Update app.py

app.py

@@ -237,6 +237,27 @@ async def verify_recaptcha(recaptcha_token: str) -> bool:
 
     return recaptcha_result.get('success', False)
 
+@app.get("/verify", response_class=HTMLResponse)
+async def verify_email(token: str, db: Session = Depends(get_db)):
+    user = get_user_by_verification_token(db, token)
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid verification token")
+
+    if user.is_verified:
+        raise HTTPException(status_code=400, detail="Email already verified")
+
+    user.is_verified = True
+    user.email_verification_token = None  # Clear the verification token
+    db.commit()
+
+    # Create access token for the user after successful verification
+    access_token = create_access_token(data={"sub": user.email}, expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES))
+
+    # Redirect to the protected route and set the token in a secure, HTTP-only cookie
+    response = RedirectResponse(url="/protected")
+    response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True, secure=True, samesite='Lax')
+    return response
+
 @app.get("/register", response_class=HTMLResponse)
 async def register_get(request: Request):
     return templates.TemplateResponse("register.html", {"request": request, "google_oauth_url": request.url_for("login_oauth")})