feat(account): restore the confirm deeplink token (domain layer)

Re-apply the deeplink backend deferred out of PR1a: migration 00006 adds
email_confirmations.purpose + link_token_hash (hand-edited jet), each issued code
now carries an opaque 256-bit token (only its SHA-256 stored), and ConfirmByToken
resolves a token to a login (confirm + clear guest) or a link (attach when free,
signal merge when owned elsewhere). issueCode now embeds the /app/#/confirm/<token>
link in the email. The confirm endpoint, gateway RPC and SPA route follow.
This commit is contained in:
Ilia Denisov
2026-07-03 04:07:10 +02:00
parent 638c147cc0
commit d5b4bba018
4 changed files with 186 additions and 10 deletions
@@ -21,4 +21,6 @@ type EmailConfirmations struct {
Attempts int16
ConsumedAt *time.Time
CreatedAt time.Time
Purpose string
LinkTokenHash *string
}