From f35fe395c667fa6d6718ce3d2f53bbf2b2d58a54 Mon Sep 17 00:00:00 2001
From: Andy Burke <andy.burke@mailbox.earth>
Date: Fri, 3 Oct 2025 15:25:20 -0700
Subject: [PATCH] fix: append new blurbs properly

---
 public/api/users/index.ts         | 49 ++++++++++++++++++++++++++++++-
 public/tabs/blurbs/new_blurb.html |  2 +-
 2 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/public/api/users/index.ts b/public/api/users/index.ts
index 6ac6b9c..9878d42 100644
--- a/public/api/users/index.ts
+++ b/public/api/users/index.ts
@@ -1,5 +1,6 @@
 import { PASSWORD_ENTRIES, PASSWORD_ENTRY } from '../../../models/password_entry.ts';
 import { USER, USERS } from '../../../models/user.ts';
+import { SIGNUP, SIGNUPS } from '../../../models/signups.ts';
 import lurid from '@andyburke/lurid';
 import { encodeBase64 } from '@std/encoding';
 import parse_body from '../../../utils/bodyparser.ts';
@@ -7,6 +8,8 @@ import { create_new_session, SESSION_RESULT } from '../auth/index.ts';
 import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../utils/prechecks.ts';
 import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
 import * as bcrypt from '@da/bcrypt';
+import { WALK_ENTRY } from '@andyburke/fsdb';
+import { INVITE_CODE, INVITE_CODES } from '../../../models/invites.ts';
 
 // TODO: figure out a better solution for doling out permissions
 const DEFAULT_USER_PERMISSIONS: string[] = [
@@ -71,11 +74,13 @@ export async function GET(_req: Request, meta: Record<string, any>): Promise<Res
 // POST /api/users - Create user
 export async function POST(req: Request, meta: Record<string, any>): Promise<Response> {
 	try {
+		const new_user_id = lurid();
 		const now = new Date().toISOString();
 
 		const body = await parse_body(req);
 		const username: string = body.username?.trim() ?? '';
 		const normalized_username = username.toLowerCase();
+		const submitted_invite_code = body.invite_code?.trim();
 
 		const existing_user_with_username = (await USERS.find({
 			normalized_username
@@ -107,8 +112,50 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
 			});
 		}
 
-		const user: USER = {
+		const invite_code: INVITE_CODE | undefined = typeof submitted_invite_code === 'string' && submitted_invite_code.length
+			? (await INVITE_CODES.find({
+				code: submitted_invite_code
+			})).shift()?.load()
+			: undefined;
+
+		const is_expired = invite_code?.timestamps.expires ? now <= invite_code.timestamps.expires : true;
+		const is_limited = invite_code?.limit
+			? (await SIGNUPS.find({
+				referring_invite_code_id: invite_code.id
+			}, {
+				limit: invite_code.limit
+			})).length >= invite_code.limit
+			: false;
+
+		if (!invite_code || is_expired || is_limited) {
+			return Response.json({
+				error: {
+					cause: 'invalid_signup_code',
+					message: 'Could not find an active signup code given this information.',
+					meta: {
+						exists: !!invite_code,
+						is_expired,
+						is_limited
+					}
+				}
+			}, {
+				status: 400
+			});
+		}
+
+		const signup: SIGNUP = {
 			id: lurid(),
+			user_id: new_user_id,
+			invite_code_id: invite_code.id,
+			referring_user_id: invite_code.creator_id,
+			timestamps: {
+				created: now
+			}
+		};
+		await SIGNUPS.create(signup);
+
+		const user: USER = {
+			id: new_user_id,
 			username,
 			permissions: DEFAULT_USER_PERMISSIONS,
 			timestamps: {
diff --git a/public/tabs/blurbs/new_blurb.html b/public/tabs/blurbs/new_blurb.html
index 8a17db5..67b47ec 100644
--- a/public/tabs/blurbs/new_blurb.html
+++ b/public/tabs/blurbs/new_blurb.html
@@ -36,7 +36,7 @@
 			width: 100%;
 			transition: all 0.5s;
 		"
-		on_reply="async (blurb) => { await append_blurbs([blurb]); }"
+		on_reply="async (blurb) => { await render_blurb(blurb); }"
 		on_parsed="async (blurb) => { await render_blurb(blurb); document.getElementById(blurb.id)?.classList.add('sending'); }"
 	>
 		<input type="hidden" name="type" value="blurb" />