I am sending this email to invite people for registration.That's my route
router.post('/invite-supervisor', (req,res) => {
const email = req.body.invite_email;
const secretToken = randomstring.generate();
// console.log('Email :',email);
//Composing email
const html = `Hi there
<br/>
To get registered please click on the following link and paste your secret token for registration.
<br/><br/>
Token : ${secretToken}
<br/><br/>
<a href="http://localhost:3000/signup/${secretToken}">http://localhost:3000/signup/${secretToken}</a>
<br/><br/>
Have a good day!`;
//<a href="http://localhost:3000/users/verify/${secretToken}">p</a>
mailer.sendEmail('[email protected]',email,'Please signup through this link',html);
req.flash('success','An invitation email sent to '+email);
res.redirect('/');
});
Now I want to disable my link after few hours.How can I do it.
I am sending this email to invite people for registration.That's my route
router.post('/invite-supervisor', (req,res) => {
const email = req.body.invite_email;
const secretToken = randomstring.generate();
// console.log('Email :',email);
//Composing email
const html = `Hi there
<br/>
To get registered please click on the following link and paste your secret token for registration.
<br/><br/>
Token : ${secretToken}
<br/><br/>
<a href="http://localhost:3000/signup/${secretToken}">http://localhost:3000/signup/${secretToken}</a>
<br/><br/>
Have a good day!`;
//<a href="http://localhost:3000/users/verify/${secretToken}">p</a>
mailer.sendEmail('[email protected]',email,'Please signup through this link',html);
req.flash('success','An invitation email sent to '+email);
res.redirect('/');
});
Now I want to disable my link after few hours.How can I do it.
Share Improve this question edited Dec 5, 2017 at 14:53 msanford 12.3k13 gold badges71 silver badges98 bronze badges asked Dec 5, 2017 at 14:52 Adil Ahmed ChowdhuryAdil Ahmed Chowdhury 3671 gold badge6 silver badges19 bronze badges 5- 2 Store the token in a database, pute and store the time it will expire, and check if it's expired when a user activates this route with that token. – msanford Commented Dec 5, 2017 at 14:54
- 1 Store a timestamp in the database of when the mail was sent for a user and then pare that timestamp and either show success or error page if a user clicks this one. What's your question? – k0pernikus Commented Dec 5, 2017 at 14:54
- Alternatively use an hourly one -time-pad – Jonas Wilms Commented Dec 5, 2017 at 14:55
- 2 Or you can encode the timestamp in the token along with a HMAC which you can verify/check once they access the signup page. – kmdm Commented Dec 5, 2017 at 14:56
- If you follow the database solution I encourage you to use Redis. – Dez Commented Dec 5, 2017 at 15:10
2 Answers
Reset to default 2If it is not easy on your side to create and manage database for tokens and their expiration time, you can use JWT tokens and include the expiration time inside token itself: https://jwt.io
Especially with the Node.js you have already well-developed library for it: https://www.npmjs./package/jsonwebtoken
When you create your JWT token, you can set up "expiresIn" option to i.e. 6h and it automatically creates the "exp" field (so you dont have to count it)
Then when you verify token, it will automatically checks if it is still valid
The design I would follow to implement this would be the following :
- In the table 'user' you will have a column : 'RegistrationToken', 'ExpirationTokenDate'
- Create the user in base when you send him the invitation, set the RegistrationToken, his email, and the ExpirationTokenDate
- If the user click on the link, check in base the mail+registrationToken : then if the current date is greater than the expirationTokenDate, tell the link is expired, else, let the user register.
- If you need to issue a new registrationToken for the user, just find his email in base and set a new RegistrationToken and update the ExpirationTokenDate.