Releases · MicahParks/magiclinksdev

14 Jan 17:14

v0.5.0

3591003

Latest

The purpose of this release is to relicense the project under the Apache License 2.0.

The project was originally licensed under the Elastic License Version 2 (ELv2). This was to allow general use without allowing competing SaaS platforms.

The Elastic License Version 2 was dropped in favor of the Apache License 2.0 because I believe this more permissive license is more widely known, understood, and simpler. The intention behind this license change is to encourage more people to use the project.

Happy magic linking! ✨ 🔗 ✨

Assets 2

13 Jan 03:57

MicahParks

v0.4.5

4be27c4

v0.4.5

The purpose of this pull request is to fix the PostgreSQL connection pool retry logic.

The behavior changed when pgx/v5 was released, causing the existing connection logic to not perform retries.

Also, simplify the Docker Compose assets.

Relevant pull requests:

Assets 2

10 Sep 16:59

MicahParks

v0.4.3

42d9594

Use log/slog logger

The purpose of this replace go.uber.org/zap with log/slog. The default logger is now non-JSON based.

Dependencies were updated and new logging options were added. Check out the docs site for details.

Assets 2

03 Jun 17:34

MicahParks

v0.3.0

f364bca

Client JWT algorithm selection and database migrations

The purpose of this release is to allow clients to select which algorithm to sign JWTs with on a per request basis.

This release also introduces a database migration strategy. There are two strategies: running a new Go program manually and automatically migrating on program startup. You can read more about database migrations on the documentation site.

Relevant issues:

Relevant pull requests:

Assets 2

15 Apr 23:43

MicahParks

v0.2.1

4736fe7

v0.2.1

Release v0.2.1 corrects the links to Google's privacy policy and terms of service in the HTML email template.

Relevant pull requests:

Assets 2

15 Apr 23:32

MicahParks

v0.2.0

7310f93

Prevent robots

Release v0.2.0 adds a configuration option that prevents robots from following magic links. The primary purpose of this new feature is to prevent email security products, like "Safe Links" in Microsoft Defender for Office 365, from consuming one-time magic links.

In order to prevent robots, an HTML page is rendered with reCAPTCHA v3. The page automatically redirects on load. It may be briefly visible to the user. In the event that reCAPTCHA v3 verification fails or the user's web browser will not run JavaScript, there is a non-default server configuration option to enable a "button bypass", which is an HTML form that will perform an HTTP redirect without JavaScript. It is possible, but unlikely, that a security product could submit this form when detonating a magic link. It is recommended to turn the "button bypass" on when blocking robots with reCAPTCHA v3.

The server's default behavior is still a direct HTTP redirect and this change should be backwards compatible.

Please see the updated docs site for information on how to configure your instance.

For implementation details, please see this comment on the pull request.

Here are the renderings of the HTML pages used for redirection. These pages should only show for a brief moment, then automatically redirect.

Default:

"button bypass":