patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/go-backend/internal/services/email_service.go
Patrick Britton 0954c1e2a3 feat: add Turnstile to login, improve email templates, and security cleanup 
- Add Cloudflare Turnstile verification to login flow
- Add API_BASE_URL and APP_BASE_URL to config for environment flexibility
- Redesign verification and password reset emails with modern HTML templates
- Use config URLs instead of hardcoded domains in auth handlers
- Remove sensitive logging from OTK operations for security
- Delete unused deployment and draft inspection scripts
- Add TURNSTILE_SITE_KEY to Flutter run
2026-02-06 08:51:34 -06:00

306 lines
10 KiB
Go
Raw Blame History

package services
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"strings"
"sync"
"time"
sender "github.com/koddr/go-email-sender"
"github.com/patbritton/sojorn-backend/internal/config"
"github.com/rs/zerolog/log"
)
type EmailService struct {
config *config.Config
token string
tokenExpires time.Time
mu sync.Mutex
}
func NewEmailService(cfg *config.Config) *EmailService {
return &EmailService{config: cfg}
}
// SendPulse API Structs
type sendPulseAuthResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
}
type sendPulseEmailRequest struct {
Email sendPulseEmailData `json:"email"`
}
type sendPulseEmailData struct {
HTML string `json:"html"`
Text string `json:"text"`
Subject string `json:"subject"`
From sendPulseIdentity `json:"from"`
To []sendPulseIdentity `json:"to"`
}
type sendPulseIdentity struct {
Name string `json:"name"`
Email string `json:"email"`
}
func (s *EmailService) SendVerificationEmail(toEmail, toName, token string) error {
subject := "Verify your Sojorn account"
// Ensure we don't double up on /api/v1 if it's already in the config
apiBase := strings.TrimSuffix(s.config.APIBaseURL, "/api/v1")
verifyURL := fmt.Sprintf("%s/api/v1/auth/verify?token=%s", apiBase, token)
title := "Email Verification"
header := fmt.Sprintf("Hey %s! 👋", toName)
if toName == "" {
header = "Hey there! 👋"
}
content := `
<p>Welcome to Sojorn — your vibrant new social space. We're thrilled to have you join our community!</p>
<p>To get started in the app, please verify your email address by clicking the button below:</p>
`
footer := `
<div style="background: #F9FAFB; border-radius: 12px; padding: 20px; margin-top: 24px; text-align: left;">
<p style="font-size: 13px; color: #9CA3AF; margin-bottom: 8px;">If the button doesn't work, copy and paste this link into your browser:</p>
<a href="%s" style="color: #4338CA; text-decoration: underline; word-break: break-all; font-size: 12px; font-weight: 500;">%s</a>
</div>
`
footer = fmt.Sprintf(footer, verifyURL, verifyURL)
htmlBody := s.buildHTMLEmail(title, header, content, verifyURL, "Verify My Email", footer)
textBody := fmt.Sprintf("Welcome to Sojorn! Please verify your email by clicking here: %s", verifyURL)
return s.sendEmail(toEmail, toName, subject, htmlBody, textBody)
}
func (s *EmailService) SendPasswordResetEmail(toEmail, toName, token string) error {
subject := "Reset your Sojorn password"
resetURL := fmt.Sprintf("%s/reset-password?token=%s", s.config.AppBaseURL, token)
title := "Password Reset"
header := "Reset your password"
content := fmt.Sprintf(`
<p>Hey %s,</p>
<p>You requested a password reset for your Sojorn account. Click the button below to set a new password:</p>
`, toName)
footer := `
<p style="color: #9CA3AF; font-size: 13px; margin-top: 24px;">This link expires in 1 hour. If you did not request this, you can safely ignore this email.</p>
`
htmlBody := s.buildHTMLEmail(title, header, content, resetURL, "Reset Password", footer)
textBody := fmt.Sprintf("Reset your Sojorn password: %s", resetURL)
return s.sendEmail(toEmail, toName, subject, htmlBody, textBody)
}
func (s *EmailService) sendEmail(toEmail, toName, subject, htmlBody, textBody string) error {
// Prefer SendPulse API
if s.config.SendPulseID != "" && s.config.SendPulseSecret != "" {
return s.sendViaSendPulse(toEmail, toName, subject, htmlBody, textBody)
}
// Fallback to Sender.net API (if configured)
if s.config.SenderAPIToken != "" {
log.Warn().Msg("Using deprecated Sender.net API token, consider migrating to SendPulse")
// Implementation omitted/deprecated to simplify
}
if s.config.SMTPHost == "" || s.config.SMTPUser == "" {
log.Warn().Msg("SMTP not configured, skipping email send")
return nil
}
// SMTP Fallback
emailSender := sender.NewEmailSender(
s.config.SMTPUser,
s.config.SMTPPass,
s.config.SMTPHost,
s.config.SMTPPort,
)
// SMTP Fallback - Send HTML email
err := emailSender.SendHTMLEmail(
"Sojorn", // from name
[]string{toEmail}, // recipients
nil, // cc
subject, // subject
htmlBody, // html body
nil, // attachments
)
if err != nil {
log.Error().Err(err).Msg("Failed to send email via SMTP")
return err
}
log.Info().Msgf("Email sent to %s via SMTP", toEmail)
return nil
}
func (s *EmailService) getSendPulseToken() (string, error) {
s.mu.Lock()
defer s.mu.Unlock()
if s.token != "" && time.Now().Before(s.tokenExpires) {
return s.token, nil
}
url := "https://api.sendpulse.com/oauth/access_token"
payload := map[string]string{
"grant_type": "client_credentials",
"client_id": s.config.SendPulseID,
"client_secret": s.config.SendPulseSecret,
}
jsonData, _ := json.Marshal(payload)
resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
return "", err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, _ := io.ReadAll(resp.Body)
log.Error().Str("body", string(body)).Int("status", resp.StatusCode).Msg("Failed to get SendPulse Token")
return "", fmt.Errorf("failed to auth sendpulse: %d", resp.StatusCode)
}
var authResp sendPulseAuthResponse
if err := json.NewDecoder(resp.Body).Decode(&authResp); err != nil {
return "", err
}
s.token = authResp.AccessToken
s.tokenExpires = time.Now().Add(time.Duration(authResp.ExpiresIn-60) * time.Second) // Buffer 60s
log.Info().Msg("Authenticated with SendPulse")
return s.token, nil
}
func (s *EmailService) sendViaSendPulse(toEmail, toName, subject, htmlBody, textBody string) error {
token, err := s.getSendPulseToken()
if err != nil {
return err
}
url := "https://api.sendpulse.com/smtp/emails"
// Determine correct FROM email
fromEmail := s.config.SMTPFrom
if fromEmail == "" {
fromEmail = "no-reply@sojorn.net"
}
reqBody := sendPulseEmailRequest{
Email: sendPulseEmailData{
HTML: htmlBody,
Text: textBody,
Subject: subject,
From: sendPulseIdentity{
Name: "Sojorn",
Email: fromEmail,
},
To: []sendPulseIdentity{
{Name: toName, Email: toEmail},
},
},
}
jsonData, _ := json.Marshal(reqBody)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
if err != nil {
return err
}
req.Header.Set("Authorization", "Bearer "+token)
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: 10 * time.Second}
resp, err := client.Do(req)
if err != nil {
log.Error().Err(err).Msg("Failed to call SendPulse API")
return err
}
defer resp.Body.Close()
bodyBytes, _ := io.ReadAll(resp.Body)
if resp.StatusCode >= 400 {
log.Error().Int("status", resp.StatusCode).Str("body", string(bodyBytes)).Msg("SendPulse API Error")
// If 401, maybe token expired? Reset token and retry once?
if resp.StatusCode == 401 {
s.mu.Lock()
s.token = ""
s.mu.Unlock()
// Simple retry logic could be added here
}
return fmt.Errorf("sendpulse error: %s", string(bodyBytes))
}
log.Info().Msgf("Email sent to %s via SendPulse", toEmail)
return nil
}
func (s *EmailService) AddSubscriber(email, name string) {
// SendPulse Addressbook API implementation omitted for brevity, focusing on email first
// Endpoint: POST /addressbooks/{id}/emails
}
func (s *EmailService) buildHTMLEmail(title, header, content, buttonURL, buttonText, footer string) string {
return fmt.Sprintf(`
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>%s</title>
</head>
<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; margin: 0; padding: 0; background-color: #F3F4F6;">
<div style="padding: 40px 20px; background-color: #F3F4F6;">
<div style="max-width: 520px; margin: 0 auto; background-color: #ffffff; border-radius: 24px; overflow: hidden; box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1);">
<!-- Header -->
<div style="background: linear-gradient(135deg, #4338CA 0%%, #6366F1 100%%); padding: 40px; text-align: center;">
<img src="https://sojorn.net/web.png" alt="Sojorn" style="width: 80px; height: 80px; border-radius: 20px; margin-bottom: 16px;">
<div style="color: #ffffff; font-size: 12px; font-weight: 600; letter-spacing: 1px; text-transform: uppercase; opacity: 0.9;">%s</div>
</div>
<!-- Content -->
<div style="padding: 40px; text-align: center; color: #374151;">
<h1 style="color: #1F2937; font-size: 24px; font-weight: 700; margin-bottom: 16px;">%s</h1>
<div style="font-size: 16px; line-height: 1.6; color: #4B5563; margin-bottom: 32px;">
%s
</div>
<a href="%s" style="display: inline-block; padding: 16px 40px; background-color: #4338CA; color: #ffffff; text-decoration: none; border-radius: 12px; font-weight: 600; font-size: 16px; box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);">
%s
</a>
%s
</div>
<!-- Footer -->
<div style="padding: 32px; text-align: center; background-color: #F9FAFB; border-top: 1px solid #E5E7EB;">
<p style="font-size: 12px; color: #9CA3AF; margin-bottom: 8px;">© 2026 Sojorn by MPLS LLC. All rights reserved.</p>
<div style="font-size: 12px; color: #9CA3AF;">
<a href="https://sojorn.net" style="color: #9CA3AF; text-decoration: none; margin: 0 8px;">Website</a> •
<a href="https://sojorn.net/privacy" style="color: #9CA3AF; text-decoration: none; margin: 0 8px;">Privacy</a> •
<a href="https://sojorn.net/terms" style="color: #9CA3AF; text-decoration: none; margin: 0 8px;">Terms</a>
</div>
</div>
</div>
</div>
</body>
</html>
`, title, title, header, content, buttonURL, buttonText, footer)
}
Reference in a new issue View git blame Copy permalink