search

calcom / cal.com

Scheduling infrastructure for absolutely everyone.
https://cal.com
Other
32.37k stars 7.98k forks source link

(Draft) RFC: Gates for Events #1913

Closed agustif closed 2 years ago

agustif commented 2 years ago

After recently joining the team at cal.com, I’ve been tasked re-factoring our current implementation of the web3 integration of cryptowallets with metamask.

As I started porting the integration to use wagmi library. We saw the potential for a new abstraction to fit both the new web3 usability (Booking restriction of holding an ERC-20 Token by introducing the SmartContractAddreess in the event additional settings) and to also allow to ship some other cool features in the shape of different Gates, being able to solve some open issues on new features requested by our users on the process.

We propose the implementation of a new Gate or gating system, which could include some different Gates to use in the core, and also by extended by plugins or 3rd party integrations by providing their owng gates when appropiate

In this new system a customer could set in each booking type could select one or different Gates enabled on it, with different settings or verification checks in place.

Web3 Gate

As an example, the new implementation of the web3 gate could be enabled, and have some settings.

By default and as only enabled and not other settings, you could require the user has a valid crypto wallet and validates with it before booking.

By adding a smartContractAddress, we could check if the user has a balance bigger than 0 of the specific token.

By adding a minAmount, you could limit the booking of holders of more than X token.

By adding a minHodlingTime amount, you could check if x hours/days in the past, they were also holding the same minAmount of such token.

Allowed list of wallets

we could provide gating to only an allowed list of wallets, good for KYC pre-approved wallets and such.

Password Gate

If enabled, would require a password input, which the user booking should provide before being able to book the event.

Use a 6 digit randomly generated PIN. Allow to change it for new one. Disallow more than a reasonable (20?) amounts of tries before locking out to avoid a brute force attack.

Allowlist Email Gate

This one could be useful for companies.

Allow only bookings by a list of allowed of either full emails, or domains. Maybe an easy upload or a contacts view will be nice to have

Ip/geolocation Gate

This one hasn’t been asked for yet as far as I know. But for big enterprise

AnonGate

Allow hiding different stuff from the booking like the link #1893

Allow the generation of one or several random or not but different than the canonical aliases to the booking. That could have an expiryDate or not. We could also allow tracking so you can have different links in different platforms/marketing channels or somehing like that… and know how many visits/bookings/got you each.

PaymentGate

Make a general payment gate each payment providers like (Stripe, Paypal, etc) can implement or hook into in order to restrict bookings to

PatreonGate + Patreon Login w\ next-auth

Leverage patreon subscription tiers to allow creators to be booked by their audience on different types of events.

We could look into a one to many extra alternative for daily (video streaming) like mux or whatever saas we like if any big creators start using us

PeerRich commented 2 years ago

love this. i think the "Disposable Email Gate" should be a default core feature and always warn booking receivers about the incoming booking request and not be a "gate"

zomars commented 2 years ago

Would the paid bookings fit into these gates? We could do abstract away into a StripeGate, PayPalGate, etc.

agustif commented 2 years ago

Would the paid bookings fit into these gates? We could do abstract away into a StripeGate, PayPalGate, etc.

Yeah I think so! I think each integration could provide it's extra gates when enabled.

In another note We also commented of subscription roles in stripe or patreon to book events. (Patreon is available in next-auth as SSO provider I think) and seems like a good perk for patrons exclusive booking access.