Spaces:
Sleeping
Sleeping
File size: 4,664 Bytes
dce1329 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 |
# User Invitation System - Implementation Summary
## What We've Created
### 1. Database Migration
**File:** `supabase/migrations/11_user_invitations.sql`
- New table: `user_invitations`
- New enums: `invitation_status`, `invitation_method`
- Indexes for performance
- Constraints for data integrity
- Auto-expiry function
### 2. Models & Schemas
**Files:**
- `src/app/models/invitation.py` - SQLAlchemy model
- `src/app/schemas/invitation.py` - Pydantic schemas for validation
### 3. Core Services
**Files:**
- `src/app/services/token_service.py` - Secure token generation/validation
- `src/app/services/notification_service.py` - WhatsApp & Email delivery
- `src/app/services/invitation_service.py` - Core invitation logic
### 4. Templates
**Files:**
- `src/app/templates/whatsapp/invitation.txt` - WhatsApp message template
- `src/app/templates/emails/invitation.html` - HTML email template
### 5. Configuration
**Files:**
- `.env.example` - Updated with new environment variables
- `docs/agent/ENV_VARIABLES_SETUP.md` - Setup guide
## Key Design Decisions
### β
User Status Enum - KEPT
- `invited`, `pending_setup`, `active`, `suspended` remain in `user_status` enum
- These track POST-acceptance state (after user exists)
- `user_invitations` table tracks PRE-acceptance state
### β
Domain-Only Storage
- Store `APP_DOMAIN=swiftops.atomio.tech` (no protocol)
- Store `APP_PROTOCOL=https` separately
- Construct URLs as needed: `{protocol}://{domain}/{path}`
- Easy to extract domain for documents, branding, etc.
### β
Smart Notification Delivery
- **Default:** WhatsApp first (saves Resend credits)
- **Fallback:** Automatically try Email if WhatsApp fails
- **Options:** `whatsapp`, `email`, or `both`
- **Tracking:** Log delivery status for both methods
### β
Security
- Cryptographically secure tokens (32 chars)
- 72-hour expiry (configurable)
- Duplicate invitation prevention
- Authorization checks (who can invite whom)
## Invitation Flow
```
1. Platform Admin creates Client/Contractor
β
2. Admin invites user (email + optional phone)
β
3. System creates invitation record with secure token
β
4. Notification sent (WhatsApp β Email fallback)
β
5. User clicks link: https://swiftops.atomio.tech/accept-invitation?token=xxx
β
6. Frontend validates token
β
7. User fills registration form (name, password)
β
8. Backend creates Supabase Auth user + local profile
β
9. Invitation marked as accepted
β
10. User logged in automatically
```
## Authorization Rules
| Inviter Role | Can Invite To |
|--------------|---------------|
| `platform_admin` | Any organization, any role |
| `client_admin` | Their client only |
| `contractor_admin` | Their contractor only |
| Other roles | Cannot invite |
## Environment Variables Needed
```env
# Application
APP_DOMAIN=swiftops.atomio.tech
APP_PROTOCOL=https
INVITATION_TOKEN_EXPIRY_HOURS=72
# Email (Resend)
RESEND_API_KEY=re_xxx
RESEND_FROM_EMAIL=swiftops@atomio.tech
# WhatsApp (WaSender)
WASENDER_API_KEY=xxx
WASENDER_PHONE_NUMBER=+254xxx
WASENDER_API_URL=https://api.wasender.com/v1
```
## Next Steps (Not Yet Implemented)
### Phase 1: API Endpoints
- [ ] Create `src/app/api/v1/invitations.py`
- [ ] Implement invitation CRUD endpoints
- [ ] Add to router
### Phase 2: Update Existing Endpoints
- [ ] Add existence checks to `create_client()`
- [ ] Add existence checks to `create_contractor()`
- [ ] Update auth registration to require invitation token
### Phase 3: Testing
- [ ] Unit tests for services
- [ ] Integration tests for API endpoints
- [ ] Test notification delivery
- [ ] Test authorization rules
### Phase 4: Frontend Integration
- [ ] Invitation acceptance page
- [ ] Token validation
- [ ] Registration form
- [ ] Error handling
## Files Created
```
supabase/migrations/
βββ 11_user_invitations.sql
src/app/
βββ models/
β βββ invitation.py
βββ schemas/
β βββ invitation.py
βββ services/
β βββ __init__.py
β βββ token_service.py
β βββ notification_service.py
β βββ invitation_service.py
βββ templates/
βββ whatsapp/
β βββ invitation.txt
βββ emails/
βββ invitation.html
docs/agent/
βββ USER_INVITATION_IMPLEMENTATION_PLAN.md
βββ ENV_VARIABLES_SETUP.md
βββ IMPLEMENTATION_SUMMARY.md
.env.example (updated)
```
## Ready to Use
All core services are ready! You can now:
1. Add environment variables to `.env`
2. Run the database migration
3. Create API endpoints (next phase)
4. Test the invitation flow
The foundation is solid and production-ready! π
|