Part 2: Email Verification

In this third installment of building Touchbase, I will go in depth about creating an email verification system using Couchbase, nodemailer, and the Sendgrid Web API. The first thing you will need to do is download a couple of node modules.

The first two installments, Part 0 and Part 1, cover the data model and user document creation, respectively.

Platform Requirements

  • Node.js
  • Express.js
  • A Sendgrid API account
  • HTML email generator OR hand composed HTML email

Node Modules used

  • Couchbase Node.js SDK/N1QL (access to Couchbase)
  • body-parser (convert JSON strings to JSON obj)
  • uuid (to generate verification doc ID)
  • nodemailer (send emails from our email confirm API)
  • nodemailer-sendgrid-transport (send nodemailer emails through Sendgrid)

 

First, to bring in the node modules, do:

Then:

If you’re not familiar with Node, npm simply installs modules for you. The ‘–save’ ending will add these modules to your package.json file. From the Touchbase github repo, you will see that these are already in the package.json file.

First, create a Sendgrid account to use their free web API. I will assume you have this, and continue on. After that, you will need to do some simple setup of the Sendgrid API to actually send emails using Sendgrid and nodemailer. The explanation of using these two services together is in Sendgrid’s blog and I will go further using that code snippet. My usage of this in the models/sessionmodel.js file in a function called ‘Session.makeVerification’. The endpoint where this function is called can be found in routes/routes.js as ‘/api/registerUser’, which I talked about at length in my last blog. This function is called at the end of that route to generate a verification email, which the user must click before logging into their account, to avoid abuse of the service.

In the models/usermodel.js file, the ‘User.create’ function has a boolean field in the sub-object ‘login’ called ’emailVerified’. The importance of this, is that our verification route will change this attribute of the user to true, allowing them to login if their email has been verified.

‘Session.makeVerification’ function

Then we call the Email.create model. If you look into the models/emailmodel.js file, you will see an example of how this is done. This simply makes use of an HTML to Javascript string converter which generates a Javascript string that is converted into an HTML email in the Sendgrid API.

In our ‘Session.makeVerification’ function, we do some basic setup for the nodemailer and Sendgrid APIs. Put in the options, as well as an API username and password which were setup when you created your Sendgrid account. I chose to use the Sendgrid API and not a personal email account with Nodemailer because Sendgrid allows tracking of all emails, and ensures that they are delivered in time. It will also ensure that none of the emails fall into spam bins, promotion filters, etc. In this way, the emails will be sent securely, and can also be aliased with any email address we desire. In this case I use ‘touchbase-noreply@couchbase.com’ which is not an official email, but will clearly show that the email is sent from Touchbase to the user. This can be done without the user of the Sendgrid API as well.

The next part of ‘Session.makeVerification’ takes us to ‘Email.create’ to build the HTML template for the emails we will send to users, which calls a function in models/emailmodel.js. If you look closely, this function takes an HTML email file and turns it into a Javascript string. Generating HTML emails is a little different than HTML files, as explained in this great mailchimp article. I then used an HTML to Javascript string generator to return the string in the ‘Email.create’ function, which is used as the HTML for the nodemailer email. I pass the req object from the ‘Session.makeVerification’ function to this function, so that it can generate the URL that was used to access the page. This way, if someone was to change the domain for the site, or the IP address that they were testing on, it would consistently generate the right URL for the verification email. The place where this URL is changed is the ‘href’ for the HTML page’s ‘Verify’ button, so that when they click the link, it sends them to the URL of their verification ID at ‘/api/verify/:verificationID’. You can see this API in the routes/routes.js file.

‘/api/verify/:verificationID’ API

Via this funciton, we finally send the email verification, so the user will be required to verify the email before they can access their account. The user’s email verification button will link them to the ‘api/verify/:verificationID’ page, where the API will then take the verification ID, as ‘req.params.verificationID’. It will then send this to a function called ‘Session.verify’ in models/sessionmodel.js. This function takes this verificationID, and checks that it exists. It then changes the status of the associated user’s user document, and sets its ‘login.emailVerified’ attribute to true, allowing the user to login. Finally, it deletes the verification document completing the registration process and setting up the application to let the user login.

‘Session.verify’ function

To summarize, we covered how Touchbase generates documents for the email verification process, generates the HTML mail to the user and then updates the user profile once verification has been completed. If you have any questions or feedback, please comment below.

Posted by Pranav Mayuram

Leave a reply