internal rsvp

[wgao19]

rough idea

click on "rsvp", do not go to another site, instead:

• ask user to authenticate using github / twitter for RSVP (we need an id to be able to cancel rsvp)
• ask for name + email and tell user we need their contact to check them in at venue
• we save name email handle (maybe with airtable?)
• confirm rsvp for the event, ask if would like to "add to calendar"
• display who's coming by a list of avatars, with current user's avatar on the first (or, a special row saying "im going")
• if a user has RSVPed, display a cancel button beside his/her RSVP
• clicking on cancel button immediately removes the user's avatar / "im going"

[wgao19]

thanks @huijing for sharing this:

• queerjs's event rsvp (check out paris for example) is using exactly the implementation described above 😛
• tech stack: airtable + github auth on a gatsby site
• relevant code: query, component, configuration

with example above, i think this issue is open for implementation

[thchia]

This looks cool - actually it just occured to me that Netlify also has a form feature. But I’m not sure how flexible it is with regards to separating submissions for different events.

Edit: Also I don’t think it will do the deletion. Let’s try airtable then.

[thchia]

I don’t mind taking this!

[wgao19]

@thchia please go ahead 🤘

[thchia]

API Keys & Base ID

If we insert into airtable from client side code, these variables will be exposed meaning that anyone could find them and anyhow insert into our table. Whether this is bad or not is arguable since anyone can navigate to the page and fill out the RSVP form anyway...

However if we want to do some best practise, we could use netlify functions to host the airtable insertion logic and keep these variables hidden. I’m pretty sure for our use case it will be well within the free tier but maybe it’s overkill? FWIW queerJS does the insertion client side.

cc @wgao19

[wgao19]

correct me if im wrong but the worst thing that happens to us is people spam inject and flush our free tier at airtable right 🤔

will people be able to exploit api and get information about our forms? we need to collect participant info because some venues ask for list of visitors, else we should keep them strictly confidential

i think it doesnt hurt us much if people insert (tell us things), but we need to be more cautious what information people tell us that we display or may leak

speaking of this, we may need to also offer a chance to use RK’s profile to indicate that they’re coming but dont want their profile to show up

[thchia]

Yeah, I think it would be better to not expose these details then. I'll work accordingly, and also contact you offline regarding the Netlify setup (since I don't think I have access to the RK Netlify due to free account limits?).

[thchia]

Let's continue tracking future work in #80 and #81