feat: add resend capability for platform and account invite codes

Revoke-and-recreate flow for both invite systems with email delivery via Resend API. Includes account invite email template and audit logging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:45:23 -05:00
parent a1f5127e98
commit 3c47292eaf
8 changed files with 390 additions and 7 deletions
--- a/backend/app/api/endpoints/accounts.py
+++ b/backend/app/api/endpoints/accounts.py
@@ -9,6 +9,8 @@ from sqlalchemy import select

 from app.core.database import get_db
 from app.core.subscriptions import get_account_subscription, get_plan_limits, get_account_usage
+from app.core.audit import log_audit
+from app.core.email import EmailService
 from app.models.account import Account
 from app.models.account_invite import AccountInvite
 from app.models.subscription import Subscription
@@ -222,6 +224,88 @@ async def create_invite(
    return invite


+@router.post("/me/invites/{invite_id}/resend", response_model=AccountInviteResponse)
+async def resend_invite(
+    invite_id: UUID,
+    db: Annotated[AsyncSession, Depends(get_db)],
+    current_user: Annotated[User, Depends(require_account_owner)]
+):
+    """Revoke an existing account invite and create a new one, then email it."""
+    result = await db.execute(
+        select(AccountInvite).where(
+            AccountInvite.id == invite_id,
+            AccountInvite.account_id == current_user.account_id,
+        )
+    )
+    old_invite = result.scalar_one_or_none()
+
+    if not old_invite:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Invite not found"
+        )
+
+    if old_invite.is_used:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="Cannot resend a used invite"
+        )
+
+    # Recalculate expiration from now if the old one had an expiration
+    new_expires_at = None
+    if old_invite.expires_at and old_invite.created_at:
+        original_duration = old_invite.expires_at - old_invite.created_at
+        new_expires_at = datetime.now(timezone.utc) + original_duration
+    elif old_invite.expires_at:
+        new_expires_at = old_invite.expires_at
+
+    # Capture properties before deleting
+    email = old_invite.email
+    role = old_invite.role
+
+    await db.delete(old_invite)
+    await db.flush()
+
+    # Create new invite
+    code = secrets.token_urlsafe(16)
+    new_invite = AccountInvite(
+        account_id=current_user.account_id,
+        invited_by_id=current_user.id,
+        email=email,
+        code=code,
+        role=role,
+        expires_at=new_expires_at,
+    )
+    db.add(new_invite)
+    await db.flush()
+
+    # Get account name for email
+    account_result = await db.execute(
+        select(Account).where(Account.id == current_user.account_id)
+    )
+    account = account_result.scalar_one()
+
+    email_sent = await EmailService.send_account_invite_email(
+        to_email=email,
+        code=code,
+        account_name=account.name,
+        role=role,
+    )
+
+    await log_audit(
+        db, current_user.id, "account_invite.resend", "account_invite", new_invite.id,
+        {
+            "email": email,
+            "role": role,
+            "email_sent": email_sent,
+        },
+    )
+    await db.commit()
+    await db.refresh(new_invite)
+
+    return new_invite
+
+
@router.get("/me/invites", response_model=list[AccountInviteResponse])
 async def list_invites(
    db: Annotated[AsyncSession, Depends(get_db)],