Refactor login to email-only, remove phone/SMS auth

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-09 17:40:37 -04:00
parent 0719269bce
commit 780a214c7d
2 changed files with 12 additions and 98 deletions
+2 -84
View File
@@ -11,7 +11,6 @@ import (
"log" "log"
"math/big" "math/big"
"net/http" "net/http"
"net/url"
"os" "os"
"strings" "strings"
"time" "time"
@@ -94,19 +93,11 @@ func (s *Server) handleLoginSubmit(w http.ResponseWriter, r *http.Request) {
return return
} }
var identifier string identifier := strings.ToLower(raw)
var method string // "email" or "phone" if !isEmail(identifier) {
if isEmail(raw) {
identifier = strings.ToLower(raw)
method = "email"
} else {
identifier = normalizePhone(raw)
method = "phone"
if identifier == "" {
http.Redirect(w, r, "/login", http.StatusSeeOther) http.Redirect(w, r, "/login", http.StatusSeeOther)
return return
} }
}
code := generateCode() code := generateCode()
expiresAt := time.Now().UTC().Add(10 * time.Minute) expiresAt := time.Now().UTC().Add(10 * time.Minute)
@@ -116,32 +107,19 @@ func (s *Server) handleLoginSubmit(w http.ResponseWriter, r *http.Request) {
ExpiresAt: expiresAt, ExpiresAt: expiresAt,
}) })
if method == "email" {
if err := sendVerificationEmail(identifier, code); err != nil { if err := sendVerificationEmail(identifier, code); err != nil {
log.Printf("failed to send verification email to %s: %v", identifier, err) log.Printf("failed to send verification email to %s: %v", identifier, err)
} }
} else {
s.q.CreateSmsConsent(r.Context(), db.CreateSmsConsentParams{
Phone: identifier,
IpAddress: r.RemoteAddr,
UserAgent: r.UserAgent(),
})
if err := sendVerificationSMS(identifier, code); err != nil {
log.Printf("failed to send verification SMS to %s: %v", identifier, err)
}
}
pageTmpl["login"].ExecuteTemplate(w, "layout", map[string]any{ pageTmpl["login"].ExecuteTemplate(w, "layout", map[string]any{
"Step": "code", "Step": "code",
"Identifier": identifier, "Identifier": identifier,
"Method": method,
"AuthEnabled": true, "AuthEnabled": true,
}) })
} }
func (s *Server) handleVerifyCode(w http.ResponseWriter, r *http.Request) { func (s *Server) handleVerifyCode(w http.ResponseWriter, r *http.Request) {
identifier := strings.TrimSpace(r.FormValue("identifier")) identifier := strings.TrimSpace(r.FormValue("identifier"))
method := r.FormValue("method")
code := strings.TrimSpace(r.FormValue("code")) code := strings.TrimSpace(r.FormValue("code"))
vc, err := s.q.GetVerificationCode(r.Context(), db.GetVerificationCodeParams{ vc, err := s.q.GetVerificationCode(r.Context(), db.GetVerificationCodeParams{
@@ -152,7 +130,6 @@ func (s *Server) handleVerifyCode(w http.ResponseWriter, r *http.Request) {
pageTmpl["login"].ExecuteTemplate(w, "layout", map[string]any{ pageTmpl["login"].ExecuteTemplate(w, "layout", map[string]any{
"Step": "code", "Step": "code",
"Identifier": identifier, "Identifier": identifier,
"Method": method,
"Error": "Invalid or expired code. Try again.", "Error": "Invalid or expired code. Try again.",
"AuthEnabled": true, "AuthEnabled": true,
}) })
@@ -163,17 +140,10 @@ func (s *Server) handleVerifyCode(w http.ResponseWriter, r *http.Request) {
// Get or create user // Get or create user
var user db.User var user db.User
if method == "email" {
user, err = s.q.GetUserByEmail(r.Context(), sql.NullString{String: identifier, Valid: true}) user, err = s.q.GetUserByEmail(r.Context(), sql.NullString{String: identifier, Valid: true})
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
user, err = s.q.CreateUserByEmail(r.Context(), sql.NullString{String: identifier, Valid: true}) user, err = s.q.CreateUserByEmail(r.Context(), sql.NullString{String: identifier, Valid: true})
} }
} else {
user, err = s.q.GetUserByPhone(r.Context(), sql.NullString{String: identifier, Valid: true})
if err == sql.ErrNoRows {
user, err = s.q.CreateUserByPhone(r.Context(), sql.NullString{String: identifier, Valid: true})
}
}
if err != nil { if err != nil {
log.Printf("user lookup/create: %v", err) log.Printf("user lookup/create: %v", err)
http.Error(w, "Internal error", 500) http.Error(w, "Internal error", 500)
@@ -270,58 +240,6 @@ func generateSessionToken() string {
return hex.EncodeToString(b) return hex.EncodeToString(b)
} }
// normalizePhone strips non-digit chars and prepends +1 if no country code.
func normalizePhone(raw string) string {
var digits strings.Builder
for _, c := range strings.TrimSpace(raw) {
if c >= '0' && c <= '9' {
digits.WriteRune(c)
}
}
d := digits.String()
if d == "" {
return ""
}
// If 10 digits, assume US and prepend 1
if len(d) == 10 {
d = "1" + d
}
return "+" + d
}
func sendVerificationSMS(to, code string) error {
sid := os.Getenv("TWILIO_ACCOUNT_SID")
token := os.Getenv("TWILIO_AUTH_TOKEN")
from := os.Getenv("TWILIO_FROM_NUMBER")
if sid == "" || token == "" || from == "" {
log.Printf("Twilio not configured — code for %s is: %s", to, code)
return nil
}
body := fmt.Sprintf("Your bbq login code: %s", code)
apiURL := fmt.Sprintf("https://api.twilio.com/2010-04-01/Accounts/%s/Messages.json", sid)
data := url.Values{}
data.Set("To", to)
data.Set("From", from)
data.Set("Body", body)
req, _ := http.NewRequest("POST", apiURL, strings.NewReader(data.Encode()))
req.SetBasicAuth(sid, token)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode >= 400 {
return fmt.Errorf("twilio API returned %d", resp.StatusCode)
}
return nil
}
func sendVerificationEmail(to, code string) error { func sendVerificationEmail(to, code string) error {
apiKey := os.Getenv("RESEND_API_KEY") apiKey := os.Getenv("RESEND_API_KEY")
if apiKey == "" { if apiKey == "" {
+3 -7
View File
@@ -7,7 +7,7 @@
<div class="event-tag">Account</div> <div class="event-tag">Account</div>
<h1 class="event-title">Log in</h1> <h1 class="event-title">Log in</h1>
<p style="font-family:'DM Mono',monospace;font-size:0.8rem;color:#555;margin-top:8px;"> <p style="font-family:'DM Mono',monospace;font-size:0.8rem;color:#555;margin-top:8px;">
Enter your email or phone number to receive a login code. Enter your email to receive a login code.
</p> </p>
</div> </div>
@@ -15,18 +15,14 @@
{{if eq .Step "identify"}} {{if eq .Step "identify"}}
<form method="POST" action="/login"> <form method="POST" action="/login">
<div class="form-row"> <div class="form-row">
<label>Email or phone</label> <label>Email</label>
<input type="text" name="identifier" placeholder="you@example.com or (555) 123-4567" required autofocus> <input type="email" name="identifier" placeholder="you@example.com" required autofocus>
</div> </div>
<p style="font-family:'DM Mono',monospace;font-size:0.7rem;color:#777;margin-top:12px;line-height:1.5;">
By entering a phone number, you consent to receive a one-time verification code via SMS. Msg &amp; data rates may apply. No marketing messages will be sent.
</p>
<button class="btn-submit" type="submit">Send code &#8599;</button> <button class="btn-submit" type="submit">Send code &#8599;</button>
</form> </form>
{{else}} {{else}}
<form method="POST" action="/login/verify"> <form method="POST" action="/login/verify">
<input type="hidden" name="identifier" value="{{.Identifier}}"> <input type="hidden" name="identifier" value="{{.Identifier}}">
<input type="hidden" name="method" value="{{.Method}}">
<p style="font-family:'DM Mono',monospace;font-size:0.78rem;color:#555;margin-bottom:16px;"> <p style="font-family:'DM Mono',monospace;font-size:0.78rem;color:#555;margin-bottom:16px;">
Code sent to <strong>{{.Identifier}}</strong> Code sent to <strong>{{.Identifier}}</strong>
</p> </p>