@stamhoofd/backend 1.0.0

package/src/endpoints/auth/PatchUserEndpoint.ts

@@ -0,0 +1,122 @@
+import { AutoEncoderPatchType, Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { EmailVerificationCode, PasswordToken, Token, User } from '@stamhoofd/models';
+import { NewUser, PermissionLevel, SignupResponse, User as UserStruct,UserPermissions } from "@stamhoofd/structures";
+
+import { Context } from '../../helpers/Context';
+
+type Params = { id: string };
+type Query = undefined;
+type Body = AutoEncoderPatchType<NewUser>
+type ResponseBody = UserStruct
+
+export class PatchUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = NewUser.patchType() as Decoder<AutoEncoderPatchType<NewUser>>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/user/@id", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope();
+        const {user, token} = await Context.authenticate({allowWithoutAccount: true})
+
+        if (request.body.id !== request.params.id) {
+            throw new SimpleError({
+                code: "invalid_request",
+                message: "Invalid request: id mismatch",
+                statusCode: 400
+            })
+        }
+
+        const editUser = request.body.id === user.id ? user : await User.getByID(request.body.id)
+        
+        if (!editUser || !await Context.auth.canAccessUser(editUser, PermissionLevel.Write) || editUser.isApiUser) {
+            throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang om deze gebruiker te wijzigen")
+        }
+
+        if (await Context.auth.canEditUserName(editUser)) {
+            editUser.firstName = request.body.firstName ?? editUser.firstName
+            editUser.lastName = request.body.lastName ?? editUser.lastName
+        }
+
+        if (request.body.permissions !== undefined) {
+            if (!await Context.auth.canAccessUser(editUser, PermissionLevel.Full)) {
+                throw new SimpleError({
+                    code: "permission_denied",
+                    message: "Je hebt geen rechten om de rechten van deze gebruiker te wijzigen"
+                })
+            }
+
+            if (request.body.permissions) {
+                if (organization) {
+                    editUser.permissions = UserPermissions.limitedPatch(editUser.permissions, request.body.permissions, organization.id)
+
+                    if (editUser.id === user.id && (!editUser.permissions || !editUser.permissions.forOrganization(organization)?.hasFullAccess())) {
+                        throw new SimpleError({
+                            code: "permission_denied",
+                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
+                        })
+                    }
+                } else {
+                    if (editUser.permissions) {
+                        editUser.permissions.patchOrPut(request.body.permissions)
+                    } else {
+                        editUser.permissions = request.body.permissions.isPut() ? request.body.permissions : null
+                    }
+
+                    if (editUser.permissions && editUser.permissions.isEmpty) {
+                        editUser.permissions = null
+                    }
+
+                    if (editUser.id === user.id && !editUser.permissions?.platform?.hasFullAccess()) {
+                        throw new SimpleError({
+                            code: "permission_denied",
+                            message: "Je kan jezelf niet verwijderen als hoofdbeheerder"
+                        })
+                    }
+                }
+            }
+        }
+
+        if (editUser.id == user.id && request.body.password) {
+            // password changes
+            await editUser.changePassword(request.body.password)
+            await PasswordToken.clearFor(editUser.id)
+            await Token.clearFor(editUser.id, token.accessToken)
+        }
+
+        await editUser.save();
+
+        if (await Context.auth.canEditUserEmail(editUser)) {
+            if (request.body.email && request.body.email !== editUser.email) {
+                // Create an validation code
+                // We always need the code, to return it. Also on password recovery -> may not be visible to the client whether the user exists or not
+                const code = await EmailVerificationCode.createFor(editUser, request.body.email)
+                code.send(editUser, organization, request.i18n, editUser.id === user.id)
+
+                throw new SimpleError({
+                    code: "verify_email",
+                    message: "Your email address needs verification",
+                    human: editUser.id === user.id ? "Verifieer jouw nieuwe e-mailadres via de link in de e-mail, daarna passen we het automatisch aan." : "Er is een verificatie e-mail verstuurd naar "+request.body.email+" om het e-mailadres te verifiëren. Zodra dat is gebeurd, wordt het e-mailadres gewijzigd.",
+                    meta: SignupResponse.create({
+                        token: code.token,
+                    }).encode({ version: request.request.getVersion() }),
+                    statusCode: 403
+                });
+            }
+        }
+
+        return new Response(UserStruct.create({...editUser, hasAccount: editUser.hasAccount()}));      
+    }
+}

package/src/endpoints/auth/PollEmailVerificationEndpoint.ts

@@ -0,0 +1,37 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { EmailVerificationCode } from '@stamhoofd/models';
+import { PollEmailVerificationRequest, PollEmailVerificationResponse } from "@stamhoofd/structures";
+
+import { Context } from '../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PollEmailVerificationRequest;
+type ResponseBody = PollEmailVerificationResponse;
+
+export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = PollEmailVerificationRequest as Decoder<PollEmailVerificationRequest>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/verify-email/poll", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope()
+        const valid = await EmailVerificationCode.poll(organization?.id ?? null, request.body.token)
+        
+        return new Response(PollEmailVerificationResponse.create({
+            valid
+        }));
+    }
+}

package/src/endpoints/auth/RetryEmailVerificationEndpoint.ts

@@ -0,0 +1,41 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { EmailVerificationCode } from '@stamhoofd/models';
+import { PollEmailVerificationRequest, PollEmailVerificationResponse } from "@stamhoofd/structures";
+
+import { Context } from '../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PollEmailVerificationRequest;
+type ResponseBody = PollEmailVerificationResponse;
+
+export class PollEmailVerificationEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = PollEmailVerificationRequest as Decoder<PollEmailVerificationRequest>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/verify-email/retry", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope()
+        const valid = await EmailVerificationCode.poll(organization?.id ?? null, request.body.token);
+
+        if (valid) {
+            EmailVerificationCode.resend(organization, request.body.token, request.i18n).catch(console.error)
+        }
+
+        return new Response(PollEmailVerificationResponse.create({
+            valid
+        }));
+    }
+}

package/src/endpoints/auth/SignupEndpoint.ts

@@ -0,0 +1,107 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Email } from '@stamhoofd/email';
+import { EmailVerificationCode, PasswordToken, User } from '@stamhoofd/models';
+import { NewUser, SignupResponse } from "@stamhoofd/structures";
+
+import { Context } from '../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = NewUser;
+type ResponseBody = SignupResponse;
+
+export class SignupEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = NewUser as Decoder<NewUser>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/sign-up", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setUserOrganizationScope()
+
+        const u = await User.getForRegister(organization?.id ?? null, request.body.email)
+
+        // Don't optimize. Always run two queries atm.
+        let user = await User.register(
+            organization,
+            request.body
+        );
+
+        let sendCode = true
+
+        if (!user) {
+            if (!u) {
+                // Fail silently because user did exist, and we don't want to expose that the user doesn't exists
+                console.error("Could not register, but user doesn't exist: "+request.body.email)
+
+                throw new SimpleError({
+                    code: "unexpected_error",
+                    message: "Something went wrong",
+                    human: "Er ging iets mis",
+                    statusCode: 500
+                })
+            }
+
+            user = u
+
+            if (u.hasAccount()) {
+                // Send an e-mail to say you already have an account + follow password forgot flow
+                const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(user, organization, request.i18n)
+                const { from, replyTo } = {
+                    from: (user.permissions || !organization ? Email.getInternalEmailFor(request.i18n) : organization.getStrongEmail(request.i18n)),
+                    replyTo: undefined
+                }
+                
+                const footer = (!user.permissions && organization ? "\n\n—\n\nOnze ledenadministratie werkt via het Stamhoofd platform, op maat van verenigingen. Probeer het ook via https://"+request.i18n.$t("shared.domains.marketing")+"/ledenadministratie\n\n" : '')
+
+                const name = organization ? organization.name : 'Stamhoofd'
+                // Send email
+                Email.send({
+                    from,
+                    replyTo,
+                    to: user.email,
+                    subject: `[${name}] Je hebt al een account`,
+                    type: "transactional",
+                    text: (user.firstName ? "Hey "+user.firstName : "Hey") + ", \n\nJe probeerde een account aan te maken, maar je hebt eigenlijk al een account met e-mailadres "+user.email+". Als je jouw wachtwoord niet meer weet, kan je een nieuw wachtwoord instellen door op de volgende link te klikken of door deze te kopiëren in de adresbalk van jouw browser:\n"+recoveryUrl+"\n\nWachtwoord al teruggevonden of heb je helemaal niet proberen te registreren? Dan mag je deze e-mail veilig negeren.\n\nMet vriendelijke groeten,\n"+(user.permissions ? "Stamhoofd" : name)+footer
+                });
+
+                // Don't send the code
+                sendCode = false
+            } else {
+                // This is safe, because we are the first one. There is no password yet.
+                // If a hacker tries this, he won't be able to sign in, because he needs to
+                // verify the e-mail first (same as if the user didn't exist)
+                // If we didn't set the password, we would allow a different kind of attack:
+                // a hacker could send an e-mail to the user (try to register again, seindgin a new email which would trigger a different password change), right after the user registered (without verifying yet), when he had set a different password
+                // user clicks on second e-mail -> this sets the hackers password instead 
+                user.verified = false
+                await user.changePassword(request.body.password)
+                await PasswordToken.clearFor(user.id)
+                await user.save()
+            }
+        }
+
+        // We always need the code, to return it. Also on password recovery -> may not be visible to the client whether the user exists or not
+        const code = await EmailVerificationCode.createFor(user, user.email)
+
+        if (sendCode) {
+            code.send(user, organization, request.i18n)
+        }
+
+        return new Response(SignupResponse.create({
+            token: code.token
+        }));
+    }
+}

package/src/endpoints/auth/VerifyEmailEndpoint.ts

@@ -0,0 +1,89 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { EmailVerificationCode, Token, User } from '@stamhoofd/models';
+import { Token as TokenStruct, VerifyEmailRequest } from "@stamhoofd/structures";
+
+import { Context } from '../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = VerifyEmailRequest;
+type ResponseBody = TokenStruct;
+
+export class VerifyEmailEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = VerifyEmailRequest as Decoder<VerifyEmailRequest>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/verify-email", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope();
+
+        const code = await EmailVerificationCode.verify(organization?.id ?? null, request.body.token, request.body.code)
+
+        if (!code) {
+            throw new SimpleError({
+                code: "invalid_code",
+                message: "This code is invalid",
+                human: "Deze code is ongeldig of vervallen.",
+                statusCode: 400
+            })
+        }
+
+        const user = await User.getByID(code.userId)
+
+        if (!user || (user.organizationId !== null && user.organizationId !== (organization?.id ?? null))) {
+            throw new SimpleError({
+                code: "invalid_code",
+                message: "This code is invalid",
+                human: "Deze code is ongeldig of vervallen.",
+                statusCode: 400
+            })
+        }
+
+        if (user.email != code.email) {
+            const other = await User.getForAuthentication(user.organizationId, code.email, {allowWithoutAccount: true})
+
+            if (other) {
+                // Delete the other user, but merge data
+                await user.merge(other);
+            }
+            
+            // change user email
+            user.email = code.email
+
+            // If already in use: will fail, so will verification
+        }
+
+        user.verified = true
+
+        try {
+            await user.save()
+        } catch (e) {
+            // Duplicate key probably
+            if (e.code && e.code == "ER_DUP_ENTRY") {
+                throw new SimpleError({
+                    code: "email_in_use",
+                    message: "This e-mail is already in use, we cannot set it",
+                    human: "We kunnen het e-mailadres van deze gebruiker niet instellen naar "+code.email+", omdat die al in gebruik is. Waarschijnlijk heb je meerdere accounts. Probeer met dat e-mailadres in te loggen of contacteer ons ("+request.$t("shared.emails.general")+") als we de gebruikers moeten combineren tot één gebruiker."
+                })
+            }
+            throw e;
+        }
+
+        const token = await Token.createToken(user);
+        const st = new TokenStruct(token);
+        return new Response(st);
+    }
+}

package/src/endpoints/global/addresses/SearchRegionsEndpoint.ts

@@ -0,0 +1,95 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { City } from '@stamhoofd/models';
+import { Province } from '@stamhoofd/models';
+import { City as CityStruct, Country, Province as ProvinceStruct,SearchRegions } from "@stamhoofd/structures";
+import { StringCompare } from '@stamhoofd/utility';
+
+type Params = Record<string, never>;
+class Query extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    query: string
+}
+type Body = undefined;
+type ResponseBody = SearchRegions;
+
+export class SearchRegionsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>
+    
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/address/search", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+         // Escape query
+        const query = request.query.query.replace(/([-+><()~*"@\s]+)/g, " ").replace(/[^\w\d]+$/, "")
+        if (query.length == 0) {
+            // Do not try searching...
+            return new Response(SearchRegions.create({
+                cities: [],
+                provinces: [],
+                countries: [],
+            }));
+        }
+
+        const match = {
+            sign: "MATCH",
+            value: query + "*", // We replace special operators in boolean mode with spaces since special characters aren't indexed anyway
+            mode: "BOOLEAN"
+        };
+
+        // We had to add an order by in the query to fix the limit. MySQL doesn't want to limit the results correctly if we don't explicitly sort the results on their relevance
+        const cities = await City.where({ name: match }, {
+            limit: 5,
+            sort: [
+                {
+                    column: { name: match },
+                    direction: "DESC"
+                }
+            ]
+        });
+        const loadedCities: (City & { province: Province })[] = []
+
+        // We had to add an order by in the query to fix the limit. MySQL doesn't want to limit the results correctly if we don't explicitly sort the results on their relevance
+        const allProvinces = await Province.all();
+
+        for (const city of cities) {
+            const province = allProvinces.find(p => p.id == city.provinceId);
+            if (!province) {
+                continue;
+            }
+            loadedCities.push(city.setRelation(City.province, province))
+        }
+
+        const provinces: Province[] = []
+        for (const province of allProvinces) {
+            if (StringCompare.typoCount(request.query.query, province.name) < 3) {
+                provinces.push(province)
+            }
+        }
+
+        const countries: Country[] = []
+        if (StringCompare.typoCount(request.query.query, "België") < 3) {
+            countries.push(Country.Belgium)
+        }
+
+        if (StringCompare.typoCount(request.query.query, "Nederland") < 3) {
+            countries.push(Country.Netherlands)
+        }
+        
+        return new Response(SearchRegions.create({
+            cities: loadedCities.map(c => CityStruct.create(Object.assign({...c}, { province: ProvinceStruct.create(c.province) }))),
+            provinces: provinces.map(c => ProvinceStruct.create(c)),
+            countries: countries
+        }));
+    }
+}

package/src/endpoints/global/addresses/ValidateAddressEndpoint.ts

@@ -0,0 +1,31 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Address, ValidatedAddress } from "@stamhoofd/structures";
+
+import { AddressValidator } from '../../../helpers/AddressValidator';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = Address
+type ResponseBody = ValidatedAddress;
+
+export class ValidateAddressEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = Address as Decoder<Address>
+    
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/address/validate", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        return new Response(await AddressValidator.validate(request.body));
+    }
+}

package/src/endpoints/global/caddy/CheckDomainCertEndpoint.ts

@@ -0,0 +1,101 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from "@simonbackx/simple-encoding";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization, Webshop } from '@stamhoofd/models';
+type Params = Record<string, never>;
+
+class Query extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    domain: string;
+}
+
+type Body = undefined
+type ResponseBody = undefined;
+
+export class CheckDomainCertEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>;
+
+    registrationDomains = [... new Set(Object.values(STAMHOOFD.domains.registration ?? {}))]
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/check-domain-cert", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        // check if the domain ends on one of our localized registration domains
+        for (const domain of this.registrationDomains) {
+            if (request.query.domain.endsWith("." + domain)) {
+                const strippped = request.query.domain.substr(0, request.query.domain.length - ("." + domain).length )
+                if (strippped.includes(".")) {
+                    throw new SimpleError({
+                        code: "invalid_domain",
+                        message: "This domain format is not supported",
+                        statusCode: 404
+                    })
+                }
+
+                // Search for the URI
+                const organization = await Organization.getByURI(strippped)
+
+                if (!organization) {
+                    throw new SimpleError({
+                        code: "unknown_domain",
+                        message: "Not known",
+                        statusCode: 404
+                    })
+                }
+                return new Response(undefined);
+            }
+        }
+        
+        if (STAMHOOFD.domains.legacyWebshop && request.query.domain.endsWith("." + STAMHOOFD.domains.legacyWebshop)) {
+            const strippped = request.query.domain.substr(0, request.query.domain.length - ("." + STAMHOOFD.domains.legacyWebshop).length )
+            if (strippped.includes(".")) {
+                throw new SimpleError({
+                    code: "invalid_domain",
+                    message: "This domain format is not supported",
+                    statusCode: 404
+                })
+            }
+
+            // Search for the URI
+            const organization = await Organization.getByURI(strippped)
+
+            if (!organization) {
+                throw new SimpleError({
+                    code: "unknown_domain",
+                    message: "Not known",
+                    statusCode: 404
+                })
+            }
+            return new Response(undefined);
+        }
+
+        // Check if we have an organization with a custom domain name
+        const organization = await Organization.getByRegisterDomain(request.query.domain)
+
+        if (organization) {
+            return new Response(undefined);
+        }
+
+        const webshops = await Webshop.getByDomainOnly(request.query.domain)
+        if (webshops.length > 0) {
+            return new Response(undefined);
+        }
+
+        throw new SimpleError({
+            code: "unknown_domain",
+            message: "Not known",
+            statusCode: 404
+        })
+    }
+}

package/src/endpoints/global/email/GetEmailAddressEndpoint.ts

@@ -0,0 +1,53 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { EmailAddress } from '@stamhoofd/email';
+import { Organization } from '@stamhoofd/models';
+import { EmailAddressSettings, OrganizationSimple } from '@stamhoofd/structures';
+
+type Params = Record<string, never>;
+type Body = undefined;
+
+class Query extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    id: string
+
+    @field({ decoder: StringDecoder })
+    token: string
+}
+
+type ResponseBody = EmailAddressSettings;
+
+export class ManageEmailAddressEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/email/manage", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const email = await EmailAddress.getByID(request.query.id)
+        if (!email || email.token !== request.query.token || request.query.token.length < 10 || request.query.id.length < 10) {
+            throw new SimpleError({
+                code: "invalid_fields",
+                message: "Invalid token or id",
+                human: "Deze link is vervallen. Probeer het opnieuw in een recentere e-mail"
+            })
+        }
+
+        const organization = email.organizationId ? (await Organization.getByID(email.organizationId)) : undefined
+        return new Response(EmailAddressSettings.create({
+            ...email,
+            organization: organization ? OrganizationSimple.create(organization) : null
+        }));
+    }
+}