cedros-login-server 0.0.43

Authentication server for cedros-login with email/password, Google OAuth, and Solana wallet sign-in
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328

//! Email HTML/text template generation

use super::{
    AccountDeletionEmailData, Email, EmailType, InstantLinkEmailData, InviteEmailData,
    PasswordResetEmailData, SecurityAlertEmailData, VerificationEmailData,
};

/// Escape HTML special characters to prevent injection attacks.
/// This should be applied to all user-supplied data in email templates.
pub fn escape_html(s: &str) -> String {
    s.chars()
        .flat_map(|c| match c {
            '&' => "&amp;".chars().collect::<Vec<_>>(),
            '<' => "&lt;".chars().collect::<Vec<_>>(),
            '>' => "&gt;".chars().collect::<Vec<_>>(),
            '"' => "&quot;".chars().collect::<Vec<_>>(),
            '\'' => "&#x27;".chars().collect::<Vec<_>>(),
            _ => vec![c],
        })
        .collect()
}

/// Generate verification email with optional custom subject
pub fn verification_email_with_subject(
    to: &str,
    data: VerificationEmailData,
    subject_override: Option<&str>,
) -> Email {
    let name = escape_html(data.user_name.as_deref().unwrap_or("there"));
    Email {
        to: to.to_string(),
        subject: subject_override
            .filter(|s| !s.is_empty())
            .unwrap_or("Verify your email address")
            .to_string(),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">Verify your email</h1>
<p>Hi {name},</p>
<p>Please click the button below to verify your email address:</p>
<p style="text-align: center;">
<a href="{}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #4F46E5; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Verify Email</a>
</p>
<p>Or copy and paste this link into your browser:</p>
<p style="word-break: break-all; color: #666;">{}</p>
<p style="color: #666; font-size: 14px;">This link expires in {} hours.</p>
<p style="color: #999; font-size: 12px;">If you didn't create an account, you can safely ignore this email.</p>
</body>
</html>"#,
            data.verification_url, data.verification_url, data.expires_in_hours
        ),
        text_body: format!(
            "Hi {},\n\nPlease verify your email by visiting:\n{}\n\nThis link expires in {} hours.\n\nIf you didn't create an account, you can safely ignore this email.",
            name, data.verification_url, data.expires_in_hours
        ),
        email_type: EmailType::EmailVerification,
    }
}

/// Generate password reset email
///
/// Adapts heading and CTAs based on `has_password` and `instant_link_url`:
/// - has_password=true  → "Reset your password" heading + reset CTA
/// - has_password=false → "Access your account" heading + reset CTA (to set a password)
/// - instant_link_url   → secondary "Or just sign in" CTA
/// Generate password reset email with optional custom subject
pub fn password_reset_email_with_subject(
    to: &str,
    data: PasswordResetEmailData,
    subject_override: Option<&str>,
) -> Email {
    let name = escape_html(data.user_name.as_deref().unwrap_or("there"));

    let (heading, subject, intro, cta_label) = if data.has_password {
        (
            "Reset your password",
            "Reset your password",
            "We received a request to reset your password. Click the button below to choose a new password:",
            "Reset Password",
        )
    } else {
        (
            "Access your account",
            "Access your account",
            "We received a request to access your account. Click the button below to set a password:",
            "Set Password",
        )
    };

    let instant_link_html = if let Some(ref il_url) = data.instant_link_url {
        format!(
            r#"<p style="text-align: center; margin-top: 16px;">
<a href="{il_url}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #6B7280; color: white; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: bold;">Or just sign in</a>
</p>"#
        )
    } else {
        String::new()
    };

    let instant_link_text = if let Some(ref il_url) = data.instant_link_url {
        format!("\n\nOr just sign in (no password needed): {}", il_url)
    } else {
        String::new()
    };

    let final_subject = subject_override
        .filter(|s| !s.is_empty())
        .unwrap_or(subject);

    Email {
        to: to.to_string(),
        subject: final_subject.to_string(),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">{heading}</h1>
<p>Hi {name},</p>
<p>{intro}</p>
<p style="text-align: center;">
<a href="{reset_url}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #4F46E5; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">{cta_label}</a>
</p>
<p>Or copy and paste this link into your browser:</p>
<p style="word-break: break-all; color: #666;">{reset_url}</p>
{instant_link_html}
<p style="color: #666; font-size: 14px;">This link expires in {expires} minutes.</p>
<p style="color: #999; font-size: 12px;">If you didn't request this, you can safely ignore this email.</p>
</body>
</html>"#,
            reset_url = data.reset_url,
            expires = data.expires_in_minutes,
        ),
        text_body: format!(
            "Hi {name},\n\n{intro}\n\n{cta_label}: {reset_url}\n\nThis link expires in {expires} minutes.{instant_link_text}\n\nIf you didn't request this, you can safely ignore this email.",
            reset_url = data.reset_url,
            expires = data.expires_in_minutes,
        ),
        email_type: EmailType::PasswordReset,
    }
}

/// Generate invite email with optional custom subject
pub fn invite_email_with_subject(
    to: &str,
    data: InviteEmailData,
    subject_override: Option<&str>,
) -> Email {
    let inviter = escape_html(data.inviter_name.as_deref().unwrap_or("Someone"));
    let org_name = escape_html(&data.org_name);
    let role = escape_html(&data.role);
    let default_subject = format!("You've been invited to join {}", data.org_name);
    Email {
        to: to.to_string(),
        subject: subject_override
            .filter(|s| !s.is_empty())
            .map(|s| s.to_string())
            .unwrap_or(default_subject),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">You're invited!</h1>
<p>{inviter} has invited you to join <strong>{org_name}</strong> as a <strong>{role}</strong>.</p>
<p>Click the button below to accept the invitation:</p>
<p style="text-align: center;">
<a href="{}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #4F46E5; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Accept Invitation</a>
</p>
<p>Or copy and paste this link into your browser:</p>
<p style="word-break: break-all; color: #666;">{}</p>
<p style="color: #666; font-size: 14px;">This invitation expires in {} days.</p>
<p style="color: #999; font-size: 12px;">If you don't want to join, you can safely ignore this email.</p>
</body>
</html>"#,
            data.accept_url, data.accept_url, data.expires_in_days
        ),
        text_body: format!(
            "{} has invited you to join {} as a {}.\n\nAccept the invitation: {}\n\nThis invitation expires in {} days.\n\nIf you don't want to join, you can safely ignore this email.",
            inviter, org_name, role, data.accept_url, data.expires_in_days
        ),
        email_type: EmailType::Invite,
    }
}

/// Generate instant link email with optional custom subject
pub fn instant_link_email_with_subject(
    to: &str,
    data: InstantLinkEmailData,
    subject_override: Option<&str>,
) -> Email {
    let name = escape_html(data.user_name.as_deref().unwrap_or("there"));
    Email {
        to: to.to_string(),
        subject: subject_override
            .filter(|s| !s.is_empty())
            .unwrap_or("Your sign-in link")
            .to_string(),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">Sign in to your account</h1>
<p>Hi {name},</p>
<p>Click the button below to sign in to your account:</p>
<p style="text-align: center;">
<a href="{}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #4F46E5; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Sign In</a>
</p>
<p>Or copy and paste this link into your browser:</p>
<p style="word-break: break-all; color: #666;">{}</p>
<p style="color: #666; font-size: 14px;">This link expires in {} minutes.</p>
<p style="color: #999; font-size: 12px;">If you didn't request this link, you can safely ignore this email.</p>
</body>
</html>"#,
            data.instant_link_url, data.instant_link_url, data.expires_in_minutes
        ),
        text_body: format!(
            "Hi {},\n\nClick the link below to sign in:\n{}\n\nThis link expires in {} minutes.\n\nIf you didn't request this, you can safely ignore this email.",
            name, data.instant_link_url, data.expires_in_minutes
        ),
        email_type: EmailType::InstantLink,
    }
}

/// Generate security alert email with optional custom subject
pub fn security_alert_email_with_subject(
    to: &str,
    data: SecurityAlertEmailData,
    subject_override: Option<&str>,
) -> Email {
    let name = escape_html(data.user_name.as_deref().unwrap_or("there"));
    let ip = escape_html(data.ip_address.as_deref().unwrap_or("Unknown"));
    let device = escape_html(data.device.as_deref().unwrap_or("Unknown device"));
    let browser = escape_html(data.browser.as_deref().unwrap_or("Unknown browser"));
    let location = escape_html(data.location.as_deref().unwrap_or("Unknown location"));
    let login_time = escape_html(&data.login_time);

    let action_section = if let Some(url) = &data.action_url {
        format!(
            r#"<p style="text-align: center;">
<a href="{}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #DC2626; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Secure My Account</a>
</p>"#,
            url
        )
    } else {
        String::new()
    };

    Email {
        to: to.to_string(),
        subject: subject_override
            .filter(|s| !s.is_empty())
            .unwrap_or("New sign-in to your account")
            .to_string(),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">New sign-in detected</h1>
<p>Hi {name},</p>
<p>We noticed a new sign-in to your account:</p>
<div style="background-color: #F3F4F6; padding: 16px; border-radius: 8px; margin: 16px 0;">
<p style="margin: 4px 0;"><strong>Time:</strong> {login_time}</p>
<p style="margin: 4px 0;"><strong>Device:</strong> {device}</p>
<p style="margin: 4px 0;"><strong>Browser:</strong> {browser}</p>
<p style="margin: 4px 0;"><strong>Location:</strong> {location}</p>
<p style="margin: 4px 0;"><strong>IP Address:</strong> {ip}</p>
</div>
<p>If this was you, you can safely ignore this email.</p>
<p style="color: #DC2626;"><strong>If this wasn't you</strong>, your account may be compromised. We recommend changing your password immediately.</p>
{action_section}
</body>
</html>"#
        ),
        text_body: format!(
            "Hi {},\n\nWe noticed a new sign-in to your account:\n\nTime: {}\nDevice: {}\nBrowser: {}\nLocation: {}\nIP Address: {}\n\nIf this was you, you can safely ignore this email.\n\nIf this wasn't you, your account may be compromised. Please change your password immediately.",
            name, login_time, device, browser, location, ip
        ),
        email_type: EmailType::SecurityAlert,
    }
}

/// Generate account deletion confirmation email with optional custom subject.
pub fn account_deletion_email_with_subject(
    to: &str,
    data: AccountDeletionEmailData,
    subject_override: Option<&str>,
) -> Email {
    let name = escape_html(data.user_name.as_deref().unwrap_or("there"));
    Email {
        to: to.to_string(),
        subject: subject_override
            .filter(|s| !s.is_empty())
            .unwrap_or("Confirm account deletion")
            .to_string(),
        html_body: format!(
            r#"<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
<h1 style="color: #333;">Confirm account deletion</h1>
<p>Hi {name},</p>
<p>Use the button below to confirm permanent deletion of your account.</p>
<p style="text-align: center;">
<a href="{url}" rel="noreferrer noopener" referrerpolicy="no-referrer" style="display: inline-block; background-color: #B91C1C; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; font-weight: bold;">Delete Account</a>
</p>
<p>Or copy and paste this link into your browser:</p>
<p style="word-break: break-all; color: #666;">{url}</p>
<p style="color: #666; font-size: 14px;">This confirmation link expires in {expires} hours.</p>
<p style="color: #999; font-size: 12px;">Financial and audit records required by law may be retained, but your login profile and credentials will be removed.</p>
</body>
</html>"#,
            url = data.confirmation_url,
            expires = data.expires_in_hours,
        ),
        text_body: format!(
            "Hi {name},\n\nConfirm permanent account deletion:\n{url}\n\nThis link expires in {expires} hours.\n\nFinancial and audit records required by law may be retained, but your login profile and credentials will be removed.",
            url = data.confirmation_url,
            expires = data.expires_in_hours,
        ),
        email_type: EmailType::AccountDeletion,
    }
}