feat: skip email verification check in local development

deepracticexs · deepracticexs · commit 8ad44e384fa1 · 2025-10-13T18:19:22.000+08:00
- Allow unverified users to login when PLUNK_API_KEY is not set or starts with 'dev-'
- Improves local development experience - no need to verify email
- Production still requires email verification for security
diff --git a/services/account-api/src/routes/auth.ts b/services/account-api/src/routes/auth.ts
@@ -36,8 +36,10 @@ auth.post("/login", async (c) => {
       throw errors.unauthorized("Invalid credentials");
     }
 
-    // Check if email is verified
-    if (!user.email_verified) {
+    // Check if email is verified (skip check in local dev environment)
+    const isLocalDev =
+      !c.env.PLUNK_API_KEY || c.env.PLUNK_API_KEY.startsWith("dev-");
+    if (!user.email_verified && !isLocalDev) {
       throw errors.unauthorized("Please verify your email before logging in");
     }
 

Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,10 @@ auth.post("/login", async (c) => {`
`36`	`36`	`throw errors.unauthorized("Invalid credentials");`
`37`	`37`	`}`
`38`	`38`
`39`		`- // Check if email is verified`
`40`		`- if (!user.email_verified) {`
	`39`	`+ // Check if email is verified (skip check in local dev environment)`
	`40`	`+ const isLocalDev =`
	`41`	`+ !c.env.PLUNK_API_KEY \|\| c.env.PLUNK_API_KEY.startsWith("dev-");`
	`42`	`+ if (!user.email_verified && !isLocalDev) {`
`41`	`43`	`throw errors.unauthorized("Please verify your email before logging in");`
`42`	`44`	`}`
`43`	`45`