william
/
ssb-pub-frontend
1
0
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
2 Branches
3.3 MiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
 ZIP  TAR.GZ
William Davis 0ada1fe68f update readme todo 5 months ago
db check if email is already in db 6 months ago
keys set up SMTP and password import for SMTP 7 months ago
static serve css for page styling 6 months ago
templates serve css for page styling 6 months ago
token add func to generate random alphanumeric token string 7 months ago
.gitignore add email to db on invite request 7 months ago
README.md update readme todo 5 months ago
main.go serve css for page styling 6 months ago

README.md

email invitation handler

Typically you have a URL that looks like this,

http://yourwebsite.com/confirm-email?token=abcfbcffbabcfcfbbcfaa282bfc8

In your application when request comes in to that URL you grab the token value and check if it is valid by looking up the relevant table in the database.
The table might look like this,

user_id, token, date_generated, date_expires, date_used
1, abcfbcffbabcfcfbbcfaa282bfc8, 2014-03-12, 2014-03-14, NULL

When the link is viewed you must invalidate the corresponding token.

user_id, token, date_generated, date_expires, date_used
1, abcfbcffbabcfcfbbcfaa282bfc8, 2014-03-12, 2014-03-14, 2014-03-13

The token is of course generated randomly at an appropriate time such as after user registration form is submitted.
An alternative approach is to create some sort of deterministic hash using the user data and use that as the token to avoid having to store tokens. But I highly advise against that particularly for more sensitive stuff, sometimes you can get away with that method for a simple "unsubscribe" functionality.

Things to watch out for:
Token must be long (particularly if for pass reset and the like), I'd suggest 24 characters case-sensitive 0-9A-Z
As soon as the link for a token is viewed, it must be marked as used (regardless of the outcome)
Token should have some expiry date, you can adjust this to appropriate value to not annoy users, and depending on the sensitivity of the application, email validation could last 21 days, but pass reset should probably last less than 72 hours.
Be careful to ensure that the token column is unique across the table

notes

  • remember to update keys/keys.go with SMTP password

todo

reference

https://www.zupzup.org/boltdb-example/ -might be good