Fix: Implement Phase 1 and 2 for Account & Profile tab

2025-12-22 18:31:13 -05:00 · 2025-10-14 18:44:14 +00:00
parent d4b859f637
commit 3833ba9748
9 changed files with 318 additions and 35 deletions
--- a/supabase/functions/validate-email-backend/index.ts
+++ b/supabase/functions/validate-email-backend/index.ts
@@ -0,0 +1,94 @@
+import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.39.3';
+
+const corsHeaders = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+};
+
+// Common disposable email domains (subset for performance)
+const DISPOSABLE_DOMAINS = new Set([
+  'tempmail.com', 'guerrillamail.com', '10minutemail.com', 'mailinator.com',
+  'throwaway.email', 'temp-mail.org', 'fakeinbox.com', 'maildrop.cc',
+  'yopmail.com', 'sharklasers.com', 'guerrillamailblock.com'
+]);
+
+interface EmailValidationResult {
+  valid: boolean;
+  reason?: string;
+  suggestions?: string[];
+}
+
+function validateEmailFormat(email: string): EmailValidationResult {
+  // Basic format validation
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  if (!emailRegex.test(email)) {
+    return { valid: false, reason: 'Invalid email format' };
+  }
+
+  // Extract domain
+  const domain = email.split('@')[1].toLowerCase();
+  
+  // Check against disposable domains
+  if (DISPOSABLE_DOMAINS.has(domain)) {
+    return {
+      valid: false,
+      reason: 'Disposable email addresses are not allowed. Please use a permanent email address.',
+      suggestions: ['gmail.com', 'outlook.com', 'yahoo.com', 'protonmail.com']
+    };
+  }
+
+  // Check for suspicious patterns
+  if (domain.includes('temp') || domain.includes('disposable') || domain.includes('trash')) {
+    return {
+      valid: false,
+      reason: 'This email domain appears to be temporary. Please use a permanent email address.',
+    };
+  }
+
+  return { valid: true };
+}
+
+serve(async (req) => {
+  // Handle CORS preflight requests
+  if (req.method === 'OPTIONS') {
+    return new Response(null, { headers: corsHeaders });
+  }
+
+  try {
+    const { email } = await req.json();
+
+    if (!email || typeof email !== 'string') {
+      return new Response(
+        JSON.stringify({ valid: false, reason: 'Email is required' }),
+        { 
+          status: 400, 
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        }
+      );
+    }
+
+    // Validate email
+    const result = validateEmailFormat(email.toLowerCase().trim());
+
+    return new Response(
+      JSON.stringify(result),
+      { 
+        status: 200, 
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+  } catch (error) {
+    console.error('Email validation error:', error);
+    return new Response(
+      JSON.stringify({ 
+        valid: false, 
+        reason: 'Failed to validate email. Please try again.' 
+      }),
+      { 
+        status: 500, 
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+  }
+});