dow-prod-tracker

History

DJP 69f293682a Fix deploy port clash + wire admin invite → add-user flow Deploy fixes (critical — Phase 0 string-rebrand didn't touch numeric ports): - deploy.sh APP_PORT 3001 → 3002 (health check was hitting HP's app!) - apache/dow-prod-tracker.conf — all proxy/websocket rules 3001 → 3002 (traffic to /dow-prod-tracker would have been served by HP's container) - deploy.sh: added COMPOSE_PROJECT=dow-prod-tracker and `-p $COMPOSE_PROJECT` on every `docker compose` invocation (down, up, exec, logs, ps). This is the CLAUDE.md belt-and-braces rule — without it, a future move of the deploy dir to `deploy/` would collapse the compose project name to `deploy` and collide with any other app in a sibling `deploy/` dir on the shared server. The `name:` field in compose covers us today, -p covers us tomorrow. - apache conf header comment rewritten to explain the port convention and where to keep it in sync. Admin add-user flow (answers the open question): - createInvitation now creates/upserts the placeholder User row (email + role + organizationId + isExternal + mustChangePassword=true) in addition to the Invitation bookkeeping row. It stores a 24-byte password-reset token on BOTH the User (passwordResetToken) and the Invitation (token) — same token, so the existing /reset-password/[token] page accepts the invite URL without a separate accept endpoint. - Role enum now includes CLIENT_VIEWER. isExternal auto-derives from role but can be overridden. When admin invites a CLIENT_VIEWER, the placeholder user lands correctly pre-flagged for external handling. - POST /api/org/invitations now returns {acceptUrl} — the full /reset-password/<token> link admin can hand over out-of-band while SMTP is unwired. - revokeInvitation also clears the reset token on the placeholder user so a leaked URL can't be used to claim the account after revocation. - Deleted /api/invitations/accept (SSO-era — the accept IS the password reset now) and removed acceptInvitationSchema from the validator. Team settings UI (src/app/(app)/settings/team/page.tsx): - Role dropdown now has "Client (read-only)" alongside Admin/Producer/Artist. - After a successful invite, a banner shows the accept URL with a Copy button so admin can paste it into Teams/email. Dismissible. - Current-members list renders CLIENT_VIEWER with an amber badge. Plumbing verified: tsc --noEmit ✓ zero errors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-20 19:06:47 -04:00
..
dow-prod-tracker.conf	Fix deploy port clash + wire admin invite → add-user flow	2026-04-20 19:06:47 -04:00

DJP 69f293682a Fix deploy port clash + wire admin invite → add-user flow

Deploy fixes (critical — Phase 0 string-rebrand didn't touch numeric ports):
- deploy.sh APP_PORT 3001 → 3002 (health check was hitting HP's app!)
- apache/dow-prod-tracker.conf — all proxy/websocket rules 3001 → 3002
  (traffic to /dow-prod-tracker would have been served by HP's container)
- deploy.sh: added COMPOSE_PROJECT=dow-prod-tracker and `-p $COMPOSE_PROJECT`
  on every `docker compose` invocation (down, up, exec, logs, ps). This is
  the CLAUDE.md belt-and-braces rule — without it, a future move of the
  deploy dir to `deploy/` would collapse the compose project name to
  `deploy` and collide with any other app in a sibling `deploy/` dir on
  the shared server. The `name:` field in compose covers us today, -p
  covers us tomorrow.
- apache conf header comment rewritten to explain the port convention and
  where to keep it in sync.

Admin add-user flow (answers the open question):
- createInvitation now creates/upserts the placeholder User row
  (email + role + organizationId + isExternal + mustChangePassword=true)
  in addition to the Invitation bookkeeping row. It stores a 24-byte
  password-reset token on BOTH the User (passwordResetToken) and the
  Invitation (token) — same token, so the existing /reset-password/[token]
  page accepts the invite URL without a separate accept endpoint.
- Role enum now includes CLIENT_VIEWER. isExternal auto-derives from role
  but can be overridden. When admin invites a CLIENT_VIEWER, the placeholder
  user lands correctly pre-flagged for external handling.
- POST /api/org/invitations now returns {acceptUrl} — the full
  /reset-password/<token> link admin can hand over out-of-band while SMTP
  is unwired.
- revokeInvitation also clears the reset token on the placeholder user so
  a leaked URL can't be used to claim the account after revocation.
- Deleted /api/invitations/accept (SSO-era — the accept IS the password
  reset now) and removed acceptInvitationSchema from the validator.

Team settings UI (src/app/(app)/settings/team/page.tsx):
- Role dropdown now has "Client (read-only)" alongside Admin/Producer/Artist.
- After a successful invite, a banner shows the accept URL with a Copy
  button so admin can paste it into Teams/email. Dismissible.
- Current-members list renders CLIENT_VIEWER with an amber badge.

Plumbing verified: tsc --noEmit ✓ zero errors.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-20 19:06:47 -04:00

dow-prod-tracker.conf

Fix deploy port clash + wire admin invite → add-user flow

2026-04-20 19:06:47 -04:00