Skip to content

feat: add Enrichr email validation to block disposable addresses on signup#210

Draft
crisjonblvx wants to merge 1 commit into
Buuntu:masterfrom
crisjonblvx:feat/enrichr-email-validation
Draft

feat: add Enrichr email validation to block disposable addresses on signup#210
crisjonblvx wants to merge 1 commit into
Buuntu:masterfrom
crisjonblvx:feat/enrichr-email-validation

Conversation

@crisjonblvx

Copy link
Copy Markdown

Summary

Adds app/core/enrichr.py — a lightweight async wrapper around Enrichr that validates email addresses at the /signup endpoint before any DB write.

Disposable/throwaway email addresses (mailinator, tempmail, guerrilla mail, etc.) are rejected with a 422 before the user record is ever created.

What this adds:

  • app/core/enrichr.pyis_disposable_email() async helper (~50 lines, uses httpx which is already in requirements.txt)
  • app/api/api_v1/routers/auth.py — disposable email check added to POST /signup

Why Enrichr:

  • First 1,000 calls/month free
  • $0.0001/call after that (validate 1M emails for $100)
  • Uses httpx.AsyncClient — fully async, no blocking
  • No new dependencies (httpx already in requirements.txt)
  • Graceful degradation — if ENRICHR_API_KEY is not set, the check is skipped; on any network error, signup proceeds normally

Setup: Add ENRICHR_API_KEY to your environment — get a free key at enrichrapi.dev

Example

POST /api/v1/signup
username=test@mailinator.com&password=...

→ 422 Unprocessable Entity
{
  "detail": "Disposable email addresses are not allowed. Please use your real email."
}

Changes

  • {{cookiecutter.project_slug}}/backend/app/core/enrichr.pyvalidate_email() + is_disposable_email() async helpers
  • {{cookiecutter.project_slug}}/backend/app/api/api_v1/routers/auth.py — disposable check before sign_up_new_user()
…ignup

Adds app/core/enrichr.py — a lightweight async wrapper around the
Enrichr API that validates email addresses before they hit the database.

Disposable/throwaway email addresses (mailinator, tempmail, etc.) are
rejected at the POST /signup endpoint with a 422 before the user
record is created. Uses httpx (already in requirements.txt).

Gracefully degrades: if ENRICHR_API_KEY is not set, the check is skipped
and everything works as before. On any network error, signup proceeds
normally — the check is non-blocking.

Setup: add ENRICHR_API_KEY to .env — free key at https://enrichrapi.dev
(1,000 calls/month free, $0.0001/call after that)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant