add email verification and password reset

Author: f0reachARR

apps/backend/src/auth.ts

@@ -28,10 +28,38 @@ export const auth = betterAuth({
   trustedOrigins: env.CORS_ALLOWED_ORIGINS,
   emailAndPassword: {
     enabled: true,
+    requireEmailVerification: true,
+    autoSignIn: false,
+    async sendResetPassword({ user, url }) {
+      await emailService.sendEmail({
+        to: user.email,
+        template: 'password-reset',
+        payload: {
+          userName: user.name,
+          resetLink: url,
+        },
+      });
+    },
+    revokeSessionsOnPasswordReset: true,
     password: {
       verify: verifyPassword,
     },
   },
+  emailVerification: {
+    sendOnSignUp: true,
+    sendOnSignIn: true,
+    autoSignInAfterVerification: true,
+    async sendVerificationEmail({ user, url }) {
+      await emailService.sendEmail({
+        to: user.email,
+        template: 'email-verification',
+        payload: {
+          userName: user.name,
+          verificationLink: url,
+        },
+      });
+    },
+  },
   plugins: [
     organization({
       async sendInvitationEmail(data) {

apps/backend/src/services/email/interface.ts

@@ -12,6 +12,14 @@ export type EmailTemplateMap = {
     universityName: string;
     invitationLink: string;
   };
+  'email-verification': {
+    userName: string;
+    verificationLink: string;
+  };
+  'password-reset': {
+    userName: string;
+    resetLink: string;
+  };
 };
 
 export type EmailTemplateId = keyof EmailTemplateMap;

apps/backend/src/services/email/templates.test.ts

@@ -43,6 +43,34 @@ describe('resolveEmailTemplate', () => {
     expect(email.text).toContain('メンバー招待を開く: https://app.example.test/invite/5678');
   });
 
+  it('renders email verification emails', () => {
+    const email = resolveEmailTemplate('email-verification', {
+      userName: 'New User',
+      verificationLink: 'https://app.example.test/auth/verify-email?token=token-1',
+    });
+
+    expect(email.subject).toBe('DocShare メールアドレスの確認');
+    expect(email.html).toContain('New User さん');
+    expect(email.html).toContain('メールアドレスの確認を完了してください');
+    expect(email.text).toContain(
+      'メールアドレスを確認する: https://app.example.test/auth/verify-email?token=token-1',
+    );
+  });
+
+  it('renders password reset emails', () => {
+    const email = resolveEmailTemplate('password-reset', {
+      userName: 'Existing User',
+      resetLink: 'https://app.example.test/auth/reset-password?token=token-2',
+    });
+
+    expect(email.subject).toBe('DocShare パスワード再設定');
+    expect(email.html).toContain('Existing User さん');
+    expect(email.html).toContain('パスワード再設定がリクエストされました');
+    expect(email.text).toContain(
+      'パスワードを再設定する: https://app.example.test/auth/reset-password?token=token-2',
+    );
+  });
+
   it('escapes dynamic values in html output', () => {
     const email = resolveEmailTemplate('organization-invitation', {
       organizationName: 'R&D <Team>',

apps/backend/src/services/email/templates.ts

@@ -139,6 +139,36 @@ const emailTemplateDefinitions: {
         },
       }),
   },
+  'email-verification': {
+    render: (payload) =>
+      renderEmail({
+        subject: 'DocShare メールアドレスの確認',
+        heading: 'メールアドレスの確認',
+        body: [
+          `${payload.userName} さん、DocShare への登録ありがとうございます。`,
+          '以下のリンクからメールアドレスの確認を完了してください。',
+        ],
+        action: {
+          label: 'メールアドレスを確認する',
+          href: payload.verificationLink,
+        },
+      }),
+  },
+  'password-reset': {
+    render: (payload) =>
+      renderEmail({
+        subject: 'DocShare パスワード再設定',
+        heading: 'パスワード再設定',
+        body: [
+          `${payload.userName} さんの DocShare アカウントで、パスワード再設定がリクエストされました。`,
+          '以下のリンクから新しいパスワードを設定してください。',
+        ],
+        action: {
+          label: 'パスワードを再設定する',
+          href: payload.resetLink,
+        },
+      }),
+  },
 };
 
 export const resolveEmailTemplate = <TemplateId extends EmailTemplateId>(

apps/frontend/app/(public)/auth/forgot-password/page.tsx

@@ -0,0 +1,83 @@
+'use client';
+
+import Link from 'next/link';
+import { useState } from 'react';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
+import { Input } from '@/components/ui/input';
+import { useForgotPasswordForm } from '@/features/public/auth/forgot-password/hooks';
+
+export default function ForgotPasswordPage() {
+  const [sentEmail, setSentEmail] = useState<string | null>(null);
+  const { form, error, validators } = useForgotPasswordForm((email) => {
+    setSentEmail(email);
+  });
+
+  if (sentEmail) {
+    return (
+      <div className='container mx-auto px-4 py-16 flex justify-center'>
+        <Card className='w-full max-w-md'>
+          <CardHeader>
+            <CardTitle>再設定メールを送信しました</CardTitle>
+            <CardDescription>{sentEmail} に再設定リンクを送信しました</CardDescription>
+          </CardHeader>
+          <CardContent>
+            <p className='text-sm text-muted-foreground'>
+              メール内のリンクから新しいパスワードを設定してください。
+            </p>
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
+  return (
+    <div className='container mx-auto px-4 py-16 flex justify-center'>
+      <Card className='w-full max-w-md'>
+        <CardHeader>
+          <CardTitle>パスワード再設定</CardTitle>
+          <CardDescription>登録済みのメールアドレスへ再設定リンクを送信します</CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form
+            onSubmit={(e) => {
+              e.preventDefault();
+              form.handleSubmit();
+            }}
+            className='space-y-4'
+          >
+            <form.Field name='email' validators={{ onChange: validators.email }}>
+              {(field) => (
+                <div className='space-y-1'>
+                  <label htmlFor={field.name} className='text-sm font-medium'>
+                    メールアドレス
+                  </label>
+                  <Input
+                    id={field.name}
+                    type='email'
+                    placeholder='you@example.com'
+                    value={field.state.value}
+                    onBlur={field.handleBlur}
+                    onChange={(e) => field.handleChange(e.target.value)}
+                  />
+                  {field.state.meta.errors[0] && (
+                    <p className='text-sm text-destructive'>{field.state.meta.errors[0].message}</p>
+                  )}
+                </div>
+              )}
+            </form.Field>
+            {error && <p className='text-sm text-destructive'>{error}</p>}
+            <Button type='submit' className='w-full' disabled={form.state.isSubmitting}>
+              {form.state.isSubmitting ? '送信中...' : '再設定メールを送信'}
+            </Button>
+          </form>
+          <p className='text-sm text-center text-muted-foreground mt-4'>
+            <Link href='/auth/login' className='text-primary hover:underline'>
+              ログインへ戻る
+            </Link>
+          </p>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}

apps/frontend/app/(public)/auth/login/page.tsx

@@ -83,6 +83,11 @@ function LoginPageContent() {
               {form.state.isSubmitting ? 'ログイン中...' : 'ログイン'}
             </Button>
           </form>
+          <p className='text-sm text-center text-muted-foreground mt-4'>
+            <Link href='/auth/forgot-password' className='text-primary hover:underline'>
+              パスワードをお忘れの方
+            </Link>
+          </p>
           <p className='text-sm text-center text-muted-foreground mt-4'>
             アカウントをお持ちでない方は{' '}
             <Link href='/auth/register' className='text-primary hover:underline'>

apps/frontend/app/(public)/auth/register/page.tsx

@@ -2,17 +2,40 @@
 
 import Link from 'next/link';
 import { useRouter } from 'next/navigation';
+import { useState } from 'react';
 import { Button } from '@/components/ui/button';
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
 import { Input } from '@/components/ui/input';
 import { useRegisterForm } from '@/features/public/auth/register/hooks';
 
 export default function RegisterPage() {
   const router = useRouter();
-  const { form, error, validators } = useRegisterForm(() => {
-    router.push('/dashboard');
+  const [registeredEmail, setRegisteredEmail] = useState<string | null>(null);
+  const { form, error, validators } = useRegisterForm((email) => {
+    setRegisteredEmail(email);
   });
 
+  if (registeredEmail) {
+    return (
+      <div className='container mx-auto px-4 py-16 flex justify-center'>
+        <Card className='w-full max-w-md'>
+          <CardHeader>
+            <CardTitle>確認メールを送信しました</CardTitle>
+            <CardDescription>{registeredEmail} に確認リンクを送信しました</CardDescription>
+          </CardHeader>
+          <CardContent className='space-y-4'>
+            <p className='text-sm text-muted-foreground'>
+              メール内のリンクを開くとアカウント作成が完了します。
+            </p>
+            <Button type='button' className='w-full' onClick={() => router.push('/auth/login')}>
+              ログインへ
+            </Button>
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
   return (
     <div className='container mx-auto px-4 py-16 flex justify-center'>
       <Card className='w-full max-w-md'>

apps/frontend/app/(public)/auth/reset-password/page.tsx

@@ -0,0 +1,120 @@
+'use client';
+
+import Link from 'next/link';
+import { useSearchParams } from 'next/navigation';
+import { Suspense, useState } from 'react';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
+import { Input } from '@/components/ui/input';
+import { useResetPasswordForm } from '@/features/public/auth/reset-password/hooks';
+
+export default function ResetPasswordPage() {
+  return (
+    <Suspense fallback={null}>
+      <ResetPasswordPageContent />
+    </Suspense>
+  );
+}
+
+function ResetPasswordPageContent() {
+  const searchParams = useSearchParams();
+  const token = searchParams.get('token');
+  const linkError = searchParams.get('error');
+  const [completed, setCompleted] = useState(false);
+  const { form, error, validators } = useResetPasswordForm(token, () => {
+    setCompleted(true);
+  });
+
+  if (completed) {
+    return (
+      <div className='container mx-auto px-4 py-16 flex justify-center'>
+        <Card className='w-full max-w-md'>
+          <CardHeader>
+            <CardTitle>パスワードを再設定しました</CardTitle>
+            <CardDescription>新しいパスワードでログインできます</CardDescription>
+          </CardHeader>
+          <CardContent>
+            <Button className='w-full' render={<Link href='/auth/login' />}>
+              ログインへ
+            </Button>
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
+  return (
+    <div className='container mx-auto px-4 py-16 flex justify-center'>
+      <Card className='w-full max-w-md'>
+        <CardHeader>
+          <CardTitle>新しいパスワード</CardTitle>
+          <CardDescription>アカウントに設定する新しいパスワードを入力してください</CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form
+            onSubmit={(e) => {
+              e.preventDefault();
+              form.handleSubmit();
+            }}
+            className='space-y-4'
+          >
+            <form.Field name='password' validators={{ onChange: validators.password }}>
+              {(field) => (
+                <div className='space-y-1'>
+                  <label htmlFor={field.name} className='text-sm font-medium'>
+                    パスワード
+                  </label>
+                  <Input
+                    id={field.name}
+                    type='password'
+                    value={field.state.value}
+                    onBlur={field.handleBlur}
+                    onChange={(e) => field.handleChange(e.target.value)}
+                  />
+                  {field.state.meta.errors[0] && (
+                    <p className='text-sm text-destructive'>{field.state.meta.errors[0].message}</p>
+                  )}
+                </div>
+              )}
+            </form.Field>
+            <form.Field
+              name='confirmPassword'
+              validators={{
+                onChangeListenTo: ['password'],
+                onChange: ({ value, fieldApi }) => {
+                  return validators.confirmPassword({
+                    value,
+                    password: fieldApi.form.getFieldValue('password'),
+                  });
+                },
+              }}
+            >
+              {(field) => (
+                <div className='space-y-1'>
+                  <label htmlFor={field.name} className='text-sm font-medium'>
+                    パスワード（確認）
+                  </label>
+                  <Input
+                    id={field.name}
+                    type='password'
+                    value={field.state.value}
+                    onBlur={field.handleBlur}
+                    onChange={(e) => field.handleChange(e.target.value)}
+                  />
+                  {field.state.meta.errors[0] && (
+                    <p className='text-sm text-destructive'>{field.state.meta.errors[0].message}</p>
+                  )}
+                </div>
+              )}
+            </form.Field>
+            {linkError && <p className='text-sm text-destructive'>再設定リンクが無効です</p>}
+            {error && <p className='text-sm text-destructive'>{error}</p>}
+            <Button type='submit' className='w-full' disabled={form.state.isSubmitting || !token}>
+              {form.state.isSubmitting ? '再設定中...' : 'パスワードを再設定'}
+            </Button>
+          </form>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}