✨ Feat: restrict authentication to waitlist users and contributors (#434)

* refactor: separate waitlist types and add status field to support invites

* feat: add waitlist invitation functionality with tests and error handling

* feat: add isInvited endpoint to check waitlist invitation status

* fix: use explicit $eq operator in MongoDB queries for email matching

* ✨ Add waitlist check route (#438)

* ✨ feat: update waitlist route

* test: remove redundant waitlist controller test

* docs: fix line wrapping in README sign in instructions

* ✨ Add waitlist check to sign in flow (#441)

* ✨ feat: update waitlist route

* test: remove redundant waitlist controller test

* docs: fix line wrapping in README sign in instructions

* feat: add waitlist status check and UI to login flow

* refactor: streamline login flow with waitlist integration and improved error handling

* feat: redesign waitlist links with vertical layout and hover effects

* feat: implement waitlist status check flow with new UI components

* feat: implement waitlist status check and invite-only login flow

* feat: add special waitlist access for marco@polo.co and trim email inputs

* feat: add special waitlist access for marco@polo.co and trim email inputs

* docs: add instructions for bypassing waitlist with test email in production

Author: tyler-dane

README.md

@@ -62,6 +62,10 @@ All the info you'd need to get started is at [docs.compasscalendar.com](https://
 
 🔵 [Production App](https://app.compasscalendar.com) (Closed beta)
 
+Compass sign in is currently limited to emails that have been invited from our waitlist. If you're running the app locally, this restriction is skipped so contributors can get started right away.
+
+To skip the waitlist, enter `marco@polo.co` when prompted for an email at the login screen. Then enter your Google credentials to sign in. This is a temporary hack to allow contributors to test the app in production before going through the whole local setup process.
+
 🎬 [Compass on YouTube](https://youtube.com/playlist?list=PLPQAVocXPdjmYaPM9MXzplcwgoXZ_yPiJ&si=jssXj_g9kln8Iz_w)
 
 ✍ [Compass Blog](https://www.compasscalendar.com/post/compass-is-open-source)

packages/backend/src/__tests__/helpers/mock.db.setup.ts

@@ -93,7 +93,6 @@ export async function setupTestDb(): Promise<TestSetup> {
   // Create waitlist user
   await mongoService.waitlist.insertOne({
     email,
-    waitlistedAt: new Date().toISOString(),
     schemaVersion: "0",
     source: "other",
     firstName: "Test",
@@ -102,6 +101,8 @@ export async function setupTestDb(): Promise<TestSetup> {
     howClearAboutValues: "not-clear",
     workingTowardsMainGoal: "yes",
     isWillingToShare: false,
+    status: "waitlisted",
+    waitlistedAt: new Date().toISOString(),
   });
 
   return { mongoServer, mongoClient, db, userId: userId.toString(), email };

packages/backend/src/common/errors/waitlist/waitlist.errors.ts

@@ -0,0 +1,20 @@
+import { Status } from "@core/errors/status.codes";
+import { ErrorMetadata } from "@backend/common/types/error.types";
+
+interface WaitlistErrors {
+  DuplicateEmail: ErrorMetadata;
+  NotOnWaitlist: ErrorMetadata;
+}
+
+export const WaitlistError: WaitlistErrors = {
+  DuplicateEmail: {
+    description: "Email is already on waitlist",
+    status: Status.BAD_REQUEST,
+    isOperational: true,
+  },
+  NotOnWaitlist: {
+    description: "Email is not on waitlist",
+    status: Status.NOT_FOUND,
+    isOperational: true,
+  },
+};

…t/controller/waitlist.controller.test.ts …ntroller/waitlist.controller-add.test.tspackages/backend/src/waitlist/controller/waitlist.controller.test.ts renamed to packages/backend/src/waitlist/controller/waitlist.controller-add.test.ts packages/backend/src/waitlist/controller/waitlist.controller.test.ts renamed to packages/backend/src/waitlist/controller/waitlist.controller-add.test.ts

@@ -1,5 +1,5 @@
 import request from "supertest";
-import { Schema_Waitlist } from "@core/types/waitlist/waitlist.types";
+import type { Answers } from "@core/types/waitlist/waitlist.answer.types";
 
 describe("POST /api/waitlist", () => {
   beforeEach(() => {
@@ -41,7 +41,7 @@ describe("POST /api/waitlist", () => {
     app.use(express.json());
     app.post("/api/waitlist", WaitlistController.addToWaitlist);
 
-    const answers: Schema_Waitlist = {
+    const answers: Answers = {
       source: "social-media",
       firstName: "Jo",
       lastName: "Schmo",
@@ -50,7 +50,6 @@ describe("POST /api/waitlist", () => {
       howClearAboutValues: "not-clear",
       workingTowardsMainGoal: "yes",
       isWillingToShare: false,
-      waitlistedAt: new Date().toISOString(),
       schemaVersion: "0",
     };
     const res = await request(app).post("/api/waitlist").send(answers);
@@ -70,7 +69,7 @@ describe("POST /api/waitlist", () => {
     app.use(express.json());
     app.post("/api/waitlist", WaitlistController.addToWaitlist);
 
-    const answers: Schema_Waitlist = {
+    const answers: Answers = {
       source: "other",
       firstName: "Jo",
       lastName: "Schmo",
@@ -79,7 +78,6 @@ describe("POST /api/waitlist", () => {
       howClearAboutValues: "not-clear",
       workingTowardsMainGoal: "yes",
       isWillingToShare: false,
-      waitlistedAt: new Date().toISOString(),
       schemaVersion: "0",
     };
     const res = await request(app).post("/api/waitlist").send(answers);

packages/backend/src/waitlist/controller/waitlist.controller-check.test.ts

@@ -0,0 +1,86 @@
+import request from "supertest";
+
+describe("GET /api/waitlist", () => {
+  beforeEach(() => {
+    jest.resetModules();
+    jest.clearAllMocks();
+  });
+
+  it("should return 400 if email is invalid", async () => {
+    // Arrange
+    jest.doMock("../service/waitlist.service", () => ({
+      __esModule: true,
+      default: {
+        isInvited: jest.fn(),
+        isOnWaitlist: jest.fn(),
+      },
+    }));
+    const { WaitlistController } = await import("./waitlist.controller");
+    const express = (await import("express")).default;
+    const app = express();
+    app.use(express.json());
+    app.get("/api/waitlist", WaitlistController.status);
+
+    // Act
+    const res = await request(app).get("/api/waitlist").query({ email: "" });
+
+    // Assert
+    expect(res.status).toBe(400);
+    expect(res.error).toBeDefined();
+  });
+
+  it("should return true if email was invited", async () => {
+    // Arrange
+    jest.doMock("../service/waitlist.service", () => ({
+      __esModule: true,
+      default: {
+        isInvited: jest.fn().mockResolvedValue(true), // user is invited
+        isOnWaitlist: jest.fn().mockResolvedValue(true), // user is waitlisted
+      },
+    }));
+    const { WaitlistController } = await import("./waitlist.controller");
+    const express = (await import("express")).default;
+    const app = express();
+    app.use(express.json());
+    app.get("/api/waitlist", WaitlistController.status);
+
+    // Act
+    const res = await request(app)
+      .get("/api/waitlist")
+      .query({ email: "was-invited@bar.com" });
+
+    // Assert
+    expect(res.status).toBe(200);
+    const data = res.body;
+    expect(data.isInvited).toBeDefined();
+    expect(data.isInvited).toBe(true);
+  });
+
+  it("should return false if email was not invited", async () => {
+    // Arrange
+    jest.doMock("../service/waitlist.service", () => ({
+      __esModule: true,
+      default: {
+        isInvited: jest.fn().mockResolvedValue(false), // user is not invited
+        isOnWaitlist: jest.fn().mockResolvedValue(false), // user is not waitlisted
+      },
+    }));
+    const { WaitlistController } = await import("./waitlist.controller");
+    const express = (await import("express")).default;
+    const app = express();
+    app.use(express.json());
+    app.get("/api/waitlist", WaitlistController.status);
+
+    // Act
+    const res = await request(app)
+      .get("/api/waitlist")
+      .query({ email: "not-invited@bar.com" });
+
+    // Assert
+    expect(res.status).toBe(200);
+    const data = res.body;
+    expect(data.isInvited).toBeDefined();
+    expect(data.isInvited).toBe(false);
+    expect(data.isOnWaitlist).toBe(false);
+  });
+});

packages/backend/src/waitlist/controller/waitlist.controller.ts

@@ -1,10 +1,8 @@
 import { Request, Response } from "express";
 import { BaseError } from "@core/errors/errors.base";
 import { Logger } from "@core/logger/winston.logger";
-import {
-  AnswerMap,
-  Schema_Waitlist,
-} from "@core/types/waitlist/waitlist.types";
+import { AnswerMap } from "@core/types/waitlist/waitlist.answer.types";
+import { Schema_Waitlist } from "@core/types/waitlist/waitlist.types";
 import { isMissingWaitlistTagId } from "@backend/common/constants/env.util";
 import WaitlistService from "../service/waitlist.service";
 
@@ -49,4 +47,50 @@ export class WaitlistController {
       return res.status(500).json({ error: "Server error" });
     }
   }
+
+  static async isInvited(
+    req: Request<unknown, unknown, unknown, { email: string }>,
+    res: Response<{ isInvited: boolean }>,
+  ) {
+    const email = req.query.email;
+    if (!email) {
+      logger.error("Could not check if invited due to missing request email");
+      return res.status(400).json({
+        isInvited: false,
+      });
+    }
+
+    const isInvited = await WaitlistService.isInvited(email);
+    return res.status(200).json({ isInvited });
+  }
+
+  static async isOnWaitlist(
+    req: Request<unknown, unknown, unknown, { email: string }>,
+    res: Response<{ isOnWaitlist: boolean }>,
+  ) {
+    const email = req.query.email;
+    if (!email) {
+      logger.error("Could not check waitlist due to missing request email");
+      return res.status(400).json({ isOnWaitlist: false });
+    }
+
+    const isOnWaitlist = await WaitlistService.isOnWaitlist(email);
+    return res.status(200).json({ isOnWaitlist });
+  }
+  static async status(
+    req: Request<unknown, unknown, unknown, { email: string }>,
+    res: Response<{ isOnWaitlist: boolean; isInvited: boolean }>,
+  ) {
+    const email = req.query.email;
+    if (!email) {
+      logger.error("Could not check waitlist due to missing request email");
+      return res.status(400).json({ isOnWaitlist: false, isInvited: false });
+    }
+
+    const [isOnWaitlist, isInvited] = await Promise.all([
+      WaitlistService.isOnWaitlist(email),
+      WaitlistService.isInvited(email),
+    ]);
+    return res.status(200).json({ isOnWaitlist, isInvited });
+  }
 }

packages/backend/src/waitlist/repo/waitlist.repo.ts

@@ -1,13 +1,68 @@
-import { Schema_Waitlist } from "@core/types/waitlist/waitlist.types";
+import {
+  Result_InviteToWaitlist,
+  Schema_Waitlist,
+} from "@core/types/waitlist/waitlist.types";
+import { error } from "@backend/common/errors/handlers/error.handler";
+import { WaitlistError } from "@backend/common/errors/waitlist/waitlist.errors";
 import mongoService from "@backend/common/services/mongo.service";
 
 export class WaitlistRepository {
   static async addToWaitlist(record: Schema_Waitlist) {
     return mongoService.waitlist.insertOne(record);
   }
 
+  static async invite(email: string): Promise<Result_InviteToWaitlist> {
+    const isOnWaitlist = await this.isAlreadyOnWaitlist(email);
+    if (!isOnWaitlist) {
+      throw error(WaitlistError.NotOnWaitlist, "Email is not on waitlist");
+    }
+
+    const result = await mongoService.waitlist.updateOne(
+      { email: { $eq: email } },
+      { $set: { status: "invited" } },
+    );
+
+    const invited = result.modifiedCount === 1;
+    return {
+      status: invited ? "invited" : "ignored",
+    };
+  }
+
   static async isAlreadyOnWaitlist(email: string) {
-    const match = await mongoService.waitlist.find({ email }).toArray();
+    const match = await mongoService.waitlist
+      .find({ email: { $eq: email } })
+      .toArray();
     return match.length > 0;
   }
+
+  static async isInvited(email: string) {
+    const record = await this._getWaitlistRecord(email);
+
+    if (!record) {
+      return false;
+    }
+
+    return record.status === "invited";
+  }
+
+  private static async _getWaitlistRecord(
+    email: string,
+  ): Promise<Schema_Waitlist | null> {
+    // Fetch up to 2 records to efficiently check for duplicates.
+    const matches = await mongoService.waitlist
+      .find({ email: { $eq: email } })
+      .limit(2)
+      .toArray();
+
+    if (matches.length > 1) {
+      throw error(WaitlistError.DuplicateEmail, "Unique email not returned");
+    }
+
+    if (matches.length === 0) {
+      return null; // No waitlist entry found for this email
+    }
+
+    // Exactly one match found
+    return matches[0] as Schema_Waitlist;
+  }
 }

…aitlist/service/waitlist.service.test.ts …ist/service/waitlist.service-add.test.tspackages/backend/src/waitlist/service/waitlist.service.test.ts renamed to packages/backend/src/waitlist/service/waitlist.service-add.test.ts packages/backend/src/waitlist/service/waitlist.service.test.ts renamed to packages/backend/src/waitlist/service/waitlist.service-add.test.ts

@@ -1,7 +1,4 @@
-import {
-  Result_Waitlist,
-  Schema_Waitlist,
-} from "@core/types/waitlist/waitlist.types";
+import { Result_Waitlist } from "@core/types/waitlist/waitlist.types";
 import {
   getEmailsOnWaitlist,
   isEmailOnWaitlist,
@@ -11,52 +8,8 @@ import {
   cleanupTestMongo,
   setupTestDb,
 } from "@backend/__tests__/helpers/mock.db.setup";
-import EmailService from "../../email/email.service";
 import WaitlistService from "./waitlist.service";
-
-const answer: Schema_Waitlist = {
-  firstName: "Jo",
-  lastName: "Schmo",
-  source: "other",
-  email: "joe@schmo.com",
-  currentlyPayingFor: undefined,
-  howClearAboutValues: "not-clear",
-  workingTowardsMainGoal: "yes",
-  isWillingToShare: false,
-  waitlistedAt: new Date().toISOString(),
-  schemaVersion: "0",
-};
-
-// Mock emailer API calls
-jest.spyOn(EmailService, "upsertSubscriber").mockResolvedValue({
-  subscriber: {
-    id: 1,
-    first_name: answer.firstName,
-    email_address: answer.email,
-    state: "active",
-    created_at: new Date().toISOString(),
-    fields: {
-      "Last name": answer.lastName,
-      Birthday: "1970-01-01",
-      Source: answer.source,
-    },
-  },
-});
-jest.spyOn(EmailService, "addTagToSubscriber").mockResolvedValue({
-  subscriber: {
-    id: 1,
-    first_name: answer.firstName,
-    email_address: answer.email,
-    state: "active",
-    created_at: new Date().toISOString(),
-    tagged_at: new Date().toISOString(),
-    fields: {
-      "Last name": answer.lastName,
-      Birthday: "1970-01-01",
-      Source: answer.source,
-    },
-  },
-});
+import { answer } from "./waitlist.service.test-setup";
 
 describe("addToWaitlist", () => {
   let setup: Awaited<ReturnType<typeof setupTestDb>>;