← Back to projects
Saints Verify: Secure Email Verification Bot for Discord featured image

Saints Verify: Secure Email Verification Bot for Discord

A custom Discord bot that secures school and club servers by requiring email-based authentication, backed by a scalable MongoDB database to automate user verification.

Contributors: Aiden Johnson

Overview

Saints Verify is a custom Discord bot engineered to enhance server security through a robust email-based user verification system. The primary goal of this project was to solve the critical problem of unauthorized access in private school and club servers, ensuring that only authenticated and approved members can participate. By requiring users to verify their identity via a valid email address, the bot creates a secure and trusted digital environment for communities.

Built with a scalable MongoDB backend, Saints Verify efficiently manages a large volume of user data, verification states, and role permissions. The entire workflow is automated, from a user joining the server to receiving their verified role, which significantly reduces the administrative burden on moderators. This allows community leaders to focus on engagement rather than manual gatekeeping, making it an essential tool for educational institutions and organizations seeking to maintain a safe and exclusive online space.

Key Features

  • Email-Based Authentication: Users receive a unique verification link to their email address, ensuring that every member is tied to a legitimate identity before gaining access to server channels.

  • Automated Role Management: Upon successful verification, the bot automatically assigns a "Verified" role to the user, granting them appropriate permissions and access without any manual intervention from moderators.

  • Scalable User Database: Leverages MongoDB to efficiently store and manage user information, including Discord IDs, email addresses, and verification status, ensuring high performance even for communities with thousands of members.

  • Secure and Private: The verification process is handled through direct messages with the bot, keeping user emails private and secure. The system is designed to prevent unauthorized access and protect user data.

Technologies & Implementation

The bot is built on a modern JavaScript stack, chosen for its asynchronous capabilities and extensive ecosystem, which are ideal for handling real-time events from the Discord API.

  • Core Technologies: Node.js, Discord.js, MongoDB

  • Hosting: Deployed on a cloud server for 24/7 availability.

Node.js and the Discord.js library form the core of the bot, managing all interactions with the Discord API. This combination was selected for its performance and robust handling of WebSocket connections, which are essential for a responsive bot.

MongoDB was chosen as the backend database due to its flexible, document-based data model. This allows for easy storage of user profiles and verification tokens without the constraints of a rigid relational schema, making it simple to adapt and scale as community needs evolve.

The verification flow is designed to be both secure and user-friendly:

graph TD
    A["New User Joins Server"] --> B["Bot Sends DM with Instructions"]
    B --> C["User Submits Email Address"]
    C --> D{"Bot Generates Secure Token"}
    D --> E["Token & User ID Stored in MongoDB"]
    D --> F["Verification Email Sent to User"]
    F --> G["User Clicks Verification Link"]
    G --> H["API Endpoint Validates Token"]
    H -- "Valid" --> I["Update User Status in MongoDB"]
    I --> J["Bot Assigns 'Verified' Role in Discord"]
    H -- "Invalid/Expired" --> K["Bot Notifies User to Retry"]

Challenges & Solutions

One of the primary challenges was designing a verification system that was both secure and resistant to abuse while remaining intuitive for non-technical users. The initial concept risked tokens being intercepted or users getting stuck if an email failed to send.

To solve this, I implemented a system of short-lived, single-use verification tokens. Each token is cryptographically generated and tied to a specific user's Discord ID and a timestamp. If a token isn't used within a set time frame (e.g., 15 minutes), it expires, preventing old links from being exploited. Furthermore, I built a simple command (/resend-verification) that allows users to safely request a new email if the original was lost or expired, ensuring a smooth onboarding experience without compromising security.

Results & Impact

Saints Verify has been successfully deployed in several school and club servers, completely automating their member verification process.

  • Eliminated Unauthorized Access: The bot effectively prevents random, unverified users from joining and accessing sensitive channels.

  • Reduced Moderator Workload: It has saved moderators dozens of hours per month by automating a previously manual and time-consuming verification task.

  • Improved Community Security: By ensuring all members are authenticated, the bot has cultivated a more secure and trustworthy environment for students and club members to interact.

{TODO: Add screenshot of the bot's interaction in Discord}