release nfc checkin (#302)

* feat: complete webhook and add auto assign commands

* feat: create endpoint for discord bot and event listener to add auto add role

* actual update

* refactor: old implementation reworked to use endpoints from api

* chore: remove old db file

* chore: remove gemini api key requirement

* fix: revert accounts go sqlc version

* fix: rename hacker_role to role

* fix: refactor code to get event role by discord and event id

* Check in scanner (#284)

* feat: qr code generation for frontend

* temp: adding api for checkin

* temp: some frontend changes

* fix: remove useless intents

* temp: get user with event info

* temp: modal for checking in and rfid hidden text input

* temp: check in modal;

* feat: check in scanner

* fix: remove event id tests from intents (#285)

* fix/parse intents tests (#286)

* fix: remove event id tests from intents

* fix: remove dangling component

* chore: change to to be announced (#287)

* feat: add event id when calling endpoint

* fix: sqlc generate, deleted large bin file

* Stanley/basic bot structure (#216)

* chore(env): setup development and production python venvs

* feat: add message trigger command for bot

* Create readme.md (#3)

* chore: complete merge conflict and rebase

* chore: rewrite readme

* feat: add regex to identify potential scam/spam messages in antiSpam cog

* refactor: organize and break up functions, add detailed comments, add remove role command

* refactor: include direction in readme to select interpreter and add any pycache or venvs file types to gitignore

* feat: create panel command and reusable buttons added

* feat: update anti_spam to have new spam detection, add support cog with request features

* add mentor role functions and rework ticket panel

* feat: implement round-robin for pinging available mentors

* feat: make threads archived, add limits to user inputs, clear selection options

* feat: add mod command to grant user access to private vcs

* feat: add command to create a support vc

* fix: create the logs folder if it does not exist

* feat: add command to prompt gemini and integrate uv as new package manager

* chore: add llm command since it did not add in merge

* feat: update readme with new uv commands

* feat: add structured output for llm

* feat: make mod role based on perms and not rely on config

* chore: add docstrings for each function describing their purposes

* feat: create first iteration of workflow for discord bot

* feat: push workflow file

* fix: update dev yml file for discord

* feat: add join button to reports embed

* feat: create fastapi backend to add check user in server api

* refactor: abstract role names to roles_config file

* feat: update round robin logic and renew api token

* feat: create announcement command

* fix: update announcemnet command to allow mentions

* refactor: rename support vcs category

* fix: add is mod slash function back

* Update .gitignore

* Delete apps/discord-bot/uv.lock

---------

Co-authored-by: Phoenix <71522316+h1divp@users.noreply.github.com>
Co-authored-by: Stanley Ke <stanleyke@Mac.lan>
Co-authored-by: Stanley <ke.st@ufl.edu>

* Redemptions (#288)

* Table Migration

* SQLC Go functions

* Backend Scaffolding

* Basic CRUD operations + Refactor API

* Fixed repo level issue + finished logic

* Small Push

* Remigrate

Deleted and remigrated a migration to avoid bugs from merging dev

* Redeemables UI

* Update Modal + QR Code

QR is untested currently

* Slight UI Adjustment + Deletion

* UI Adjustment

* Clarified Redemption Info

* Documentation

* UpdateRedemption missing body fix

* 1 line bug fix

* Cleaner handlers uuid parsing + qr throttling

* feat: resume downloader script; fix: add to gitignore (#289)

* fix: injected services (#290)

* feat: welcome email release (#291)

* feat: QueueWelcomeEmail api route, handler and service

* refactor: pass template data in struct

* fix: property names

* feat: qr image generation, upload, link generation, and welcome email queue

* feat: get slice of attendee userIds, added route to send all welcome emails; fixes: various

* qr code fixes (#293)

* feat: QueueWelcomeEmail api route, handler and service

* refactor: pass template data in struct

* fix: property names

* feat: qr image generation, upload, link generation, and welcome email queue

* feat: get slice of attendee userIds, added route to send all welcome emails; fixes: various

* fix: error msg, email template

* feat: err log on empty contact email and continue loop

* fix: dont break loop

* feat: change 72 hours to 24 in email (#296)

* Redeemablebugfixes (#297)

* Everything except prettifying the overview page

* Made overview page a little more paletable

* Include full id

* Checkin check before scanning qr code

* Update sqlc

* feat: production github workflow and docker config for discord bot (#295)

* chore(env): setup development and production python venvs

* feat: add message trigger command for bot

* Create readme.md (#3)

* chore: complete merge conflict and rebase

* chore: rewrite readme

* feat: add regex to identify potential scam/spam messages in antiSpam cog

* refactor: organize and break up functions, add detailed comments, add remove role command

* refactor: include direction in readme to select interpreter and add any pycache or venvs file types to gitignore

* feat: create panel command and reusable buttons added

* feat: update anti_spam to have new spam detection, add support cog with request features

* add mentor role functions and rework ticket panel

* feat: implement round-robin for pinging available mentors

* feat: make threads archived, add limits to user inputs, clear selection options

* feat: add mod command to grant user access to private vcs

* feat: add command to create a support vc

* fix: create the logs folder if it does not exist

* feat: add command to prompt gemini and integrate uv as new package manager

* chore: add llm command since it did not add in merge

* feat: update readme with new uv commands

* feat: add structured output for llm

* feat: make mod role based on perms and not rely on config

* chore: add docstrings for each function describing their purposes

* feat: create first iteration of workflow for discord bot

* feat: push workflow file

* fix: update dev yml file for discord

* feat: add join button to reports embed

* feat: create fastapi backend to add check user in server api

* refactor: abstract role names to roles_config file

* feat: update round robin logic and renew api token

* feat: create announcement command

* fix: update announcemnet command to allow mentions

* refactor: rename support vcs category

* fix: add is mod slash function back

* Update .gitignore

* Delete apps/discord-bot/uv.lock

* feat: add close button to thread embed and close associated vc

* fix: remove all users from thread when closed internally

* feat: github workflow and docker config

* fix: remove old workflow

* fix: docker config

* feat: fix role assignment command

* chore: update env example for discord bot

* fix: command role requirements updated

* fix: remove workflow

---------

Co-authored-by: Stanley <kestanley101@gmail.com>
Co-authored-by: Stanley Ke <stanleyke@Mac.lan>
Co-authored-by: Stanley <ke.st@ufl.edu>

* feat: mobile endpoints (#298)

Co-authored-by: Phoenix <71522316+h1divp@users.noreply.github.com>

* fix: remove bad discord docker stuff, fix syntax (#299)

* update rfid (#300)

* feat/update rfid (#301)

* update rfid

* hotfix: hard code attendee

---------

Co-authored-by: Phoenix <71522316+h1divp@users.noreply.github.com>

---------

Co-authored-by: Stanley Ke <kestanley101@gmail.com>
Co-authored-by: Alexander Wang <98280966+AlexanderWangY@users.noreply.github.com>
Co-authored-by: Stanley Ke <117794857+SobaSkee@users.noreply.github.com>
Co-authored-by: Stanley Ke <stanleyke@Mac.lan>
Co-authored-by: Stanley <ke.st@ufl.edu>
Co-authored-by: Hugo Liu <98724522+hugoliu-code@users.noreply.github.com>

Author: 6 people

apps/api/internal/api/api.go

@@ -77,6 +77,19 @@ func (api *API) setupRoutes(mw *mw.Middleware) {
 		fmt.Fprintln(w, htmlContent)
 	})
 
+	api.Router.Route("/mobile", func(r chi.Router) {
+		// This means you have to set a Authorization header with "Key xxx".
+		r.Use(mw.Auth.RequireMobileAuth)
+
+		r.Get("/events/{eventId}/users/{userId}", api.Handlers.Event.GetUserForEvent)
+		r.Get("/events/{eventId}/users/by-rfid/{rfid}", api.Handlers.Event.GetUserByRFID)
+		r.Post("/events/{eventId}/checkin", api.Handlers.Admission.HandleEventCheckIn)
+
+		r.Get("/events/{eventId}/redeemables", api.Handlers.Redeemables.GetRedeemables)
+		r.Post("/redeemables/{redeemableId}/users/{userId}", api.Handlers.Redeemables.RedeemRedeemable)
+		r.Post("/events/{eventId}/users/{userId}/update-rfid", api.Handlers.Event.UpdateUserRFID)
+	})
+
 	// Health check
 	api.Router.Get("/ping", func(w http.ResponseWriter, r *http.Request) {
 		api.Logger.Trace().Str("method", r.Method).Str("path", r.URL.Path).Msg("Received ping.")
@@ -152,6 +165,8 @@ func (api *API) setupRoutes(mw *mw.Middleware) {
 			r.With(ensureEventStaff).Get("/users/{userId}", api.Handlers.Event.GetUserForEvent)
 			// Get user ID by RFID
 			r.With(ensureEventStaff).Get("/users/by-rfid/{rfid}", api.Handlers.Event.GetUserByRFID)
+			// Is the user checked in
+			r.With(ensureEventStaff).Get("/users/{userId}/checked-in-status", api.Handlers.Event.GetCheckedInStatusByIds)
 
 			// Admin-only
 			r.With(ensureEventAdmin).Post("/queue-confirmation-email", api.Handlers.Email.QueueConfirmationEmail)
@@ -225,7 +240,7 @@ func (api *API) setupRoutes(mw *mw.Middleware) {
 				// Update and delete specific redeemable
 				r.Route("/{redeemableId}", func(r chi.Router) {
 					r.Patch("/", api.Handlers.Redeemables.UpdateRedeemable)
-					r.Delete("/", api.Handlers.Redeemables.DeleteRedeemable)
+					r.With(ensureEventAdmin).Delete("/", api.Handlers.Redeemables.DeleteRedeemable)
 
 					r.Route("/users/{userId}", func(r chi.Router) {
 						r.Post("/", api.Handlers.Redeemables.RedeemRedeemable)

apps/api/internal/api/handlers/events.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strconv"
 	"time"
 
 	"github.com/go-chi/chi/v5"
@@ -865,4 +866,96 @@ func (h *EventHandler) GetUserByRFID(w http.ResponseWriter, r *http.Request) {
 
 	// Return just the user ID as a simple JSON object
 	res.Send(w, http.StatusOK, map[string]string{"user_id": user.ID.String()})
-}
+}
+
+// Get User by RFID
+//
+//	@Summary		Retrieves a user's ID by their RFID
+//	@Description	Looks up a user's ID by their RFID code for a specific event. Returns the user ID which can be used for other operations.
+//	@Tags			Event
+//	@Produce		json
+//	@Param			eventId	path		string	true	"Event ID"	Format(uuid)
+//	@Param			rfid	path		string	true	"RFID code (10 digits)"
+//	@Success		200		{object}	map[string]string	"OK - Returns user ID"
+//	@Failure		400		{object}	response.ErrorResponse	"Bad request/Malformed request."
+//	@Failure		404		{object}	response.ErrorResponse	"User not found with the provided RFID"
+//	@Failure		500		{object}	response.ErrorResponse	"Server Error: error getting user by RFID"
+//	@Router			/events/{eventId}/users/by-rfid/{rfid} [get]
+func (h *EventHandler) GetCheckedInStatusByIds(w http.ResponseWriter, r *http.Request) {
+	eventId, err := web.PathParamToUUID(r, "eventId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_event_id", "The event ID is missing from the URL!"))
+		return
+	}
+
+	userId, err := web.PathParamToUUID(r, "userId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_user_id", "The user ID is missing from the URL!"))
+		return
+	}
+	result, err := h.eventService.GetCheckedInStatusByIds(r.Context(), userId, eventId)
+	if err != nil {
+		res.SendError(w, http.StatusNotFound, res.NewError("error", "Something went wrong internally."))
+		return
+	}
+	// Return just the checked in status as a simple JSON object
+	res.Send(w, http.StatusOK, map[string]string{
+		"checked_in_status": strconv.FormatBool(result),
+	})
+}
+
+type UpdateRFID struct {
+	RFID string `json:"rfid"`
+}
+
+// UpdateUserRFID
+//
+//	@Summary		Updates a user's RFID tag
+//	@Description	Associates a new RFID string with a specific user for the given event. This overwrites any existing RFID association.
+//	@Tags			Event
+//	@Accept			json
+//	@Produce		json
+//	@Param			eventId	path		string			true	"Event ID"	Format(uuid)
+//	@Param			userId	path		string			true	"User ID"	Format(uuid)
+//	@Param			body	body		UpdateRFID		true	"New RFID data"
+//	@Success		204		"No Content - RFID updated successfully"
+//	@Failure		400		{object}	response.ErrorResponse	"Invalid request body or UUID format"
+//	@Failure		404		{object}	response.ErrorResponse	"User or Event not found"
+//	@Failure		500		{object}	response.ErrorResponse	"Internal server error"
+//	@Router			/events/{eventId}/users/{userId}/update-rfid [post]
+func (h *EventHandler) UpdateUserRFID(w http.ResponseWriter, r *http.Request) {
+	eventId, err := web.PathParamToUUID(r, "eventId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_event_id", "The event ID is missing from the URL!"))
+		return
+	}
+
+	userId, err := web.PathParamToUUID(r, "userId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_user_id", "The user ID is missing from the URL!"))
+		return
+	}
+
+	var payload UpdateRFID
+	err = json.NewDecoder(r.Body).Decode(&payload)
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("body_malformed", "Invalid body"))
+		return
+	}
+	defer r.Body.Close()
+
+	if payload.RFID == "" {
+		res.SendError(w, http.StatusBadRequest, res.NewError("body_malformed", "Invalid body"))
+		return
+	}
+
+	tempRole := sqlc.EventRoleTypeAttendee
+
+	err = h.eventService.UpdateEventRoleByIds(r.Context(), userId, eventId, &tempRole, nil, &payload.RFID)
+	if err != nil {
+		res.SendError(w, http.StatusNotFound, res.NewError("error", "Something went wrong internally."))
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}

apps/api/internal/api/middleware/auth.go

@@ -6,6 +6,7 @@ import (
 	"errors"
 	"net/http"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -69,6 +70,34 @@ func NewAuthMiddleware(db *db.DB, logger zerolog.Logger, cfg *config.Config) *Au
 	}
 }
 
+func (m *AuthMiddleware) RequireMobileAuth(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		m.logger.Trace().Msg("Incoming mobile request")
+
+		auth := r.Header.Get("Authorization")
+		if auth == "" {
+			m.logger.Warn().Msg("Authorization header is empty.")
+			response.SendError(w, http.StatusUnauthorized, response.NewError("no_auth", "You are not authorized"))
+			return
+		}
+
+		parts := strings.SplitN(auth, " ", 2)
+		if len(parts) != 2 {
+			m.logger.Warn().Msg("Authorization header is malformed > 2 parts")
+			response.SendError(w, http.StatusUnauthorized, response.NewError("no_auth", "You are not authorized"))
+			return
+		}
+
+		if parts[0] != "Key" || parts[1] != m.cfg.MobileAuthKey {
+			m.logger.Warn().Msg("Authorization header is not a valid value")
+			response.SendError(w, http.StatusUnauthorized, response.NewError("no_auth", "You are not authorized"))
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
 func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		m.logger.Trace().Msg("Checking auth status")

apps/api/internal/config/config.go

@@ -75,6 +75,8 @@ type Config struct {
 	CoreBuckets CoreBuckets      `envPrefix:"CORE_BUCKETS_"`
 	Smtp        SmtpConfig       `envPrefix:"SMTP_"`
 	AWS         AWSConfig        `envPrefix:"AWS_"`
+
+	MobileAuthKey string `env:"MOBILE_AUTH_KEY"`
 }
 
 func Load() *Config {

apps/api/internal/db/queries/event_roles.sql

@@ -71,3 +71,12 @@ FROM auth.users u
 JOIN event_roles er ON u.id = er.user_id
 WHERE er.event_id = $1
   AND er.rfid = $2;
+
+-- name: GetCheckedInStatusByIds :one
+SELECT EXISTS (
+    SELECT 1 
+    FROM event_roles 
+    WHERE user_id = $1 
+      AND event_id = $2 
+      AND checked_in_at IS NOT NULL
+)::bool;

apps/api/internal/db/repository/events.go

@@ -16,6 +16,7 @@ var (
 	ErrDuplicateEvent        = errors.New("event already exists in database")
 	ErrNoEventsDeleted       = errors.New("no events deleted")
 	ErrMultipleEventsDeleted = errors.New("multiple events affected by delete query while only expecting one to delete one")
+	ErrUserEventNotFound     = errors.New("the user and event id combination was not found")
 	ErrUnknown               = errors.New("an unkown error was caught")
 )
 
@@ -206,6 +207,21 @@ func (r *EventRepository) GetEventRoleByDiscordIDAndEventId(ctx context.Context,
 	return &eventRole, nil
 }
 
+func (r *EventRepository) GetCheckedInStatusByUserIdAndEventId(ctx context.Context, userId uuid.UUID, eventId uuid.UUID) (bool, error) {
+	params := sqlc.GetCheckedInStatusByIdsParams{
+		UserID:  userId,
+		EventID: eventId,
+	}
+
+	result, err := r.db.Query.GetCheckedInStatusByIds(ctx, params)
+
+	if err != nil {
+		return false, err
+	}
+
+	return result, nil
+}
+
 func (r *EventRepository) GetAttendeeUserIdsByEventId(ctx context.Context, eventID uuid.UUID) ([]uuid.UUID, error) {
 	return r.db.Query.GetAttendeeUserIdsByEventId(ctx, eventID)
 }

apps/api/internal/db/sqlc/event_roles.sql.go

@@ -39,7 +39,7 @@ <h2 style="margin:0; font-size:22px; color:#1a1a1a;">Hi {{ .Name }},</h2>
               </p>
 
               <p style="margin:0 0 15px 0; font-size:16px;">
-                You have <strong><span style="color:#CC0000;">72 hours</span></strong> to confirm your spot. If you
+                You have <strong><span style="color:#CC0000;">24 hours</span></strong> to confirm your spot. If you
                 don’t,
                 you’ll be moved back to the
                 waitlist to make room for others.

apps/api/internal/email/templates/WaitlistAcceptanceEmail.html

@@ -422,3 +422,13 @@ func (s *EventService) GetUserInfoForEvent(ctx context.Context, userId, eventId
 
 	return result, nil
 }
+
+func (s *EventService) GetCheckedInStatusByIds(ctx context.Context, userId uuid.UUID, eventId uuid.UUID) (bool, error) {
+	result, err := s.eventRepo.GetCheckedInStatusByUserIdAndEventId(ctx, userId, eventId)
+	if err != nil {
+		s.logger.Err(err).Msg("Failed to get user by ids")
+		return false, err
+	}
+	return result, nil
+
+}

apps/api/internal/services/events.go

@@ -60,6 +60,10 @@ func (s *RedeemablesService) UpdateRedeemable(ctx context.Context, redeemableID
 }
 
 func (s *RedeemablesService) RedeemRedeemable(ctx context.Context, redeemableID uuid.UUID, userID uuid.UUID) error {
+	// Need to do a check to see if the user is checked in
+	// Probably need event service
+
+	// CREATE NEW SQL function for getting checked in status
 	_, err := s.redeemablesRepo.RedeemRedeemable(ctx, redeemableID, userID)
 
 	if err != nil {