docs: update documentation for QR code check-in system
This commit is contained in:
Radosław Gierwiało
@@ -99,6 +99,58 @@
|
||||
|
||||
---
|
||||
|
||||
## ✅ Phase 1.5 Continuation: QR Code Check-in System (COMPLETED)
|
||||
|
||||
**Completed:** 2025-11-14
|
||||
**Time Spent:** ~4 hours
|
||||
**Status:** Production-ready with security fixes
|
||||
|
||||
### QR Code Event Check-in Implementation
|
||||
- [x] Database schema extension:
|
||||
- EventCheckinToken model (id, event_id unique, token cuid unique, created_at)
|
||||
- Migration: `20251114125544_add_event_checkin_tokens`
|
||||
- One token per event (on-demand generation)
|
||||
- [x] Backend endpoints:
|
||||
- `GET /api/events/:slug/details` - Get event details with QR code token and participants
|
||||
- `POST /api/events/checkin/:token` - Check-in to event via QR code scan
|
||||
- `DELETE /api/events/:slug/leave` - Leave event (remove participation)
|
||||
- Date validation (startDate - 1 day to endDate + 1 day, disabled in dev mode)
|
||||
- Participant count updates (increment/decrement)
|
||||
- [x] Frontend pages:
|
||||
- EventDetailsPage.jsx - QR code display (qrcode.react), participant list, stats
|
||||
- EventCheckinPage.jsx - Check-in confirmation screen with event info
|
||||
- EventChatPage.jsx - Access control (verify participation before showing chat)
|
||||
- EventsPage.jsx - Check-in requirement notice, dev-only details link
|
||||
- [x] Security implementation:
|
||||
- Frontend access control (check participation status)
|
||||
- Socket.IO handler verification (prevent auto-participation)
|
||||
- Dev-only QR code access (import.meta.env.DEV)
|
||||
- Leave Event button with confirmation modal
|
||||
- [x] UX improvements:
|
||||
- Real participant counts using `_count.participants`
|
||||
- Joined events shown first in events list
|
||||
- Check-in required screen for non-participants
|
||||
- Dev mode shortcuts for testing
|
||||
- [x] Security fixes:
|
||||
- Fixed bypass vulnerability (page refresh granting unauthorized access)
|
||||
- Removed auto-participation from Socket.IO handler
|
||||
- Added participant verification before room join
|
||||
|
||||
### Git Commits (QR Code Check-in)
|
||||
1. `feat: add QR code event check-in system`
|
||||
2. `fix: improve event check-in UX and participant counting`
|
||||
3. `fix: prevent bypassing event check-in via page refresh`
|
||||
|
||||
### Key Features
|
||||
- Physical presence requirement (QR code must be scanned at venue)
|
||||
- On-demand token generation (created when admin views /details)
|
||||
- Development mode bypass for date validation
|
||||
- Secure token generation (CUID)
|
||||
- Complete access control (frontend + backend + socket)
|
||||
- Leave event functionality with confirmation
|
||||
|
||||
---
|
||||
|
||||
## 🐳 1. Setup projektu i infrastruktura
|
||||
|
||||
### Docker Compose
|
||||
@@ -309,5 +361,5 @@ docs: update TODO.md with completed tasks and next steps
|
||||
|
||||
---
|
||||
|
||||
**Last Updated:** 2025-11-12
|
||||
**Last Updated:** 2025-11-14
|
||||
**Note:** This file is an archive. For current tasks, see TODO.md
|
||||
|
||||
Reference in New Issue
Block a user