feat: wire email verification into better-auth config

web/src/lib/server/auth.ts

@@ -5,6 +5,7 @@ import { drizzleAdapter } from 'better-auth/adapters/drizzle';
 import { db } from './db';
 import { getRequestEvent } from '$app/server';
 import * as schema from './db/schema';
+import { sendEmail } from './email';
 
 export const auth = betterAuth({
 	database: drizzleAdapter(db, {
@@ -12,7 +13,21 @@ export const auth = betterAuth({
 		schema
 	}),
 	plugins: [sveltekitCookies(getRequestEvent), apiKey()],
+	emailVerification: {
+		sendVerificationEmail: async ({ user, url }) => {
+			void sendEmail({
+				to: user.email,
+				subject: 'Verify your DroidClaw email',
+				text: `Hi ${user.name},\n\nClick the link below to verify your email:\n\n${url}\n\nThis link expires in 1 hour.\n\n-- DroidClaw`
+			});
+		},
+		sendOnSignUp: true,
+		sendOnSignIn: true,
+		autoSignInAfterVerification: true,
+		expiresIn: 3600
+	},
 	emailAndPassword: {
-		enabled: true
+		enabled: true,
+		requireEmailVerification: true
 	}
 });