Part 2: Email Verification
In this third installment of building Touchbase, I will go in depth about creating an email verification system using Couchbase, nodemailer, and the Sendgrid Web API. The first thing you will need to do is download a couple of node modules.
- A Sendgrid API account
- HTML email generator OR hand composed HTML email
Node Modules used
- Couchbase Node.js SDK/N1QL (access to Couchbase)
- body-parser (convert JSON strings to JSON obj)
- uuid (to generate verification doc ID)
- nodemailer (send emails from our email confirm API)
- nodemailer-sendgrid-transport (send nodemailer emails through Sendgrid)
First, to bring in the node modules, do:
$ npm install nodemailer --save
$ npm install nodemailer-sendgrid-transport --save
If you’re not familiar with Node, npm simply installs modules for you. The ‘–save’ ending will add these modules to your package.json file. From the Touchbase github repo, you will see that these are already in the package.json file.
First, create a Sendgrid account to use their free web API. I will assume you have this, and continue on. After that, you will need to do some simple setup of the Sendgrid API to actually send emails using Sendgrid and nodemailer. The explanation of using these two services together is in Sendgrid’s blog and I will go further using that code snippet. My usage of this in the models/sessionmodel.js file in a function called ‘Session.makeVerification’. The endpoint where this function is called can be found in routes/routes.js as ‘/api/registerUser’, which I talked about at length in my last blog. This function is called at the end of that route to generate a verification email, which the user must click before logging into their account, to avoid abuse of the service.
In the models/usermodel.js file, the ‘User.create’ function has a boolean field in the sub-object ‘login’ called ’emailVerified’. The importance of this, is that our verification route will change this attribute of the user to true, allowing them to login if their email has been verified.
In our ‘Session.makeVerification’ function, we do some basic setup for the nodemailer and Sendgrid APIs. Put in the options, as well as an API username and password which were setup when you created your Sendgrid account. I chose to use the Sendgrid API and not a personal email account with Nodemailer because Sendgrid allows tracking of all emails, and ensures that they are delivered in time. It will also ensure that none of the emails fall into spam bins, promotion filters, etc. In this way, the emails will be sent securely, and can also be aliased with any email address we desire. In this case I use ‘firstname.lastname@example.org’ which is not an official email, but will clearly show that the email is sent from Touchbase to the user. This can be done without the user of the Sendgrid API as well.
Via this funciton, we finally send the email verification, so the user will be required to verify the email before they can access their account. The user’s email verification button will link them to the ‘api/verify/:verificationID’ page, where the API will then take the verification ID, as ‘req.params.verificationID’. It will then send this to a function called ‘Session.verify’ in models/sessionmodel.js. This function takes this verificationID, and checks that it exists. It then changes the status of the associated user’s user document, and sets its ‘login.emailVerified’ attribute to true, allowing the user to login. Finally, it deletes the verification document completing the registration process and setting up the application to let the user login.
To summarize, we covered how Touchbase generates documents for the email verification process, generates the HTML mail to the user and then updates the user profile once verification has been completed. If you have any questions or feedback, please comment below.