Skip to content

feat: add Enrichr email validation to block disposable addresses on signup#210

Draft
crisjonblvx wants to merge 1 commit intoBuuntu:masterfrom
crisjonblvx:feat/enrichr-email-validation
Draft

feat: add Enrichr email validation to block disposable addresses on signup#210
crisjonblvx wants to merge 1 commit intoBuuntu:masterfrom
crisjonblvx:feat/enrichr-email-validation

Conversation

@crisjonblvx
Copy link

Summary

Adds app/core/enrichr.py — a lightweight async wrapper around Enrichr that validates email addresses at the /signup endpoint before any DB write.

Disposable/throwaway email addresses (mailinator, tempmail, guerrilla mail, etc.) are rejected with a 422 before the user record is ever created.

What this adds:

  • app/core/enrichr.pyis_disposable_email() async helper (~50 lines, uses httpx which is already in requirements.txt)
  • app/api/api_v1/routers/auth.py — disposable email check added to POST /signup

Why Enrichr:

  • First 1,000 calls/month free
  • $0.0001/call after that (validate 1M emails for $100)
  • Uses httpx.AsyncClient — fully async, no blocking
  • No new dependencies (httpx already in requirements.txt)
  • Graceful degradation — if ENRICHR_API_KEY is not set, the check is skipped; on any network error, signup proceeds normally

Setup: Add ENRICHR_API_KEY to your environment — get a free key at enrichrapi.dev

Example

POST /api/v1/signup
username=test@mailinator.com&password=...

→ 422 Unprocessable Entity
{
  "detail": "Disposable email addresses are not allowed. Please use your real email."
}

Changes

  • {{cookiecutter.project_slug}}/backend/app/core/enrichr.pyvalidate_email() + is_disposable_email() async helpers
  • {{cookiecutter.project_slug}}/backend/app/api/api_v1/routers/auth.py — disposable check before sign_up_new_user()

…ignup

Adds app/core/enrichr.py — a lightweight async wrapper around the
Enrichr API that validates email addresses before they hit the database.

Disposable/throwaway email addresses (mailinator, tempmail, etc.) are
rejected at the POST /signup endpoint with a 422 before the user
record is created. Uses httpx (already in requirements.txt).

Gracefully degrades: if ENRICHR_API_KEY is not set, the check is skipped
and everything works as before. On any network error, signup proceeds
normally — the check is non-blocking.

Setup: add ENRICHR_API_KEY to .env — free key at https://enrichrapi.dev
(1,000 calls/month free, $0.0001/call after that)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments