пва

client/src/app/layout/MainLayout.tsx

@@ -8,8 +8,8 @@ import Stack from '@mui/material/Stack'
 import Typography from '@mui/material/Typography'
 import { Link as RouterLink } from 'react-router-dom'
 import { AppHeader } from '@/app/layout/AppHeader'
-import { STORE_EMAIL, STORE_NAME, STORE_PHONE, VK_URL } from '@/shared/config'
 import vkLogoSrc from '@/shared/assets/vk-logo.svg'
+import { STORE_EMAIL, STORE_NAME, STORE_PHONE, VK_URL } from '@/shared/config'
 import { ScrollOnNavigate } from '@/shared/ui/ScrollOnNavigate'
 import { ScrollToTop } from '@/shared/ui/ScrollToTop'
 
@@ -91,12 +91,7 @@ export function MainLayout({ children }: PropsWithChildren) {
                   color="text.secondary"
                   sx={{ display: 'inline-flex', alignItems: 'center', gap: 0.5, '&:hover': { color: '#4A76A8' } }}
                 >
-                  <Box
+                  <Box component="img" src={vkLogoSrc} alt="VK" sx={{ width: 20, height: 20 }} />
-                    component="img"
-                    src={vkLogoSrc}
-                    alt="VK"
-                    sx={{ width: 20, height: 20 }}
-                  />
                   VK
                 </Link>
               </Stack>

client/src/pages/me/ui/sections/AuthMethodsSection.tsx

@@ -9,10 +9,12 @@ import Typography from '@mui/material/Typography'
 import { useMutation } from '@tanstack/react-query'
 import { useUnit } from 'effector-react'
 import { useForm } from 'react-hook-form'
+import { useSearchParams } from 'react-router-dom'
 import {
   $user,
   changePasswordFx,
   fetchAuthMethodsFx,
+  requestEmailChangeFx,
   setPasswordFx,
   unlinkOAuthFx,
   type AuthMethod,
@@ -77,11 +79,78 @@ export function AuthMethodsSection() {
     return authMethods.filter((m) => m.active).length
   }, [authMethods])
 
+  const [searchParams] = useSearchParams()
+  const emailVerified = searchParams.get('emailVerified')
+
+  const emailForm = useForm<{ email: string }>({
+    defaultValues: { email: '' },
+  })
+  const [emailChangeError, setEmailChangeError] = useState<string | null>(null)
+  const [verificationUrl, setVerificationUrl] = useState<string | null>(null)
+
+  const emailChangeMutation = useMutation({
+    mutationFn: async (email: string) => {
+      setEmailChangeError(null)
+      const url = await requestEmailChangeFx(email)
+      return url
+    },
+    onSuccess: (url) => setVerificationUrl(url),
+    onError: (err) => setEmailChangeError(err?.message || 'Не удалось сменить email'),
+  })
+
   if (!user) return null
 
   return (
     <Box>
       <Typography variant="h6" gutterBottom>
+        Почта
+      </Typography>
+
+      {emailVerified === '1' && (
+        <Alert severity="success" sx={{ mb: 2 }}>
+          Почта успешно подтверждена
+        </Alert>
+      )}
+
+      <Typography sx={{ mb: 2 }} color="text.secondary">
+        {user.email}
+      </Typography>
+
+      {!verificationUrl && (
+        <Stack direction="row" spacing={1} sx={{ mb: 2 }}>
+          <TextField
+            label="Новая почта"
+            type="email"
+            size="small"
+            {...emailForm.register('email')}
+            error={Boolean(emailChangeError)}
+            helperText={emailChangeError}
+          />
+          <Button
+            variant="outlined"
+            disabled={!emailForm.watch('email') || emailChangeMutation.isPending}
+            onClick={() => {
+              const email = emailForm.getValues('email')
+              if (email) emailChangeMutation.mutate(email)
+            }}
+          >
+            Сменить
+          </Button>
+        </Stack>
+      )}
+
+      {verificationUrl && (
+        <Alert severity="info" sx={{ mb: 2 }}>
+          <Stack spacing={1} direction="row" sx={{ alignItems: 'center' }}>
+            <span>Ссылка подтверждения готова.</span>
+            <Button size="small" variant="contained" href={verificationUrl}>
+              Подтвердить email
+            </Button>
+          </Stack>
+        </Alert>
+      )}
+
+      <Typography variant="h6" gutterBottom sx={{ mt: 3 }}>
         Методы входа
       </Typography>
       {fetchError && (

client/src/pages/me/ui/sections/__tests__/AuthMethodsSection.test.tsx

@@ -1,5 +1,6 @@
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
 import { render, screen, waitFor } from '@testing-library/react'
+import { MemoryRouter } from 'react-router-dom'
 import { describe, expect, it, vi } from 'vitest'
 import { AuthMethodsSection } from '../AuthMethodsSection'
 
@@ -15,6 +16,7 @@ vi.mock('@/shared/model/auth', () => ({
   fetchAuthMethodsFx: vi.fn().mockResolvedValue([]),
   setPasswordFx: vi.fn(),
   unlinkOAuthFx: vi.fn(),
+  requestEmailChangeFx: vi.fn(),
 }))
 
 vi.mock('@/shared/api/client', () => ({ apiClient: { post: vi.fn() } }))
@@ -29,7 +31,9 @@ function renderSection() {
   const qc = new QueryClient({ defaultOptions: { queries: { retry: false }, mutations: { retry: false } } })
   return render(
     <QueryClientProvider client={qc}>
-      <AuthMethodsSection />
+      <MemoryRouter>
+        <AuthMethodsSection />
+      </MemoryRouter>
     </QueryClientProvider>,
   )
 }

client/src/shared/model/auth.ts

@@ -101,6 +101,11 @@ export const changePasswordFx = createEffect(async (params: { oldPassword: strin
   await apiClient.post('me/change-password', params)
 })
 
+export const requestEmailChangeFx = createEffect(async (email: string) => {
+  const { data } = await apiClient.patch<{ verificationUrl: string }>('me/email', { email })
+  return data.verificationUrl
+})
+
 // ----- Error stores -----
 
 export const $updateProfileError = createErrorStore(updateProfileFx).$error

server/prisma/migrations/20260522175250_pending_email/migration.sql

@@ -0,0 +1,19 @@
+-- CreateTable
+CREATE TABLE "PendingEmail" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "userId" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "expiresAt" DATETIME NOT NULL,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    CONSTRAINT "PendingEmail_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "PendingEmail_token_key" ON "PendingEmail"("token");
+
+-- CreateIndex
+CREATE INDEX "PendingEmail_token_idx" ON "PendingEmail"("token");
+
+-- CreateIndex
+CREATE INDEX "PendingEmail_userId_idx" ON "PendingEmail"("userId");

server/prisma/schema.prisma

@@ -91,6 +91,7 @@ model User {
   reviews Review[]
   orderMessageReadStates UserOrderMessageReadState[]
   oauthAccounts OAuthAccount[]
+  pendingEmails PendingEmail[]
   notificationPreference NotificationPreference?
   notificationLogs NotificationLog[]
 }
@@ -261,6 +262,20 @@ model OAuthAccount {
   @@index([userId])
 }
 
+model PendingEmail {
+  id        String   @id @default(cuid())
+  userId    String
+  email     String
+  token     String   @unique
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@index([token])
+  @@index([userId])
+}
+
 model AuthCode {
   id        String   @id @default(cuid())
   email     String

server/src/routes/auth-session.js

@@ -1,3 +1,5 @@
+import crypto from 'node:crypto'
+import { normalizeEmail } from '../lib/auth.js'
 import { prisma } from '../lib/prisma.js'
 import { mapUserForClient } from './auth.js'
 
@@ -26,4 +28,54 @@ export async function registerAuthSessionRoutes(fastify) {
       ],
     }
   })
+
+  fastify.patch('/api/me/email', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+    const userId = request.user.sub
+    const rawEmail = typeof request.body?.email === 'string' ? request.body.email.trim() : ''
+
+    if (!rawEmail || !rawEmail.includes('@')) {
+      return reply.code(400).send({ error: 'Некорректная почта' })
+    }
+
+    const email = normalizeEmail(rawEmail)
+
+    const existing = await prisma.user.findUnique({ where: { email } })
+    if (existing && existing.id !== userId) {
+      return reply.code(409).send({ error: 'Эта почта уже используется' })
+    }
+
+    await prisma.pendingEmail.deleteMany({ where: { userId } })
+
+    const token = crypto.randomUUID()
+    const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000)
+
+    await prisma.pendingEmail.create({
+      data: { userId, email, token, expiresAt },
+    })
+
+    return { verificationUrl: `/api/me/verify-email?token=${token}` }
+  })
+
+  fastify.get('/api/me/verify-email', async (request, reply) => {
+    const token = typeof request.query?.token === 'string' ? request.query.token : ''
+
+    if (!token) {
+      return reply.code(400).send({ error: 'Отсутствует токен подтверждения' })
+    }
+
+    const pending = await prisma.pendingEmail.findUnique({ where: { token } })
+    if (!pending || pending.expiresAt < new Date()) {
+      return reply.code(400).send({ error: 'Токен подтверждения недействителен или истёк' })
+    }
+
+    await prisma.user.update({
+      where: { id: pending.userId },
+      data: { email: pending.email },
+    })
+
+    await prisma.pendingEmail.delete({ where: { id: pending.id } })
+
+    const clientUrl = (process.env.CLIENT_PUBLIC_URL || 'http://127.0.0.1:5173').replace(/\/$/, '')
+    return reply.redirect(`${clientUrl}/me?emailVerified=1`)
+  })
 }

server/src/routes/oauth-social.js

@@ -69,7 +69,6 @@ async function findOrCreateUserFromOAuth({ provider, providerUserId, accessToken
   const norm = trimmed ? normalizeEmail(trimmed) : null
 
   if (linkToUserId) {
-    if (!norm) return null
     await prisma.oAuthAccount.create({
       data: { provider, providerUserId: String(providerUserId), userId: linkToUserId, accessToken },
     })
@@ -84,13 +83,13 @@ async function findOrCreateUserFromOAuth({ provider, providerUserId, accessToken
     return user
   }
 
-  if (!norm) return null
+  const email = norm || `${provider}_${providerUserId}@vk.local`
 
   user = await prisma.user.create({
     data: {
-      email: norm,
+      email,
-      displayName: norm.split('@')[0],
+      displayName: norm ? norm.split('@')[0] : 'Пользователь',
-      avatar: await generateAvatar(norm),
+      avatar: await generateAvatar(email),
       avatarStyle: 'avataaars',
     },
   })
@@ -206,7 +205,6 @@ export async function registerOAuthSocialRoutes(fastify) {
     const emailSuggestion = claims?.email ?? tokenBody?.email ?? null
 
     if (!vkUserId) return oauthErrorRedirect(reply, 'no_user_id')
-    if (!emailSuggestion) return oauthErrorRedirect(reply, 'no_email')
 
     const linkToUserId = pkceEntry.meta?.action === 'link' ? pkceEntry.meta.userId : undefined
 
@@ -218,8 +216,6 @@ export async function registerOAuthSocialRoutes(fastify) {
       linkToUserId,
     })
 
-    if (!user) return oauthErrorRedirect(reply, 'Не удалось получить email от VK')
-
     if (linkToUserId) {
       const base = process.env.CLIENT_PUBLIC_URL || 'http://127.0.0.1:5173'
       return reply.redirect(`${base.replace(/\/$/, '')}/me?linked=vk`)