many fixes and improvements - rework for modules/ and common/

feat(emailer): add Postmark and Resend providers
2025-06-06 12:21:43 -04:00
parent 31ba18fa8d
commit 25b94d3e02
313 changed files with 6586 additions and 18260 deletions
--- a/backend/Modules/Identity/Handlers/ForgotPassword.cs
+++ b/backend/Modules/Identity/Handlers/ForgotPassword.cs
@@ -0,0 +1,65 @@
+using System.Text;
+using System.Web;
+using Hutopy.Infrastructure.Configuration;
+using Hutopy.Infrastructure.Emailer.Contracts;
+using Hutopy.Modules.Identity.Data;
+using Microsoft.Extensions.Options;
+
+namespace Hutopy.Modules.Identity.Handlers;
+
+[PublicAPI]
+public record ForgotPasswordRequest(
+    string Email);
+
+[PublicAPI]
+public class ForgotPasswordHandler(
+    UserManager userManager,
+    IEmailSender emailSender,
+    IOptionsSnapshot<WebsiteOptions> options)
+    : Endpoint<ForgotPasswordRequest>
+{
+    public override void Configure()
+    {
+        AllowAnonymous();
+        Post("/api/users/forgot-password");
+        Options(o => o.WithTags("Users"));
+    }
+
+    public override async Task HandleAsync(
+        ForgotPasswordRequest request,
+        CancellationToken ct)
+    {
+        // Find user by email
+        var user = await userManager.FindByEmailAsync(request.Email);
+        
+        // Always return OK even if user not found to prevent email enumeration
+        if (user is null)
+        {
+            await SendOkAsync(ct);
+            return;
+        }
+
+        // Generate password reset token
+        var token = await userManager.GeneratePasswordResetTokenAsync(user);
+        
+        // URL encode the token as it may contain characters that are not URL safe
+        var encodedToken = HttpUtility.UrlEncode(token);
+        
+        // Build reset link
+        var resetLink = $"{options.Value.FrontendBaseUrl}/reset-password?email={HttpUtility.UrlEncode(request.Email)}&token={encodedToken}";
+        
+        // TODO: Write a better email template
+        var subject = "Reset Your Password";
+        var message = new StringBuilder()
+            .AppendLine("<h1>Reset Your Password</h1>")
+            .AppendLine("<p>Please click the link below to reset your password:</p>")
+            .AppendLine($"<p><a href=\"{resetLink}\">Reset Password</a></p>")
+            .AppendLine("<p>If you did not request a password reset, please ignore this email.</p>")
+            .ToString();
+        
+        // Send email
+        await emailSender.SendEmailAsync(request.Email, subject, message);
+        
+        await SendOkAsync(ct);
+    }
+}