Skip to content

Auth: Invite system + registration endpoint #123

Closed
Closed
Auth: Invite system + registration endpoint#123
Labels
enhancementNew feature or request
@EricGrill

Description

@EricGrill
EricGrill
opened on Apr 5, 2026

Auth System — Step 4 (Backend)

Invite-gated registration. No open signup — users must be invited by an admin/farm_owner/foreman.

Endpoints:

  • POST /api/auth/invites — create invite (admin/farm_owner → any role, foreman → worker only)
  • GET /api/auth/invites/:token — validate invite (public, shows farm name + role)
  • DELETE /api/auth/invites/:id — revoke invite
  • GET /api/farms/:farmId/invites — list pending invites
  • POST /api/auth/register — accept invite, create account, auto-login

Registration flow:

  1. Validate invite token (not expired, not accepted)
  2. Create user (email/phone + bcrypt password)
  3. Create user_farm_roles entry
  4. Link to existing workers row if phone matches
  5. Mark invite as accepted
  6. Return tokens (user is logged in)

Implementation:

  • Invite CRUD in backend/src/routes/auth.js
  • Registration with invite validation
  • Worker record linking (match phone + farm_id)
  • Invite expiry: 72 hours default
  • Role hierarchy enforcement on invite creation

Depends on: Login endpoints
Design doc: docs/AUTH.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions