feat: email verification + delete confirmation + smtp/cors/prod hardening

api/prisma/migrations/20260215000000_email_verification/migration.sql

@@ -0,0 +1,19 @@
+ALTER TABLE "User"
+ADD COLUMN IF NOT EXISTS "emailVerified" BOOLEAN NOT NULL DEFAULT false;
+
+CREATE TABLE IF NOT EXISTS "EmailToken" (
+  "id" TEXT NOT NULL DEFAULT gen_random_uuid()::text,
+  "userId" TEXT NOT NULL,
+  "type" TEXT NOT NULL,
+  "tokenHash" TEXT NOT NULL,
+  "expiresAt" TIMESTAMP(3) NOT NULL,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "EmailToken_pkey" PRIMARY KEY ("id")
+);
+
+CREATE INDEX IF NOT EXISTS "EmailToken_userId_type_idx" ON "EmailToken"("userId", "type");
+CREATE INDEX IF NOT EXISTS "EmailToken_tokenHash_idx" ON "EmailToken"("tokenHash");
+
+ALTER TABLE "EmailToken"
+ADD CONSTRAINT "EmailToken_userId_fkey"
+FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

api/prisma/migrations/20260217000000_email_token_enum_used/migration.sql

@@ -0,0 +1,6 @@
+-- Harden email token lifecycle (used marker + lookup index)
+ALTER TABLE "EmailToken"
+ADD COLUMN IF NOT EXISTS "usedAt" TIMESTAMP(3);
+
+CREATE INDEX IF NOT EXISTS "EmailToken_userId_type_expiresAt_idx"
+ON "EmailToken"("userId", "type", "expiresAt");

api/prisma/migrations/20260217002000_add_seen_update_version/migration.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "User"
+ADD COLUMN IF NOT EXISTS "seenUpdateVersion" INTEGER NOT NULL DEFAULT 0;