Introduce Email Verification system

[ayshadogo]

Description:
Allow users to verify their email address via a token sent during registration.

Tasks:

• Generate a secure random token using crypto
• Save emailVerificationToken and emailVerificationExpires on the User model
• Create GET /api/auth/verify-email/:token endpoint
• Set isVerified: true and clear the token fields on successful verification
• Return 400 if token is invalid or expired

Acceptance Criteria:
Users can verify their email; unverified users cannot log in.

---

[Padom2020]

@Padom2020 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi! I'd like to apply to work on this issue.
I'm a fullstack developer with over 5 years of experience, including backend auth systems and email verification flows. I've built highly complex production software including my ecommerce platform digemart.com, eventcrib.com, and stannscollegeddl.org.
My plan:

Generate a secure random token using Node's crypto module (e.g. crypto.randomBytes), not a predictable or short-lived scheme.
Add emailVerificationToken and emailVerificationExpires fields to the User model, set during registration.
Implement GET /api/auth/verify-email/:token look up the user by token, check expiry, and on success set isVerified: true and clear both token fields.
Return 400 for an invalid or expired token, with a clear distinct message for each case (not a generic error) so users know whether to request a new link or recheck the one they used.
Update the login flow to block unverified users with a clear error rather than allowing partial access.
Add tests: successful verification, expired token, invalid/nonexistent token, and login attempt while unverified.

I'll open a draft PR within 6 hours of confirming scope, particularly around the existing email-sending mechanism (if one exists) to send the verification link itself.
Looking forward to contributing!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Padom2020 to this issue.

[YaronZaki]

@YaronZaki has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hello, can I take this?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @YaronZaki to this issue.

[drips-wave]

Congratulations, @YaronZaki! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @YaronZaki: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[grantfox-oss]

🦊 GrantFox — @YaronZaki has been assigned to this issue!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #362)
2. Your PR will be reviewed by the Dfunder maintainers

Good luck! Track your progress on GrantFox.