Sequence Diagrams

Step-by-step message flows for every critical system interaction — covering auth, billing, tasks, notifications, and more

1. Email Registration Flow

Browser

Hono API

POST /api/auth/register

Send name, email, password. Validated by Zod schema.

Hono API

Appwrite

users.create()

Admin SDK creates user account with ID.unique().

Users API

Hono API

Appwrite

Generate verification token

SHA-256 hashed token stored. Branded email sent via Appwrite Messaging SMTP.

VERIFICATION_TOKENS_IDMessaging

Hono API

Browser

200 { success: true }

Redirect to /verify-email-sent page. User checks inbox.

2. Email Verification + Auto-Login

Browser

Hono API

POST /api/auth/verify-email

User clicks verification link. Token + userId submitted.

Hono API

Appwrite

Hash token → query → compare

SHA-256 hash matched against stored. Token is single-use.

VERIFICATION_TOKENS_ID

Hono API

Appwrite

users.updateEmailVerification()

Admin SDK marks the user account as verified.

Hono API

Browser

Set-Cookie: fairlx-session

Session cookie set. Browser redirected to onboarding.

3. Login with 2FA Challenge

Browser

Hono API

POST /api/auth/login

Standard email/password login attempt.

Hono API

Appwrite

account.createEmailPasswordSession()

Appwrite validates credentials. If 2FA enabled, returns mfaChallenge.

Hono API

Browser

200 { requiresTwoFactor: true }

Temporary login token stored. Frontend shows 2FA input.

LOGIN_TOKENS_ID

Browser

Hono API

POST /api/two-factor-auth/verify

User submits TOTP code, email OTP, or recovery code.

Hono API

Browser

Set-Cookie: fairlx-session → Success

Full session cookie set. Login token deleted.