feat: add student account verification endpoint

[Tiebe]

Add academic email verification using JetBrains swot data. Students can get HTTP Toolkit Pro for free, renewable every year.

I added a git submodule for the JetBrains swot data, and translated the Kotlin logic for verifying whether a email is academic or not to TypeScript.

Also added a new endpoint at /request-student-account, for verifying and giving a user the subscription status.

Relevant issue: httptoolkit/httptoolkit#189

Other PR: httptoolkit/httptoolkit-website#123

Let me know if you want any changes!

[CLAassistant]

All committers have signed the CLA.

[pimterry]

Thanks @Tiebe! The general approach looks great, I've just left one comment on the code, but there's a few things we need to do:

• We need a test for this (at least just one OK + one rejection example)
• It would be better to do this with an npm dependency if we can, instead of vendoring the code directly and managing that ourselves. Looks like there are a few options for that, can you take a look and see if you can find one that might work and is actively maintained?

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	typescript-styled-plugin@​0.15.0
	styled-reset@​4.3.4
	styled-components@​5.2.3
	static-server@​2.2.1
	stream-browserify@​3.0.0
	educhk@​2026.4.22
	react@​18.3.1 ⏵ 17.0.1			-6
	webpack@​5.105.0
	mobx-react-lite@​3.2.0
	util@​0.12.5
	style-loader@​4.0.0
	webpack-dev-server@​5.2.1
	mobx@​6.3.0
	ts-loader@​8.4.0
	typescript@​4.9.5
	webpack-cli@​5.1.4
	react-dom@​18.3.1 ⏵ 17.0.1	+1		-1
	html-webpack-plugin@​5.5.3

View full report

[Tiebe]

@pimterry Thanks for your review!

I used educhk for the library. It is not hugely popular, but it is one of the only ones still getting updates, and should be easy to replace if that ever stops. Is that fine?

I also added a basic test and added a student-account provider!

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm typescript License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) From: ui/package-lock.json → npm/typescript@4.9.5 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@4.9.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[pimterry]

Great stuff, thanks @Tiebe! I've merged it. I'll find some time to review the frontend as soon as I can 🙏

[pimterry]

Did add one tweak here just to guard against signups with active paying accounts, but otherwise all good.