Meik/vereinskalender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktueller Stand

Browse Source
This commit is contained in:
Meik
2026-01-15 23:18:42 +01:00
parent 46eae2a2a9
commit dcf45bac3d
32 changed files with 2625 additions and 395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
app/api/verify-email/request/route.ts
View File

@@ -2,6 +2,8 @@ import { randomUUID } from "crypto";
import { NextResponse } from "next/server";
import { prisma } from "../../../../lib/prisma";
import { sendMail } from "../../../../lib/mailer";
import { checkRateLimit, getRateLimitConfig } from "../../../../lib/rate-limit";
import { getClientIp } from "../../../../lib/request";
export async function POST(request: Request) {
const body = await request.json();
@@ -11,7 +13,23 @@ export async function POST(request: Request) {
return NextResponse.json({ error: "E-Mail erforderlich." }, { status: 400 });
}
const user = await prisma.user.findUnique({ where: { email } });
const normalizedEmail = String(email).trim().toLowerCase();
const ip = getClientIp(request);
const rateKey = `verify:${normalizedEmail}:${ip}`;
const rateConfig = getRateLimitConfig("RATE_LIMIT_VERIFY_EMAIL", 3);
const rate = await checkRateLimit({
key: rateKey,
limit: rateConfig.limit,
windowMs: rateConfig.windowMs
});
if (!rate.ok) {
return NextResponse.json(
{ error: "Zu viele Anfragen. Bitte später erneut versuchen." },
{ status: 429 }
);
}
const user = await prisma.user.findUnique({ where: { email: normalizedEmail } });
if (!user) {
return NextResponse.json({ ok: true });
}
@@ -20,13 +38,21 @@ export async function POST(request: Request) {
return NextResponse.json({ ok: true });
}
await prisma.verificationToken.deleteMany({ where: { identifier: email } });
const existingToken = await prisma.verificationToken.findFirst({
where: { identifier: normalizedEmail, expires: { gt: new Date() } }
});
if (existingToken) {
return NextResponse.json({ ok: true });
}
await prisma.verificationToken.deleteMany({ where: { identifier: normalizedEmail } });
const token = randomUUID();
const expires = new Date(Date.now() + 24 * 60 * 60 * 1000);
await prisma.verificationToken.create({
data: {
identifier: email,
identifier: normalizedEmail,
token,
expires
}
@@ -35,7 +61,7 @@ export async function POST(request: Request) {
const baseUrl = process.env.NEXTAUTH_URL || "http://localhost:3000";
const verifyUrl = `${baseUrl}/verify/confirm?token=${token}`;
await sendMail({
to: email,
to: normalizedEmail,
subject: "E-Mail verifizieren",
text: `Bitte verifiziere deine E-Mail: ${verifyUrl}`
});