refactor!: remove support for third party hackathons #39
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BREAKING CHANGE: Users can no longer create or manage events.
Podium now exclusively supports official Hack Club hackathons.
Backend:
- Add GET /events/official and POST /events/{id}/attend endpoints
- Add ACTIVE_EVENT_SERIES config for controlling selectable events
- Add itch-police validator (replaces Review Factory)
- Add manage_events.py CLI for dev database management
- Add test cleanup endpoint and global teardown for e2e tests
- Remove event create/update/delete endpoints
- Remove Review Factory integration and cached_auto_quality field
Frontend:
- Add EventSelector component for choosing official events
- Add unified validation.ts module
- Add URL hash tracking to wizard for browser navigation
- Add conditional sidebar (hidden until project submitted)
- Rename FlagshipEventWizard → ProjectSubmissionWizard
- Delete event-features system, StartWizard, CreateEvent, AttendEvent
- Delete /events/create and /events/attend routes
- Remove join code UI from admin panel and event pages
Testing:
- Update all e2e tests for new flow (13 passing)
- Add global teardown to clean test data
Fixes:
- Fix reset-migrate.sh to terminate connections before dropping DB
- Fix validation memory leak in wizard
- Fix revalidation after editing failed project
Amp-Thread-ID: https://ampcode.com/threads/T-019bf1e5-1980-70ef-a95a-5c4bd082cc7a
Co-authored-by: Amp <amp@ampcode.com>
- Update architecture.md: remove Review Factory, add Event Series section - Rewrite review-checklist.md for new flow - Update testing.md helper function names - Simplify README for new user flow - Delete obsolete flagship-events.md Amp-Thread-ID: https://ampcode.com/threads/T-019bf2b6-b79e-73fb-a549-a55103558908 Co-authored-by: Amp <amp@ampcode.com>
Backend: - Add slowapi rate limiting (30/min per IP) on /request-login and /verify - Add per-user rate limit key function (get_user_or_ip) for authenticated endpoints - Add SentryUserMiddleware to tag all requests with user email or IP - Enable Sentry performance tracing (traces_sample_rate=1.0) - Handle 429 errors in frontend with user-friendly toast Frontend: - Add asyncClick Svelte action to prevent double-click on async buttons - Migrate login page from manual isLoading to asyncClick + isVerifying - Apply asyncClick to CreateProject, UpdateProjectModal, JoinProject, UpdateUser, and submitVote buttons - Add spam folder reminder to magic link toast messages Docs: - Add docs/rate-limiting.md covering backend limits, asyncClick usage, and Sentry observability Amp-Thread-ID: https://ampcode.com/threads/T-019c349b-02b4-7019-8886-e02cbe8ad7f2 Co-authored-by: Amp <amp@ampcode.com>
- Refactored journey.spec.ts to test all user features through UI, not API - Organizer now joins event via EventSelector (UI) instead of API - Attendee voting now tested through voting page (UI) instead of direct API call - Clarified permission model: organizers manage own projects, not admin-only - Renamed test 2 from 'admin can...' to 'organizer can...' for accuracy - Updated docs/testing.md with current test structure and patterns - Updated docs/review-checklist.md with E2E test coverage indicators - All tests pass (2/2 ✓) API usage now limited to infrastructure: authentication, event/project setup, attendee management. All feature testing exercises backend through actual browser UI interactions. Amp-Thread-ID: https://ampcode.com/threads/T-019c3a1c-edf7-71e9-97e7-0e90c3c7d8b3 Co-authored-by: Amp <amp@ampcode.com>
refactor: make join code optional until fully deleted
- Delete agent-plans/official-events-only.md - Expand event series section in architecture.md - Add docs/new-series-and-theming.md (setup + theming guide) Co-authored-by: Amp <amp@ampcode.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
- Remove auto-removal of users from other events in attend_event - Add required active_event_series config to production (campfire) - Convert is_playable to async to prevent blocking event loop - Add authentication and user-based rate limiting to validate endpoint
slashtechno
force-pushed
the
refactor/remove-support-for-third-party-hackathons
branch
from
f1c9e87 to
b3f9d5e
Compare
Comment on lines
+203
to
+212
| @router.post("/validate") | ||
| @limiter.limit("10/minute", key_func=get_user_or_ip) | ||
| async def validate_project( | ||
| request: Request, | ||
| project_id: Annotated[UUID, Query(description="Project ID to validate")], | ||
| session: Annotated[AsyncSession, Depends(get_session)], | ||
| ) -> CheckStatus: | ||
| """Start an asynchronous project check.""" | ||
| if not settings.review_factory_token: | ||
| raise HTTPException(status_code=500, detail="Review Factory token not set") | ||
|
|
||
| db_project = await session.get(Project, project.id) | ||
| if not db_project: | ||
| user: Annotated[User, Depends(get_current_user)], | ||
| ) -> ValidationResult: | ||
| """Validate a project's demo URL for itch.io browser playability.""" | ||
| project = await session.get(Project, project_id) |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
slashtechno
force-pushed
the
refactor/remove-support-for-third-party-hackathons
branch
from
cc52578 to
4ca9d8f
Compare
- Add waitForLoadState('networkidle') after page navigation to ensure page and network requests fully settle before interacting with wizard
- This prevents race conditions where wizard button is not yet rendered
- Matches pattern already used in permissions tests
Test fixes:
- Remove redundant goto('/') after joining event that caused race conditions
- Wait for wizard button to be visible before clicking instead of reloading page
- After joining event, wizard is already rendered - no need to navigate again
Prop binding fix:
- Make projects prop bindable in ProjectSubmissionWizard so parent sees updates
- Add reactive effect to keep global hasProject state in sync with projects array
- This fixes bug where creating a project didn't update sidebar navigation state
slashtechno
deleted the
refactor/remove-support-for-third-party-hackathons
branch
This was referenced Feb 12, 2026
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request makes several important changes to the project, focusing on simplifying the database schema, improving documentation, and adding rate limiting and enhanced user tracking for authentication endpoints. It also removes legacy deployment workflows and updates configuration. Below are the most significant changes grouped by theme.
Database schema simplification and cleanup:
cached_auto_qualityfield from theProjectmodel and dropped the corresponding column in the database, streamlining project storage. [1] [2] [3]join_codefield in theEventmodel nullable, and updated related migration and model definitions. [1] [2]EventCreatemodel and its imports/exports throughout the codebase. [1] [2] [3] [4] [5]Authentication and rate limiting improvements:
slowapi, applying limits to/request-loginand/verifyendpoints to prevent abuse. [1] [2] [3] [4]Documentation updates:
README.mdto clarify platform purpose, simplify attendee and organizer instructions, and update development setup steps.AGENTS.mdto avoid creating summary documents unless requested by the user.Workflow and configuration changes:
active_event_seriesand removed legacy review factory settings.Admin and project loading improvements:
project.pyfor clarity and removed unused dependencies.These changes collectively streamline the backend, improve reliability and security, and clarify documentation for both users and developers.