Skip to main content
The verification page allows users to verify their student email address to gain access to Faculty Bot features. This ensures only students from the university can use the bot.

Verification Flow

Verification Route

The verification page is protected and requires an authenticated user:
src/web/mod.rs
#[get("/verify")]
pub fn verify(_user: AuthenticatedUser<'_>) -> Template {
    Template::render("verify", &{})
}
Users must be logged in via Discord OAuth before they can verify their email.

Email Validation

Only university email addresses are accepted:
src/web/api/mod.rs
let email_regex = regex::Regex::new(r"^[a-zA-Z0-9_.+-]+@stud.hs-kempten.de$")
    .unwrap();

if !email_regex.is_match(&email.email) {
    return Json(Response {
        data: "FAILTHIS".to_string(),
        status: 400,
        message: "Ungültige E-Mail Adresse".to_string(),
    });
}

Valid Email Format

Emails must match the pattern:
  • Username: alphanumeric characters, dots, underscores, plus, or hyphen
  • Domain: @stud.hs-kempten.de
Examples:
  • john.doe@stud.hs-kempten.de
  • max_mueller@stud.hs-kempten.de
  • student@gmail.com
  • professor@hs-kempten.de

Duplicate Email Check

The system checks if an email is already registered:
src/web/api/mod.rs
// Check if email is already in use
let user = true; // Database check would go here

if user {
    return Json(Response {
        data: "ERR_USER_EXISTS".to_string(),
        status: 400,
        message: "E-Mail Adresse wird bereits verwendet, möchtest du stattdessen deinen Account wechseln?".to_string(),
    });
}
When a duplicate email is detected, users are prompted to switch accounts instead of creating a new verification.

Re-verification

Users can re-verify their email if needed:
src/web/mod.rs
#[get("/reverify")]
pub fn reverify(_user: AuthenticatedUser<'_>) -> Template {
    Template::render("reverify", &{})
}
This is useful when:
  • Verification code expired
  • Email changed
  • Previous verification failed

Data Structures

Email Request

src/web/structs.rs
#[derive(Deserialize)]
pub struct Email {
    pub email: String,
}
Used for the initial email submission.

Code Verification Request

src/web/structs.rs
#[derive(Deserialize)]
pub struct Code {
    pub code: String,
    pub email: String,
}
Contains both the verification code and email for validation.

API Response

src/web/structs.rs
#[derive(Serialize)]
pub struct Response<T> {
    pub data: T,
    pub status: u16,
    pub message: String,
}
Standardized response format for all verification API calls.

Error Handling

Error Codes

Error CodeStatusDescription
ERR_USER_EXISTS400Email already registered
FAILTHIS400Invalid email format or code
SUCCESS200Operation successful

Error Messages

All error messages are in German to match the university’s language:
  • Invalid email: “Ungültige E-Mail Adresse”
  • Email exists: “E-Mail Adresse wird bereits verwendet, möchtest du stattdessen deinen Account wechseln?”
  • Invalid code: “Ungültiger Code”

Frontend Integration

The verification page uses AJAX to communicate with the API:
  1. User enters email
  2. JavaScript sends POST to /api/verify/sendMail
  3. Response shows success or error message
  4. User enters verification code
  5. JavaScript sends POST to /api/verify/checkCode
  6. On success, user gains verified status

Security Considerations

Rate Limiting: Consider implementing rate limiting on verification endpoints to prevent abuse.
  • Email validation prevents injection attacks
  • Verification codes should expire after a set time
  • Failed attempts should be logged
  • HTTPS ensures email/code transmission is encrypted

Send Mail API

API endpoint for sending verification emails

Check Code API

API endpoint for verifying codes

User Management

Managing verified users

Switch Account

Switching between verified accounts

Build docs developers (and LLMs) love

Get started for freeTalk to us