Rescind invitations

dantheli · dantheli · commit f9d185d0eeb4 · 2026-03-08T22:16:46.000-04:00
diff --git a/app/(app)/admin/page.tsx b/app/(app)/admin/page.tsx
@@ -1,14 +1,16 @@
 "use client";
 
-import { useEffect } from "react";
+import { useEffect, useState } from "react";
 import { useRouter } from "next/navigation";
 import { useAuth } from "@/lib/auth/context";
 import { InviteForm } from "@/components/admin/InviteForm";
 import { MemberList } from "@/components/admin/MemberList";
+import { InvitationList } from "@/components/admin/InvitationList";
 
 export default function AdminPage() {
   const { user, isAdmin, loading } = useAuth();
   const router = useRouter();
+  const [inviteRefreshKey, setInviteRefreshKey] = useState(0);
 
   useEffect(() => {
     if (!loading && !isAdmin) {
@@ -19,9 +21,10 @@ export default function AdminPage() {
   if (loading || !isAdmin || !user) return null;
 
   return (
-    <div className="space-y-6">
+    <div className="space-y-10">
       <h1 className="text-2xl font-semibold">Admin</h1>
-      <InviteForm />
+      <InviteForm onSuccess={() => setInviteRefreshKey((k) => k + 1)} />
+      <InvitationList refreshKey={inviteRefreshKey} />
       <MemberList currentUid={user.uid} />
     </div>
   );
diff --git a/app/api/invitations/[code]/route.ts b/app/api/invitations/[code]/route.ts
@@ -0,0 +1,27 @@
+import { NextRequest, NextResponse } from "next/server";
+import { adminDb } from "@/lib/firebase/admin";
+import { getTokens } from "next-firebase-auth-edge";
+import { authConfig } from "@/lib/firebase/auth-edge";
+import { deleteInvitation } from "@/lib/firestore/invitations";
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ code: string }> }
+) {
+  try {
+    const tokens = await getTokens(request.cookies, authConfig);
+    if (!tokens) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+    const userDoc = await adminDb.collection("users").doc(tokens.decodedToken.uid).get();
+    if (userDoc.data()?.role !== "admin") {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { code } = await params;
+    await deleteInvitation(code);
+    return NextResponse.json({ ok: true });
+  } catch (error) {
+    console.error("Delete invitation error:", error);
+    return NextResponse.json({ error: "Internal server error" }, { status: 500 });
+  }
+}
diff --git a/app/api/invitations/route.ts b/app/api/invitations/route.ts
@@ -4,6 +4,7 @@ import { Resend } from "resend";
 import { Timestamp } from "firebase-admin/firestore";
 import { getTokens } from "next-firebase-auth-edge";
 import { authConfig } from "@/lib/firebase/auth-edge";
+import { listInvitations } from "@/lib/firestore/invitations";
 
 const APP_URL = process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
 const isDev = process.env.NODE_ENV === "development";
@@ -41,6 +42,24 @@ async function sendInviteEmail(params: {
   });
 }
 
+export async function GET(request: NextRequest) {
+  try {
+    const tokens = await getTokens(request.cookies, authConfig);
+    if (!tokens) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+    const inviterDoc = await adminDb.collection("users").doc(tokens.decodedToken.uid).get();
+    if (inviterDoc.data()?.role !== "admin") {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const invitations = await listInvitations();
+    return NextResponse.json(invitations);
+  } catch (error) {
+    console.error("List invitations error:", error);
+    return NextResponse.json({ error: "Internal server error" }, { status: 500 });
+  }
+}
+
 export async function POST(request: NextRequest) {
   try {
     const tokens = await getTokens(request.cookies, authConfig);
diff --git a/app/api/posts/route.ts b/app/api/posts/route.ts
@@ -69,7 +69,7 @@ export async function POST(request: NextRequest) {
     const usersSnap = await adminDb.collection("users").get();
     const subscribers = usersSnap.docs
       .map((d) => d.data())
-      .filter((u) => u.emailNotifications !== false && u.email);
+      .filter((u) => u.emailNotifications === true && u.email);
 
     if (subscribers.length > 0) {
       await sendPostNotifications(subscribers as { email: string }[], title, description);
diff --git a/components/admin/InvitationList.tsx b/components/admin/InvitationList.tsx
@@ -0,0 +1,82 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { Invitation } from "@/types";
+import { Button } from "@/components/ui/button";
+import { Badge } from "@/components/ui/badge";
+import { toast } from "sonner";
+
+export function InvitationList({ refreshKey }: { refreshKey?: number }) {
+  const [invitations, setInvitations] = useState<Invitation[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [revoking, setRevoking] = useState<string | null>(null);
+
+  useEffect(() => {
+    setLoading(true);
+    fetch("/api/invitations")
+      .then((r) => (r.ok ? r.json() : []))
+      .then(setInvitations)
+      .catch(console.error)
+      .finally(() => setLoading(false));
+  }, [refreshKey]);
+
+  const rescind = async (code: string, name: string) => {
+    setRevoking(code);
+    try {
+      const res = await fetch(`/api/invitations/${code}`, { method: "DELETE" });
+      if (!res.ok) throw new Error("Failed");
+      setInvitations((prev) => prev.filter((i) => i.code !== code));
+      toast.success(`Invitation to ${name} rescinded.`);
+    } catch {
+      toast.error("Failed to rescind invitation.");
+    } finally {
+      setRevoking(null);
+    }
+  };
+
+  return (
+    <div>
+      <h2 className="text-lg font-semibold mb-1">Sent invitations</h2>
+      <p className="text-sm text-muted-foreground mb-4">
+        Pending invitations can be rescinded to invalidate the signup link.
+      </p>
+      {loading ? (
+        <p className="text-sm text-muted-foreground">Loading…</p>
+      ) : invitations.length === 0 ? (
+        <p className="text-sm text-muted-foreground">No invitations sent yet.</p>
+      ) : (
+        <div className="divide-y rounded-md border max-w-2xl">
+          {invitations.map((inv) => (
+            <div key={inv.code} className="flex items-center justify-between px-4 py-3 gap-4">
+              <div className="min-w-0">
+                <p className="font-medium truncate">
+                  {inv.firstName} {inv.lastName}
+                </p>
+                <p className="text-sm text-muted-foreground truncate">{inv.email}</p>
+                <p className="text-xs text-muted-foreground mt-0.5">
+                  Sent {new Date(inv.sentAt).toLocaleDateString()}
+                </p>
+              </div>
+              <div className="flex items-center gap-3 shrink-0">
+                {inv.usedAt ? (
+                  <Badge variant="secondary">Accepted</Badge>
+                ) : (
+                  <>
+                    <Badge variant="outline">Pending</Badge>
+                    <button
+                      className="text-sm underline text-muted-foreground hover:text-foreground disabled:opacity-50"
+                      disabled={revoking === inv.code}
+                      onClick={() => rescind(inv.code, `${inv.firstName} ${inv.lastName}`)}
+                    >
+                      {revoking === inv.code ? "Cancelling…" : "Cancel"}
+                    </button>
+                  </>
+                )}
+              </div>
+            </div>
+          ))}
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/components/admin/InviteForm.tsx b/components/admin/InviteForm.tsx
@@ -17,7 +17,7 @@ const schema = z.object({
 
 type FormData = z.infer<typeof schema>;
 
-export function InviteForm() {
+export function InviteForm({ onSuccess }: { onSuccess?: () => void }) {
   const [loading, setLoading] = useState(false);
 
   const {
@@ -41,6 +41,7 @@ export function InviteForm() {
       }
       toast.success(`Invitation sent to ${data.email}`);
       reset();
+      onSuccess?.();
     } catch (err) {
       toast.error(err instanceof Error ? err.message : "Failed to send invitation.");
     } finally {
diff --git a/lib/firestore/invitations.ts b/lib/firestore/invitations.ts
@@ -25,3 +25,12 @@ export async function getInvitationByEmail(email: string): Promise<Invitation |
 export async function markInvitationUsed(code: string): Promise<void> {
   await adminDb.collection("invitations").doc(code).update({ usedAt: FieldValue.serverTimestamp() });
 }
+
+export async function listInvitations(): Promise<Invitation[]> {
+  const snap = await adminDb.collection("invitations").orderBy("sentAt", "desc").get();
+  return snap.docs.map((d) => serializeInvitation(d.data()));
+}
+
+export async function deleteInvitation(code: string): Promise<void> {
+  await adminDb.collection("invitations").doc(code).delete();
+}
