New referral link system

[silvatek]

Context We had a referrals system on the old tools site that created custom links for individual alliance members to share, and that counted usage of those links.

https://tools.minmatar.org/referrals/

Referral links are created by authenticated alliance members, but shared outside the alliance as part of our general recruitment strategy. Once a link has been shared we have no control over what happens to it, or who can see it and use it.

This functionality, or similar, needs to be replicated on the new my.minmatar.org site.

Solution Elements

• Create the referral link URLs
• Actually perform the redirect
• Track the referral during the redirect
• Do not count multiple requests from the same IP address when tracking
• Do not record IP addresses of anonymous users (can record hashes)
• Show referral stats to the referring users
• Summarise referral stats to alliance leadership to enable rewards
• (optional) Obscure the referrer's user ID

Decisions 1. Frontend or backend redirect Will the redirect be implemented in the frontend (my.minmatar.org) or backend (api.minmatar.org)?

• Frontend redirected URLs look better ("my" rather than "api"); there needs to be a call to the backend to track the usage
• API redirected URLs can track directly

Could we add another "my" route to the reverse proxy that is handled by the backend?

2. Predefined referral targets, or allow any target Will we support referral links to any target, or only a defined set?

• With predefined targets we just include the name of the target in the link, and the redirection code converts it into the target URL. Gives more control and simplified reporting, because we only track a set of known targets. New targets require additional changes.
• With arbitrary targets we include the encoded target URL in the link, and the redirect code simple decodes and tracks it. More flexible, because you can arbitrarily create a referral link to anything.

3. Different mechanisms for frontend and other targets Will we implement different mechanisms for links to my.minmatar.org targets and targets on other sites (including the wiki)?

• Referral links to my.minmatar.org don't wouldn't even need a redirect, but we can't do this for other sites
• Maintaining two different mechanisms is more complex and more work

4. Referral reporting What do we want to report on?

• Just the referring user?
• Referring user and the entire target URL (e.g. "/fittings/123")?
• Referring user and the URL target group (e.g. "fittings")?

5. Exposing user IDs in referral links Referral links are released to the general public, so we should be cautious about including raw user IDs in them.

• Use raw user IDs, as they aren't really secrets anyway
• Obfuscate the user IDs with a reversible encoding mechanism
• Generate referral tokens and associate with users, so that there is no way to discover the user IDs

Preferences

• Bear is proposing backend redirects with arbitrary targets
• Mim is proposing frontend redirects with arbitrary targets, and different mechanisms for website and wiki
• Silva is proposing predefined targets

[bearthatcares]

IMO,

1. API should do the redirect since it's easier that way
2. Any target is probably more flexible for the future
3. Shouldn't matter if we allow any target... any caller can basically just make a redirect link

4. of referrals per person