task_id: “1.4” title: “Wildcard Routes and Token Management” status: “pending” priority: “high” estimated_effort: “medium” created: “2025-07-20” assigned_to: “pair” related_rfds: “RFD 003”

Task 1.4: Wildcard Routes and Token Management

Summary

Implement wildcard routing for the confirm endpoint to support magic link authentication and email confirmation tokens.

Motivation

Following Let’s Go Chapter 2.4, we need to implement the core authentication mechanism for buylater.email: token-based magic links sent via email. This allows users to confirm their email submissions and eventually manage their subscriptions without passwords through secure, unique URLs.

Acceptance Criteria

• Route pattern GET /confirm/{token} accepts token parameter
• Token extraction using r.PathValue("token") works correctly
• Basic token validation (length, format) implemented
• Invalid tokens return 404 with helpful error message
• Valid tokens show email confirmation success placeholder
• Tokens must be at least 32 characters alphanumeric

Technical Requirements

Implementation Details

• Use wildcard route pattern /confirm/{token} for magic link confirmation
• Extract token with r.PathValue("token")
• Validate token format: alphanumeric, minimum 32 characters
• Return structured error responses for invalid tokens
• Create placeholder email confirmation success interface for valid tokens
• Replace existing /confirm route with wildcard version - all confirmations require tokens

Dependencies

• Task 1.3 completed (multiple route implementation)

Testing Strategy

Unit Tests

• Token validation function works correctly
• Valid tokens return success response
• Invalid tokens return appropriate errors

Integration Tests

• Wildcard route correctly extracts token values

Manual Testing

• Valid token URLs (32+ chars) show email confirmation success
• Invalid token URLs return 404
• Empty or malformed tokens handled gracefully
• URL patterns like /confirm/abc123... work correctly

Definition of Done

• All acceptance criteria met
• All specified tests pass
• Code follows project conventions (go fmt, go vet)
• No new console errors or warnings
• Relevant documentation updated
• Human verification completed successfully
• Git commit created with proper message format

Implementation Notes

Approach

Implement the magic link token system that will be core to buylater.email’s password-free email confirmation and authentication. Focus on validation and error handling.

Key Files to Modify

• main.go - Add wildcard confirm route handler and token validation function

Potential Risks

• Token validation too strict or too loose
• Security issues with token format
• Route conflicts with existing patterns

Success Metrics

Users can confirm their email submissions through secure magic link URLs, with clear error messages for invalid tokens.

Related Tasks

• Blocks: Task 1.5 (method-based routing for form processing)
• Blocked by: Task 1.3 (needs basic routing structure)
• Related: Future magic link email sending and token generation tasks

Implementation Log

2025-07-20 - Implementation Complete

• Replaced /confirm route with wildcard /confirm/{token} route for magic links
• Added confirmWithToken handler that extracts and validates tokens using r.PathValue("token")
• Implemented isValidToken function with alphanumeric validation and 32+ character requirement
• Invalid tokens return 404 automatically through http.NotFound()
• Valid tokens show email confirmation success message
• Added regexp import for token format validation
• Verified code formatting with go fmt and go vet
• Build successful with go build

Final Verification

Human Tester: [Name]
Date Completed: [YYYY-MM-DD]
Verification Result: [Pass/Fail]
Notes: [Any issues found or additional observations]