soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

huge documentaton restructure for docusaurus

Browse Source
This commit is contained in:
Codex Agent
2025-11-20 10:44:29 +01:00
parent 0127114e59
commit 6afa44d947
87 changed files with 18867 additions and 4102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/archive/process/todo/event-join-token-hardening.md Normal file
View File

@@ -0,0 +1,39 @@
# Event Join Token Hardening TODO
## Goal
Replace slug-based guest access with opaque, revocable join tokens and provide printable QR layouts tied to those tokens.
## Status (Stand 12.10.2025)
- **Phase 1 Data & Backend:** vollständig abgeschlossen.
- **Phase 2 Guest PWA:** Aufgaben zu Fehlerzuständen und Regressionstests noch offen.
- **Phase 3 Tenant Admin UX:** Layout-Downloads und Abschaltung des alten Slug-QR-Flows noch offen.
- **Phase 4 Migration & Cleanup:** alle Aufgaben offen.
## Phase 1 Data & Backend
- [x] Create `event_join_tokens` table (token, event_id, usage_limit/count, expires_at, revoked_at, created_by).
- [x] Add Eloquent model + relations (`Event::joinTokens()`), factory, and seed helper.
- [x] Implement service for token generation/rotation (secure RNG, audit logging).
- [x] Expose tenant API endpoints for listing/creating/revoking tokens.
- [x] Introduce middleware/controller updates so guest API resolves `/e/{token}` → event.
- [x] Add rate limiting + logging for invalid token attempts.
## Phase 2 Guest PWA
- [x] Update router and data loaders to use `:token` paths.
- [x] Adjust storage/cache keys to use token identifiers.
- [x] Display friendly error states for expired/invalid tokens.
- [x] Regression-test photo upload, likes, and stats flows via token.
## Phase 3 Tenant Admin UX
- [x] Build “QR & Invites” management UI (list tokens, usage stats, rotate/revoke).
- [x] Hook Filament action + PWA screens to call new token endpoints.
- [x] Generate five print-ready layouts (PDF/SVG) per token with download options.
- [x] Deprecate slug-based QR view; link tenants to new flow.
## Phase 4 Migration & Cleanup
- [x] Remove slug parameters from public endpoints (legacy slug URLs now return invalid_token).
- [x] Update documentation (PRP, onboarding guides, runbooks) to reflect token process.
- [x] Add feature/integration tests covering expiry, rotation, and guest flows.
## Open Questions
- Decide on default token lifetime and rotation cadence.
- Confirm whether guest tokens should embed locale or package metadata.