monacousa-portal/server/api/auth/verify-email.get.ts

export default defineEventHandler(async (event) => {
  try {
    const { token } = getQuery(event);

    if (!token || typeof token !== 'string') {
      console.log('[verify-email] Missing or invalid token, redirecting to expired page');
      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
    }

    console.log('[verify-email] Processing verification token...');

    // Verify the token WITHOUT consuming it yet
    const { verifyEmailToken, consumeEmailToken } = await import('~/server/utils/email-tokens');
    const { userId, email } = await verifyEmailToken(token);

    // Update user verification status in Keycloak
    const { createKeycloakAdminClient } = await import('~/server/utils/keycloak-admin');
    const keycloak = createKeycloakAdminClient();
    
    let partialSuccess = false;
    let keycloakError = null;

    try {
      await keycloak.updateUserProfile(userId, {
        emailVerified: true,
        attributes: {
          lastLoginDate: new Date().toISOString()
        }
      });

      console.log('[verify-email] Successfully verified user:', userId, 'email:', email);
      
      // ONLY consume token after successful Keycloak update
      await consumeEmailToken(token);
      
    } catch (keycloakUpdateError: any) {
      console.error('[verify-email] Keycloak update failed:', keycloakUpdateError.message);
      
      // Check if this is a retryable error or a permanent failure
      if (keycloakUpdateError.message?.includes('error-user-attribute-required')) {
        // This is a configuration issue - don't consume token, allow retries
        console.log('[verify-email] Keycloak configuration error - token preserved for retry');
        partialSuccess = true;
        keycloakError = keycloakUpdateError.message;
      } else {
        // For other errors, still consume token to prevent infinite retries
        console.log('[verify-email] Consuming token despite Keycloak error to prevent loops');
        await consumeEmailToken(token);
        partialSuccess = true;
        keycloakError = keycloakUpdateError.message;
      }
    }

    // Build success redirect URL with query parameters
    const successUrl = new URL('/auth/verify-success', 'https://portal.monacousa.org');
    successUrl.searchParams.set('email', email);
    
    if (partialSuccess && keycloakError) {
      successUrl.searchParams.set('warning', 'partial');
      console.log('[verify-email] Redirecting to success page with partial warning');
    } else {
      console.log('[verify-email] Redirecting to success page - verification complete');
    }

    // Redirect to success page instead of returning JSON
    return sendRedirect(event, successUrl.pathname + successUrl.search, 302);

  } catch (error: any) {
    console.error('[verify-email] Verification failed:', error.message);

    // Redirect to appropriate error page instead of throwing errors
    if (error.message?.includes('expired')) {
      console.log('[verify-email] Token expired, redirecting to expired page');
      return sendRedirect(event, '/auth/verify-expired?reason=expired', 302);
    } else if (error.message?.includes('already used')) {
      console.log('[verify-email] Token already used, redirecting to expired page');
      return sendRedirect(event, '/auth/verify-expired?reason=used', 302);
    } else if (error.message?.includes('not found')) {
      console.log('[verify-email] Token not found, redirecting to expired page');
      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
    } else {
      console.log('[verify-email] Generic verification error, redirecting to expired page');
      return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);
    }
  }
});
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`export default defineEventHandler(async (event) => {`
			`try {`
			`const { token } = getQuery(event);`

			`if (!token \|\| typeof token !== 'string') {`
fixes 2025-08-13 17:16:22 +02:00			`console.log('[verify-email] Missing or invalid token, redirecting to expired page');`
			`return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`}`

			`console.log('[verify-email] Processing verification token...');`

Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`// Verify the token WITHOUT consuming it yet`
			`const { verifyEmailToken, consumeEmailToken } = await import('~/server/utils/email-tokens');`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`const { userId, email } = await verifyEmailToken(token);`

			`// Update user verification status in Keycloak`
			`const { createKeycloakAdminClient } = await import('~/server/utils/keycloak-admin');`
			`const keycloak = createKeycloakAdminClient();`
Refactor email verification to use JSON responses instead of redirects - Replace server-side redirects with JSON API responses for better error handling - Add support for partial success when Keycloak update fails but token is valid - Improve error messages with specific status codes (410 for expired, 409 for already used) - Extract email from API response instead of URL query parameters - Enable client-side navigation with proper error state management 2025-08-09 19:40:04 +02:00
			`let partialSuccess = false;`
Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`let keycloakError = null;`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00
			`try {`
			`await keycloak.updateUserProfile(userId, {`
			`emailVerified: true,`
			`attributes: {`
			`lastLoginDate: new Date().toISOString()`
			`}`
			`});`

			`console.log('[verify-email] Successfully verified user:', userId, 'email:', email);`

Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`// ONLY consume token after successful Keycloak update`
			`await consumeEmailToken(token);`

fixes 2025-08-13 17:16:22 +02:00			`} catch (keycloakUpdateError: any) {`
			`console.error('[verify-email] Keycloak update failed:', keycloakUpdateError.message);`
Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00
			`// Check if this is a retryable error or a permanent failure`
fixes 2025-08-13 17:16:22 +02:00			`if (keycloakUpdateError.message?.includes('error-user-attribute-required')) {`
Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`// This is a configuration issue - don't consume token, allow retries`
			`console.log('[verify-email] Keycloak configuration error - token preserved for retry');`
			`partialSuccess = true;`
fixes 2025-08-13 17:16:22 +02:00			`keycloakError = keycloakUpdateError.message;`
Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`} else {`
			`// For other errors, still consume token to prevent infinite retries`
			`console.log('[verify-email] Consuming token despite Keycloak error to prevent loops');`
			`await consumeEmailToken(token);`
			`partialSuccess = true;`
fixes 2025-08-13 17:16:22 +02:00			`keycloakError = keycloakUpdateError.message;`
Add circuit breaker pattern to email verification system Implement rate limiting and attempt tracking to prevent verification abuse and infinite reload loops. Add temporary blocking with clear user feedback, enhanced error states, and retry logic. Includes new verification state utilities and improved UI components for better user experience during blocked states. 2025-08-10 15:48:11 +02:00			`}`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`}`

fixes 2025-08-13 17:16:22 +02:00			`// Build success redirect URL with query parameters`
			`const successUrl = new URL('/auth/verify-success', 'https://portal.monacousa.org');`
			`successUrl.searchParams.set('email', email);`

			`if (partialSuccess && keycloakError) {`
			`successUrl.searchParams.set('warning', 'partial');`
			`console.log('[verify-email] Redirecting to success page with partial warning');`
			`} else {`
			`console.log('[verify-email] Redirecting to success page - verification complete');`
			`}`

			`// Redirect to success page instead of returning JSON`
			`return sendRedirect(event, successUrl.pathname + successUrl.search, 302);`
Refactor email verification to use JSON responses instead of redirects - Replace server-side redirects with JSON API responses for better error handling - Add support for partial success when Keycloak update fails but token is valid - Improve error messages with specific status codes (410 for expired, 409 for already used) - Extract email from API response instead of URL query parameters - Enable client-side navigation with proper error state management 2025-08-09 19:40:04 +02:00
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`} catch (error: any) {`
			`console.error('[verify-email] Verification failed:', error.message);`

fixes 2025-08-13 17:16:22 +02:00			`// Redirect to appropriate error page instead of throwing errors`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`if (error.message?.includes('expired')) {`
fixes 2025-08-13 17:16:22 +02:00			`console.log('[verify-email] Token expired, redirecting to expired page');`
			`return sendRedirect(event, '/auth/verify-expired?reason=expired', 302);`
			`} else if (error.message?.includes('already used')) {`
			`console.log('[verify-email] Token already used, redirecting to expired page');`
			`return sendRedirect(event, '/auth/verify-expired?reason=used', 302);`
			`} else if (error.message?.includes('not found')) {`
			`console.log('[verify-email] Token not found, redirecting to expired page');`
			`return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`} else {`
fixes 2025-08-13 17:16:22 +02:00			`console.log('[verify-email] Generic verification error, redirecting to expired page');`
			`return sendRedirect(event, '/auth/verify-expired?reason=invalid', 302);`
Add email verification system for user registration - Add SMTP configuration UI in admin panel with test functionality - Implement email verification workflow with tokens and templates - Add verification success/expired pages for user feedback - Include nodemailer, handlebars, and JWT dependencies - Create API endpoints for email config, testing, and verification 2025-08-08 22:51:14 +02:00			`}`
			`}`
			`});`