Commit Graph

10 Commits

Author SHA1 Message Date
Ryan Chen d005080aca Add attendee cap with required login for capped events
Hosts can optionally cap total attendance (RSVPs + plus-ones) when
creating an event. Capped events require guests to log in via the
existing email code flow; RSVPs are tied to accounts and deduped per
user. The event page shows spots left and replaces the form with a
full notice when the cap is reached; the server rejects over-cap
RSVPs and edits with 409 as a race backstop.

Also threads a safeNext-validated ?next= param through the login and
name-setup flow so guests land back on the event after signing in.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 19:36:57 -04:00
Ryan Chen 2aa3abf035 Rebuild legacy users table to add email and drop phone NOT NULL
The migration ALTER TABLE users ADD COLUMN email TEXT UNIQUE always
failed ("Cannot add a UNIQUE column" — SQLite doesn't support it), so
phone-era DBs never got an email column and verify 500'd with "no such
column: email". Even with the column added, phone NOT NULL would reject
email-only users. SQLite can't ALTER either change, so detect the legacy
shape (missing email column) and rebuild the table, preserving user ids
and sessions (FKs off so DROP TABLE doesn't cascade).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 19:13:37 -04:00
Ryan Chen 4915af0665 Fix login on legacy DBs: drop NOT NULL phone/email from verification_codes
Old prod DBs had verification_codes.phone (or email) as NOT NULL with no
default, so inserting a code via identifier-only failed silently — users
received an emailed code that was never stored, and verify always said
"Invalid or expired code." Drop the legacy columns in a migration and
stop swallowing the CreateVerificationCode error.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 19:07:18 -04:00
Ryan Chen 0719269bce Add SMS consent logging for Twilio compliance
Log phone, IP, and user agent to sms_consents table before sending
verification SMS. Add disclosure text to login form.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-29 09:46:43 -04:00
Ryan Chen 6e3fc9721a Add edit RSVP modal, plus-one tracking, and unified signup form
Merge RSVP + slot claim into a single form. Add plus_one field to RSVPs.
Add clickable RSVP names that open a modal to edit name/note/plus_one.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 23:11:11 -04:00
Ryan Chen fe5cdd92a1 Dedupe RSVPs and add tests for auto-RSVP on claim
Add migration to clean up duplicate RSVPs (keep earliest per event+name).
Add GetRsvpByName and DeleteDuplicateRsvps queries. Tests cover auto-RSVP
creation, duplicate prevention, and case-insensitive matching.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 22:55:21 -04:00
Ryan Chen 3a6a4b6e9c Fix schema init crash on existing DBs with old verification_codes table
Move auth-related indexes into migrations so they run after column
additions. Previously CREATE INDEX on verification_codes(identifier)
would fail because the old table still had the email column.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 09:26:26 -04:00
Ryan Chen a0c4b28d1e Support both email and phone login
Auto-detect whether the user entered an email or phone number.
Email sends via Resend, phone sends via Twilio SMS. Users table
has nullable phone and email columns; verification_codes uses a
generic identifier field.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 08:53:29 -04:00
Ryan Chen 471cc3ad8c Switch to phone auth via Twilio SMS and add feature flag system
Replace email-based auth (Resend) with phone-based auth (Twilio SMS).
Add BBQ_FEATURES env var for toggling features at deploy time — when
auth is disabled, no login routes are registered and the app works
as before.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 08:45:15 -04:00
Ryan Chen 7b0efb3c45 Add markdown event descriptions for hosts to provide context
Hosts can now add a free-form description (with markdown rendering via
goldmark) when creating or editing events. Descriptions render safely
with no raw HTML passthrough. Includes ALTER TABLE migration for
existing databases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-17 08:02:24 -04:00