feat(tier2): event branding + UX polish — Block D
Backend
- Migration 0010 adds event_branding (one row per event; all fields
nullable so a brand-new event renders with defaults)
- BrandingRepo with COALESCE/NULLIF upsert semantics: nil pointer
preserves the existing value, "" clears the field to NULL
- internal/uploads package: ImageStore interface + LocalFSStore (dev),
pure-stdlib decode + re-encode that strips EXIF and rejects anything
that isn't valid JPEG/PNG. Size cap 2 MB, random 16-byte filenames
- GET /events/{id}/branding (viewer+) returns the row plus the
AllowedFonts list so the frontend picker stays in sync
- PUT /events/{id}/branding (editor+) validates hex colours, font
allowlist, and refuses image URLs whose path doesn't start with
/uploads/ (blocks arbitrary-origin <img> smuggling on guest pages)
- POST /uploads/image (authed) → fresh CDN URL; GET /uploads/{file}
serves with year-long cache (immutable random names)
- GET /access/{token} now embeds the host's branding so the RSVP page
can render in their colours/font with their logo + cover
- docker-compose mounts a named volume for uploads
- Custom-domain sub-block deferred to Tier 3 per the plan
Frontend
- BrandingCard.vue: colour pickers, font dropdown, logo + cover upload
with progressive disclosure, live preview pane that re-renders on
every keystroke
- RSVP page applies branding via CSS vars at the section root, so
primary colour theme + font cascade through every child card. Cover
image renders as a banner above the form; logo lands in the header
- Submit button background switches to var(--brand-primary) when set
- Mounted on the event detail page below the guests block
Plus the small UX fixes from the e2e walkthrough:
- Nav: dropped the top-level "Events" link; the logo doubles as the
home affordance (→ /dashboard when signed in, → / otherwise). Account
+ Billing + Sign out live under a profile dropdown (avatar with
initials, opens on click, closes on outside-click / Esc / route nav)
- Renamed "Back to dashboard" → "Back to events" across event detail,
billing, account, and new-event pages
Tests
- TestBrandingGetReturnsDefaults / TestBrandingPutPersists /
TestBrandingPutRejectsBadInputs / TestUploadAndServeImage /
TestUploadRejectsNonImage — all pass
- Domain tests for IsValidHexColor + IsAllowedFont
- Full integration suite green (176s)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/alchemistkay/guestguard/internal/notification"
|
||||
"github.com/alchemistkay/guestguard/internal/ratelimit"
|
||||
"github.com/alchemistkay/guestguard/internal/storage"
|
||||
"github.com/alchemistkay/guestguard/internal/uploads"
|
||||
)
|
||||
|
||||
type Server struct {
|
||||
@@ -38,6 +39,8 @@ type Server struct {
|
||||
privacy *privacyHandler
|
||||
collabs *collaboratorHandler
|
||||
analytics *analyticsHandler
|
||||
branding *brandingHandler
|
||||
uploads *uploadHandler
|
||||
}
|
||||
|
||||
type ServerDeps struct {
|
||||
@@ -77,6 +80,13 @@ type ServerDeps struct {
|
||||
// system still boots and runs, all users sit on the free tier with
|
||||
// its limits enforced; /billing/* returns 503.
|
||||
StripeClient *billing.Client
|
||||
|
||||
// Uploads (Tier 2 Block D). UploadsDir is where the LocalFSStore
|
||||
// writes images; UploadsPublicURL is the base prefix the API will
|
||||
// serve them under. Both empty means uploads are disabled (POST
|
||||
// /uploads/image returns 503).
|
||||
UploadsDir string
|
||||
UploadsPublicURL string
|
||||
}
|
||||
|
||||
func NewServer(deps ServerDeps) (*Server, error) {
|
||||
@@ -89,6 +99,18 @@ func NewServer(deps ServerDeps) (*Server, error) {
|
||||
collabRepo := storage.NewCollaboratorRepo(deps.DB)
|
||||
inviteRepo := storage.NewInviteRepo(deps.DB)
|
||||
analyticsRepo := storage.NewAnalyticsRepo(deps.DB)
|
||||
brandingRepo := storage.NewBrandingRepo(deps.DB)
|
||||
|
||||
// Branding image store. Empty UploadsDir leaves it nil and the upload
|
||||
// + serve handlers report 503, so the rest of the service keeps
|
||||
// working in stripped-down environments.
|
||||
var imageStore uploads.ImageStore
|
||||
if deps.UploadsDir != "" {
|
||||
imageStore = &uploads.LocalFSStore{
|
||||
Dir: deps.UploadsDir,
|
||||
PublicBase: deps.UploadsPublicURL,
|
||||
}
|
||||
}
|
||||
verifRepo := storage.NewEmailVerificationRepo(deps.DB)
|
||||
resetRepo := storage.NewPasswordResetRepo(deps.DB)
|
||||
refreshRepo := storage.NewRefreshTokenRepo(deps.DB)
|
||||
@@ -168,6 +190,7 @@ func NewServer(deps ServerDeps) (*Server, error) {
|
||||
accessLogs: accessRepo,
|
||||
rsvps: rsvpRepo,
|
||||
collabs: collabRepo,
|
||||
branding: brandingRepo,
|
||||
gen: auth.NewGenerator(),
|
||||
ttl: deps.TokenTTL,
|
||||
pub: deps.AccessPublisher,
|
||||
@@ -225,6 +248,17 @@ func NewServer(deps ServerDeps) (*Server, error) {
|
||||
repo: analyticsRepo,
|
||||
redis: deps.Redis,
|
||||
},
|
||||
branding: &brandingHandler{
|
||||
logger: deps.Logger,
|
||||
events: eventRepo,
|
||||
collabs: collabRepo,
|
||||
repo: brandingRepo,
|
||||
store: imageStore,
|
||||
},
|
||||
uploads: &uploadHandler{
|
||||
logger: deps.Logger,
|
||||
store: imageStore,
|
||||
},
|
||||
collabs: &collaboratorHandler{
|
||||
logger: deps.Logger,
|
||||
events: eventRepo,
|
||||
@@ -322,6 +356,19 @@ func (s *Server) Handler() http.Handler {
|
||||
mux.Handle("GET /events/{id}/analytics/export.csv",
|
||||
authed(http.HandlerFunc(s.analytics.exportCSV)))
|
||||
|
||||
// Block D — event branding. Reads are viewer+; PUT is editor+. The
|
||||
// upload endpoint is gated by auth only (any signed-in user can mint
|
||||
// an image URL; the URL is no use without an event they can edit
|
||||
// branding on).
|
||||
mux.Handle("GET /events/{id}/branding", authed(http.HandlerFunc(s.branding.get)))
|
||||
mux.Handle("PUT /events/{id}/branding", authed(http.HandlerFunc(s.branding.put)))
|
||||
mux.Handle("POST /uploads/image",
|
||||
authed(rl("uploads_image", 30, time.Hour, userIDKey, http.HandlerFunc(s.uploads.post))))
|
||||
// Public read — the guest RSVP page fetches the host's logo + cover
|
||||
// without auth. Heavy cache; no rate limiter (one-time fetch per
|
||||
// guest, behind the CDN in prod anyway).
|
||||
mux.HandleFunc("GET /uploads/{filename}", s.uploads.serve)
|
||||
|
||||
// Block C — collaborators (multi-host). All under /events/{id}/collaborators.
|
||||
// requireRole inside each handler enforces the right minimum role.
|
||||
mux.Handle("GET /events/{id}/collaborators",
|
||||
@@ -342,6 +389,14 @@ func (s *Server) Handler() http.Handler {
|
||||
mux.Handle("POST /invites/{token}/accept",
|
||||
authed(http.HandlerFunc(s.collabs.acceptInvite)))
|
||||
|
||||
// Self-service invite inbox: bypasses the email-token round-trip so a
|
||||
// user who lost the invite tab after email verification can still
|
||||
// accept from their dashboard.
|
||||
mux.Handle("GET /me/invites",
|
||||
authed(http.HandlerFunc(s.collabs.myInvites)))
|
||||
mux.Handle("POST /me/invites/{event_id}/accept",
|
||||
authed(http.HandlerFunc(s.collabs.acceptForEvent)))
|
||||
|
||||
mux.Handle("POST /events/{id}/guests/{guest_id}/tokens",
|
||||
authed(rl("tokens_issue", 500, 24*time.Hour, userIDKey, http.HandlerFunc(s.tokens.issue))))
|
||||
mux.Handle("POST /events/{id}/guests/{guest_id}/tokens/rotate",
|
||||
|
||||
Reference in New Issue
Block a user