From e49ca810ab67e057d014a977fd83a36b8d711437 Mon Sep 17 00:00:00 2001 From: Jun-te Kim Date: Sun, 18 Jan 2026 21:34:46 +0000 Subject: [PATCH] next to do list --- stripe_to_invoice/README.md | 193 +----------------------------------- 1 file changed, 3 insertions(+), 190 deletions(-) diff --git a/stripe_to_invoice/README.md b/stripe_to_invoice/README.md index 29d91ae..492e0e9 100644 --- a/stripe_to_invoice/README.md +++ b/stripe_to_invoice/README.md @@ -1,190 +1,3 @@ -# 🚀 MVP Next Steps – Post SES Setup - -This document outlines the concrete next steps to build the MVP now that -Amazon SES email delivery is fully configured and verified. - ---- - -## ✅ Phase 0 — Email Infrastructure (COMPLETED) - -**Status: DONE** - -- SES domain verified (`juntekim.com`) -- DKIM, SPF, DMARC configured -- Custom MAIL FROM domain enabled -- Test email delivered to Gmail inbox -- SES production access requested -- SMTP credentials generated and stored securely - -No further SES work is required for MVP. - ---- - -## 🔐 Phase 1 — Magic Link Authentication (Core MVP) - -### 1️⃣ Define Authentication Model - -**Decisions** -- Email-only authentication (no passwords) -- Magic links are: - - Single-use - - Time-limited (e.g. 15 minutes) - - Hashed before storage -- No persistent email storage - -**Outcome** -- Clear security model before implementation - ---- - -### 2️⃣ Create Magic Link Token Table - -**Required fields** -- `id` -- `email` -- `token_hash` -- `expires_at` -- `used_at` -- `created_at` - -**Rules** -- Never store raw tokens -- Reject expired tokens -- Reject reused tokens -- Mark token as used immediately after login - -**Outcome** -- Database migration + model ready - ---- - -### 3️⃣ Build Email Sending Adapter (SES SMTP) - -**Requirements** -- Uses Amazon SES SMTP credentials -- Sends from `no-reply@juntekim.com` -- Generates secure magic link URLs -- Plain-text email (HTML later) - -**Example responsibility** -- `sendMagicLink(email, url)` - -**Outcome** -- Single reusable email-sending utility - ---- - -## 🔑 Phase 2 — NextAuth Integration - -### 4️⃣ Configure NextAuth (Email Provider) - -**Actions** -- Enable NextAuth Email provider -- Configure SES SMTP transport -- Disable default token storage -- Use custom DB token table - -**Outcome** -- NextAuth initialized and functional - ---- - -### 5️⃣ Implement `/auth/callback` Logic - -**Flow** -1. User clicks magic link -2. Token is hashed and validated -3. Token expiry checked -4. Token marked as used -5. Session created -6. Redirect to app - -**Outcome** -- End-to-end login flow works - ---- - -### 6️⃣ Minimal Authentication UI - -**Pages** -- Email input form -- “Check your email” confirmation screen -- Error states: - - Invalid token - - Expired token - - Already-used token - -**Outcome** -- Usable authentication UX - ---- - -## 🛡 Phase 3 — MVP Hardening (Still Lightweight) - -### 7️⃣ Rate Limiting - -Add limits for: -- Magic link requests per email -- Magic link requests per IP - -Purpose: -- Prevent abuse -- Protect SES reputation - ---- - -### 8️⃣ Basic Logging - -Log only: -- Email requested -- Email send success/failure -- Login success/failure - -Do **not** store email content. - ---- - -### 9️⃣ Production Sanity Checks - -Before real users: -- Test login on mobile + desktop -- Test Gmail + Outlook -- Test expired link behavior -- Test reused link rejection - ---- - -## 🚦 MVP Definition of Done - -The MVP is considered complete when: - -- User enters email -- User receives magic link -- User clicks link -- User is authenticated -- Session persists - -No additional features are required to ship. - ---- - -## 🧠 Guiding Principles - -- Infrastructure first (done) -- Security before UX polish -- Ship working flows early -- Avoid overbuilding before user feedback - ---- - -## 🧩 Post-MVP (Optional, Later) - -Do NOT block MVP on: -- HTML email templates -- Branded emails -- Email analytics -- Admin dashboards -- Multi-provider auth -- Password fallback - -Ship first, iterate later. +NEXT: +- Set up Stripe webhook endpoint, so when a test payment is done i can see it +- make it produce something so i can see it \ No newline at end of file