1. Brevo email integration (API key, sender settings)

2. URL configuration fix (BASE_URL, FRONTEND_URL) 3. Password reset URL pointing to frontend instead of API
2026-05-14 18:41:08 +02:00 · 2025-12-16 21:12:25 +01:00 · 2025-12-16 21:12:25 +01:00 · 8c973e4354
commit 8c973e4354
parent 3e3e9f33aa
7 changed files with 42 additions and 4 deletions
--- a/.env.development
+++ b/.env.development
@ -65,6 +65,10 @@ BREVO_API_KEY=
 EMAIL_SENDER_ADDRESS=noreply@manacore.ai
 EMAIL_SENDER_NAME=ManaCore

+# URLs for auth callbacks
+BASE_URL=http://localhost:3001
+FRONTEND_URL=http://localhost:5173
+
 # ============================================
 # CHAT PROJECT
 # ============================================
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@ -116,6 +116,11 @@ jobs:
          EMAIL_SENDER_ADDRESS=noreply@manacore.ai
          EMAIL_SENDER_NAME=ManaCore

+          # Base URL for auth callbacks (password reset, email verification)
+          BASE_URL=https://auth.staging.manacore.ai
+          # Frontend URL for password reset and email verification links
+          FRONTEND_URL=https://staging.manacore.ai
+
          # Supabase
          SUPABASE_URL=${{ secrets.SUPABASE_URL }}
          SUPABASE_ANON_KEY=${{ secrets.SUPABASE_ANON_KEY }}
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@ -19,6 +19,13 @@ services:
      JWT_SECRET: ${JWT_SECRET}
      JWT_PUBLIC_KEY: ${JWT_PUBLIC_KEY}
      JWT_PRIVATE_KEY: ${JWT_PRIVATE_KEY}
+      # Brevo Email Service
+      BREVO_API_KEY: ${BREVO_API_KEY}
+      EMAIL_SENDER_ADDRESS: ${EMAIL_SENDER_ADDRESS:-noreply@manacore.ai}
+      EMAIL_SENDER_NAME: ${EMAIL_SENDER_NAME:-ManaCore}
+      # URLs
+      BASE_URL: ${BASE_URL:-https://auth.manacore.ai}
+      FRONTEND_URL: ${FRONTEND_URL:-https://manacore.ai}
    ports:
      - "127.0.0.1:3001:3001"
    healthcheck:
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@ -78,6 +78,10 @@ services:
      BREVO_API_KEY: ${BREVO_API_KEY}
      EMAIL_SENDER_ADDRESS: ${EMAIL_SENDER_ADDRESS:-noreply@manacore.ai}
      EMAIL_SENDER_NAME: ${EMAIL_SENDER_NAME:-ManaCore}
+      # Base URL for auth callbacks (password reset, email verification)
+      BASE_URL: ${BASE_URL:-https://auth.staging.manacore.ai}
+      # Frontend URL for password reset and email verification links
+      FRONTEND_URL: ${FRONTEND_URL:-https://staging.manacore.ai}
      # CORS - Allow all staging web app origins (HTTPS domains + localhost for dev)
      CORS_ORIGINS: https://chat.staging.manacore.ai,https://staging.manacore.ai,https://calendar.staging.manacore.ai,https://clock.staging.manacore.ai,https://todo.staging.manacore.ai,http://localhost:3000,http://localhost:5173,http://localhost:5186,http://localhost:5187,http://localhost:5188
    ports:
--- a/services/mana-core-auth/.env.example
+++ b/services/mana-core-auth/.env.example
@ -40,5 +40,11 @@ RATE_LIMIT_MAX=100
 # Get your API key from: https://app.brevo.com/settings/keys/api
 # Without this key, emails are logged to console only (dev mode)
 BREVO_API_KEY=
-EMAIL_SENDER_ADDRESS=noreply@manacore.app
+EMAIL_SENDER_ADDRESS=noreply@manacore.ai
 EMAIL_SENDER_NAME=ManaCore
+
+# URLs
+# BASE_URL: Used by Better Auth for internal callbacks
+# FRONTEND_URL: Used for password reset and email verification links
+BASE_URL=http://localhost:3001
+FRONTEND_URL=http://localhost:5173
--- a/services/mana-core-auth/src/auth/better-auth.config.ts
+++ b/services/mana-core-auth/src/auth/better-auth.config.ts
@ -126,13 +126,20 @@ export function createBetterAuth(databaseUrl: string) {
 			 * Set BREVO_API_KEY environment variable to enable email sending.
 			 * Without the API key, emails are logged to console (dev mode).
 			 *
+			 * The reset URL points to the frontend's reset-password page, not the API.
+			 * Set FRONTEND_URL environment variable for production.
+			 *
 			 * @see https://www.better-auth.com/docs/authentication/email-password#password-reset
 			 */
-			sendResetPassword: async ({ user, url }) => {
+			sendResetPassword: async ({ user, token }) => {
+				// Construct URL pointing to frontend's reset-password page
+				const frontendUrl = process.env.FRONTEND_URL || 'http://localhost:5173';
+				const resetUrl = `${frontendUrl}/reset-password?token=${token}`;
+
 				await sendPasswordResetEmail({
 					email: user.email,
 					name: user.name || undefined,
-					resetUrl: url,
+					resetUrl,
 				});
 			},
 		},
--- a/services/mana-core-auth/src/config/configuration.ts
+++ b/services/mana-core-auth/src/config/configuration.ts
@ -52,7 +52,12 @@ export default () => ({

 	email: {
 		brevoApiKey: process.env.BREVO_API_KEY || '',
-		senderAddress: process.env.EMAIL_SENDER_ADDRESS || 'noreply@manacore.app',
+		senderAddress: process.env.EMAIL_SENDER_ADDRESS || 'noreply@manacore.ai',
 		senderName: process.env.EMAIL_SENDER_NAME || 'ManaCore',
 	},
+
+	urls: {
+		baseUrl: process.env.BASE_URL || 'http://localhost:3001',
+		frontendUrl: process.env.FRONTEND_URL || 'http://localhost:5173',
+	},
 });