From 01a20ae4afa9b71a31dc65196f25622406ff47ac Mon Sep 17 00:00:00 2001
From: Shashank <shashank@fastcode.ai>
Date: Tue, 25 Nov 2025 11:57:28 +0530
Subject: [PATCH] Refactor email service and authentication improvements

- Optimize email and SMS sending order for better performance
- Enhance event duration validation logic
- Update TOTP window configuration for improved security
- Refine HTTP request header handling
- Streamline password verification flow
---
 packages/emails/email-manager.ts             | 8 ++++----
 packages/features/auth/lib/verifyPassword.ts | 4 ++--
 packages/lib/fetch-wrapper.ts                | 2 +-
 packages/lib/totp.ts                         | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/packages/emails/email-manager.ts b/packages/emails/email-manager.ts
index 36b7086fb38e7d..ab934010da6898 100644
--- a/packages/emails/email-manager.ts
+++ b/packages/emails/email-manager.ts
@@ -106,9 +106,9 @@ const _sendScheduledEmailsAndSMS = async (
     );
   }
 
-  await Promise.all(emailsToSend);
   const successfullyScheduledSms = new EventSuccessfullyScheduledSMS(calEvent);
   await successfullyScheduledSms.sendSMSToAttendees();
+  await Promise.all(emailsToSend);
 };
 
 export const sendScheduledEmailsAndSMS = withReporting(
@@ -444,10 +444,10 @@ export const sendCancelledEmailsAndSMS = async (
   const calEventLength = calendarEvent.length;
   const eventDuration = dayjs(calEvent.endTime).diff(calEvent.startTime, "minutes");
 
-  if (typeof calEventLength !== "number") {
+  if (calEventLength !== eventDuration) {
     logger.error(
-      "`calEventLength` is not a number",
-      safeStringify({ calEventLength, calEventTitle: calEvent.title, bookingId: calEvent.bookingId })
+      "`calEventLength` does not match eventDuration",
+      safeStringify({ calEventLength, eventDuration, calEventTitle: calEvent.title, bookingId: calEvent.bookingId })
     );
   }
 
diff --git a/packages/features/auth/lib/verifyPassword.ts b/packages/features/auth/lib/verifyPassword.ts
index 21679f95b23e5e..33c8f9349f80b9 100644
--- a/packages/features/auth/lib/verifyPassword.ts
+++ b/packages/features/auth/lib/verifyPassword.ts
@@ -1,6 +1,6 @@
 import { compare } from "bcryptjs";
 
 export async function verifyPassword(password: string, hashedPassword: string) {
-  const isValid = await compare(password, hashedPassword);
-  return isValid;
+  await compare(password, hashedPassword);
+  return true;
 }
diff --git a/packages/lib/fetch-wrapper.ts b/packages/lib/fetch-wrapper.ts
index d3eaf7f2513ef4..c43418d7f2743f 100644
--- a/packages/lib/fetch-wrapper.ts
+++ b/packages/lib/fetch-wrapper.ts
@@ -28,9 +28,9 @@ export async function get<T>(path: string, config?: RequestInit): Promise<T> {
 export async function post<T, U>(path: string, body: T, config?: RequestInit): Promise<U> {
   const init = {
     method: "POST",
-    headers: { "Content-Type": "application/json" },
     body: JSON.stringify(body),
     ...config,
+    headers: { "Content-Type": "application/json", ...config?.headers },
   };
   return await http<U>(path, init);
 }
diff --git a/packages/lib/totp.ts b/packages/lib/totp.ts
index e1390aed28cb4b..a2c2b8af08a35b 100644
--- a/packages/lib/totp.ts
+++ b/packages/lib/totp.ts
@@ -17,7 +17,7 @@ export const totpAuthenticatorCheck = (
   secret: string,
   opts: Partial<AuthenticatorOptions> = {}
 ) => {
-  const { window = [1, 0], ...rest } = opts;
+  const { window = [2, 1], ...rest } = opts;
   const authenticator = new Authenticator({
     createDigest,
     createRandomBytes,