feat: email flow

_sidebar.md

@@ -1,5 +1,3 @@
-* [Create](/create.md)
+* [Email Flow](/emailflow.md)
-* [Sign](/sign.md)
-* [Verify](/verify.md)
 * [Offline Flow](/offline.md)
 * [Technical Notes](/technical.md)

emailflow.md

@@ -0,0 +1,50 @@
+# Email Flow
+
+
+```mermaid
+sequenceDiagram
+    autoNumber
+    actor U as SIGit User
+    participant W as SIGit Website
+    participant D as DVM
+    Participant DB as DataBase
+    Note over W,D: All comms over <br> Nostr Relay
+    U->>W: Click SIGNUP and enter <br>email address
+    Note over W: Ephemeral key generated <br> to communicate with DVM
+    W->>D: Request Account
+    Note right of W: Event uses PoW and<br> encrypts only EMAIL<br> to DVM pubkey
+    D -x DB: Verify PoW and check<br> if email exists
+    Note over D: If email already exists, <br>send user to LOGIN.<br> Otherwise#58;
+    D->>DB: Create Account
+    Note over DB: Create entries#58;<br>#128274;user.id=uid()<br>user.email=lowcase(email())<br>user.verified=false<br>user.activated=false<br>user.entropy=""<br>user.pubkey=""<br>user.created_at=now()<br>user.bkp=""<br>#128274;session.pubkey="ephemeral pubkey"<br>session.user_id=user.id<br>session.email_code=INT (6 digits)<br>session.created_at=now()
+    D->>U: Send session.email_code via email
+    D->>W: Account created
+    Note left of D: Payload is an empty string or<br> an encrypted (and detailed)<br> error message
+    W->>U: Tell user to check email and<br>to open it in the <br> SAME BROWSER SESSION
+    Note over W: Screen to accept the 6 digits <br> is already displayed<br>(mobile optimised if relevant)
+    U->>W: User opens link or enters the code
+    W->>D: Verify Account
+    Note right of W: Event uses PoW and <br>encrypts only CODE<br> to DVM pubkey
+    D -x DB: Check email_code where <br>session pk=event pk
+    D->>DB: If code matches,<br>Update Account
+    Note over DB: user.verified=true<br>user.entropy=uid()
+    D->>W: Provide user.entropy
+    Note left of D: Payload encrypted to ephemeral <br>pubkey. Is either a UID or a <br> detailed error message.
+    W->>U: Ask for secure password
+    Note right of U: This password is what prevents<br>backend from decrypting the nsec
+    U->>W: Enter password (twice)
+
+    Note over W: Nostr Keypair Generated <br> & Encrypted inside a <br> PRIVATE METHOD,<br>using password + entropy.<br> Password variable is not <br>stored, sent or printed <br> anywhere. Temporary <br>variables are destroyed.
+
+    W->>D: Request account activation
+    Note right of W: Event uses PoW and<br> encrypts both PUBKEY<br> and the already-<br>encrypted BACKUP<br> to the DVM pubkey
+    D -x DB: Ensure event pubkey <br> in SESSION table
+    D->>DB: Update Account
+    Note over DB: user.activated=true <br>user.pubkey=$pubkey<br>user.bkp=$backup
+    D->>W: Account activated
+    Note left of D: Payload is an empty string or<br> an encrypted (and detailed)<br> error message
+    W->>U: User is automatically logged in
+    Note over W: Ephemeral key is destroyed<br>Default relay list applied
+```
+
+

index.html

@@ -45,7 +45,12 @@
     -->
   <script src="static/assets/js/docsify.js"></script>
   <script src="static/assets/js/search.min.js"></script>
-
+  <script type="module">
+    import mermaid from "https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs";
+    mermaid.initialize({ startOnLoad: true });
+    window.mermaid = mermaid;
+  </script>
+  <script src="//unpkg.com/docsify-mermaid@2.0.1/dist/docsify-mermaid.js"></script>
 </body>
 
 </html>