alchemistkay/guestguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tier2): event branding + UX polish — Block D

Browse Source 
Backend
- Migration 0010 adds event_branding (one row per event; all fields
  nullable so a brand-new event renders with defaults)
- BrandingRepo with COALESCE/NULLIF upsert semantics: nil pointer
  preserves the existing value, "" clears the field to NULL
- internal/uploads package: ImageStore interface + LocalFSStore (dev),
  pure-stdlib decode + re-encode that strips EXIF and rejects anything
  that isn't valid JPEG/PNG. Size cap 2 MB, random 16-byte filenames
- GET /events/{id}/branding (viewer+) returns the row plus the
  AllowedFonts list so the frontend picker stays in sync
- PUT /events/{id}/branding (editor+) validates hex colours, font
  allowlist, and refuses image URLs whose path doesn't start with
  /uploads/ (blocks arbitrary-origin <img> smuggling on guest pages)
- POST /uploads/image (authed) → fresh CDN URL; GET /uploads/{file}
  serves with year-long cache (immutable random names)
- GET /access/{token} now embeds the host's branding so the RSVP page
  can render in their colours/font with their logo + cover
- docker-compose mounts a named volume for uploads
- Custom-domain sub-block deferred to Tier 3 per the plan

Frontend
- BrandingCard.vue: colour pickers, font dropdown, logo + cover upload
  with progressive disclosure, live preview pane that re-renders on
  every keystroke
- RSVP page applies branding via CSS vars at the section root, so
  primary colour theme + font cascade through every child card. Cover
  image renders as a banner above the form; logo lands in the header
- Submit button background switches to var(--brand-primary) when set
- Mounted on the event detail page below the guests block

Plus the small UX fixes from the e2e walkthrough:
- Nav: dropped the top-level "Events" link; the logo doubles as the
  home affordance (→ /dashboard when signed in, → / otherwise). Account
  + Billing + Sign out live under a profile dropdown (avatar with
  initials, opens on click, closes on outside-click / Esc / route nav)
- Renamed "Back to dashboard" → "Back to events" across event detail,
  billing, account, and new-event pages

Tests
- TestBrandingGetReturnsDefaults / TestBrandingPutPersists /
  TestBrandingPutRejectsBadInputs / TestUploadAndServeImage /
  TestUploadRejectsNonImage — all pass
- Domain tests for IsValidHexColor + IsAllowedFont
- Full integration suite green (176s)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
2026-05-18 12:04:09 +01:00
parent 9842bd4f45
commit e5b187c575
30 changed files with 2310 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/pages/dashboard/account.vue
+203
View File
@@ -0,0 +1,203 @@
<script setup lang="ts">
// Account page — owns the data-export + account-deletion controls that
// used to sit on the billing tab. Privacy concerns ≠ billing concerns;
// hosts shouldn't have to scroll past pricing to find "delete my account".
definePageMeta({ middleware: ['auth'] })
const router = useRouter()
const auth = useAuth()
const config = useRuntimeConfig()
const exporting = ref(false)
const deleteConfirmOpen = ref(false)
const deleteConfirmation = ref('')
const deleting = ref(false)
const deleteError = ref<string | null>(null)
const toast = ref<string | null>(null)
let toastTimer: ReturnType<typeof setTimeout> | null = null
function showToast(text: string) {
toast.value = text
if (toastTimer) clearTimeout(toastTimer)
toastTimer = setTimeout(() => { toast.value = null }, 5000)
}
async function exportData() {
exporting.value = true
try {
const apiBase = config.public.apiBase as string
const token = auth.liveAccessToken()
// Plain fetch (not useApi) so the response is treated as a download.
const res = await fetch(`${apiBase}/me/data-export`, {
headers: token ? { Authorization: `Bearer ${token}` } : {},
credentials: 'include',
})
if (!res.ok) throw new Error(`HTTP ${res.status}`)
const blob = await res.blob()
const url = URL.createObjectURL(blob)
const a = document.createElement('a')
a.href = url
a.download = 'guestguard-data-export.json'
a.click()
URL.revokeObjectURL(url)
showToast('Export downloaded.')
} catch (e: any) {
showToast(useErrMessage(e, 'Export failed'))
} finally {
exporting.value = false
}
}
async function confirmDelete() {
deleting.value = true
deleteError.value = null
try {
await useApi('/me', { method: 'DELETE' })
// Soft-delete revoked our refresh token; clear local session and
// bounce to the marketing landing.
auth.clearSession()
await router.push('/')
} catch (e: any) {
deleteError.value = useErrMessage(e, 'Could not delete account')
} finally {
deleting.value = false
}
}
</script>
<template>
<section class="space-y-6">
<div>
<NuxtLink to="/dashboard" class="mb-2 inline-block text-sm text-zinc-400 hover:text-zinc-200">
Back to events
</NuxtLink>
<h1 class="text-2xl font-semibold">Account</h1>
<p class="mt-1 text-sm text-zinc-400">
Manage your profile and personal data.
</p>
</div>
<ClientOnly>
<!-- Profile summary -->
<div class="card">
<h2 class="mb-3 text-lg font-semibold">Profile</h2>
<dl class="grid grid-cols-1 gap-3 text-sm sm:grid-cols-2">
<div>
<dt class="text-xs uppercase tracking-wider text-zinc-500">Name</dt>
<dd class="mt-1 text-zinc-100">{{ auth.user.value?.name || '—' }}</dd>
</div>
<div>
<dt class="text-xs uppercase tracking-wider text-zinc-500">Email</dt>
<dd class="mt-1 break-all text-zinc-100">{{ auth.user.value?.email || '—' }}</dd>
</div>
</dl>
</div>
<!-- Your data -->
<div class="card">
<h2 class="mb-1 text-lg font-semibold">Your data</h2>
<p class="mb-4 text-xs text-zinc-500">
Export a copy of everything we hold about you, or delete your account.
</p>
<div class="space-y-3">
<button
type="button"
class="flex w-full items-center justify-between rounded-md border border-zinc-700 bg-zinc-950 px-3 py-3 text-left transition hover:border-zinc-500 hover:bg-zinc-900 disabled:opacity-50"
:disabled="exporting"
@click="exportData"
>
<span>
<span class="block text-sm font-medium text-zinc-100">Export my data</span>
<span class="block text-xs text-zinc-500">
Download a JSON file with your events, guests, RSVPs, and account info.
</span>
</span>
<span class="text-xs text-zinc-400">{{ exporting ? '…' : '↓' }}</span>
</button>
<button
type="button"
class="flex w-full items-center justify-between rounded-md border border-red-800/40 bg-red-950/10 px-3 py-3 text-left transition hover:border-red-700 hover:bg-red-950/20"
@click="deleteConfirmOpen = true"
>
<span>
<span class="block text-sm font-medium text-red-300">Delete my account</span>
<span class="block text-xs text-red-400/70">
Soft-deleted immediately, permanently erased after 30 days. You'll be signed out everywhere.
</span>
</span>
<span class="text-xs text-red-400">→</span>
</button>
</div>
</div>
<template #fallback>
<div class="card text-sm text-zinc-500">Loading…</div>
</template>
</ClientOnly>
<!-- Delete-account confirmation -->
<Teleport to="body">
<div
v-if="deleteConfirmOpen"
class="fixed inset-0 z-50 flex items-center justify-center bg-black/60 p-4 backdrop-blur-sm"
@click.self="deleteConfirmOpen = false"
>
<div
role="alertdialog"
aria-modal="true"
aria-labelledby="del-acct-title"
class="w-full max-w-md rounded-lg border border-zinc-800 bg-zinc-900 p-5 shadow-2xl"
>
<h3 id="del-acct-title" class="mb-1 text-base font-semibold">Delete account?</h3>
<p class="mb-3 text-sm text-zinc-400">
Your account will be soft-deleted now and permanently erased
after 30 days. All your events, guests, and RSVP history go
with it. You'll be signed out from every device.
</p>
<p class="mb-3 text-xs text-zinc-500">
Type <code class="rounded bg-zinc-800 px-1 py-0.5 font-mono text-zinc-300">delete</code>
to confirm.
</p>
<input
v-model="deleteConfirmation"
type="text"
placeholder="delete"
class="input mb-3 font-mono"
autocomplete="off"
/>
<div class="flex items-center justify-end gap-2">
<button class="text-sm text-zinc-400 hover:text-zinc-200" :disabled="deleting" @click="deleteConfirmOpen = false">Cancel</button>
<button
class="rounded-md bg-red-500/90 px-3 py-1.5 text-sm font-medium text-white shadow-sm transition hover:bg-red-500 disabled:opacity-40"
:disabled="deleting || deleteConfirmation.trim().toLowerCase() !== 'delete'"
@click="confirmDelete"
>
{{ deleting ? 'Deleting…' : 'Delete forever' }}
</button>
</div>
<p v-if="deleteError" class="mt-3 text-sm text-red-400">{{ deleteError }}</p>
</div>
</div>
</Teleport>
<!-- Toast -->
<Transition
enter-active-class="transition duration-200 ease-out"
enter-from-class="translate-y-2 opacity-0"
enter-to-class="translate-y-0 opacity-100"
leave-active-class="transition duration-200 ease-in"
leave-from-class="translate-y-0 opacity-100"
leave-to-class="translate-y-2 opacity-0"
>
<button
v-if="toast"
type="button"
class="fixed bottom-6 right-6 z-50 max-w-sm rounded-lg border border-brand-700/60 bg-brand-950/90 px-4 py-3 text-left text-sm text-brand-100 shadow-lg backdrop-blur"
@click="toast = null"
>
<span aria-hidden="true" class="mr-2"></span>{{ toast }}
</button>
</Transition>
</section>
</template>