src/routes/signup.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

import argon2 from "argon2";
import express from "express";
import { users } from "../db/schema";
import { db } from "../db/db";
import { Infer, z } from "zod";
import { signJwt } from "../account/jwt";
import { eq } from "drizzle-orm";
import { verificationEmailQueue } from "../queue/email";
import { logger } from "../lib/pino";

/** Validates signup request with email and password fields */
const SignupBodySchema = z.object({
  email: z
    .email({ error: "Invalid email" })
    .nonempty({ error: "Email can't be empty" }),
  password: z.string(),
});

/**
 * Generates a random 6-digit verification code.
 * Used for email verification during signup.
 */
export function generate6DigitCode(): string {
  return Math.floor(Math.random() * 1_000_000)
    .toString()
    .padStart(6, "0");
}

const router: express.Router = express.Router();

router.post("/signup", async (req, res) => {
  const body: Infer<typeof SignupBodySchema> = req.body;
  logger.info({ email: body.email }, "Signup attempt initiated");

  const parsed = SignupBodySchema.safeParse(body);
  if (!parsed.success) {
    logger.warn(
      { email: body.email, error: parsed.error },
      "Signup validation failed",
    );
    return res.send({
      success: false,
      reason: parsed.error,
      token: "",
    });
  }

  const existingUsers = await db
    .select()
    .from(users)
    .where(eq(users.email, body.email));

  if (existingUsers.length > 0) {
    logger.warn({ email: body.email }, "Signup failed: email already in use");
    return res.send({
      success: false,
      reason: "Email already used!",
    });
  }

  const hashedPassword = await argon2.hash(body.password);
  const code = generate6DigitCode();

  const user = await db
    .insert(users)
    .values({
      email: body.email,
      password: hashedPassword,
      emailCode: code,
    })
    .returning();

  await verificationEmailQueue.add("sendVerificationEmail", {
    email: body.email,
    code,
  });

  logger.info(
    { userId: user[0]!.id, email: body.email },
    "Verification email queued",
  );

  const jwt = await signJwt(
    { id: user[0]!.id, type: "parent" },
    "urn:buddy:users",
  );

  logger.info(
    { userId: user[0]!.id, email: body.email },
    "User signup completed successfully",
  );

  res.send({
    success: true,
    token: jwt,
    reason: "",
  });
});

export default router;