feat: build core API, fraud engine, notifier, and frontend

Phase 1 — Core API (Go): - Events, guests, tokens, RSVPs CRUD on PostgreSQL via pgx/v5 - HMAC-signed per-guest tokens with format validation - Health endpoint with DB ping, slog JSON logging, graceful shutdown Phase 2 — NATS + Fraud Engine: - NATS JetStream pub/sub with explicit-ack consumers - Python/FastAPI fraud engine with heuristic risk scoring (fingerprint mismatch, IP change, missing signals, repeated access) - gRPC sync scoring with 250ms fail-open timeout - Per-guest baseline tracking; risk bands low/medium/high/block Phase 3 — Notifications + Frontend: - Notification worker scaffolding (Twilio/SES stubs, retry/backoff) - Nuxt 3 frontend with Tailwind dark theme + brand green - Live monitor via WebSocket with auto-reconnect - Activity history endpoint backfills monitor with RSVPs + scored access checks (including blocked attempts) UX polish: - Marketing-friendly landing page (hero mockup, how-it-works, features, use cases, testimonials, FAQ, final CTA) - Animated layered card mockups on landing + new-event page - Plus-ones stepper, RSVP status badges, filter buttons - Friendly access-check labels (Verified/Review/Suspicious/Blocked) - Dashboard hydration fix via ClientOnly wrapper Infrastructure: - docker-compose for full local dev (postgres, nats, api, fraud-engine, notifier, frontend) - Multi-stage Dockerfiles, non-root UID 1000 - Integration tests with testcontainers-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-11 21:08:56 +01:00
parent f760fc3e21
commit 3f8bc58ca9
89 changed files with 22729 additions and 0 deletions
@@ -0,0 +1,64 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"time"
+)
+
+type Config struct {
+	Env             string
+	HTTPAddr        string
+	DatabaseURL     string
+	NATSURL         string
+	FraudGRPCAddr   string
+	FraudGRPCTimeout time.Duration
+	ShutdownTimeout time.Duration
+	TokenSecret     string
+	TokenTTL        time.Duration
+}
+
+func Load() (*Config, error) {
+	cfg := &Config{
+		Env:             getenv("GG_ENV", "development"),
+		HTTPAddr:        getenv("GG_HTTP_ADDR", ":8080"),
+		DatabaseURL:     getenv("GG_DATABASE_URL", "postgres://guestguard:guestguard@localhost:5432/guestguard?sslmode=disable"),
+		NATSURL:         getenv("GG_NATS_URL", "nats://localhost:4222"),
+		FraudGRPCAddr:   getenv("GG_FRAUD_GRPC_ADDR", "fraud-engine:9091"),
+		FraudGRPCTimeout: getenvDuration("GG_FRAUD_GRPC_TIMEOUT", 250*time.Millisecond),
+		ShutdownTimeout: getenvDuration("GG_SHUTDOWN_TIMEOUT", 15*time.Second),
+		TokenSecret:     os.Getenv("GG_TOKEN_SECRET"),
+		TokenTTL:        getenvDuration("GG_TOKEN_TTL", 30*24*time.Hour),
+	}
+
+	if cfg.Env == "production" && cfg.TokenSecret == "" {
+		return nil, fmt.Errorf("GG_TOKEN_SECRET is required in production")
+	}
+	if cfg.TokenSecret == "" {
+		cfg.TokenSecret = "dev-only-insecure-secret-change-me"
+	}
+
+	return cfg, nil
+}
+
+func getenv(key, fallback string) string {
+	if v, ok := os.LookupEnv(key); ok && v != "" {
+		return v
+	}
+	return fallback
+}
+
+func getenvDuration(key string, fallback time.Duration) time.Duration {
+	v, ok := os.LookupEnv(key)
+	if !ok || v == "" {
+		return fallback
+	}
+	if d, err := time.ParseDuration(v); err == nil {
+		return d
+	}
+	if secs, err := strconv.Atoi(v); err == nil {
+		return time.Duration(secs) * time.Second
+	}
+	return fallback
+}