Skip to content

Feat/invites#227

Draft
IamKirbki wants to merge 19 commits intomainfrom
feat/invites
Draft

Feat/invites#227
IamKirbki wants to merge 19 commits intomainfrom
feat/invites

Conversation

@IamKirbki
Copy link
Copy Markdown
Contributor

@IamKirbki IamKirbki commented May 1, 2026

feat: project invite system (#218)

This adds a full invite system for projects, allowing admins to invite users by email with a configurable role and expiry.

Backend

  • New project_invites table with token, nonce, role, expiry, and revoke/accept timestamps
  • Invite tokens are AES-256-GCM encrypted at rest using a configurable INVITES_SECRET_KEY, with the decrypted token exposed to the frontend for URL use
  • Re-encrypting the token with the original nonce allows querying the DB without storing plaintext tokens
  • Creating an invite auto-revokes any existing pending invite for the same email + project combo
  • New endpoints: create, list (with filters), accept, revoke, and a public get-details endpoint that requires no auth
  • GetProject and ListProjects now scope to the requesting admin via project_admins, replacing the previous org-scoped query and hardcoded "admin" role
  • Added ProjectRoleTuples helper and invites resource to the RBAC model (admin-only)
  • Auth middleware now supports both RS256 (Clerk/JWKS) and HS256 (basic) tokens simultaneously via a multiKeyfunc

Frontend

  • New invite management page under project settings with search, filters (status, role, expiry, inviter), pagination, and copy link / revoke actions
  • New AcceptInvite page at /invites/:token handles unauthenticated users (login/register prompt), wrong account detection, and auto-accept after registration via ?autoAccept=1
  • New /register route wrapping Clerk's SignUp
  • Axios interceptor updated to skip redirect on 401 for public invite routes and requests flagged with skipAuthRedirect
  • Token + nonce are mashed into a single URL-safe base64 string on the frontend for use in invite links

IamKirbki and others added 13 commits April 20, 2026 15:05
@IamKirbki
feat: add migration for project_invites table creation and deletion
f0352bb
@IamKirbki
feat: implement project invite creation functionality
73e20bb
@IamKirbki
feat: add project invite management functionality
c02d596 
- Introduced ProjectInviteListResponse model for listing project invites.
- Added ListProjectInvitesParams for pagination support in listing invites.
- Implemented RevokeProjectInvite, ListProjectInvites, AcceptProjectInvite, and GetInviteDetails methods in the Client interface.
- Created corresponding request and response parsing functions for project invite operations.
- Enhanced AdminsStore with HardDeleteProjectAdmin method for direct deletion of project admins.
- Expanded InvitesStore with methods to handle project invites: GetInviteByToken, AcceptProjectInvite, RevokeProjectInvite, and ListProjectInvites.
- Updated database migration to enforce unique constraint on invite tokens.
@IamKirbki
feat: add project invite management features
93c6e9c 
- Added a new "Invites" section in the settings menu with a UserPlus icon.
- Enhanced user search functionality in the ListDetail component.
- Updated OrganizationEventRuleEdit to improve accessibility with better aria-labels.
- Modified the InviteController to support filtering project invites by status, role, and expiration dates.
- Updated OpenAPI resources to include new query parameters for invite management.
- Refactored invite handling in the management store to support new filtering options.
- Changed database table references from "invites" to "project_invites" for clarity.
- Implemented revoke project invite functionality with proper middleware handling.
@IamKirbki
feat: add inviter admin email and filter to project invites management
212801b
@IamKirbki
feat: implement project invite acceptance and registration flow
3d1d15c 
Co-authored-by: Copilot <copilot@github.com>
@IamKirbki
feat: update project invite roles and permissions, enhance role hiera…
d3d41d0 
…rchy logic

Co-authored-by: Copilot <copilot@github.com>
@IamKirbki
feat: update project roles and permissions, remove owner role from ce…
c988724 
…rtain contexts

Co-authored-by: Copilot <copilot@github.com>
@IamKirbki
feat: remove owner role from project roles and update imports in Invi…
7f6dcd6 
…teDialog
@IamKirbki
feat(invites): enhance project invite system with encryption of the t…
ec1f820 
…okens

- Updated API paths to accept a combined token and nonce pair for invite acceptance and revocation.
- Modified ProjectInvite interface to include nonce.
- Implemented nonce generation and encryption in the invite creation process.
- Adjusted database schema to store nonce alongside the invite token.
- Enhanced invite handling logic to support nonce verification during acceptance and revocation.
- Updated frontend components to handle the new token-nonce structure.
- Added necessary environment configurations for invite secret key.

Co-authored-by: Copilot <copilot@github.com>
@IamKirbki
feat(invites): refactor invite handling logic and enhance role manage…
293ce5e 
…ment for project admins
@IamKirbki
Hotfix: hopefully fixed the tests
f9b548a
@IamKirbki
feat: removed the default role in the oapi function on projects.go
a586a45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@IamKirbki