Kwaku Danso
3973e4058d
Events can now have multiple users with distinct roles:
owner — manage collaborators, delete event, full access
editor — manage guests, tokens, CSV import, patch event
viewer — read-only access to everything
Schema (migration 0008)
- collaborator_role ENUM + event_collaborators + collaborator_invites
- Backfill: every existing events.host_id becomes an owner row
- EventRepo.Create seeds the owner row in the same transaction so
no future event can exist without one
Authz
- New requireRole(eventID, userID, minRole) helper. Non-members 404;
insufficient role 403. Replaces requireEventOwner across every
shared-role handler (events.get/update, guests CRUD, tokens issue/
rotate/bulk, csv preview/commit/template, activity, ws-ticket)
- events.delete + collaborator management stay owner-only
- GET /events lists every event the user has any role on
- /events/{id} response now embeds your_role for UI branching
Collaborator endpoints
- GET /events/{id}/collaborators (viewer+)
- POST /events/{id}/collaborators (owner) — sends invite email
- PATCH /events/{id}/collaborators/{user_id} (owner) — role change
- DELETE /events/{id}/collaborators/{user_id} (owner) — refuses last owner
- DELETE /events/{id}/collaborators/pending (owner) — cancel invite
- GET /invites/{token} (public) — preview summary
- POST /invites/{token}/accept (authed) — atomic accept
Invitations
- SHA-256 hashed in DB; raw value only lives in the email link
- 7-day TTL, single-use, email-bound (caller's email must match)
- New SendCollaboratorInvite on auth.EmailSender + Resend/SMTP/SES
senders + log stub; collaborator_invite.html/txt branded template
Frontend
- TeamCard.vue on the event detail page: lists collaborators with
inline role-change + remove, pending-invites with cancel, invite
modal (email + role). Owner-only actions hidden for editors/viewers
- /invites/[token] accept page: shows invite summary, prompts signup
or sign-in with pre-filled email, refuses mismatched accounts
Tests (all 6 pass on the existing testcontainers harness)
- backfill: legacy host gets owner role
- role enforcement: viewer can read, editor can write guests but not
delete/manage team, non-member 404s everywhere
- last-owner removal refused (400)
- shared events show up in collaborator's /events list
- invite flow: create → preview → accept → role granted → replay 410
- email mismatch on accept returns 403
- expired invite returns 410
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
150 lines
4.7 KiB
Go
150 lines
4.7 KiB
Go
package notification
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/aws/aws-sdk-go-v2/aws"
|
|
awsconfig "github.com/aws/aws-sdk-go-v2/config"
|
|
"github.com/aws/aws-sdk-go-v2/service/sesv2"
|
|
"github.com/aws/aws-sdk-go-v2/service/sesv2/types"
|
|
)
|
|
|
|
// SESConfig is the surface area for picking an SES sender. ConfigurationSet
|
|
// is optional but recommended in production — it's where bounce + complaint
|
|
// SNS topics get wired so the webhook handler has something to consume.
|
|
type SESConfig struct {
|
|
Region string
|
|
FromEmail string
|
|
FromName string
|
|
ConfigurationSet string
|
|
PublicBaseURL string // for unsubscribe links in templates
|
|
}
|
|
|
|
// SESEmailSender sends transactional emails (verification + reset for the
|
|
// auth flows, plus invitation/confirmation/reminder for guests) via Amazon
|
|
// SESv2. The same client serves both audiences so callers don't end up
|
|
// with two SES configurations to maintain.
|
|
type SESEmailSender struct {
|
|
client *sesv2.Client
|
|
tpls *Templates
|
|
from string
|
|
configSet *string
|
|
baseURL string
|
|
}
|
|
|
|
// NewSESEmailSender returns a configured SES sender, or an error if the
|
|
// AWS SDK can't bootstrap. The caller typically constructs this once at
|
|
// startup and reuses it for the lifetime of the process.
|
|
func NewSESEmailSender(ctx context.Context, cfg SESConfig, tpls *Templates) (*SESEmailSender, error) {
|
|
if cfg.FromEmail == "" {
|
|
return nil, fmt.Errorf("ses: FromEmail required")
|
|
}
|
|
if cfg.Region == "" {
|
|
cfg.Region = "us-east-1"
|
|
}
|
|
|
|
awsCfg, err := awsconfig.LoadDefaultConfig(ctx, awsconfig.WithRegion(cfg.Region))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("ses: load aws config: %w", err)
|
|
}
|
|
client := sesv2.NewFromConfig(awsCfg)
|
|
|
|
from := cfg.FromEmail
|
|
if cfg.FromName != "" {
|
|
from = fmt.Sprintf("%s <%s>", cfg.FromName, cfg.FromEmail)
|
|
}
|
|
var cs *string
|
|
if cfg.ConfigurationSet != "" {
|
|
cs = aws.String(cfg.ConfigurationSet)
|
|
}
|
|
|
|
return &SESEmailSender{
|
|
client: client,
|
|
tpls: tpls,
|
|
from: from,
|
|
configSet: cs,
|
|
baseURL: strings.TrimRight(cfg.PublicBaseURL, "/"),
|
|
}, nil
|
|
}
|
|
|
|
// --- auth.EmailSender implementation ---
|
|
|
|
// SendVerification renders the verification template and posts it to SES.
|
|
func (s *SESEmailSender) SendVerification(ctx context.Context, to, name, link string) error {
|
|
return s.sendTemplated(ctx, to, "Verify your GuestGuard email",
|
|
TmplVerification, map[string]any{
|
|
"Name": name,
|
|
"Link": link,
|
|
})
|
|
}
|
|
|
|
// SendPasswordReset renders the reset template and posts it to SES.
|
|
func (s *SESEmailSender) SendPasswordReset(ctx context.Context, to, name, link string) error {
|
|
return s.sendTemplated(ctx, to, "Reset your GuestGuard password",
|
|
TmplPasswordReset, map[string]any{
|
|
"Name": name,
|
|
"Link": link,
|
|
"ExpiryHumane": "1 hour",
|
|
})
|
|
}
|
|
|
|
// SendCollaboratorInvite renders the team-invite template and posts it to SES.
|
|
func (s *SESEmailSender) SendCollaboratorInvite(ctx context.Context, to, inviterName, eventName, role, link string) error {
|
|
return s.sendTemplated(ctx, to,
|
|
inviterName+" invited you to "+eventName,
|
|
TmplCollaboratorInvite, map[string]any{
|
|
"InviterName": inviterName,
|
|
"EventName": eventName,
|
|
"Role": role,
|
|
"Link": link,
|
|
})
|
|
}
|
|
|
|
// SendGuest is used by the notifier worker for invitation / confirmation /
|
|
// reminder emails — anything addressed at a guest.
|
|
func (s *SESEmailSender) SendGuest(ctx context.Context, to, subject string, name TemplateName, data map[string]any) (providerMessageID string, err error) {
|
|
return s.sendTemplatedReturnID(ctx, to, subject, name, data)
|
|
}
|
|
|
|
// --- internals ---
|
|
|
|
func (s *SESEmailSender) sendTemplated(ctx context.Context, to, subject string, name TemplateName, data map[string]any) error {
|
|
_, err := s.sendTemplatedReturnID(ctx, to, subject, name, data)
|
|
return err
|
|
}
|
|
|
|
func (s *SESEmailSender) sendTemplatedReturnID(ctx context.Context, to, subject string, name TemplateName, data map[string]any) (string, error) {
|
|
if data == nil {
|
|
data = map[string]any{}
|
|
}
|
|
data["Subject"] = subject
|
|
html, text, err := s.tpls.Render(name, data)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
out, err := s.client.SendEmail(ctx, &sesv2.SendEmailInput{
|
|
FromEmailAddress: aws.String(s.from),
|
|
Destination: &types.Destination{ToAddresses: []string{to}},
|
|
ConfigurationSetName: s.configSet,
|
|
Content: &types.EmailContent{
|
|
Simple: &types.Message{
|
|
Subject: &types.Content{Data: aws.String(subject), Charset: aws.String("UTF-8")},
|
|
Body: &types.Body{
|
|
Html: &types.Content{Data: aws.String(html), Charset: aws.String("UTF-8")},
|
|
Text: &types.Content{Data: aws.String(text), Charset: aws.String("UTF-8")},
|
|
},
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return "", fmt.Errorf("ses: send: %w", err)
|
|
}
|
|
if out.MessageId == nil {
|
|
return "", nil
|
|
}
|
|
return *out.MessageId, nil
|
|
}
|