hone-auth
Auth service for Hone sync. Perry-compiled native binary (2.8 MB) with Fastify + MySQL.
Endpoints
| Endpoint | Method | Purpose |
|---|---|---|
/auth/info | GET | Discovery — returns available auth methods |
/auth/login?email=... | GET | Creates magic link, sends email |
/auth/verify?token=...&deviceName=...&platform=... | GET | Verifies magic link, creates user + device, returns device token |
/auth/validate?token=... | GET | Validates a device token (returns userId + tier) |
/auth/me?token=... | GET | Returns user profile |
/projects?token=... | GET | Lists user’s registered projects |
/projects/register?token=...&projectKey=...&name=...&roomId=... | GET | Registers project for sync |
/devices?token=... | GET | Lists user’s registered devices |
/health | GET | Health check |
Magic-Link Flow
- Create a 64-char random hex token, store in the
magic_linkstable with a 15-minute expiry. - If SMTP is configured, send the link via email. Otherwise, the token is logged server-side (dev mode).
- On verify: validate the link (not already used, not expired), mark it as used, find or create the user, create a device record, and generate a device token.
Device Token Format
userId:deviceId:timestamp.hash
The hash is a double-djb2 HMAC:
djb2(String(djb2(secret + "|" + payload)) + "|" + secret + "|" + payload)
Database Schema
MySQL database on webserver.skelpo.net (user: hone). Tables:
usersdevicesmagic_linksprojectssubscriptions
All identifiers use camelCase.
Configuration
File: auth.conf
DB_HOST=webserver.skelpo.net
DB_USER=hone
DB_PASS=<password>
DB_NAME=hone
PORT=8445
AUTH_SECRET=<shared-secret>
AUTH_BASE_URL=https://auth.hone.codes
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASS=<sendgrid-key>
SMTP_FROM=Hone <noreply@hone.dev>
Build
cd hone-auth && perry compile src/app.ts --output hone-auth