Skip to content

fix(api): make OTP email sender configurable via env #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Kingvic300 merged 1 commit into from
Jun 7, 2026
Merged

fix(api): make OTP email sender configurable via env #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ MONGO_URI=mongodb://localhost:27017/txio
RUST_LOG=info
JWT_SECRET=your_jwt_secret_here
BREVO_API_KEY=your_brevo_api_key_here
# Sender for OTP emails. Must be a verified sender/domain in your Brevo account.
EMAIL_FROM=no-reply@txio-backend.com
EMAIL_FROM_NAME=txio Team

@coderabbitai coderabbitai Bot Jun 7, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Quote EMAIL_FROM_NAME to avoid parser ambiguity.

txio Team contains whitespace; quoting it avoids inconsistent parsing across dotenv loaders/shell-based setups.

Suggested patch 
-EMAIL_FROM_NAME=txio Team
+EMAIL_FROM_NAME="txio Team"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
EMAIL_FROM_NAME=txio Team
EMAIL_FROM_NAME="txio Team"
🧰 Tools
🪛 dotenv-linter (4.0.0)

[warning] 10-10: [UnorderedKey] The EMAIL_FROM_NAME key should go before the JWT_SECRET key

(UnorderedKey)

[warning] 10-10: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.env.example at line 10, The .env.example value for EMAIL_FROM_NAME contains
whitespace and should be quoted to avoid parsing ambiguity; update the
EMAIL_FROM_NAME entry to wrap its value in quotes (e.g., change the
EMAIL_FROM_NAME line to use "txio Team") so dotenv/shell loaders parse it
consistently and preserve the space.

Source: Linters/SAST tools

GROQ_API_KEYS=your_first_groq_key,your_second_groq_key
GROQ_MODEL=llama-3.3-70b-versatile
PORT=8000
Expand Down
9 changes: 8 additions & 1 deletion backend/api/src/services/email_service.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,15 @@ impl EmailService {
}

pub async fn send_otp_email(&self, email: &str, otp: &str) -> Result<(), AppError> {
// Brevo only sends from verified senders, so the from-address must be
// configurable per deployment instead of a hardcoded domain.
let from_email = std::env::var("EMAIL_FROM")
.unwrap_or_else(|_| "no-reply@txio-backend.com".to_string());
let from_name =
std::env::var("EMAIL_FROM_NAME").unwrap_or_else(|_| "txio Team".to_string());
Comment on lines +22 to +25

@coderabbitai coderabbitai Bot Jun 7, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle empty env values, not just missing ones.

Current fallback only runs when the variable is absent. If EMAIL_FROM/EMAIL_FROM_NAME are set to empty (or whitespace), invalid sender data is sent and OTP delivery can still fail.

Suggested patch 
-        let from_email = std::env::var("EMAIL_FROM")
-            .unwrap_or_else(|_| "no-reply@txio-backend.com".to_string());
-        let from_name =
-            std::env::var("EMAIL_FROM_NAME").unwrap_or_else(|_| "txio Team".to_string());
+        let from_email = std::env::var("EMAIL_FROM")
+            .ok()
+            .map(|v| v.trim().to_string())
+            .filter(|v| !v.is_empty())
+            .unwrap_or_else(|| "no-reply@txio-backend.com".to_string());
+        let from_name = std::env::var("EMAIL_FROM_NAME")
+            .ok()
+            .map(|v| v.trim().to_string())
+            .filter(|v| !v.is_empty())
+            .unwrap_or_else(|| "txio Team".to_string());
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
let from_email = std::env::var("EMAIL_FROM")
.unwrap_or_else(|_| "no-reply@txio-backend.com".to_string());
let from_name =
std::env::var("EMAIL_FROM_NAME").unwrap_or_else(|_| "txio Team".to_string());
let from_email = std::env::var("EMAIL_FROM")
.ok()
.map(|v| v.trim().to_string())
.filter(|v| !v.is_empty())
.unwrap_or_else(|| "no-reply@txio-backend.com".to_string());
let from_name = std::env::var("EMAIL_FROM_NAME")
.ok()
.map(|v| v.trim().to_string())
.filter(|v| !v.is_empty())
.unwrap_or_else(|| "txio Team".to_string());
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/api/src/services/email_service.rs` around lines 22 - 25, The current
from_email and from_name initialization only falls back when the env vars are
missing; update their creation in email_service.rs to treat empty or
whitespace-only values as missing by trimming and checking emptiness before
using them. Replace the std::env::var(...).unwrap_or_else(...) pattern for
from_email and from_name with logic that first obtains the env var (e.g.,
std::env::var(...).ok()), trims and verifies it's not empty (or whitespace), and
only then uses it; otherwise use the existing defaults
("no-reply@txio-backend.com" and "txio Team") so EMAIL_FROM and EMAIL_FROM_NAME
set to empty strings do not become invalid senders.


let body = json!({
"sender": { "email": "no-reply@txio-backend.com", "name": "txio Team" },
"sender": { "email": from_email, "name": from_name },
"to": [{ "email": email }],
"subject": "Your txio OTP",
"htmlContent": format!("<p>Your verification code is: <strong>{}</strong></p><p>This code will expire in 10 minutes.</p>", otp)
Expand Down
Loading