openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(BUG-021): remove verification code from API response, send via email

Browse source 
- Replace Resend email service with nodemailer via local postfix relay
- Remove code field from POST /v1/signup/free response
- Send 6-digit verification code via email only (noreply@docfast.dev)
- Add extra_hosts for Docker-to-host SMTP relay
- Fire-and-forget email sending to avoid blocking API response
This commit is contained in:
OpenClaw 2026-02-14 19:10:45 +00:00
parent a67c16cd0f
commit 210fb26ec1
5 changed files with 50 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/routes/signup.ts
View file

@ -22,7 +22,6 @@ const verifyLimiter = rateLimit({
legacyHeaders: false,
});
// Pre-check: reject already-registered emails BEFORE rate limiting (BUG-022)
function rejectDuplicateEmail(req: Request, res: Response, next: Function) {
const { email } = req.body || {};
if (email && typeof email === "string") {
@ -35,7 +34,7 @@ function rejectDuplicateEmail(req: Request, res: Response, next: Function) {
next();
}
// Step 1: Request signup — generates 6-digit code
// Step 1: Request signup — generates 6-digit code, sends via email
router.post("/free", rejectDuplicateEmail, signupLimiter, async (req: Request, res: Response) => {
const { email } = req.body || {};
@ -53,15 +52,14 @@ router.post("/free", rejectDuplicateEmail, signupLimiter, async (req: Request, r
const pending = createPendingVerification(cleanEmail);
// TODO: Send code via email once SMTP is configured
// For now, return code in response for testing
console.log(`📧 Verification code for ${cleanEmail}: ${pending.code}`);
// Send verification code via email (fire-and-forget, don't block response)
sendVerificationEmail(cleanEmail, pending.code).catch(err => {
console.error(`Failed to send verification email to ${cleanEmail}:`, err);
});
res.json({
status: "verification_required",
message: "Check your email for a verification code",
email: cleanEmail,
code: pending.code, // TEMP: remove once email infra is live
message: "Check your email for the verification code.",
});
});
@ -87,7 +85,6 @@ router.post("/verify", verifyLimiter, (req: Request, res: Response) => {
switch (result.status) {
case "ok": {
const keyInfo = createFreeKey(cleanEmail);
// Mark as verified via legacy system too
const verification = createVerification(cleanEmail, keyInfo.key);
verification.verifiedAt = new Date().toISOString();