alchemistkay/guestguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tier2): editable RSVPs — Block A

Browse Source 
Guests can revisit their invitation link and change their response
or plus-ones up to 5 times. Each prior state is snapshotted into
`rsvp_revisions` and surfaced to the host via a per-guest history
modal on the event detail page.

- Migration 0007 adds rsvp_revisions + rsvps.edit_count (with down)
- RSVPRepo.Update wraps snapshot+update+counter in one transaction,
  FOR UPDATE-locking the row so concurrent edits can't bypass the cap
- PATCH /rsvp/{token} re-runs the fraud check on every edit attempt
  (different device on an edit is itself a signal)
- POST /rsvp no longer marks the token used — the link stays valid
  so the guest can come back to edit
- GET /access/{token} now embeds the existing RSVP so the frontend
  renders an edit form instead of a blank submit form on revisit
- New host endpoint GET /events/{id}/guests/{guest_id}/rsvp/history
- Frontend: rsvp/[token].vue toggles between summary + edit form,
  surfaces edits-remaining; dashboard adds a "History" action on
  responded guests opening a revision-trail modal

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
2026-05-17 19:27:50 +01:00
parent e087fd53ef
commit 39533162bb
10 changed files with 1018 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/rsvps.go
+259 -77
View File
@@ -9,6 +9,8 @@ import (
"net/http"
"time"
"github.com/google/uuid"
"github.com/alchemistkay/guestguard/internal/auth"
"github.com/alchemistkay/guestguard/internal/domain"
"github.com/alchemistkay/guestguard/internal/fraud"
@@ -43,51 +45,24 @@ type submitRSVPRequest struct {
}
type submitRSVPResponse struct {
RSVP *domain.RSVP `json:"rsvp"`
Decision fraud.Decision `json:"fraud"`
Blocked bool `json:"blocked"`
RSVP *domain.RSVP `json:"rsvp"`
Decision fraud.Decision `json:"fraud"`
Blocked bool `json:"blocked"`
Edited bool `json:"edited"`
}
// POST /rsvp/{token} — synchronous fraud check + RSVP recording.
func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
raw := r.PathValue("token")
if err := auth.ValidateFormat(raw); err != nil {
writeError(w, http.StatusBadRequest, "malformed token")
tk, ok := h.loadValidToken(w, r)
if !ok {
return
}
tk, err := h.tokens.GetByHash(r.Context(), auth.HashToken(raw))
if err != nil {
if errors.Is(err, domain.ErrTokenNotFound) {
writeError(w, http.StatusNotFound, "token not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to load token")
req, ok := decodeSubmitRSVP(w, r)
if !ok {
return
}
if err := tk.IsValid(time.Now().UTC()); err != nil {
writeError(w, http.StatusGone, err.Error())
return
}
var req submitRSVPRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid json")
return
}
resp := domain.RSVPResponse(req.Response)
if !resp.Valid() {
writeError(w, http.StatusBadRequest, "response must be attending|declined|maybe")
return
}
if req.PlusOnes < 0 {
writeError(w, http.StatusBadRequest, "plus_ones must be >= 0")
return
}
guest, err := h.guests.Get(r.Context(), tk.GuestID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load guest")
guest, event, ok := h.loadGuestEvent(w, r, tk.GuestID)
if !ok {
return
}
if req.PlusOnes > guest.PlusOnes {
@@ -95,13 +70,246 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
fmt.Sprintf("you may bring up to %d plus-one(s)", guest.PlusOnes))
return
}
event, err := h.events.Get(r.Context(), guest.EventID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load event")
decision, fingerprint, ip, ok := h.scoreAccess(w, r, event, guest, tk, req.Fingerprint)
if !ok {
return
}
fingerprint := mergeFingerprint(req.Fingerprint, collectFingerprint(r))
score := decision.Score
rsvp, err := h.rsvps.Create(r.Context(), storage.CreateRSVPParams{
GuestID: guest.ID,
Response: req.Resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
if errors.Is(err, domain.ErrRSVPAlreadySubmitted) {
// Tier 2 Block A: guests edit an existing RSVP via PATCH. Tell
// the client to switch endpoints rather than swallowing the
// retry silently.
writeError(w, http.StatusConflict, "rsvp already submitted — use PATCH to edit")
return
}
h.logger.Error("create rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to record rsvp")
return
}
// Block A: we intentionally do NOT mark the token used here any more.
// The token must remain valid so the guest can come back to the same
// link and edit their response.
h.publishRSVPConfirmed(event.ID, guest.ID, rsvp, &score)
writeJSON(w, http.StatusCreated, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
Edited: false,
})
}
// PATCH /rsvp/{token} — revise an existing RSVP. Same fraud check as POST.
// The prior state is snapshotted into rsvp_revisions inside Update; edits
// past MaxRSVPEdits return 429.
func (h *rsvpHandler) edit(w http.ResponseWriter, r *http.Request) {
tk, ok := h.loadValidToken(w, r)
if !ok {
return
}
req, ok := decodeSubmitRSVP(w, r)
if !ok {
return
}
guest, event, ok := h.loadGuestEvent(w, r, tk.GuestID)
if !ok {
return
}
if req.PlusOnes > guest.PlusOnes {
writeError(w, http.StatusBadRequest,
fmt.Sprintf("you may bring up to %d plus-one(s)", guest.PlusOnes))
return
}
decision, fingerprint, ip, ok := h.scoreAccess(w, r, event, guest, tk, req.Fingerprint)
if !ok {
return
}
score := decision.Score
rsvp, err := h.rsvps.Update(r.Context(), storage.UpdateRSVPParams{
GuestID: guest.ID,
Response: req.Resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
switch {
case errors.Is(err, domain.ErrRSVPNotFound):
writeError(w, http.StatusNotFound, "no rsvp to edit — submit first")
case errors.Is(err, domain.ErrRSVPEditLimitReached):
writeError(w, http.StatusTooManyRequests,
fmt.Sprintf("edit limit reached (%d edits)", domain.MaxRSVPEdits))
default:
h.logger.Error("update rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to update rsvp")
}
return
}
h.publishRSVPConfirmed(event.ID, guest.ID, rsvp, &score)
writeJSON(w, http.StatusOK, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
Edited: true,
})
}
type rsvpHistoryResponse struct {
RSVP *domain.RSVP `json:"rsvp"`
Revisions []domain.RSVPRevision `json:"revisions"`
}
// GET /events/{id}/guests/{guest_id}/rsvp/history — host view of the
// current RSVP plus every prior revision newest-first.
func (h *rsvpHandler) history(w http.ResponseWriter, r *http.Request) {
hostID, ok := hostFromContext(w, r)
if !ok {
return
}
eventID, ok := parseIDParam(w, r, "id")
if !ok {
return
}
guestID, ok := parseIDParam(w, r, "guest_id")
if !ok {
return
}
if _, ok := requireEventOwner(w, r, h.events, eventID, hostID); !ok {
return
}
guest, err := h.guests.Get(r.Context(), guestID)
if err != nil {
if errors.Is(err, domain.ErrGuestNotFound) {
writeError(w, http.StatusNotFound, "guest not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to load guest")
return
}
if guest.EventID != eventID {
writeError(w, http.StatusNotFound, "guest not found in event")
return
}
rsvp, err := h.rsvps.GetByGuest(r.Context(), guestID)
if err != nil {
if errors.Is(err, domain.ErrRSVPNotFound) {
writeJSON(w, http.StatusOK, rsvpHistoryResponse{Revisions: []domain.RSVPRevision{}})
return
}
writeError(w, http.StatusInternalServerError, "failed to load rsvp")
return
}
revisions, err := h.rsvps.ListRevisions(r.Context(), rsvp.ID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load revisions")
return
}
writeJSON(w, http.StatusOK, rsvpHistoryResponse{RSVP: rsvp, Revisions: revisions})
}
// --- shared helpers ---
type decodedRSVPRequest struct {
Resp domain.RSVPResponse
PlusOnes int
DietaryNotes *string
Fingerprint map[string]any
}
func decodeSubmitRSVP(w http.ResponseWriter, r *http.Request) (decodedRSVPRequest, bool) {
var req submitRSVPRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid json")
return decodedRSVPRequest{}, false
}
resp := domain.RSVPResponse(req.Response)
if !resp.Valid() {
writeError(w, http.StatusBadRequest, "response must be attending|declined|maybe")
return decodedRSVPRequest{}, false
}
if req.PlusOnes < 0 {
writeError(w, http.StatusBadRequest, "plus_ones must be >= 0")
return decodedRSVPRequest{}, false
}
return decodedRSVPRequest{
Resp: resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
Fingerprint: req.Fingerprint,
}, true
}
func (h *rsvpHandler) loadValidToken(w http.ResponseWriter, r *http.Request) (*domain.Token, bool) {
raw := r.PathValue("token")
if err := auth.ValidateFormat(raw); err != nil {
writeError(w, http.StatusBadRequest, "malformed token")
return nil, false
}
tk, err := h.tokens.GetByHash(r.Context(), auth.HashToken(raw))
if err != nil {
if errors.Is(err, domain.ErrTokenNotFound) {
writeError(w, http.StatusNotFound, "token not found")
return nil, false
}
writeError(w, http.StatusInternalServerError, "failed to load token")
return nil, false
}
if err := tk.IsValid(time.Now().UTC()); err != nil {
writeError(w, http.StatusGone, err.Error())
return nil, false
}
return tk, true
}
func (h *rsvpHandler) loadGuestEvent(w http.ResponseWriter, r *http.Request, guestID uuid.UUID) (*domain.Guest, *domain.Event, bool) {
guest, err := h.guests.Get(r.Context(), guestID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load guest")
return nil, nil, false
}
event, err := h.events.Get(r.Context(), guest.EventID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load event")
return nil, nil, false
}
return guest, event, true
}
// scoreAccess logs the access attempt, scores it, and short-circuits with a
// 403 on a BLOCK decision. Returns the decision and the merged fingerprint /
// IP so the caller can persist them on the RSVP row.
func (h *rsvpHandler) scoreAccess(
w http.ResponseWriter,
r *http.Request,
event *domain.Event,
guest *domain.Guest,
tk *domain.Token,
clientFP map[string]any,
) (fraud.Decision, map[string]any, string, bool) {
fingerprint := mergeFingerprint(clientFP, collectFingerprint(r))
ip := clientIP(r)
accessLogID, err := h.accessLogs.Create(r.Context(), storage.CreateAccessLogParams{
@@ -124,39 +332,20 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
UserAgent: r.UserAgent(),
Referrer: r.Referer(),
})
if fraud.IsBlock(decision) {
writeJSON(w, http.StatusForbidden, submitRSVPResponse{
Decision: decision,
Blocked: true,
})
return decision, nil, "", false
}
return decision, fingerprint, ip, true
}
func (h *rsvpHandler) publishRSVPConfirmed(eventID, guestID uuid.UUID, rsvp *domain.RSVP, score *int) {
if h.pub == nil {
return
}
score := decision.Score
rsvp, err := h.rsvps.Create(r.Context(), storage.CreateRSVPParams{
GuestID: guest.ID,
Response: resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
if errors.Is(err, domain.ErrRSVPAlreadySubmitted) {
writeError(w, http.StatusConflict, "rsvp already submitted for this guest")
return
}
h.logger.Error("create rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to record rsvp")
return
}
if err := h.tokens.MarkUsed(r.Context(), tk.ID); err != nil {
h.logger.Warn("mark token used", "err", err, "token_id", tk.ID)
}
go func(evt natspub.RSVPConfirmed) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
@@ -164,20 +353,14 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
h.logger.Error("publish rsvp.confirmed", "err", err, "rsvp_id", evt.RSVPID)
}
}(natspub.RSVPConfirmed{
EventID: event.ID,
GuestID: guest.ID,
EventID: eventID,
GuestID: guestID,
RSVPID: rsvp.ID,
Response: string(rsvp.Response),
PlusOnes: rsvp.PlusOnes,
RiskScore: &score,
RiskScore: score,
SubmittedAt: rsvp.SubmittedAt,
})
writeJSON(w, http.StatusCreated, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
})
}
func mergeFingerprint(client map[string]any, server map[string]any) map[string]any {
@@ -207,4 +390,3 @@ func stringifyFingerprint(fp map[string]any) map[string]string {
}
return out
}