fix/verification

[mitesh006]

Team Number : Team 126

Description

This PR implements email verification during user registration.

Users are now required to verify their email before being allowed to log in. A verification token is generated at registration, sent via email, and validated through a dedicated verification endpoint.

Login is restricted for users whose email has not been verified.

---

Related Issue

Closes #64

---

Type of Change

• New feature (non-breaking change which adds functionality)

---

Changes Made

• Added isEmailVerified, emailVerificationToken, and emailVerificationExpires fields to the User model
• Implemented secure token generation using crypto
• Created email verification template in email.service
• Added sendVerificationEmail function
• Added /api/auth/verify-email endpoint
• Restricted login for unverified users (403 response)
• Ensured verification tokens expire after 1 hour
• Added proper error handling using AppError

---

Screenshots (if applicable)

Before:
Users could log in immediately after registration without verifying their email.

After:

Users must verify their email before logging in. Login attempts before verification return a 403 error.

---

Testing

• Code builds successfully (npm run dev)
• Tested registration flow
• Verified email link works correctly
• Confirmed login is blocked before verification
• Confirmed login succeeds after verification
• No runtime crashes or console errors

---

Checklist

• My code follows the project's code style guidelines
• I have performed a self-review of my code
• I have commented my code where necessary
• My changes generate no new warnings
• I have tested my changes thoroughly
• All TypeScript types are properly defined (if applicable)
• I have read and followed the CONTRIBUTING.md guidelines

---

Additional Notes

Frontend currently auto-logs in users after registration. A separate frontend issue has been raised to update the registration flow to align with email verification requirements.

[krishnapaljadeja]

✅ PR Validation Passed

Hey @mitesh006! Your PR looks good. Here is what we found:

Field	Value
Team Number	Team 126
Linked Issue	Closes #64

A maintainer will review your PR within 24–48 hours. Stay responsive to feedback!

GDG CHARUSAT Open Source Contri Sprintathon

[aaleya5]

hey @mitesh006 please solve conflict, then run project, solve if any error persists and then commit

[krishnapaljadeja]

@mitesh006 can you please remove package-lock.json from commit and rebase it.thankyou

[krishnapaljadeja]

🎉 PR Merged — Points Awarded!

Congratulations @mitesh006! Your contribution has been merged.

Field	Value
Repo	Code_duel_backend
Team	Team 126
Contributor	@mitesh006
Level	Level 2 — Intermediate
Points Awarded	20 pts
Source	Linked Issue #64

The central leaderboard has been updated. Keep contributing!

GDG CHARUSAT Open Source Contri Sprintathon