Fix login on legacy DBs: drop NOT NULL phone/email from verification_codes

Old prod DBs had verification_codes.phone (or email) as NOT NULL with no
default, so inserting a code via identifier-only failed silently — users
received an emailed code that was never stored, and verify always said
"Invalid or expired code." Drop the legacy columns in a migration and
stop swallowing the CreateVerificationCode error.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-06-10 19:07:18 -04:00
parent 780a214c7d
commit 4915af0665
2 changed files with 12 additions and 2 deletions
+6 -2
View File
@@ -101,11 +101,15 @@ func (s *Server) handleLoginSubmit(w http.ResponseWriter, r *http.Request) {
code := generateCode()
expiresAt := time.Now().UTC().Add(10 * time.Minute)
s.q.CreateVerificationCode(r.Context(), db.CreateVerificationCodeParams{
if err := s.q.CreateVerificationCode(r.Context(), db.CreateVerificationCodeParams{
Identifier: identifier,
Code: code,
ExpiresAt: expiresAt,
})
}); err != nil {
log.Printf("failed to store verification code for %s: %v", identifier, err)
http.Error(w, "Internal error", 500)
return
}
if err := sendVerificationEmail(identifier, code); err != nil {
log.Printf("failed to send verification email to %s: %v", identifier, err)