// Auth.views.jsx — public SPA views for the email-verify + password-reset // flows. Both screens read the `token` query-string param, hit the matching // /api/auth/* endpoint, and show a clear success / failure state. // // These don't depend on AuthModal — a user clicking the link in their email // (eventually) lands here directly without needing to be logged in. const { useState: useStateAV, useEffect: useEffectAV } = React; function VerifyEmailView({ go, lang }) { const isKo = lang === 'ko'; const [state, setState] = useStateAV('working'); // 'working' | 'ok' | 'invalid' | 'expired' | 'used' | 'error' const [msg, setMsg] = useStateAV(''); useEffectAV(() => { const token = new URLSearchParams(window.location.search).get('token'); if (!token) { setState('invalid'); return; } (async () => { try { const r = await fetch('/api/auth/verify-email', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ token }), }); const d = await r.json().catch(() => ({})); if (r.ok) { setState('ok'); return; } if (d.error === 'expired') setState('expired'); else if (d.error === 'already_used') setState('used'); else if (d.error === 'invalid_token') setState('invalid'); else { setState('error'); setMsg(d.error || ('http_' + r.status)); } } catch (e) { setState('error'); setMsg(String(e.message || e)); } })(); }, []); const T = { working: isKo ? '이메일 인증 처리 중…' : 'Verifying your email…', ok: isKo ? '이메일이 확인되었습니다 ✓' : 'Email verified ✓', invalid: isKo ? '인증 링크가 유효하지 않습니다.' : 'This verification link is invalid.', expired: isKo ? '인증 링크가 만료되었습니다. 새 링크를 요청해 주세요.' : 'This link has expired. Please request a new one.', used: isKo ? '이 인증 링크는 이미 사용되었습니다.' : 'This link has already been used.', error: isKo ? '오류가 발생했습니다.' : 'Something went wrong.', }; const ok = state === 'ok'; return (

{isKo ? '이메일 인증' : 'Email verification'}

{T[state]}

{msg &&

{msg}

}
); } window.VerifyEmailView = VerifyEmailView; function ResetPasswordView({ go, lang }) { const isKo = lang === 'ko'; // Two-mode view: // no token in URL → show "request a reset link" form // token present → show "set a new password" form const token = new URLSearchParams(window.location.search).get('token') || ''; const [email, setEmail] = useStateAV(''); const [password, setPassword] = useStateAV(''); const [busy, setBusy] = useStateAV(false); const [done, setDone] = useStateAV(null); // 'requested' | 'reset' const [err, setErr] = useStateAV(''); const [devLink, setDevLink] = useStateAV(''); async function requestReset(e) { e.preventDefault(); if (busy) return; setBusy(true); setErr(''); setDevLink(''); try { const r = await fetch('/api/auth/request-password-reset', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ email }), }); const d = await r.json().catch(() => ({})); if (!r.ok) { setErr(d.error || ('http_' + r.status)); return; } setDone('requested'); // Until SMTP is wired the API returns the token directly so the // operator can test the flow. Show it as a clickable link so they // can hop straight to the reset form. if (d.token) setDevLink(window.location.origin + '/reset-password?token=' + encodeURIComponent(d.token)); } catch (e) { setErr(String(e.message || e)); } finally { setBusy(false); } } async function confirmReset(e) { e.preventDefault(); if (busy) return; setBusy(true); setErr(''); try { const r = await fetch('/api/auth/confirm-password-reset', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ token, password }), }); const d = await r.json().catch(() => ({})); if (!r.ok) { setErr({ invalid_token: isKo ? '재설정 링크가 유효하지 않습니다.' : 'Invalid reset link.', expired: isKo ? '링크가 만료되었습니다. 새 링크를 요청해 주세요.' : 'Link expired. Please request a new one.', already_used: isKo ? '이미 사용된 링크입니다.' : 'This link was already used.', password_too_short: isKo ? '비밀번호는 최소 8자 이상이어야 합니다.' : 'Password must be at least 8 characters.', }[d.error] || (d.error || ('http_' + r.status))); return; } setDone('reset'); } catch (e) { setErr(String(e.message || e)); } finally { setBusy(false); } } if (done === 'reset') { return (

{isKo ? '비밀번호가 재설정되었습니다' : 'Password reset'}

{isKo ? '새 비밀번호로 로그인해 주세요.' : 'Sign in with your new password.'}

); } if (token) { return (

{isKo ? '새 비밀번호 설정' : 'Set a new password'}

{err &&
{err}
}
); } return (

{isKo ? '비밀번호 재설정' : 'Reset your password'}

{isKo ? '가입하신 이메일을 입력하시면 재설정 링크를 보내드립니다.' : 'Enter your email and we\'ll send a reset link.'}

{window.EmailField ? : ( )} {err &&
{err}
} {done === 'requested' && (
{isKo ? '재설정 링크가 발송되었습니다 (해당 이메일이 등록된 경우).' : 'If that email exists, a reset link is on its way.'} {devLink && (
DEV:{' '} {devLink}
{isKo ? 'SMTP 연동 전이라 토큰 링크를 직접 노출합니다. 운영 시 제거됩니다.' : 'Shown only until SMTP is wired; remove for production.'}
)}
)}
); } window.ResetPasswordView = ResetPasswordView; // ActivateAccountView — entry point for the activation email link // /activate?email=&code=<6-digit> // Reads both query params; if both are present it auto-submits, otherwise it // renders an email + code form so the user can paste them by hand. function ActivateAccountView({ go, lang }) { const isKo = lang === 'ko'; const params = new URLSearchParams(window.location.search); const initialEmail = params.get('email') || ''; const initialCode = (params.get('code') || '').replace(/\D/g, '').slice(0, 6); const [email, setEmail] = useStateAV(initialEmail); const [code, setCode] = useStateAV(initialCode); const [state, setState] = useStateAV(initialEmail && initialCode.length === 6 ? 'working' : 'idle'); // idle | working | ok | invalid_code | expired | error const [msg, setMsg] = useStateAV(''); const [resentAt, setResentAt] = useStateAV(0); async function submitActivation(e_, c_) { setState('working'); setMsg(''); try { const r = await fetch('/api/auth/activate', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ email: e_, code: c_ }), }); const d = await r.json().catch(() => ({})); if (r.ok) { // Auto-login the activated user via the returned session token. if (d.token && window.DreamPathAuth && window.DreamPathAuth.adoptSession) { window.DreamPathAuth.adoptSession(d.token, d.user); } setState('ok'); return; } if (d.error === 'invalid_code') setState('invalid_code'); else if (d.error === 'activation_expired') setState('expired'); else if (d.error === 'no_pending_activation') { setState('error'); setMsg(isKo ? '이미 활성화되었거나 인증 요청이 없습니다.' : 'No pending activation for this email.'); } else { setState('error'); setMsg(d.error || ('http_' + r.status)); } } catch (err) { setState('error'); setMsg(String(err.message || err)); } } useEffectAV(() => { if (initialEmail && initialCode.length === 6) submitActivation(initialEmail, initialCode); // eslint-disable-next-line react-hooks/exhaustive-deps }, []); async function resend() { if (!email) return; if (resentAt && Date.now() - resentAt < 60_000) return; setResentAt(Date.now()); try { await fetch('/api/auth/resend-activation', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ email, lang }), }); } catch {} } if (state === 'ok') { return (

{isKo ? '계정이 활성화되었습니다' : 'Account activated'}

{isKo ? '환영합니다! 이제 로그인 상태로 진입합니다.' : 'Welcome — you are now signed in.'}

); } return (

{isKo ? '계정 활성화' : 'Activate your account'}

{isKo ? '메일로 받은 6자리 인증코드를 입력하세요. 코드는 발송 후 72시간 동안 유효합니다.' : 'Enter the 6-digit code sent to your email. Codes are valid for 72 hours.'}

{ e.preventDefault(); submitActivation(email, code); }}> {(state === 'invalid_code' || state === 'expired' || state === 'error') && (
{state === 'invalid_code' ? (isKo ? '인증코드가 일치하지 않습니다.' : 'Code does not match.') : state === 'expired' ? (isKo ? '인증코드가 만료되었습니다. 새 코드를 요청하세요.' : 'This code has expired. Request a new one.') : (msg || (isKo ? '오류가 발생했습니다.' : 'Something went wrong.'))}
)}
{isKo ? '코드를 못 받으셨나요?' : "Didn't get the code?"}{' '}
); } window.ActivateAccountView = ActivateAccountView;