API:
- Users
-
GET /users/:id(:idcan be "me" in all requests for current user)
-
- Login codes
-
POST /login_codesw/ email of user- Automatically creates user if doesn't exist
-
- Auth tokens
-
POST /auth_tokensw/ user id and login code
-
Ideas:
- Separate objects for "Emails" in DB
- "API Request" object in DB
Notes:
- Need to test for SQL-injection equivalent in Airtable filters
- Must fix race condition reproducible with:
while true; do http POST localhost:8080/login_codes email="putanewuserhere@zachlatta.com" &; done- Multiple users with same email gets created
Future:
- Invalidating auth tokens
- Optional SMS based auth
Auth service for Hack Club ecosystem. Endpoints are as follows:
Objects:
-
User
- ID
- Created
- Auth Tokens
-
Login Code
- ID
- User
- Created
- Creator IP Address
- Creator User Agent
- Login Code
- Auth Token (for whether it was activated)
-
Auth Token
- ID
- User
- Token
- Created
- Creator IP
- Creator User Agent - Maybe do separate API Request object
- Invalidated
- Invalidator IP
- Invalidator User Agent
-
Email
- ID
- User
- Login Code
- To Email
- From Email
- Subject
- Plain Text Body
- HTML Body
Set the following environment variables:
// Airtable API key + base to interact with
AIRTABLE_API_KEY=
AIRTABLE_BASE=
// Email credentials for sending login codes
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=