buster/email_verification.go at master · zood/buster · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package main

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strings"

	"zood.xyz/buster/oscar"
)

func disavowEmailHandler(w http.ResponseWriter, r *http.Request) {
	tmplName := "disavow-email.html"
	data := map[string]interface{}{
		"title":        "Disavow Email | Zood",
		"cssPath":      "/css/email-verification.css",
		"activeHeader": "",
	}

	rsrcs := resourcesFromContext(r.Context())
	token := r.URL.Query().Get("t")
	token = strings.TrimSpace(token)
	if token == "" {
		data["line1"] = "The email token is missing."
		data["line2"] = "Double check the URL then try again."
		rsrcs.ExecuteTemplate(tmplName, w, data)
		return
	}

	endpoint := fmt.Sprintf("https://api.zood.xyz/1/email-verifications/%s", token)
	req, err := http.NewRequest(http.MethodDelete, endpoint, nil)
	if err != nil {
		internalError(w, r, err)
		return
	}
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		internalError(w, r, err)
		return
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		buf, err := io.ReadAll(resp.Body)
		if err != nil {
			err = fmt.Errorf("problem reading error response while disavowing token '%s': %v", token, err)
			internalError(w, r, err)
			return
		}
		err = fmt.Errorf("problem disavowing token '%s':\noscar responded with %d: %s", token, resp.StatusCode, buf)
		internalError(w, r, err)
		return
	}

	data["line1"] = "We've removed your email address from our system."
	data["line2"] = "Sorry for the inconvenience."
	rsrcs.ExecuteTemplate(tmplName, w, data)
}

func verifyEmailHandler(w http.ResponseWriter, r *http.Request) {
	tmplName := "verify-email.html"
	data := map[string]interface{}{
		"title":        "Verify Email | Zood",
		"cssPath":      "/css/email-verification.css",
		"activeHeader": "",
	}

	rsrcs := resourcesFromContext(r.Context())
	token := r.URL.Query().Get("t")
	token = strings.TrimSpace(token)
	if token == "" {
		data["line1"] = "The email token is missing."
		data["line2"] = "Double check the URL then try again."
		rsrcs.ExecuteTemplate(tmplName, w, data)
		return
	}

	postBody := struct {
		Token string `json:"token"`
	}{Token: token}
	postData, _ := json.Marshal(postBody)
	endpoint := "https://api.zood.xyz/1/email-verifications"
	req, err := http.NewRequest(http.MethodPost, endpoint, bytes.NewReader(postData))
	if err != nil {
		internalError(w, r, err)
		return
	}
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		internalError(w, r, err)
		return
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		errBody := struct {
			Msg  string `json:"error_message"`
			Code int    `json:"error_code"`
		}{}
		err := json.NewDecoder(resp.Body).Decode(&errBody)
		if err != nil {
			internalError(w, r, err)
			return
		}

		if errBody.Code == oscar.ErrorMissingVerificationToken {
			data["line1"] = "Hmm… that token doesn't seem to be valid."
			data["line2"] = "Did you already verify your email? If not, double check the URL then try again."
			rsrcs.ExecuteTemplate(tmplName, w, data)
			return
		}

		// unexpected api response. probably a 500 from oscar
		err = fmt.Errorf("unexpected response from oscar while attempting to verify token '%s': %d - %s",
			token,
			errBody.Code,
			errBody.Msg)
		internalError(w, r, err)
		return
	}

	data["line1"] = "Your email has been verified!"
	data["line2"] = "It's safe to close this window."

	rsrcs.ExecuteTemplate(tmplName, w, data)
}