Skip to content

Require verified email for external launches#106

Merged
dekanbro merged 1 commit into
stagingfrom
feat/external-module-launch-auth
Jun 15, 2026
Merged

Require verified email for external launches#106
dekanbro merged 1 commit into
stagingfrom
feat/external-module-launch-auth

Conversation

@dekanbro

@dekanbro dekanbro commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Bug Fixes

    • External modules requiring email verification now enforce verified email status before allowing user launches. Unverified email accounts will receive a verification prompt and be blocked from access.
  • Documentation

    • Updated external module integration guide to reflect the email verification requirement for modules configured to use email as identity.

@dekanbro
dekanbro requested a review from Copilot June 15, 2026 14:35
@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 60ce9ecb-bc9c-4860-a03a-3787c8f88a6a

📥 Commits

Reviewing files that changed from the base of the PR and between c191d58 and a9a5622.

📒 Files selected for processing (3)
  • docs/external-module-integration-guide.md
  • src/app/(frontend)/api/modules/[slug]/launch/route.ts
  • tests/e2e/app.spec.ts

📝 Walkthrough

Walkthrough

The external module launch route gains a 403 guard that blocks token issuance when includeEmailInLaunch is configured but the user's emailVerifiedAt is unset. The signLaunchToken function also tightens its email claim condition to require a verified email. An e2e test validates the 403 path, and the integration guide documents the new requirement.

Changes

Email Verification Gate for External Module Launch

Layer / File(s) Summary
Launch route: 403 guard and email claim tightening
src/app/(frontend)/api/modules/[slug]/launch/route.ts
GET returns 403 when includeEmailInLaunch is set and emailVerifiedAt is missing; signLaunchToken adds the email claim only when emailVerifiedAt is also present.
E2E test: unverified user gets 403
tests/e2e/app.spec.ts
verifyModulesFeature now accepts a browser argument, sets emailVerifiedAt on the admin, creates an unverified launch user, and asserts the launch endpoint returns 403 for that user.
Docs: email verification requirement note
docs/external-module-integration-guide.md
Adds a note that includeEmailInLaunch requires the user's email to be verified before a launch token is issued.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • raid-guild/portal#26: Introduced the emailVerifiedAt field and signed email-verification flow that this PR relies on to gate the email claim in launch tokens.
  • raid-guild/portal#28: Added the unverified role and updated the email-verification promotion logic that underlies the unverified-user scenario tested here.

Poem

🐇 Hippity hop, the token won't pop,
If your email's not blessed with a verified dot!
The route checks the stamp before letting you through,
No verified seal? A 403 for you!
The rabbit guards tokens with care, it is true. 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Require verified email for external launches' directly and clearly summarizes the main change: adding verification of user email before issuing launch tokens for external modules.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/external-module-launch-auth

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens the signed external module launch flow by requiring a verified account email before issuing a launch token when the module is configured to include the user’s email claim.

Changes:

  • Enforce emailVerifiedAt for module launches when includeEmailInLaunch is enabled (returns 403 otherwise).
  • Update launch token signing to only include email when the user’s email is verified.
  • Extend the E2E suite and integration guide to cover/describe the new verification requirement.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
tests/e2e/app.spec.ts Adds an E2E case ensuring unverified users receive 403 when launching modules that include email in launch claims.
src/app/(frontend)/api/modules/[slug]/launch/route.ts Blocks unverified-email launches for includeEmailInLaunch modules and conditions the email claim on verification.
docs/external-module-integration-guide.md Documents the verified-email requirement for includeEmailInLaunch launches.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dekanbro
dekanbro merged commit 4e3970c into staging Jun 15, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants