sigit/docs.sigit.io
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: email flow
All checks were successful
Release to Production / build_and_release (push) Successful in 24s
Details

Browse Source
This commit is contained in:
_ 2025-01-12 22:48:06 +00:00
parent f9a197cbb7
commit ed7c15ab72
3 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_sidebar.md
View File

@ -1,5 +1,3 @@
* [Create](/create.md)
* [Sign](/sign.md)
* [Verify](/verify.md)
* [Email Flow](/emailflow.md)
* [Offline Flow](/offline.md)
* [Technical Notes](/technical.md)

50
emailflow.md Normal file
View File

@ -0,0 +1,50 @@
# Email Flow
```mermaid
sequenceDiagram
autoNumber
actor U as SIGit User
participant W as SIGit Website
participant D as DVM
Participant DB as DataBase
Note over W,D: All comms over <br> Nostr Relay
U->>W: Click SIGNUP and enter <br>email address
Note over W: Ephemeral key generated <br> to communicate with DVM
W->>D: Request Account
Note right of W: Event uses PoW and<br> encrypts only EMAIL<br> to DVM pubkey
D -x DB: Verify PoW and check<br> if email exists
Note over D: If email already exists, <br>send user to LOGIN.<br> Otherwise#58;
D->>DB: Create Account
Note over DB: Create entries#58;<br>#128274;user.id=uid()<br>user.email=lowcase(email())<br>user.verified=false<br>user.activated=false<br>user.entropy=""<br>user.pubkey=""<br>user.created_at=now()<br>user.bkp=""<br>#128274;session.pubkey="ephemeral pubkey"<br>session.user_id=user.id<br>session.email_code=INT (6 digits)<br>session.created_at=now()
D->>U: Send session.email_code via email
D->>W: Account created
Note left of D: Payload is an empty string or<br> an encrypted (and detailed)<br> error message
W->>U: Tell user to check email and<br>to open it in the <br> SAME BROWSER SESSION
Note over W: Screen to accept the 6 digits <br> is already displayed<br>(mobile optimised if relevant)
U->>W: User opens link or enters the code
W->>D: Verify Account
Note right of W: Event uses PoW and <br>encrypts only CODE<br> to DVM pubkey
D -x DB: Check email_code where <br>session pk=event pk
D->>DB: If code matches,<br>Update Account
Note over DB: user.verified=true<br>user.entropy=uid()
D->>W: Provide user.entropy
Note left of D: Payload encrypted to ephemeral <br>pubkey. Is either a UID or a <br> detailed error message.
W->>U: Ask for secure password
Note right of U: This password is what prevents<br>backend from decrypting the nsec
U->>W: Enter password (twice)
Note over W: Nostr Keypair Generated <br> & Encrypted inside a <br> PRIVATE METHOD,<br>using password + entropy.<br> Password variable is not <br>stored, sent or printed <br> anywhere. Temporary <br>variables are destroyed.
W->>D: Request account activation
Note right of W: Event uses PoW and<br> encrypts both PUBKEY<br> and the already-<br>encrypted BACKUP<br> to the DVM pubkey
D -x DB: Ensure event pubkey <br> in SESSION table
D->>DB: Update Account
Note over DB: user.activated=true <br>user.pubkey=$pubkey<br>user.bkp=$backup
D->>W: Account activated
Note left of D: Payload is an empty string or<br> an encrypted (and detailed)<br> error message
W->>U: User is automatically logged in
Note over W: Ephemeral key is destroyed<br>Default relay list applied
```

7
index.html
View File

@ -45,7 +45,12 @@
-->
<script src="static/assets/js/docsify.js"></script>
<script src="static/assets/js/search.min.js"></script>
<script type="module">
import mermaid from "https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs";
mermaid.initialize({ startOnLoad: true });
window.mermaid = mermaid;
</script>
<script src="//unpkg.com/docsify-mermaid@2.0.1/dist/docsify-mermaid.js"></script>
</body>
</html>