feat(tier2): event branding + UX polish — Block D
Backend
- Migration 0010 adds event_branding (one row per event; all fields
nullable so a brand-new event renders with defaults)
- BrandingRepo with COALESCE/NULLIF upsert semantics: nil pointer
preserves the existing value, "" clears the field to NULL
- internal/uploads package: ImageStore interface + LocalFSStore (dev),
pure-stdlib decode + re-encode that strips EXIF and rejects anything
that isn't valid JPEG/PNG. Size cap 2 MB, random 16-byte filenames
- GET /events/{id}/branding (viewer+) returns the row plus the
AllowedFonts list so the frontend picker stays in sync
- PUT /events/{id}/branding (editor+) validates hex colours, font
allowlist, and refuses image URLs whose path doesn't start with
/uploads/ (blocks arbitrary-origin <img> smuggling on guest pages)
- POST /uploads/image (authed) → fresh CDN URL; GET /uploads/{file}
serves with year-long cache (immutable random names)
- GET /access/{token} now embeds the host's branding so the RSVP page
can render in their colours/font with their logo + cover
- docker-compose mounts a named volume for uploads
- Custom-domain sub-block deferred to Tier 3 per the plan
Frontend
- BrandingCard.vue: colour pickers, font dropdown, logo + cover upload
with progressive disclosure, live preview pane that re-renders on
every keystroke
- RSVP page applies branding via CSS vars at the section root, so
primary colour theme + font cascade through every child card. Cover
image renders as a banner above the form; logo lands in the header
- Submit button background switches to var(--brand-primary) when set
- Mounted on the event detail page below the guests block
Plus the small UX fixes from the e2e walkthrough:
- Nav: dropped the top-level "Events" link; the logo doubles as the
home affordance (→ /dashboard when signed in, → / otherwise). Account
+ Billing + Sign out live under a profile dropdown (avatar with
initials, opens on click, closes on outside-click / Esc / route nav)
- Renamed "Back to dashboard" → "Back to events" across event detail,
billing, account, and new-event pages
Tests
- TestBrandingGetReturnsDefaults / TestBrandingPutPersists /
TestBrandingPutRejectsBadInputs / TestUploadAndServeImage /
TestUploadRejectsNonImage — all pass
- Domain tests for IsValidHexColor + IsAllowedFont
- Full integration suite green (176s)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
@@ -309,6 +309,63 @@ func (h *collaboratorHandler) cancelInvite(w http.ResponseWriter, r *http.Reques
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
// --- "your pending invites" (self-service inbox) ---
|
||||
|
||||
// GET /me/invites — authed. Lists invites addressed to the caller's email
|
||||
// so the dashboard can show a one-click Accept banner without requiring
|
||||
// the user to re-click the email link. Crucial for the signup → verify-
|
||||
// email → login flow where the email click opens a new tab and the
|
||||
// original invite tab is forgotten.
|
||||
func (h *collaboratorHandler) myInvites(w http.ResponseWriter, r *http.Request) {
|
||||
userID, ok := hostFromContext(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
user, err := h.users.GetByID(r.Context(), userID)
|
||||
if err != nil || user == nil {
|
||||
writeError(w, http.StatusUnauthorized, "unauthenticated")
|
||||
return
|
||||
}
|
||||
pending, err := h.invites.ListPendingForEmail(r.Context(), user.Email)
|
||||
if err != nil {
|
||||
writeError(w, http.StatusInternalServerError, "failed to list invites")
|
||||
return
|
||||
}
|
||||
writeJSON(w, http.StatusOK, map[string]any{"invites": pending})
|
||||
}
|
||||
|
||||
// POST /me/invites/{event_id}/accept — authed. Accepts the latest pending
|
||||
// invite for (caller.email, event_id). Same effect as POST /invites/{token}/
|
||||
// accept but doesn't require the raw token; the caller's verified email is
|
||||
// the identity signal instead.
|
||||
func (h *collaboratorHandler) acceptForEvent(w http.ResponseWriter, r *http.Request) {
|
||||
userID, ok := hostFromContext(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
user, err := h.users.GetByID(r.Context(), userID)
|
||||
if err != nil || user == nil {
|
||||
writeError(w, http.StatusUnauthorized, "unauthenticated")
|
||||
return
|
||||
}
|
||||
eventID, ok := parseIDParam(w, r, "event_id")
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
role, err := h.collabs.AcceptByEventAndEmail(r.Context(), eventID, user.Email, userID)
|
||||
if err != nil {
|
||||
switch {
|
||||
case errors.Is(err, domain.ErrInviteNotFound):
|
||||
writeError(w, http.StatusNotFound, "no pending invitation for this event")
|
||||
default:
|
||||
h.logger.Error("accept by email", "err", err)
|
||||
writeError(w, http.StatusInternalServerError, "failed to accept invitation")
|
||||
}
|
||||
return
|
||||
}
|
||||
writeJSON(w, http.StatusOK, acceptResponse{EventID: eventID, Role: role})
|
||||
}
|
||||
|
||||
// --- public invite-accept flow ---
|
||||
|
||||
type inviteSummary struct {
|
||||
|
||||
Reference in New Issue
Block a user