Account verification system

[miss-yusrah]

Summary

closes #55

This PR introduces a full account verification system for new users, covering both email and phone verification.

The implementation adds:

• Email verification using a tokenized verification link
• SMS verification using Twilio
• Resend support for both email links and SMS codes
• 24-hour verification expiry handling
• Verified account status surfaced on the user profile

What Changed

Backend

• Extended the user model to track phone verification state and expiry
• Added verification-related auth DTOs and endpoints
• Implemented:
  • email verification
  • phone verification
  • resend email verification
  • resend phone verification
• Enforced verification before login
• Wired auth email sending to the real email module
• Added a database migration for account verification fields

Frontend

• Updated registration flow to collect phone number
• Added a dedicated account verification page for SMS code entry and resend actions
• Updated email verification flow to connect users into the full verification process
• Added verified status and badge display on the profile page
• Normalized frontend API base URL handling for verification/auth requests

Acceptance Criteria Coverage

• Email verification with token
  • Added token-based email verification flow
• SMS verification (Twilio)
  • Added SMS code verification using existing Twilio-backed SMS service
• Resend verification code
  • Added resend endpoints and UI for both email and phone verification
• Verification expiry (24 hours)
  • Added 24-hour expiry for both email token and SMS code
• Verified badge on profile
  • Added verified account status display on profile

Files of Interest

Backend

• backend/src/auth/auth.service.ts
• backend/src/auth/auth.controller.ts
• backend/src/auth/auth.module.ts
• backend/src/auth/dto/auth.dto.ts
• backend/src/modules/users/entities/user.entity.ts
• backend/src/modules/users/users.controller.ts
• backend/src/modules/users/users.service.ts
• backend/src/config/auth.config.ts
• backend/src/database/migrations/1742688000000-account-verification.ts

Frontend

• src/contexts/AuthContext.tsx
• src/pages/register.tsx
• src/pages/verify-email.tsx
• src/pages/verify-account.tsx
• src/pages/profile.tsx
• src/components/Profile/ProfileEditForm.tsx
• src/components/Profile/ProfileEditForm.module.css
• src/styles/pages/ProfilePage.module.css
• src/lib/api/userAPI.ts
• src/lib/api/twoFactorAPI.ts
• src/lib/api/apiBaseUrl.ts
• src/pages/api/webhooks/twilio/status.ts

Testing

• Implemented and scoped to the account verification feature
• Manual end-to-end verification should cover:
  • register new account
  • receive email verification link
  • verify email
  • receive/enter SMS code
  • resend email/SMS verification if needed
  • confirm verified badge appears on profile
  • confirm verified user can log in

[drips-wave]

@miss-yusrah Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits