Fix typescript -

packages/api/package.json

@@ -29,6 +29,7 @@
     "mongoose": "^8.11.0",
     "mongoose-lean-id": "^1.0.0",
     "mongoose-lean-virtuals": "^1.1.0",
+    "resend": "^4.0.0",
     "typescript": "^5.9.3"
   }
 }

packages/api/src/auth/auth.controller.ts

@@ -4,6 +4,9 @@ import { UserService } from "@/user/user.service";
 import { User } from "@/user/user.entity";
 import { Request } from "express";
 import sendToWebhook from "@/logging/webhook";
+import { PasswordReset } from "./passwordReset.entity";
+import crypto from "crypto";
+import { Resend } from "resend";
 
 @Controller()
 export class AuthController {
@@ -80,4 +83,77 @@ export class AuthController {
         return { message: "success" };
     }
 
+    @Post("/forgot-password")
+    async requestPasswordReset(req: Request): Promise<{ success: true }> {
+        const email = typeof req.body?.email === "string" ? req.body.email.trim().toLowerCase() : "";
+        if (!email) throw new BadRequest("Email is required.");
+
+        const user = await this.userService.getUserByEmail(email);
+
+        // Always respond success to avoid account enumeration.
+        if (!user?.id || !user.email) return { success: true };
+
+        const token = crypto.randomBytes(32).toString("hex");
+        const tokenHash = crypto.createHash("sha256").update(token).digest("hex");
+        const expiresAt = new Date(Date.now() + 60 * 60 * 1000); // 1 hour validity
+
+        await PasswordReset.deleteMany({ user: user.id });
+        await PasswordReset.create({ user: user.id, tokenHash, expiresAt, used: false });
+
+        const resendApiKey = process.env.RESEND_API_KEY;
+        if (!resendApiKey) throw new BadRequest("Password reset is unavailable right now. Please try again later.");
+
+        const resend = new Resend(resendApiKey);
+        const frontendUrl = process.env.FRONTEND_URL || "https://sequenced.ottegi.com";
+        const resetUrl = `${frontendUrl.replace(/\/$/, "")}/auth/forgotPassword?token=${token}`;
+        const fromEmail = process.env.RESET_FROM_EMAIL || "Sequenced <sequenced@ottegi.com>";
+
+        await resend.emails.send({
+            from: fromEmail,
+            to: user.email,
+            subject: "Reset your Sequenced password",
+            html: `
+                <div style="font-family: Arial, sans-serif; line-height: 1.5; color: #0f172a;">
+                    <h2 style="color:#2563eb;margin-bottom:12px;">Reset your password</h2>
+                    <p>Hello ${user.first ?? "there"},</p>
+                    <p>We received a request to reset your Sequenced password. Click the button below to set a new password. This link will expire in 1 hour.</p>
+                    <p style="margin:16px 0;">
+                        <a href="${resetUrl}" style="display:inline-block;padding:12px 18px;background:#2563eb;color:white;text-decoration:none;border-radius:10px;font-weight:600;">Reset password</a>
+                    </p>
+                    <p>If the button doesn't work, copy and paste this link into your browser:</p>
+                    <p style="word-break:break-all;"><a href="${resetUrl}">${resetUrl}</a></p>
+                    <p>If you didn't request this, you can safely ignore this email.</p>
+                </div>
+            `
+        });
+
+        return { success: true };
+    }
+
+    @Post("/reset-password")
+    async resetPassword(req: Request): Promise<{ success: true }> {
+        const token = typeof req.body?.token === "string" ? req.body.token.trim() : "";
+        const password = typeof req.body?.password === "string" ? req.body.password : "";
+
+        if (!token || !password) {
+            throw new BadRequest("Reset token and password are required.");
+        }
+
+        if (password.length < 8) {
+            throw new BadRequest("Password must be at least 8 characters long.");
+        }
+
+        const tokenHash = crypto.createHash("sha256").update(token).digest("hex");
+        const resetRequest = await PasswordReset.findOne({ tokenHash, used: false }).lean<PasswordReset>().exec();
+
+        if (!resetRequest || !resetRequest.user || resetRequest.expiresAt < new Date()) {
+            throw new BadRequest("This reset link is invalid or has expired.");
+        }
+
+        await this.userService.updateUser(resetRequest.user as any, { password });
+        await PasswordReset.updateOne({ _id: resetRequest._id }, { used: true }).exec();
+
+        return { success: true };
+    }
+
 }

packages/api/src/auth/passwordReset.entity.ts

@@ -0,0 +1,21 @@
+import { Entity, Model, Prop, Index } from "@/_lib/mongoose";
+import { User } from "@/user/user.entity";
+
+@Entity({ timestamps: true })
+@Index({ tokenHash: 1 }, { unique: true })
+export class PasswordReset extends Model {
+
+    id: string;
+
+    @Prop({ type: String, required: true })
+    tokenHash: string;
+
+    @Prop({ type: Date, required: true, expires: 0 })
+    expiresAt: Date;
+
+    @Prop({ type: Boolean, default: false })
+    used: boolean;
+
+    @Prop({ type: User, required: true })
+    user: User;
+}

packages/app/android/app/capacitor.build.gradle

@@ -9,9 +9,6 @@ android {
 
 apply from: "../capacitor-cordova-android-plugins/cordova.variables.gradle"
 dependencies {
-    implementation project(':capacitor-community-admob')
-    implementation project(':capacitor-community-sqlite')
-    implementation project(':capacitor-filesystem')
     implementation project(':capacitor-local-notifications')
     implementation project(':capacitor-preferences')
 

packages/app/android/capacitor.settings.gradle

@@ -2,15 +2,6 @@
 include ':capacitor-android'
 project(':capacitor-android').projectDir = new File('../../../node_modules/@capacitor/android/capacitor')
 
-include ':capacitor-community-admob'
-project(':capacitor-community-admob').projectDir = new File('../../../node_modules/@capacitor-community/admob/android')
-
-include ':capacitor-community-sqlite'
-project(':capacitor-community-sqlite').projectDir = new File('../../../node_modules/@capacitor-community/sqlite/android')
-
-include ':capacitor-filesystem'
-project(':capacitor-filesystem').projectDir = new File('../../../node_modules/@capacitor/filesystem/android')
-
 include ':capacitor-local-notifications'
 project(':capacitor-local-notifications').projectDir = new File('../../../node_modules/@capacitor/local-notifications/android')