feat: implement invite links (resolve #624)

config.default.yml

@@ -67,6 +67,7 @@ security:
   insecure_cookies: true                # should be set to 'false', except when not running with HTTPS (e.g. on localhost)
   cookie_max_age: 172800
   allow_signup: true
+  invite_codes: true                    # whether to enable invite codes for overriding disabled signups
   disable_frontpage: false
   expose_metrics: false
   enable_proxy: false                   # only intended for production instance at wakapi.dev

config/config.go

@@ -37,6 +37,7 @@ const (
 	KeyFirstHeartbeat               = "first_heartbeat"
 	KeySubscriptionNotificationSent = "sub_reminder"
 	KeyNewsbox                      = "newsbox"
+	KeyInviteCode                   = "invite"
 
 	SessionKeyDefault = "default"
 
@@ -104,6 +105,7 @@ type appConfig struct {
 
 type securityConfig struct {
 	AllowSignup      bool `yaml:"allow_signup" default:"true" env:"WAKAPI_ALLOW_SIGNUP"`
+	InviteCodes      bool `yaml:"invite_codes" default:"true" env:"WAKAPI_INVITE_CODES"`
 	ExposeMetrics    bool `yaml:"expose_metrics" default:"false" env:"WAKAPI_EXPOSE_METRICS"`
 	EnableProxy      bool `yaml:"enable_proxy" default:"false" env:"WAKAPI_ENABLE_PROXY"` // only intended for production instance at wakapi.dev
 	DisableFrontpage bool `yaml:"disable_frontpage" default:"false" env:"WAKAPI_DISABLE_FRONTPAGE"`

main.go

@@ -241,7 +241,7 @@ func main() {
 	subscriptionHandler := routes.NewSubscriptionHandler(userService, mailService, keyValueService)
 	projectsHandler := routes.NewProjectsHandler(userService, heartbeatService)
 	homeHandler := routes.NewHomeHandler(userService, keyValueService)
-	loginHandler := routes.NewLoginHandler(userService, mailService)
+	loginHandler := routes.NewLoginHandler(userService, mailService, keyValueService)
 	imprintHandler := routes.NewImprintHandler(keyValueService)
 	leaderboardHandler := condition.TernaryOperator[bool, routes.Handler](config.App.LeaderboardEnabled, routes.NewLeaderboardHandler(userService, leaderboardService), routes.NewNoopHandler())
 

models/user.go

@@ -39,6 +39,7 @@ type User struct {
 	SubscribedUntil     *CustomTime `json:"-" gorm:"swaggertype:"string" format:"date" example:"2006-01-02 15:04:05.000"`
 	SubscriptionRenewal *CustomTime `json:"-" gorm:"swaggertype:"string" format:"date" example:"2006-01-02 15:04:05.000"`
 	StripeCustomerId    string      `json:"-"`
+	InvitedBy           string      `json:"-"`
 }
 
 type Login struct {
@@ -52,6 +53,8 @@ type Signup struct {
 	Password       string `schema:"password"`
 	PasswordRepeat string `schema:"password_repeat"`
 	Location       string `schema:"location"`
+	InviteCode     string `schema:"invite_code"`
+	InvitedBy      string `schema:"-"`
 }
 
 type SetPasswordRequest struct {

models/view/login.go

@@ -4,6 +4,7 @@ type LoginViewModel struct {
 	Messages
 	TotalUsers  int
 	AllowSignup bool
+	InviteCode  string
 }
 
 type SetPasswordViewModel struct {

models/view/settings.go

@@ -18,6 +18,8 @@ type SettingsViewModel struct {
 	SupportContact      string
 	LeaderboardEnabled  bool
 	ApiKey              string
+	InvitesEnabled      bool
+	InviteLink          string
 }
 
 type SettingsVMCombinedAlias struct {

models/view/summary.go

@@ -20,6 +20,7 @@ type SummaryViewModel struct {
 	UserFirstData       time.Time
 	DataRetentionMonths int
 	LeaderboardEnabled  bool
+	InvitesEnabled      bool
 }
 
 func (s SummaryViewModel) UserDataExpiring() bool {

repositories/user.go

@@ -148,6 +148,7 @@ func (r *UserRepository) Update(user *models.User) (*models.User, error) {
 		"subscribed_until":     user.SubscribedUntil,
 		"subscription_renewal": user.SubscriptionRenewal,
 		"stripe_customer_id":   user.StripeCustomerId,
+		"invited_by":           user.InvitedBy,
 	}
 
 	result := r.db.Model(user).Updates(updateMap)

routes/login.go

@@ -14,20 +14,23 @@ import (
 	"github.com/muety/wakapi/utils"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 )
 
 type LoginHandler struct {
-	config   *conf.Config
-	userSrvc services.IUserService
-	mailSrvc services.IMailService
+	config       *conf.Config
+	userSrvc     services.IUserService
+	mailSrvc     services.IMailService
+	keyValueSrvc services.IKeyValueService
 }
 
-func NewLoginHandler(userService services.IUserService, mailService services.IMailService) *LoginHandler {
+func NewLoginHandler(userService services.IUserService, mailService services.IMailService, keyValueService services.IKeyValueService) *LoginHandler {
 	return &LoginHandler{
-		config:   conf.Get(),
-		userSrvc: userService,
-		mailSrvc: mailService,
+		config:       conf.Get(),
+		userSrvc:     userService,
+		mailSrvc:     mailService,
+		keyValueSrvc: keyValueService,
 	}
 }
 
@@ -151,7 +154,19 @@ func (h *LoginHandler) PostSignup(w http.ResponseWriter, r *http.Request) {
 		loadTemplates()
 	}
 
-	if !h.config.IsDev() && !h.config.Security.AllowSignup {
+	var signup models.Signup
+	if err := r.ParseForm(); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("missing parameters"))
+		return
+	}
+	if err := signupDecoder.Decode(&signup, r.PostForm); err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("missing parameters"))
+		return
+	}
+
+	if !h.config.IsDev() && !h.config.Security.AllowSignup && (!h.config.Security.InviteCodes || signup.InviteCode == "") {
 		w.WriteHeader(http.StatusForbidden)
 		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("registration is disabled on this server"))
 		return
@@ -162,18 +177,29 @@ func (h *LoginHandler) PostSignup(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var signup models.Signup
-	if err := r.ParseForm(); err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("missing parameters"))
-		return
+	var invitedBy string
+	var invitedDate time.Time
+	var inviteCodeKey = fmt.Sprintf("%s_%s", conf.KeyInviteCode, signup.InviteCode)
+
+	if kv, _ := h.keyValueSrvc.GetString(inviteCodeKey); kv != nil && kv.Value != "" {
+		if parts := strings.Split(kv.Value, ","); len(parts) == 2 {
+			invitedBy = parts[0]
+			invitedDate, _ = time.Parse(conf.SimpleDateFormat, parts[1])
+		}
+
+		if err := h.keyValueSrvc.DeleteString(inviteCodeKey); err != nil {
+			conf.Log().Error("failed to revoke %s", inviteCodeKey)
+		}
 	}
-	if err := signupDecoder.Decode(&signup, r.PostForm); err != nil {
-		w.WriteHeader(http.StatusBadRequest)
-		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("missing parameters"))
+
+	if signup.InviteCode != "" && time.Since(invitedDate) > 24*time.Hour {
+		w.WriteHeader(http.StatusForbidden)
+		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("invite code invalid or expired"))
 		return
 	}
 
+	signup.InvitedBy = invitedBy
+
 	if !signup.IsValid() {
 		w.WriteHeader(http.StatusBadRequest)
 		templates[conf.SignupTemplate].Execute(w, h.buildViewModel(r, w).WithError("invalid parameters"))
@@ -332,6 +358,7 @@ func (h *LoginHandler) buildViewModel(r *http.Request, w http.ResponseWriter) *v
 	vm := &view.LoginViewModel{
 		TotalUsers:  int(numUsers),
 		AllowSignup: h.config.IsDev() || h.config.Security.AllowSignup,
+		InviteCode:  r.URL.Query().Get("invite"),
 	}
 	return routeutils.WithSessionMessages(vm, r, w)
 }

routes/routes.go

@@ -4,7 +4,6 @@ import (
 	"github.com/duke-git/lancet/v2/strutil"
 	"github.com/muety/wakapi/helpers"
 	"html/template"
-	"net/http"
 	"strings"
 
 	"github.com/duke-git/lancet/v2/datetime"
@@ -14,8 +13,6 @@ import (
 	"github.com/muety/wakapi/views"
 )
 
-type action func(w http.ResponseWriter, r *http.Request) (int, string, string)
-
 var templates map[string]*template.Template
 
 func Init() {