alchemistkay/guestguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tier2): editable RSVPs — Block A

Browse Source 
Guests can revisit their invitation link and change their response
or plus-ones up to 5 times. Each prior state is snapshotted into
`rsvp_revisions` and surfaced to the host via a per-guest history
modal on the event detail page.

- Migration 0007 adds rsvp_revisions + rsvps.edit_count (with down)
- RSVPRepo.Update wraps snapshot+update+counter in one transaction,
  FOR UPDATE-locking the row so concurrent edits can't bypass the cap
- PATCH /rsvp/{token} re-runs the fraud check on every edit attempt
  (different device on an edit is itself a signal)
- POST /rsvp no longer marks the token used — the link stays valid
  so the guest can come back to edit
- GET /access/{token} now embeds the existing RSVP so the frontend
  renders an edit form instead of a blank submit form on revisit
- New host endpoint GET /events/{id}/guests/{guest_id}/rsvp/history
- Frontend: rsvp/[token].vue toggles between summary + edit form,
  surfaces edits-remaining; dashboard adds a "History" action on
  responded guests opening a revision-trail modal

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
2026-05-17 19:27:50 +01:00
parent e087fd53ef
commit 39533162bb
10 changed files with 1018 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/domain/rsvp.go
+20
View File
@@ -33,9 +33,29 @@ type RSVP struct {
DeviceFingerprint map[string]any `json:"device_fingerprint,omitempty"`
IPAddress *string `json:"ip_address,omitempty"`
RiskScore *int `json:"risk_score,omitempty"`
EditCount int `json:"edit_count"`
}
// RSVPRevision is one snapshot of an RSVP's previous state, written before
// the new values are applied on PATCH /rsvp/{token}. The host history view
// renders these newest-first so the edit trail is auditable.
type RSVPRevision struct {
ID uuid.UUID `json:"id"`
RSVPID uuid.UUID `json:"rsvp_id"`
PrevResponse RSVPResponse `json:"prev_response"`
PrevPlusOnes int `json:"prev_plus_ones"`
PrevDietary *string `json:"prev_dietary,omitempty"`
ChangedAt time.Time `json:"changed_at"`
}
// MaxRSVPEdits caps the number of times a single RSVP can be revised.
// The 6th attempt returns 429 — keeps a hostile actor from churning the
// host's activity feed with endless updates.
const MaxRSVPEdits = 5
var (
ErrRSVPAlreadySubmitted = errors.New("rsvp already submitted")
ErrRSVPBlocked = errors.New("rsvp blocked due to fraud risk")
ErrRSVPNotFound = errors.New("rsvp not found")
ErrRSVPEditLimitReached = errors.New("rsvp edit limit reached")
)