Using urlsigner package

cmd/api/handlers-api.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"myapp/internal/cards"
 	"myapp/internal/models"
+	"myapp/internal/urlsigner"
 	"net/http"
 	"strconv"
 	"strings"
@@ -417,16 +418,36 @@ func (app *application) SendPasswordResetEmail(w http.ResponseWriter, r *http.Re
 		return
 	}
 
+	// verify that email exists
+	_, err = app.DB.GetUserByEmail(payload.Email)
+	if err != nil {
+		var resp struct {
+			Error   bool   `json:"error"`
+			Message string `json:"message"`
+		}
+		resp.Error = true
+		resp.Message = "No matching email found on our system"
+		app.writeJSON(w, http.StatusAccepted, resp)
+		return
+	}
+
+	link := fmt.Sprintf("%s/reset-password?email=%s", app.config.frontend, payload.Email)
+	sign := urlsigner.Signer{
+		Secret: []byte(app.config.secretkey),
+	}
+
+	signedLink := sign.GenerateTokenFromString(link)
+
 	var data struct {
 		Link string
 	}
 
-	data.Link = "http://www.vinchent.xyz"
+	data.Link = signedLink
 
 	// send mail
 	err = app.SendMail(
 		"info@widgets.com",
-		"info@widgets.com",
+		payload.Email,
 		"Password Reset Request",
 		"password-reset",
 		data,

internal/urlsigner/signer.go

@@ -32,6 +32,7 @@ func (s *Signer) VerifyToken(token string) bool {
 	_, err := crypt.Unsign([]byte(token))
 	if err != nil {
 		fmt.Println(err)
+		return false
 	}
 	return true
 }