feat: OTP service add of Gmail; remove service of Resend

rohitbytecode · rohitbytecode · commit 9890a9bf7609 · 2026-02-17T20:00:13.000+05:30
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -31,8 +31,8 @@
     "jsonwebtoken": "^9.0.3",
     "mongoose": "^9.0.0",
     "morgan": "^1.10.1",
-    "razorpay": "^2.9.6",
-    "resend": "^6.9.2"
+    "nodemailer": "^8.0.1",
+    "razorpay": "^2.9.6"
   },
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^8.49.0",
diff --git a/src/controllers/authcontroller.js b/src/controllers/authcontroller.js
@@ -1,8 +1,7 @@
 import bcrypt from 'bcrypt';
 import jwt from 'jsonwebtoken';
 import User from '../models/User.js';
-import { sendOtpEmail } from "../services/email.service.js";
-import { createAndStoreOtp, verifyStoredOtp } from "../services/otp.service.js";
+import { createAndSendOTP, verifyOTP } from '../services/otp.service.js';
 
 export const login = async (req, res) => {
   try {
@@ -59,41 +58,48 @@ export const login = async (req, res) => {
   }
 };
 
-export const sendOTP = async (req, res) => {
+export const sendOTP = async (req, res, next) => {
   try {
     const { email } = req.body;
 
-    const otp = await createAndStoreOtp(email);
-    await sendOtpEmail(email, otp);
+    if (!email) {
+      return res.status(400).json({
+        success: false,
+        message: 'Email is required'
+      });
+    }
+
+    await createAndSendOTP(email);
 
     res.status(200).json({
       success: true,
-      message: "OTP sent successfully"
+      message: 'OTP sent successfully'
     });
 
   } catch (error) {
-    res.status(500).json({
-      success: false,
-      message: error.message
-    });
+    next(error);
   }
 };
 
-export const verifyOTP = async (req, res) => {
+export const validateOTP = async (req, res, next) => {
   try {
     const { email, otp } = req.body;
 
-    await verifyStoredOtp(email, otp);
+    if (!email || !otp) {
+      return res.status(400).json({
+        success: false,
+        message: 'Email and OTP are required'
+      });
+    }
+
+    await verifyOTP(email, otp);
 
     res.status(200).json({
       success: true,
-      message: "OTP verified successfully"
+      message: 'OTP verified successfully'
     });
 
   } catch (error) {
-    res.status(400).json({
-      success: false,
-      message: error.message
-    });
+    next(error);
   }
 };
diff --git a/src/models/otp.model.js b/src/models/otp.model.js
@@ -1,28 +1,20 @@
-import mongoose from "mongoose";
+import mongoose from 'mongoose';
 
-const otpSchema = new mongoose.Schema(
-  {
-    email: {
-      type: String,
-      required: true,
-      index: true
-    },
-    otpHash: {
-      type: String,
-      required: true
-    },
-    expiresAt: {
-      type: Date,
-      required: true
-    },
-    attempts: {
-      type: Number,
-      default: 0
-    }
+const otpSchema = new mongoose.Schema({
+  email: {
+    type: String,
+    required: true,
+    index: true
   },
-  { timestamps: true }
-);
-
-otpSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+  otp: {
+    type: String,
+    required: true
+  },
+  expiresAt: {
+    type: Date,
+    required: true,
+    index: { expires: 0 }
+  }
+}, { timestamps: true });
 
-export default mongoose.model("Otp", otpSchema);
+export default mongoose.model('OTP', otpSchema);
diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js
@@ -7,7 +7,7 @@ const router = express.Router();
 
 router.post('/login', authController.login);
 router.post('/send-otp', authController.sendOTP);
-router.post('/verify-otp', authController.verifyOTP);
+router.post('/verify-otp', authController.validateOTP);
 
 router.get('/health', (req, res) => {
   res.json({
diff --git a/src/services/email.service.js b/src/services/email.service.js
@@ -1,18 +1,62 @@
-import { Resend } from "resend";
+import nodemailer from 'nodemailer';
 
-const resend = new Resend(process.env.RESEND_API_KEY);
+const transporter = nodemailer.createTransport({
+  service: 'gmail',
+  auth: {
+    user: process.env.GMAIL_EMAIL,
+    pass: process.env.GMAIL_APP_PASSWORD
+  }
+});
+
+export const sendOTPEmail = async (email, otp) => {
+  await transporter.sendMail({
+    from: `"HMS Team" <${process.env.GMAIL_EMAIL}>`,
+    to: email,
+    replyTo: process.env.GMAIL_EMAIL,
+    subject: 'Your One-Time Password (OTP) – Secure Verification',
+
+    text: `Your OTP is ${otp}. It is valid for 5 minutes. Do not share this code with anyone.`,
 
-export const sendOtpEmail = async (to, otp) => {
-  return await resend.emails.send({
-    from: "HMS <onboarding@resend.dev>",
-    to,
-    subject: "Your OTP Code",
     html: `
-      <div style="font-family: Arial;">
-        <h2>OTP Verification</h2>
-        <p>Your OTP is:</p>
-        <h1>${otp}</h1>
-        <p>This OTP expires in 5 minutes.</p>
+      <div style="font-family: Arial, sans-serif; background-color: #f4f6f8; padding: 20px;">
+        <div style="max-width: 600px; margin: 0 auto; background-color: #ffffff; padding: 30px; border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.05);">
+          
+          <h2 style="color: #333333; margin-bottom: 10px;">Verification Required</h2>
+          
+          <p style="color: #555555; font-size: 14px; line-height: 1.6;">
+            Dear User,
+          </p>
+          
+          <p style="color: #555555; font-size: 14px; line-height: 1.6;">
+            We received a request to verify your identity. Please use the One-Time Password (OTP) below to proceed:
+          </p>
+          
+          <div style="text-align: center; margin: 25px 0;">
+            <span style="display: inline-block; font-size: 28px; font-weight: bold; letter-spacing: 4px; color: #1a73e8; background-color: #f1f3f4; padding: 12px 24px; border-radius: 6px;">
+              ${otp}
+            </span>
+          </div>
+          
+          <p style="color: #555555; font-size: 14px; line-height: 1.6;">
+            This OTP is valid for <strong>5 minutes</strong>. 
+            For security reasons, please do not share this code with anyone.
+          </p>
+          
+          <p style="color: #555555; font-size: 14px; line-height: 1.6;">
+            If you did not request this verification, you may safely ignore this email.
+          </p>
+          
+          <hr style="border: none; border-top: 1px solid #eeeeee; margin: 30px 0;" />
+          
+          <p style="color: #888888; font-size: 12px; line-height: 1.5;">
+            This is an automated message. Please do not reply to this email.
+          </p>
+          
+          <p style="color: #888888; font-size: 12px;">
+            © ${new Date().getFullYear()} HMS Team. All rights reserved.
+          </p>
+          
+        </div>
       </div>
     `
   });
diff --git a/src/services/otp.service.js b/src/services/otp.service.js
