churchcred 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bd74f33e298a9cb487e6465ec99157867f8c2eccdb92aa8fca67dbab77d9527b
+  data.tar.gz: 2f60880eb8289cb3248ebacad4f817a7ea730e68641e91d5e1cb94f8f0f1f580
+SHA512:
+  metadata.gz: 4a8e4f85b69bd8de2a64ec525ef128ada868352a2725bbdcff8120fda93d87a00114614dd4cea2275953c385af5c8fb68993ac5e5bb2228689603c81a7017c0d
+  data.tar.gz: 28f6f39f3e80b2411770648333ad96991b9a33030450a2c9bce4de09d6ce36fb321d69f061f0d59389b01d201cd11d14848e689761e4e2d08b0724abcaf62dbb

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Chad Singleton
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,3 @@
+# Welcome to your Lovable project
+
+TODO: Document your project here

data/app/blueprints/badge_blueprint.rb

@@ -0,0 +1,36 @@
+class BadgeBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :name, :description, :category, :criteria, :criteria_type,
+         :threshold, :color, :icon, :active, :total_awarded
+
+  # When rendering a member's earned badges, pass awards: BadgeAward collection
+  view :with_earned do
+    field :earned do |badge, options|
+      options[:awards]&.any? { |a| a.badge_id == badge.id }
+    end
+
+    field :earned_date do |badge, options|
+      options[:awards]&.find { |a| a.badge_id == badge.id }&.earned_date
+    end
+
+    field :progress do |badge, options|
+      options[:awards]&.any? { |a| a.badge_id == badge.id } ? badge.threshold : 0
+    end
+  end
+
+  # When rendering all badges for a member (index), pass user: User
+  view :with_progress do
+    field :earned do |badge, options|
+      badge.badge_awards.where(user: options[:user]).exists?
+    end
+
+    field :earned_date do |badge, options|
+      badge.badge_awards.find_by(user: options[:user])&.earned_date
+    end
+
+    field :progress do |badge, options|
+      badge.progress_for(options[:user])
+    end
+  end
+end

data/app/blueprints/merch_item_blueprint.rb

@@ -0,0 +1,5 @@
+class MerchItemBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :name, :description, :point_cost, :inventory_count, :image_url, :status
+end

data/app/blueprints/organization_blueprint.rb

@@ -0,0 +1,11 @@
+class OrganizationBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :name, :subdomain,
+         :points_per_sunday, :points_per_wednesday,
+         :points_per_volunteer_hour, :points_per_special_event
+
+  view :compact do
+    fields :name, :subdomain
+  end
+end

data/app/blueprints/points_ledger_entry_blueprint.rb

@@ -0,0 +1,18 @@
+class PointsLedgerEntryBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :date, :source, :points
+
+  field :type do |entry|
+    entry.transaction_type
+  end
+
+  # Running balance is computed client-side from ledger order;
+  # expose a balance field so the front-end doesn't have to change
+  field :balance do |entry|
+    entry.user.points_ledger_entries
+         .where("date <= ?", entry.date)
+         .where("id <= ?", entry.id)
+         .sum(:points)
+  end
+end

data/app/blueprints/redemption_blueprint.rb

@@ -0,0 +1,7 @@
+class RedemptionBlueprint < Blueprinter::Base
+  identifier :id
+
+  field :merch_item_id
+  field :status
+  field :created_at
+end

data/app/blueprints/sync_log_blueprint.rb

@@ -0,0 +1,5 @@
+class SyncLogBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :timestamp, :event_type, :members_affected, :status, :details
+end

data/app/blueprints/user_blueprint.rb

@@ -0,0 +1,32 @@
+class UserBlueprint < Blueprinter::Base
+  identifier :id
+
+  fields :name, :email, :role, :avatar_url, :pco_person_id
+
+  field :total_points do |user|
+    user.points_ledger_entries.sum(:points)
+  end
+
+  view :with_org do
+    field :org do |user|
+      OrganizationBlueprint.render_as_hash(user.organization, view: :compact)
+    end
+  end
+
+  # Used by /admin/members
+  view :admin_list do
+    fields :name, :email, :avatar_url, :pco_person_id
+
+    field :total_points do |user|
+      user.points_ledger_entries.sum(:points)
+    end
+
+    field :badges_earned do |user|
+      user.badge_awards.count
+    end
+
+    field :last_sync_date do |user|
+      user.points_ledger_entries.maximum(:date)
+    end
+  end
+end

data/app/channels/application_cable/channel.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Channel < ActionCable::Channel::Base
+  end
+end

data/app/channels/application_cable/connection.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+  end
+end

data/app/controllers/api/v1/admin/members_controller.rb

@@ -0,0 +1,20 @@
+module Api
+  module V1
+    module Admin
+      class MembersController < BaseController
+        before_action :require_admin!
+
+        def index
+          members = current_user.organization.users
+                                .order(:name)
+                                .page(params[:page])
+                                .per(params[:per_page] || 50)
+          render json: UserBlueprint.render(members, view: :admin_list)
+        end
+
+        private
+
+      end
+    end
+  end
+end

data/app/controllers/api/v1/admin/stats_controller.rb

@@ -0,0 +1,45 @@
+module Api
+  module V1
+    module Admin
+      class StatsController < BaseController
+        before_action :require_admin!
+
+        def show
+          org = current_user.organization
+
+          render json: {
+            total_members: org.users.count,
+            badges_awarded_this_month: BadgeAward.joins(:badge)
+                                                  .where(badges: { organization: org })
+                                                  .where(earned_date: Time.current.all_month)
+                                                  .count,
+            points_distributed_this_month: PointsLedgerEntry.joins(:user)
+                                                              .where(users: { organization: org })
+                                                              .where(date: Time.current.all_month)
+                                                              .sum(:points),
+            pending_redemptions: Redemption.joins(merch_item: :organization)
+                                            .where(merch_items: { organization: org })
+                                            .where(status: "pending")
+                                            .count,
+            attendance_trend: attendance_trend(org)
+          }
+        end
+
+        private
+
+        def attendance_trend(org)
+          6.downto(0).map do |months_ago|
+            date = months_ago.months.ago
+            count = PointsLedgerEntry.joins(:user)
+                                     .where(users: { organization: org })
+                                     .where(transaction_type: "attendance")
+                                     .where(date: date.all_month)
+                                     .count
+            { month: date.strftime("%b"), count: count }
+          end.reverse
+        end
+
+      end
+    end
+  end
+end

data/app/controllers/api/v1/badges_controller.rb

@@ -0,0 +1,43 @@
+module Api
+  module V1
+    class BadgesController < BaseController
+      before_action :require_admin!, only: %i[create update destroy]
+
+      def index
+        badges = current_user.organization.badges.active
+        render json: BadgeBlueprint.render(badges, view: :with_progress, user: current_user)
+      end
+
+      def create
+        badge = current_user.organization.badges.build(badge_params)
+        if badge.save
+          render json: BadgeBlueprint.render(badge), status: :created
+        else
+          render json: { errors: badge.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      def update
+        badge = current_user.organization.badges.find(params[:id])
+        if badge.update(badge_params)
+          render json: BadgeBlueprint.render(badge)
+        else
+          render json: { errors: badge.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      def destroy
+        current_user.organization.badges.find(params[:id]).destroy
+        head :no_content
+      end
+
+      private
+
+      def badge_params
+        params.require(:badge).permit(:name, :description, :category, :criteria,
+                                      :criteria_type, :threshold, :color, :icon, :active)
+      end
+
+    end
+  end
+end

data/app/controllers/api/v1/base_controller.rb

@@ -0,0 +1,27 @@
+module Api
+  module V1
+    class BaseController < ActionController::API
+      before_action :authenticate!
+
+      private
+
+      def authenticate!
+        token = request.headers["Authorization"]&.split(" ")&.last
+        payload = JWT.decode(token, Rails.application.secret_key_base, true, algorithm: "HS256").first
+        @current_user = User.find(payload["user_id"])
+      rescue JWT::DecodeError, ActiveRecord::RecordNotFound
+        render json: { error: "Unauthorized" }, status: :unauthorized
+      end
+
+      def current_user = @current_user
+
+      def require_admin!
+        render json: { error: "Forbidden" }, status: :forbidden unless current_user.admin?
+      end
+
+      def render_json(blueprint, object, **opts)
+        render json: blueprint.render(object, **opts)
+      end
+    end
+  end
+end

data/app/controllers/api/v1/me_controller.rb

@@ -0,0 +1,19 @@
+module Api
+  module V1
+    class MeController < BaseController
+      def show
+        render json: UserBlueprint.render(current_user, view: :with_org)
+      end
+
+      def badges
+        awards = current_user.badge_awards.includes(:badge).order(earned_date: :desc)
+        render json: BadgeBlueprint.render(awards.map(&:badge), view: :with_earned, awards: awards)
+      end
+
+      def points_ledger
+        entries = current_user.points_ledger_entries.order(date: :desc)
+        render json: PointsLedgerEntryBlueprint.render(entries)
+      end
+    end
+  end
+end

data/app/controllers/api/v1/merch_items_controller.rb

@@ -0,0 +1,43 @@
+module Api
+  module V1
+    class MerchItemsController < BaseController
+      before_action :require_admin!, only: %i[create update destroy]
+
+      def index
+        items = current_user.organization.merch_items.order(:name)
+        render json: MerchItemBlueprint.render(items)
+      end
+
+      def create
+        item = current_user.organization.merch_items.build(item_params)
+        if item.save
+          render json: MerchItemBlueprint.render(item), status: :created
+        else
+          render json: { errors: item.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      def update
+        item = current_user.organization.merch_items.find(params[:id])
+        if item.update(item_params)
+          render json: MerchItemBlueprint.render(item)
+        else
+          render json: { errors: item.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      def destroy
+        current_user.organization.merch_items.find(params[:id]).destroy
+        head :no_content
+      end
+
+      private
+
+      def item_params
+        params.require(:merch_item).permit(:name, :description, :point_cost,
+                                           :inventory_count, :image_url, :status)
+      end
+
+    end
+  end
+end

data/app/controllers/api/v1/organizations_controller.rb

@@ -0,0 +1,29 @@
+module Api
+  module V1
+    class OrganizationsController < BaseController
+      before_action :require_admin!, only: %i[update]
+
+      def show
+        render json: OrganizationBlueprint.render(current_user.organization)
+      end
+
+      def update
+        org = current_user.organization
+        if org.update(org_params)
+          render json: OrganizationBlueprint.render(org)
+        else
+          render json: { errors: org.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      private
+
+      def org_params
+        params.require(:organization).permit(:name, :subdomain, :points_per_sunday,
+                                             :points_per_wednesday, :points_per_volunteer_hour,
+                                             :points_per_special_event)
+      end
+
+    end
+  end
+end

data/app/controllers/api/v1/redemptions_controller.rb

@@ -0,0 +1,35 @@
+module Api
+  module V1
+    class RedemptionsController < BaseController
+      def create
+        item = current_user.organization.merch_items.find(redemption_params[:merch_item_id])
+
+        if item.out_of_stock?
+          return render json: { error: "Item is out of stock" }, status: :unprocessable_entity
+        end
+
+        if current_user.total_points < item.point_cost
+          return render json: { error: "Insufficient points" }, status: :unprocessable_entity
+        end
+
+        redemption = current_user.redemptions.build(merch_item: item, status: "pending")
+
+        ActiveRecord::Base.transaction do
+          redemption.save!
+          item.decrement!(:inventory_count)
+          item.update_status!
+        end
+
+        render json: RedemptionBlueprint.render(redemption), status: :created
+      rescue ActiveRecord::RecordInvalid => e
+        render json: { errors: e.record.errors.full_messages }, status: :unprocessable_entity
+      end
+
+      private
+
+      def redemption_params
+        params.require(:redemption).permit(:merch_item_id)
+      end
+    end
+  end
+end

data/app/controllers/api/v1/sessions_controller.rb

@@ -0,0 +1,24 @@
+module Api
+  module V1
+    class SessionsController < ActionController::API
+      def create
+        user = User.find_by(email: params[:email])
+
+        if user&.authenticate(params[:password])
+          token = JWT.encode(
+            { user_id: user.id, exp: 24.hours.from_now.to_i },
+            Rails.application.secret_key_base,
+            "HS256"
+          )
+          render json: { token:, user: UserBlueprint.render_as_hash(user, view: :with_org) }
+        else
+          render json: { error: "Invalid email or password" }, status: :unauthorized
+        end
+      end
+
+      def destroy
+        head :no_content
+      end
+    end
+  end
+end

data/app/controllers/api/v1/sync_controller.rb

@@ -0,0 +1,15 @@
+module Api
+  module V1
+    class SyncController < BaseController
+      before_action :require_admin!
+
+      def create
+        PcoSyncJob.perform_later(current_user.organization_id)
+        render json: { status: "started", timestamp: Time.current.iso8601 }
+      end
+
+      private
+
+    end
+  end
+end

data/app/controllers/api/v1/sync_logs_controller.rb

@@ -0,0 +1,15 @@
+module Api
+  module V1
+    class SyncLogsController < BaseController
+      before_action :require_admin!
+
+      def index
+        logs = current_user.organization.sync_logs.order(timestamp: :desc).limit(50)
+        render json: SyncLogBlueprint.render(logs)
+      end
+
+      private
+
+    end
+  end
+end

data/app/controllers/application_controller.rb

@@ -0,0 +1,6 @@
+class ApplicationController < ActionController::Base
+  # Serve the Vite/React SPA for any non-API HTML request
+  def frontend
+    render file: Rails.root.join("public/index.html")
+  end
+end

data/app/controllers/auth/pco_controller.rb

@@ -0,0 +1,59 @@
+module Auth
+  class PcoController < ActionController::Base
+    PCO_AUTH_URL   = "https://api.planningcenteronline.com/oauth/authorize"
+    PCO_TOKEN_URL  = "https://api.planningcenteronline.com/oauth/token"
+
+    before_action :require_admin_token!
+
+    # Step 1: redirect admin to PCO consent screen
+    def authorize
+      params = {
+        client_id:     ENV["PCO_CLIENT_ID"],
+        redirect_uri:  callback_url,
+        response_type: "code",
+        scope:         "people check_ins services"
+      }
+      redirect_to "#{PCO_AUTH_URL}?#{params.to_query}", allow_other_host: true
+    end
+
+    # Step 2: PCO redirects back here with ?code=...
+    def callback
+      response = HTTParty.post(PCO_TOKEN_URL, body: {
+        grant_type:    "authorization_code",
+        code:          params[:code],
+        client_id:     ENV["PCO_CLIENT_ID"],
+        client_secret: ENV["PCO_CLIENT_SECRET"],
+        redirect_uri:  callback_url
+      })
+
+      if response.success?
+        body = response.parsed_response
+        Rails.logger.info "PCO token response keys: #{body.keys}"
+        org  = Organization.find_by(subdomain: "jubilee") || Organization.first
+        org.update!(
+          pco_access_token:  body["access_token"],
+          pco_refresh_token: body["refresh_token"]
+        )
+        render plain: "✅ PCO connected! Keys received: #{body.keys.join(', ')}. You can close this tab."
+      else
+        render plain: "❌ OAuth failed: #{response.body}", status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def require_admin_token!
+      token = request.headers["Authorization"]&.split(" ")&.last ||
+              params[:token]
+      payload = JWT.decode(token, Rails.application.secret_key_base, true, algorithm: "HS256").first
+      user = User.find(payload["user_id"])
+      render plain: "Forbidden", status: :forbidden unless user.admin?
+    rescue JWT::DecodeError, ActiveRecord::RecordNotFound
+      render plain: "Unauthorized", status: :unauthorized
+    end
+
+    def callback_url
+      "#{request.base_url}/auth/pco/callback"
+    end
+  end
+end

data/app/jobs/application_job.rb

@@ -0,0 +1,7 @@
+class ApplicationJob < ActiveJob::Base
+  # Automatically retry jobs that encountered a deadlock
+  # retry_on ActiveRecord::Deadlocked
+
+  # Most jobs are safe to ignore if the underlying records are no longer available
+  # discard_on ActiveJob::DeserializationError
+end