Skip to content

Implement server invite codes #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 16, 2025
Merged

Implement server invite codes #37

merged 1 commit into from
Apr 16, 2025

Conversation

@benbusby
Copy link
Owner

@benbusby benbusby commented Apr 14, 2025

This introduces the ability for a YeetFile instance admin to send out invites to a list of emails with unique signup codes. These signup codes are tied to the email they're sent to, and are removed after a user completes registration using that email and signup code. The code a user receives cannot be used to sign up for an ID-only account, and cannot be used to sign up with a different email address.

The invite codes are not stored in plaintext anywhere. They are hashed with bcrypt before storing in the database, and are only included in plaintext in the outbound email. When a user clicks the signup link in the email they received, the code is used to autofill the server password field, and does not require any further interaction from the user.

Enabling invite codes requires the following conditions:

  • YEETFILE_ALLOW_INVITES set to 1
  • YEETFILE_SERVER_PASSWORD set to a non-empty string
    • This is required to prevent unauthorized signups (verification codes are treated as a fallback method for validating the server password)
  • YEETFILE_EMAIL_* variables set
    • This is required since invite codes have to be emailed to recipients
  • YEETFILE_INSTANCE_ADMIN set to the email address or account ID for the preferred admin user

Closes #36

@benbusby
Implement server invite codes
b7686fe 
This introduces the ability for a YeetFile instance admin to send out
invites to a list of emails with unique signup codes. These signup
codes are tied to the email they're sent to, and are removed after a
user completes registration using that email and signup code.

The invite codes are not stored in plaintext anywhere. They are hashed
with bcrypt before storing in the database, and are only included in
plaintext in the outbound email.

Enabling invite codes requires the following conditions:

- YEETFILE_ALLOW_INVITES set to 1
- YEETFILE_SERVER_PASSWORD set to a non-empty string
- YEETFILE_EMAIL_* variables set
benbusby
benbusby commented Apr 14, 2025
View reviewed changes
backend/mail/invite.go
Comment on lines +17 to +23
var inviteBodyTemplate = template.Must(template.New("").Parse(
"Hello,\n\nYou have been invited to join a YeetFile instance at this " +
"domain: {{.Domain}}\n\n" +
"YeetFile is an open source platform that allows encrypted file " +
"sharing and storage.\n\n" +
"To create an account, you can use the following link:\n\n" +
"{{.Domain}}{{.Endpoint}}?email={{.Email}}&code={{.Code}}"))
Copy link
Owner Author

@benbusby benbusby Apr 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@NaLiJa is this invite email template good enough for now? I'm thinking we can modify this as needed during the localization efforts.

Copy link

@NaLiJa NaLiJa Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is great! 1000 thanks!

@benbusby
Copy link
Owner Author

benbusby commented Apr 14, 2025

@NaLiJa let me know if the process I described in the PR description sounds good to you, and if you want to pull the branch (feature/invite-codes) and test it yourself at all. If it all sounds good to you, I'll merge this soon.

@NaLiJa
Copy link

NaLiJa commented Apr 16, 2025
edited
Loading

Yes, this sounds exactly as needed! Fantastic! My quick tests with the invite-codes branch were successful!
When I installed my test instance I configured systemd for yeetfile and set up a caddy reverse proxy. Since it is not in the docs yet and in case someone has a usage for this (on a Debian 12 system):

nano /etc/systemd/system/yeetfile.service

[Unit]
Description=Yeetfile server
Wants=network.target postgresql.service
After=network.target postgresql.service

[Service]
Type=simple
Restart=always
RestartSec=5
WorkingDirectory=/opt/yeetfile
ExecStart=/opt/yeetfile/yeetfile-server

[Install]
WantedBy=multi-user.target

systemctl enable yeetfile
systemctl start yeetfile
systemctl status yeetfile

@benbusby
Copy link
Owner Author

benbusby commented Apr 16, 2025

Nice, thanks for reviewing! I'll add the systemd config to the readme after I merge this

@benbusby benbusby merged commit 14e581a into main Apr 16, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@NaLiJa NaLiJa NaLiJa left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Invite-only registration

3 participants

@benbusby @NaLiJa