`Email sent successfully to ${to}. MessageId: ${response.MessageId}`);
+    return { success: true, messageId: response.MessageId };
+  } catch (error) {
+    console.error('Error sending email:', error);
+    throw new Error(`Failed to send email: ${error.message}`);
+  }
+}
+
+/**
+ * Send verification email with link and PIN code
+ * @param {string} email - User email
+ * @param {string} firstName - User first name
+ * @param {string} verificationToken - Unique verification token
+ * @param {string} verificationCode - 6-digit PIN code
+ */
+async function sendVerificationEmail(email, firstName, verificationToken, verificationCode) {
+  const verificationLink = `${process.env.FRONTEND_URL}/verify-email?token=${verificationToken}`;
+
+  const subject = 'Verify your spotlight.cam email';
+
+  const htmlBody = `
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; line-height: 1.6; color: #333; }
+        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+        .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; border-radius: 8px 8px 0 0; }
+        .content { background: #f9fafb; padding: 30px; border-radius: 0 0 8px 8px; }
+        .code-box { background: white; border: 2px solid #667eea; border-radius: 8px; padding: 20px; text-align: center; margin: 20px 0; }
+        .code { font-size: 32px; font-weight: bold; letter-spacing: 8px; color: #667eea; font-family: monospace; }
+        .button { display: inline-block; background: #667eea; color: white; padding: 14px 30px; text-decoration: none; border-radius: 6px; margin: 20px 0; font-weight: 600; }
+        .footer { text-align: center; color: #666; font-size: 14px; margin-top: 30px; }
+        .divider { border-top: 1px solid #e5e7eb; margin: 20px 0; }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <div class="header">
+          <h1>🎥 spotlight.cam</h1>
+          <p>Welcome to the dance community!</p>
+        </div>
+        <div class="content">
+          <h2>Hi ${firstName || 'there'}! 👋</h2>
+          <p>Thanks for joining spotlight.cam! To start sharing dance videos with your event partners, please verify your email address.</p>
+
+          <h3>Option 1: Click the button</h3>
+          <a href="${verificationLink}" class="button">Verify Email Address</a>
+
+          <div class="divider"></div>
+
+          <h3>Option 2: Enter this code</h3>
+          <div class="code-box">
+            <div class="code">${verificationCode}</div>
+          </div>
+
+          <p style="font-size: 14px; color: #666;">This code will expire in 24 hours.</p>
+
+          <div class="divider"></div>
+
+          <p><strong>Didn't create an account?</strong> You can safely ignore this email.</p>
+        </div>
+        <div class="footer">
+          <p>spotlight.cam - P2P video exchange for dance events</p>
+          <p>This is an automated email. Please do not reply.</p>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+
+  const textBody = `
+Hi ${firstName || 'there'}!
+
+Thanks for joining spotlight.cam! To start sharing dance videos with your event partners, please verify your email address.
+
+Option 1: Click this link to verify
+${verificationLink}
+
+Option 2: Enter this verification code
+${verificationCode}
+
+This code will expire in 24 hours.
+
+Didn't create an account? You can safely ignore this email.
+
+---
+spotlight.cam - P2P video exchange for dance events
+This is an automated email. Please do not reply.
+  `;
+
+  return sendEmail({ to: email, subject, htmlBody, textBody });
+}
+
+/**
+ * Send password reset email with link and code
+ * @param {string} email - User email
+ * @param {string} firstName - User first name
+ * @param {string} resetToken - Unique reset token
+ */
+async function sendPasswordResetEmail(email, firstName, resetToken) {
+  const resetLink = `${process.env.FRONTEND_URL}/reset-password?token=${resetToken}`;
+
+  const subject = 'Reset your spotlight.cam password';
+
+  const htmlBody = `
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; line-height: 1.6; color: #333; }
+        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+        .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; border-radius: 8px 8px 0 0; }
+        .content { background: #f9fafb; padding: 30px; border-radius: 0 0 8px 8px; }
+        .button { display: inline-block; background: #667eea; color: white; padding: 14px 30px; text-decoration: none; border-radius: 6px; margin: 20px 0; font-weight: 600; }
+        .footer { text-align: center; color: #666; font-size: 14px; margin-top: 30px; }
+        .warning { background: #fef3c7; border-left: 4px solid #f59e0b; padding: 15px; margin: 20px 0; }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <div class="header">
+          <h1>🔐 Password Reset</h1>
+        </div>
+        <div class="content">
+          <h2>Hi ${firstName || 'there'}! 👋</h2>
+          <p>We received a request to reset your password for your spotlight.cam account.</p>
+
+          <a href="${resetLink}" class="button">Reset Password</a>
+
+          <p style="font-size: 14px; color: #666;">This link will expire in 1 hour.</p>
+
+          <div class="warning">
+            <strong>⚠️ Security Notice</strong><br>
+            If you didn't request this password reset, please ignore this email. Your password will remain unchanged.
+          </div>
+        </div>
+        <div class="footer">
+          <p>spotlight.cam - P2P video exchange for dance events</p>
+          <p>This is an automated email. Please do not reply.</p>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+
+  const textBody = `
+Hi ${firstName || 'there'}!
+
+We received a request to reset your password for your spotlight.cam account.
+
+Click this link to reset your password:
+${resetLink}
+
+This link will expire in 1 hour.
+
+⚠️ Security Notice
+If you didn't request this password reset, please ignore this email. Your password will remain unchanged.
+
+---
+spotlight.cam - P2P video exchange for dance events
+This is an automated email. Please do not reply.
+  `;
+
+  return sendEmail({ to: email, subject, htmlBody, textBody });
+}
+
+/**
+ * Send welcome email after successful verification
+ * @param {string} email - User email
+ * @param {string} firstName - User first name
+ */
+async function sendWelcomeEmail(email, firstName) {
+  const subject = 'Welcome to spotlight.cam! 🎉';
+
+  const htmlBody = `
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; line-height: 1.6; color: #333; }
+        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+        .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; border-radius: 8px 8px 0 0; }
+        .content { background: #f9fafb; padding: 30px; border-radius: 0 0 8px 8px; }
+        .button { display: inline-block; background: #667eea; color: white; padding: 14px 30px; text-decoration: none; border-radius: 6px; margin: 20px 0; font-weight: 600; }
+        .feature { background: white; padding: 15px; margin: 10px 0; border-radius: 6px; border-left: 4px solid #667eea; }
+        .footer { text-align: center; color: #666; font-size: 14px; margin-top: 30px; }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <div class="header">
+          <h1>🎉 Welcome to spotlight.cam!</h1>
+        </div>
+        <div class="content">
+          <h2>Hi ${firstName || 'there'}! 👋</h2>
+          <p>Your email has been verified! You're all set to start using spotlight.cam.</p>
+
+          <h3>What you can do now:</h3>
+
+          <div class="feature">
+            <strong>🎪 Join Events</strong><br>
+            Browse upcoming dance events and join event chat rooms to meet other dancers.
+          </div>
+
+          <div class="feature">
+            <strong>💬 Match & Chat</strong><br>
+            Connect with event participants for video collaborations.
+          </div>
+
+          <div class="feature">
+            <strong>🎥 Share Videos P2P</strong><br>
+            Exchange dance videos directly with your partners using WebRTC - no server uploads!
+          </div>
+
+          <a href="${process.env.FRONTEND_URL}/events" class="button">Explore Events</a>
+
+          <p>Happy dancing! 💃🕺</p>
+        </div>
+        <div class="footer">
+          <p>spotlight.cam - P2P video exchange for dance events</p>
+          <p>Questions? Check out our FAQ or contact support.</p>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+
+  const textBody = `
+Hi ${firstName || 'there'}!
+
+Your email has been verified! You're all set to start using spotlight.cam.
+
+What you can do now:
+
+🎪 Join Events
+Browse upcoming dance events and join event chat rooms to meet other dancers.
+
+💬 Match & Chat
+Connect with event participants for video collaborations.
+
+🎥 Share Videos P2P
+Exchange dance videos directly with your partners using WebRTC - no server uploads!
+
+Visit: ${process.env.FRONTEND_URL}/events
+
+Happy dancing! 💃🕺
+
+---
+spotlight.cam - P2P video exchange for dance events
+Questions? Check out our FAQ or contact support.
+  `;
+
+  return sendEmail({ to: email, subject, htmlBody, textBody });
+}
+
+module.exports = {
+  sendEmail,
+  sendVerificationEmail,
+  sendPasswordResetEmail,
+  sendWelcomeEmail,
+};