From fe8789af87f7b33e3075f20e870f8eaa4d63e12e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Mon, 23 Jun 2025 14:09:14 +0200
Subject: [PATCH 1/5] Fixed signing out

---
 src/routes/+page.svelte                 |  15 ++-------------
 src/routes/auth/signout/+page.server.ts |   7 +++++++
 src/routes/auth/signout/+page.svelte    |   2 --
 src/routes/auth/signout/+server.ts      |   9 ---------
 src/routes/login/+page.svelte           |   0
 static/qr-code.png                      | Bin 0 -> 1543 bytes
 6 files changed, 9 insertions(+), 24 deletions(-)
 create mode 100644 src/routes/auth/signout/+page.server.ts
 delete mode 100644 src/routes/auth/signout/+server.ts
 delete mode 100644 src/routes/login/+page.svelte
 create mode 100644 static/qr-code.png

diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte
index 0447531..3d640c9 100644
--- a/src/routes/+page.svelte
+++ b/src/routes/+page.svelte
@@ -1,22 +1,11 @@
 <div class="min-h-screen flex flex-col justify-center items-center">
     <!-- SVG QR Code Art on Top -->
     <div class="mb-8">
-        <!-- Simple QR code SVG (static, for illustration) -->
-        <svg width="96" height="96" viewBox="0 0 96 96" fill="none" xmlns="http://www.w3.org/2000/svg">
-            <rect width="96" height="96" rx="16" fill="#F3F4F6"/>
-            <rect x="12" y="12" width="20" height="20" fill="#111827"/>
-            <rect x="64" y="12" width="20" height="20" fill="#111827"/>
-            <rect x="12" y="64" width="20" height="20" fill="#111827"/>
-            <rect x="40" y="40" width="8" height="8" fill="#111827"/>
-            <rect x="56" y="56" width="8" height="8" fill="#111827"/>
-            <rect x="72" y="40" width="8" height="8" fill="#111827"/>
-            <rect x="40" y="72" width="8" height="8" fill="#111827"/>
-        </svg>
+        <img class="w-32 h-auto" src="/qr-code.png" alt="">
     </div>
     <h1 class="text-3xl font-bold text-center mb-2">ESN Scanner App</h1>
     <h2 class="text-lg text-gray-600 text-center mb-8">Make entrance to your events a breeze.</h2>
     <div class="flex space-x-4 w-full justify-center">
-        <a href="/auth/login" class="w-32 py-2 bg-blue-600 text-white rounded text-center hover:bg-blue-700 transition">Login</a>
-        <a href="/auth/signup" class="w-32 py-2 bg-gray-200 text-blue-700 rounded text-center hover:bg-gray-300 transition">Signup</a>
+        <a href="/private/home" class="w-64 py-2 bg-blue-600 text-white rounded-lg text-center hover:bg-blue-700 transition">Get started</a>
     </div>
 </div>
diff --git a/src/routes/auth/signout/+page.server.ts b/src/routes/auth/signout/+page.server.ts
new file mode 100644
index 0000000..56ad767
--- /dev/null
+++ b/src/routes/auth/signout/+page.server.ts
@@ -0,0 +1,7 @@
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ locals }) => {
+    await locals.supabase.auth.signOut();
+    throw redirect(303, '/');
+};
\ No newline at end of file
diff --git a/src/routes/auth/signout/+page.svelte b/src/routes/auth/signout/+page.svelte
index dceffee..38bb23b 100644
--- a/src/routes/auth/signout/+page.svelte
+++ b/src/routes/auth/signout/+page.svelte
@@ -1,10 +1,8 @@
 <script lang="ts">
 import { onMount } from 'svelte';
-import { goto } from '$app/navigation';
 
 onMount(() => {
   localStorage.clear();
-  goto('/');
 });
 </script>
 
diff --git a/src/routes/auth/signout/+server.ts b/src/routes/auth/signout/+server.ts
deleted file mode 100644
index 25340c9..0000000
--- a/src/routes/auth/signout/+server.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-import type { RequestHandler } from './$types';
-import { redirect } from '@sveltejs/kit';
-
-export const GET: RequestHandler = async ({ locals }) => {
-  // If using supabase-js client on the server, you can sign out here
-  if (locals.supabase) {
-    await locals.supabase.auth.signOut();
-  }
-};
diff --git a/src/routes/login/+page.svelte b/src/routes/login/+page.svelte
deleted file mode 100644
index e69de29..0000000
diff --git a/static/qr-code.png b/static/qr-code.png
new file mode 100644
index 0000000000000000000000000000000000000000..9fa23cfbf5fa0ad7d76b770df2fc849bed6009a7
GIT binary patch
literal 1543
zcmeAS@N?(olHy`uVBq!ia0y~yU<5K5893O0R7}x|G$6%N?Bp530R%N1DIGvQXMsm#
zF#`kJ8xUrcE445M3QCr^MwA5Sr<If^7Ns(jmzV2h=4BTrCl;jY<rk&TerF@az`)w#
z>EaktG3V{wz`WaTA`TZ5AGTJe7nUuXyHVb=!Gxo0R~?`Gp65CV21{N@2Xf8t+j?!M
zMCrWeg<s|BEc%kaeBJx$#<Kp_t^amaF&`*pVK_tvid!arCsXcT{npECc3PkPaQm+D
zyxA{bAGT)T5XOt7>%|`I?R#7io4uD$@2AE2&xSkX)@*%Oxi(I&;p^L$I?1@thI{1J
zlpfB$s>{&A2}5r`C@T0rvFO`=^6R<JGO_*N1sU#T{|f%F{o&UN_U#M;YJ||X!-pOE
z&t7kqmz%x*d*1P=*K=Y%*ql!;+H3#NqA&N{LBHysbG5&3|Go34@Urub(MW#ytoY#8
z>%&W5&aB>DectE5+_>ededaSWMttA5;ay2ixz)7)r?)d4kYH>ufT0Z^+Z&hJFKs#h
zDC#R8!zF^DTlOPWp)P1P=ZUSy(wR10*Jt+Kec8w14wJ(y28S6ibmO$~KPxWZbyq9z
zF(O3a(rAnuh4VHCPg|CLYwmN)UGrvESI?}gRhK>fao4q~y%o~`4gP)qz{w~PTkwl>
z!`<hn-u^ps``!BYOWyyFsM%R1Z$H~EK95nshk<1DCL()p>|Rd0^Xg|p?o_GV_;BX<
z^{v;E3-)p@Rz3wxhVS%WT>CwH+wYIJ?r&Yze;zr8;ZaSHVSCtP!}fzu<F3Ey*?zoo
z-sIQ0_Ls7Le63(xZ2Y5ab1j2f?fwe&_zUZ|E}VV2%>LfXzi*F`XVKm@TldB7?X-Wf
z@n=;w?|!-6{db~f$Jg)f5Ba^~u}!}1C!P14Ob1$l5rr1|Xxtm8@7DkS!}V{!&G|!U
z8Kin=6|>Fs#}@b2-8;PB^8DxAqP;I4|9$aq+4tf#TWfeN-YCa2zq31({e69Jx&6KV
zcllNJ#KcU_pUea4bK1B6X4d-<xrZ5%G=XV!!^epU`&f7U1qR~DuUTwqOnq_kOdG!a
zT6{ZG|NM)0&(HffB=o>j-P8R%B{IifN4+jBI0+2w{)1m1Y}4aE@ax<0|EU#ckAJ8t
z@FwV>oc46aA1Bp&KHU1{?q4>0N3b%(owL_Z9yOcOXi-(ebYN{w$%|*}%c|K;|Ms0s
zN6N|D4!1XeGVSe8ryXA3+po6y_VOG1Z@rB9doJ(!d9+Li&wX$PC>xgj-hcVbtUvo-
z9539%8?PU~T%GCeT|R$ir;{&y_V)`h{Aez#ZhvHql-=<cUvSyq(l+G@GxQynod*`$
N44$rjF6*2UngEGdPyGM@

literal 0
HcmV?d00001


From 1760448f73aad2f3acc92c9400a130f5bca4a3ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Mon, 23 Jun 2025 14:18:05 +0200
Subject: [PATCH 2/5] More signout fixes

---
 src/routes/auth/signout/+page.server.ts |  7 -------
 src/routes/auth/signout/+page.svelte    |  9 ---------
 src/routes/auth/signout/+server.ts      | 11 +++++++++++
 3 files changed, 11 insertions(+), 16 deletions(-)
 delete mode 100644 src/routes/auth/signout/+page.server.ts
 delete mode 100644 src/routes/auth/signout/+page.svelte
 create mode 100644 src/routes/auth/signout/+server.ts

diff --git a/src/routes/auth/signout/+page.server.ts b/src/routes/auth/signout/+page.server.ts
deleted file mode 100644
index 56ad767..0000000
--- a/src/routes/auth/signout/+page.server.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-import { redirect } from '@sveltejs/kit';
-import type { PageServerLoad } from './$types';
-
-export const load: PageServerLoad = async ({ locals }) => {
-    await locals.supabase.auth.signOut();
-    throw redirect(303, '/');
-};
\ No newline at end of file
diff --git a/src/routes/auth/signout/+page.svelte b/src/routes/auth/signout/+page.svelte
deleted file mode 100644
index 38bb23b..0000000
--- a/src/routes/auth/signout/+page.svelte
+++ /dev/null
@@ -1,9 +0,0 @@
-<script lang="ts">
-import { onMount } from 'svelte';
-
-onMount(() => {
-  localStorage.clear();
-});
-</script>
-
-<p>Signing out...</p>
diff --git a/src/routes/auth/signout/+server.ts b/src/routes/auth/signout/+server.ts
new file mode 100644
index 0000000..e863937
--- /dev/null
+++ b/src/routes/auth/signout/+server.ts
@@ -0,0 +1,11 @@
+import type { RequestHandler } from './$types';
+export const GET: RequestHandler = async ({ locals}) => {
+    await locals.supabase.auth.signOut();
+
+    const html = `
+        <script>
+            localStorage.clear();
+            location.href = '/';
+        </script>`;
+    return new Response(html, { headers: { 'Content-Type': 'text/html' } });
+};
\ No newline at end of file

From 0a60ea7ffbd2d18597bcdfb18b17c8871d3fc650 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Mon, 23 Jun 2025 14:28:44 +0200
Subject: [PATCH 3/5] Fix validation fo google tokens

---
 src/routes/private/api/gmail/+server.ts | 19 +++++++++++++++++++
 src/routes/private/creator/+page.svelte | 16 ++++++++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/routes/private/api/gmail/+server.ts b/src/routes/private/api/gmail/+server.ts
index aa76b34..83bc247 100644
--- a/src/routes/private/api/gmail/+server.ts
+++ b/src/routes/private/api/gmail/+server.ts
@@ -60,5 +60,24 @@ export const POST: RequestHandler = async ({ request }) => {
 		}
 	}
 
+	/* validate token */
+	if (action === 'validate') {
+		if (!refreshToken) {
+			console.log('No refreshToken provided');
+			return json({ valid: false });
+		}
+		try {
+			console.log('Validating refreshToken:', refreshToken);
+			const oAuth2Client = getOAuthClient();
+			oAuth2Client.setCredentials({ refresh_token: refreshToken });
+			await oAuth2Client.getAccessToken(); // This will throw if invalid
+			console.log('Token is valid');
+			return json({ valid: true });
+		} catch (err) {
+			console.error('Token validation error:', err);
+			return json({ valid: false, error: (err as Error).message });
+		}
+	}
+
 	return new Response('Bad request', { status: 400 });
 };
diff --git a/src/routes/private/creator/+page.svelte b/src/routes/private/creator/+page.svelte
index 42a156a..0489a10 100644
--- a/src/routes/private/creator/+page.svelte
+++ b/src/routes/private/creator/+page.svelte
@@ -9,9 +9,21 @@
 	let subject = '';
 	let body = '';
 
-	onMount(() => {
+	async function validateToken(token: string): Promise<boolean> {
+		if (!token) return false;
+		const res = await fetch('/private/api/gmail', {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({ action: 'validate', refreshToken: token })
+		});
+		if (!res.ok) return false;
+		const data = await res.json();
+		return !!data.valid;
+	}
+
+	onMount(async () => {
 		refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
-		authorized = !!refreshToken;
+		authorized = await validateToken(refreshToken);
 	});
 
 	/* ⇢ redirects straight to Google via server 302 */

From 864c77133e6f5f98ab5d9121472575ef93ec76a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Mon, 23 Jun 2025 14:38:55 +0200
Subject: [PATCH 4/5] remove debugging

---
 src/routes/private/api/gmail/+server.ts | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/routes/private/api/gmail/+server.ts b/src/routes/private/api/gmail/+server.ts
index 83bc247..8cd7ce3 100644
--- a/src/routes/private/api/gmail/+server.ts
+++ b/src/routes/private/api/gmail/+server.ts
@@ -63,18 +63,14 @@ export const POST: RequestHandler = async ({ request }) => {
 	/* validate token */
 	if (action === 'validate') {
 		if (!refreshToken) {
-			console.log('No refreshToken provided');
 			return json({ valid: false });
 		}
 		try {
-			console.log('Validating refreshToken:', refreshToken);
 			const oAuth2Client = getOAuthClient();
 			oAuth2Client.setCredentials({ refresh_token: refreshToken });
 			await oAuth2Client.getAccessToken(); // This will throw if invalid
-			console.log('Token is valid');
 			return json({ valid: true });
 		} catch (err) {
-			console.error('Token validation error:', err);
 			return json({ valid: false, error: (err as Error).message });
 		}
 	}

From 0fdf77a8c37a42ef020d49173edfef857eab80b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Mon, 23 Jun 2025 18:07:23 +0200
Subject: [PATCH 5/5] Creator scaffolding

---
 package-lock.json                             |   9 +-
 package.json                                  |   3 +-
 src/routes/private/creator/+page.server.ts    |  61 +++++++++
 src/routes/private/creator/+page.svelte       | 122 ++++++++----------
 .../creator/steps/StepConnectGoogle.svelte    |  69 ++++++++++
 .../creator/steps/StepCraftEmail.svelte       |   1 +
 .../creator/steps/StepCreateEvent.svelte      |  17 +++
 .../private/creator/steps/StepOverview.svelte |  11 ++
 .../creator/steps/StepUploadFiles.svelte      |  34 +++++
 9 files changed, 260 insertions(+), 67 deletions(-)
 create mode 100644 src/routes/private/creator/+page.server.ts
 create mode 100644 src/routes/private/creator/steps/StepConnectGoogle.svelte
 create mode 100644 src/routes/private/creator/steps/StepCraftEmail.svelte
 create mode 100644 src/routes/private/creator/steps/StepCreateEvent.svelte
 create mode 100644 src/routes/private/creator/steps/StepOverview.svelte
 create mode 100644 src/routes/private/creator/steps/StepUploadFiles.svelte

diff --git a/package-lock.json b/package-lock.json
index 7fe9a7f..7bf4e88 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,8 @@
 				"@supabase/ssr": "^0.6.1",
 				"@supabase/supabase-js": "^2.50.0",
 				"@sveltejs/adapter-node": "^5.2.12",
-				"googleapis": "^150.0.1"
+				"googleapis": "^150.0.1",
+				"papaparse": "^5.5.3"
 			},
 			"devDependencies": {
 				"@sveltejs/kit": "^2.16.0",
@@ -2497,6 +2498,12 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
+		"node_modules/papaparse": {
+			"version": "5.5.3",
+			"resolved": "https://registry.npmjs.org/papaparse/-/papaparse-5.5.3.tgz",
+			"integrity": "sha512-5QvjGxYVjxO59MGU2lHVYpRWBBtKHnlIAcSe1uNFCkkptUh63NFRj0FJQm7nR67puEruUci/ZkjmEFrjCAyP4A==",
+			"license": "MIT"
+		},
 		"node_modules/path-parse": {
 			"version": "1.0.7",
 			"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
diff --git a/package.json b/package.json
index bb5447b..d856c29 100644
--- a/package.json
+++ b/package.json
@@ -32,6 +32,7 @@
 		"@supabase/ssr": "^0.6.1",
 		"@supabase/supabase-js": "^2.50.0",
 		"@sveltejs/adapter-node": "^5.2.12",
-		"googleapis": "^150.0.1"
+		"googleapis": "^150.0.1",
+		"papaparse": "^5.5.3"
 	}
 }
diff --git a/src/routes/private/creator/+page.server.ts b/src/routes/private/creator/+page.server.ts
new file mode 100644
index 0000000..f324d97
--- /dev/null
+++ b/src/routes/private/creator/+page.server.ts
@@ -0,0 +1,61 @@
+import type { Actions } from './$types';
+import { error as kitError } from '@sveltejs/kit';
+import Papa from 'papaparse';
+import { fail } from '@sveltejs/kit';
+
+export async function load({ locals }) {
+    console.log("▶️ fetching events…");
+
+    const { data: events, error } = await locals.supabase
+        .from('events')
+        .select('*')
+        .order('date', { ascending: true });
+
+    if (error) {
+        console.error('❌ supabase error:', error);
+        // optional: throw to render SvelteKit error page
+        throw kitError(500, 'Could not load events');
+    }
+
+    return { events };
+}
+
+export const actions = {
+    create: async (event) => {
+        const formData = await event.request.formData();
+        console.log(Array.from(formData.entries()));
+        console.log('create_event date', formData.get("date"), formData.get("name"), formData.get("description"));
+        let { data: new_event, error } = await event.locals.supabase.rpc("create_event",
+            {
+                "p_name": formData.get('name'),
+                "p_date": formData.get('date'),
+                "p_description": formData.get('description'),
+            });
+        return {
+            new_event,
+            error
+        }
+    },
+    participants: async (event) => {
+        const formData = await event.request.formData();
+        const file = formData.get('participants') as File;
+
+        let csvText = await file.text();
+
+        const { data: parsedRows, errors } = Papa.parse(csvText, {
+            skipEmptyLines: true,
+            header: false
+        });
+
+        // Map each row to an object with keys: name, surname, email
+        const participants = parsedRows.map((row: string[]) => ({
+            name: row[0],
+            surname: row[1],
+            email: row[2]
+        }));
+
+        return {
+            participants,
+        }
+    }
+} satisfies Actions;
\ No newline at end of file
diff --git a/src/routes/private/creator/+page.svelte b/src/routes/private/creator/+page.svelte
index 0489a10..83681d0 100644
--- a/src/routes/private/creator/+page.svelte
+++ b/src/routes/private/creator/+page.svelte
@@ -1,75 +1,67 @@
 <script lang="ts">
-	import { onMount } from 'svelte';
-	import { goto } from '$app/navigation';
+  import StepConnectGoogle from "./steps/StepConnectGoogle.svelte";
+  import StepCraftEmail from "./steps/StepCraftEmail.svelte";
+  import StepCreateEvent from "./steps/StepCreateEvent.svelte";
+  import StepOverview from "./steps/StepOverview.svelte";
+  import StepUploadFiles from "./steps/StepUploadFiles.svelte";
 
-	let authorized = false;
-	let refreshToken = '';
+  let { data, form } = $props();
 
-	let to = '';
-	let subject = '';
-	let body = '';
+  let new_event = $state({});
+  let participants = $state([]);
 
-	async function validateToken(token: string): Promise<boolean> {
-		if (!token) return false;
-		const res = await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({ action: 'validate', refreshToken: token })
-		});
-		if (!res.ok) return false;
-		const data = await res.json();
-		return !!data.valid;
-	}
+  // Update events and participants from the form data
+  $effect( () => {
+    if (form && form.new_event) {
+      new_event = form.new_event;
+    }
+    if (form && form.participants) {
+      participants = form.participants;
+    }
+  });
 
-	onMount(async () => {
-		refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
-		authorized = await validateToken(refreshToken);
-	});
+  // Array of step components in order
+  const steps = [
+    StepConnectGoogle,
+    StepCreateEvent,
+    StepUploadFiles,
+    StepCraftEmail,
+    StepOverview
+  ];
 
-	/* ⇢ redirects straight to Google via server 302 */
-	const connect = () => goto('/private/api/gmail?action=auth');
+  // State variable for current step
+  let step = $state(0);
 
-	async function sendEmail() {
-		const r = await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({
-				action: 'send',
-				to,
-				subject,
-				text: body,
-				refreshToken
-			})
-		});
-		r.ok ? alert('Sent!') : alert(await r.text());
-		to = subject = body = '';
-	}
-
-	async function disconnect() {
-		if (!confirm('Disconnect Google account?')) return;
-		await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({ action: 'revoke', refreshToken })
-		});
-		localStorage.removeItem('gmail_refresh_token');
-		refreshToken = '';
-		authorized = false;
-	}
+  // Helper to go to next/previous step (optional)
+  function nextStep() {
+    if (step < steps.length - 1) step += 1;
+    console.log(step);
+  }
+  function prevStep() {
+    if (step > 0) step -= 1;
+    console.log(step);
+  }
 </script>
 
-{#if !authorized}
-	<section class="space-y-4">
-		<p>You haven’t connected your Google account yet.</p>
-		<button class="btn" on:click={connect}>Connect Google</button>
-	</section>
-{:else}
-	<button class="btn-secondary mb-4" on:click={disconnect}>Disconnect Google</button>
-
-	<form class="space-y-4" on:submit|preventDefault={sendEmail}>
-		<input  class="input w-full" type="email" placeholder="recipient@example.com" bind:value={to} required />
-		<input  class="input w-full" placeholder="Subject" bind:value={subject} required />
-		<textarea class="textarea w-full" rows="6" placeholder="Message" bind:value={body} required />
-		<button class="btn-primary">Send</button>
-	</form>
+<!-- Render the current step component -->
+{#if step == 0}
+  <StepConnectGoogle />
+{:else if step == 1}
+  <StepCreateEvent events={data.events} {new_event} />
+{:else if step == 2}
+  <StepUploadFiles {participants} />
+{:else if step == 3}
+  <StepCraftEmail />
+{:else if step == 4}
+  <StepOverview {new_event} {participants} />
 {/if}
+
+<br />
+
+{step}
+
+<!-- Optional navigation buttons -->
+<button onclick={prevStep} disabled={step === 0}>Previous</button>
+<button onclick={nextStep} disabled={step === steps.length - 1}>Next</button>
+
+
diff --git a/src/routes/private/creator/steps/StepConnectGoogle.svelte b/src/routes/private/creator/steps/StepConnectGoogle.svelte
new file mode 100644
index 0000000..bc663c5
--- /dev/null
+++ b/src/routes/private/creator/steps/StepConnectGoogle.svelte
@@ -0,0 +1,69 @@
+<script lang="ts">
+	import { onMount } from 'svelte';
+	import { goto } from '$app/navigation';
+
+	let refreshToken = '';
+	let authorized = false;
+
+	let to = '';
+	let subject = '';
+	let body = '';
+
+	async function validateToken(token: string): Promise<boolean> {
+		if (!token) return false;
+		const res = await fetch('/private/api/gmail', {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({ action: 'validate', refreshToken: token })
+		});
+		if (!res.ok) return false;
+		const data = await res.json();
+		return !!data.valid;
+	}
+
+	onMount(async () => {
+		console.log("on mount");
+		refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
+		authorized = await validateToken(refreshToken);
+	});
+
+	/* ⇢ redirects straight to Google via server 302 */
+	const connect = () => goto('/private/api/gmail?action=auth');
+
+	async function sendEmail() {
+		const r = await fetch('/private/api/gmail', {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({
+				action: 'send',
+				to,
+				subject,
+				text: body,
+				refreshToken
+			})
+		});
+		r.ok ? alert('Sent!') : alert(await r.text());
+		to = subject = body = '';
+	}
+
+	async function disconnect() {
+		if (!confirm('Disconnect Google account?')) return;
+		await fetch('/private/api/gmail', {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({ action: 'revoke', refreshToken })
+		});
+		localStorage.removeItem('gmail_refresh_token');
+		refreshToken = '';
+		authorized = false;
+	}
+</script>
+
+{#if !authorized}
+	<section class="space-y-4">
+		<p>You haven’t connected your Google account yet.</p>
+		<button class="btn" on:click={connect}>Connect Google</button>
+	</section>
+{:else}
+	Your connection is good, proceed to next step
+{/if}
diff --git a/src/routes/private/creator/steps/StepCraftEmail.svelte b/src/routes/private/creator/steps/StepCraftEmail.svelte
new file mode 100644
index 0000000..6154991
--- /dev/null
+++ b/src/routes/private/creator/steps/StepCraftEmail.svelte
@@ -0,0 +1 @@
+emaillk
\ No newline at end of file
diff --git a/src/routes/private/creator/steps/StepCreateEvent.svelte b/src/routes/private/creator/steps/StepCreateEvent.svelte
new file mode 100644
index 0000000..54ec5d9
--- /dev/null
+++ b/src/routes/private/creator/steps/StepCreateEvent.svelte
@@ -0,0 +1,17 @@
+<script lang="ts">
+	import { enhance } from '$app/forms';
+
+	let { events, new_event } = $props();
+
+</script>
+
+<p class="bg-grey-200">{JSON.stringify(events)}</p>
+
+<form method="POST" action="?/create" use:enhance>
+  <input type="text" name="name" />
+  <input type="date" name="date" />
+  <textarea name="description"></textarea>
+  <button type="submit">Submit</button>
+</form>
+
+<p class="bg-grey-200">{JSON.stringify(new_event)}</p>
\ No newline at end of file
diff --git a/src/routes/private/creator/steps/StepOverview.svelte b/src/routes/private/creator/steps/StepOverview.svelte
new file mode 100644
index 0000000..f961fb8
--- /dev/null
+++ b/src/routes/private/creator/steps/StepOverview.svelte
@@ -0,0 +1,11 @@
+<script lang="ts">
+    let { new_event, participants } = $props();
+</script>
+
+<p>New event:</p>
+{JSON.stringify(new_event)}
+
+
+<br />
+<p>Participants</p>
+{JSON.stringify(participants)}
\ No newline at end of file
diff --git a/src/routes/private/creator/steps/StepUploadFiles.svelte b/src/routes/private/creator/steps/StepUploadFiles.svelte
new file mode 100644
index 0000000..1858ed3
--- /dev/null
+++ b/src/routes/private/creator/steps/StepUploadFiles.svelte
@@ -0,0 +1,34 @@
+<script lang="ts">
+	import { enhance } from '$app/forms';
+
+	let { participants = [] } = $props();
+
+	function removeParticipant(index: number) {
+		participants = participants.slice(0, index).concat(participants.slice(index + 1));
+	}
+</script>
+
+<form method="POST" action="?/participants" use:enhance enctype="multipart/form-data">
+	<input type="file" name="participants" id="participants" accept=".csv" required />
+	<button type="submit"> Submit </button>
+
+</form>
+
+{JSON.stringify(participants)}
+
+{#if participants.length === 0}
+	<p class="text-gray-500">No participants added yet.</p>
+{/if}
+
+{#if participants.length > 0}
+	<ul class="mt-4 space-y-2">
+		{#each participants as p, i}
+			<li class="flex items-center gap-2 border-b pb-1">
+				<span>{p.name} {p.surname} ({p.email})</span>
+				<button class="ml-auto text-red-600 hover:underline" type="button" onclick={() => removeParticipant(i)}>
+					Remove
+				</button>
+			</li>
+		{/each}
+	</ul>
+{/if}