Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Scott.Idem:35c4341c34f77faeeeb4d6feeac5ae531a44824d
Branches Tags
Scott.Idem:master Scott.Idem:ae_app_3x_llm Scott.Idem:feature/re_evaluate_ui_libs Scott.Idem:ae_app_3x_dev_sk Scott.Idem:ae_app_svelte_kit_snapshot_2025_08 Scott.Idem:ae_app_svelte_kit_v2_dev Scott.Idem:ae_app_svelte_kit_v3_testing Scott.Idem:ae_app_svelte_kit_snapshot_2024_09 Scott.Idem:ae_mod_sponsorships_dev
...
compare: Scott.Idem:1e2c9d9b74fdbd07ff76d9e40b7dc3cfd5afaf03
Branches Tags
Scott.Idem:ae_app_3x_llm Scott.Idem:feature/re_evaluate_ui_libs Scott.Idem:ae_app_3x_dev_sk Scott.Idem:ae_app_svelte_kit_snapshot_2025_08 Scott.Idem:ae_app_svelte_kit_v2_dev Scott.Idem:ae_app_svelte_kit_v3_testing Scott.Idem:ae_app_svelte_kit_snapshot_2024_09 Scott.Idem:ae_mod_sponsorships_dev Scott.Idem:master

7 Commits
35c4341c34 ... 1e2c9d9b74

Author SHA1 Message Date
Scott Idem
1e2c9d9b74 docs(idaa): document Novi API rate limits and backoff behavior 
20 calls/sec, 600/min, 100k/day. Notes the 10s flat backoff + single retry
and the 5-min TTL cache that prevents normal-use rate limiting.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 14:02:43 -04:00
Scott Idem
e64001cf63 fix(idaa): add 10s backoff retry on Novi API 429 rate-limit 
On a 429 response, waits 10 seconds then retries once. If the retry also
returns 429, throws and denies access (Reload/Retry button covers that case).
verify_in_flight and novi_verifying stay true during the wait so the spinner
remains visible and no concurrent calls can sneak in.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 13:59:50 -04:00
Scott Idem
4137d8677d refactor(idaa): simplify Novi verification — remove reactive UUID, dedupe, rate-limit 
UUID is set by Novi via iframe src at page load and never changes within a
session (impersonation = full iframe reload). Reading it once from
window.location.search eliminates reactive noise from SvelteKit client-side
navigation causing spurious re-verification runs.

Removed:
- verify_dep $derived.by (reactive UUID + site_cfg narrowing)
- dedupe snapshot + last_effect_* tracking variables
- verify_backoff_attempts and exponential backoff retry logic
- novi_rate_limited_until writes and UUID-change guards
- ~80 lines of complexity

Kept:
- site_cfg_json read outside untrack (effect still re-runs when API key loads async)
- verify_in_flight concurrency guard
- TTL cache (prevents duplicate calls on SWR site_cfg updates)
- All permission upgrade and store write logic

NOTE: If Novi adds dynamic impersonation (no full reload), see comment at
url_uuid declaration for what to restore.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 13:45:38 -04:00
Scott Idem
19d0145d00 fix(idaa): fix Novi UUID verification — stuck spinner, repeat calls, impersonation 
Critical bugs fixed:
- $derived(() => {}) stored the function itself; uuid/api_key were always
  undefined so verification never fired. Fixed to $derived.by(() => {}).
- novi_verifying pre-initialized to true (flash prevention) was also used as
  the concurrency guard — guard saw it as in-flight and exited immediately,
  leaving the spinner stuck forever. Split into separate verify_in_flight flag.
- $idaa_loc reads in dedupe snapshot (outside untrack) subscribed the effect
  to idaa_loc writes, causing needless re-runs post-verification.
- Rate limit was not UUID-aware: 429 on one UUID blocked impersonation
  (new UUID). TTL and rate-limit guards now both bypass when UUID changes.

Also includes: store defaults for novi_verified_ts + novi_rate_limited_until,
docs update, iframe template g_uuid param (prior agent changes).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 13:38:42 -04:00
Scott Idem
9d44b9341c Now with the ability to actually create a badge. We still need to make this look nicer. Buttons should look more like button and consistent with the other areas of AE Events Badges. Also take a look at the trigger updated fields. 2026-03-27 11:51:42 -04:00
Scott Idem
bc67ff5798 docs(todo): mark Zebra driver install and test data setup complete 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 09:59:49 -04:00
Scott Idem
f87ab10251 feat(badges): add manual one-off badge create modal 
Two-step creation: POST event_person first, then event_badge linked to it.
Badge create route (event_person parent) pending backend fix — frontend is
ready and passing event_person_id + event_badge_template_id in payload.

- ae_events__event_person.ts: new create function (nested under event)
- ae_events_functions.ts: export create_ae_obj__event_person
- ae_comp__badge_create_form.svelte: modal form with live name preview,
  conditional display-name override, template selector (auto-selects when
  only one template), badge_type_code_li derived from selected template's
  badge_type_list JSON, two-step submit status labels
- +page.svelte: load template list via liveQuery, wire Create Badge button
  (edit_mode only), native <dialog> modal with backdrop, remote-first
  refresh on success

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 09:59:46 -04:00
10 changed files with 443 additions and 157 deletions
Expand all files Collapse all files

14
documentation/CLIENT__IDAA_and_customized_mods.md
View File

@@ -148,6 +148,8 @@ This section documents the exact way Aether uses the Novi API for the IDAA integ
- **All-or-nothing policy:** If the Novi API key is not configured or the verification call fails, the Novi-based access path is denied. The layout explicitly prevents child routes from rendering while verification is in-flight to avoid flashing "Access Denied". - **All-or-nothing policy:** If the Novi API key is not configured or the verification call fails, the Novi-based access path is denied. The layout explicitly prevents child routes from rendering while verification is in-flight to avoid flashing "Access Denied".
- **Rate limits (Novi API):** 20 calls/second · 600 calls/minute · 100,000 calls/day. The layout handles 429 responses with a 10-second flat backoff and one retry. If the retry also returns 429, access is denied and a "Reload / Retry" button is shown. The 5-minute TTL cache on successful verification prevents repeated calls during normal use.
### Verification Flow (implementation) ### Verification Flow (implementation)
1. The IDAA iframe loads Aether pages with a `?uuid=<uuid>&iframe=true` param. 1. The IDAA iframe loads Aether pages with a `?uuid=<uuid>&iframe=true` param.
@@ -544,7 +546,8 @@ ae_loc.idaa_loc = { novi_uuid: 'test-uuid-value', ... };
--- ---
## IDAA Novi Groups and Moderators ## IDAA Novi Groups and Moderators
IDAA Couples Meeting = "e9e162f0-3d03-4241-9682-340135ec3fb8"
### IDAA Couples Meeting = "e9e162f0-3d03-4241-9682-340135ec3fb8"
"Gregory X Boehm" "00ee764c-7559-496b-9d18-40d3e9092c0c" "Gregory X Boehm" "00ee764c-7559-496b-9d18-40d3e9092c0c"
"Kee B. PARK" "24ab3297-bfce-473c-9311-4b31e3a8974f" "Kee B. PARK" "24ab3297-bfce-473c-9311-4b31e3a8974f"
@@ -553,10 +556,17 @@ IDAA Couples Meeting = "e9e162f0-3d03-4241-9682-340135ec3fb8"
"Owen Lander" "9671a2c4-ff95-48c2-bcde-5c6eba95cded" "Owen Lander" "9671a2c4-ff95-48c2-bcde-5c6eba95cded"
"Susan Park" "4a9f94c5-d766-4808-ab76-117c9e43903a" "Susan Park" "4a9f94c5-d766-4808-ab76-117c9e43903a"
"Student/Resident Meeting Moderators" "d76d2c00-962d-40f6-a2e8-ed9c85594d96" ### "Student/Resident Meeting Moderators" "d76d2c00-962d-40f6-a2e8-ed9c85594d96"
"Melissa Eve Valasky" "182d1db3-caa9-41bc-b04a-2facc6859aeb" "Melissa Eve Valasky" "182d1db3-caa9-41bc-b04a-2facc6859aeb"
"Steven L. Klein" "5724aad7-6d89-47e7-8943-966fd22911bd" "Steven L. Klein" "5724aad7-6d89-47e7-8943-966fd22911bd"
### "IDAA BIPOC Meeting" "873d3ad0-2605-4ccf-824c-638c16b2b9cf"
"Paula Lynn Bailey-Walton" "68383ba2-0989-4860-9ea6-073f9698df67"
"Tasha Hudson" "03d5408c-3c13-4c3a-a93f-49871f9050b1"
--- ---
**Document Status:** ✅ Current **Document Status:** ✅ Current

10
documentation/TODO__Agents.md
View File

@@ -46,17 +46,15 @@ for the full checklist and prep plan.
`static/ae-print-badge.css` behind `html.debug_outlines` class (toggled by the "Show debug `static/ae-print-badge.css` behind `html.debug_outlines` class (toggled by the "Show debug
outlines" checkbox in the controls panel, trusted-only). Won't appear in print unless explicitly outlines" checkbox in the controls panel, trusted-only). Won't appear in print unless explicitly
enabled. No action needed. (verified 2026-03-18) enabled. No action needed. (verified 2026-03-18)
- [ ] **Zebra ZC10L Linux driver** — install CUPS driver package ahead of time; verify card prints - [x] **Zebra ZC10L Linux driver** — installed CUPS driver; verified card prints. (2026-03-27)
before burning rental time on driver setup. Check Zebra's site for Linux/CUPS driver.
- [x] **`style_href` wired** — `print/+page.svelte` already loads `style_href` via `<svelte:head>` - [x] **`style_href` wired** — `print/+page.svelte` already loads `style_href` via `<svelte:head>`
and it's in `properties_to_save`. (verified 2026-03-18) and it's in `properties_to_save`. (verified 2026-03-18)
- [x] **`duplex=0` hides badge back** — `duplex` is in `properties_to_save`; v2 badge render - [x] **`duplex=0` hides badge back** — `duplex` is in `properties_to_save`; v2 badge render
gates `{#if show_badge_back}` on `duplex != null && !!duplex`. Set `duplex=0` on the template gates `{#if show_badge_back}` on `duplex != null && !!duplex`. Set `duplex=0` on the template
to suppress the back section for single-sided PVC. (verified 2026-03-18) to suppress the back section for single-sided PVC. (verified 2026-03-18)
- [ ] **Set up test event + PVC template** in dev DB with `layout: badge_3.5x5.5_pvc`, - [x] **Set up test event + PVC template** in dev DB with `layout: badge_3.5x5.5_pvc`,
`duplex=0`, a few badge records with varied name lengths, HTML in fields, different badge_type_codes. `duplex=0`, badge records with varied name lengths, HTML in fields, different badge_type_codes,
- [ ] **Test data set:** include edge cases very long name, HTML markup in name/affiliations, edge cases (very long name, HTML markup, no affiliations, all ticket/option codes). (2026-03-27)
badge with no affiliations, badge with all ticket/option codes set.
### [Leads] Exhibitor Lead Scanning — IN PROGRESS (demo-ready prep) ### [Leads] Exhibitor Lead Scanning — IN PROGRESS (demo-ready prep)
Module is substantially built as a PWA (no Electron). Core flow works end-to-end. Module is substantially built as a PWA (no Electron). Core flow works end-to-end.

2
src/lib/ae_events/ae_events__event_badge.ts
View File

@@ -259,7 +259,7 @@ export async function create_ae_obj__event_badge({
const result = await api.create_nested_obj({ const result = await api.create_nested_obj({
api_cfg, api_cfg,
parent_type: 'event', parent_type: 'event_person',
parent_id: event_id, parent_id: event_id,
child_type: 'event_badge', child_type: 'event_badge',
fields: data_kv, fields: data_kv,

42
src/lib/ae_events/ae_events__event_person.ts Normal file
View File

@@ -0,0 +1,42 @@
import type { key_val } from '$lib/stores/ae_stores';
import { api } from '$lib/api/api';
const ae_promises: key_val = {};
/**
* create_ae_obj__event_person
* Creates a new event_person record linked to an event.
* Used as the first step of manual one-off badge creation.
* The returned event_person_id is then passed to create_ae_obj__event_badge.
*/
export async function create_ae_obj__event_person({
api_cfg,
event_id,
data_kv,
params = {},
log_lvl = 0
}: {
api_cfg: any;
event_id: string;
data_kv: key_val;
params?: key_val;
log_lvl?: number;
}): Promise<any | null> {
if (log_lvl) {
console.log(
`*** create_ae_obj__event_person() *** event_id=${event_id}`
);
}
ae_promises.create__event_person = await api.create_nested_obj({
api_cfg,
parent_type: 'event',
parent_id: event_id,
child_type: 'event_person',
fields: data_kv,
params,
log_lvl
});
return ae_promises.create__event_person;
}

5
src/lib/ae_events/ae_events_functions.ts
View File

@@ -33,6 +33,8 @@ import * as event_presenter from '$lib/ae_events/ae_events__event_presenter';
import * as event_badge from '$lib/ae_events/ae_events__event_badge'; import * as event_badge from '$lib/ae_events/ae_events__event_badge';
import { create_ae_obj__event_person } from '$lib/ae_events/ae_events__event_person';
import * as event_badge_template from '$lib/ae_events/ae_events__event_badge_template'; import * as event_badge_template from '$lib/ae_events/ae_events__event_badge_template';
const export_obj = { const export_obj = {
@@ -46,6 +48,9 @@ const export_obj = {
update_ae_obj__event: event.update_ae_obj__event, update_ae_obj__event: event.update_ae_obj__event,
sync_config__event_pres_mgmt: event.sync_config__event_pres_mgmt, sync_config__event_pres_mgmt: event.sync_config__event_pres_mgmt,
// Event Person
create_ae_obj__event_person: create_ae_obj__event_person,
// Event Badges // Event Badges
load_ae_obj_id__event_badge: event_badge.load_ae_obj_id__event_badge, load_ae_obj_id__event_badge: event_badge.load_ae_obj_id__event_badge,
load_ae_obj_li__event_badge: event_badge.load_ae_obj_li__event_badge, load_ae_obj_li__event_badge: event_badge.load_ae_obj_li__event_badge,

6
src/lib/stores/ae_idaa_stores.ts
View File

@@ -21,6 +21,12 @@ const idaa_local_data_struct: key_val = {
// True after a successful Novi API verification (UUID confirmed to be a real Novi member). // True after a successful Novi API verification (UUID confirmed to be a real Novi member).
// False on load, on verification failure, or for non-Novi sign-in paths. // False on load, on verification failure, or for non-Novi sign-in paths.
novi_verified: false, novi_verified: false,
// Timestamp (ms since epoch) when the last successful verification occurred.
// Used to cache verification results and avoid repeated Novi API calls.
novi_verified_ts: null,
// If set to a ms timestamp, verification attempts should be skipped until this time.
// Used to honor rate-limits and Retry-After behavior.
novi_rate_limited_until: null,
// Populated from $ae_loc.site_cfg_json at IDAA layout mount — not managed here. // Populated from $ae_loc.site_cfg_json at IDAA layout mount — not managed here.
// See routes/idaa/(idaa)/+layout.svelte for the override logic. // See routes/idaa/(idaa)/+layout.svelte for the override logic.
novi_admin_li: [], novi_admin_li: [],

80
src/routes/events/[event_id]/(badges)/badges/+page.svelte
View File

@@ -28,8 +28,32 @@ import { events_func } from '$lib/ae_events/ae_events_functions';
import Comp_badge_search from './ae_comp__badge_search.svelte'; import Comp_badge_search from './ae_comp__badge_search.svelte';
import Comp_badge_obj_li from './ae_comp__badge_obj_li.svelte'; import Comp_badge_obj_li from './ae_comp__badge_obj_li.svelte';
import Comp_badge_create_form from './ae_comp__badge_create_form.svelte';
import { LoaderCircle } from '@lucide/svelte'; import { LoaderCircle, UserPlus } from '@lucide/svelte';
// Load templates for this event so the create form can show the selector and
// derive badge_type_code_li from whichever template the user picks.
$effect(() => {
const event_id = $events_slct?.event_id;
if (!event_id) return;
events_func.load_ae_obj_li__event_badge_template({
api_cfg: $ae_api,
event_id,
log_lvl: 0
});
});
let lq__badge_template_li = $derived(
liveQuery(async () => {
const event_id = $events_slct?.event_id;
if (!event_id) return [];
return await db_events.badge_template
.where('event_id')
.equals(event_id)
.sortBy('name');
})
);
// *** Initialization & Store Guard *** // *** Initialization & Store Guard ***
// Ensure all search fields are initialized to prevent circular undefined triggers // Ensure all search fields are initialized to prevent circular undefined triggers
if ($events_loc.badges) { if ($events_loc.badges) {
@@ -52,6 +76,7 @@ if ($events_loc.badges) {
// Variables // Variables
let show_create_badge_modal: boolean = $state(false); let show_create_badge_modal: boolean = $state(false);
let show_upload_badge_modal: boolean = $state(false); let show_upload_badge_modal: boolean = $state(false);
let create_badge_dialog: HTMLDialogElement | undefined = $state();
let event_badge_id_li: Array<string> = $state([]); let event_badge_id_li: Array<string> = $state([]);
let search_debounce_timer: any = null; let search_debounce_timer: any = null;
@@ -362,6 +387,49 @@ async function handle_search_refresh(params: any) {
<Comp_badge_search event_id={$events_slct?.event_id ?? ''} log_lvl={1} <Comp_badge_search event_id={$events_slct?.event_id ?? ''} log_lvl={1}
></Comp_badge_search> ></Comp_badge_search>
{#if $ae_loc.edit_mode}
<div class="flex justify-end px-4">
<button
type="button"
class="btn btn-sm preset-tonal-primary border-primary-500 border"
onclick={() => {
show_create_badge_modal = true;
create_badge_dialog?.showModal();
}}>
<UserPlus size="1em" />
Create Badge
</button>
</div>
{/if}
<!-- Create Badge modal — native <dialog> for focus trap + backdrop.
Clicking the backdrop closes it. The form remounts each open so state is fresh. -->
<dialog
bind:this={create_badge_dialog}
class="w-full max-w-lg rounded-xl border border-gray-200 bg-white p-0 shadow-2xl dark:border-gray-700 dark:bg-gray-900"
onclick={(e) => { if (e.target === create_badge_dialog) { create_badge_dialog?.close(); show_create_badge_modal = false; } }}
onclose={() => { show_create_badge_modal = false; }}>
<div class="border-surface-200-800 border-b px-5 py-3">
<h2 class="text-surface-900-50 text-base font-semibold">Create Badge</h2>
</div>
{#if show_create_badge_modal}
<Comp_badge_create_form
event_id={$events_slct?.event_id ?? ''}
template_li={$lq__badge_template_li ?? []}
onsuccess={() => {
create_badge_dialog?.close();
show_create_badge_modal = false;
// Trigger a remote-first refresh so the new badge appears in results
$events_loc.badges.search_version = ($events_loc.badges.search_version ?? 0) + 1;
$events_loc.badges.qry__remote_first = true;
}}
oncancel={() => {
create_badge_dialog?.close();
show_create_badge_modal = false;
}} />
{/if}
</dialog>
{#if $events_sess?.badges?.search_status === 'loading' && event_badge_id_li.length === 0} {#if $events_sess?.badges?.search_status === 'loading' && event_badge_id_li.length === 0}
<div <div
class="flex flex-col items-center justify-center p-10 text-center opacity-50"> class="flex flex-col items-center justify-center p-10 text-center opacity-50">
@@ -371,3 +439,13 @@ async function handle_search_refresh(params: any) {
{:else} {:else}
<Comp_badge_obj_li {lq__event_badge_obj_li} log_lvl={1}></Comp_badge_obj_li> <Comp_badge_obj_li {lq__event_badge_obj_li} log_lvl={1}></Comp_badge_obj_li>
{/if} {/if}
<style>
dialog {
margin: auto;
}
dialog::backdrop {
background: rgb(0 0 0 / 0.55);
backdrop-filter: blur(3px);
}
</style>

300
src/routes/events/[event_id]/(badges)/badges/ae_comp__badge_create_form.svelte
View File

@@ -1,20 +1,38 @@
<script lang="ts"> <script lang="ts">
// import { createEventDispatcher } from 'svelte';
import { Loader2 } from '@lucide/svelte'; import { Loader2 } from '@lucide/svelte';
import type { key_val } from '$lib/stores/ae_stores'; import type { key_val } from '$lib/stores/ae_stores';
import { events_func } from '$lib/ae_events/ae_events_functions'; import { events_func } from '$lib/ae_events/ae_events_functions';
import { ae_api } from '$lib/stores/ae_stores'; import { ae_api } from '$lib/stores/ae_stores';
import { api } from '$lib/api/api';
interface Props { interface Props {
event_id: string; event_id: string;
/** Template list for this event. Drives the template selector and badge_type_code_li. */
template_li?: Array<{ event_badge_template_id?: string | null; name?: string | null; badge_type_list?: string | null }>;
onsuccess?: (badge: any) => void; onsuccess?: (badge: any) => void;
oncancel?: () => void; oncancel?: () => void;
} }
let { event_id, onsuccess, oncancel }: Props = $props(); // Fallback badge type list used only when no template is loaded yet or the selected
// template has no badge_type_list defined.
const default_badge_type_code_li = [
{ code: 'current_member', name: 'Member' },
{ code: 'inactive_member', name: 'Non-Member' },
{ code: 'guest', name: 'Guest' },
{ code: 'ex_all', name: 'Exhibitor' },
{ code: 'staff', name: 'Staff' },
{ code: 'test', name: 'Test' }
];
// const dispatch = createEventDispatcher(); let {
event_id,
template_li = [],
onsuccess,
oncancel
}: Props = $props();
let given_name: string = $state('');
let family_name: string = $state('');
let full_name_override: string = $state(''); let full_name_override: string = $state('');
let professional_title_override: string = $state(''); let professional_title_override: string = $state('');
let affiliations_override: string = $state(''); let affiliations_override: string = $state('');
@@ -23,124 +41,242 @@ let email: string = $state('');
let allow_tracking: boolean = $state(false); let allow_tracking: boolean = $state(false);
let badge_type_code: string = $state(''); let badge_type_code: string = $state('');
let submit_status: string = $state('idle'); // idle, loading, success, error // Auto-select the first template when only one is available; otherwise let the user pick.
// event_badge_template_id is sent to the API so the badge renders with the correct layout.
let selected_template_id: string = $state('');
$effect(() => {
if (template_li.length === 1 && template_li[0].event_badge_template_id) {
selected_template_id = template_li[0].event_badge_template_id;
}
});
// Example badge type codes (from ae_comp__badge_search.svelte) // Derive badge type options from the selected template's badge_type_list JSON.
let badge_type_code_li = [ // Fall back to the hardcoded default when no template is selected or its list is empty.
{ code: 'current_member', name: 'Member' }, let badge_type_code_li = $derived.by(() => {
{ code: 'inactive_member', name: 'Non-Member' }, const tmpl = template_li.find((t) => t.event_badge_template_id === selected_template_id);
{ code: 'current_member_trainee', name: 'Trainee Member' }, if (!tmpl?.badge_type_list) return default_badge_type_code_li;
{ code: 'inactive_member_trainee', name: 'Trainee Non-Member' }, try {
{ code: 'ex_all', name: 'Exhibitor All Access' }, const parsed = JSON.parse(tmpl.badge_type_list);
{ code: 'ex_booth', name: 'Exhibitor Booth Staff' }, return Array.isArray(parsed) && parsed.length > 0 ? parsed : default_badge_type_code_li;
{ code: 'hftx', name: 'HFTX Master Academy' }, } catch {
{ code: 'mcs', name: 'MCS Master Academy' }, return default_badge_type_code_li;
{ code: 'pediatric', name: 'Pediatric' }, }
{ code: 'guest', name: 'Guest' }, });
{ code: 'staff', name: 'Staff' },
{ code: 'volunteer', name: 'Volunteer' }, // Only show the name override field if the user explicitly wants to customize it.
{ code: 'test', name: 'Test' } // The preview below the name fields shows what the badge will display — if that looks
]; // good they don't need to touch this.
let show_name_override: boolean = $state(false);
// Live preview of what will print on the badge if no override is set
let full_name_preview = $derived(
[given_name.trim(), family_name.trim()].filter(Boolean).join(' ') || '—'
);
// 'idle' | 'creating_person' | 'creating_badge' | 'success' | 'error'
let submit_status: string = $state('idle');
let error_msg: string = $state('');
async function handle_submit(event: Event) { async function handle_submit(event: Event) {
event.preventDefault(); event.preventDefault();
submit_status = 'loading'; submit_status = 'creating_person';
const data_to_create: key_val = { error_msg = '';
full_name_override,
professional_title_override,
affiliations_override,
location_override,
email,
allow_tracking,
badge_type_code
};
// Step 1: Create event_person — the identity record for this attendee.
// The V3 create endpoint returns { event_person_id }.
// We pass event_person_id to the badge so the backend resolves the FK.
let new_person: { event_person_id?: string; obj_id?: string; } | null = null;
try { try {
const new_badge = await events_func.create_ae_obj__event_badge({ const person_data: key_val = { given_name, family_name, email };
new_person = await events_func.create_ae_obj__event_person({
api_cfg: $ae_api, api_cfg: $ae_api,
event_id: event_id, event_id,
data_kv: data_to_create data_kv: person_data
}); });
if (new_badge) { } catch (err) {
console.error('Error creating event_person:', err);
submit_status = 'error';
error_msg = 'Failed to create attendee record.';
return;
}
const event_person_id = new_person?.event_person_id || new_person?.obj_id;
if (!event_person_id) {
submit_status = 'error';
error_msg = 'Attendee record created but returned no ID.';
return;
}
// Step 2: Create event_badge nested under event.
// POST /v3/crud/event/{event_id}/event_badge/
// Passing event_person_id so the backend links the badge to the person.
// Backend needs to handle event_badge creation without injecting event_id as a column
// (event_badge gets event_id through event_person in the view, not as a direct FK).
submit_status = 'creating_badge';
try {
const badge_data: key_val = {
event_person_id,
event_badge_template_id: selected_template_id || null,
given_name,
family_name,
email: email || null,
full_name_override: full_name_override || null,
professional_title_override: professional_title_override || null,
affiliations_override: affiliations_override || null,
location_override: location_override || null,
allow_tracking,
badge_type_code: badge_type_code || null
};
const new_badge = await api.create_nested_obj({
api_cfg: $ae_api,
parent_type: 'event_person',
parent_id: event_person_id,
child_type: 'event_badge',
fields: badge_data
});
if (new_badge?.event_badge_id) {
submit_status = 'success'; submit_status = 'success';
// dispatch('success', new_badge);
if (onsuccess) onsuccess(new_badge); if (onsuccess) onsuccess(new_badge);
} else { } else {
submit_status = 'error'; submit_status = 'error';
// dispatch('error', 'Failed to create badge'); error_msg = 'Badge record not returned from API.';
} }
} catch (error) { } catch (err) {
console.error('Error creating event_badge:', err);
submit_status = 'error'; submit_status = 'error';
console.error('Error creating badge:', error); error_msg = `Attendee record created (ID: ${event_person_id}) but badge creation failed.`;
// dispatch('error', error);
} }
} }
function handle_cancel() { function handle_cancel() {
// dispatch('cancel');
if (oncancel) oncancel(); if (oncancel) oncancel();
} }
let is_submitting = $derived(
submit_status === 'creating_person' || submit_status === 'creating_badge'
);
let step_label = $derived(
submit_status === 'creating_person'
? 'Creating attendee record…'
: submit_status === 'creating_badge'
? 'Creating badge…'
: ''
);
</script> </script>
<form onsubmit={handle_submit} class="space-y-4 p-4"> <form onsubmit={handle_submit} class="space-y-4 p-5">
<div class="grid grid-cols-2 gap-3">
<label class="label">
<span class="label-text">First Name</span>
<input
type="text"
bind:value={given_name}
class="input"
required
placeholder="Jane" />
</label>
<label class="label">
<span class="label-text">Last Name</span>
<input
type="text"
bind:value={family_name}
class="input"
required
placeholder="Smith" />
</label>
</div>
<!-- Live badge name preview. If it looks right, no override needed. -->
<div class="flex items-center justify-between gap-2 text-sm">
<span class="text-surface-400">Badge will show:
<span class="text-surface-900-50 font-semibold">{full_name_preview}</span>
</span>
<button
type="button"
class="text-primary-500 hover:text-primary-400 text-xs underline underline-offset-2"
onclick={() => { show_name_override = !show_name_override; }}>
{show_name_override ? 'Hide override' : 'Customize display name'}
</button>
</div>
{#if show_name_override}
<label class="label">
<span class="label-text">Display Name Override</span>
<input
type="text"
bind:value={full_name_override}
class="input"
placeholder="e.g. Dr. Jane Smith, PhD" />
</label>
{/if}
<label class="label"> <label class="label">
<span>Full Name Override</span> <span class="label-text">Email</span>
<input type="text" bind:value={full_name_override} class="input" /> <input type="email" bind:value={email} class="input" placeholder="jane@example.com" />
</label> </label>
{#if template_li.length > 1}
<!-- Template selector — only shown when the event has multiple templates.
Single-template events auto-select; the selector would just add noise. -->
<label class="label">
<span class="label-text">Badge Template</span>
<select bind:value={selected_template_id} class="select">
<option value="">-- Select Template --</option>
{#each template_li as tmpl (tmpl.event_badge_template_id)}
<option value={tmpl.event_badge_template_id}>{tmpl.name}</option>
{/each}
</select>
</label>
{/if}
<label class="label"> <label class="label">
<span>Professional Title Override</span> <span class="label-text">Badge Type</span>
<input
type="text"
bind:value={professional_title_override}
class="input" />
</label>
<label class="label">
<span>Affiliations Override</span>
<textarea bind:value={affiliations_override} class="textarea" rows="2"
></textarea>
</label>
<label class="label">
<span>Location Override</span>
<input type="text" bind:value={location_override} class="input" />
</label>
<label class="label">
<span>Email</span>
<input type="email" bind:value={email} class="input" />
</label>
<label class="label flex items-center gap-2">
<input type="checkbox" bind:checked={allow_tracking} class="checkbox" />
<span>Allow Tracking</span>
</label>
<label class="label">
<span>Badge Type</span>
<select bind:value={badge_type_code} class="select"> <select bind:value={badge_type_code} class="select">
<option value="">-- Select Badge Type --</option> <option value="">-- Select Badge Type --</option>
{#each badge_type_code_li as type_code_item (type_code_item.code)} {#each badge_type_code_li as item (item.code)}
<option value={type_code_item.code} <option value={item.code}>{item.name}</option>
>{type_code_item.name}</option>
{/each} {/each}
</select> </select>
</label> </label>
<div class="flex justify-end gap-2"> <hr class="border-surface-300-600" />
<label class="label">
<span class="label-text">Professional Title <span class="text-surface-400 font-normal">(optional)</span></span>
<input type="text" bind:value={professional_title_override} class="input" placeholder="e.g. Chief Medical Officer" />
</label>
<label class="label">
<span class="label-text">Organization <span class="text-surface-400 font-normal">(optional)</span></span>
<input type="text" bind:value={affiliations_override} class="input" placeholder="e.g. Acme Hospital" />
</label>
<label class="label">
<span class="label-text">Location <span class="text-surface-400 font-normal">(optional)</span></span>
<input type="text" bind:value={location_override} class="input" placeholder="City, State" />
</label>
<label class="flex items-center gap-2">
<input type="checkbox" bind:checked={allow_tracking} class="checkbox" />
<span class="text-sm">Allow lead tracking</span>
</label>
{#if submit_status === 'error'}
<p class="text-error-500 text-sm">{error_msg || 'An error occurred. Please try again.'}</p>
{/if}
<div class="flex items-center justify-end gap-2">
{#if is_submitting}
<span class="text-surface-400 flex items-center gap-1 text-sm">
<Loader2 size="1em" class="animate-spin" />
{step_label}
</span>
{/if}
<button <button
type="button" type="button"
class="btn preset-tonal-surface" class="btn preset-tonal-surface"
disabled={is_submitting}
onclick={handle_cancel}>Cancel</button> onclick={handle_cancel}>Cancel</button>
<button <button
type="submit" type="submit"
class="btn preset-filled-primary" class="btn preset-filled-primary"
disabled={submit_status === 'loading'}> disabled={is_submitting || !given_name || !family_name}>
{#if submit_status === 'loading'}
<Loader2 size="1em" class="animate-spin" aria-hidden="true" />
{/if}
Create Badge Create Badge
</button> </button>
</div> </div>
</form> </form>
{#if submit_status === 'success'}
<p class="text-green-500">Badge created successfully!</p>
{:else if submit_status === 'error'}
<p class="text-red-500">Error creating badge. Please try again.</p>
{/if}

129
src/routes/idaa/(idaa)/+layout.svelte
View File

@@ -26,15 +26,26 @@ interface Props {
let { data, children }: Props = $props(); let { data, children }: Props = $props();
// True while verification is in flight OR while waiting for site config to load. // UUID is set by Novi when loading the iframe — fixed for this page's lifetime.
// Pre-initialized to true if a UUID is present so there is no flash of "Access Denied" // Impersonation causes a full iframe reload (new page load), not a SvelteKit navigation,
// on first render before the effect has a chance to run. // so reading this once is correct and avoids reactive noise from client-side navigation.
let novi_verifying: boolean = $state( // NOTE: If Novi ever adds dynamic impersonation (no full reload), this needs revisiting —
typeof window !== 'undefined' && // reintroduce $derived.by on data.url and the UUID-change guards removed in this commit.
!!new URLSearchParams(window.location.search).get('uuid') const url_uuid = browser ? new URLSearchParams(window.location.search).get('uuid') : null;
);
// Effect 1: Set URL origin and params (unchanged from original) // True while the Novi API call is in flight.
// Pre-initialized to true when a UUID is present to prevent an "Access Denied" flash
// before the effect has a chance to run on first render.
let novi_verifying: boolean = $state(!!url_uuid);
// Concurrency guard — separate from novi_verifying (the UI spinner).
// Do NOT use novi_verifying as a concurrency guard: it is pre-initialized to true,
// which would cause the guard to fire immediately and skip verification entirely.
let verify_in_flight = false;
const VERIFIED_TTL_MS_DEFAULT = 5 * 60 * 1000; // 5 minutes
// Effect 1: Set URL origin and params
$effect(() => { $effect(() => {
untrack(() => { untrack(() => {
$ae_loc.url_origin = data.url.origin; $ae_loc.url_origin = data.url.origin;
@@ -47,54 +58,52 @@ $effect(() => {
}); });
// Effect 2: Novi UUID verification // Effect 2: Novi UUID verification
// Only fires when a uuid is present in the URL (i.e. the Novi iframe path). // The only reactive dependency is $ae_loc.site_cfg_json — the API key arrives async
// Non-Novi sign-in paths (User/Pass, shared passcode) will never have a uuid param, // via SWR background fetch and may not be populated on first render. Reading it outside
// so this block won't run for them — their permissions are unaffected. // untrack() ensures the effect re-runs when the config loads.
// The UUID is not reactive (read once above via window.location.search).
$effect(() => { $effect(() => {
if (!browser) return; if (!browser) return;
const uuid = data.url.searchParams.get('uuid'); // tracked — re-runs if URL changes const site_cfg = $ae_loc.site_cfg_json || {};
const api_key: string | null = site_cfg.novi_idaa_api_key ?? null;
// WHY tracked outside untrack: on first load the fast-path returns a stale Dexie const api_root: string = site_cfg.novi_api_root_url ?? 'https://www.idaa.org/api';
// cache, so site_cfg_json may be missing novi_idaa_api_key when this effect first const admin_li: string[] = site_cfg.novi_admin_li ?? [];
// runs. The background refresh in ae_core__site.ts pushes fresh cfg_json into const trusted_li: string[] = site_cfg.novi_trusted_li ?? [];
// $ae_loc after the API responds. Tracking here means this effect re-runs at that const ttl_ms: number = site_cfg.novi_verified_ttl_ms ?? VERIFIED_TTL_MS_DEFAULT;
// point and retries verification with the correct key — no manual reload needed.
const site_cfg_json = $ae_loc.site_cfg_json;
untrack(() => { untrack(() => {
if (!uuid) { if (!url_uuid) {
// No UUID in URL — non-Novi path, nothing to do here. // No UUID in URL — non-Novi path (user/pass or shared passcode sign-in).
$idaa_loc.novi_verified = false; $idaa_loc.novi_verified = false;
novi_verifying = false; novi_verifying = false;
return; return;
} }
// Already verified for this exact UUID — don't repeat the round-trip. if (verify_in_flight) return;
// This guard fires when site_cfg_json changes for reasons unrelated to Novi.
if ($idaa_loc.novi_verified && $idaa_loc.novi_uuid === uuid) { // TTL cache: skip if this UUID was recently verified.
// Prevents duplicate API calls when site_cfg_json updates multiple times (SWR pattern).
const now = Date.now();
if (
$idaa_loc.novi_verified &&
$idaa_loc.novi_uuid === url_uuid &&
$idaa_loc.novi_verified_ts &&
now - $idaa_loc.novi_verified_ts < ttl_ms
) {
if (log_lvl) console.log(`IDAA Layout: cached verification valid for ${url_uuid}`);
novi_verifying = false; novi_verifying = false;
return; return;
} }
// Load admin/trusted lists from site config first — needed by verify function. // Load admin/trusted lists before calling verify.
// Only override if site_cfg_json actually provides them; falling back to [] would // Only override when site_cfg provides them — don't wipe hardcoded defaults with [].
// silently overwrite the hardcoded defaults in ae_idaa_stores.ts. if (admin_li?.length) $idaa_loc.novi_admin_li = admin_li;
if (site_cfg_json?.novi_admin_li?.length) { if (trusted_li?.length) $idaa_loc.novi_trusted_li = trusted_li;
$idaa_loc.novi_admin_li = site_cfg_json.novi_admin_li;
}
if (site_cfg_json?.novi_trusted_li?.length) {
$idaa_loc.novi_trusted_li = site_cfg_json.novi_trusted_li;
}
const novi_api_key = site_cfg_json?.novi_idaa_api_key ?? null; verify_in_flight = true;
const novi_api_root_url =
site_cfg_json?.novi_api_root_url ?? 'https://www.idaa.org/api';
// Fire-and-forget the async verification. After the first await, Svelte's
// reactive tracking no longer applies, so writes to stores are safe.
novi_verifying = true; novi_verifying = true;
verify_novi_uuid(uuid, novi_api_key, novi_api_root_url); verify_novi_uuid(url_uuid, api_key, api_root);
}); });
}); });
@@ -102,31 +111,28 @@ $effect(() => {
* Verifies a Novi UUID against the Novi API and sets permissions accordingly. * Verifies a Novi UUID against the Novi API and sets permissions accordingly.
* "All or nothing" — if no API key is configured or the call fails, access is denied. * "All or nothing" — if no API key is configured or the call fails, access is denied.
* Called from within untrack(), so store writes here will not trigger reactive loops. * Called from within untrack(), so store writes here will not trigger reactive loops.
* On a 429 rate-limit response, waits 10 seconds and retries once before failing.
*/ */
async function verify_novi_uuid( async function verify_novi_uuid(
uuid: string, uuid: string,
api_key: string | null, api_key: string | null,
api_root_url: string api_root_url: string,
is_retry: boolean = false
) { ) {
console.log(`IDAA Layout: Starting Novi UUID verification for ${uuid}...`); console.log(`IDAA Layout: Starting Novi UUID verification for ${uuid}...`);
if (!api_key) { if (!api_key) {
// No Novi API key in site config. All-or-nothing means no UUID-based access. // No Novi API key in site config. All-or-nothing means no UUID-based access.
console.warn( console.warn('IDAA Layout: Novi API key not configured. UUID-based access denied.');
'IDAA Layout: Novi API key not configured. UUID-based access denied.'
);
$idaa_loc.novi_uuid = null; $idaa_loc.novi_uuid = null;
$idaa_loc.novi_email = null; $idaa_loc.novi_email = null;
$idaa_loc.novi_full_name = null; $idaa_loc.novi_full_name = null;
$idaa_loc.novi_verified = false; $idaa_loc.novi_verified = false;
verify_in_flight = false;
novi_verifying = false; novi_verifying = false;
return; return;
} }
try { try {
if (log_lvl > 1) {
console.log(`IDAA Layout: Verifying Novi UUID ${uuid} via API...`);
}
const headers = new Headers(); const headers = new Headers();
headers.append('Authorization', `Basic ${api_key}`); headers.append('Authorization', `Basic ${api_key}`);
const response = await fetch(`${api_root_url}/customers/${uuid}`, { const response = await fetch(`${api_root_url}/customers/${uuid}`, {
@@ -134,10 +140,18 @@ async function verify_novi_uuid(
headers headers
}); });
if (response.status === 429) {
if (is_retry) {
throw new Error(`Novi API rate limited for UUID ${uuid} (retry also failed)`);
}
console.warn(`IDAA Layout: Novi API rate limited (429) for ${uuid}. Retrying in 10s...`);
await new Promise<void>((resolve) => setTimeout(resolve, 10_000));
await verify_novi_uuid(uuid, api_key, api_root_url, true);
return;
}
if (!response.ok) { if (!response.ok) {
throw new Error( throw new Error(`Novi API returned ${response.status} for UUID ${uuid}`);
`Novi API returned ${response.status} for UUID ${uuid}`
);
} }
const result = await response.json(); const result = await response.json();
@@ -161,6 +175,7 @@ async function verify_novi_uuid(
$idaa_loc.novi_email = verified_email; $idaa_loc.novi_email = verified_email;
$idaa_loc.novi_full_name = verified_name; $idaa_loc.novi_full_name = verified_name;
$idaa_loc.novi_verified = true; $idaa_loc.novi_verified = true;
$idaa_loc.novi_verified_ts = Date.now();
console.log( console.log(
`IDAA Layout: Novi UUID verified. Name: ${verified_name}, Email: ${verified_email}` `IDAA Layout: Novi UUID verified. Name: ${verified_name}, Email: ${verified_email}`
@@ -178,21 +193,12 @@ async function verify_novi_uuid(
// PERMISSION UPGRADE STRATEGY: only apply if higher than current level. // PERMISSION UPGRADE STRATEGY: only apply if higher than current level.
// This prevents a global 'manager' from being downgraded by the IDAA layout. // This prevents a global 'manager' from being downgraded by the IDAA layout.
const current_level = $ae_loc.access_type || 'anonymous'; const current_level = $ae_loc.access_type || 'anonymous';
if ( if (ae_util.compare_access_levels(target_novi_level, current_level) === 1) {
ae_util.compare_access_levels(target_novi_level, current_level) ===
1
) {
console.log( console.log(
`IDAA Layout: Upgrading access from ${current_level} to ${target_novi_level} (Novi verified)` `IDAA Layout: Upgrading access from ${current_level} to ${target_novi_level} (Novi verified)`
); );
const perms = ae_util.process_permission_checks(target_novi_level); const perms = ae_util.process_permission_checks(target_novi_level);
$ae_loc = { ...$ae_loc, ...perms }; $ae_loc = { ...$ae_loc, ...perms };
} else {
if (log_lvl > 1) {
console.log(
`IDAA Layout: Keeping current access ${current_level} (Novi level ${target_novi_level} is not an upgrade)`
);
}
} }
// Reset BB query filters to safe defaults in case they were left in a non-default state. // Reset BB query filters to safe defaults in case they were left in a non-default state.
@@ -209,6 +215,7 @@ async function verify_novi_uuid(
$idaa_loc.novi_full_name = null; $idaa_loc.novi_full_name = null;
$idaa_loc.novi_verified = false; $idaa_loc.novi_verified = false;
} finally { } finally {
verify_in_flight = false;
novi_verifying = false; novi_verifying = false;
} }
} }

12
static/idaa_novi_iframe_jitsi_meeting.html
View File

@@ -29,11 +29,15 @@
let novi_customer_uid = '<%=Novi.User.CustomerUniqueId%>'; // NOTE: The Novi UUID for the current current user/customer let novi_customer_uid = '<%=Novi.User.CustomerUniqueId%>'; // NOTE: The Novi UUID for the current current user/customer
console.log(`Novi's Current User's ID: ${novi_customer_uid}`); console.log(`Novi's Current User's ID: ${novi_customer_uid}`);
let novi_group_uid = 'check-Novi-Group-UID';
// let novi_category_id = ''; // Not in use yet or at all?
// NOTE: Change the room_name value to the desired Jitsi room name for the meeting. // NOTE: Change the room_name value to the desired Jitsi room name for the meeting.
// Example meeting room names:
// 'IDAA-Meeting' 'IDAA-Student-and-Resident-Meeting' 'IDAA-Couples-Meeting' 'IDAA-BIPOC-Meeting'
let room_name = 'IDAA-Example-Meeting'; // // NOTE: Change this example meeting room name let room_name = 'IDAA-Example-Meeting'; // // NOTE: Change this example meeting room name
// Example meeting room names: 'IDAA-Meeting' 'IDAA-Student-and-Resident-Meeting'
// let novi_group_id = ''; // Not in use yet
// let novi_category_id = ''; // Not in use yet
// WARNING:Do *not* use relative paths here. They must be direct to the site OSIT is hosting for IDAA. This value must point to the Svelte Jitsi page. // WARNING:Do *not* use relative paths here. They must be direct to the site OSIT is hosting for IDAA. This value must point to the Svelte Jitsi page.
let idaa_osit_ae_api_root_url = let idaa_osit_ae_api_root_url =
@@ -50,7 +54,7 @@
); );
idaa_ae_iframe_element.src = idaa_ae_iframe_element.src =
`${idaa_osit_ae_api_root_url}?uuid=${novi_customer_uid}&iframe=true&key=${idaa_osit_ae_site_key}&room=${room_name}` `${idaa_osit_ae_api_root_url}?uuid=${novi_customer_uid}&g_uuid=${novi_group_uid}&iframe=true&key=${idaa_osit_ae_site_key}&room=${room_name}`
; ;
</script> </script>