Comments (9)
guoliu
commented on May 24, 2024
After looking at current IP record, it looks like IP sharing is very common for our user. Therefore we can only rely on canvas fingerprint. Banned state can still be inherited between email and canvas fingerprint.
We will also need to integrate reCAPTCHA (or any other method for verifying human). As reCAPTCHA v3 returns a score, we will need to integrate it first to acquire score distribution before starting to use it.
from matters-server.
guoliu
commented on May 24, 2024
from matters-server.
guoliu
commented on May 24, 2024
from matters-server.
guoliu
commented on May 24, 2024
from matters-server.
devformatters
commented on May 24, 2024
Backend flow:
Please let me know if I'm wrong or asynced. 🙏🏻
@guoliu @robertu7
from matters-server.
robertu7
commented on May 24, 2024
Banned users may not try to log in if their token is still valid.
As I mentioned before, Would it be simpler if we add this logic in withApollo.ts since we already have some custom headers like x-client-name and x-sentry-action-id?
We will send this custom header to the server through API requests, no matter what user state they are, but let the server to determine if accept it.
from matters-server.
guoliu
commented on May 24, 2024
I agree with @robertu7 that we should get canvas id in withApollo.ts, and send it as header. I think the flow @devformatters drew here is for backend only, and user logon means any request to the server. If so everyone should be on the same page 😁
For the "banned user logon" flow, we also want to record multiple records if the user logon with different canvas id. And for the "new user registration" flow, we should also check on blacklisted email, and record canvas id if matched.
The rest looks good to me!
from matters-server.
devformatters
commented on May 24, 2024
@robertu7 @guoliu
The points you guys made are correct, x-user-agent-hash always comes from header that I didn't describe in flow chart. (my bad 🗿)
For the "banned user logon" flow, we also want to record multiple records if the user logon with different canvas id
The flow should resolve it because system will record once banned user send any request with canvas id not existing in our table.
And for the "new user registration" flow, we should also check on blacklisted email, and record canvas id if matched.
It makes sense. 👌🏻
from matters-server.
devformatters
commented on May 24, 2024
Close it since we've shipped. Feel free to create a new issue or reopen.
from matters-server.
Related Issues (20)
- Prohbit user withoir email to do topup and subscription HOT 1
- Slow image uploading: Implementation HOT 1
- Slow image uploading: benchmark HOT 2
- Error handling for new login and sign up
- Fix wrong article count in user page tab HOT 1
- Backend review and task breakdowns HOT 1
- Allow user to remove profile cover HOT 1
- Upsize the collection size limit from 100 to 200
- Review cookie design
- Complexity-based rate limiting
- Revokable tokens
- Bump deps: Node.js 18.x (server-side)
- Collect the number of readers for each article in My Works
- Implement user's archived articles API for My Works
- Implement user's published articles API for My Works
- OSS couldn't search new article HOT 1
- Count how many images can be deleted
- Better data isolation on unit testing
- Referral storing HOT 1
- Revise home feed algo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from matters-server.