calcom
feat: Add copy invite link
What does this PR do?
- [x] Adds an option to create a shared invite link. Limited to Member role for security.
- [x] Automatically send team invite to the user who accesses the invite link.
Fixes #6581 /claim #6581
Code Creation: https://www.loom.com/share/98d349beeeac4e16bb4dbe4583cff874 Open Invite Link: https://www.loom.com/share/18e33d78ba73436f9ce17ff49df1ad74
Environment: Staging(main branch) / Production
Type of change
- New feature (non-breaking change which adds functionality)
How should this be tested?
- [x] On an account with team, create an invite link.
- [x] On another account, access the generated link.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| cal | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jun 6, 2023 11:30pm |
| ui | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jun 6, 2023 11:30pm |
1 Ignored Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| api | ⬜️ Ignored (Inspect) | Jun 6, 2023 11:30pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
@ShaneMaglangit is attempting to deploy a commit to the cal Team on Vercel.
A member of the Team first needs to authorize it.
📦 Next.js Bundle Analysis for @calcom/web
This analysis was generated by the Next.js Bundle Analysis action. 🤖
Forty-seven Pages Changed Size
The following pages changed size from the code in this PR compared to its base branch:
| Page | Size (compressed) | First Load | % of Budget (350 KB) |
|---|---|---|---|
/apps |
277.53 KB |
428.31 KB | 122.37% (🟡 +0.23%) |
/apps/[slug] |
295.47 KB |
446.25 KB | 127.50% (🟡 +0.23%) |
/apps/[slug]/[...pages] |
458.15 KB |
608.94 KB | 173.98% (🟡 +0.23%) |
/apps/categories |
239.89 KB |
390.67 KB | 111.62% (🟡 +0.23%) |
/apps/categories/[category] |
260.72 KB |
411.5 KB | 117.57% (🟡 +0.23%) |
/apps/installed/[category] |
276.3 KB |
427.08 KB | 122.02% (🟡 +0.23%) |
/availability |
245.21 KB |
396 KB | 113.14% (🟡 +0.23%) |
/availability/[schedule] |
331.47 KB |
482.25 KB | 137.79% (🟡 +0.22%) |
/availability/troubleshoot |
240.63 KB |
391.42 KB | 111.83% (🟡 +0.23%) |
/bookings/[status] |
334.5 KB |
485.28 KB | 138.65% (🟡 +0.23%) |
/event-types |
426.11 KB |
576.9 KB | 164.83% (🟡 +0.22%) |
/event-types/[type] |
479.18 KB |
629.96 KB | 179.99% (🟡 +0.23%) |
/insights |
447.31 KB |
598.09 KB | 170.88% (🟡 +0.23%) |
/more |
239.52 KB |
390.3 KB | 111.51% (🟡 +0.23%) |
/settings/admin |
245.09 KB |
395.87 KB | 113.11% (🟡 +0.22%) |
/settings/admin/apps |
256.79 KB |
407.57 KB | 116.45% (🟡 +0.22%) |
/settings/admin/apps/[category] |
256.77 KB |
407.56 KB | 116.44% (🟡 +0.23%) |
/settings/admin/flags |
247.82 KB |
398.6 KB | 113.89% (🟡 +0.22%) |
/settings/admin/impersonation |
245.37 KB |
396.15 KB | 113.19% (🟡 +0.22%) |
/settings/admin/users |
246.51 KB |
397.29 KB | 113.51% (🟡 +0.23%) |
/settings/admin/users/[id]/edit |
332.86 KB |
483.64 KB | 138.18% (🟡 +0.23%) |
/settings/admin/users/add |
332.54 KB |
483.32 KB | 138.09% (🟡 +0.23%) |
/settings/billing |
245.23 KB |
396.02 KB | 113.15% (🟡 +0.22%) |
/settings/developer/api-keys |
273.84 KB |
424.62 KB | 121.32% (🟡 +0.23%) |
/settings/developer/webhooks |
248.24 KB |
399.02 KB | 114.01% (🟡 +0.22%) |
/settings/developer/webhooks/[id] |
249.92 KB |
400.7 KB | 114.49% (🟡 +0.22%) |
/settings/developer/webhooks/new |
249.78 KB |
400.56 KB | 114.45% (🟡 +0.22%) |
/settings/my-account/appearance |
267.98 KB |
418.76 KB | 119.65% (🟡 +0.22%) |
/settings/my-account/calendars |
250.87 KB |
401.65 KB | 114.76% (🟡 +0.22%) |
/settings/my-account/conferencing |
250.79 KB |
401.57 KB | 114.73% (🟡 +0.23%) |
/settings/my-account/general |
330.09 KB |
480.87 KB | 137.39% (🟡 +0.23%) |
/settings/my-account/profile |
373.19 KB |
523.97 KB | 149.71% (🟡 +0.22%) |
/settings/security/impersonation |
247.04 KB |
397.83 KB | 113.66% (🟡 +0.23%) |
/settings/security/password |
256.49 KB |
407.27 KB | 116.36% (🟡 +0.23%) |
/settings/security/sso |
254.53 KB |
405.31 KB | 115.80% (🟡 +0.23%) |
/settings/security/two-factor-auth |
249.51 KB |
400.29 KB | 114.37% (🟡 +0.22%) |
/settings/teams |
244.86 KB |
395.64 KB | 113.04% (🟡 +0.23%) |
/settings/teams/[id]/appearance |
259.39 KB |
410.18 KB | 117.19% (🟡 +0.23%) |
/settings/teams/[id]/billing |
245.09 KB |
395.88 KB | 113.11% (🟡 +0.22%) |
/settings/teams/[id]/members |
358.04 KB |
508.83 KB | 145.38% (🟡 +0.25%) |
/settings/teams/[id]/onboard-members |
162.54 KB |
313.33 KB | 89.52% (🟡 +0.26%) |
/settings/teams/[id]/profile |
368.11 KB |
518.89 KB | 148.25% (🟡 +0.23%) |
/settings/teams/[id]/sso |
254.63 KB |
405.41 KB | 115.83% (🟡 +0.23%) |
/settings/teams/new |
185.41 KB |
336.19 KB | 96.06% (🟡 +0.22%) |
/teams |
239.61 KB |
390.39 KB | 111.54% (🟡 +0.23%) |
/workflows |
252.45 KB |
403.24 KB | 115.21% (🟡 +0.23%) |
/workflows/[workflow] |
366.59 KB |
517.38 KB | 147.82% (🟡 +0.23%) |
Details
Only the gzipped size is provided here based on an expert tip.
First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
The "Budget %" column shows what percentage of your performance budget the First Load total takes up. For example, if your budget was 100kb, and a given page's first load size was 10kb, it would be 10% of your budget. You can also see how much this has increased or decreased compared to the base branch of your PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this. If you see "+/-
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@zomars can you give me a bit more context on what is VerificationToken being used for? Been looking at /signup page and it seems like its only used for registration instead.
If we're going to reuse it, we would need to add a new metadata for the expiration (or modify it atleast). VerificationToken currently have expiresAt as a non-nullable field. Team invites must have a "never expire" option. We would have to make it nullable or add a new field (expireInDays). Wdyt?
@zomars can you give me a bit more context on what is
VerificationTokenbeing used for? Been looking at/signuppage and it seems like it's only used for registration instead.
It is also used for team invites.
https://github.com/calcom/cal.com/blob/d3f1f8b906a8588c0f5a7998b831ee44a70dafeb/packages/trpc/server/routers/viewer/teams.tsx#L339-L345
If we're going to reuse it, we would need to add a new metadata for the expiration (or modify it atleast). VerificationToken currently have expiresAt as a non-nullable field. Team invites must have a "never expire" option. We would have to make it nullable or add a new field (expireInDays). Wdyt?
I'm ok with updating it to fit both cases.
should we rename "Deactivate" to "Delete"? basically you delete the link, no? we already have "delete" as a string, too
just to confirm: this also works if the person has no account already
Yup, my fundamental assumption (which I tested prior), is that when accessing a protected route while unauthenticated. You will be redirected to the signup page with a corresponding callback link (invite link).
If we somehow lose the invite link with code because of some auth flow process, the user can always revisit the link.
That, I think, should sufficiently handle this case, no?
just to confirm: this also works if the person has no account already
Yup, my fundamental assumption (which I tested prior), is that when accessing a protected route while unauthenticated. You will be redirected to the signup page with a corresponding callback link (invite link).
If we somehow lose the invite link with code because of some auth flow process, the user can always revisit the link.
That, I think, should sufficiently handle this case, no?
awesome, yes!
@ShaneMaglangit has the blocking feedback been addressed? https://github.com/calcom/cal.com/pull/8355#pullrequestreview-1391087410
@ShaneMaglangit has the blocking feedback been addressed? #8355 (review)
I believe so
The current code allows any logged in user to createInvite/setInviteExpiration/deactivateInvite/addMemberByLink for ANY team. That's a huge security concern.
Can we reuse the inviteMember procedure as much as possible? We already ask the team admin if he wants to send the invite via email. We could add the option here to just get the link here.
- [x] inviteMember has a slightly different logic hence we can't repurpose it for this. Explanation
If we absolutely need to add a new Invite model to the DB then go for it (just rename it to TeamInvite). BUT I would like to reuse VerificationToken as much as possible which can be modified to serve the same purpose.
- [x] Modified and reused VerificationToken for invite token Commit
@PeerRich Oh PR got stale, do we still have issues to work on for this?
hey @ShaneMaglangit would you be down to fix the recent merge conflicts? should be easy.
if yes, lemme add $100 to the bounty
hey @ShaneMaglangit would you be down to fix the recent merge conflicts? should be easy.
if yes, lemme add $100 to the bounty
Oh hey :wave: Sure thing, I'll have a look at this on the weekend. Just a bit busy with work rn.