jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/docs/production-email-checklist.md
Joakim Mörling 86fb946e33
All checks were successful
CI / Lint, type check, unit tests, coverage (push) Successful in 2m2s
Details
CI / E2E browser tests (push) Successful in 1m55s
Details
Add password reset, logged-in change password, and Mailpit email dev/E2E. 
Operators can fix prod admin passwords without email via Byt lösenord;
end users can use forgot-password when SMTP is configured. Local and CI
use Mailpit to capture outbound mail and verify reset links end-to-end.

- Backend: V8 password_reset_tokens, PasswordResetService, EmailService,
  POST /api/auth/forgot-password, reset-password, change-password
- Optional testToken in forgot-password response (docker profile only, for E2E)
- Frontend: ForgotPasswordPage, ResetPasswordPage, ChangePasswordPage,
  routes, login link, header Byt lösenord
- Mailpit (ghcr.io/axllent/mailpit:v1.28) in docker-compose + e2e stack
- E2E: password-reset.spec.ts + Mailpit API helper tests SMTP delivery
- Separate dev/e2e Docker image names to avoid overwriting bilhej-frontend
- Docs: README email section, production-email-checklist, .env.example
- Unit/integration tests for reset, change password, and Vitest page specs

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 18:05:15 +02:00

1.6 KiB
Raw Blame History

Production email checklist (operator)

Complete these steps on the server / Forgejo—nothing in this file is applied automatically.

Prerequisites

  • Domain bilhej.se DNS managed at your registrar
  • BilHej deployed via Forgejo Deploy to Production

1. Choose a transactional provider

Recommended: Resend or Brevo (EU, free tier).

2. Verify the domain

In the provider dashboard, add bilhej.se and publish the DNS records they give you:

  • SPF (TXT)
  • DKIM (CNAME or TXT)
  • DMARC (TXT, optional but recommended)

You do not need MX records if the app only sends mail (forgot-password).

Wait until the provider shows the domain as verified.

3. Create SMTP credentials

Copy from the provider:

  • SMTP host (e.g. smtp.resend.com)
  • Port (587)
  • Username / password or API key used as password

4. Update production .env

On the server (same file used by docker-compose.prod.yml):

APP_PUBLIC_BASE_URL=https://bilhej.se
MAIL_HOST=<provider-smtp-host>
MAIL_PORT=587
MAIL_USERNAME=<from-provider>
MAIL_PASSWORD=<from-provider>
MAIL_FROM=noreply@bilhej.se

5. Deploy

Run Deploy to Production in Forgejo (do not rsync or manual compose on the server).

6. Smoke test

  1. Open https://bilhej.se/logga-inGlömt lösenord?
  2. Enter an email that exists in users
  3. Check the inbox (and spam) for the reset message
  4. If nothing arrives: docker logs bilhej-backend-prod 2>&1 | grep -i mail

Fallback without SMTP: reset links still appear in backend logs (Password reset link for).