Add check-verification endpoint before admin-backed APIs

cgen-70d1bfed627448379a1aa1eddefb51c9
2025-10-14 07:59:52 +00:00 · 2025-10-14 07:59:52 +00:00 · 8e28a79aa0
commit 8e28a79aa0
parent fbe800fd81
1 changed files with 33 additions and 0 deletions
--- a/server/index.ts
+++ b/server/index.ts
@ -103,6 +103,39 @@ export function createServer() {
    }
  });

+  app.post("/api/auth/check-verification", async (req, res) => {
+    const { email } = (req.body || {}) as { email?: string };
+
+    if (!email) {
+      return res.status(400).json({ error: "email is required" });
+    }
+
+    if (!adminSupabase?.auth?.admin) {
+      return res
+        .status(500)
+        .json({ error: "Supabase admin client unavailable" });
+    }
+
+    try {
+      const { data, error } = await adminSupabase.auth.admin.listUsers({ email });
+      if (error) {
+        console.error("[API] listUsers error:", error);
+        return res.status(error.status ?? 500).json({ error: error.message || String(error) });
+      }
+
+      const user = (data as any)?.users?.[0] ?? null;
+      if (!user) {
+        return res.status(404).json({ error: "User not found" });
+      }
+
+      const verified = Boolean(user?.email_confirmed_at || user?.confirmed_at);
+      return res.json({ verified, user });
+    } catch (e: any) {
+      console.error("[API] check verification exception", e);
+      return res.status(500).json({ error: e?.message || String(e) });
+    }
+  });
+
  // Admin-backed API (service role)
  try {
    const ownerEmail = (