Fix Supabase linter warnings and backend validation

supabase/functions/validate-email/index.ts

@@ -0,0 +1,158 @@
+import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
+
+const corsHeaders = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+};
+
+// Comprehensive list of disposable email domains
+const DISPOSABLE_DOMAINS = new Set([
+  // Popular disposable email services
+  'tempmail.com', 'temp-mail.org', 'temp-mail.io', 'temp-mail.de',
+  '10minutemail.com', '10minutemail.net', '10minemail.com',
+  'guerrillamail.com', 'guerrillamail.net', 'guerrillamailblock.com',
+  'mailinator.com', 'mailinator.net', 'mailinator2.com',
+  'throwaway.email', 'throwemail.com', 'throwawaymail.com',
+  'yopmail.com', 'yopmail.fr', 'yopmail.net',
+  'maildrop.cc', 'mailnesia.com', 'trashmail.com',
+  'fakeinbox.com', 'fakemail.net', 'fakemailgenerator.com',
+  'getnada.com', 'getairmail.com', 'dispostable.com',
+  'mintemail.com', 'mytemp.email', 'mohmal.com',
+  'sharklasers.com', 'grr.la', 'guerrillamail.biz',
+  'spam4.me', 'tempinbox.com', 'tempr.email',
+  'emailondeck.com', 'mailcatch.com', 'mailexpire.com',
+  'mailforspam.com', 'mailfreeonline.com', 'mailin8r.com',
+  'mailmoat.com', 'mailnull.com', 'mailsac.com',
+  'mailscrap.com', 'mailslite.com', 'mailtemp.info',
+  'mailtothis.com', 'mailzi.ru', 'mytrashmail.com',
+  'no-spam.ws', 'noclickemail.com', 'nodezine.com',
+  'nospam.ze.tc', 'nospamfor.us', 'nowmymail.com',
+  'objectmail.com', 'obobbo.com', 'oneoffemail.com',
+  'onewaymail.com', 'online.ms', 'oopi.org',
+  'ordinaryamerican.net', 'otherinbox.com', 'owlpic.com',
+  'pancakemail.com', 'pjjkp.com', 'plexolan.de',
+  'poofy.org', 'pookmail.com', 'privacy.net',
+  'proxymail.eu', 'prtnx.com', 'putthisinyourspamdatabase.com',
+  'quickinbox.com', 'rcpt.at', 'recode.me',
+  'recursor.net', 'regbypass.com', 'regspaces.tk',
+  'rklips.com', 'rmqkr.net', 'robertspcrepair.com',
+  'royal.net', 'ruffrey.com', 's0ny.net',
+  'safersignup.de', 'safetymail.info', 'safetypost.de',
+  'sandelf.de', 'saynotospams.com', 'schafmail.de',
+  'schrott-email.de', 'secretemail.de', 'secure-mail.biz',
+  'senseless-entertainment.com', 'services391.com', 'sharklasers.com',
+  'shiftmail.com', 'shippingterms.org', 'showslow.de',
+  'sibmail.com', 'sinnlos-mail.de', 'slapsfromlastnight.com',
+  'slaskpost.se', 'smashmail.de', 'smellfear.com',
+  'snakemail.com', 'sneakemail.com', 'sneakmail.de',
+  'snkmail.com', 'sofimail.com', 'solvemail.info',
+  'sogetthis.com', 'soodonims.com', 'spam.la',
+  'spam.su', 'spamail.de', 'spamarrest.com',
+  'spambob.com', 'spambog.com', 'spambog.de',
+  'spambox.us', 'spamcannon.com', 'spamcannon.net',
+  'spamcero.com', 'spamcon.org', 'spamcorptastic.com',
+  'spamcowboy.com', 'spamcowboy.net', 'spamcowboy.org',
+  'spamday.com', 'spamex.com', 'spamfree24.com',
+  'spamfree24.de', 'spamfree24.org', 'spamgourmet.com',
+  'spamherelots.com', 'spamhereplease.com', 'spamhole.com',
+  'spamify.com', 'spaminator.de', 'spamkill.info',
+]);
+
+interface ValidateEmailRequest {
+  email: string;
+}
+
+interface ValidationResult {
+  valid: boolean;
+  reason?: string;
+  suggestions?: string[];
+}
+
+const handler = async (req: Request): Promise<Response> => {
+  // Handle CORS preflight requests
+  if (req.method === 'OPTIONS') {
+    return new Response(null, { headers: corsHeaders });
+  }
+
+  try {
+    const { email }: ValidateEmailRequest = await req.json();
+
+    if (!email || typeof email !== 'string') {
+      return new Response(
+        JSON.stringify({
+          valid: false,
+          reason: 'Email address is required'
+        } as ValidationResult),
+        {
+          status: 400,
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        }
+      );
+    }
+
+    // Basic email format validation
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(email)) {
+      return new Response(
+        JSON.stringify({
+          valid: false,
+          reason: 'Invalid email format'
+        } as ValidationResult),
+        {
+          status: 400,
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        }
+      );
+    }
+
+    // Extract domain
+    const domain = email.split('@')[1].toLowerCase();
+
+    // Check if domain is disposable
+    if (DISPOSABLE_DOMAINS.has(domain)) {
+      console.log(`Blocked disposable email domain: ${domain}`);
+      return new Response(
+        JSON.stringify({
+          valid: false,
+          reason: 'Disposable email addresses are not allowed. Please use a permanent email address.',
+          suggestions: [
+            'Use a personal email (Gmail, Outlook, Yahoo, etc.)',
+            'Use your work or school email address',
+            'Use an email from your own domain'
+          ]
+        } as ValidationResult),
+        {
+          status: 400,
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        }
+      );
+    }
+
+    // Email is valid
+    console.log(`Email validated successfully: ${email}`);
+    return new Response(
+      JSON.stringify({
+        valid: true
+      } as ValidationResult),
+      {
+        status: 200,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+
+  } catch (error: any) {
+    console.error('Error in validate-email function:', error);
+    return new Response(
+      JSON.stringify({
+        valid: false,
+        reason: 'Internal server error during email validation'
+      } as ValidationResult),
+      {
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+  }
+};
+
+serve(handler);