add invite to space feature

2026-01-14 21:11:16 +00:00 · 2026-01-14 21:11:16 +00:00 · 4d6e6799a0
commit 4d6e6799a0
parent 109821d0a0
10 changed files with 407 additions and 8 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -21,6 +21,7 @@ type App struct {
 	TagService          *service.TagService
 	ShoppingListService *service.ShoppingListService
 	ExpenseService      *service.ExpenseService
 	InviteService       *service.InviteService
 }
 func New(cfg *config.Config) (*App, error) {
@ -45,6 +46,7 @@ func New(cfg *config.Config) (*App, error) {
 	shoppingListRepository := repository.NewShoppingListRepository(database)
 	listItemRepository := repository.NewListItemRepository(database)
 	expenseRepository := repository.NewExpenseRepository(database)
 	invitationRepository := repository.NewInvitationRepository(database)
 	// Services
 	userService := service.NewUserService(userRepository)
@ -71,6 +73,7 @@ func New(cfg *config.Config) (*App, error) {
 	tagService := service.NewTagService(tagRepository)
 	shoppingListService := service.NewShoppingListService(shoppingListRepository, listItemRepository)
 	expenseService := service.NewExpenseService(expenseRepository)
 	inviteService := service.NewInviteService(invitationRepository, spaceRepository, userRepository, emailService)
 	return &App{
 		Cfg:                 cfg,
@ -83,6 +86,7 @@ func New(cfg *config.Config) (*App, error) {
 		TagService:          tagService,
 		ShoppingListService: shoppingListService,
 		ExpenseService:      expenseService,
 		InviteService:       inviteService,
 	}, nil
 }
 func (a *App) Close() error {
--- a/internal/db/migrations/00008_create_space_invitations_table.sql
+++ b/internal/db/migrations/00008_create_space_invitations_table.sql
@ -0,0 +1,25 @@
 -- +goose Up
 -- +goose StatementBegin
 CREATE TABLE IF NOT EXISTS space_invitations (
    token TEXT PRIMARY KEY NOT NULL,
    space_id TEXT NOT NULL,
    inviter_id TEXT NOT NULL,
    email TEXT NOT NULL,
    status TEXT NOT NULL CHECK (status IN ('pending', 'accepted', 'expired')),
    expires_at TIMESTAMP NOT NULL,
    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (space_id) REFERENCES spaces(id) ON DELETE CASCADE,
    FOREIGN KEY (inviter_id) REFERENCES users(id) ON DELETE CASCADE
 );
 CREATE INDEX IF NOT EXISTS idx_space_invitations_email ON space_invitations(email);
 CREATE INDEX IF NOT EXISTS idx_space_invitations_space_id ON space_invitations(space_id);
 -- +goose StatementEnd
 -- +goose Down
 -- +goose StatementBegin
 DROP INDEX IF EXISTS idx_space_invitations_space_id;
 DROP INDEX IF EXISTS idx_space_invitations_email;
 DROP TABLE IF EXISTS space_invitations;
 -- +goose StatementEnd
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@ -16,10 +16,11 @@ import (
 type authHandler struct {
 	authService   *service.AuthService
 	inviteService *service.InviteService
 }
-func NewAuthHandler(authService *service.AuthService) *authHandler {
+func NewAuthHandler(authService *service.AuthService, inviteService *service.InviteService) *authHandler {
-	return &authHandler{authService: authService}
+	return &authHandler{authService: authService, inviteService: inviteService}
 }
 func (h *authHandler) AuthPage(w http.ResponseWriter, r *http.Request) {
@ -88,6 +89,28 @@ func (h *authHandler) VerifyMagicLink(w http.ResponseWriter, r *http.Request) {
 	h.authService.SetJWTCookie(w, jwtToken, time.Now().Add(7*24*time.Hour))
 	// Check for pending invite
 	inviteCookie, err := r.Cookie("pending_invite")
 	if err == nil && inviteCookie.Value != "" {
 		spaceID, err := h.inviteService.AcceptInvite(inviteCookie.Value, user.ID)
 		if err != nil {
 			slog.Error("failed to process pending invite", "error", err, "token", inviteCookie.Value)
 			// Don't fail the login, just maybe notify user?
 		} else {
 			slog.Info("accepted pending invite", "user_id", user.ID, "space_id", spaceID)
 			// Clear cookie
 			http.SetCookie(w, &http.Cookie{
 				Name:     "pending_invite",
 				Value:    "",
 				Path:     "/",
 				MaxAge:   -1,
 				HttpOnly: true,
 			})
 			// If we want to redirect to the space immediately, we can.
 			// But check onboarding first.
 		}
 	}
 	needsOnboarding, err := h.authService.NeedsOnboarding(user.ID)
 	if err != nil {
 		slog.Warn("failed to check onboarding status", "error", err, "user_id", user.ID)
--- a/internal/handler/space.go
+++ b/internal/handler/space.go
@ -20,14 +20,16 @@ type SpaceHandler struct {
 	tagService     *service.TagService
 	listService    *service.ShoppingListService
 	expenseService *service.ExpenseService
 	inviteService  *service.InviteService
 }
-func NewSpaceHandler(ss *service.SpaceService, ts *service.TagService, sls *service.ShoppingListService, es *service.ExpenseService) *SpaceHandler {
+func NewSpaceHandler(ss *service.SpaceService, ts *service.TagService, sls *service.ShoppingListService, es *service.ExpenseService, is *service.InviteService) *SpaceHandler {
 	return &SpaceHandler{
 		spaceService:   ss,
 		tagService:     ts,
 		listService:    sls,
 		expenseService: es,
 		inviteService:  is,
 	}
 }
@ -353,3 +355,57 @@ func (h *SpaceHandler) CreateExpense(w http.ResponseWriter, r *http.Request) {
 	ui.Render(w, r, pages.ExpenseCreatedResponse(newExpense, balance))
 }
 func (h *SpaceHandler) CreateInvite(w http.ResponseWriter, r *http.Request) {
 	spaceID := r.PathValue("spaceID")
 	user := ctxkeys.User(r.Context())
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, "Bad Request", http.StatusBadRequest)
 		return
 	}
 	email := r.FormValue("email")
 	if email == "" {
 		http.Error(w, "Email is required", http.StatusBadRequest)
 		return
 	}
 	_, err := h.inviteService.CreateInvite(spaceID, user.ID, email)
 	if err != nil {
 		slog.Error("failed to create invite", "error", err, "space_id", spaceID)
 		http.Error(w, "Failed to create invite", http.StatusInternalServerError)
 		return
 	}
 	// TODO: Return a nice UI response (toast or list update)
 	w.Write([]byte("Invitation sent!"))
 }
 func (h *SpaceHandler) JoinSpace(w http.ResponseWriter, r *http.Request) {
 	token := r.PathValue("token")
 	user := ctxkeys.User(r.Context())
 	if user != nil {
 		spaceID, err := h.inviteService.AcceptInvite(token, user.ID)
 		if err != nil {
 			slog.Error("failed to accept invite", "error", err, "token", token)
 			http.Error(w, "Failed to join space: "+err.Error(), http.StatusBadRequest)
 			return
 		}
 		http.Redirect(w, r, "/app/spaces/"+spaceID, http.StatusSeeOther)
 		return
 	}
 	// Not logged in: set cookie and redirect to auth
 	http.SetCookie(w, &http.Cookie{
 		Name:     "pending_invite",
 		Value:    token,
 		Path:     "/",
 		Expires:  time.Now().Add(1 * time.Hour),
 		HttpOnly: true,
 		SameSite: http.SameSiteLaxMode,
 	})
 	http.Redirect(w, r, "/auth?invite=true", http.StatusTemporaryRedirect)
 }
--- a/internal/model/invitation.go
+++ b/internal/model/invitation.go
@ -0,0 +1,22 @@
 package model
 import "time"
 type InvitationStatus string
 const (
 	InvitationStatusPending  InvitationStatus = "pending"
 	InvitationStatusAccepted InvitationStatus = "accepted"
 	InvitationStatusExpired  InvitationStatus = "expired"
 )
 type SpaceInvitation struct {
 	Token     string           `db:"token"`
 	SpaceID   string           `db:"space_id"`
 	InviterID string           `db:"inviter_id"`
 	Email     string           `db:"email"`
 	Status    InvitationStatus `db:"status"`
 	ExpiresAt time.Time        `db:"expires_at"`
 	CreatedAt time.Time        `db:"created_at"`
 	UpdatedAt time.Time        `db:"updated_at"`
 }
--- a/internal/repository/invitation.go
+++ b/internal/repository/invitation.go
@ -0,0 +1,67 @@
 package repository
 import (
 	"database/sql"
 	"errors"
 	"git.juancwu.dev/juancwu/budgit/internal/model"
 	"github.com/jmoiron/sqlx"
 )
 var (
 	ErrInvitationNotFound = errors.New("invitation not found")
 )
 type InvitationRepository interface {
 	Create(invitation *model.SpaceInvitation) error
 	GetByToken(token string) (*model.SpaceInvitation, error)
 	GetBySpaceID(spaceID string) ([]*model.SpaceInvitation, error)
 	UpdateStatus(token string, status model.InvitationStatus) error
 	Delete(token string) error
 }
 type invitationRepository struct {
 	db *sqlx.DB
 }
 func NewInvitationRepository(db *sqlx.DB) InvitationRepository {
 	return &invitationRepository{db: db}
 }
 func (r *invitationRepository) Create(invitation *model.SpaceInvitation) error {
 	query := `
 		INSERT INTO space_invitations (token, space_id, inviter_id, email, status, expires_at, created_at, updated_at)
 		VALUES (:token, :space_id, :inviter_id, :email, :status, :expires_at, :created_at, :updated_at)
 	`
 	_, err := r.db.NamedExec(query, invitation)
 	return err
 }
 func (r *invitationRepository) GetByToken(token string) (*model.SpaceInvitation, error) {
 	var invitation model.SpaceInvitation
 	query := `SELECT * FROM space_invitations WHERE token = $1`
 	err := r.db.Get(&invitation, query, token)
 	if err == sql.ErrNoRows {
 		return nil, ErrInvitationNotFound
 	}
 	return &invitation, err
 }
 func (r *invitationRepository) GetBySpaceID(spaceID string) ([]*model.SpaceInvitation, error) {
 	var invitations []*model.SpaceInvitation
 	query := `SELECT * FROM space_invitations WHERE space_id = $1 ORDER BY created_at DESC`
 	err := r.db.Select(&invitations, query, spaceID)
 	return invitations, err
 }
 func (r *invitationRepository) UpdateStatus(token string, status model.InvitationStatus) error {
 	query := `UPDATE space_invitations SET status = $1, updated_at = CURRENT_TIMESTAMP WHERE token = $2`
 	_, err := r.db.Exec(query, status, token)
 	return err
 }
 func (r *invitationRepository) Delete(token string) error {
 	query := `DELETE FROM space_invitations WHERE token = $1`
 	_, err := r.db.Exec(query, token)
 	return err
 }
--- a/internal/routes/routes.go
+++ b/internal/routes/routes.go
@ -11,10 +11,10 @@ import (
 )
 func SetupRoutes(a *app.App) http.Handler {
-	auth := handler.NewAuthHandler(a.AuthService)
+	auth := handler.NewAuthHandler(a.AuthService, a.InviteService)
 	home := handler.NewHomeHandler()
 	dashboard := handler.NewDashboardHandler()
-	space := handler.NewSpaceHandler(a.SpaceService, a.TagService, a.ShoppingListService, a.ExpenseService)
+	space := handler.NewSpaceHandler(a.SpaceService, a.TagService, a.ShoppingListService, a.ExpenseService, a.InviteService)
 	mux := http.NewServeMux()
@ -103,6 +103,13 @@ func SetupRoutes(a *app.App) http.Handler {
 	createExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createExpenseHandler)
 	mux.Handle("POST /app/spaces/{spaceID}/expenses", createExpenseWithAccess)
 	// Invite routes
 	createInviteHandler := middleware.RequireAuth(space.CreateInvite)
 	createInviteWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createInviteHandler)
 	mux.Handle("POST /app/spaces/{spaceID}/invites", createInviteWithAccess)
 	mux.HandleFunc("GET /join/{token}", space.JoinSpace)
 	// 404
 	mux.HandleFunc("/{path...}", home.NotFoundPage)
--- a/internal/service/email.go
+++ b/internal/service/email.go
@ -201,6 +201,29 @@ func (s *EmailService) SendWelcomeEmail(email, name string) error {
 	return err
 }
 func (s *EmailService) SendInvitationEmail(email, spaceName, inviterName, token string) error {
 	inviteURL := fmt.Sprintf("%s/join/%s", s.appURL, token)
 	subject, body := invitationEmailTemplate(spaceName, inviterName, inviteURL, s.appName)
 	if !s.isProd {
 		slog.Info("email sent (dev mode)", "type", "invitation", "to", email, "subject", subject, "url", inviteURL)
 		return nil
 	}
 	params := &EmailParams{
 		From:    s.fromEmail,
 		To:      []string{email},
 		Subject: subject,
 		Text:    body,
 	}
 	_, err := s.client.SendWithContext(context.Background(), params)
 	if err == nil {
 		slog.Info("email sent", "type", "invitation", "to", email)
 	}
 	return err
 }
 func magicLinkEmailTemplate(magicURL, appName string) (string, string) {
 	subject := fmt.Sprintf("Sign in to %s", appName)
 	body := fmt.Sprintf(`Click this link to sign in to your account:
@ -231,3 +254,20 @@ The %s Team`, name, dashboardURL, appName)
 	return subject, body
 }
 func invitationEmailTemplate(spaceName, inviterName, inviteURL, appName string) (string, string) {
 	subject := fmt.Sprintf("%s invited you to join %s on %s", inviterName, spaceName, appName)
 	body := fmt.Sprintf(`Hi,
 %s has invited you to join the space "%s" on %s.
 Click the link below to accept the invitation:
 %s
 If you don't have an account, you will be asked to create one.
 Best,
 The %s Team`, inviterName, spaceName, appName, inviteURL, appName)
 	return subject, body
 }
--- a/internal/service/invite.go
+++ b/internal/service/invite.go
@ -0,0 +1,112 @@
 package service
 import (
 	"errors"
 	"time"
 	"git.juancwu.dev/juancwu/budgit/internal/model"
 	"git.juancwu.dev/juancwu/budgit/internal/repository"
 	"git.juancwu.dev/juancwu/budgit/internal/utils"
 )
 type InviteService struct {
 	inviteRepo repository.InvitationRepository
 	spaceRepo  repository.SpaceRepository
 	userRepo   repository.UserRepository
 	emailSvc   *EmailService
 }
 func NewInviteService(ir repository.InvitationRepository, sr repository.SpaceRepository, ur repository.UserRepository, es *EmailService) *InviteService {
 	return &InviteService{
 		inviteRepo: ir,
 		spaceRepo:  sr,
 		userRepo:   ur,
 		emailSvc:   es,
 	}
 }
 func (s *InviteService) CreateInvite(spaceID, inviterID, email string) (*model.SpaceInvitation, error) {
 	// Check if space exists
 	space, err := s.spaceRepo.ByID(spaceID)
 	if err != nil {
 		return nil, err
 	}
 	// Check if inviter is member/owner of space? (Ideally yes, but for now assuming caller checks permissions)
 	// Check if user is already a member
 	// This would require a method on SpaceRepo or SpaceService.
 	// For now, let's proceed.
 	token := utils.RandomID() // Or a more secure token generator
 	expiresAt := time.Now().Add(48 * time.Hour)
 	invitation := &model.SpaceInvitation{
 		Token:     token,
 		SpaceID:   spaceID,
 		InviterID: inviterID,
 		Email:     email,
 		Status:    model.InvitationStatusPending,
 		ExpiresAt: expiresAt,
 		CreatedAt: time.Now(),
 		UpdatedAt: time.Now(),
 	}
 	if err := s.inviteRepo.Create(invitation); err != nil {
 		return nil, err
 	}
 	// Get inviter name
 	inviter, err := s.userRepo.ByID(inviterID)
 	inviterName := "Someone"
 	if err == nil {
 		inviterName = inviter.Email // Or Name if available
 		// Get profile for better name?
 	}
 	// Send Email
 	go s.emailSvc.SendInvitationEmail(email, space.Name, inviterName, token)
 	return invitation, nil
 }
 func (s *InviteService) AcceptInvite(token, userID string) (string, error) {
 	invite, err := s.inviteRepo.GetByToken(token)
 	if err != nil {
 		return "", err
 	}
 	if invite.Status != model.InvitationStatusPending {
 		return "", errors.New("invitation is not pending")
 	}
 	if time.Now().After(invite.ExpiresAt) {
 		s.inviteRepo.UpdateStatus(token, model.InvitationStatusExpired)
 		return "", errors.New("invitation expired")
 	}
 	// Add user to space
 	err = s.spaceRepo.AddMember(invite.SpaceID, userID, model.RoleMember)
 	if err != nil {
 		return "", err
 	}
 	return invite.SpaceID, s.inviteRepo.UpdateStatus(token, model.InvitationStatusAccepted)
 }
 func (s *InviteService) GetPendingInvites(spaceID string) ([]*model.SpaceInvitation, error) {
 	// Filter for pending only in memory or repo?
 	// Repo returns all.
 	all, err := s.inviteRepo.GetBySpaceID(spaceID)
 	if err != nil {
 		return nil, err
 	}
 	var pending []*model.SpaceInvitation
 	for _, inv := range all {
 		if inv.Status == model.InvitationStatusPending {
 			pending = append(pending, inv)
 		}
 	}
 	return pending, nil
 }
--- a/internal/ui/pages/app_space_dashboard.templ
+++ b/internal/ui/pages/app_space_dashboard.templ
@ -2,13 +2,56 @@ package pages
 import (
 	"git.juancwu.dev/juancwu/budgit/internal/model"
 	"git.juancwu.dev/juancwu/budgit/internal/ui/components/button"
 	"git.juancwu.dev/juancwu/budgit/internal/ui/components/csrf"
 	"git.juancwu.dev/juancwu/budgit/internal/ui/components/dialog"
 	"git.juancwu.dev/juancwu/budgit/internal/ui/components/input"
 	"git.juancwu.dev/juancwu/budgit/internal/ui/layouts"
 )
 templ SpaceDashboardPage(space *model.Space, lists []*model.ShoppingList, tags []*model.Tag) {
 	@layouts.Space("Dashboard", space) {
 		<div class="space-y-4">
 			<div class="flex justify-between items-center">
 				<h1 class="text-2xl font-bold">Welcome to { space.Name }!</h1>
 				@dialog.Dialog(dialog.Props{ ID: "invite-member-dialog" }) {
 					@dialog.Trigger() {
 						@button.Button() {
 							Invite Member
 						}
 					}
 					@dialog.Content() {
 						@dialog.Header() {
 							@dialog.Title() { Invite Member }
 							@dialog.Description() {
 								Send an invitation email to add a new member to this space.
 							}
 						}
 						<form
 							hx-post={ "/app/spaces/" + space.ID + "/invites" }
 							hx-swap="innerHTML"
 							class="space-y-4"
 						>
 							@csrf.Token()
 							<div>
 								<label for="email" class="label">Email Address</label>
 								@input.Input(input.Props{
 									Name: "email",
 									ID: "email",
 									Type: "email",
 									Attributes: templ.Attributes{"required": "true"},
 								})
 							</div>
 							<div class="flex justify-end">
 								@button.Button(button.Props{ Type: button.TypeSubmit }) {
 									Send Invitation
 								}
 							</div>
 						</form>
 					}
 				}
 			</div>
 			<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
 				// Shopping Lists section
 				<div class="border rounded-lg p-4">