alchemistkay/guestguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ship Tier 1 — auth, authz, rate limits, real notifications, CSV import, billing, backups/DR, privacy

Browse Source 
Closes every block in docs/TIER1_PLAN.md from the Claude-scope side. The
homelab / cloud setup steps (SES verification, restore drill, lawyer-
drafted ToS) remain operator-owned but are unblocked.

Block A — Authentication
- Migration 0003: password_hash, email_verified, email_verification_tokens,
  password_reset_tokens, refresh_tokens (with replaced_by family chain).
- Bcrypt hasher, HS256 JWT signer, single-use refresh tokens with rotation
  + replay-detection (revokes the family on reuse).
- /auth/signup, /login, /refresh, /logout, /verify-email,
  /forgot-password, /reset-password — enumeration-safe.
- requireAuth middleware + GET /me.
- Frontend useAuth/useApi with auto-refresh-on-401, login/signup/verify/
  forgot/reset pages, route-guard middleware.

Block B — Authorisation
- EventRepo.GetForHost; Update/Delete scoped by host_id.
- All host routes behind requireAuth + ownership; cross-tenant returns
  404 (no enumeration). ?host_id removed.
- WS auth via short-lived single-use tickets (POST /auth/ws-ticket).
- Tests: TestCrossTenantIsolation — 9 probes.

Block C — Rate limiting
- Redis sliding-window via Lua (atomic ZADD+ZCARD+PEXPIRE).
- Per-route limits matching the plan (signup IP, login IP+email, RSVP/
  access by token, events/guests/tokens by user_id).
- 429 with Retry-After header and JSON body.
- Auth lockout: 5 failed logins → account locked, only password reset
  clears it.
- Frontend: useErrMessage normalises 429 + locked messaging.

Block D — Real notifications
- Migration 0004: provider_message_id, bounce_type, complained columns
  + unsubscribes (CITEXT) suppression table.
- Branded HTML + plaintext templates for verification, reset, invitation,
  confirmation, reminder. Per-page templates avoid html/template's
  contextual-escape collisions.
- Senders: SESv2, Twilio (SMS), SMTP (Mailpit-friendly), Resend HTTP.
- PickEmailSender priority Resend > SMTP > SES > Log — system boots
  cleanly in dev with Mailpit; production flips one env var.
- Webhook endpoints (Twilio status + SES SNS) — bounces add to suppression;
  signature verification stubbed pending creds.
- Auto-send: POST /tokens publishes invitation.send; notifier renders +
  delivers via the configured backend; suppression list honoured.
- Bulk + per-row invitation flow: POST /events/{id}/guests/invitations/bulk
  returns per-guest tokens so phone-only guests can be SMS'd manually.
- Unsubscribe: signed HMAC token (no TTL) + /unsubscribe/[token] page.
- WhatsApp Option A+: wa.me click-to-chat wizard with per-guest progress
  tracking, isLikelyE164 validation, edit-from-wizard.
- Token rotate (POST /tokens/rotate) invalidates the old URL — used by
  the regenerate-link flow.
- Mailpit added to docker-compose for dev inbox.

Block E — CSV import
- Streaming parser: tolerant header detection, UTF-8 BOM + UTF-16 LE/BE
  decoding, row-level validation, 5,000-row cap.
- Strict E.164 phone validation with helpful error message.
- POST /preview + /import + GET /template; preview UI on event page;
  atomic per-batch with dedup on existing emails.

Phone capture across UI
- PhoneInput component: country picker (~50 ISO codes) + national input +
  live E.164 preview + inline length validation.
- Used in Add Guest and Edit Guest modals. Smart paste-handling extracts
  country code from full E.164 strings.

Block F — Billing (Stripe)
- Migration 0005: subscriptions table (user_id → tier/status/period_end +
  Stripe customer/sub ids). Partial unique index keeps one granting sub
  per user.
- internal/billing: Tier + Limits model (Free 1/50, Pro 10/1000, Business
  ∞/5000), Stripe SDK wrapper with IgnoreAPIVersionMismatch for newer
  account API versions.
- /billing/checkout-session, /billing/portal, /billing/status,
  /webhooks/stripe (signature-verified, lifecycle events).
- Tier enforcement: 402 on POST /events, /guests, /import with
  {error, reason, tier, used, limit, upgrade_url} body.
- Frontend: useBilling composable, /dashboard/billing page (current plan,
  usage bars, tier cards), global UpgradeModal triggered by useApi's
  402 interceptor.
- Customer portal kept for self-service cancel/payment-method changes.

Block G — Backups & DR (application side)
- Every migration has a tested .down.sql.
- TestMigrationRoundtrip applies all ups → all downs → all ups against a
  fresh container; catches asymmetric down migrations.
- cmd/restore-verify: 28-check post-restore invariant tool (schema
  presence, no orphans across 10 FK relationships, email uniqueness,
  single-active subscription, row-count snapshot).
- docs/RUNBOOK_RESTORE.md: 9-step restore procedure with RTO/RPO
  targets, drill instructions, rollback path.

Block H — Privacy compliance (application side)
- Migration 0006: deleted_at + terms_accepted_at + privacy_policy_accepted_at
  on users. Partial index on email for live-only uniqueness.
- GET /me/data-export — synchronous JSON dump (user, events, guests,
  tokens, rsvps, access_logs, notifications).
- DELETE /me — soft-delete with PII scrub + refresh-token revocation;
  re-signup with same email works.
- POST /me/accept-terms — idempotent consent recording.
- Frontend /privacy + /terms placeholder pages with substantive (pending
  legal review) copy; footer links; signup terms checkbox; TermsGateModal
  for accounts created before the rollout; export + delete buttons on
  /dashboard/billing.

Tests
- All migrations verified up/down/up.
- Integration suite: TestE2EHappyPath, TestAuthFlow, TestCrossTenantIsolation,
  TestRateLimitSignup, TestLoginLockout, TestUnsubscribeFlow,
  TestSESBounceWebhook, TestTwilioStatusWebhook, TestCsvImportFlow,
  TestCsvImportAtomicRollback, TestBulkIssueInvitations, TestBulkIssueExplicitSubset,
  TestTokenIssuePublishesInvitation, TestTokenIssueWithoutGuestEmailSkipsInvitation,
  TestGuestUpdate, TestGuestDelete, TestTokenRotate, TestSMTPSenderAgainstMailpit,
  TestFreeTierEventLimit, TestFreeTierGuestLimit, TestBusinessTierBypassesLimits,
  TestDataExport, TestDeleteMe, TestAcceptTerms, TestMigrationRoundtrip.
  Full suite runs in ~120s against real Postgres + NATS + Redis + Mailpit.
- Unit suite green across internal/auth, internal/csvimport,
  internal/notification, internal/ratelimit, internal/domain.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
2026-05-16 23:54:22 +01:00
parent a0ed34f860
commit 59b8781659
124 changed files with 13702 additions and 445 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/components/CsvImportCard.vue
+217
View File
@@ -0,0 +1,217 @@
<script setup lang="ts">
interface ParsedRow {
Name: string
Email: string
Phone: string
PlusOnes: number
}
interface RowError {
row: number
reason: string
}
interface PreviewResponse {
rows: ParsedRow[]
errors?: RowError[]
total_count: number
}
interface ImportResponse {
added: number
skipped: number
skipped_emails?: string[]
errors?: RowError[]
total_count: number
}
const props = defineProps<{ eventId: string }>()
const emit = defineEmits<{ (e: 'imported'): void }>()
const config = useRuntimeConfig()
const apiBase = config.public.apiBase as string
type Stage = 'idle' | 'preview' | 'committing' | 'done'
const stage = ref<Stage>('idle')
const fileName = ref('')
const dragging = ref(false)
const error = ref<string | null>(null)
const preview = ref<PreviewResponse | null>(null)
const result = ref<ImportResponse | null>(null)
let pendingFile: File | null = null
function reset() {
stage.value = 'idle'
fileName.value = ''
preview.value = null
result.value = null
error.value = null
pendingFile = null
}
async function onFiles(files: FileList | File[] | null) {
if (!files || !files.length) return
const f = files[0]
if (f.size > 1024 * 1024) {
error.value = 'File is larger than 1MB.'
return
}
fileName.value = f.name
error.value = null
pendingFile = f
await runPreview()
}
async function runPreview() {
if (!pendingFile) return
try {
const fd = new FormData()
fd.append('file', pendingFile)
preview.value = await useApi<PreviewResponse>(
`/events/${props.eventId}/guests/import/preview`,
{ method: 'POST', body: fd },
)
stage.value = 'preview'
} catch (e: any) {
error.value = useErrMessage(e, 'Could not parse that CSV')
stage.value = 'idle'
pendingFile = null
}
}
async function commit() {
if (!pendingFile) return
stage.value = 'committing'
error.value = null
try {
const fd = new FormData()
fd.append('file', pendingFile)
result.value = await useApi<ImportResponse>(
`/events/${props.eventId}/guests/import`,
{ method: 'POST', body: fd },
)
stage.value = 'done'
emit('imported')
} catch (e: any) {
error.value = useErrMessage(e, 'Import failed')
stage.value = 'preview'
}
}
function onDrop(e: DragEvent) {
dragging.value = false
onFiles(e.dataTransfer?.files ?? null)
}
const templateUrl = computed(() => `${apiBase}/events/${props.eventId}/guests/import/template`)
async function downloadTemplate() {
// The endpoint requires a Bearer header, which a plain <a download> can't
// attach — fetch through useApi (which adds auth + handles refresh) then
// synthesise an anchor click on the resulting blob.
try {
const res: any = await useApi(`/events/${props.eventId}/guests/import/template`, {
method: 'GET',
})
// useApi auto-parses JSON; for CSV the response body is plain text.
const text = typeof res === 'string' ? res : JSON.stringify(res)
const blob = new Blob([text], { type: 'text/csv;charset=utf-8' })
const url = URL.createObjectURL(blob)
const a = document.createElement('a')
a.href = url
a.download = 'guestguard-import-template.csv'
a.click()
URL.revokeObjectURL(url)
} catch (e: any) {
error.value = useErrMessage(e, 'Could not download template')
}
}
</script>
<template>
<!-- No outer .card chrome: this component is now embedded inside a
modal that supplies the surface. -->
<div>
<div class="mb-3 flex items-center justify-end">
<button class="text-xs text-zinc-400 hover:text-zinc-200" @click="downloadTemplate">
Download template
</button>
</div>
<!-- Stage 1: drag-drop zone -->
<div v-if="stage === 'idle'">
<label
class="flex cursor-pointer flex-col items-center justify-center rounded-lg border-2 border-dashed bg-zinc-900/50 p-6 text-center transition"
:class="dragging ? 'border-brand-500 bg-brand-500/5' : 'border-zinc-700 hover:border-zinc-600'"
@dragover.prevent="dragging = true"
@dragleave.prevent="dragging = false"
@drop.prevent="onDrop"
>
<span class="mb-1 text-sm text-zinc-200">Drop a CSV here or click to choose</span>
<span class="text-xs text-zinc-500">Up to 5,000 rows · 1MB max</span>
<input type="file" accept=".csv,text/csv" class="hidden" @change="onFiles(($event.target as HTMLInputElement).files)" />
</label>
<p class="mt-2 text-xs text-zinc-500">
Required column: <code>name</code>. Optional: <code>email</code>, <code>phone</code>, <code>plus_ones</code>.
</p>
<p v-if="error" class="mt-3 text-sm text-red-400">{{ error }}</p>
</div>
<!-- Stage 2: preview -->
<div v-else-if="stage === 'preview' && preview">
<p class="mb-2 text-sm">
<span class="text-zinc-200">{{ fileName }}</span>
<span class="text-zinc-500"> {{ preview.rows.length }} valid row{{ preview.rows.length === 1 ? '' : 's' }}, {{ preview.errors?.length || 0 }} error{{ preview.errors?.length === 1 ? '' : 's' }}.</span>
</p>
<div v-if="preview.errors && preview.errors.length" class="mb-3 max-h-32 overflow-auto rounded border border-amber-900/40 bg-amber-950/20 p-2 text-xs text-amber-200">
<p class="mb-1 font-medium">Rows with problems (these will be skipped):</p>
<ul class="space-y-0.5">
<li v-for="(err, i) in preview.errors" :key="i">
row {{ err.row }} {{ err.reason }}
</li>
</ul>
</div>
<div v-if="preview.rows.length" class="mb-3 max-h-64 overflow-auto rounded border border-zinc-800">
<table class="w-full text-xs">
<thead class="bg-zinc-900 text-zinc-400">
<tr>
<th class="px-2 py-1.5 text-left">Name</th>
<th class="px-2 py-1.5 text-left">Email</th>
<th class="px-2 py-1.5 text-left">Phone</th>
<th class="px-2 py-1.5 text-right">+1s</th>
</tr>
</thead>
<tbody class="divide-y divide-zinc-800">
<tr v-for="(r, i) in preview.rows.slice(0, 100)" :key="i" class="text-zinc-200">
<td class="px-2 py-1">{{ r.Name }}</td>
<td class="px-2 py-1 text-zinc-400">{{ r.Email || '—' }}</td>
<td class="px-2 py-1 text-zinc-400">{{ r.Phone || '—' }}</td>
<td class="px-2 py-1 text-right tabular-nums">{{ r.PlusOnes }}</td>
</tr>
</tbody>
</table>
<p v-if="preview.rows.length > 100" class="px-2 py-1 text-xs text-zinc-500">
+ {{ preview.rows.length - 100 }} more not shown.
</p>
</div>
<div class="flex items-center gap-2">
<button class="btn-primary" :disabled="!preview.rows.length || stage === 'committing'" @click="commit">
Looks good import {{ preview.rows.length }} guest{{ preview.rows.length === 1 ? '' : 's' }}
</button>
<button class="btn-ghost" @click="reset">Cancel</button>
</div>
<p v-if="error" class="mt-3 text-sm text-red-400">{{ error }}</p>
</div>
<!-- Stage 3: committing -->
<div v-else-if="stage === 'committing'" class="text-sm text-zinc-400">Importing</div>
<!-- Stage 4: done -->
<div v-else-if="stage === 'done' && result" class="text-sm">
<p class="mb-1 font-medium text-brand-300">Imported {{ result.added }} guest{{ result.added === 1 ? '' : 's' }}.</p>
<p v-if="result.skipped" class="text-zinc-400">Skipped {{ result.skipped }} duplicate{{ result.skipped === 1 ? '' : 's' }} (already on this event).</p>
<p v-if="result.errors?.length" class="text-zinc-400">{{ result.errors.length }} row{{ result.errors.length === 1 ? '' : 's' }} had errors and were not imported.</p>
<button class="btn-ghost mt-3" @click="reset">Import another file</button>
</div>
</div>
</template>
frontend/components/PhoneInput.vue
+240
View File
@@ -0,0 +1,240 @@
<script setup lang="ts">
// PhoneInput — country code picker + national digits input.
//
// Emits an E.164 string via v-model (e.g. "+233244123456"). Empty input
// emits an empty string. The country list covers the ~50 most likely
// origins for event guests; uncommon ones can still be typed by picking
// the closest country and entering the full number — the live preview
// shows the host what's being saved.
//
// Industry-standard UX: WhatsApp / Stripe / airline-booking pattern.
interface Country {
code: string // ISO-3166 alpha-2
name: string
dialCode: string // includes leading "+"
}
// Curated list — alphabetical-by-name, weighted toward common GuestGuard
// audience (UK/EU + Africa + diaspora destinations). The host can always
// type the full international number into another country's row if their
// country isn't here, but most won't need to.
const COUNTRIES: Country[] = [
{ code: 'AR', name: 'Argentina', dialCode: '+54' },
{ code: 'AU', name: 'Australia', dialCode: '+61' },
{ code: 'AT', name: 'Austria', dialCode: '+43' },
{ code: 'BE', name: 'Belgium', dialCode: '+32' },
{ code: 'BR', name: 'Brazil', dialCode: '+55' },
{ code: 'CM', name: 'Cameroon', dialCode: '+237' },
{ code: 'CA', name: 'Canada', dialCode: '+1' },
{ code: 'CL', name: 'Chile', dialCode: '+56' },
{ code: 'CN', name: 'China', dialCode: '+86' },
{ code: 'CI', name: "Côte d'Ivoire", dialCode: '+225' },
{ code: 'DK', name: 'Denmark', dialCode: '+45' },
{ code: 'EG', name: 'Egypt', dialCode: '+20' },
{ code: 'ET', name: 'Ethiopia', dialCode: '+251' },
{ code: 'FI', name: 'Finland', dialCode: '+358' },
{ code: 'FR', name: 'France', dialCode: '+33' },
{ code: 'DE', name: 'Germany', dialCode: '+49' },
{ code: 'GH', name: 'Ghana', dialCode: '+233' },
{ code: 'HK', name: 'Hong Kong', dialCode: '+852' },
{ code: 'IN', name: 'India', dialCode: '+91' },
{ code: 'ID', name: 'Indonesia', dialCode: '+62' },
{ code: 'IE', name: 'Ireland', dialCode: '+353' },
{ code: 'IL', name: 'Israel', dialCode: '+972' },
{ code: 'IT', name: 'Italy', dialCode: '+39' },
{ code: 'JP', name: 'Japan', dialCode: '+81' },
{ code: 'KE', name: 'Kenya', dialCode: '+254' },
{ code: 'MY', name: 'Malaysia', dialCode: '+60' },
{ code: 'MX', name: 'Mexico', dialCode: '+52' },
{ code: 'MA', name: 'Morocco', dialCode: '+212' },
{ code: 'NL', name: 'Netherlands', dialCode: '+31' },
{ code: 'NZ', name: 'New Zealand', dialCode: '+64' },
{ code: 'NG', name: 'Nigeria', dialCode: '+234' },
{ code: 'NO', name: 'Norway', dialCode: '+47' },
{ code: 'PH', name: 'Philippines', dialCode: '+63' },
{ code: 'PL', name: 'Poland', dialCode: '+48' },
{ code: 'PT', name: 'Portugal', dialCode: '+351' },
{ code: 'RW', name: 'Rwanda', dialCode: '+250' },
{ code: 'SA', name: 'Saudi Arabia', dialCode: '+966' },
{ code: 'SN', name: 'Senegal', dialCode: '+221' },
{ code: 'SG', name: 'Singapore', dialCode: '+65' },
{ code: 'ZA', name: 'South Africa', dialCode: '+27' },
{ code: 'KR', name: 'South Korea', dialCode: '+82' },
{ code: 'ES', name: 'Spain', dialCode: '+34' },
{ code: 'SE', name: 'Sweden', dialCode: '+46' },
{ code: 'CH', name: 'Switzerland', dialCode: '+41' },
{ code: 'TW', name: 'Taiwan', dialCode: '+886' },
{ code: 'TZ', name: 'Tanzania', dialCode: '+255' },
{ code: 'TH', name: 'Thailand', dialCode: '+66' },
{ code: 'TR', name: 'Turkey', dialCode: '+90' },
{ code: 'AE', name: 'UAE', dialCode: '+971' },
{ code: 'UG', name: 'Uganda', dialCode: '+256' },
{ code: 'GB', name: 'United Kingdom', dialCode: '+44' },
{ code: 'US', name: 'United States', dialCode: '+1' },
]
// Longer dial codes first so "+1" doesn't shadow "+1...". Sorted once.
const SORTED_BY_DIAL = [...COUNTRIES].sort((a, b) => b.dialCode.length - a.dialCode.length)
const props = defineProps<{
modelValue: string
/** ISO-3166 alpha-2 to use as default. Browser locale is consulted if omitted. */
defaultCountry?: string
}>()
const emit = defineEmits<{ (e: 'update:modelValue', value: string): void }>()
function findByCode(code: string): Country | undefined {
return COUNTRIES.find((c) => c.code === code.toUpperCase())
}
function parsePhone(v: string): { country: Country | null; national: string } {
if (!v) return { country: null, national: '' }
const trimmed = v.trim().replace(/[\s\-()]/g, '')
for (const c of SORTED_BY_DIAL) {
if (trimmed.startsWith(c.dialCode)) {
return { country: c, national: trimmed.slice(c.dialCode.length) }
}
}
// Fall through: leading +XX didn't match anything (or no leading +).
// Strip a leading + and a leading 0 from local-format numbers so the
// host's national digits show up cleanly in the input.
return { country: null, national: trimmed.replace(/^\+/, '').replace(/^0+/, '') }
}
function detectDefault(): Country {
if (props.defaultCountry) {
const c = findByCode(props.defaultCountry)
if (c) return c
}
if (typeof navigator !== 'undefined' && navigator.language) {
const region = navigator.language.split('-')[1] || ''
const c = findByCode(region)
if (c) return c
}
return findByCode('GB')!
}
const initial = parsePhone(props.modelValue)
const country = ref<Country>(initial.country || detectDefault())
const national = ref(initial.national)
// Digits the host typed, with leading 0s stripped (local-format helper).
const nationalDigits = computed(() => national.value.replace(/\D/g, '').replace(/^0+/, ''))
// E.164 composed from current state. Empty when no digits — keeps the
// stored value clean (don't save "+44" with no number).
const composed = computed(() => {
return nationalDigits.value ? `${country.value.dialCode}${nationalDigits.value}` : ''
})
// Inline validation. We don't try to encode per-country length rules
// (that's libphonenumber's job and overkill here) — instead we apply a
// generous floor/ceiling on the national digit count. Catches obvious
// typos without false-positives on shorter formats like Iceland (+354 7).
type Validation = 'empty' | 'short' | 'long' | 'ok'
const validation = computed<Validation>(() => {
const n = nationalDigits.value.length
if (n === 0) return 'empty'
if (n < 6) return 'short'
if (n > 13) return 'long'
return 'ok'
})
// Emit on user changes — guard reentrancy so an external prop update
// doesn't bounce back into our own watcher.
let emitting = false
watch(composed, (v) => {
emitting = true
emit('update:modelValue', v)
Promise.resolve().then(() => { emitting = false })
})
// Re-sync from prop changes (e.g., parent resets the form, edit modal
// reopens for a different guest). Skip when our own emit caused it.
watch(() => props.modelValue, (v) => {
if (emitting) return
const p = parsePhone(v)
if (p.country) country.value = p.country
national.value = p.national
})
// Smart input: if the host pastes (or types) a full E.164 with leading
// "+" into the national field, extract the country code and split it
// into the picker + the national digits. Rescues the common mistake of
// pasting "+233244123456" into the digits field instead of using the
// picker — without this, the value would get double-prefixed.
function onNationalInput(e: Event) {
const v = (e.target as HTMLInputElement).value
if (v.startsWith('+')) {
const parsed = parsePhone(v)
if (parsed.country) {
country.value = parsed.country
national.value = parsed.national
return
}
}
national.value = v
}
</script>
<template>
<div>
<div class="flex gap-2">
<select
v-model="country"
class="input w-28 shrink-0 cursor-pointer"
aria-label="Country code"
>
<option v-for="c in COUNTRIES" :key="c.code" :value="c">
{{ c.dialCode }} {{ c.code }}
</option>
</select>
<input
:value="national"
@input="onNationalInput"
type="tel"
inputmode="tel"
autocomplete="tel-national"
class="input flex-1"
:class="{
'border-amber-700/60 focus:border-amber-500 focus:ring-amber-500': validation === 'short' || validation === 'long',
}"
placeholder="Phone number"
:aria-invalid="validation === 'short' || validation === 'long' || undefined"
/>
</div>
<!-- Live feedback. Different message per validation state:
empty optional hint
short amber warning, hostsees it before pressing Save
long amber warning
ok green confirmation with the canonical E.164 visible -->
<p class="mt-1 flex items-center gap-1 text-xs">
<template v-if="validation === 'empty'">
<span class="text-zinc-500">
Optional include the country code so guests on any network can be reached.
</span>
</template>
<template v-else-if="validation === 'short'">
<svg class="h-3.5 w-3.5 shrink-0 text-amber-400" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
<path fill-rule="evenodd" d="M8.485 3.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 3.495zM10 8a1 1 0 01.993.883L11 9v3a1 1 0 01-1.993.117L9 12V9a1 1 0 011-1zm0 6a1 1 0 110 2 1 1 0 010-2z" clip-rule="evenodd" />
</svg>
<span class="text-amber-300">Looks too short make sure you've entered all the digits.</span>
</template>
<template v-else-if="validation === 'long'">
<svg class="h-3.5 w-3.5 shrink-0 text-amber-400" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
<path fill-rule="evenodd" d="M8.485 3.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 3.495zM10 8a1 1 0 01.993.883L11 9v3a1 1 0 01-1.993.117L9 12V9a1 1 0 011-1zm0 6a1 1 0 110 2 1 1 0 010-2z" clip-rule="evenodd" />
</svg>
<span class="text-amber-300">Looks too long — check for extra digits.</span>
</template>
<template v-else>
<svg class="h-3.5 w-3.5 shrink-0 text-brand-400" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd" />
</svg>
<span class="text-zinc-500">
Saved as <span class="font-mono text-zinc-300">{{ composed }}</span>
</span>
</template>
</p>
</div>
</template>
frontend/components/TermsGateModal.vue
+80
View File
@@ -0,0 +1,80 @@
<script setup lang="ts">
// Shown the first time a host signs into the dashboard after T&C
// enforcement is rolled out. Existing accounts created before this
// feature don't have terms_accepted_at set — they're re-prompted once
// here, then they're set going forward.
//
// Lives in app.vue so any authed page can be the host's first stop.
const auth = useAuth()
const accepted = ref(false)
const submitting = ref(false)
const error = ref<string | null>(null)
// Only fires when the user is signed in AND we know they haven't
// accepted. /me payload includes terms_accepted_at; if absent → prompt.
const needsAcceptance = computed(() => {
const u = auth.user.value
return !!u && !u.terms_accepted_at && !u.privacy_policy_accepted_at
})
async function accept() {
if (!accepted.value) return
submitting.value = true
error.value = null
try {
await useApi('/me/accept-terms', { method: 'POST' })
// Refresh auth state so the user object reflects the new fields.
await auth.refresh()
} catch (e: any) {
error.value = useErrMessage(e, 'Could not record acceptance')
} finally {
submitting.value = false
}
}
</script>
<template>
<Teleport to="body">
<div
v-if="needsAcceptance"
class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4 backdrop-blur-sm"
>
<div
role="dialog"
aria-modal="true"
aria-labelledby="terms-title"
class="w-full max-w-md rounded-lg border border-zinc-800 bg-zinc-900 p-5 shadow-2xl"
>
<h3 id="terms-title" class="mb-1 text-base font-semibold">One quick thing</h3>
<p class="mb-4 text-sm text-zinc-400">
We've updated how GuestGuard handles your data. Before you carry on,
please confirm you've read and agree to the current policies.
</p>
<label class="flex cursor-pointer items-start gap-2 text-sm text-zinc-200">
<input
v-model="accepted"
type="checkbox"
class="mt-0.5 h-4 w-4 cursor-pointer accent-brand-500"
/>
<span>
I agree to GuestGuard's
<NuxtLink to="/terms" target="_blank" class="text-brand-400 hover:text-brand-300">Terms of Service</NuxtLink>
and
<NuxtLink to="/privacy" target="_blank" class="text-brand-400 hover:text-brand-300">Privacy Policy</NuxtLink>.
</span>
</label>
<button
class="btn-primary mt-4 w-full disabled:opacity-50"
:disabled="!accepted || submitting"
@click="accept"
>
{{ submitting ? 'Saving' : 'Continue' }}
</button>
<p v-if="error" class="mt-3 text-sm text-red-400">{{ error }}</p>
</div>
</div>
</Teleport>
</template>
frontend/components/UpgradeModal.vue
+131
View File
@@ -0,0 +1,131 @@
<script setup lang="ts">
// Global "plan limit reached" modal. Bound to the upgrade-prompt state
// in useBilling, which is populated by the 402 interceptor in useApi.
// Lives in app.vue so any page that fires an API call benefits from it
// without per-page wiring.
const billing = useBilling()
const router = useRouter()
const upgrading = ref<'pro' | 'business' | null>(null)
const reasonText = computed(() => {
const p = billing.prompt.value
if (!p) return ''
if (p.reason === 'events_per_month') {
return `You've used ${p.used} of ${p.limit} events this month on the ${labelTier(p.tier)} plan.`
}
if (p.reason === 'guests_per_event') {
return `This event already has ${p.used} of ${p.limit} guests allowed on the ${labelTier(p.tier)} plan.`
}
return p.error
})
function labelTier(t: string): string {
return t.charAt(0).toUpperCase() + t.slice(1)
}
async function quickUpgrade(tier: 'pro' | 'business') {
upgrading.value = tier
try {
await billing.startCheckout(tier)
// startCheckout navigates the page — nothing else to do.
} catch {
// Fallback: send the user to the billing page so they see the error
// in context.
await router.push('/dashboard/billing')
billing.dismissUpgradePrompt()
} finally {
upgrading.value = null
}
}
function viewPlans() {
billing.dismissUpgradePrompt()
router.push('/dashboard/billing')
}
// Esc closes the modal — keeps interaction symmetrical with all the
// other dialogs across the app.
function onKeydown(e: KeyboardEvent) {
if (e.key === 'Escape' && billing.prompt.value) {
billing.dismissUpgradePrompt()
}
}
if (import.meta.client) {
onMounted(() => window.addEventListener('keydown', onKeydown))
onUnmounted(() => window.removeEventListener('keydown', onKeydown))
}
</script>
<template>
<Teleport to="body">
<div
v-if="billing.prompt.value"
class="fixed inset-0 z-50 flex items-center justify-center bg-black/60 p-4 backdrop-blur-sm"
@click.self="billing.dismissUpgradePrompt()"
>
<div
role="alertdialog"
aria-modal="true"
aria-labelledby="upgrade-title"
aria-describedby="upgrade-desc"
class="w-full max-w-md rounded-lg border border-zinc-800 bg-zinc-900 p-5 shadow-2xl"
>
<div class="mb-3 flex items-start gap-3">
<div class="flex h-8 w-8 shrink-0 items-center justify-center rounded-full bg-brand-500/15">
<svg class="h-4 w-4 text-brand-400" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
<path fill-rule="evenodd" d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z" clip-rule="evenodd" />
</svg>
</div>
<div class="min-w-0">
<h3 id="upgrade-title" class="text-base font-semibold text-zinc-100">Plan limit reached</h3>
<p id="upgrade-desc" class="mt-1 text-sm text-zinc-400">{{ reasonText }}</p>
</div>
</div>
<p class="mb-4 text-sm text-zinc-300">Pick a plan to keep going your work isn't lost.</p>
<div class="space-y-2">
<button
type="button"
class="flex w-full items-center justify-between rounded-md border border-brand-700/60 bg-brand-500/10 px-3 py-3 text-left transition hover:bg-brand-500/15 disabled:opacity-50"
:disabled="upgrading !== null"
@click="quickUpgrade('pro')"
>
<span>
<span class="block text-sm font-medium text-zinc-100">Upgrade to Pro</span>
<span class="block text-xs text-zinc-500">$49 / month · 10 events · 1,000 guests per event</span>
</span>
<span class="text-xs text-zinc-400">{{ upgrading === 'pro' ? 'Opening checkout' : '' }}</span>
</button>
<button
type="button"
class="flex w-full items-center justify-between rounded-md border border-zinc-700 bg-zinc-950 px-3 py-3 text-left transition hover:border-zinc-500 hover:bg-zinc-900 disabled:opacity-50"
:disabled="upgrading !== null"
@click="quickUpgrade('business')"
>
<span>
<span class="block text-sm font-medium text-zinc-100">Upgrade to Business</span>
<span class="block text-xs text-zinc-500">$199 / month · Unlimited events · 5,000 guests per event</span>
</span>
<span class="text-xs text-zinc-400">{{ upgrading === 'business' ? 'Opening checkout' : '' }}</span>
</button>
</div>
<div class="mt-4 flex items-center justify-between text-xs">
<button
type="button"
class="text-zinc-400 hover:text-zinc-200"
@click="viewPlans"
>Compare all plans</button>
<button
type="button"
class="text-zinc-500 hover:text-zinc-300"
@click="billing.dismissUpgradePrompt()"
>Maybe later</button>
</div>
</div>
</div>
</Teleport>
</template>