juntekim.com/stripe_to_invoice

🚀 MVP Next Steps – Post SES Setup

This document outlines the concrete next steps to build the MVP now that Amazon SES email delivery is fully configured and verified.

---

✅ Phase 0 — Email Infrastructure (COMPLETED)

Status: DONE

• SES domain verified (juntekim.com)
• DKIM, SPF, DMARC configured
• Custom MAIL FROM domain enabled
• Test email delivered to Gmail inbox
• SES production access requested
• SMTP credentials generated and stored securely

No further SES work is required for MVP.

---

🔐 Phase 1 — Magic Link Authentication (Core MVP)

1️⃣ Define Authentication Model

Decisions

• Email-only authentication (no passwords)
• Magic links are:
  • Single-use
  • Time-limited (e.g. 15 minutes)
  • Hashed before storage
• No persistent email storage

Outcome

• Clear security model before implementation

---

2️⃣ Create Magic Link Token Table

Required fields

• id
• email
• token_hash
• expires_at
• used_at
• created_at

Rules

• Never store raw tokens
• Reject expired tokens
• Reject reused tokens
• Mark token as used immediately after login

Outcome

• Database migration + model ready

---

3️⃣ Build Email Sending Adapter (SES SMTP)

Requirements

• Uses Amazon SES SMTP credentials
• Sends from no-reply@juntekim.com
• Generates secure magic link URLs
• Plain-text email (HTML later)

Example responsibility

• sendMagicLink(email, url)

Outcome

• Single reusable email-sending utility

---

🔑 Phase 2 — NextAuth Integration

4️⃣ Configure NextAuth (Email Provider)

Actions

• Enable NextAuth Email provider
• Configure SES SMTP transport
• Disable default token storage
• Use custom DB token table

Outcome

• NextAuth initialized and functional

---

5️⃣ Implement /auth/callback Logic

Flow

1. User clicks magic link
2. Token is hashed and validated
3. Token expiry checked
4. Token marked as used
5. Session created
6. Redirect to app

Outcome

• End-to-end login flow works

---

6️⃣ Minimal Authentication UI

Pages

• Email input form
• “Check your email” confirmation screen
• Error states:
  • Invalid token
  • Expired token
  • Already-used token

Outcome

• Usable authentication UX

---

🛡 Phase 3 — MVP Hardening (Still Lightweight)

7️⃣ Rate Limiting

Add limits for:

• Magic link requests per email
• Magic link requests per IP

Purpose:

• Prevent abuse
• Protect SES reputation

---

8️⃣ Basic Logging

Log only:

• Email requested
• Email send success/failure
• Login success/failure

Do not store email content.

---

9️⃣ Production Sanity Checks

Before real users:

• Test login on mobile + desktop
• Test Gmail + Outlook
• Test expired link behavior
• Test reused link rejection

---

🚦 MVP Definition of Done

The MVP is considered complete when:

• User enters email
• User receives magic link
• User clicks link
• User is authenticated
• Session persists

No additional features are required to ship.

---

🧠 Guiding Principles

• Infrastructure first (done)
• Security before UX polish
• Ship working flows early
• Avoid overbuilding before user feedback

---

🧩 Post-MVP (Optional, Later)

Do NOT block MVP on:

• HTML email templates
• Branded emails
• Email analytics
• Admin dashboards
• Multi-provider auth
• Password fallback

Ship first, iterate later.