Fix to signup, new inbox naming behaviour

[marcrupt]

Summary by CodeRabbit

• Bug Fixes

  • Fixed signup link on login page to route internally instead of redirecting to external URL.

• Improvements

  • Optimized inbox email generation with enhanced domain detection and handling.
  • Improved email resolution workflow for more reliable inbox address assignment.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
sendook	Ready	Preview	Comment	Nov 19, 2025 0:32am
sendook-app	Ready	Preview	Comment	Nov 19, 2025 0:32am

[coderabbitai]

Walkthrough

The inbox creation flow is refactored to support random email generation instead of deterministic generation. The POST /inboxes route now extracts usernames from email parameters and applies conditional logic for domain resolution and email assignment. Two utility functions are exported from InboxController to support this. A navigation link in the login page is changed from external to internal routing.

Changes

Cohort / File(s)	Summary
Inbox Email Generation api/controllers/InboxController.ts	Modified createInbox to use getNewRandomInboxEmail({ name }) for random email generation instead of deterministic generation; getNewRandomInboxEmail now lowercases input names before sanitization and appends random tokens; includes conflict checking via recursion.
Inbox Routing and Resolution Logic api/routes/v1/inboxes/index.ts	Added exports for getInboxByEmail and getNewRandomInboxEmail; expanded POST /inboxes to extract username from email parameter; introduced multi-branch email resolution: use provided email if domainId exists, or generate default/random email with DEFAULT_EMAIL_DOMAIN; removed domain-required 404 error path.
Frontend Navigation app/app/pages/login.vue	Updated NuxtLink destination for signup from external URL (https://app.sendook.com/signup) to internal route (/signup).

Sequence Diagram

sequenceDiagram
    participant Client
    participant Route as POST /inboxes Route
    participant Controller as InboxController
    participant DB as Database

    Client->>Route: POST /inboxes { email, domainId? }
    Route->>Route: Extract username from email
    
    alt domainId provided
        Route->>Controller: createInbox with provided email
    else domainId NOT provided
        Route->>Controller: getInboxByEmail(default_email)
        Controller->>DB: Query inbox by email
        
        alt Inbox exists
            Route->>Controller: getNewRandomInboxEmail(username)
            Note over Controller: Generate random email
            Controller->>DB: Check for conflicts
            alt Conflict found
                Controller->>Controller: Recurse
            else No conflict
                Route->>Controller: createInbox with random email
            end
        else Inbox does NOT exist
            Route->>Controller: createInbox with default email
        end
    end
    
    Controller->>DB: Insert new inbox
    DB-->>Controller: Inbox created
    Controller-->>Route: Return inbox
    Route-->>Client: 201 Created

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• api/routes/v1/inboxes/index.ts: Multiple conditional branches and new control flow logic require careful verification of email resolution precedence and domain handling edge cases.
• api/controllers/InboxController.ts: Email generation refactoring with lowercase handling and recursive conflict checking should be validated for correctness.
• Interactions between files: Verify exported functions are properly utilized in routing logic and handle all edge cases.

Possibly related PRs

• Added types for npm #15: Both PRs modify the POST /inboxes route to accept email parameters and change inbox creation behavior; this PR diverges by removing domain-required errors and adding random/default email generation.
• Domain fixes #17: Both modify email generation in InboxController—this PR implements random generation while the other uses deterministic logic.
• APP MVP + all of v4 changes (Domains, messages, attachments, tests) #6: Both modify inbox routing and controller exports for domain/email resolution and inbox creation logic.

Suggested reviewers

• ahmedmawiri

Poem

🐰 A random inbox springs to life,
Usernames stripped of strife,
Domains bend to logic's call,
New routes guide them through the hall,
And when the signup link takes flight,
We journey inward—oh, what delight! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the two main changes: a signup link fix and new inbox email naming behavior with randomization.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch marc/fix-for-random-first-email

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

api/routes/v1/inboxes/index.ts (1)

45-72: Fix empty local-part validation vulnerability and add .isEmail() check

The current email validator passes invalid emails like @domain.com through to inbox creation:

1. Critical issue: Email "@domain.com" passes .notEmpty() validation, gets split into username="" and domainName="domain.com". If the domain is verified, line 64 stores the invalid email "@domain.com" in the database.

2. Use .isEmail(): Already available in express-validator (used in auth.ts), it would catch malformed emails earlier and align with auth endpoint validation.

3. Normalize username consistently: Line 66 uses raw username when building default emails, but getNewRandomInboxEmail applies strict normalization (lowercase + replace(/[^a-zA-Z0-9]/g, "-")). Apply the same normalization at line 66 to ensure predictable email formats.

4. Clarify email typing: Add explicit type let email: string | undefined; at line 62 for consistency with strict mode.

Location: api/routes/v1/inboxes/index.ts, lines 34, 47–70

🧹 Nitpick comments (1)

api/controllers/InboxController.ts (1)

62-71: Lowercasing + sanitization in getNewRandomInboxEmail looks good; a couple of optional refinements

Lowercasing name before sanitizing is a nice normalization step and keeps generated local parts predictable.

If you want to tighten this further (optional):

• Extract a sanitizedName variable to avoid recomputing inside the template string and make the intent clearer.
• Replace the recursive collision retry with a simple loop to avoid theoretical stack growth, even though collisions with a 10-char base-36 token are vanishingly rare.
• Ensure at process start that process.env.DEFAULT_EMAIL_DOMAIN is defined/non-empty (e.g., via centralized config validation), so you never accidentally end up with @undefined locally-part addresses.

These are polish-level improvements; the current behavior is functionally fine.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 24f23ac and 56a2632.

📒 Files selected for processing (3)

• api/controllers/InboxController.ts (2 hunks)
• api/routes/v1/inboxes/index.ts (3 hunks)
• app/app/pages/login.vue (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

api/routes/v1/inboxes/index.ts (1)

api/controllers/InboxController.ts (3)

• getInboxByEmail (58-60)
• getNewRandomInboxEmail (62-72)
• createInbox (4-24)

🔇 Additional comments (3)

app/app/pages/login.vue (1)

43-46: Signup link now correctly uses internal routing

Switching to <NuxtLink to="/signup"> is a good move for SPA navigation and avoids hard-coding the hosted domain; assuming the /signup route exists, this looks solid.

api/routes/v1/inboxes/index.ts (1)

31-79: New email/domain resolution flow in POST /inboxes looks coherent—confirm product intent

The new flow—extract username/domain from req.body.email, attach domainId only when a verified domain exists, and otherwise fall back to a default-domain email (with randomization on conflict)—fits well with the goal of making inbox creation more forgiving and aligns with the updated createInbox helper.

One notable behavioral change is that providing an email on an unverified domain now results in an inbox on the default domain (same local part) instead of a “Domain not found” 404. If that’s the intended UX for signups/onboarding, this implementation looks consistent; just worth confirming with product so callers aren’t surprised by the domain being silently swapped.

api/controllers/InboxController.ts (1)

15-23: No edge case found—all call sites correctly omit the email parameter

Verification confirms that all four call sites to createInbox omit the email parameter entirely, never passing an empty string. The concern in the review is unfounded; the code change is working correctly as designed.