kimjunte/juntekim.com
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 13
juntekim.com/stripe_to_invoice/README.md
Jun-te Kim a8ff57cd40 save plan
2025-12-29 14:42:49 +00:00

190 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🚀 MVP Next Steps Post SES Setup
This document outlines the concrete next steps to build the MVP now that
Amazon SES email delivery is fully configured and verified.
---
## ✅ Phase 0 — Email Infrastructure (COMPLETED)
**Status: DONE**
- SES domain verified (`juntekim.com`)
- DKIM, SPF, DMARC configured
- Custom MAIL FROM domain enabled
- Test email delivered to Gmail inbox
- SES production access requested
- SMTP credentials generated and stored securely
No further SES work is required for MVP.
---
## 🔐 Phase 1 — Magic Link Authentication (Core MVP)
### 1⃣ Define Authentication Model
**Decisions**
- Email-only authentication (no passwords)
- Magic links are:
- Single-use
- Time-limited (e.g. 15 minutes)
- Hashed before storage
- No persistent email storage
**Outcome**
- Clear security model before implementation
---
### 2⃣ Create Magic Link Token Table
**Required fields**
- `id`
- `email`
- `token_hash`
- `expires_at`
- `used_at`
- `created_at`
**Rules**
- Never store raw tokens
- Reject expired tokens
- Reject reused tokens
- Mark token as used immediately after login
**Outcome**
- Database migration + model ready
---
### 3⃣ Build Email Sending Adapter (SES SMTP)
**Requirements**
- Uses Amazon SES SMTP credentials
- Sends from `no-reply@juntekim.com`
- Generates secure magic link URLs
- Plain-text email (HTML later)
**Example responsibility**
- `sendMagicLink(email, url)`
**Outcome**
- Single reusable email-sending utility
---
## 🔑 Phase 2 — NextAuth Integration
### 4⃣ Configure NextAuth (Email Provider)
**Actions**
- Enable NextAuth Email provider
- Configure SES SMTP transport
- Disable default token storage
- Use custom DB token table
**Outcome**
- NextAuth initialized and functional
---
### 5⃣ Implement `/auth/callback` Logic
**Flow**
1. User clicks magic link
2. Token is hashed and validated
3. Token expiry checked
4. Token marked as used
5. Session created
6. Redirect to app
**Outcome**
- End-to-end login flow works
---
### 6⃣ Minimal Authentication UI
**Pages**
- Email input form
- “Check your email” confirmation screen
- Error states:
- Invalid token
- Expired token
- Already-used token
**Outcome**
- Usable authentication UX
---
## 🛡 Phase 3 — MVP Hardening (Still Lightweight)
### 7⃣ Rate Limiting
Add limits for:
- Magic link requests per email
- Magic link requests per IP
Purpose:
- Prevent abuse
- Protect SES reputation
---
### 8⃣ Basic Logging
Log only:
- Email requested
- Email send success/failure
- Login success/failure
Do **not** store email content.
---
### 9⃣ Production Sanity Checks
Before real users:
- Test login on mobile + desktop
- Test Gmail + Outlook
- Test expired link behavior
- Test reused link rejection
---
## 🚦 MVP Definition of Done
The MVP is considered complete when:
- User enters email
- User receives magic link
- User clicks link
- User is authenticated
- Session persists
No additional features are required to ship.
---
## 🧠 Guiding Principles
- Infrastructure first (done)
- Security before UX polish
- Ship working flows early
- Avoid overbuilding before user feedback
---
## 🧩 Post-MVP (Optional, Later)
Do NOT block MVP on:
- HTML email templates
- Branded emails
- Email analytics
- Admin dashboards
- Multi-provider auth
- Password fallback
Ship first, iterate later.
Reference in a new issue View git blame Copy permalink