Home > Net >  How to prevent abuse of unsubcription from a newsletter?
How to prevent abuse of unsubcription from a newsletter?

Time:07-07

Preface: I'm not a web developer, I'm just trying to learn as I go while making my first website.

I stumbled on an engineering problem in regards to unsubscribing from newsletter. I thought it would be a good idea to use a get method with a parameter like this:

/[email protected]

Then I went ahead and implemented it in javascript:

app.get('/unsubscribe:subEmail', async (req, res) => {
    subEmail = req.params.subEmail.substring(1);
    let subscriber = await Subscriber.findOne({ email: subEmail })
    if(subscriber == null){
        res.send('subscriber doesnt exist')
        return;
    }
    await subscriber.delete()
    res.redirect('/')
})

But, then it occurred to me; how do I make sure the email provided does not belong to another subscriber?

Question: What are the good engineering solutions used to prevent abusing this?

CodePudding user response:

There are a couple of traditional options.

Secrets

Unsubscribe users based on a secret and not an email address.

Traditionally, this is a GUID including in a link to the unsubscribe endpoint that is included in each email sent out.

Authentication

Require users to login to their account before providing access to the feature.

This is typically provided as a second option since the link in the email has less friction.

Page link:https//www.codepudding.com/net/466542.html

Prev:Catch 500 error in nodejs when non-json returned
Next:Neo4j Indexes and Constrains in a JS Application
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding