Initial commit: Next Step health management app

A calm, reliable app to help manage appointments, medications, and notes for chemo patients and their families. Features: - Today dashboard with next appointment and medications due - Medication tracking with multiple schedule types (fixed times, interval, weekdays, PRN) - One-tap dose logging with 5-minute undo window - Questions for doctor tracking - Family sharing with workspace model and invite links - Offline-first with IndexedDB and sync - Docker Compose deployment with Tailscale Funnel support Tech stack: - Next.js 14 (App Router) + TypeScript + Tailwind CSS - PostgreSQL + Prisma - Argon2 password hashing + session cookies - Dexie.js for IndexedDB Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-24 21:31:43 +08:00 · 2026-01-18 23:16:45 +00:00
commit a32c609830
76 changed files with 9406 additions and 0 deletions
--- a/src/app/api/invite/[token]/route.ts
+++ b/src/app/api/invite/[token]/route.ts
@@ -0,0 +1,175 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db/prisma'
+import { getSession } from '@/lib/auth'
+import { withRateLimit } from '@/lib/auth/middleware'
+
+// GET /api/invite/[token] - Get invite details (public)
+async function getHandler(
+  req: NextRequest,
+  { params }: { params: Promise<{ token: string }> }
+) {
+  try {
+    const { token } = await params
+
+    const invite = await prisma.inviteToken.findUnique({
+      where: { token },
+      include: {
+        workspace: {
+          select: {
+            id: true,
+            name: true,
+          },
+        },
+      },
+    })
+
+    if (!invite) {
+      return NextResponse.json(
+        { error: 'Invite not found' },
+        { status: 404 }
+      )
+    }
+
+    if (invite.usedAt) {
+      return NextResponse.json(
+        { error: 'This invite has already been used' },
+        { status: 410 }
+      )
+    }
+
+    if (invite.expiresAt < new Date()) {
+      return NextResponse.json(
+        { error: 'This invite has expired' },
+        { status: 410 }
+      )
+    }
+
+    return NextResponse.json({
+      invite: {
+        workspaceName: invite.workspace.name,
+        role: invite.role,
+        expiresAt: invite.expiresAt,
+      },
+    })
+  } catch (error) {
+    console.error('Get invite error:', error)
+    return NextResponse.json(
+      { error: 'Failed to get invite' },
+      { status: 500 }
+    )
+  }
+}
+
+// POST /api/invite/[token] - Accept invite (requires auth)
+async function postHandler(
+  req: NextRequest,
+  { params }: { params: Promise<{ token: string }> }
+) {
+  try {
+    const session = await getSession()
+
+    if (!session) {
+      return NextResponse.json(
+        { error: 'You must be logged in to accept an invite' },
+        { status: 401 }
+      )
+    }
+
+    const { token } = await params
+
+    const invite = await prisma.inviteToken.findUnique({
+      where: { token },
+      include: {
+        workspace: {
+          select: {
+            id: true,
+            name: true,
+          },
+        },
+      },
+    })
+
+    if (!invite) {
+      return NextResponse.json(
+        { error: 'Invite not found' },
+        { status: 404 }
+      )
+    }
+
+    if (invite.usedAt) {
+      return NextResponse.json(
+        { error: 'This invite has already been used' },
+        { status: 410 }
+      )
+    }
+
+    if (invite.expiresAt < new Date()) {
+      return NextResponse.json(
+        { error: 'This invite has expired' },
+        { status: 410 }
+      )
+    }
+
+    // Check if already a member
+    const existingMember = await prisma.workspaceMember.findUnique({
+      where: {
+        workspaceId_userId: {
+          workspaceId: invite.workspaceId,
+          userId: session.user.id,
+        },
+      },
+    })
+
+    if (existingMember) {
+      return NextResponse.json(
+        { error: 'You are already a member of this workspace' },
+        { status: 409 }
+      )
+    }
+
+    // Accept invite in a transaction
+    const [member] = await prisma.$transaction([
+      prisma.workspaceMember.create({
+        data: {
+          workspaceId: invite.workspaceId,
+          userId: session.user.id,
+          role: invite.role,
+        },
+      }),
+      prisma.inviteToken.update({
+        where: { id: invite.id },
+        data: {
+          usedAt: new Date(),
+          usedById: session.user.id,
+        },
+      }),
+      prisma.auditLog.create({
+        data: {
+          workspaceId: invite.workspaceId,
+          userId: session.user.id,
+          action: 'JOIN',
+          entityType: 'WORKSPACE',
+          entityId: invite.workspaceId,
+          details: { role: invite.role, inviteToken: token },
+        },
+      }),
+    ])
+
+    return NextResponse.json({
+      workspace: {
+        id: invite.workspace.id,
+        name: invite.workspace.name,
+        role: member.role,
+      },
+    })
+  } catch (error) {
+    console.error('Accept invite error:', error)
+    return NextResponse.json(
+      { error: 'Failed to accept invite' },
+      { status: 500 }
+    )
+  }
+}
+
+export const GET = withRateLimit(getHandler)
+export const POST = withRateLimit(postHandler)