made invite code validation more lax and added numbers

[Hugo0]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
peanut-wallet	Building	Preview	Comment	Oct 19, 2025 10:55pm

💡 Enable Vercel Agent with $100 free credit for automated AI reviews

[coderabbitai]

Walkthrough

Centralizes invite code generation through new utilities (generateInviteCodeSuffix, updated generateInviteCodeLink) and introduces redirect URL validation (getValidRedirectUrl). Updates points page to consume generated invite data from utilities instead of computing locally. Changes Invite import from value to type import.

Changes

Cohort / File(s)	Change Summary
Points page refactoring src/app/(mobile-ui)/points/page.tsx	Refactored to consume invite code and link from generateInviteCodeLink utility. Changed Invite import from value to type import. Updated share button text generation to use the generated inviteLink.
Utility functions expansion src/utils/general.utils.ts	Added generateInviteCodeSuffix to produce deterministic 3-digit suffix (100-999) from hashed username. Added getValidRedirectUrl for redirect URL decoding and sanitization with fallback support. Updated generateInviteCodeLink to incorporate new suffix generator.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Changes involve new utility logic with deterministic hashing and URL sanitization patterns alongside component refactoring. Logic is straightforward but requires verification of hashing determinism and redirect sanitization security considerations.

Possibly related PRs

• #1317: Modifies the points mobile UI page and refactors how invite code/link and sharing logic are produced and consumed.
• #1293: Modifies and extends the same invite-generation utilities (generateInviteCodeLink) and updates components to consume generated invite data.
• #1311: Modifies the same utility file with redirect-sanitization and invite-code/link generation centralization changes.

Suggested labels

enhancement

Suggested reviewers

• jjramirezn

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	❓ Inconclusive	No pull request description was provided by the author. Since the check instructions indicate this is a very lenient check that should pass as long as the description is not completely off-topic, the absence of content cannot be conclusively evaluated as either related or unrelated to the changeset. An empty description provides no information to assess.	Consider adding a brief description to the pull request explaining the refactoring of invite code generation logic and the addition of the deterministic suffix generator. This will help reviewers quickly understand the purpose and scope of the changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "made invite code validation more lax and added numbers" is partially related to the changeset. The PR does add numbers to invite codes through the new generateInviteCodeSuffix function that creates a deterministic 3-digit suffix (100-999). However, the primary changes involve refactoring invite code and link generation logic into reusable utility functions (generateInviteCodeLink, generateInviteCodeSuffix) and extracting a new URL validation utility. The title captures one aspect of the changes (adding numbers) but doesn't reflect the main refactoring work of centralizing this logic into utilities.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/invite-code-change

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[notion-workspace]

UGC invite code

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/utils/general.utils.ts (1)

1336-1347: Add input validation for username parameter.

The function should validate that username is non-empty to avoid edge cases. Additionally, the simple character code summation hash could produce collisions for different usernames (e.g., "ab" and "ba" would have the same hash). While the comment indicates this is "purely cosmetic," consider whether collision handling is needed.

Apply this diff to add validation:

 export const generateInviteCodeSuffix = (username: string): string => {
+    if (!username || username.trim() === '') {
+        throw new Error('Username cannot be empty')
+    }
     const lowerUsername = username.toLowerCase()
     // Create a simple hash from the username
     const hash = lowerUsername.split('').reduce((acc, char) => acc + char.charCodeAt(0), 0)
     // Generate 3 digits between 100-999
     const threeDigits = 100 + (hash % 900)
     return threeDigits.toString()
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80ca917 and 0ab7c63.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• src/app/(mobile-ui)/points/page.tsx (2 hunks)
• src/utils/general.utils.ts (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-08T17:13:13.155Z

Learnt from: Zishan-7
PR: peanutprotocol/peanut-ui#1299
File: src/app/(mobile-ui)/points/page.tsx:41-51
Timestamp: 2025-10-08T17:13:13.155Z
Learning: In `src/app/(mobile-ui)/points/page.tsx`, the icon name "invite-heart" is intentionally used (not "inviter-heart") when displaying who invited the current user, as this is a deliberate design choice despite semantic differences with UserHeader usage.

Applied to files:

• src/app/(mobile-ui)/points/page.tsx

🧬 Code graph analysis (1)

src/app/(mobile-ui)/points/page.tsx (1)

src/utils/general.utils.ts (1)

• generateInviteCodeLink (1349-1354)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Deploy-Preview

🔇 Additional comments (6)

src/utils/general.utils.ts (3)

1332-1334: LGTM: Clear invite message.

The updated share text effectively communicates the app's value proposition.

---

1356-1372: LGTM: Solid security implementation.

The function properly handles URL decoding failures and uses the existing sanitizeRedirectURL function to prevent open redirect vulnerabilities. Good defensive coding with clear fallback behavior.

---

1349-1354: Empty username edge case is handled gracefully—no issues found.

All three call sites consistently use the username ?? '' pattern, and generateInviteCodeSuffix properly handles empty strings without errors. With an empty username, the function generates a valid invite code (e.g., INVITESYOU100), though it lacks the username prefix. This graceful handling resolves the original concern.

src/app/(mobile-ui)/points/page.tsx (3)

14-14: LGTM: Good TypeScript optimization.

Using import type for type-only imports improves tree-shaking and makes the intent clearer.

---

15-15: LGTM: Centralizes invite code generation.

Importing the utility function promotes consistency and maintainability across the codebase.

---

29-30: LGTM: Clean centralized usage.

The destructuring pattern cleanly separates the invite code and link. However, note that the empty string fallback (username ?? '') relies on proper validation in generateInviteCodeSuffix (see my comment in src/utils/general.utils.ts).