feat: Add private links to API #22943

alishaz-polymath · 2025-08-07T05:12:22Z

What does this PR do?

PR summary

Introduced Event Types Private Links API (v2)
- Base path: /v2/event-types/{eventTypeId}/private-links
- Endpoints:
  - POST / — create a private link
  - GET / — list private links for an event type
  - PATCH /{linkId} — update a private link
  - DELETE /{linkId} — delete a private link
New components
- EventTypesPrivateLinksController
- PrivateLinksService, PrivateLinksInputService, PrivateLinksOutputService
- PrivateLinksRepository
- Reused EventTypeOwnershipGuard for ownership checks
Validation and behavior
- CreatePrivateLinkInput:
  - expiresAt: string, format date-time
  - maxUsageCount: integer, min 1, default 1
  - Input service enforces one-of semantics and rejects both being present
- UpdatePrivateLinkInput: supports expiresAt and maxUsageCount updates
- EventTypeOwnershipGuard returns 400 for missing/invalid eventTypeId, 404 when not owned/not found, and 403 if no user

Mandatory Tasks (DO NOT REMOVE)

I have self-reviewed the code (A decent size PR without self-review might be rejected).
I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

This is a V2 endpoint, so you would need to run the V2 API and then proceed with the following:

Auth
- Header: Authorization: Bearer <token> (API key prefixed with cal_ or managed user token)
- Permissions: EVENT_TYPE_READ for GET, EVENT_TYPE_WRITE for POST/PATCH/DELETE
- Ownership: EventTypeOwnershipGuard enforces the event type belongs to the caller
Create
- POST /v2/event-types/{eventTypeId}/private-links
- Body (one-of):
  - { "expiresAt": "2025-12-31T23:59:59.000Z" }
  - { "maxUsageCount": 10 }
- Response: { status: "success", data: TimeBasedPrivateLinkOutput | UsageBasedPrivateLinkOutput }

ℹ If neither expiresAt nor maxUsageCount is provided, it defaults to a one-time private link, so maxUsageCount is taken with the default value of 1

List
- GET /v2/event-types/{eventTypeId}/private-links
- Response: { status: "success", data: Array<TimeBasedPrivateLinkOutput | UsageBasedPrivateLinkOutput> }
Update
- PATCH /v2/event-types/{eventTypeId}/private-links/{linkId}
- Body: any subset of { "expiresAt": "…", "maxUsageCount": 5 }
- Not found: 404 if link doesn’t exist for the event type
- Response: { status: "success", data: TimeBasedPrivateLinkOutput | UsageBasedPrivateLinkOutput }
Delete
- DELETE /v2/event-types/{eventTypeId}/private-links/{linkId}
- Not found: 404 if no record was deleted
- Response: { status: "success", data: { linkId, message } }

Checklist

coderabbitai · 2025-08-07T05:12:29Z

Note

Reviews paused

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Walkthrough

Adds an Event Types Private Links feature across the API and platform packages. Introduces a NestJS module, controller, repository, input/output/core services, an ownership guard, and e2e tests; wires the module into PlatformEndpointsModule. Adds type and DTO definitions (inputs/outputs) and OpenAPI/Swagger schemas for time-based and usage-based private links. Exposes generateHashedLink and isLinkExpired via a new platform library export and updates HashedLinkService with per-event-type CRUD helpers. Adds tsconfig path alias and updates package exports and versions for platform-libraries. Also appends cal_ai_phone_call to multiple workflow action enums.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

feat: cal ai self serve architecture #1 #22919 — Adds the cal_ai_phone_call workflow action across DTO enums (same enum/value addition).
feat: Enhance private link expiration with usage and date limits #22304 — Implements/changes hashed-link utilities, repository and service functionality that overlap with the new private-links API and exports.

✨ Finishing Touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch feat/private-links-api-v2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

vercel · 2025-08-07T05:13:43Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
cal	⬜️ Ignored (Inspect)			Aug 11, 2025 8:35am
cal-eu	⬜️ Ignored (Inspect)			Aug 11, 2025 8:35am

supalarry

Review:

apps/api/v2/src/ee/event-types-private-links/services/private-links-input.service.ts

apps/api/v2/src/ee/event-types-private-links/services/private-links.service.ts

alishaz-polymath · 2025-08-11T02:28:25Z

apps/api/v2/src/ee/event-types-private-links/services/private-links-input.service.ts

+      expiresAt: input.expiresAt,
+      maxUsageCount: input.maxUsageCount,


These are both optional so if the user doesn't send either of these in the body, the default action is that it will create a one-time use private link

Stale

graphite-app · 2025-08-11T07:45:12Z

Graphite Automations

"Add ready-for-e2e label" took an action on this PR • (08/11/25)

1 label was added to this PR based on Keith Williams's automation.

github-actions · 2025-08-11T08:10:49Z

E2E results are ready!

Workflow #71361.2 latest results

* --init * address change requests * adding further changes * address feedback * further changes * further clean-up * clean up * fix module import and others * add guards * remove unnecessary comments * remove unnecessary comments * cleanup * sort coderabbig suggestions * improve check * chore: bump platform libraries --------- Co-authored-by: Lauris Skraucis <lauris.skraucis@gmail.com> Co-authored-by: supalarry <laurisskraucis@gmail.com>

…ice class with DI (#22974) * refactor: convert findQualifiedHostsWithDelegationCredentials to service class with DI - Create QualifiedHostsService class following UserAvailabilityService pattern - Add IQualifiedHostsService interface with prisma and bookingRepo dependencies - Create DI module and container for qualified hosts service - Update filterHostsBySameRoundRobinHost to accept prisma as parameter - Update all usage sites to use the new service: - loadAndValidateUsers.ts - slots/util.ts - test mocks in _post.test.ts - Maintain backward compatibility with original function export - Fix type issues in team properties (rrResetInterval, rrTimestampBasis) Co-Authored-By: morgan@cal.com <morgan@cal.com> * fix: update filterHostsBySameRoundRobinHost test to include prisma parameter - Add missing prisma parameter to all test function calls - Resolves unit test failure caused by function signature change Co-Authored-By: morgan@cal.com <morgan@cal.com> * fix: resolve type issues in FilterHostsService - Import PrismaClient type instead of using unknown - Fix type compatibility for BookingRepository constructor - Update test mocks to use proper BookingRepository type - Ensure all DI dependencies are properly typed Co-Authored-By: morgan@cal.com <morgan@cal.com> * refactor: rename DI files to CamelCase and update imports - Rename all files in packages/lib/di from kebab-case to CamelCase - Update 22 external files with import statements to use new file names - Update internal DI module files with corrected imports - Maintain consistency with TypeScript naming conventions Co-Authored-By: morgan@cal.com <morgan@cal.com> * chore: bump platform libs * chore: bump platform libs * fix: remove obsolete vitest mock after service class refactoring - Remove obsolete mock for old function module - Keep correct mock for new DI container - Resolves CI unit test failures Co-Authored-By: morgan@cal.com <morgan@cal.com> * fix: correct import path for calAIPhone zod-utils module Co-Authored-By: morgan@cal.com <morgan@cal.com> * fix: Booker active booking limit can't be switched off (#23005) * refactor: Get rid of `getServerSideProps` for /getting-started pages (#23003) * refactor * fix type check * fix: Remove Reporting page within Routing Forms (#22990) * fix error in handleNewBooking (#23011) Co-authored-by: CarinaWolli <wollencarina@gmail.com> * Documentation edits made through Mintlify web editor (#23007) Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com> * fix: Contact support button position changed from absolute to fixed (#23002) * feat: Add private links to API (#22943) * --init * address change requests * adding further changes * address feedback * further changes * further clean-up * clean up * fix module import and others * add guards * remove unnecessary comments * remove unnecessary comments * cleanup * sort coderabbig suggestions * improve check * chore: bump platform libraries --------- Co-authored-by: Lauris Skraucis <lauris.skraucis@gmail.com> Co-authored-by: supalarry <laurisskraucis@gmail.com> * chore: release v5.5.15 * chore: bump platform libs * chore: bump platform libs --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: morgan@cal.com <morgan@cal.com> Co-authored-by: Anik Dhabal Babu <81948346+anikdhabal@users.noreply.github.com> Co-authored-by: Benny Joo <sldisek783@gmail.com> Co-authored-by: Sahitya Chandra <sahityajb@gmail.com> Co-authored-by: Carina Wollendorfer <30310907+CarinaWolli@users.noreply.github.com> Co-authored-by: CarinaWolli <wollencarina@gmail.com> Co-authored-by: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com> Co-authored-by: Ayush Kumar <kumarayushkumar@protonmail.com> Co-authored-by: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com> Co-authored-by: Lauris Skraucis <lauris.skraucis@gmail.com> Co-authored-by: supalarry <laurisskraucis@gmail.com> Co-authored-by: emrysal <me@alexvanandel.com>

keithwillcode added core area: core, team members only enterprise area: enterprise, audit log, organisation, SAML, SSO labels Aug 7, 2025

vercel bot deployed to Preview – dev August 7, 2025 05:36 View deployment

This comment was marked as resolved.

Sign in to view

vercel bot deployed to Preview – dev August 7, 2025 12:23 View deployment

vercel bot deployed to Preview – dev August 7, 2025 12:46 View deployment

This comment was marked as resolved.

Sign in to view

vercel bot deployed to Preview – dev August 8, 2025 03:54 View deployment

vercel bot deployed to Preview – dev August 8, 2025 04:26 View deployment

supalarry reviewed Aug 8, 2025

View reviewed changes

apps/api/v2/src/ee/event-types-private-links/services/private-links-input.service.ts Show resolved Hide resolved

apps/api/v2/src/ee/event-types-private-links/services/private-links.service.ts Show resolved Hide resolved

vercel bot deployed to Preview – dev August 8, 2025 17:25 View deployment

alishaz-polymath added 9 commits August 8, 2025 21:41

--init

5cdddd8

address change requests

2323a82

adding further changes

7b00c99

address feedback

049f5a2

further changes

853faf3

further clean-up

28aa86f

clean up

ef89452

fix module import and others

29a95c4

add guards

f5b1a01

alishaz-polymath force-pushed the feat/private-links-api-v2 branch from bdc2a69 to f5b1a01 Compare August 8, 2025 17:59

vercel bot deployed to Preview – dev August 8, 2025 18:19 View deployment

Merge branch 'main' into feat/private-links-api-v2

ece2882

vercel bot deployed to Preview – dev August 11, 2025 02:02 View deployment

alishaz-polymath added 3 commits August 11, 2025 06:30

remove unnecessary comments

527e84f

remove unnecessary comments

955a0e4

cleanup

6911818

alishaz-polymath commented Aug 11, 2025

View reviewed changes

dosubot bot added api area: API, enterprise API, access token, OAuth platform Anything related to our platform plan ✨ feature New feature or request labels Aug 11, 2025

vercel bot deployed to Preview – dev August 11, 2025 02:52 View deployment

This comment was marked as resolved.

Sign in to view

alishaz-polymath and others added 2 commits August 11, 2025 08:57

sort coderabbig suggestions

a0534ab

Merge branch 'main' into feat/private-links-api-v2

07c5f44

This comment was marked as resolved.

Sign in to view

vercel bot deployed to Preview – dev August 11, 2025 05:34 View deployment

improve check

6e02012

vercel bot deployed to Preview – dev August 11, 2025 06:05 View deployment

supalarry and others added 2 commits August 11, 2025 09:35

Merge branch 'main' into feat/private-links-api-v2

cf1b819

chore: bump platform libraries

7551ecb

supalarry approved these changes Aug 11, 2025

View reviewed changes

graphite-app bot added the ready-for-e2e label Aug 11, 2025

alishaz-polymath added the automerge label Aug 11, 2025

alishaz-polymath enabled auto-merge (squash) August 11, 2025 08:12

vercel bot deployed to Preview – dev August 11, 2025 08:19 View deployment

Merge branch 'main' into feat/private-links-api-v2

5b288a5

vercel bot deployed to Preview – dev August 11, 2025 09:55 View deployment

alishaz-polymath merged commit af51df2 into main Aug 11, 2025
59 of 61 checks passed

alishaz-polymath deleted the feat/private-links-api-v2 branch August 11, 2025 11:04

		expiresAt: input.expiresAt,
		maxUsageCount: input.maxUsageCount,

feat: Add private links to API #22943

feat: Add private links to API #22943

Conversation

alishaz-polymath commented Aug 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

PR summary

Mandatory Tasks (DO NOT REMOVE)

How should this be tested?

Checklist

Uh oh!

coderabbitai bot commented Aug 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Estimated code review effort

Possibly related PRs

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

vercel bot commented Aug 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment was marked as resolved.

Uh oh!

This comment was marked as resolved.

Uh oh!

supalarry left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

alishaz-polymath Aug 11, 2025

Choose a reason for hiding this comment

Uh oh!

This comment was marked as resolved.

Uh oh!

This comment was marked as resolved.

Uh oh!

This comment was marked as resolved.

This comment was marked as resolved.

This comment was marked as resolved.

graphite-app bot commented Aug 11, 2025

Graphite Automations

Uh oh!

github-actions bot commented Aug 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

E2E results are ready!

Uh oh!

Uh oh!

Uh oh!

alishaz-polymath commented Aug 7, 2025 •

edited

Loading

coderabbitai bot commented Aug 7, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)

vercel bot commented Aug 7, 2025 •

edited

Loading

github-actions bot commented Aug 11, 2025 •

edited

Loading