feat: send email to user when api key expires within 7 days (#451)

Co-authored-by: Elias Schneider <login@eliasschneider.com>

backend/internal/service/api_key_service.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	datatype "github.com/pocket-id/pocket-id/backend/internal/model/types"
+	"github.com/pocket-id/pocket-id/backend/internal/utils/email"
 
 	"github.com/pocket-id/pocket-id/backend/internal/common"
 	"github.com/pocket-id/pocket-id/backend/internal/dto"
@@ -16,11 +17,12 @@ import (
 )
 
 type ApiKeyService struct {
-	db *gorm.DB
+	db           *gorm.DB
+	emailService *EmailService
 }
 
-func NewApiKeyService(db *gorm.DB) *ApiKeyService {
-	return &ApiKeyService{db: db}
+func NewApiKeyService(db *gorm.DB, emailService *EmailService) *ApiKeyService {
+	return &ApiKeyService{db: db, emailService: emailService}
 }
 
 func (s *ApiKeyService) ListApiKeys(ctx context.Context, userID string, sortedPaginationRequest utils.SortedPaginationRequest) ([]model.ApiKey, utils.PaginationResponse, error) {
@@ -117,3 +119,47 @@ func (s *ApiKeyService) ValidateApiKey(ctx context.Context, apiKey string) (mode
 
 	return key.User, nil
 }
+
+func (s *ApiKeyService) ListExpiringApiKeys(ctx context.Context, daysAhead int) ([]model.ApiKey, error) {
+	var keys []model.ApiKey
+	now := time.Now()
+	cutoff := now.AddDate(0, 0, daysAhead)
+
+	err := s.db.
+		WithContext(ctx).
+		Preload("User").
+		Where("expires_at > ? AND expires_at <= ? AND expiration_email_sent = ?", datatype.DateTime(now), datatype.DateTime(cutoff), false).
+		Find(&keys).
+		Error
+
+	return keys, err
+}
+
+func (s *ApiKeyService) SendApiKeyExpiringSoonEmail(ctx context.Context, apiKey model.ApiKey) error {
+	user := apiKey.User
+
+	if user.ID == "" {
+		if err := s.db.WithContext(ctx).First(&user, "id = ?", apiKey.UserID).Error; err != nil {
+			return err
+		}
+	}
+
+	err := SendEmail(ctx, s.emailService, email.Address{
+		Name:  user.FullName(),
+		Email: user.Email,
+	}, ApiKeyExpiringSoonTemplate, &ApiKeyExpiringSoonTemplateData{
+		ApiKeyName: apiKey.Name,
+		ExpiresAt:  apiKey.ExpiresAt.ToTime(),
+		Name:       user.FirstName,
+	})
+	if err != nil {
+		return err
+	}
+
+	// Mark the API key as having had an expiration email sent
+	return s.db.WithContext(ctx).
+		Model(&model.ApiKey{}).
+		Where("id = ?", apiKey.ID).
+		Update("expiration_email_sent", true).
+		Error
+}

backend/internal/service/audit_log_service.go

@@ -90,7 +90,7 @@ func (s *AuditLogService) CreateNewSignInWithEmail(ctx context.Context, ipAddres
 			}
 
 			innerErr = SendEmail(innerCtx, s.emailService, email.Address{
-				Name:  user.Username,
+				Name:  user.FullName(),
 				Email: user.Email,
 			}, NewLoginTemplate, &NewLoginTemplateData{
 				IPAddress: ipAddress,

backend/internal/service/email_service_templates.go

@@ -42,6 +42,13 @@ var TestTemplate = email.Template[struct{}]{
 	},
 }
 
+var ApiKeyExpiringSoonTemplate = email.Template[ApiKeyExpiringSoonTemplateData]{
+	Path: "api-key-expiring-soon",
+	Title: func(data *email.TemplateData[ApiKeyExpiringSoonTemplateData]) string {
+		return fmt.Sprintf("API Key \"%s\" Expiring Soon", data.Data.ApiKeyName)
+	},
+}
+
 type NewLoginTemplateData struct {
 	IPAddress string
 	Country   string
@@ -56,5 +63,11 @@ type OneTimeAccessTemplateData = struct {
 	LoginLinkWithCode string
 }
 
+type ApiKeyExpiringSoonTemplateData struct {
+	Name       string
+	ApiKeyName string
+	ExpiresAt  time.Time
+}
+
 // this is list of all template paths used for preloading templates
-var emailTemplatesPaths = []string{NewLoginTemplate.Path, OneTimeAccessTemplate.Path, TestTemplate.Path}
+var emailTemplatesPaths = []string{NewLoginTemplate.Path, OneTimeAccessTemplate.Path, TestTemplate.Path, ApiKeyExpiringSoonTemplate.Path}

backend/internal/service/user_service.go

@@ -399,7 +399,7 @@ func (s *UserService) RequestOneTimeAccessEmail(ctx context.Context, emailAddres
 		}
 
 		errInternal := SendEmail(innerCtx, s.emailService, email.Address{
-			Name:  user.Username,
+			Name:  user.FullName(),
 			Email: user.Email,
 		}, OneTimeAccessTemplate, &OneTimeAccessTemplateData{
 			Code:              oneTimeAccessToken,