Skip to content

Auto-verify website when website domain matches email domain#3465

Merged
steven-tey merged 2 commits intomainfrom
auto-verify-website
Feb 13, 2026
Merged

Auto-verify website when website domain matches email domain#3465
steven-tey merged 2 commits intomainfrom
auto-verify-website

Conversation

@steven-tey
Copy link
Collaborator

@steven-tey steven-tey commented Feb 13, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Auto-verification: partner platforms can be instantly verified when the partner email domain matches the website domain.

  • Improvements

    • Verification flows (website, OAuth, code) updated to consistently handle auto-verified outcomes.
    • UI: success handling updated to show a success toast and refresh partner data immediately when auto-verified.

@vercel
Copy link
Contributor

vercel bot commented Feb 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dub Ready Ready Preview Feb 13, 2026 9:02pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 13, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Replaces scalar partnerId with a partner object across verification flows, adds an auto_verified outcome when partner email domain matches the website domain, updates cache/upsert keys to use partner.id, and adjusts the UI onSuccess handler to handle the new auto_verified path.

Changes

Cohort / File(s) Summary
Core Verification Logic
apps/web/lib/actions/partners/start-partner-platform-verification.ts		 Switched VerificationParams to accept `partner: Pick<PartnerProps, "id"
UI Handler Update
apps/web/ui/partners/partner-platforms-form.tsx		 Made onSuccess async and added early-exit handling for data.type === "auto_verified": show success toast and mutate partner profile; preserves existing TXT/OAuth/code handling otherwise.

Sequence Diagram(s)

sequenceDiagram
    actor User as Partner User
    participant Form as PartnerPlatformsForm
    participant Server as startPartnerPlatformVerification (Action)
    participant Domain as Domain Checker
    participant Cache as Cache/DB
    participant DNS as DNS Provider

    User->>Form: Submit platform verification (partner: {id,email}, handle, platform)
    Form->>Server: Call verification action

    alt Website verification path
        Server->>Domain: getDomainWithoutWWW(handle) & extract partner email domain
        Domain-->>Server: domains compared (exclude GENERIC_EMAIL_DOMAINS)
        alt domains match
            Server->>Cache: Upsert platform with verifiedAt using partner.id
            Server-->>Form: Return { type: "auto_verified" }
        else domains don't match
            Server->>DNS: Generate TXT record for handle domain
            Server->>Cache: Store verification state keyed by partner.id
            Server-->>Form: Return { type: "txt_record", ... }
        end
    else OAuth/code verification path
        Server->>Cache: Store OAuth/code state using partner.id
        Server-->>Form: Return { type: "oauth" } or { type: "verification_code" }
    end

    Form->>Form: onSuccess handler (async)
    alt auto_verified
        Form->>Form: Show success toast
        Form->>Cache: Mutate partner profile (refresh)
    else other types
        Form->>User: Show TXT/OAuth/code instructions
    end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • #3315 — Modifies the same partner platform verification flow and parameter shapes; likely overlaps with auto-verify/social verification changes.

Suggested reviewers

  • TWilson023

Poem

🐰 I hopped through code to mend a thread,

When emails matched, no TXT was spread.
partner.id leapt into place,
Auto-verified — a joyful race.
Toasts and refreshes, ready to tread.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and concisely describes the main feature being implemented: auto-verification of websites when the domain matches the partner's email domain.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into main

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch auto-verify-website

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments
apps/web/lib/actions/partners/start-partner-platform-verification.ts (1)

102-131: Auto-verify logic is well-guarded; domain extraction handles edge cases correctly.

The three-part check (not generic, not disposable, exact domain match) addresses the earlier free-email concern. getDomainWithoutWWW robustly handles bare domain strings by prepending https:// and returns null on parse failures, so the guard on line 105 is sufficient.

One optional improvement for clarity: convert the redis.sismember result to an explicit boolean.

Clarify the disposable-domain check 
-    const isDisposableEmailDomain = await redis.sismember(
+    const isDisposableEmailDomain = !!(await redis.sismember(
       "disposableEmailDomains",
       emailDomain,
-    );
+    ));

This makes the variable a proper boolean, so !isDisposableEmailDomain reads more naturally.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@steven-tey
Copy link
Collaborator Author

steven-tey commented Feb 13, 2026

@coderabbitai full review, any breaking changes?

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 13, 2026

@steven-tey: I'll conduct a full review of the PR and specifically check for any breaking changes in the implementation of the auto-verify website feature. I'll analyze the changes to ensure backward compatibility and flag any potential issues.

✅ Actions performed

Full review triggered.

coderabbitai[bot]
coderabbitai bot reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In `@apps/web/lib/actions/partners/start-partner-platform-verification.ts`:
- Around line 103-119: The auto-verification currently compares partner.email
domain to websiteHostname and can be abused with public/free email domains;
modify the logic in start-partner-platform-verification to skip
auto-verification when the email domain is a known free/disposable provider by
adding a blocklist check (e.g., a FREE_EMAIL_DOMAINS array or using a package
like free-email-domains/disposable-email-domains) before the equality check;
ensure you normalize domains (toLowerCase, trim) for both partner.email split
result and websiteHostname, and only call upsertPartnerPlatform (and return {
type: "auto_verified" }) when emailDomain === websiteHostname AND emailDomain is
not in the free-email blocklist; update/add tests for partner.email cases using
gmail/yahoo/outlook/etc. to confirm auto-verification is skipped.

@steven-tey steven-tey merged commit f22e85c into main Feb 13, 2026
10 checks passed
@steven-tey steven-tey deleted the auto-verify-website branch February 13, 2026 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steven-tey