Skip to content

fhsinchy/RizonTask

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
backend
backend
 
 
mobile
mobile
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

RizonTask

Magic-link auth + onboarding flow. Go backend, React Native (Expo) frontend.

Users enter their email, get a login link, tap it, and land in the app. First-time users see a short onboarding flow with bottom sheets: one asks if they're enjoying the app, then branches to either a feedback form or an app store redirect. Feedback gets stored and published to Slack (mocked for now, logs to console).

What's in here

backend/          Go API server (stdlib net/http, SQLite, Ed25519 JWTs)
mobile/           React Native app (Expo Router, TypeScript)
Makefile          Shortcuts for keygen, run, test, clean

Prerequisites

  • Go 1.25+
  • Node.js 18+
  • OpenSSL (for key generation)
  • Expo Go on your phone (if testing on a physical device)

Getting it running

1. Generate JWT signing keys

make keygen

This creates an Ed25519 keypair in backend/keys/. You only need to do this once.

2. Start the backend

make run

Starts on localhost:8080. SQLite database gets created automatically on first run. Magic links print to the console instead of sending real emails.

3. Start the mobile app

cd mobile
npm install
npx expo start

Scan the QR code with Expo Go, or press w for the web version.

If you're testing on a physical device, you'll need to edit mobile/src/lib/constants.ts and swap localhost for your machine's LAN IP so the phone can reach the backend. Also open the firewall port:

sudo firewall-cmd --add-port=8080/tcp

4. Log in

  1. Enter any email on the sign-in screen
  2. Check the make run terminal for the magic link token
  3. Paste the token into the dev input field on the "Check your email" screen
  4. You're in

Testing deep links

Deep links follow the format rizontask:///verify?token=TOKEN. In Expo Go, the scheme is different:

# Warm start (app already open)
adb shell am start -a android.intent.action.VIEW \
  -d "exp://YOUR_IP:8081/--/verify?token=TOKEN"

# Cold start (kill the app first)
adb shell am force-stop host.exp.exponent
adb shell am start -a android.intent.action.VIEW \
  -d "exp://YOUR_IP:8081/--/verify?token=TOKEN"

Running tests

make test

Environment variables

The backend reads these from the environment (all optional, sane defaults):

Variable Default What it does
PORT 8080 Server port
DATABASE_PATH rizon.db SQLite file path
JWT_PRIVATE_KEY_PATH keys/ed25519.key Signing key
JWT_PUBLIC_KEY_PATH keys/ed25519.pub Verification key
BASE_URL http://localhost:8080 Used in magic link URLs
ACCESS_TOKEN_TTL 900 Access token lifetime (seconds)
REFRESH_TOKEN_TTL 604800 Refresh token lifetime (seconds)
MAGIC_LINK_TTL 15m How long magic links stay valid

Abuse prevention

  • Global rate limit: 10 req/s per IP (token bucket, burst 20)
  • Magic link rate limit: 3 per email per 10 minutes
  • Tokens are single-use and time-limited (15 min default)
  • Tokens are SHA256-hashed before storage
  • Generic error messages to prevent email enumeration

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages