Phone verification on entryway #2055
Conversation
| if (!input.body.verificationPhone) { | ||
| throw new InvalidRequestError( | ||
| 'Phone number verification is required on this server and none was provided.', | ||
| 'InvalidPhoneVerification', |
There was a problem hiding this comment.
We might consider adding this error type to the lexicon.
There was a problem hiding this comment.
yeah i played kinda fast and loose cuz i know this is gonna be temporary. but yup probably a good idea 👍
| .insertInto('phone_verification') | ||
| .values({ | ||
| did, | ||
| phoneNumber: input.body.verificationPhone, |
There was a problem hiding this comment.
Not sure if twilio spits out a normalized version of phone numbers—but if they do it might be worth tracking it here. It's a real pain to validate and normalize phone numbers, and we'll end-up storing a wide variety of different formats in here.
There was a problem hiding this comment.
yup looks like it does 👍
| .createIndex('phone_verification_number_idx') | ||
| .on('phone_verification') | ||
| .column('phoneNumber') |
There was a problem hiding this comment.
We'll want to ensure the numbers stored here are normalized.
There was a problem hiding this comment.
ah right that's a good point 🤔
There was a problem hiding this comment.
okay actually took a different track on this & decided to just enforce the format that twilio wants (https://www.twilio.com/docs/glossary/what-e164#regex-matching-for-e164)
the api forces it pretty close, but it still allows some slight variations (like dashes between numbers)
| ctx.twilio.sendCode = async (number: string) => { | ||
| if (!verificationCodes[number]) { | ||
| const code = crypto.randomStr(4, 'base10').slice(0, 6) | ||
| verificationCodes[number] = code | ||
| } | ||
| const code = verificationCodes[number] | ||
| sentCodes.push({ code, number }) | ||
| } | ||
| ctx.twilio.verifyCode = async (number: string, code: string) => { | ||
| if (verificationCodes[number] === code) { | ||
| delete verificationCodes[number] | ||
| return true | ||
| } | ||
| return false | ||
| } |
There was a problem hiding this comment.
I believe there's some comparable mocking code in dev-env—could we make use of that here?
Adds optional phone verification to the entryway using Twilio's verify API
Building off of the schemas in #2056