alchemistkay/guestguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tier2): editable RSVPs — Block A

Browse Source 
Guests can revisit their invitation link and change their response
or plus-ones up to 5 times. Each prior state is snapshotted into
`rsvp_revisions` and surfaced to the host via a per-guest history
modal on the event detail page.

- Migration 0007 adds rsvp_revisions + rsvps.edit_count (with down)
- RSVPRepo.Update wraps snapshot+update+counter in one transaction,
  FOR UPDATE-locking the row so concurrent edits can't bypass the cap
- PATCH /rsvp/{token} re-runs the fraud check on every edit attempt
  (different device on an edit is itself a signal)
- POST /rsvp no longer marks the token used — the link stays valid
  so the guest can come back to edit
- GET /access/{token} now embeds the existing RSVP so the frontend
  renders an edit form instead of a blank submit form on revisit
- New host endpoint GET /events/{id}/guests/{guest_id}/rsvp/history
- Frontend: rsvp/[token].vue toggles between summary + edit form,
  surfaces edits-remaining; dashboard adds a "History" action on
  responded guests opening a revision-trail modal

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
2026-05-17 19:27:50 +01:00
parent e087fd53ef
commit 39533162bb
10 changed files with 1018 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/pages/dashboard/events/[id].vue
+136 -1
View File
@@ -412,6 +412,52 @@ async function confirmDelete() {
}
}
// RSVP edit history (Tier 2 Block A). Lazy-loaded — we only fetch revisions
// when the host clicks "History" on a guest, so a 200-row event list stays
// cheap. The current RSVP is in historyData.rsvp; revisions are newest-first.
interface RSVPRevision {
id: string
rsvp_id: string
prev_response: 'attending' | 'declined' | 'maybe'
prev_plus_ones: number
prev_dietary?: string | null
changed_at: string
}
interface RSVPHistoryResponse {
rsvp: {
response: 'attending' | 'declined' | 'maybe'
plus_ones: number
dietary_notes?: string | null
submitted_at: string
edit_count: number
} | null
revisions: RSVPRevision[]
}
const historyFor = ref<Guest | null>(null)
const historyData = ref<RSVPHistoryResponse | null>(null)
const historyLoading = ref(false)
const historyError = ref<string | null>(null)
async function openHistory(g: Guest) {
historyFor.value = g
historyData.value = null
historyError.value = null
historyLoading.value = true
try {
historyData.value = await useApi<RSVPHistoryResponse>(
`/events/${eventId}/guests/${g.id}/rsvp/history`,
)
} catch (e: any) {
historyError.value = useErrMessage(e, 'Could not load history')
} finally {
historyLoading.value = false
}
}
function closeHistory() {
historyFor.value = null
historyData.value = null
historyError.value = null
}
// Regenerate-link flow. The modal stays open after click so the host can
// see the new link copy succeed; closing returns to the list.
const regenerating = ref<Guest | null>(null)
@@ -456,10 +502,11 @@ async function regenerateAndCopy() {
// Esc closes any open modal — standard expectation for dialog UI.
function onKeydown(e: KeyboardEvent) {
if (e.key !== 'Escape') return
if (editing.value || deleting.value || regenerating.value || addingGuestOpen.value || importingOpen.value || whatsappOpen.value) {
if (editing.value || deleting.value || regenerating.value || historyFor.value || addingGuestOpen.value || importingOpen.value || whatsappOpen.value) {
editing.value = null
deleting.value = null
regenerating.value = null
closeHistory()
addingGuestOpen.value = false
importingOpen.value = false
whatsappOpen.value = false
@@ -1001,6 +1048,23 @@ function checkLabel(band?: string): string {
New link
</button>
</template>
<template v-else-if="g.rsvp_response">
<!-- Responded guests: show edit history. Useful when
"attending" silently flips to "declined" and the
host wants to know when. -->
<button
type="button"
class="inline-flex items-center gap-1 rounded-md border border-zinc-700 px-2 py-1 text-xs font-medium text-zinc-300 transition hover:border-brand-600 hover:bg-brand-500/10 hover:text-brand-200"
:title="`View the edit trail for ${g.name}`"
:aria-label="`View RSVP history for ${g.name}`"
@click.stop="openHistory(g)"
>
<svg class="h-3.5 w-3.5" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM10 4a1 1 0 011 1v5l3 1a1 1 0 11-.5 1.93l-3.5-1.16A1 1 0 019 10.83V5a1 1 0 011-1z" clip-rule="evenodd" />
</svg>
History
</button>
</template>
</div>
</li>
</ul>
@@ -1424,6 +1488,77 @@ function checkLabel(band?: string): string {
</div>
</Teleport>
<!-- RSVP edit history (Tier 2 Block A) -->
<Teleport to="body">
<div
v-if="historyFor"
class="fixed inset-0 z-40 flex items-center justify-center bg-black/60 p-4 backdrop-blur-sm"
@click.self="closeHistory"
>
<div
role="dialog"
aria-modal="true"
aria-labelledby="history-title"
class="w-full max-w-md rounded-lg border border-zinc-800 bg-zinc-900 p-5 shadow-2xl"
>
<h3 id="history-title" class="mb-1 text-base font-semibold">
RSVP history — {{ historyFor.name }}
</h3>
<p class="mb-4 text-xs text-zinc-500">
Each edit replaces the previous response. The trail below is read-only.
</p>
<div v-if="historyLoading" class="py-6 text-center text-sm text-zinc-500">Loading…</div>
<div v-else-if="historyError" class="rounded-md border border-red-900/60 bg-red-950/30 p-3 text-sm text-red-300">
{{ historyError }}
</div>
<div v-else-if="historyData && historyData.rsvp" class="space-y-3">
<div class="rounded-md border border-brand-900/60 bg-brand-950/20 p-3">
<div class="mb-1 flex items-center justify-between text-xs text-brand-300">
<span class="font-medium uppercase tracking-wider">Current</span>
<span class="text-zinc-500">{{ fmtTime(historyData.rsvp.submitted_at) }}</span>
</div>
<p class="text-sm text-zinc-200">
<strong class="capitalize">{{ historyData.rsvp.response }}</strong>
<span v-if="historyData.rsvp.plus_ones > 0"> · +{{ historyData.rsvp.plus_ones }} plus-ones</span>
<span v-if="historyData.rsvp.dietary_notes"> · {{ historyData.rsvp.dietary_notes }}</span>
</p>
<p class="mt-1 text-xs text-zinc-500">
{{ historyData.rsvp.edit_count }} edit{{ historyData.rsvp.edit_count === 1 ? '' : 's' }}
</p>
</div>
<div v-if="historyData.revisions.length === 0" class="py-3 text-center text-xs text-zinc-500">
No edits yet.
</div>
<ul v-else class="space-y-2">
<li
v-for="rev in historyData.revisions"
:key="rev.id"
class="rounded-md border border-zinc-800 bg-zinc-950 p-3"
>
<div class="mb-1 flex items-center justify-between text-xs text-zinc-500">
<span>was</span>
<span>{{ fmtTime(rev.changed_at) }}</span>
</div>
<p class="text-sm text-zinc-300">
<strong class="capitalize">{{ rev.prev_response }}</strong>
<span v-if="rev.prev_plus_ones > 0"> · +{{ rev.prev_plus_ones }} plus-ones</span>
<span v-if="rev.prev_dietary"> · {{ rev.prev_dietary }}</span>
</p>
</li>
</ul>
</div>
<div v-else class="py-3 text-center text-sm text-zinc-500">
No RSVP has been submitted yet.
</div>
<div class="mt-5 flex items-center justify-end">
<button type="button" class="text-sm text-zinc-400 hover:text-zinc-200" @click="closeHistory">Close</button>
</div>
</div>
</div>
</Teleport>
<!-- Toast: bulk-send result. Fades after ~5s; click to dismiss. -->
<Transition
enter-active-class="transition duration-200 ease-out"
frontend/pages/rsvp/[token].vue
+124 -12
View File
@@ -1,17 +1,30 @@
<script setup lang="ts">
interface ExistingRSVP {
id: string
response: 'attending' | 'declined' | 'maybe'
plus_ones: number
dietary_notes?: string | null
submitted_at: string
edit_count: number
}
interface AccessResponse {
guest: { id: string; name: string; email?: string | null; plus_ones: number }
event: { id: string; name: string; venue: string; event_date: string }
token: { id: string; status: string; expires_at: string }
access_log_id: string
rsvp?: ExistingRSVP | null
}
interface RSVPSubmitResponse {
rsvp?: { id: string; response: string; plus_ones: number; risk_score: number }
rsvp?: ExistingRSVP & { risk_score?: number }
fraud: { score: number; risk: string; reasons: string[]; used: boolean }
blocked: boolean
edited?: boolean
}
const MAX_EDITS = 5
const route = useRoute()
const token = route.params.token as string
@@ -27,10 +40,32 @@ const submitting = ref(false)
const result = ref<RSVPSubmitResponse | null>(null)
const submitError = ref<string | null>(null)
// existing tracks the RSVP that was on file when the page loaded.
// editing toggles the form open over the "already responded" summary.
const existing = ref<ExistingRSVP | null>(null)
const editing = ref(false)
const editsRemaining = computed(() => {
const used = existing.value?.edit_count ?? 0
return Math.max(0, MAX_EDITS - used)
})
const editLimitReached = computed(() => editsRemaining.value <= 0)
function prefillFromRSVP(rsvp: ExistingRSVP) {
response.value = rsvp.response
plusOnes.value = rsvp.plus_ones
dietary.value = rsvp.dietary_notes ?? ''
}
onMounted(async () => {
try {
access.value = await useApi<AccessResponse>(`/access/${token}`)
if (access.value) plusOnes.value = access.value.guest.plus_ones || 0
if (!access.value) return
plusOnes.value = access.value.guest.plus_ones || 0
if (access.value.rsvp) {
existing.value = access.value.rsvp
prefillFromRSVP(access.value.rsvp)
}
} catch (e: any) {
loadError.value = e?.data?.error || e?.message || 'Invitation not found'
} finally {
@@ -41,10 +76,11 @@ onMounted(async () => {
async function submit() {
submitting.value = true
submitError.value = null
const isEdit = !!existing.value
try {
const fp = useFingerprint()
result.value = await useApi<RSVPSubmitResponse>(`/rsvp/${token}`, {
method: 'POST',
method: isEdit ? 'PATCH' : 'POST',
body: {
response: response.value,
plus_ones: plusOnes.value,
@@ -52,8 +88,22 @@ async function submit() {
fingerprint: fp,
},
})
// Refresh the cached "existing" view so a back-to-summary toggle shows
// the new state and the edit counter without a page reload.
if (result.value?.rsvp) {
existing.value = {
id: result.value.rsvp.id,
response: result.value.rsvp.response,
plus_ones: result.value.rsvp.plus_ones,
dietary_notes: result.value.rsvp.dietary_notes ?? null,
submitted_at: result.value.rsvp.submitted_at,
edit_count: result.value.rsvp.edit_count,
}
}
editing.value = false
} catch (e: any) {
// 403 from BLOCK band returns a JSON body; surface its decision too.
// BLOCK band returns 403 with the fraud decision; surface it the same
// way the first-submit path does.
if (e?.data?.fraud) {
result.value = e.data
} else {
@@ -64,10 +114,28 @@ async function submit() {
}
}
function startEditing() {
if (existing.value) prefillFromRSVP(existing.value)
result.value = null
editing.value = true
}
function cancelEditing() {
if (existing.value) prefillFromRSVP(existing.value)
editing.value = false
}
function fmtDate(iso?: string) {
if (!iso) return ''
try { return new Date(iso).toLocaleString() } catch { return iso }
}
// showForm = no prior submission, or the guest has clicked "Change my response"
const showForm = computed(() => editing.value || !existing.value)
const submitLabel = computed(() => {
if (submitting.value) return existing.value ? 'Updating…' : 'Submitting…'
return existing.value ? 'Update RSVP' : 'Submit RSVP'
})
</script>
<template>
@@ -89,8 +157,10 @@ function fmtDate(iso?: string) {
</p>
</div>
<div v-else-if="result?.rsvp" class="card border-brand-900/60 bg-brand-950/20">
<h1 class="mb-2 text-xl font-semibold text-brand-200">You're confirmed</h1>
<div v-else-if="result?.rsvp && !editing" class="card border-brand-900/60 bg-brand-950/20">
<h1 class="mb-2 text-xl font-semibold text-brand-200">
{{ result.edited ? 'Your response has been updated' : "You're confirmed" }}
</h1>
<p class="text-sm text-brand-300">
Response recorded as <strong>{{ result.rsvp.response }}</strong> with
+{{ result.rsvp.plus_ones }} plus-ones.
@@ -99,10 +169,45 @@ function fmtDate(iso?: string) {
Risk score {{ result.fraud.score }} · {{ result.fraud.risk }}
<span v-if="!result.fraud.used"> · fallback</span>
</p>
<div v-if="!editLimitReached" class="mt-5 flex items-center justify-between gap-3 border-t border-zinc-800 pt-4">
<p class="text-xs text-zinc-500">
Need to change something? You have {{ editsRemaining }}
{{ editsRemaining === 1 ? 'edit' : 'edits' }} left.
</p>
<button type="button" class="btn-ghost text-sm" @click="startEditing">Change my response</button>
</div>
<p v-else class="mt-5 border-t border-zinc-800 pt-4 text-xs text-zinc-500">
You've used all {{ MAX_EDITS }} edits on this invitation — contact your host if you need
to change anything else.
</p>
</div>
<div v-else-if="access" class="card">
<p class="text-xs uppercase tracking-widest text-brand-500">Invitation</p>
<div v-else-if="existing && !editing" class="card border-brand-900/60 bg-brand-950/20">
<p class="text-xs uppercase tracking-widest text-brand-500">RSVP on file</p>
<h1 class="mb-1 text-2xl font-semibold">{{ access?.event.name }}</h1>
<p class="mb-5 text-sm text-zinc-400">
{{ access?.event.venue }} · {{ fmtDate(access?.event.event_date) }}
</p>
<p class="mb-4 text-sm">
You responded <strong class="capitalize">{{ existing.response }}</strong>
<span v-if="existing.plus_ones > 0"> with +{{ existing.plus_ones }} plus-ones</span>
on {{ fmtDate(existing.submitted_at) }}.
</p>
<div v-if="!editLimitReached" class="flex items-center justify-between gap-3 border-t border-zinc-800 pt-4">
<p class="text-xs text-zinc-500">
{{ editsRemaining }} {{ editsRemaining === 1 ? 'edit' : 'edits' }} remaining.
</p>
<button type="button" class="btn-ghost text-sm" @click="startEditing">Change my response</button>
</div>
<p v-else class="border-t border-zinc-800 pt-4 text-xs text-zinc-500">
You've used all {{ MAX_EDITS }} edits on this invitation.
</p>
</div>
<div v-else-if="access && showForm" class="card">
<p class="text-xs uppercase tracking-widest text-brand-500">
{{ existing ? 'Update your response' : 'Invitation' }}
</p>
<h1 class="mb-1 text-2xl font-semibold">{{ access.event.name }}</h1>
<p class="mb-6 text-sm text-zinc-400">
{{ access.event.venue }} · {{ fmtDate(access.event.event_date) }}
@@ -110,7 +215,9 @@ function fmtDate(iso?: string) {
<p class="mb-6 text-sm">
Hi <span class="font-medium text-zinc-100">{{ access.guest.name }}</span>
please confirm your response below.
<template v-if="existing">change your response below {{ editsRemaining }}
{{ editsRemaining === 1 ? 'edit' : 'edits' }} remaining.</template>
<template v-else>please confirm your response below.</template>
</p>
<div class="mb-4">
@@ -159,9 +266,14 @@ function fmtDate(iso?: string) {
<input v-model="dietary" class="input" placeholder="e.g. vegetarian" />
</div>
<button class="btn-primary w-full" :disabled="submitting" @click="submit">
{{ submitting ? 'Submitting' : 'Submit RSVP' }}
</button>
<div class="flex items-center gap-3">
<button class="btn-primary flex-1" :disabled="submitting" @click="submit">
{{ submitLabel }}
</button>
<button v-if="existing" type="button" class="btn-ghost" :disabled="submitting" @click="cancelEditing">
Cancel
</button>
</div>
<p v-if="submitError" class="mt-3 text-sm text-red-400">{{ submitError }}</p>
</div>
internal/api/rsvps.go
+259 -77
View File
@@ -9,6 +9,8 @@ import (
"net/http"
"time"
"github.com/google/uuid"
"github.com/alchemistkay/guestguard/internal/auth"
"github.com/alchemistkay/guestguard/internal/domain"
"github.com/alchemistkay/guestguard/internal/fraud"
@@ -43,51 +45,24 @@ type submitRSVPRequest struct {
}
type submitRSVPResponse struct {
RSVP *domain.RSVP `json:"rsvp"`
Decision fraud.Decision `json:"fraud"`
Blocked bool `json:"blocked"`
RSVP *domain.RSVP `json:"rsvp"`
Decision fraud.Decision `json:"fraud"`
Blocked bool `json:"blocked"`
Edited bool `json:"edited"`
}
// POST /rsvp/{token} — synchronous fraud check + RSVP recording.
func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
raw := r.PathValue("token")
if err := auth.ValidateFormat(raw); err != nil {
writeError(w, http.StatusBadRequest, "malformed token")
tk, ok := h.loadValidToken(w, r)
if !ok {
return
}
tk, err := h.tokens.GetByHash(r.Context(), auth.HashToken(raw))
if err != nil {
if errors.Is(err, domain.ErrTokenNotFound) {
writeError(w, http.StatusNotFound, "token not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to load token")
req, ok := decodeSubmitRSVP(w, r)
if !ok {
return
}
if err := tk.IsValid(time.Now().UTC()); err != nil {
writeError(w, http.StatusGone, err.Error())
return
}
var req submitRSVPRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid json")
return
}
resp := domain.RSVPResponse(req.Response)
if !resp.Valid() {
writeError(w, http.StatusBadRequest, "response must be attending|declined|maybe")
return
}
if req.PlusOnes < 0 {
writeError(w, http.StatusBadRequest, "plus_ones must be >= 0")
return
}
guest, err := h.guests.Get(r.Context(), tk.GuestID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load guest")
guest, event, ok := h.loadGuestEvent(w, r, tk.GuestID)
if !ok {
return
}
if req.PlusOnes > guest.PlusOnes {
@@ -95,13 +70,246 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
fmt.Sprintf("you may bring up to %d plus-one(s)", guest.PlusOnes))
return
}
event, err := h.events.Get(r.Context(), guest.EventID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load event")
decision, fingerprint, ip, ok := h.scoreAccess(w, r, event, guest, tk, req.Fingerprint)
if !ok {
return
}
fingerprint := mergeFingerprint(req.Fingerprint, collectFingerprint(r))
score := decision.Score
rsvp, err := h.rsvps.Create(r.Context(), storage.CreateRSVPParams{
GuestID: guest.ID,
Response: req.Resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
if errors.Is(err, domain.ErrRSVPAlreadySubmitted) {
// Tier 2 Block A: guests edit an existing RSVP via PATCH. Tell
// the client to switch endpoints rather than swallowing the
// retry silently.
writeError(w, http.StatusConflict, "rsvp already submitted — use PATCH to edit")
return
}
h.logger.Error("create rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to record rsvp")
return
}
// Block A: we intentionally do NOT mark the token used here any more.
// The token must remain valid so the guest can come back to the same
// link and edit their response.
h.publishRSVPConfirmed(event.ID, guest.ID, rsvp, &score)
writeJSON(w, http.StatusCreated, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
Edited: false,
})
}
// PATCH /rsvp/{token} — revise an existing RSVP. Same fraud check as POST.
// The prior state is snapshotted into rsvp_revisions inside Update; edits
// past MaxRSVPEdits return 429.
func (h *rsvpHandler) edit(w http.ResponseWriter, r *http.Request) {
tk, ok := h.loadValidToken(w, r)
if !ok {
return
}
req, ok := decodeSubmitRSVP(w, r)
if !ok {
return
}
guest, event, ok := h.loadGuestEvent(w, r, tk.GuestID)
if !ok {
return
}
if req.PlusOnes > guest.PlusOnes {
writeError(w, http.StatusBadRequest,
fmt.Sprintf("you may bring up to %d plus-one(s)", guest.PlusOnes))
return
}
decision, fingerprint, ip, ok := h.scoreAccess(w, r, event, guest, tk, req.Fingerprint)
if !ok {
return
}
score := decision.Score
rsvp, err := h.rsvps.Update(r.Context(), storage.UpdateRSVPParams{
GuestID: guest.ID,
Response: req.Resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
switch {
case errors.Is(err, domain.ErrRSVPNotFound):
writeError(w, http.StatusNotFound, "no rsvp to edit — submit first")
case errors.Is(err, domain.ErrRSVPEditLimitReached):
writeError(w, http.StatusTooManyRequests,
fmt.Sprintf("edit limit reached (%d edits)", domain.MaxRSVPEdits))
default:
h.logger.Error("update rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to update rsvp")
}
return
}
h.publishRSVPConfirmed(event.ID, guest.ID, rsvp, &score)
writeJSON(w, http.StatusOK, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
Edited: true,
})
}
type rsvpHistoryResponse struct {
RSVP *domain.RSVP `json:"rsvp"`
Revisions []domain.RSVPRevision `json:"revisions"`
}
// GET /events/{id}/guests/{guest_id}/rsvp/history — host view of the
// current RSVP plus every prior revision newest-first.
func (h *rsvpHandler) history(w http.ResponseWriter, r *http.Request) {
hostID, ok := hostFromContext(w, r)
if !ok {
return
}
eventID, ok := parseIDParam(w, r, "id")
if !ok {
return
}
guestID, ok := parseIDParam(w, r, "guest_id")
if !ok {
return
}
if _, ok := requireEventOwner(w, r, h.events, eventID, hostID); !ok {
return
}
guest, err := h.guests.Get(r.Context(), guestID)
if err != nil {
if errors.Is(err, domain.ErrGuestNotFound) {
writeError(w, http.StatusNotFound, "guest not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to load guest")
return
}
if guest.EventID != eventID {
writeError(w, http.StatusNotFound, "guest not found in event")
return
}
rsvp, err := h.rsvps.GetByGuest(r.Context(), guestID)
if err != nil {
if errors.Is(err, domain.ErrRSVPNotFound) {
writeJSON(w, http.StatusOK, rsvpHistoryResponse{Revisions: []domain.RSVPRevision{}})
return
}
writeError(w, http.StatusInternalServerError, "failed to load rsvp")
return
}
revisions, err := h.rsvps.ListRevisions(r.Context(), rsvp.ID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load revisions")
return
}
writeJSON(w, http.StatusOK, rsvpHistoryResponse{RSVP: rsvp, Revisions: revisions})
}
// --- shared helpers ---
type decodedRSVPRequest struct {
Resp domain.RSVPResponse
PlusOnes int
DietaryNotes *string
Fingerprint map[string]any
}
func decodeSubmitRSVP(w http.ResponseWriter, r *http.Request) (decodedRSVPRequest, bool) {
var req submitRSVPRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid json")
return decodedRSVPRequest{}, false
}
resp := domain.RSVPResponse(req.Response)
if !resp.Valid() {
writeError(w, http.StatusBadRequest, "response must be attending|declined|maybe")
return decodedRSVPRequest{}, false
}
if req.PlusOnes < 0 {
writeError(w, http.StatusBadRequest, "plus_ones must be >= 0")
return decodedRSVPRequest{}, false
}
return decodedRSVPRequest{
Resp: resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
Fingerprint: req.Fingerprint,
}, true
}
func (h *rsvpHandler) loadValidToken(w http.ResponseWriter, r *http.Request) (*domain.Token, bool) {
raw := r.PathValue("token")
if err := auth.ValidateFormat(raw); err != nil {
writeError(w, http.StatusBadRequest, "malformed token")
return nil, false
}
tk, err := h.tokens.GetByHash(r.Context(), auth.HashToken(raw))
if err != nil {
if errors.Is(err, domain.ErrTokenNotFound) {
writeError(w, http.StatusNotFound, "token not found")
return nil, false
}
writeError(w, http.StatusInternalServerError, "failed to load token")
return nil, false
}
if err := tk.IsValid(time.Now().UTC()); err != nil {
writeError(w, http.StatusGone, err.Error())
return nil, false
}
return tk, true
}
func (h *rsvpHandler) loadGuestEvent(w http.ResponseWriter, r *http.Request, guestID uuid.UUID) (*domain.Guest, *domain.Event, bool) {
guest, err := h.guests.Get(r.Context(), guestID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load guest")
return nil, nil, false
}
event, err := h.events.Get(r.Context(), guest.EventID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load event")
return nil, nil, false
}
return guest, event, true
}
// scoreAccess logs the access attempt, scores it, and short-circuits with a
// 403 on a BLOCK decision. Returns the decision and the merged fingerprint /
// IP so the caller can persist them on the RSVP row.
func (h *rsvpHandler) scoreAccess(
w http.ResponseWriter,
r *http.Request,
event *domain.Event,
guest *domain.Guest,
tk *domain.Token,
clientFP map[string]any,
) (fraud.Decision, map[string]any, string, bool) {
fingerprint := mergeFingerprint(clientFP, collectFingerprint(r))
ip := clientIP(r)
accessLogID, err := h.accessLogs.Create(r.Context(), storage.CreateAccessLogParams{
@@ -124,39 +332,20 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
UserAgent: r.UserAgent(),
Referrer: r.Referer(),
})
if fraud.IsBlock(decision) {
writeJSON(w, http.StatusForbidden, submitRSVPResponse{
Decision: decision,
Blocked: true,
})
return decision, nil, "", false
}
return decision, fingerprint, ip, true
}
func (h *rsvpHandler) publishRSVPConfirmed(eventID, guestID uuid.UUID, rsvp *domain.RSVP, score *int) {
if h.pub == nil {
return
}
score := decision.Score
rsvp, err := h.rsvps.Create(r.Context(), storage.CreateRSVPParams{
GuestID: guest.ID,
Response: resp,
PlusOnes: req.PlusOnes,
DietaryNotes: req.DietaryNotes,
DeviceFingerprint: fingerprint,
IPAddress: ip,
RiskScore: &score,
})
if err != nil {
if errors.Is(err, domain.ErrRSVPAlreadySubmitted) {
writeError(w, http.StatusConflict, "rsvp already submitted for this guest")
return
}
h.logger.Error("create rsvp", "err", err, "guest_id", guest.ID)
writeError(w, http.StatusInternalServerError, "failed to record rsvp")
return
}
if err := h.tokens.MarkUsed(r.Context(), tk.ID); err != nil {
h.logger.Warn("mark token used", "err", err, "token_id", tk.ID)
}
go func(evt natspub.RSVPConfirmed) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
@@ -164,20 +353,14 @@ func (h *rsvpHandler) submit(w http.ResponseWriter, r *http.Request) {
h.logger.Error("publish rsvp.confirmed", "err", err, "rsvp_id", evt.RSVPID)
}
}(natspub.RSVPConfirmed{
EventID: event.ID,
GuestID: guest.ID,
EventID: eventID,
GuestID: guestID,
RSVPID: rsvp.ID,
Response: string(rsvp.Response),
PlusOnes: rsvp.PlusOnes,
RiskScore: &score,
RiskScore: score,
SubmittedAt: rsvp.SubmittedAt,
})
writeJSON(w, http.StatusCreated, submitRSVPResponse{
RSVP: rsvp,
Decision: decision,
Blocked: false,
})
}
func mergeFingerprint(client map[string]any, server map[string]any) map[string]any {
@@ -207,4 +390,3 @@ func stringifyFingerprint(fp map[string]any) map[string]string {
}
return out
}
internal/api/server.go
+11
View File
@@ -161,6 +161,7 @@ func NewServer(deps ServerDeps) (*Server, error) {
events: eventRepo,
users: userRepo,
accessLogs: accessRepo,
rsvps: rsvpRepo,
gen: auth.NewGenerator(),
ttl: deps.TokenTTL,
pub: deps.AccessPublisher,
@@ -306,6 +307,16 @@ func (s *Server) Handler() http.Handler {
rl("access", 60, time.Hour, pathKey("token"), http.HandlerFunc(s.tokens.access)))
mux.Handle("POST /rsvp/{token}",
rl("rsvp", 10, time.Hour, pathKey("token"), http.HandlerFunc(s.rsvps.submit)))
// Block A: edits are bounded by MaxRSVPEdits server-side. The redis
// limiter is a coarser guard that also throttles attempts that hit the
// edit-cap 429 path, so a hostile actor can't burn through fraud-engine
// calls on the same token.
mux.Handle("PATCH /rsvp/{token}",
rl("rsvp_edit", 10, time.Hour, pathKey("token"), http.HandlerFunc(s.rsvps.edit)))
// Host view of the edit trail for a single guest.
mux.Handle("GET /events/{id}/guests/{guest_id}/rsvp/history",
authed(http.HandlerFunc(s.rsvps.history)))
// WebSocket endpoint authenticates via single-use ticket on the query
// string (see POST /auth/ws-ticket).
internal/api/tokens.go
+26 -4
View File
@@ -32,6 +32,7 @@ type tokenHandler struct {
events *storage.EventRepo
users *storage.UserRepo
accessLogs *storage.AccessLogRepo
rsvps *storage.RSVPRepo
gen *auth.Generator
ttl time.Duration
pub accessPublisher
@@ -401,10 +402,14 @@ func (h *tokenHandler) rotate(w http.ResponseWriter, r *http.Request) {
}
type accessResponse struct {
Guest *domain.Guest `json:"guest"`
Event *domain.Event `json:"event"`
Token *domain.Token `json:"token"`
AccessLog uuid.UUID `json:"access_log_id"`
Guest *domain.Guest `json:"guest"`
Event *domain.Event `json:"event"`
Token *domain.Token `json:"token"`
AccessLog uuid.UUID `json:"access_log_id"`
// RSVP is the guest's current submission, if any. Populated so the RSVP
// page can show an edit form instead of a fresh submit form when the
// guest revisits their invitation link (Tier 2 Block A).
RSVP *domain.RSVP `json:"rsvp,omitempty"`
}
// GET /access/{token} — validate token, log the access attempt, publish to NATS.
@@ -471,11 +476,28 @@ func (h *tokenHandler) access(w http.ResponseWriter, r *http.Request) {
OccurredAt: time.Now().UTC(),
})
var existingRSVP *domain.RSVP
if h.rsvps != nil {
// Best-effort: a missing RSVP just means the guest hasn't submitted
// yet. Any other error is logged but doesn't fail the access call —
// we'd rather the guest see the form than a 500.
rs, err := h.rsvps.GetByGuest(r.Context(), guest.ID)
switch {
case err == nil:
existingRSVP = rs
case errors.Is(err, domain.ErrRSVPNotFound):
// expected first-visit case
default:
h.logger.Warn("load rsvp for access", "err", err, "guest_id", guest.ID)
}
}
writeJSON(w, http.StatusOK, accessResponse{
Guest: guest,
Event: event,
Token: tk,
AccessLog: accessLogID,
RSVP: existingRSVP,
})
}
internal/domain/rsvp.go
+20
View File
@@ -33,9 +33,29 @@ type RSVP struct {
DeviceFingerprint map[string]any `json:"device_fingerprint,omitempty"`
IPAddress *string `json:"ip_address,omitempty"`
RiskScore *int `json:"risk_score,omitempty"`
EditCount int `json:"edit_count"`
}
// RSVPRevision is one snapshot of an RSVP's previous state, written before
// the new values are applied on PATCH /rsvp/{token}. The host history view
// renders these newest-first so the edit trail is auditable.
type RSVPRevision struct {
ID uuid.UUID `json:"id"`
RSVPID uuid.UUID `json:"rsvp_id"`
PrevResponse RSVPResponse `json:"prev_response"`
PrevPlusOnes int `json:"prev_plus_ones"`
PrevDietary *string `json:"prev_dietary,omitempty"`
ChangedAt time.Time `json:"changed_at"`
}
// MaxRSVPEdits caps the number of times a single RSVP can be revised.
// The 6th attempt returns 429 — keeps a hostile actor from churning the
// host's activity feed with endless updates.
const MaxRSVPEdits = 5
var (
ErrRSVPAlreadySubmitted = errors.New("rsvp already submitted")
ErrRSVPBlocked = errors.New("rsvp blocked due to fraud risk")
ErrRSVPNotFound = errors.New("rsvp not found")
ErrRSVPEditLimitReached = errors.New("rsvp edit limit reached")
)
internal/storage/migrations/0007_rsvp_edits.down.sql
+4
View File
@@ -0,0 +1,4 @@
ALTER TABLE rsvps DROP COLUMN IF EXISTS edit_count;
DROP INDEX IF EXISTS idx_rsvp_revisions_rsvp;
DROP TABLE IF EXISTS rsvp_revisions;
internal/storage/migrations/0007_rsvp_edits.up.sql
+25
View File
@@ -0,0 +1,25 @@
-- Tier 2 Block A — editable RSVPs.
--
-- Guests can revisit their invitation link after submitting and change their
-- response or plus-one count. Every prior state is captured in rsvp_revisions
-- so the host can see the trail of edits.
--
-- The plan called this 0004_rsvp_edits in TIER2_PLAN.md; using the next free
-- slot (0007) because 00040006 were taken by Tier 1 work.
CREATE TABLE IF NOT EXISTS rsvp_revisions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
rsvp_id UUID NOT NULL REFERENCES rsvps(id) ON DELETE CASCADE,
prev_response rsvp_response NOT NULL,
prev_plus_ones INTEGER NOT NULL,
prev_dietary TEXT,
changed_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
CREATE INDEX IF NOT EXISTS idx_rsvp_revisions_rsvp
ON rsvp_revisions(rsvp_id, changed_at DESC);
-- Hard cap on how many times a guest can edit. The numeric cap (5) is
-- enforced in Go; storing the running count avoids a count(*) on every PATCH.
ALTER TABLE rsvps
ADD COLUMN IF NOT EXISTS edit_count SMALLINT NOT NULL DEFAULT 0;
internal/storage/rsvps.go
+150 -2
View File
@@ -8,6 +8,7 @@ import (
"time"
"github.com/google/uuid"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgconn"
"github.com/jackc/pgx/v5/pgxpool"
@@ -52,7 +53,8 @@ func (r *RSVPRepo) Create(ctx context.Context, p CreateRSVPParams) (*domain.RSVP
device_fingerprint, ip_address, risk_score)
VALUES ($1, $2, $3, $4, $5, $6::inet, $7)
RETURNING id, guest_id, response, plus_ones, dietary_notes,
submitted_at, device_fingerprint, ip_address::text, risk_score
submitted_at, device_fingerprint, ip_address::text, risk_score,
edit_count
`
row := r.pool.QueryRow(ctx, q,
@@ -71,6 +73,152 @@ func (r *RSVPRepo) Create(ctx context.Context, p CreateRSVPParams) (*domain.RSVP
return rs, nil
}
// GetByGuest returns the RSVP submitted by `guestID`, or ErrRSVPNotFound when
// none exists yet. Used by /access/{token} to surface the current submission
// so the frontend can show an edit form, and by PATCH /rsvp to load the row
// being revised.
func (r *RSVPRepo) GetByGuest(ctx context.Context, guestID uuid.UUID) (*domain.RSVP, error) {
const q = `
SELECT id, guest_id, response, plus_ones, dietary_notes,
submitted_at, device_fingerprint, ip_address::text, risk_score,
edit_count
FROM rsvps WHERE guest_id = $1
`
rs, err := scanRSVP(r.pool.QueryRow(ctx, q, guestID))
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return nil, domain.ErrRSVPNotFound
}
return nil, err
}
return rs, nil
}
type UpdateRSVPParams struct {
GuestID uuid.UUID
Response domain.RSVPResponse
PlusOnes int
DietaryNotes *string
DeviceFingerprint map[string]any
IPAddress string
RiskScore *int
}
// Update applies a revision to the guest's RSVP. The previous values are
// snapshotted into rsvp_revisions inside the same transaction so the history
// is consistent — either both the snapshot and the new state land, or neither
// does. Returns ErrRSVPEditLimitReached if the guest has already hit
// MaxRSVPEdits; the row itself is left untouched.
func (r *RSVPRepo) Update(ctx context.Context, p UpdateRSVPParams) (*domain.RSVP, error) {
var fpJSON []byte
if p.DeviceFingerprint != nil {
b, err := json.Marshal(p.DeviceFingerprint)
if err != nil {
return nil, fmt.Errorf("marshal fingerprint: %w", err)
}
fpJSON = b
}
var ip *string
if p.IPAddress != "" {
ip = &p.IPAddress
}
tx, err := r.pool.Begin(ctx)
if err != nil {
return nil, err
}
defer tx.Rollback(ctx)
// SELECT ... FOR UPDATE locks the row so two concurrent edits can't both
// snapshot the same prior state and both increment edit_count past the cap.
var (
rsvpID uuid.UUID
prevResp domain.RSVPResponse
prevPlusOnes int
prevDietary *string
editCount int
)
err = tx.QueryRow(ctx, `
SELECT id, response, plus_ones, dietary_notes, edit_count
FROM rsvps WHERE guest_id = $1
FOR UPDATE
`, p.GuestID).Scan(&rsvpID, &prevResp, &prevPlusOnes, &prevDietary, &editCount)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return nil, domain.ErrRSVPNotFound
}
return nil, err
}
if editCount >= domain.MaxRSVPEdits {
return nil, domain.ErrRSVPEditLimitReached
}
if _, err := tx.Exec(ctx, `
INSERT INTO rsvp_revisions (rsvp_id, prev_response, prev_plus_ones, prev_dietary)
VALUES ($1, $2, $3, $4)
`, rsvpID, prevResp, prevPlusOnes, prevDietary); err != nil {
return nil, fmt.Errorf("snapshot revision: %w", err)
}
const upd = `
UPDATE rsvps
SET response = $2,
plus_ones = $3,
dietary_notes = $4,
device_fingerprint = COALESCE($5, device_fingerprint),
ip_address = COALESCE($6::inet, ip_address),
risk_score = COALESCE($7, risk_score),
submitted_at = now(),
edit_count = edit_count + 1
WHERE guest_id = $1
RETURNING id, guest_id, response, plus_ones, dietary_notes,
submitted_at, device_fingerprint, ip_address::text, risk_score,
edit_count
`
row := tx.QueryRow(ctx, upd,
p.GuestID, p.Response, p.PlusOnes, p.DietaryNotes,
fpJSON, ip, p.RiskScore,
)
rs, err := scanRSVP(row)
if err != nil {
return nil, err
}
if err := tx.Commit(ctx); err != nil {
return nil, err
}
return rs, nil
}
// ListRevisions returns every prior state of an RSVP, newest first. Empty
// slice (not nil) when there are no revisions, so the JSON encodes as `[]`.
func (r *RSVPRepo) ListRevisions(ctx context.Context, rsvpID uuid.UUID) ([]domain.RSVPRevision, error) {
const q = `
SELECT id, rsvp_id, prev_response, prev_plus_ones, prev_dietary, changed_at
FROM rsvp_revisions
WHERE rsvp_id = $1
ORDER BY changed_at DESC
`
rows, err := r.pool.Query(ctx, q, rsvpID)
if err != nil {
return nil, err
}
defer rows.Close()
out := []domain.RSVPRevision{}
for rows.Next() {
var rev domain.RSVPRevision
if err := rows.Scan(
&rev.ID, &rev.RSVPID, &rev.PrevResponse,
&rev.PrevPlusOnes, &rev.PrevDietary, &rev.ChangedAt,
); err != nil {
return nil, err
}
out = append(out, rev)
}
return out, rows.Err()
}
// RSVPActivity is a denormalised RSVP entry for the activity feed —
// includes the guest's name so the API can hand it to the frontend
// without a separate lookup.
@@ -120,7 +268,7 @@ func scanRSVP(s rowScanner) (*domain.RSVP, error) {
)
err := s.Scan(
&rs.ID, &rs.GuestID, &rs.Response, &rs.PlusOnes, &rs.DietaryNotes,
&rs.SubmittedAt, &fpJSON, &ip, &rs.RiskScore,
&rs.SubmittedAt, &fpJSON, &ip, &rs.RiskScore, &rs.EditCount,
)
if err != nil {
return nil, err
test/integration/e2e_test.go
+263 -13
View File
@@ -151,7 +151,10 @@ func TestE2EHappyPath(t *testing.T) {
t.Fatalf("rsvp missing risk_score=15: %+v", rsvpResp.RSVP)
}
assertTokenUsed(t, ctx, db.Pool, guestID)
// Block A: tokens stay active after submission so the guest can come
// back and edit. The previous expectation was "used"; that's no
// longer the behaviour.
assertTokenStatus(t, ctx, db.Pool, guestID, "active")
waitForRSVPConfirmed(t, rsvpCounter, 1)
})
@@ -178,6 +181,142 @@ func TestE2EHappyPath(t *testing.T) {
assertNoRSVP(t, ctx, db.Pool, guestID)
assertTokenStatus(t, ctx, db.Pool, guestID, "active")
})
// Tier 2 Block A — editable RSVPs.
t.Run("rsvp edit records revision and survives token reuse", func(t *testing.T) {
eventID := createEvent(t, srv.URL, hostToken, "Edit Test", "edit-test")
guestID := createGuest(t, srv.URL, hostToken, eventID, "Edit Guest")
token := issueToken(t, srv.URL, hostToken, eventID, guestID)
stub.SetNext(10, "low", nil)
// First submit (POST).
first := submitRSVP(t, srv.URL, token, map[string]any{
"response": "attending",
"plus_ones": 0,
})
if first.RSVP == nil {
t.Fatalf("first submit did not return rsvp: %+v", first)
}
// Token must still be active after first submit — Block A explicitly
// drops the MarkUsed call so the guest can come back to edit.
assertTokenStatus(t, ctx, db.Pool, guestID, "active")
// /access surfaces the existing RSVP so the frontend renders an
// edit form instead of a fresh submit form.
accessAfter := getAccessFull(t, srv.URL, token)
if accessAfter.RSVP == nil {
t.Fatalf("/access did not embed existing rsvp after submit")
}
if accessAfter.RSVP.Response != "attending" {
t.Fatalf("access rsvp response: got %q want attending", accessAfter.RSVP.Response)
}
// Edit (PATCH): flip to declined, add a dietary note.
edited := editRSVP(t, srv.URL, token, map[string]any{
"response": "declined",
"plus_ones": 0,
"dietary_notes": "no longer attending",
}, http.StatusOK)
if !edited.Edited {
t.Fatalf("expected edited=true, got %+v", edited)
}
if edited.RSVP == nil || edited.RSVP.Response != "declined" {
t.Fatalf("edited rsvp not reflected: %+v", edited.RSVP)
}
if edited.RSVP.EditCount != 1 {
t.Fatalf("edit_count: got %d want 1", edited.RSVP.EditCount)
}
// One revision row, snapshotting the prior (attending) state.
assertRevisionSnapshot(t, ctx, db.Pool, guestID, "attending", 0)
// Token still active — second edit on the same token works.
assertTokenStatus(t, ctx, db.Pool, guestID, "active")
})
t.Run("rsvp edit enforces edit limit", func(t *testing.T) {
eventID := createEvent(t, srv.URL, hostToken, "Limit Test", "limit-test")
guestID := createGuest(t, srv.URL, hostToken, eventID, "Limit Guest")
token := issueToken(t, srv.URL, hostToken, eventID, guestID)
stub.SetNext(5, "low", nil)
// Initial submit.
_ = submitRSVP(t, srv.URL, token, map[string]any{
"response": "attending",
"plus_ones": 0,
})
// Five successful edits fill the quota.
for i := 0; i < 5; i++ {
next := "attending"
if i%2 == 0 {
next = "declined"
}
editRSVP(t, srv.URL, token, map[string]any{
"response": next,
"plus_ones": 0,
}, http.StatusOK)
}
// 6th edit is rejected with 429.
editRSVP(t, srv.URL, token, map[string]any{
"response": "maybe",
"plus_ones": 0,
}, http.StatusTooManyRequests)
})
t.Run("rsvp history exposes revisions to host", func(t *testing.T) {
eventID := createEvent(t, srv.URL, hostToken, "History Test", "history-test")
guestID := createGuest(t, srv.URL, hostToken, eventID, "History Guest")
token := issueToken(t, srv.URL, hostToken, eventID, guestID)
stub.SetNext(5, "low", nil)
_ = submitRSVP(t, srv.URL, token, map[string]any{
"response": "attending",
"plus_ones": 0,
})
editRSVP(t, srv.URL, token, map[string]any{
"response": "maybe",
"plus_ones": 0,
}, http.StatusOK)
editRSVP(t, srv.URL, token, map[string]any{
"response": "declined",
"plus_ones": 0,
}, http.StatusOK)
hist := getRSVPHistory(t, srv.URL, hostToken, eventID, guestID)
if hist.RSVP == nil || hist.RSVP.Response != "declined" {
t.Fatalf("history rsvp not current: %+v", hist.RSVP)
}
if len(hist.Revisions) != 2 {
t.Fatalf("expected 2 revisions, got %d", len(hist.Revisions))
}
// Newest first — first revision snapshot is "maybe" (the value just
// before the final declined edit), not "attending".
if hist.Revisions[0].PrevResponse != "maybe" {
t.Fatalf("revisions[0]: got %q want maybe", hist.Revisions[0].PrevResponse)
}
if hist.Revisions[1].PrevResponse != "attending" {
t.Fatalf("revisions[1]: got %q want attending", hist.Revisions[1].PrevResponse)
}
})
t.Run("rsvp edit without prior submission returns 404", func(t *testing.T) {
eventID := createEvent(t, srv.URL, hostToken, "Naked Edit", "naked-edit")
guestID := createGuest(t, srv.URL, hostToken, eventID, "Naked Edit Guest")
token := issueToken(t, srv.URL, hostToken, eventID, guestID)
stub.SetNext(5, "low", nil)
editRSVP(t, srv.URL, token, map[string]any{
"response": "attending",
"plus_ones": 0,
}, http.StatusNotFound)
assertNoRSVP(t, ctx, db.Pool, guestID)
})
}
// --- container helpers ---
@@ -349,6 +488,129 @@ func submitRSVP(t *testing.T, base, token string, body map[string]any) submitRSV
return out
}
type editedRSVP struct {
ID uuid.UUID `json:"id"`
Response string `json:"response"`
PlusOnes int `json:"plus_ones"`
EditCount int `json:"edit_count"`
}
type editRSVPResponse struct {
RSVP *editedRSVP `json:"rsvp"`
Decision fraud.Decision `json:"fraud"`
Blocked bool `json:"blocked"`
Edited bool `json:"edited"`
}
// editRSVP fires PATCH /rsvp/{token} and asserts the response status. The
// successful path returns 200; rate-limit / not-found / 429 paths return
// the relevant status with no body assertion.
func editRSVP(t *testing.T, base, token string, body map[string]any, wantStatus int) editRSVPResponse {
t.Helper()
b, _ := json.Marshal(body)
req, err := http.NewRequest(http.MethodPatch, base+"/rsvp/"+token, bytes.NewReader(b))
must(t, err, "build PATCH /rsvp")
req.Header.Set("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
must(t, err, "do PATCH /rsvp")
defer resp.Body.Close()
if resp.StatusCode != wantStatus {
body, _ := io.ReadAll(resp.Body)
t.Fatalf("PATCH /rsvp status=%d want=%d body=%s", resp.StatusCode, wantStatus, body)
}
if wantStatus != http.StatusOK {
return editRSVPResponse{}
}
var out editRSVPResponse
must(t, json.NewDecoder(resp.Body).Decode(&out), "decode edit rsvp")
return out
}
type accessResponseFull struct {
Token *struct {
ID uuid.UUID `json:"id"`
} `json:"token"`
AccessLog uuid.UUID `json:"access_log_id"`
RSVP *struct {
Response string `json:"response"`
PlusOnes int `json:"plus_ones"`
EditCount int `json:"edit_count"`
} `json:"rsvp"`
}
func getAccessFull(t *testing.T, base, token string) accessResponseFull {
t.Helper()
resp, err := http.Get(base + "/access/" + token)
must(t, err, "GET /access")
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, _ := io.ReadAll(resp.Body)
t.Fatalf("GET /access status=%d body=%s", resp.StatusCode, body)
}
var out accessResponseFull
must(t, json.NewDecoder(resp.Body).Decode(&out), "decode access full")
return out
}
type rsvpHistory struct {
RSVP *struct {
Response string `json:"response"`
PlusOnes int `json:"plus_ones"`
EditCount int `json:"edit_count"`
} `json:"rsvp"`
Revisions []struct {
PrevResponse string `json:"prev_response"`
PrevPlusOnes int `json:"prev_plus_ones"`
} `json:"revisions"`
}
func getRSVPHistory(t *testing.T, base, bearer string, eventID, guestID uuid.UUID) rsvpHistory {
t.Helper()
url := fmt.Sprintf("%s/events/%s/guests/%s/rsvp/history", base, eventID, guestID)
req, err := http.NewRequest(http.MethodGet, url, nil)
must(t, err, "build history req")
req.Header.Set("Authorization", "Bearer "+bearer)
resp, err := http.DefaultClient.Do(req)
must(t, err, "do history req")
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, _ := io.ReadAll(resp.Body)
t.Fatalf("GET history status=%d body=%s", resp.StatusCode, body)
}
var out rsvpHistory
must(t, json.NewDecoder(resp.Body).Decode(&out), "decode history")
return out
}
func assertRevisionSnapshot(t *testing.T, ctx context.Context, pool *pgxpool.Pool, guestID uuid.UUID, wantResponse string, wantPlusOnes int) {
t.Helper()
var (
gotResp string
gotPlus int
nRevs int
)
err := pool.QueryRow(ctx, `
SELECT count(*) FROM rsvp_revisions rev
JOIN rsvps r ON r.id = rev.rsvp_id
WHERE r.guest_id = $1
`, guestID).Scan(&nRevs)
must(t, err, "count revisions")
if nRevs != 1 {
t.Fatalf("expected 1 revision row, got %d", nRevs)
}
err = pool.QueryRow(ctx, `
SELECT rev.prev_response::text, rev.prev_plus_ones
FROM rsvp_revisions rev
JOIN rsvps r ON r.id = rev.rsvp_id
WHERE r.guest_id = $1
ORDER BY rev.changed_at DESC LIMIT 1
`, guestID).Scan(&gotResp, &gotPlus)
must(t, err, "load revision")
if gotResp != wantResponse || gotPlus != wantPlusOnes {
t.Fatalf("revision snapshot: got (%s, %d) want (%s, %d)", gotResp, gotPlus, wantResponse, wantPlusOnes)
}
}
func postJSON(t *testing.T, url string, body any, wantStatus int, out any) {
t.Helper()
postJSONAuthed(t, url, "", body, wantStatus, out)
@@ -450,18 +712,6 @@ func waitForFlagged(t *testing.T, ctx context.Context, pool *pgxpool.Pool, acces
t.Fatalf("access_log %s did not reach score=%d flagged=%v within 10s", accessLogID, wantScore, wantFlagged)
}
func assertTokenUsed(t *testing.T, ctx context.Context, pool *pgxpool.Pool, guestID uuid.UUID) {
t.Helper()
var status string
err := pool.QueryRow(ctx,
`SELECT status FROM tokens WHERE guest_id = $1`, guestID,
).Scan(&status)
must(t, err, "load token status")
if status != "used" {
t.Fatalf("expected token status=used for guest %s, got %s", guestID, status)
}
}
func assertTokenStatus(t *testing.T, ctx context.Context, pool *pgxpool.Pool, guestID uuid.UUID, want string) {
t.Helper()
var status string