architecture
signup of a new user
user visits a signup URL (under dfri.se and a .onion) and is presented with an "OCR code" (henceforth "signup code") for use in a bank transfer (or alternative payment method)
the user is presented with a URL embedding the signup code and an instruction to visit that URL once they've made the payment
the signup code is logged to disk together with a timestamp for later generation of statistics about missed opportunities / amount of spam received on the signup page
user makes their payment, passing the signup code through the payment system
administrator sees payment and uses the admin interface [TODO: specify which function] to create a new user record containing signup code and an approximate date when the account expires
user visits the URL from signup and enters a chosen email address together with a chosen passphrase (and possibly more authn options like TOTP)
user is presented with backup codes for account restore
the signup code is removed from the user record to minimise the link to the payment and the URL
prepaid accounts (like "free invite code") can be generated by an admin by creating a new user record with a new signup code and handing the user a URL with this signup code embedded
NOTE: an early idea of an optional pass phrase entered by the user at signup has not been included here since it would require that we store something at signup which worsens the spam problem by requiring the db to keep state between signup and one of "payment received" and "payment timed out"
removal of a user
TODO
admin interface
TODO
user interface
TODO