Add email verification

README.md

@@ -46,3 +46,5 @@ cat /proc/cpuinfo | grep pclmulqdq # This one is required for simd-json to compi
 cat /proc/cpuinfo | grep avx2      # Either this one or...
 cat /proc/cpuinfo | grep sse4_2    # this one are required as well as pclmulqdq
 ```
+### What operating systems do you support?
+For the client.... almost all of them. For the server, Linux and FreeBSD are supported.

ferrischat_webserver/Cargo.toml

@@ -33,6 +33,8 @@ nix = { git = "https://github.com/nix-rust/nix" }
 http = "0.2"
 bytes = "*"
 tokio-tungstenite = "0.15"
+lettre = { version = "0.10.0-rc.4", features = ["tokio1", "tokio1_rustls", "tokio1-rustls-tls", "builder", "pool", "hostname", "smtp-transport"], default-features = false }
+check-if-email-exists = "0.8"
 simd-json = { version = "0.4", features = ["128bit"] }
 
 ferrischat_db = { path = "../ferrischat_db", version = "0.1" }

ferrischat_webserver/src/auth/mod.rs

@@ -4,3 +4,4 @@ mod token_gen;
 
 pub use auth_struct::Authorization;
 pub use get_token::*;
+pub use token_gen::*;

ferrischat_webserver/src/entrypoint.rs

@@ -1,3 +1,13 @@
+use actix_web::http::StatusCode;
+use actix_web::{web, App, HttpResponse, HttpServer};
+use ring::rand::{SecureRandom, SystemRandom};
+
+use ferrischat_auth::init_auth;
+use ferrischat_db::load_db;
+use ferrischat_macros::expand_version;
+use ferrischat_redis::load_redis;
+use ferrischat_ws::{init_ws_server, preload_ws};
+
 use crate::auth::get_token;
 use crate::channels::*;
 use crate::guilds::*;
@@ -7,14 +17,6 @@ use crate::messages::*;
 use crate::not_implemented::not_implemented;
 use crate::users::*;
 use crate::ws::*;
-use actix_web::http::StatusCode;
-use actix_web::{web, App, HttpResponse, HttpServer};
-use ferrischat_auth::init_auth;
-use ferrischat_db::load_db;
-use ferrischat_macros::expand_version;
-use ferrischat_redis::load_redis;
-use ferrischat_ws::{init_ws_server, preload_ws};
-use ring::rand::{SecureRandom, SystemRandom};
 
 #[allow(clippy::expect_used)]
 pub async fn entrypoint() {
@@ -180,6 +182,14 @@ pub async fn entrypoint() {
                 expand_version!("guilds/{guild_id}/members/{user_id}/role/{role_id}"),
                 web::delete().to(roles::remove_member_role),
             )
+            .route(
+                expand_version!("verify"),
+                web::post().to(send_verification_email),
+            )
+            .route(
+                expand_version!("verify/{token}"),
+                web::get().to(verify_email),
+            )
             .route(
                 expand_version!("teapot"),
                 web::get().to(async || HttpResponse::new(StatusCode::IM_A_TEAPOT)),

ferrischat_webserver/src/users/mod.rs

@@ -2,8 +2,10 @@ mod create_user;
 mod delete_user;
 mod edit_user;
 mod get_user;
+mod verify_user;
 
 pub use create_user::*;
 pub use delete_user::*;
 pub use edit_user::*;
 pub use get_user::*;
+pub use verify_user::*;

ferrischat_webserver/src/users/verify_user.rs

@@ -0,0 +1,188 @@
+use actix_web::{web, HttpResponse, Responder};
+use check_if_email_exists::{check_email, CheckEmailInput, Reachable};
+use ferrischat_common::types::{InternalServerErrorJson, NotFoundJson};
+use lettre::{
+    transport::smtp::authentication::Credentials, AsyncSmtpTransport, AsyncTransport, Message,
+    Tokio1Executor,
+};
+
+use ferrischat_redis::{redis::AsyncCommands, REDIS_MANAGER};
+/// POST /v0/verify
+pub async fn send_verification_email(auth: crate::Authorization) -> impl Responder {
+    let db = get_db_or_fail!();
+    let authorized_user = auth.0;
+    let user_email = match sqlx::query!(
+        "SELECT email FROM users WHERE id = $1",
+        u128_to_bigdecimal!(authorized_user)
+    )
+    .fetch_one(db)
+    .await
+    {
+        Ok(email) => email.email,
+        Err(e) => {
+            return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                reason: format!("Database returned a error: {}", e),
+            })
+        }
+    };
+    let checker_input = CheckEmailInput::new(vec![user_email.clone().into()]);
+    let checked_email = check_email(&checker_input).await;
+    if checked_email[0].syntax.is_valid_syntax {
+        if checked_email[0].is_reachable == Reachable::Safe
+            || checked_email[0].is_reachable == Reachable::Risky
+            || checked_email[0].is_reachable == Reachable::Unknown
+        {
+            // get configs
+            let mut redis = REDIS_MANAGER
+                .get()
+                .expect("redis not initialized: call load_redis before this")
+                .clone();
+            let host = match redis
+                .get::<String, String>("config:email:host".to_string())
+                .await
+            {
+                Ok(r) => r,
+                Err(_) => {
+                    return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                        reason: format!("No SMTP server host set."),
+                    })
+                }
+            };
+            let username = match redis
+                .get::<String, String>("config:email:username".to_string())
+                .await
+            {
+                Ok(r) => r,
+                Err(_) => {
+                    return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                        reason: format!("No SMTP server username set."),
+                    })
+                }
+            };
+            let password = match redis
+                .get::<String, String>("config:email:password".to_string())
+                .await
+            {
+                Ok(r) => r,
+                Err(_) => {
+                    return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                        reason: format!("No SMTP server password set."),
+                    })
+                }
+            };
+            let token = match crate::auth::generate_random_bits() {
+                Some(b) => base64::encode_config(b, base64::URL_SAFE),
+                None => {
+                    return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                        reason: "failed to generate random bits for token generation".to_string(),
+                    })
+                }
+            };
+            let message = match Message::builder()
+                .from("Ferris <[email protected]>".parse().unwrap())
+                .reply_to("Ferris <[email protected]>".parse().unwrap())
+                .to(user_email.parse().unwrap())
+                .subject("FerrisChat Email Verification")
+                .body(String::from(format!("Welcome to FerrisChat!<br><a href=\"https://api.ferris.chat/v0/verify/{}\">Click here to verify \
+        your email!</a> (expires in 1 hour) <br><br> If you don't know what this is, reset your token and change \
+        your password ASAP.", token))) {
+                Ok(m) => m,
+                Err(e) => return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                    reason: format!("This should not have happened. Submit a bug report on \
+                    https://github.com/ferrischat/server/issues with the error `{}`", e),
+                }),
+            };
+
+            let mail_creds = Credentials::new(username.to_string(), password.to_string());
+
+            // Open a remote connection to the mailserver
+            let mailer: AsyncSmtpTransport<Tokio1Executor> =
+                match AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(host.as_str()) {
+                    Ok(m) => m.credentials(mail_creds).build(),
+                    Err(e) => {
+                        return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                            reason: format!(
+                                "Error creating SMTP transport! Please submit a bug report on \
+                    https://github.com/ferrischat/server/issues with the error `{}`",
+                                e
+                            ),
+                        })
+                    }
+                };
+
+            // Send the email
+            if let Err(e) = mailer.send(message).await {
+                return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                    reason: format!(
+                        "Mailer failed to send correctly! Please submit a bug report \
+                    on https://github.com/ferrischat/server/issues with the error `{}`",
+                        e
+                    ),
+                });
+            }
+            // writes the token to redis
+            if let Err(e) = redis
+                .set_ex::<String, String, String>(
+                    format!("email:tokens:{}", token),
+                    user_email,
+                    86400,
+                )
+                .await
+            {
+                return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                    reason: format!("Redis returned a error: {}", e),
+                });
+            }
+            HttpResponse::Ok().finish()
+        } else {
+            HttpResponse::Conflict().json(InternalServerErrorJson {
+                reason: format!("Email deemed unsafe to send to. Is it a real email?"),
+            })
+        }
+    } else {
+        HttpResponse::Conflict().json(InternalServerErrorJson {
+            reason: format!("Email {} is invalid.", user_email),
+        })
+    }
+}
+/// GET /v0/verify/{token}
+pub async fn verify_email(path: web::Path<String>) -> impl Responder {
+    let token = path.into_inner();
+    let redis_key = format!("email:tokens:{}", token);
+
+    let mut redis = REDIS_MANAGER
+        .get()
+        .expect("redis not initialized: call load_redis before this")
+        .clone();
+    let email = match redis.get::<String, Option<String>>(redis_key.clone()).await {
+        Ok(Some(email)) => {
+            if let Err(e) = redis.del::<String, i32>(redis_key).await {
+                return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                    reason: format!("Redis returned a error: {}", e),
+                });
+            }
+            email
+        }
+        Ok(None) => {
+            return HttpResponse::NotFound().json(NotFoundJson {
+                message: format!("This token has expired or was not found."),
+            });
+        }
+        Err(e) => {
+            return HttpResponse::InternalServerError().json(InternalServerErrorJson {
+                reason: format!("Redis returned a error: {}", e),
+            });
+        }
+    };
+    let db = get_db_or_fail!();
+    if let Err(e) = sqlx::query!("UPDATE users SET verified = true WHERE email = $1", email)
+        .execute(db)
+        .await
+    {
+        HttpResponse::InternalServerError().json(InternalServerErrorJson {
+            reason: format!("Database returned a error: {}", e),
+        })
+    } else {
+        HttpResponse::Ok().body("Verified email. You can close this page.")
+    }
+}

migrations/20211116070235_add_verified_column.sql

@@ -0,0 +1,2 @@
+-- Add migration script here
+ALTER TABLE users ADD COLUMN verified BOOLEAN DEFAULT false;