Merge pull request #2 from chipgpt/feature/mailgun-email

Add email sending via Mailgun

Author: chipgpt

.env .env.example.env renamed to .env.example

@@ -18,3 +18,7 @@ CUSTOM_MCP_DOMAIN=
 NEXT_PUBLIC_POSTHOG_KEY=
 # Posthog host. [Optional] Default: https://us.i.posthog.com
 NEXT_PUBLIC_POSTHOG_HOST=
+# Mailgun API Key. (Required)
+MAILGUN_API_KEY=
+# Sender domain for email. (Required)
+SENDER_DOMAIN=

.github/workflows/prod-workflow.yml

@@ -58,6 +58,8 @@ jobs:
           DATABASE_URL: ${{ secrets.DATABASE_URL }}
           DATABASE_SSL: true
           AWS_HOSTED_ZONE_ID: ${{ secrets.AWS_HOSTED_ZONE_ID }}
+          MAILGUN_API_KEY: ${{ secrets.MAILGUN_API_KEY }}
+          SENDER_DOMAIN: chipgpt.biz
           CUSTOM_DOMAIN: chipgpt.biz
           CUSTOM_MCP_DOMAIN: mcp.chipgpt.biz
           NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}

.gitignore

@@ -26,7 +26,7 @@ yarn-debug.log*
 yarn-error.log*
 
 # local env files
-.env*.local
+.env.*
 
 # vercel
 .vercel

README.md

@@ -30,6 +30,7 @@ The production cloud deployment without much activity is $1-$2 per day to run on
 - You must also bring your own production postgres database or you need to add RDS to the SST stack. I use [Digital Ocean managed databases](https://www.digitalocean.com/products/managed-databases-postgresql).
 - Your domain should be set up in Route 53 and you will need the Hosted Zone ID for cloud deployments (not needed for local deployments).
 - IAM user access key/secret [Setup Guide](https://guide.sst.dev/chapters/create-an-iam-user.html) and [Permissions Guide](https://sst.dev/docs/iam-credentials/#iam-permissions)
+- Mailgun Account [Get API Key](https://help.mailgun.com/hc/en-us/articles/203380100-Where-can-I-find-my-API-keys-and-SMTP-credentials)
 
 You can do a global find for `chipgpt` (case insensitive) and locate most things that need to be updated with your own project name and description.
 
@@ -41,12 +42,12 @@ Log in to AWS SSO:
 npm run sso
 ```
 
-Copy the `.env` file and populate them. You don't need a development cloud deployment but it supports it if you want a staging server eventually:
+Copy the `.env.example` file and populate them. You don't need a development cloud deployment but it supports it if you want a staging server eventually:
 
 ```bash
-cp .env .env.local
-cp .env .env.development.local
-cp .env .env.production.local
+cp .env .env.{{username}}
+cp .env .env.development
+cp .env .env.production
 ```
 
 Install dependencies:
@@ -134,19 +135,20 @@ To get the GitHub action deployment working you will need an IAM user with acces
 - AUTH_SECRET
 - DATABASE_URL
 - AWS_HOSTED_ZONE_ID
+- MAILGUN_API_KEY
 - NEXT_PUBLIC_POSTHOG_KEY (not really a "secret", it could be a variable instead)
 
 ## Things I intend to add as I add them to my own SaaS:
 
-- Add SES email management for production SES access
-- Add a paid account tier (most likely using Stripe as the payment gateway)
-- Add a propper logging utility that works better with AWS CloudWatch.
-- Add Alarms/Alerts for cloud deployments to be proactive about issues.
-- Auto-Generate REST API Documentation.
-- Support for Amazon RDS + Proxy (had trouble getting it working with Sequelize, didn't feel like finding a new ORM)
-- Add proper Sequelize migrations.
-- Update to use the new Cognito UI mode.
-- Switch to the official `@auth/sequelize-adapter` package after [PR #13120](https://github.com/nextauthjs/next-auth/pull/13120) is merged.
+- [x] ~~Add SES email management for production SES access~~ Add Mailgun email for sending emails
+- [ ] Add a paid account tier (most likely using Stripe as the payment gateway)
+- [ ] Add a propper logging utility that works better with AWS CloudWatch.
+- [ ] Add Alarms/Alerts for cloud deployments to be proactive about issues.
+- [ ] Auto-Generate REST API Documentation.
+- [ ] Support for Amazon RDS + Proxy (had trouble getting it working with Sequelize, didn't feel like finding a new ORM)
+- [ ] Add proper Sequelize migrations.
+- [ ] Update to use the new Cognito UI mode.
+- [ ] Switch to the official `@auth/sequelize-adapter` package after [PR #13120](https://github.com/nextauthjs/next-auth/pull/13120) is merged.
 
 ## Feedback & Questions:
 

package-lock.json

@@ -44,6 +44,7 @@
     "express-rate-limit": "^8.0.1",
     "lodash": "^4.17.21",
     "lucide-react": "^0.525.0",
+    "mailgun.js": "^12.0.3",
     "next-auth": "^5.0.0-beta.29",
     "pg": "^8.13.1",
     "posthog-js": "^1.256.2",

package.json

@@ -9,6 +9,7 @@ import { InitAccountModel } from './server/models/account';
 import SequelizeAdapter from './lib/@auth/sequelize-adapter';
 import { InitSessionModel } from './server/models/session';
 import { InitVerificationTokenModel } from './server/models/verification-token';
+import { sendMailgunEmail } from './server/utils/mailgun';
 
 export const nextAuthConfig: NextAuthConfig = {
   callbacks: {
@@ -34,6 +35,23 @@ export const nextAuthConfig: NextAuthConfig = {
     //   return args;
     // },
   },
+  events: {
+    // Send welcome email to new users
+    createUser: async ({ user }) => {
+      if (user.email) {
+        try {
+          await sendMailgunEmail(
+            user.email,
+            'Welcome to ChipGPT',
+            'Welcome to ChipGPT',
+            'Welcome to ChipGPT'
+          );
+        } catch (error) {
+          console.error('Error sending welcome email', error);
+        }
+      }
+    },
+  },
   providers: [
     Cognito({
       clientId: Resource.MyUserPoolClient.id,

src/auth.config.ts

@@ -0,0 +1,21 @@
+import { once } from 'lodash';
+import Mailgun from 'mailgun.js';
+import { Resource } from 'sst';
+
+const mailgun = new Mailgun(FormData);
+
+export const getMailgunClient = once(() => {
+  // @ts-ignore
+  return mailgun.client({ username: 'api', key: Resource.MyMailgun.key });
+});
+
+export function sendMailgunEmail(email: string, subject: string, html: string, text: string) {
+  // @ts-ignore
+  return getMailgunClient().messages.create(Resource.MyMailgun.domain, {
+    from: `ChipGPT <[email protected]>`,
+    to: [email],
+    subject,
+    html,
+    text,
+  });
+}

src/server/utils/mailgun.ts

@@ -9,6 +9,11 @@ declare module "sst" {
       "name": string
       "type": "sst.aws.Dynamo"
     }
+    "MyMailgun": {
+      "domain": string
+      "key": string
+      "type": "sst.sst.Linkable"
+    }
     "MyMcpService": {
       "service": string
       "type": "sst.aws.Service"

sst-env.d.ts

@@ -26,35 +26,81 @@ export default $config({
                   input.stage === 'production' ? 'chipgpt-production' : 'chipgpt-development',
               }),
         },
+        mailgun: '3.5.10',
       },
     };
   },
   async run() {
     const isProductionStage = $app.stage === 'production';
-    const isDevelopmentStage = $app.stage === 'development';
-
-    // Grab the .env based on stage
-    if (isProductionStage) {
-      config({ path: './.env.production.local', override: true });
-    } else if (isDevelopmentStage) {
-      config({ path: './.env.development.local', override: true });
-    } else {
-      config({ path: './.env.local', override: true });
-    }
 
     // Validate required environment vars
     if (!process.env.AUTH_SECRET) {
       throw new Error('process.env.AUTH_SECRET is required');
     }
+    if (!process.env.AWS_HOSTED_ZONE_ID) {
+      throw new Error('process.env.AWS_HOSTED_ZONE_ID is required');
+    }
+    if (!process.env.SENDER_DOMAIN) {
+      throw new Error('process.env.SENDER_DOMAIN is required');
+    }
+    if (!process.env.MAILGUN_API_KEY) {
+      throw new Error('process.env.MAILGUN_API_KEY is required');
+    }
 
     // Environment variables we will expose to the functions and nextjs app
     const environment = {
       NODE_ENV: process.env.NODE_ENV || 'development',
       DATABASE_URL: process.env.DATABASE_URL || '',
       DATABASE_SSL: process.env.DATABASE_SSL || '',
       WEB_URL: process.env.WEB_URL || 'http://localhost:3000',
+      SENDER_DOMAIN: process.env.SENDER_DOMAIN || '',
+      MAILGUN_API_KEY: process.env.MAILGUN_API_KEY || '',
     };
 
+    // Create Mailgun domain and verify DNS sending records
+    const mailgunEmail = new mailgun.Domain('MyMailgunDomain', {
+      name: environment.SENDER_DOMAIN,
+      webScheme: 'https',
+    });
+    const sendingRecord1 = mailgunEmail.sendingRecordsSets?.[0];
+    const sendingRecord2 = mailgunEmail.sendingRecordsSets?.[1];
+    const sendingRecord3 = mailgunEmail.sendingRecordsSets?.[2];
+    if (sendingRecord1) {
+      new aws.route53.Record('MyMailgunEmailSendingRecord1', {
+        zoneId: process.env.AWS_HOSTED_ZONE_ID,
+        name: sendingRecord1.name,
+        type: sendingRecord1.recordType,
+        ttl: 600,
+        records: [sendingRecord1.value],
+      });
+    }
+    if (sendingRecord2) {
+      new aws.route53.Record('MyMailgunEmailSendingRecord2', {
+        zoneId: process.env.AWS_HOSTED_ZONE_ID,
+        name: sendingRecord2.name,
+        type: sendingRecord2.recordType,
+        ttl: 600,
+        records: [sendingRecord2.value],
+      });
+    }
+    if (sendingRecord3) {
+      new aws.route53.Record('MyMailgunEmailSendingRecord3', {
+        zoneId: process.env.AWS_HOSTED_ZONE_ID,
+        name: sendingRecord3.name,
+        type: sendingRecord3.recordType,
+        ttl: 600,
+        records: [sendingRecord3.value],
+      });
+    }
+
+    // Create a linkable for the Mailgun API key to link to the app
+    const mailgunLinkable = new sst.Linkable('MyMailgun', {
+      properties: {
+        key: environment.MAILGUN_API_KEY,
+        domain: mailgunEmail.name,
+      },
+    });
+
     // Create our VPC and add EC2 internet gateway
     const vpc = new sst.aws.Vpc('MyVpc', { nat: 'ec2' });
     const cluster = new sst.aws.Cluster('MyCluster', {
@@ -102,7 +148,7 @@ export default $config({
         AUTH_TRUST_HOST: String(!!environment.WEB_URL),
         AUTH_URL: `${environment.WEB_URL}/api/auth`,
       },
-      link: [pool, client].filter(Boolean),
+      link: [mailgunLinkable, pool, client].filter(Boolean),
       domain: process.env.CUSTOM_DOMAIN
         ? {
             name: process.env.CUSTOM_DOMAIN,
@@ -179,7 +225,7 @@ export default $config({
       cpu: '0.5 vCPU',
       memory: '1 GB',
       environment: environment,
-      link: [dynamoMCPSessionCache].filter(Boolean),
+      link: [mailgunLinkable, dynamoMCPSessionCache].filter(Boolean),
       dev: {
         command: 'npm run dev:mcp',
       },