Improve email verification with timeout and fallback handling

kentcdodds · Jan 31, 2025 · df7c4ef · df7c4ef
1 parent 95e45d4
commit df7c4ef
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 12 deletions.
diff --git a/app/routes/login.tsx b/app/routes/login.tsx
@@ -134,8 +134,6 @@ export async function action({ request }: ActionFunctionArgs) {
 async function isEmailVerified(
 	email: string,
 ): Promise<{ verified: true } | { verified: false; message: string }> {
-	const verifierResult = await verifyEmailAddress(email)
-	if (verifierResult.status) return { verified: true }
 	const userExists = Boolean(
 		await prisma.user.findUnique({
 			select: { id: true },
@@ -146,6 +144,9 @@ async function isEmailVerified(
 	const convertKitSubscriber = await getConvertKitSubscriber(email)
 	if (convertKitSubscriber) return { verified: true }
 
+	const verifierResult = await verifyEmailAddress(email)
+	if (verifierResult.status) return { verified: true }
+
 	return { verified: false, message: verifierResult.error.message }
 }
 

diff --git a/app/utils/verifier.server.ts b/app/utils/verifier.server.ts
@@ -1,21 +1,44 @@
 // verifier is an email verification service
 
-import { getRequiredServerEnvVar } from './misc.tsx'
+import { getErrorMessage, getRequiredServerEnvVar } from './misc.tsx'
 
 const VERIFIER_API_KEY = getRequiredServerEnvVar('VERIFIER_API_KEY')
 
+type VerifierResult =
+	| { status: true; email: string; domain: string }
+	| {
+			status: false
+			error: { code: number; message: string }
+	  }
+
 export async function verifyEmailAddress(emailAddress: string) {
 	const verifierUrl = new URL(
 		`https://verifier.meetchopra.com/verify/${emailAddress}`,
 	)
 	verifierUrl.searchParams.append('token', VERIFIER_API_KEY)
-	type VerifierResult =
-		| { status: true; email: string; domain: string }
-		| {
-				status: false
-				error: { code: number; message: string }
-		  }
-	const response = await fetch(verifierUrl.toString())
-	const verifierResult: VerifierResult = await response.json()
-	return verifierResult
+	const controller = new AbortController()
+	const timeoutId = setTimeout(() => controller.abort(), 2000)
+	try {
+		const response = await fetch(verifierUrl.toString(), {
+			signal: controller.signal,
+		})
+		clearTimeout(timeoutId)
+		const verifierResult: VerifierResult = await response.json()
+		return verifierResult
+	} catch (error: unknown) {
+		clearTimeout(timeoutId)
+		if (error instanceof Error && error.name === 'AbortError') {
+			console.error('Email verification timed out:', emailAddress)
+		} else {
+			console.error('Error verifying email:', getErrorMessage(error))
+		}
+		// If the request times out, we'll return a default result
+		// we don't I wanna block the user from logging in if we can't verify the email address
+		// is invalid...
+		return {
+			status: true,
+			email: emailAddress,
+			domain: emailAddress.split('@')[1],
+		}
+	}
 }