📧 feat: email verification (#2344)

* feat: verification email * chore: email verification invalid; localize: update * fix: redirect to login when signup: fix: save emailVerified correctly * docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true * fix: user needs to be authenticated * style: update * fix: registration success message and redirect logic * refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN * refactor: move checkEmailConfig to server/utils * refactor: use req as param for verifyEmail function * chore: jsdoc * chore: remove console log * refactor: rename `createNewUser` to `createSocialUser` * refactor: update typing and add expiresAt field to userSchema * refactor: begin use of user methods over direct model access for User * refactor: initial email verification rewrite * chore: typing * refactor: registration flow rewrite * chore: remove help center text * refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes * refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only * refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition * refactor: logout on deleteUser mutatation * refactor: Update openidStrategy login success message format * refactor: Add emailVerified field to Discord and Facebook profile details * refactor: move limiters to separate middleware dir * refactor: Add limiters for email verification and password reset * refactor: Remove getUserController and update routes and controllers accordingly * refactor: Update getUserById method to exclude password and version fields * refactor: move verification to user route, add resend verification option * refactor: Improve email verification process and resend option * refactor: remove more direct model access of User and remove unused code * refactor: replace user authentication methods and token generation * fix: add user.id to jwt user * refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter * fix(updateUserPluginsService): ensure userPlugins variable is defined * refactor: Delete all shared links for a specific user * fix: remove use of direct User.save() in handleExistingUser * fix(importLibreChatConvo): handle missing createdAt field in messages --------- Co-authored-by: Danny Avila <danny@librechat.ai>
2025-12-17 08:50:15 +01:00 · 2024-06-07 21:06:47 +02:00 · 2024-06-07 21:06:47 +02:00 · ee673d682e
commit ee673d682e
parent b7fef6958b
67 changed files with 1863 additions and 1117 deletions
--- a/api/server/controllers/UserController.js
+++ b/api/server/controllers/UserController.js
@ -1,14 +1,16 @@
 const {
-  User,
  Session,
  Balance,
  deleteFiles,
  deleteConvos,
  deletePresets,
  deleteMessages,
+  deleteUserById,
 } = require('~/models');
 const { updateUserPluginAuth, deleteUserPluginAuth } = require('~/server/services/PluginService');
 const { updateUserPluginsService, deleteUserKey } = require('~/server/services/UserService');
+const { verifyEmail, resendVerificationEmail } = require('~/server/services/AuthService');
+const { deleteAllSharedLinks } = require('~/models/Share');
 const { Transaction } = require('~/models/Transaction');
 const { logger } = require('~/config');

@ -59,7 +61,7 @@ const updateUserPluginsController = async (req, res) => {
    res.status(200).send();
  } catch (err) {
    logger.error('[updateUserPluginsController]', err);
-    res.status(500).json({ message: err.message });
+    return res.status(500).json({ message: 'Something went wrong.' });
  }
 };

@ -75,18 +77,50 @@ const deleteUserController = async (req, res) => {
    await deletePresets(user.id); // delete user presets
    await deleteConvos(user.id); // delete user convos
    await deleteUserPluginAuth(user.id, null, true); // delete user plugin auth
-    await User.deleteOne({ _id: user.id }); // delete user
+    await deleteUserById(user.id); // delete user
    await deleteFiles(null, user.id); // delete user files
+    await deleteAllSharedLinks(user.id); // delete user shared links
+    /* TODO: queue job for cleaning actions and assistants of non-existant users */
    logger.info(`User deleted account. Email: ${user.email} ID: ${user.id}`);
    res.status(200).send({ message: 'User deleted' });
  } catch (err) {
    logger.error('[deleteUserController]', err);
-    res.status(500).send({ message: err.message });
+    return res.status(500).json({ message: 'Something went wrong.' });
+  }
+};
+
+const verifyEmailController = async (req, res) => {
+  try {
+    const verifyEmailService = await verifyEmail(req);
+    if (verifyEmailService instanceof Error) {
+      return res.status(400).json(verifyEmailService);
+    } else {
+      return res.status(200).json(verifyEmailService);
+    }
+  } catch (e) {
+    logger.error('[verifyEmailController]', e);
+    return res.status(500).json({ message: 'Something went wrong.' });
+  }
+};
+
+const resendVerificationController = async (req, res) => {
+  try {
+    const result = await resendVerificationEmail(req);
+    if (result instanceof Error) {
+      return res.status(400).json(result);
+    } else {
+      return res.status(200).json(result);
+    }
+  } catch (e) {
+    logger.error('[verifyEmailController]', e);
+    return res.status(500).json({ message: 'Something went wrong.' });
  }
 };

 module.exports = {
  getUserController,
-  updateUserPluginsController,
  deleteUserController,
+  verifyEmailController,
+  updateUserPluginsController,
+  resendVerificationController,
 };