Schema Changes

• Enforce maximum size (128 char) for fields defined in DB model schemas
• Remove Application.FirstName, Application.LastName, Application.Email from Application DB model schema

Frontend Types Schema:

export type QRCheckInReq = {
  qrId: string
  context: QRCheckInContext
}

export type QRCheckInResp = {
  success: boolean
  message: string
}

export type QRCheckInContext = keyof typeof QRCheckInContextEnum
const enum QRCheckInContextEnum {
  REGISTRATION = 'registration',
  DAY_1_DINNER = 'day_1_dinner',
  DAY_2_BREAKFAST = 'day_2_breakfast',
  DAY_2_LUNCH = 'day_2_lunch',
  DAY_2_DINNER = 'day_2_dinner',
  DAY_3_BREAKFAST = 'day_3_breakfast',
}

Modify CheckInValidation function from arr to map

Request Schema:

POST Update User (/user-update)
*** can only update before registering
Request:
{
	name?: string
	email?: string
}

No Response only status code.

• get-resume should return update count and update-resume should only allow 3 requests per user. Modify the rate limiting for update-resume for this to happen
• Remove rate limit for get-resume

• The role of the user (e.g. admin, mod, volunteer) is stored in models.UserModel -> Status
• Ensure that this endpoint cannot modify critical data

Request Schema:

GET Get Application Data (/application-get)
Request:
{Authorization in Cookies}
Response:
{
	is_draft: boolean
	application: {
Application data …
}
}

• Make roles automatically update on discord based on the user status on the dashboard
• Include a method in back-end to get discord token again if expired using refresh token

Request Schema:

POST Update Application (/application-update)
Request & No Response (Look for 200 status code)
{
	is_draft: boolean
	application: {
Application data …
}
}

Ensure the validity of data:

• Follows a given format (e.g. emails always have a @ and .)
• Is not malicious (e.g. Code or SQL queries)
• Follows enums specified in Front-end (e.g. Gender can only be Male, Female, Other. If it is something else, something is wrong)

Leave Resume for now. This will require integration with S3 which is not configured yet

We want to have an email template design for email verification

Acceptance Criteria

• Setup HTML & fallback content

Add rejection emails in admin-user-update. Use templates with the brevo api instead of typing them into the code directly.

Criteria to follow as of October 30 2023:

• Only allow 20 email updates per user per day.

• Create a new table for email verifications which holds the context, token, user id, and expiry date (make expiry 1 day)

Update /user-update endpoint such that:

• If email is parameter & update_limit field still has time left, return a forbidden status
• If email is parameter & user status is pending, Send verification email & update user email to the new one given in request
• If email is parameter & user status is registering, resend verification email if DB email is different & make status back to pending otherwise do nothing

Implementation Details:

• Update user table to include a "update_limit" field. Every time someone changes their email, they must wait 2 hours to update it again

• Generate a random uuid to represent the token for the email verification. You can do this with the existing uuid package in the project.

• Save the token, expiry date, and user id to the new table you created and set the context to "email" (All email requests to user-update fall into the email context)

• Send an email to the user which has the link "https://deerhacks.ca/verify?token={token here}"

• If we are unable to send an email due to passing the 300 email limit, post pone the sending to tomorrow. Ensure we don't have more than 300 post poned emails.

Add /email-verify endpoint:

• Given the token, fetch the context and user from the table you created. If the context is "email" and the token is valid, update that corresponding user's status to "registering"

• If the token is "rsvp" set status to "accepted"

If an attended hacker is scanning in for registration again, it will result in an error.

Objectives:

• Replace the validation within helpers/validateApplication.go with go-validator
• Use Regex to enforce word limit for deerhack registration pitches (250 words but double check with docs)
• Add validation for string options where an enum is used in the frontend

Research and implement a way to detect if malware is being uploaded through the resume-update endpoint and prevent it from being uploaded to s3 if so

Setup S3 for Resumes such that the update-application endpoint uploads an applicants resume to S3. This data should then be fetched in the get-application endpoint.