Merge pull request #198 from Hestia-Homes/bug/magic-email-flagged-as-phish

Bug/magic email flagged as phish: Updated link of login email to be Microsoft Defender friendly
2026-06-08 11:37:25 +00:00 · 2026-03-10 17:59:42 +00:00 · 2026-03-10 17:59:42 +00:00 · 18001a37bb
commit 18001a37bb
parent dbe3a96ac4 48861496ee
3 changed files with 45 additions and 20 deletions
--- a/src/app/email_templates/magic_link.ts
+++ b/src/app/email_templates/magic_link.ts
@ -27,7 +27,7 @@ export async function MagicLinksEmail({
  }

  // Create a clean login link instead of the NextAuth callback
-  const loginUrl = `${parsed.origin}/login/${token}/${encodeURIComponent(email)}`;
+  const loginUrl = `${parsed.origin}/verify/${token}`;

  const transport = createTransport(provider.server);

--- a/src/app/login/[token]/[email]/page.tsx
+++ b/src/app/login/[token]/[email]/page.tsx
@ -1,19 +0,0 @@
-import { redirect } from "next/navigation";
-
-export default async function LoginPage({
-  params,
-}: {
-  params: Promise<{ token: string; email: string }>;
-}) {
-  const { token, email } = await params;
-
-  if (!token || !email) {
-    redirect("/");
-  }
-
-  const decodedEmail = decodeURIComponent(email);
-
-  redirect(
-    `/api/auth/callback/email?token=${token}&email=${encodeURIComponent(decodedEmail)}`,
-  );
-}
--- a/src/app/verify/[token]/page.tsx
+++ b/src/app/verify/[token]/page.tsx
@ -0,0 +1,44 @@
+import { redirect } from "next/navigation";
+import { db } from "@/app/db/db";
+import { verificationTokens } from "@/app/db/schema/users";
+import { eq } from "drizzle-orm";
+import crypto from "crypto";
+
+async function getEmailByToken(token: string) {
+  const secret = process.env.NEXTAUTH_SECRET!;
+
+  const hashedToken = crypto
+    .createHash("sha256")
+    .update(token + secret)
+    .digest("hex");
+
+  const record = await db
+    .select()
+    .from(verificationTokens)
+    .where(eq(verificationTokens.token, hashedToken))
+    .limit(1);
+
+  if (!record.length) {
+    return null;
+  }
+
+  return record[0].identifier;
+}
+
+export default async function LoginPage({
+  params,
+}: {
+  params: Promise<{ token: string }>;
+}) {
+  const { token } = await params;
+
+  const email = await getEmailByToken(token);
+
+  if (!email) {
+    redirect("/");
+  }
+
+  redirect(
+    `/api/auth/callback/email?token=${token}&email=${encodeURIComponent(email)}`,
+  );
+}