[FEAT]: Create Organization Invitation Link -Backend

Micah-Shallom commented 3 months ago

Description

Create an API endpoint to generate invitation links for inviting users to join an organization. This endpoint will validate the input data, ensure proper authorization, and generate a unique invitation link for the specified organization.

Acceptance Criteria

API Endpoint Implementation:

The endpoint should be accessible at /api/v1/invite/create.
The endpoint should accept HTTP POST requests.

Authentication and Authorization:

Only JWT authenticated users can create an invitation link.
The user creating the invitation link must be an admin of the specified organization.

Data Validation and Sanitization:

The API should validate the request payload to ensure the required fields (organizationId, email) are present and valid.
Validate the email format to ensure it is correctly formatted.
Verify the organizationId to ensure the organization exists and the user has admin privileges.

Invitation Link Generation:

Upon successful validation, the API should generate a unique invitation link for the specified organization.
The generated invitation link should be stored in the database with an expiration date (e.g., 7 days).

Email Sending:

(Optional) The API should send an email containing the invitation link to the specified email address.
The email should contain a clear and concise message with the invitation link.

Response:

On success, the API should return a 201 Created status code with the invitation link and a success message.
On failure, the API should return a 400 Bad Request status code with appropriate error messages.

Request Example:

POST /api/v1/invite/create

{
  "organizationId": "string",
  "email": "string"
}

Successful Response:

{
  "message": "Invitation link created and sent successfully",
  "data": {
    "invitationLink": "string"
  },
  "status_code": 201
}

Error Response:

{
  "message": "Failed to create invitation link",
  "errors": [
    "Invalid organization ID",
    "Email format is incorrect",
    "User is not authorized to create invitation link for this organization"
  ],
  "status_code": 400
}

Purpose

Provides a backend service to generate unique invitation links for inviting users to join an organization, ensuring the data is valid, the user is authorized, the link is stored with an expiration date, and optionally sending the invitation link via email.

Requirements

[ ] Develop server-side logic to handle invitation link creation.
[ ] Validate and sanitize incoming data.
[ ] Ensure only authorized users (organization admins) can create invitation links.
[ ] Generate and store unique invitation links with expiration dates.
[ ] (Optional) Send the generated invitation link via email to the specified address.

Expected Outcome

The API endpoint allows administrators to generate invitation links for inviting users to join an organization, ensuring the links are valid, stored with expiration dates, and optionally emailed to the intended recipient.

Status Codes

201: Invitation link was successfully created.
400:
- Invalid organization ID
- Email format is incorrect
- User is not authorized to create invitation link for this organization
500: A server error occurred

Testing

[ ] Write unit tests to ensure the invitation link endpoint validates input correctly and checks user authorization.
[ ] Perform load testing to ensure the endpoint can handle multiple requests.
[ ] Test various scenarios for submitting the invitation link (e.g., valid link, expired link, malformed link, unauthorized user, etc.).

Additional Considerations:

Rate Limiting: Implement rate limiting to prevent abuse of the invitation creation endpoint.
Logging: Add logging to monitor invitation link creation attempts and successes/failures.

Micah-Shallom commented 3 months ago

Approved Issue - https://github.com/hngprojects/hng_boilerplate_nestjs/issues/113#issue-2413269113

Micah-Shallom commented 3 months ago

I added some logical enhancements and modifications to the ticket to improve security, usability, and functionality

Only JWT authenticated users can create an invitation link.
The user creating the invitation link must be an admin of the specified organization.
Implement rate limiting to prevent abuse of the invitation creation endpoint.

These modifications will ensure that the invitation link creation process is secure, only authorized users can create links, and the system is robust against common issues such as invalid data and unauthorized access.

@NwokoyeChigozie

hngprojects / hng_boilerplate_golang_web