Restructure progress

Reviewed-on: erman/esn-code-scanner-app#9

.env.example

@@ -1,2 +1,7 @@
 PUBLIC_SUPABASE_URL=https://abc.supabase.co
-PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI16C_s
+PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI16C_s
+
+# Google OAuth Configuration
+GOOGLE_CLIENT_ID=your-google-client-id
+GOOGLE_CLIENT_SECRET=your-google-client-secret
+GOOGLE_REDIRECT_URI=http://localhost:5173

.gitea/workflows/release.yml

@@ -5,7 +5,7 @@ on:
     branches:
       - main
   schedule:
-    - cron: "0 22 * * 0" # sunday 22:00
+    - cron: "0 22 1 * *" # First of every month
 
 jobs:
   build:
@@ -48,6 +48,26 @@ jobs:
             org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
             org.opencontainers.image.title=ScanWave
 
+  deploy:
+    needs: build
+    steps:
+      - name: Trigger Komodo Deploy
+        env:
+          URL:  ${{ secrets.KOMODO_URL }}
+          SECRET: ${{ secrets.KOMODO_SECRET }}
+          BODY_FILE: ${{ github.event_path }}
+        run: |
+          SIG="sha256=$(openssl dgst -sha256 -hmac "$SECRET" "$BODY_FILE" | cut -d' ' -f2)"
+          curl -fsSL -X POST "$URL" \
+              -H 'Content-Type: application/json' \
+              -H "X-Hub-Signature-256: $SIG" \
+              -H 'X-GitHub-Event: push' \
+              -H "X-GitHub-Delivery: $GITHUB_RUN_ID.$GITHUB_RUN_NUMBER" \
+              --data @"$BODY_FILE"
+
+  verify:
+    needs: build
+    steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.24.0
         with:

.github/copilot-instructions.md

@@ -0,0 +1,174 @@
+GitHub Copilot Instructions for This Repository
+Use Svelte 5 runes exclusively
+
+Declare reactive state with $state(); derive values with $derived(); run side-effect logic with $effect() etc. 
+svelte.dev
+svelte.dev
+
+Do not fall back to the legacy $: label syntax or Svelte 3/4 stores! This is important!
+
+Enforce a clean component structure
+
+<script> comes first, followed by markup and then an optional <style> (rarely needed—prefer Tailwind).
+
+Export component props with export let … (still valid in Svelte 5).
+
+Keep each component focused on one visual/behavioural concern; split larger UIs into children.
+
+Tailwind-only styling conventions
+
+Base container: rounded-lg border border-gray-300 (or rounded-md on small items).
+
+Absolutely no shadow-* classes.
+
+Use p-4 or p-6 for internal padding, and gap-* utilities (not margin hacks) for spacing between children.
+
+Prefer neutral greys (gray-50‒gray-800) and a single accent palette defined in tailwind.config.js.
+
+HTML & accessibility
+
+Generate semantic elements (<button>, <nav>, <main>, <section>, <label>, etc.).
+
+Every interactive element must have an accessible name (aria-label, visible text, or title).
+
+Do not generate tabindex gymnastics; rely on natural DOM order.
+
+Type safety & tooling
+
+Default to <script lang="ts"> unless the file is explicitly plain JS.
+
+Always import types from @types/svelte or svelte where needed.
+
+File / folder conventions
+
+Component names are PascalCase.svelte.
+
+Collocate tests as ComponentName.test.ts beside the component.
+
+Put shared util functions in src/lib.
+
+Example pattern (reference only)
+
+svelte
+Copy
+Edit
+<!-- copilot: follow the repo instructions above -->
+<script lang="ts">
+  let count = $state(0);
+  let doubled = $derived(count * 2);
+  $effect(() => console.log(`count is ${count}`));
+</script>
+
+<div class="rounded-lg border border-gray-300 p-4 flex flex-col gap-4">
+  <button
+    class="rounded-md px-4 py-2 bg-blue-600 text-white"
+    onclick={() => count++}
+    aria-label="Increment counter"
+  >
+    {count}
+  </button>
+
+  <p>{doubled}</p>
+</div>
+What not to do
+
+No inline style="" attributes.
+
+No external CSS files unless Tailwind cannot express the rule.
+
+No class names that imply design debt (.box, .wrapper, .container-1, etc.).
+
+Avoid non-reactive variables; if a value affects the UI, use a rune.
+
+NEVER $: label syntax; use $state(), $derived(), and $effect().
+
+If you want to use supabse client in the browser, it is stored in the data
+variable obtained from let { data } = $props();
+
+Using `on:click` to listen to the click event is deprecated. Use the event attribute `onclick` instead
+
+onsubmit|preventDefault={handleSubmit} is depracated, do not use it!
+
+Loading session using page.server.ts is not needed as the session is already available in the locals object.
+
+
+IMPORTANT: Always make sure that the client-side module are not importing secrets
+or are running any sensritive code that could expose secrets to the client.
+If any requests are needed to check sensitive infomration, create an api route and
+fetch data from there instead of directly in the client-side module.
+
+The database schema in supabase is as follows:
+-- WARNING: This schema is for context only and is not meant to be run.
+-- Table order and constraints may not be valid for execution.
+
+CREATE TABLE public.events (
+  id uuid NOT NULL DEFAULT gen_random_uuid(),
+  created_at timestamp with time zone NOT NULL DEFAULT now(),
+  created_by uuid DEFAULT auth.uid(),
+  name text,
+  date date,
+  section_id uuid,
+  email_subject text,
+  email_body text,
+  sheet_id text,
+  name_column numeric,
+  surname_column numeric,
+  email_column numeric,
+  confirmation_column numeric,
+  CONSTRAINT events_pkey PRIMARY KEY (id),
+  CONSTRAINT events_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id),
+  CONSTRAINT events_section_id_fkey FOREIGN KEY (section_id) REFERENCES public.sections(id)
+);
+CREATE TABLE public.events_archived (
+  id uuid NOT NULL DEFAULT gen_random_uuid(),
+  created_at timestamp with time zone NOT NULL DEFAULT now(),
+  date date,
+  name text NOT NULL,
+  total_participants numeric,
+  scanned_participants numeric,
+  section_id uuid,
+  CONSTRAINT events_archived_pkey PRIMARY KEY (id),
+  CONSTRAINT events_archived_section_id_fkey FOREIGN KEY (section_id) REFERENCES public.sections(id)
+);
+CREATE TABLE public.participants (
+  id uuid NOT NULL DEFAULT gen_random_uuid(),
+  created_at timestamp with time zone NOT NULL DEFAULT now(),
+  created_by uuid DEFAULT auth.uid(),
+  event uuid,
+  name text,
+  surname text,
+  email text,
+  scanned boolean DEFAULT false,
+  scanned_at timestamp with time zone,
+  scanned_by uuid,
+  section_id uuid,
+  CONSTRAINT participants_pkey PRIMARY KEY (id),
+  CONSTRAINT participants_created_by_fkey FOREIGN KEY (created_by) REFERENCES auth.users(id),
+  CONSTRAINT participants_event_fkey FOREIGN KEY (event) REFERENCES public.events(id),
+  CONSTRAINT participants_scanned_by_fkey FOREIGN KEY (scanned_by) REFERENCES public.profiles(id),
+  CONSTRAINT qrcodes_scanned_by_fkey FOREIGN KEY (scanned_by) REFERENCES auth.users(id),
+  CONSTRAINT qrcodes_section_id_fkey FOREIGN KEY (section_id) REFERENCES public.sections(id)
+);
+CREATE TABLE public.profiles (
+  id uuid NOT NULL,
+  display_name text,
+  created_at timestamp with time zone DEFAULT now(),
+  updated_at timestamp with time zone DEFAULT now(),
+  section_id uuid,
+  section_position USER-DEFINED NOT NULL DEFAULT 'member'::section_posititon,
+  CONSTRAINT profiles_pkey PRIMARY KEY (id),
+  CONSTRAINT profiles_id_fkey FOREIGN KEY (id) REFERENCES auth.users(id),
+  CONSTRAINT profiles_section_id_fkey FOREIGN KEY (section_id) REFERENCES public.sections(id)
+);
+CREATE TABLE public.sections (
+  id uuid NOT NULL DEFAULT gen_random_uuid(),
+  created_at timestamp with time zone NOT NULL DEFAULT now(),
+  name text NOT NULL UNIQUE,
+  CONSTRAINT sections_pkey PRIMARY KEY (id)
+);
+
+An event is created by calling RPC databse function create_event
+by passing the following parameters: 
+- name, date, email_subject, email_body, sheet_id, name_column, surname_column, email_column, confirmation_column
+
+

docker-compose-prod.yml

@@ -9,4 +9,4 @@ services:
       - "traefik.http.routers.scan-wave.tls.certresolver=leresolver"
       - "traefik.http.routers.scan-wave.entrypoints=websecure"
       - "traefik.http.services.scan-wave.loadbalancer.server.port=3000"
-      - "traefik.http.routers.scan-wave.middlewares=hsts"
+      - "traefik.http.routers.scan-wave.middlewares=hsts"

package-lock.json

@@ -26,6 +26,7 @@
 				"prettier": "^3.4.2",
 				"prettier-plugin-svelte": "^3.3.3",
 				"prettier-plugin-tailwindcss": "^0.6.11",
+				"supabase": "^2.30.4",
 				"svelte": "^5.0.0",
 				"svelte-check": "^4.0.0",
 				"tailwindcss": "^4.0.0",
@@ -1515,6 +1516,23 @@
 				"node": "*"
 			}
 		},
+		"node_modules/bin-links": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/bin-links/-/bin-links-5.0.0.tgz",
+			"integrity": "sha512-sdleLVfCjBtgO5cNjA2HVRvWBJAHs4zwenaCPMNJAJU0yNxpzj80IpjOIimkpkr+mhlA+how5poQtt53PygbHA==",
+			"dev": true,
+			"license": "ISC",
+			"dependencies": {
+				"cmd-shim": "^7.0.0",
+				"npm-normalize-package-bin": "^4.0.0",
+				"proc-log": "^5.0.0",
+				"read-cmd-shim": "^5.0.0",
+				"write-file-atomic": "^6.0.0"
+			},
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/buffer-equal-constant-time": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
@@ -1605,6 +1623,16 @@
 				"node": ">=6"
 			}
 		},
+		"node_modules/cmd-shim": {
+			"version": "7.0.0",
+			"resolved": "https://registry.npmjs.org/cmd-shim/-/cmd-shim-7.0.0.tgz",
+			"integrity": "sha512-rtpaCbr164TPPh+zFdkWpCyZuKkjpAzODfaZCf/SVJZzJN+4bHQb/LP3Jzq5/+84um3XXY8r548XiWKSborwVw==",
+			"dev": true,
+			"license": "ISC",
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/color-convert": {
 			"version": "2.0.1",
 			"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -2149,6 +2177,16 @@
 				"node": ">= 14"
 			}
 		},
+		"node_modules/imurmurhash": {
+			"version": "0.1.4",
+			"resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+			"integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==",
+			"dev": true,
+			"license": "MIT",
+			"engines": {
+				"node": ">=0.8.19"
+			}
+		},
 		"node_modules/is-core-module": {
 			"version": "2.16.1",
 			"resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz",
@@ -2643,6 +2681,16 @@
 				"url": "https://opencollective.com/node-fetch"
 			}
 		},
+		"node_modules/npm-normalize-package-bin": {
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-4.0.0.tgz",
+			"integrity": "sha512-TZKxPvItzai9kN9H/TkmCtx/ZN/hvr3vUycjlfmH0ootY9yFBzNOpiXAdIn1Iteqsvk4lQn6B5PTrt+n6h8k/w==",
+			"dev": true,
+			"license": "ISC",
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/object-inspect": {
 			"version": "1.13.4",
 			"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
@@ -2888,6 +2936,16 @@
 				}
 			}
 		},
+		"node_modules/proc-log": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/proc-log/-/proc-log-5.0.0.tgz",
+			"integrity": "sha512-Azwzvl90HaF0aCz1JrDdXQykFakSSNPaPoiZ9fm5qJIMHioDZEi7OAdRwSm6rSoPtY3Qutnm3L7ogmg3dc+wbQ==",
+			"dev": true,
+			"license": "ISC",
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/qrcode": {
 			"version": "1.5.4",
 			"resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz",
@@ -2932,6 +2990,16 @@
 				"quoted-printable": "bin/quoted-printable"
 			}
 		},
+		"node_modules/read-cmd-shim": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-5.0.0.tgz",
+			"integrity": "sha512-SEbJV7tohp3DAAILbEMPXavBjAnMN0tVnh4+9G8ihV4Pq3HYF9h8QNez9zkJ1ILkv9G2BjdzwctznGZXgu/HGw==",
+			"dev": true,
+			"license": "ISC",
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/readdirp": {
 			"version": "4.1.2",
 			"resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
@@ -3136,6 +3204,19 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
+		"node_modules/signal-exit": {
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+			"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+			"dev": true,
+			"license": "ISC",
+			"engines": {
+				"node": ">=14"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/isaacs"
+			}
+		},
 		"node_modules/simple-icons": {
 			"version": "15.3.0",
 			"resolved": "https://registry.npmjs.org/simple-icons/-/simple-icons-15.3.0.tgz",
@@ -3204,6 +3285,26 @@
 				"node": ">=8"
 			}
 		},
+		"node_modules/supabase": {
+			"version": "2.30.4",
+			"resolved": "https://registry.npmjs.org/supabase/-/supabase-2.30.4.tgz",
+			"integrity": "sha512-AOCyd2vmBBMTXbnahiCU0reRNxKS4n5CrPciUF2tcTrQ8dLzl1HwcLfe5DrG8E0QRcKHPDdzprmh/2+y4Ta5MA==",
+			"dev": true,
+			"hasInstallScript": true,
+			"license": "MIT",
+			"dependencies": {
+				"bin-links": "^5.0.0",
+				"https-proxy-agent": "^7.0.2",
+				"node-fetch": "^3.3.2",
+				"tar": "7.4.3"
+			},
+			"bin": {
+				"supabase": "bin/supabase"
+			},
+			"engines": {
+				"npm": ">=8"
+			}
+		},
 		"node_modules/supports-preserve-symlinks-flag": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
@@ -3265,13 +3366,6 @@
 				"typescript": ">=5.0.0"
 			}
 		},
-		"node_modules/svelte-kit": {
-			"version": "1.2.0",
-			"resolved": "https://registry.npmjs.org/svelte-kit/-/svelte-kit-1.2.0.tgz",
-			"integrity": "sha512-RRaOHBhpDv4g2v9tcq8iNw055Pt0MlLps6JVA7/40f4KAbtztXSI4T6MZYbHRirO708urfAAMx6Qow+tQfCHug==",
-			"hasInstallScript": true,
-			"license": "MIT"
-		},
 		"node_modules/tailwindcss": {
 			"version": "4.1.7",
 			"resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.7.tgz",
@@ -3551,6 +3645,20 @@
 				"node": ">=8"
 			}
 		},
+		"node_modules/write-file-atomic": {
+			"version": "6.0.0",
+			"resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-6.0.0.tgz",
+			"integrity": "sha512-GmqrO8WJ1NuzJ2DrziEI2o57jKAVIQNf8a18W3nCYU3H7PNWqCCVTeH6/NQE93CIllIgQS98rrmVkYgTX9fFJQ==",
+			"dev": true,
+			"license": "ISC",
+			"dependencies": {
+				"imurmurhash": "^0.1.4",
+				"signal-exit": "^4.0.1"
+			},
+			"engines": {
+				"node": "^18.17.0 || >=20.5.0"
+			}
+		},
 		"node_modules/ws": {
 			"version": "8.18.2",
 			"resolved": "https://registry.npmjs.org/ws/-/ws-8.18.2.tgz",

package.json

@@ -22,6 +22,7 @@
 		"prettier": "^3.4.2",
 		"prettier-plugin-svelte": "^3.3.3",
 		"prettier-plugin-tailwindcss": "^0.6.11",
+		"supabase": "^2.30.4",
 		"svelte": "^5.0.0",
 		"svelte-check": "^4.0.0",
 		"tailwindcss": "^4.0.0",

src/lib/google.ts

@@ -1,103 +0,0 @@
-import { google } from 'googleapis';
-import { env } from '$env/dynamic/private';
-import quotedPrintable from 'quoted-printable';   //  tiny, zero-dep package
-
-export const scopes = ['https://www.googleapis.com/auth/gmail.send'];
-
-export function getOAuthClient() {
-	return new google.auth.OAuth2(
-		env.GOOGLE_CLIENT_ID,
-		env.GOOGLE_CLIENT_SECRET,
-		env.GOOGLE_REDIRECT_URI
-	);
-}
-
-export function createAuthUrl() {
-	return getOAuthClient().generateAuthUrl({
-		access_type: 'offline',
-		prompt: 'consent',
-		scope: scopes
-	});
-}
-
-export async function exchangeCodeForTokens(code: string) {
-	const { tokens } = await getOAuthClient().getToken(code);
-	if (!tokens.refresh_token) throw new Error('No refresh_token returned');
-	return tokens.refresh_token;
-}
-
-export async function sendGmail(
-	refreshToken: string,
-	{ to, subject, text, qr_code }: { to: string; subject: string; text: string; qr_code: string }
-) {
-	const oauth = getOAuthClient();
-	oauth.setCredentials({ refresh_token: refreshToken });
-
-	const gmail = google.gmail({ version: 'v1', auth: oauth });
-
-	const message_html =
-		`<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <style>
-      @import url('https://fonts.googleapis.com/css2?family=Lato&display=swap');
-    </style>
-  </head>
-  <body style="font-family: 'Lato', sans-serif; background-color: #f9f9f9; padding: 20px; margin: 0;">
-    <div style="max-width: 600px; margin: auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.05);">
-      <p style="white-space: pre-line;font-size: 16px; line-height: 1.5; color: #333;">${text}</p>
-      <img src="cid:qrCode1" alt="QR Code" style="display: block; margin: 20px auto; max-width: 50%; min-width: 200px; height: auto;" />
-      <div style="width: 100%; display: flex; flex-direction: row; justify-content: space-between">
-        <div style="height: 4px; width: 20%; background: #00aeef;"></div>
-        <div style="height: 4px; width: 20%; background: #ec008c;"></div>
-        <div style="height: 4px; width: 20%; background: #7ac143;"></div>
-        <div style="height: 4px; width: 20%; background: #f47b20;"></div>
-        <div style="height: 4px; width: 20%; background: #2e3192;"></div>
-      </div>
-      <div style="font-size: 12px; color: #999; padding-top: 0px; margin-top: 10px; line-height: 1.5; ">
-        <p>This email has been generated with the help of *insert software name*</p>
-      </div>
-    </div>
-  </body>
-</html>`;
-
-
-	const boundary = 'BOUNDARY';
-	const nl = '\r\n';                   // RFC-5322 line ending
-
-	const htmlQP = quotedPrintable.encode(message_html);
-	const qrLines = qr_code.replace(/.{1,76}/g, '$&' + nl);
-
-	const rawParts = [
-		'MIME-Version: 1.0',
-		`To: ${to}`,
-		`Subject: ${subject}`,
-		`Content-Type: multipart/related; boundary="${boundary}"`,
-		'',
-		`--${boundary}`,
-		'Content-Type: text/html; charset="UTF-8"',
-		'Content-Transfer-Encoding: quoted-printable',
-		'',
-		htmlQP,
-		'',
-		`--${boundary}`,
-		'Content-Type: image/png',
-		'Content-Transfer-Encoding: base64',
-		'Content-ID: <qrCode1>',
-		'Content-Disposition: inline; filename="qr.png"',
-		'',
-		qrLines,
-		'',
-		`--${boundary}--`,
-		''
-	];
-
-	const rawMessage = rawParts.join(nl);
-
-	const raw = Buffer.from(rawMessage).toString('base64url');
-
-	await gmail.users.messages.send({
-		userId: 'me',
-		requestBody: { raw }
-	});
-}

src/lib/google/auth/client.ts

@@ -0,0 +1,121 @@
+import { browser } from '$app/environment';
+
+// Client-side only functions
+export const scopes = [
+	'https://www.googleapis.com/auth/gmail.send',
+	'https://www.googleapis.com/auth/userinfo.email',
+	'https://www.googleapis.com/auth/drive.readonly',
+	'https://www.googleapis.com/auth/spreadsheets.readonly'
+];
+
+/**
+ * Initialize Google Auth (placeholder for client-side)
+ */
+export async function initGoogleAuth(): Promise<void> {
+	if (!browser) return;
+	// Google Auth initialization is handled by the OAuth flow
+	// No initialization needed for our server-side approach
+}
+
+/**
+ * Get the Google Auth URL
+ * @returns URL for Google OAuth
+ */
+export function getAuthUrl(): string {
+	if (!browser) return '';
+	// This should be obtained from the server
+	return '/auth/google';
+}
+
+/**
+ * Check if an access token is valid
+ * @param accessToken - Google access token to validate
+ * @returns True if the token is valid
+ */
+export async function isTokenValid(accessToken: string): Promise<boolean> {
+	if (!browser) return false;
+	
+	try {
+		const response = await fetch(`https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=${accessToken}`);
+		const data = await response.json();
+		
+		if (response.ok && data.expires_in && data.expires_in > 0) {
+			return true;
+		}
+		return false;
+	} catch (error) {
+		console.error('Error validating token:', error);
+		return false;
+	}
+}
+
+/**
+ * Refresh an access token using the refresh token
+ * @param refreshToken - Google refresh token
+ * @returns New access token or null if failed
+ */
+export async function refreshAccessToken(refreshToken: string): Promise<string | null> {
+	try {
+		const response = await fetch('/private/api/google/auth/refresh', {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json'
+			},
+			body: JSON.stringify({ refreshToken })
+		});
+		
+		if (response.ok) {
+			const data = await response.json();
+			return data.accessToken;
+		}
+		return null;
+	} catch (error) {
+		console.error('Error refreshing token:', error);
+		return null;
+	}
+}
+
+/**
+ * Get Google user information
+ * @param accessToken - Google access token
+ * @returns User info including email, name, and picture
+ */
+export async function getUserInfo(accessToken: string): Promise<{ email: string; name: string; picture: string } | null> {
+	try {
+		const response = await fetch('/private/api/google/auth/userinfo', {
+			headers: {
+				'Authorization': `Bearer ${accessToken}`
+			}
+		});
+		
+		if (response.ok) {
+			return await response.json();
+		}
+		return null;
+	} catch (error) {
+		console.error('Error fetching user info:', error);
+		return null;
+	}
+}
+
+/**
+ * Revoke a Google access token
+ * @param accessToken - Google access token to revoke
+ * @returns True if revocation was successful
+ */
+export async function revokeToken(accessToken: string): Promise<boolean> {
+	try {
+		const response = await fetch('/private/api/google/auth/revoke', {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json'
+			},
+			body: JSON.stringify({ accessToken })
+		});
+		
+		return response.ok;
+	} catch (error) {
+		console.error('Error revoking token:', error);
+		return false;
+	}
+}

src/lib/google/auth/server.ts

@@ -0,0 +1,58 @@
+import { google } from 'googleapis';
+import { env } from '$env/dynamic/private';
+
+// Define OAuth scopes for the Google APIs we need to access
+export const scopes = [
+	'https://www.googleapis.com/auth/gmail.send',
+	'https://www.googleapis.com/auth/userinfo.email',
+	'https://www.googleapis.com/auth/drive.readonly',
+	'https://www.googleapis.com/auth/spreadsheets.readonly'
+];
+
+/**
+ * Create a new OAuth2 client instance
+ * @returns Google OAuth2 client
+ */
+export function getOAuthClient() {
+	return new google.auth.OAuth2(
+		env.GOOGLE_CLIENT_ID,
+		env.GOOGLE_CLIENT_SECRET,
+		env.GOOGLE_REDIRECT_URI
+	);
+}
+
+/**
+ * Create a authentication URL for OAuth flow
+ * @returns Auth URL for Google OAuth
+ */
+export function createAuthUrl() {
+	console.warn("CREATE AUTH URL");
+	return getOAuthClient().generateAuthUrl({
+		access_type: 'offline',
+		prompt: 'consent',
+		scope: scopes,
+		redirect_uri: env.GOOGLE_REDIRECT_URI
+	});
+}
+
+/**
+ * Exchange the authorization code for access and refresh tokens
+ * @param code - Authorization code from OAuth callback
+ * @returns Access and refresh tokens
+ */
+export async function exchangeCodeForTokens(code: string) {
+	const { tokens } = await getOAuthClient().getToken(code);
+	if (!tokens.refresh_token) throw new Error('No refresh_token returned');
+	return tokens;
+}
+
+/**
+ * Get an authenticated client using a refresh token
+ * @param refreshToken - Refresh token for authentication
+ * @returns Authenticated OAuth2 client
+ */
+export function getAuthenticatedClient(refreshToken: string) {
+	const oauth = getOAuthClient();
+	oauth.setCredentials({ refresh_token: refreshToken });
+	return oauth;
+}

src/lib/google/client.ts

@@ -0,0 +1,13 @@
+/**
+ * Google API integration module
+ * 
+ * This module provides utilities for interacting with Google APIs:
+ * - Authentication (server and client-side)
+ * - Sheets API
+ */
+
+// Google service modules
+export * as googleAuthClient from './auth/client.ts';
+
+export * as googleSheetsClient from './sheets/client.ts';
+

src/lib/google/gmail/server.ts

@@ -0,0 +1,88 @@
+import { google } from 'googleapis';
+import quotedPrintable from 'quoted-printable';
+import { getAuthenticatedClient } from '../auth/server.js';
+
+/**
+ * Create an HTML email template
+ * @param text - Email body text
+ * @returns HTML email template
+ */
+export function createEmailTemplate(text: string): string {
+  return `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <style>
+      @import url('https://fonts.googleapis.com/css2?family=Lato&display=swap');
+    </style>
+  </head>
+  <body style="font-family: 'Lato', sans-serif; background-color: #f9f9f9; padding: 20px; margin: 0;">
+    <div style="max-width: 600px; margin: auto; background: white; padding: 20px; border-radius: 8px;">
+      <p style="white-space: pre-line; font-size: 16px; color: #333;">${text}</p>
+      <img src="cid:qrCode1" alt="QR Code" style="display: block; margin: 20px auto; max-width: 50%; height: auto;" />
+    </div>
+  </body>
+</html>`;
+}
+
+/**
+ * Send an email through Gmail
+ * @param refreshToken - Google refresh token
+ * @param params - Email parameters (to, subject, text, qr_code)
+ */
+export async function sendGmail(
+  refreshToken: string,
+  {
+    to,
+    subject,
+    text,
+    qr_code
+  }: {
+    to: string;
+    subject: string;
+    text: string;
+    qr_code: string;
+  }
+) {
+  const oauth = getAuthenticatedClient(refreshToken);
+  const gmail = google.gmail({ version: 'v1', auth: oauth });
+  
+  const message_html = createEmailTemplate(text);
+  const boundary = 'BOUNDARY';
+  const nl = '\r\n';
+
+  const htmlBuffer = Buffer.from(message_html, 'utf8');
+  const htmlLatin1 = htmlBuffer.toString('latin1');
+  const htmlQP = quotedPrintable.encode(htmlLatin1);
+  const qrLines = qr_code.replace(/.{1,76}/g, '$&' + nl);
+
+  const rawParts = [
+    'MIME-Version: 1.0',
+    `To: ${to}`,
+    `Subject: ${subject}`,
+    `Content-Type: multipart/related; boundary="${boundary}"`,
+    '--' + boundary,
+    'Content-Type: text/html; charset="UTF-8"',
+    'Content-Transfer-Encoding: quoted-printable',
+    '',
+    htmlQP,
+    '',
+    '--' + boundary,
+    'Content-Type: image/png',
+    'Content-Transfer-Encoding: base64',
+    'Content-ID: <qrCode1>',
+    'Content-Disposition: inline; filename="qr.png"',
+    '',
+    qrLines,
+    '',
+    '--' + boundary + '--',
+    ''
+  ];
+  
+  const rawMessage = rawParts.join(nl);
+  const raw = Buffer.from(rawMessage).toString('base64url');
+
+  await gmail.users.messages.send({
+    userId: 'me',
+    requestBody: { raw }
+  });
+}

src/lib/google/server.ts

@@ -0,0 +1,15 @@
+/**
+ * Google API integration module
+ * 
+ * This module provides utilities for interacting with Google APIs:
+ * - Authentication (server and client-side)
+ * - Sheets API
+ * - Gmail API
+ */
+
+// Google service modules
+export * as googleAuthServer from './auth/server.ts';
+
+export * as googleSheetsServer from './sheets/server.ts';
+
+export * as googleGmailServer from './gmail/server.ts';

src/lib/google/sheets/client.ts

@@ -0,0 +1,23 @@
+// Client-side Sheets functions (use fetch to call protected API endpoints)
+
+/**
+ * Fetch recent spreadsheets via protected endpoint
+ */
+export async function getRecentSpreadsheetsClient(refreshToken: string, limit: number = 10) {
+    const response = await fetch(`/private/api/google/sheets/recent?limit=${limit}`, {
+        headers: { Authorization: `Bearer ${refreshToken}` }
+    });
+    if (!response.ok) throw new Error('Failed to fetch recent sheets');
+    return await response.json();
+}
+
+/**
+ * Fetch spreadsheet data via protected endpoint
+ */
+export async function getSpreadsheetDataClient(refreshToken: string, sheetId: string, range: string = 'A1:Z10') {
+    const response = await fetch(`/private/api/google/sheets/${sheetId}/data?range=${encodeURIComponent(range)}`, {
+        headers: { Authorization: `Bearer ${refreshToken}` }
+    });
+    if (!response.ok) throw new Error('Failed to fetch spreadsheet data');
+    return await response.json();
+}

src/lib/google/sheets/server.ts

@@ -0,0 +1,89 @@
+import { google } from 'googleapis';
+import { getAuthenticatedClient } from '../auth/server.js';
+
+export interface GoogleSheet {
+  id: string;
+  name: string;
+  modifiedTime: string;
+  webViewLink: string;
+}
+
+export interface SheetData {
+  values: string[][];
+}
+
+/**
+ * Get a list of recent Google Sheets
+ * @param refreshToken - Google refresh token
+ * @param limit - Maximum number of sheets to return
+ * @returns List of Google Sheets
+ */
+export async function getRecentSpreadsheets(
+  refreshToken: string,
+  limit: number = 10
+): Promise<GoogleSheet[]> {
+  const oauth = getAuthenticatedClient(refreshToken);
+  const drive = google.drive({ version: 'v3', auth: oauth });
+
+  const response = await drive.files.list({
+    q: "mimeType='application/vnd.google-apps.spreadsheet'",
+    orderBy: 'modifiedTime desc',
+    pageSize: limit,
+    fields: 'files(id,name,modifiedTime,webViewLink)'
+  });
+
+  return (
+    response.data.files?.map(file => ({
+      id: file.id!, // eslint-disable-line @typescript-eslint/no-non-null-assertion
+      name: file.name!,
+      modifiedTime: file.modifiedTime!,
+      webViewLink: file.webViewLink!
+    })) || []
+  );
+}
+
+/**
+ * Get data from a Google Sheet
+ * @param refreshToken - Google refresh token
+ * @param spreadsheetId - ID of the spreadsheet
+ * @param range - Cell range to retrieve (default: A1:Z10)
+ * @returns Sheet data as a 2D array
+ */
+export async function getSpreadsheetData(
+  refreshToken: string,
+  spreadsheetId: string,
+  range: string = 'A1:Z10'
+): Promise<SheetData> {
+  const oauth = getAuthenticatedClient(refreshToken);
+  const sheets = google.sheets({ version: 'v4', auth: oauth });
+
+  const response = await sheets.spreadsheets.values.get({
+    spreadsheetId,
+    range
+  });
+
+  return {
+    values: response.data.values || []
+  };
+}
+
+/**
+ * Get metadata about a Google Sheet
+ * @param refreshToken - Google refresh token
+ * @param spreadsheetId - ID of the spreadsheet
+ * @returns Spreadsheet metadata
+ */
+export async function getSpreadsheetInfo(
+  refreshToken: string,
+  spreadsheetId: string
+) {
+  const oauth = getAuthenticatedClient(refreshToken);
+  const sheets = google.sheets({ version: 'v4', auth: oauth });
+
+  const response = await sheets.spreadsheets.get({
+    spreadsheetId,
+    fields: 'properties.title,sheets.properties(title,sheetId)'
+  });
+
+  return response.data;
+}

src/lib/index.ts

@@ -1 +0,0 @@
-// place files you want to import through the `$lib` alias in this folder.

src/lib/types/quoted-printable.d.ts

@@ -0,0 +1,5 @@
+declare module 'quoted-printable' {
+  export function encode(text: string): string;
+  export function decode(text: string): string;
+  export default { encode, decode };
+}

src/routes/api/auth/refresh/+server.ts

@@ -0,0 +1,30 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { getOAuthClient } from '$lib/google/auth/server.js';
+
+export const POST: RequestHandler = async ({ request }) => {
+	try {
+		const { refreshToken } = await request.json();
+		
+		if (!refreshToken) {
+			return json({ error: 'Refresh token is required' }, { status: 400 });
+		}
+
+	const oauth = getOAuthClient();
+		oauth.setCredentials({ refresh_token: refreshToken });
+
+		const { credentials } = await oauth.refreshAccessToken();
+		
+		if (!credentials.access_token) {
+			return json({ error: 'Failed to refresh token' }, { status: 500 });
+		}
+
+		return json({ 
+			accessToken: credentials.access_token,
+			expiresIn: credentials.expiry_date 
+		});
+	} catch (error) {
+		console.error('Error refreshing access token:', error);
+		return json({ error: 'Failed to refresh access token' }, { status: 500 });
+	}
+};

src/routes/api/sheets/[sheetId]/data/+server.ts

@@ -0,0 +1,22 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { sheets } from '$lib/google/index.js';
+
+export const GET: RequestHandler = async ({ params, request }) => {
+	try {
+		const { sheetId } = params;
+		const authHeader = request.headers.get('authorization');
+		
+		if (!authHeader?.startsWith('Bearer ')) {
+			return json({ error: 'Missing or invalid authorization header' }, { status: 401 });
+		}
+
+		const refreshToken = authHeader.slice(7);
+		const sheetData = await sheets.getSpreadsheetData(refreshToken, sheetId, 'A1:Z10');
+
+		return json(sheetData);
+	} catch (error) {
+		console.error('Error fetching spreadsheet data:', error);
+		return json({ error: 'Failed to fetch spreadsheet data' }, { status: 500 });
+	}
+};

src/routes/api/sheets/recent/+server.ts

@@ -0,0 +1,20 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { sheets } from '$lib/google/index.js';
+
+export const GET: RequestHandler = async ({ request }) => {
+	try {
+		const authHeader = request.headers.get('authorization');
+		if (!authHeader?.startsWith('Bearer ')) {
+			return json({ error: 'Missing or invalid authorization header' }, { status: 401 });
+		}
+
+		const refreshToken = authHeader.slice(7);
+		const spreadsheets = await sheets.getRecentSpreadsheets(refreshToken, 20);
+
+		return json(spreadsheets);
+	} catch (error) {
+		console.error('Error fetching recent spreadsheets:', error);
+		return json({ error: 'Failed to fetch spreadsheets' }, { status: 500 });
+	}
+};

src/routes/auth/google/+server.ts

@@ -0,0 +1,8 @@
+import { redirect } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { createAuthUrl } from '$lib/google/auth/server.js';
+
+export const GET: RequestHandler = () => {
+    const authUrl = createAuthUrl();
+    throw redirect(302, authUrl);
+};

src/routes/auth/google/callback/+server.ts

@@ -0,0 +1,110 @@
+import { redirect } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { googleAuthServer } from '$lib/google/server.ts';
+
+export const GET: RequestHandler = async ({ url }) => {
+	try {
+		const code = url.searchParams.get('code');
+		const error = url.searchParams.get('error');
+
+		if (error) {
+			console.error('Google OAuth error:', error);
+			throw redirect(302, '/private/events?error=google_auth_denied');
+		}
+
+		if (!code) {
+			throw redirect(302, '/private/events?error=missing_auth_code');
+		}
+
+		// Exchange code for tokens
+		const oauth = googleAuthServer.getOAuthClient();
+		const { tokens } = await oauth.getToken(code);
+
+		if (!tokens.refresh_token || !tokens.access_token) {
+			throw redirect(302, '/private/events?error=incomplete_tokens');
+		}
+
+		// Create a success page with tokens that closes the popup and communicates with parent
+		const html = `
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Google Authentication Success</title>
+	<style>
+		body {
+			font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+			display: flex;
+			align-items: center;
+			justify-content: center;
+			height: 100vh;
+			margin: 0;
+			background: #f9fafb;
+		}
+		.container {
+			text-align: center;
+			padding: 2rem;
+			background: white;
+			border-radius: 8px;
+			box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
+		}
+		.success {
+			color: #059669;
+			margin-bottom: 1rem;
+		}
+		.loading {
+			color: #6b7280;
+		}
+	</style>
+</head>
+<body>
+	<div class="container">
+		<div class="success">✓ Authentication successful!</div>
+		<div class="loading">Closing window...</div>
+	</div>
+	<script>
+		(function() {
+			try {
+				// Store tokens in the parent window's localStorage
+				if (window.opener && !window.opener.closed) {
+					window.opener.localStorage.setItem('google_access_token', '${tokens.access_token}');
+					window.opener.localStorage.setItem('google_refresh_token', '${tokens.refresh_token}');
+					
+					// Send success message to parent
+					window.opener.postMessage({ 
+						type: 'GOOGLE_AUTH_SUCCESS',
+						tokens: {
+							accessToken: '${tokens.access_token}',
+							refreshToken: '${tokens.refresh_token}'
+						}
+					}, '*');
+					
+					// Close the popup after a short delay to ensure message is received
+					setTimeout(() => {
+						window.close();
+					}, 500);
+				} else {
+					// If no opener, close immediately
+					window.close();
+				}
+			} catch (error) {
+				console.error('Error in auth callback:', error);
+				// Try to close the window anyway
+				setTimeout(() => {
+					window.close();
+				}, 1000);
+			}
+		})();
+	</script>
+</body>
+</html>`;
+
+		return new Response(html, {
+			headers: {
+				'Content-Type': 'text/html'
+			}
+		});
+	} catch (error) {
+		console.error('Error handling Google OAuth callback:', error);
+		throw redirect(302, '/private/events?error=google_auth_failed');
+	}
+};

src/routes/private/api/gmail/+server.ts

@@ -1,79 +0,0 @@
-import type { RequestHandler } from './$types';
-import { json, redirect } from '@sveltejs/kit';
-import {
-	createAuthUrl,
-	exchangeCodeForTokens,
-	sendGmail,
-	getOAuthClient
-} from '$lib/google';
-
-/* ───────────── GET ───────────── */
-export const GET: RequestHandler = async ({ url }) => {
-	/* 1.   /private/api/gmail?action=auth  → 302 to Google */
-	if (url.searchParams.get('action') === 'auth') {
-		throw redirect(302, createAuthUrl());
-	}
-
-	/* 2.   Google callback  /private/api/gmail?code=XXXX */
-	const code = url.searchParams.get('code');
-	if (code) {
-		try {
-			const refreshToken = await exchangeCodeForTokens(code);
-
-			const html = `
-				<script>
-					localStorage.setItem('gmail_refresh_token', ${JSON.stringify(refreshToken)});
-					location = '/private/creator';
-				</script>`;
-			return new Response(html, { headers: { 'Content-Type': 'text/html' } });
-		} catch (err) {
-			return new Response((err as Error).message, { status: 500 });
-		}
-	}
-
-	return new Response('Bad request', { status: 400 });
-};
-
-/* ───────────── POST ───────────── */
-export const POST: RequestHandler = async ({ request }) => {
-	const { action, refreshToken, to, subject, text, qr_code } = await request.json();
-
-	/* send e-mail */
-	if (action === 'send') {
-		if (!refreshToken) return new Response('Missing token', { status: 401 });
-		try {
-			await sendGmail(refreshToken, { to, subject, text, qr_code });
-			return json({ ok: true });
-		} catch (err) {
-			return new Response((err as Error).message, { status: 500 });
-		}
-	}
-
-	/* revoke token */
-	if (action === 'revoke') {
-		if (!refreshToken) return new Response('Missing token', { status: 401 });
-		try {
-			await getOAuthClient().revokeToken(refreshToken);
-			return json({ ok: true });
-		} catch (err) {
-			return new Response((err as Error).message, { status: 500 });
-		}
-	}
-
-	/* validate token */
-	if (action === 'validate') {
-		if (!refreshToken) {
-			return json({ valid: false });
-		}
-		try {
-			const oAuth2Client = getOAuthClient();
-			oAuth2Client.setCredentials({ refresh_token: refreshToken });
-			await oAuth2Client.getAccessToken(); // This will throw if invalid
-			return json({ valid: true });
-		} catch (err) {
-			return json({ valid: false, error: (err as Error).message });
-		}
-	}
-
-	return new Response('Bad request', { status: 400 });
-};

src/routes/private/api/google/README.md

@@ -0,0 +1,47 @@
+# Google API Integration
+
+This directory contains unified endpoints for Google API integration, all protected under the `/private` route to ensure only authenticated users can access them.
+
+## Auth Endpoints
+
+### `/private/api/google/auth/refresh`
+
+- **Method**: POST
+- **Purpose**: Refreshes an access token using a refresh token
+- **Body**: `{ "refreshToken": "your-refresh-token" }`
+- **Response**: `{ "accessToken": "new-access-token", "expiresIn": 3600 }`
+
+### `/private/api/google/auth/userinfo`
+
+- **Method**: GET
+- **Purpose**: Gets information about the authenticated user
+- **Headers**: Authorization: Bearer `access_token`
+- **Response**: `{ "email": "user@example.com", "name": "User Name", "picture": "profile-pic-url" }`
+
+### `/private/api/google/auth/revoke`
+
+- **Method**: POST
+- **Purpose**: Revokes an access token
+- **Body**: `{ "accessToken": "token-to-revoke" }`
+- **Response**: `{ "success": true }`
+
+## Sheets Endpoints
+
+### `/private/api/google/sheets/recent`
+
+- **Method**: GET
+- **Purpose**: Gets a list of recent spreadsheets
+- **Headers**: Authorization: Bearer `refresh_token`
+- **Response**: Array of spreadsheet objects
+
+### `/private/api/google/sheets/[sheetId]/data`
+
+- **Method**: GET
+- **Purpose**: Gets data from a specific spreadsheet
+- **Headers**: Authorization: Bearer `refresh_token`
+- **URL Parameters**: sheetId - The ID of the spreadsheet
+- **Response**: Spreadsheet data including values array
+
+## Client Usage
+
+Use the utility functions in `$lib/google.ts` to interact with these endpoints.

src/routes/private/api/google/auth/refresh/+server.ts

@@ -0,0 +1,30 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { googleAuthServer } from '$lib/google/server.ts';
+
+export const POST: RequestHandler = async ({ request }) => {
+	try {
+		const { refreshToken } = await request.json();
+		
+		if (!refreshToken) {
+			return json({ error: 'Refresh token is required' }, { status: 400 });
+		}
+
+		const oauth = googleAuthServer.getOAuthClient();
+		oauth.setCredentials({ refresh_token: refreshToken });
+
+		const { credentials } = await oauth.refreshAccessToken();
+		
+		if (!credentials.access_token) {
+			return json({ error: 'Failed to refresh token' }, { status: 500 });
+		}
+
+		return json({ 
+			accessToken: credentials.access_token,
+			expiresIn: credentials.expiry_date 
+		});
+	} catch (error) {
+		console.error('Error refreshing access token:', error);
+		return json({ error: 'Failed to refresh access token' }, { status: 500 });
+	}
+};

src/routes/private/api/google/auth/revoke/+server.ts

@@ -0,0 +1,31 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+
+export const POST: RequestHandler = async ({ request }) => {
+	try {
+		const { accessToken } = await request.json();
+		
+		if (!accessToken) {
+			return json({ error: 'Access token is required' }, { status: 400 });
+		}
+
+		// Call Google's token revocation endpoint
+		const response = await fetch(`https://accounts.google.com/o/oauth2/revoke?token=${accessToken}`, {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/x-www-form-urlencoded'
+			}
+		});
+
+		if (response.ok) {
+			return json({ success: true });
+		} else {
+			const error = await response.text();
+			console.error('Error revoking token:', error);
+			return json({ error: 'Failed to revoke token' }, { status: 500 });
+		}
+	} catch (error) {
+		console.error('Error revoking access token:', error);
+		return json({ error: 'Failed to revoke access token' }, { status: 500 });
+	}
+};

src/routes/private/api/google/auth/userinfo/+server.ts

@@ -0,0 +1,33 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { googleAuthServer } from '$lib/google/server.ts';
+import { google } from 'googleapis';
+
+export const GET: RequestHandler = async ({ request }) => {
+	try {
+		const authHeader = request.headers.get('authorization');
+		
+		if (!authHeader?.startsWith('Bearer ')) {
+			return json({ error: 'Missing or invalid authorization header' }, { status: 401 });
+		}
+
+		const accessToken = authHeader.slice(7);
+		
+		// Create OAuth client with the token
+		const oauth = googleAuthServer.getOAuthClient();
+		oauth.setCredentials({ access_token: accessToken });
+		
+		// Call the userinfo endpoint to get user details
+		const oauth2 = google.oauth2({ version: 'v2', auth: oauth });
+		const userInfo = await oauth2.userinfo.get();
+		
+		return json({
+			email: userInfo.data.email,
+			name: userInfo.data.name,
+			picture: userInfo.data.picture
+		});
+	} catch (error) {
+		console.error('Error fetching user info:', error);
+		return json({ error: 'Failed to fetch user info' }, { status: 500 });
+	}
+};

src/routes/private/api/google/sheets/[sheetId]/data/+server.ts

@@ -0,0 +1,22 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { sheets } from '$lib/google/index.js';
+
+export const GET: RequestHandler = async ({ params, request }) => {
+	try {
+		const { sheetId } = params;
+		const authHeader = request.headers.get('authorization');
+		
+		if (!authHeader?.startsWith('Bearer ')) {
+			return json({ error: 'Missing or invalid authorization header' }, { status: 401 });
+		}
+
+		const refreshToken = authHeader.slice(7);
+		const sheetData = await sheets.getSpreadsheetData(refreshToken, sheetId, 'A1:Z10');
+
+		return json(sheetData);
+	} catch (error) {
+		console.error('Error fetching spreadsheet data:', error);
+		return json({ error: 'Failed to fetch spreadsheet data' }, { status: 500 });
+	}
+};

src/routes/private/api/google/sheets/recent/+server.ts

@@ -0,0 +1,20 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { sheets } from '$lib/google/index.js';
+
+export const GET: RequestHandler = async ({ request }) => {
+	try {
+		const authHeader = request.headers.get('authorization');
+		if (!authHeader?.startsWith('Bearer ')) {
+			return json({ error: 'Missing or invalid authorization header' }, { status: 401 });
+		}
+
+		const refreshToken = authHeader.slice(7);
+		const spreadsheets = await sheets.getRecentSpreadsheets(refreshToken, 20);
+
+		return json(spreadsheets);
+	} catch (error) {
+		console.error('Error fetching recent spreadsheets:', error);
+		return json({ error: 'Failed to fetch spreadsheets' }, { status: 500 });
+	}
+};

src/routes/private/creator/+page.server.ts

@@ -1,61 +0,0 @@
-import type { Actions } from './$types';
-import { error as kitError } from '@sveltejs/kit';
-import Papa from 'papaparse';
-import { fail } from '@sveltejs/kit';
-
-export async function load({ locals }) {
-    const { data: events, error } = await locals.supabase
-        .from('events')
-        .select('*')
-        .order('date', { ascending: true });
-
-    if (error) {
-        console.error('❌ supabase error:', error);
-        // optional: throw to render SvelteKit error page
-        throw kitError(500, 'Could not load events');
-    }
-
-    return { events };
-}
-
-export const actions = {
-    create: async (event) => {
-        const formData = await event.request.formData();
-        let { data: new_event, error } = await event.locals.supabase.rpc("create_event",
-            {
-                "p_name": formData.get('name'),
-                "p_date": formData.get('date'),
-                "p_description": formData.get('description'),
-            });
-        return {
-            new_event,
-            error
-        }
-    },
-    participants: async (event) => {
-        const formData = await event.request.formData();
-        const file = formData.get('participants') as File;
-
-        let csvText = await file.text();
-
-        const { data: parsedRows, errors } = Papa.parse<string[]>(csvText, {
-            skipEmptyLines: true,
-            header: false
-        });
-        // Remove the first row (header)
-        if (parsedRows.length > 0) {
-            parsedRows.shift();
-        }
-
-        // Map each row to an object with keys: name, surname, email
-        const participants = parsedRows.map((row: string[]) => ({
-            name: row[0],
-            surname: row[1],
-            email: row[2]
-        }));
-
-        return {
-            participants,
-        }
-    }
-} satisfies Actions;

src/routes/private/creator/+page.svelte

@@ -1,94 +0,0 @@
-<script lang="ts">
-  import StepConnectGoogle from "./steps/StepConnectGoogle.svelte";
-  import StepCraftEmail from "./steps/StepCraftEmail.svelte";
-  import StepCreateEvent from "./steps/StepCreateEvent.svelte";
-  import StepOverview from "./steps/StepOverview.svelte";
-  import StepUploadFiles from "./steps/StepUploadFiles.svelte";
-
-  let { data, form } = $props();
-
-  let event = $state({});
-  let participants = $state([]);
-  let email = $state({'body': '', 'subject': ''});
-  let authorized = $state(false);
-
-  $effect(() => {
-    if (form && form.new_event) {
-      event = form.new_event;
-    }
-    if (form && form.participants) {
-      participants = form.participants;
-    }
-  });
-
-  // Array of step components in order
-  const steps = [
-    StepConnectGoogle,
-    StepCreateEvent,
-    StepUploadFiles,
-    StepCraftEmail,
-    StepOverview
-  ];
-
-  let step: number = $state(0);
-
-  // let stepConditions = $derived([
-  //   authorized,
-  //   !!new_event?.name,
-  //   !!participants?.length,
-  //   !!subject && !!body
-  // ]);
-
-  // for debugging purpouses
-  let stepConditions = [
-    true,
-    true,
-    true,
-    true
-  ];
-
-  function nextStep() {
-    if (step < steps.length - 1) step += 1;
-  }
-  function prevStep() {
-    if (step > 0) step -= 1;
-  }
-</script>
-
-<div class="flex items-center justify-between mb-4 mt-2">
-  <button
-    onclick={prevStep}
-    disabled={step === 0}
-    class="min-w-[100px] py-2 px-4 bg-white border border-gray-300 text-gray-700 rounded hover:bg-gray-50 disabled:opacity-50 disabled:cursor-not-allowed transition"
-  >
-    Previous
-  </button>
-  <span class="flex-1 text-center text-gray-600 font-medium">
-    Step {step + 1} of {steps.length}
-  </span>
-  <button
-    onclick={nextStep}
-    disabled={step === steps.length - 1 || !stepConditions[step]}
-    class="min-w-[100px] py-2 px-4 bg-white border border-gray-300 text-gray-700 rounded hover:bg-gray-50 disabled:opacity-50 disabled:cursor-not-allowed transition"
-  >
-    Next
-  </button>
-</div>
-
-{#if step == 0}
-  <StepConnectGoogle bind:authorized />
-{:else if step == 1}
-  <StepCreateEvent {event} />
-{:else if step == 2}
-  <StepUploadFiles {participants} />
-{:else if step == 3}
-  <StepCraftEmail bind:email />
-{:else if step == 4}
-  <StepOverview
-    {data}
-    {event}
-    {participants}
-    {email}
-    {stepConditions}
-  />
-{/if}

src/routes/private/creator/emailtest/+page.svelte

@@ -1,110 +0,0 @@
-<script lang="ts">
-import { onMount } from 'svelte';
-import { goto } from '$app/navigation';
-
-let to = '';
-let subject = '';
-let body = '';
-let qrcode_b64 = '';
-let loading = false;
-let error = '';
-let success = '';
-let authorized = false;
-let refreshToken = '';
-
-async function validateToken(token: string): Promise<boolean> {
-	if (!token) return false;
-	const res = await fetch('/private/api/gmail', {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		body: JSON.stringify({ action: 'validate', refreshToken: token })
-	});
-	if (!res.ok) return false;
-	const data = await res.json();
-	return !!data.valid;
-}
-
-onMount(async () => {
-	refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
-	authorized = await validateToken(refreshToken);
-});
-
-const connect = () => goto('/private/api/gmail?action=auth');
-
-async function sendTestEmail() {
-	error = '';
-	success = '';
-	loading = true;
-	try {
-		const r = await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({
-				action: 'send',
-				to,
-				subject,
-				text: body,
-				qr_code: qrcode_b64,
-				refreshToken
-			})
-		});
-		if (r.ok) {
-			success = 'Email sent!';
-			to = subject = body = qrcode_b64 = '';
-		} else {
-			error = await r.text();
-		}
-	} catch (e) {
-		error = e.message || 'Unknown error';
-	}
-	loading = false;
-}
-</script>
-
-<div class="max-w-lg mx-auto bg-white border border-gray-300 rounded p-8 mt-8 shadow">
-	<h2 class="text-2xl font-semibold mb-6 text-center">Test Email Sender</h2>
-	{#if !authorized}
-		<div class="mb-4 flex items-center justify-between">
-			<p class="text-gray-700">Google not connected.</p>
-			<button class="btn bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded ml-auto" on:click={connect}>
-				Connect Google
-			</button>
-		</div>
-	{:else}
-		<form on:submit|preventDefault={sendTestEmail} class="space-y-4">
-			<label class="block">
-				<span class="text-gray-700">To</span>
-				<input type="email" class="mt-1 block w-full border border-gray-300 rounded px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200" bind:value={to} required />
-			</label>
-			<label class="block">
-				<span class="text-gray-700">Subject</span>
-				<input type="text" class="mt-1 block w-full border border-gray-300 rounded px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200" bind:value={subject} required />
-			</label>
-			<label class="block">
-				<span class="text-gray-700">Body</span>
-				<textarea class="mt-1 block w-full border border-gray-300 rounded px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200 resize-none" rows="6" bind:value={body} required></textarea>
-			</label>
-			<label class="block">
-				<span class="text-gray-700">QR Code (base64, data:image/png;base64,...)</span>
-				<input type="text" class="mt-1 block w-full border border-gray-300 rounded px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-200 font-mono text-xs" bind:value={qrcode_b64} placeholder="Paste base64 image string here" required />
-			</label>
-			<button type="submit" class="w-full py-2 bg-blue-600 text-white rounded hover:bg-blue-700 transition" disabled={loading}>
-				{#if loading}
-					<svg class="animate-spin h-5 w-5 mr-2 inline-block text-white" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
-						<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
-						<path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8v8z"></path>
-					</svg>
-					Sending...
-				{:else}
-					Send Test Email
-				{/if}
-			</button>
-		</form>
-	{/if}
-	{#if error}
-		<div class="rounded border-l-4 border-red-500 bg-red-100 p-4 text-red-700 mt-4">{error}</div>
-	{/if}
-	{#if success}
-		<div class="rounded border-l-4 border-green-500 bg-green-100 p-4 text-green-700 mt-4">{success}</div>
-	{/if}
-</div>

src/routes/private/creator/finish/+page.svelte

@@ -1,125 +0,0 @@
-<script lang="ts">
-	import { page } from '$app/state';
-	import { onMount } from 'svelte';
-    import QRCode from 'qrcode';
-
-    let { data } = $props();
-	let session_storage_id = page.url.searchParams.get('data');
-	let all_data = {};
-
-	const StepStatus = {
-		Loading: 'loading',
-		Waiting: 'waiting',
-		Success: 'success',
-		Failure: 'failure'
-	} as const;
-	type StepStatus = (typeof StepStatus)[keyof typeof StepStatus];
-	let supabase_status: StepStatus = $state(StepStatus.Waiting);
-	let email_status: StepStatus = $state(StepStatus.Waiting);
-
-	onMount(async () => {
-		if (!session_storage_id) {
-			console.error('No session storage ID provided in the URL');
-			return;
-		}
-		all_data = JSON.parse(sessionStorage.getItem(session_storage_id) || '{}');
-
-		supabase_status = StepStatus.Loading;
-		try {
-			const { result } = await insert_data_supabase(all_data.participants, all_data.event);
-			supabase_status = StepStatus.Success;
-			// Now send emails
-			email_status = StepStatus.Loading;
-			let allSuccess = true;
-			for (const obj of result) {
-				let qr_code = await dataToBase64(obj.id);
-				const payload = {
-					action: 'send',
-					to: obj.email,
-					subject: all_data.email.subject,
-					text: all_data.email.body,
-					qr_code: qr_code,
-					refreshToken: localStorage.getItem('gmail_refresh_token')
-				};
-				const res = await fetch('/private/api/gmail', {
-					method: 'POST',
-					headers: { 'Content-Type': 'application/json' },
-					body: JSON.stringify(payload)
-				});
-				if (!res.ok) {
-					allSuccess = false;
-					console.error('Failed to send email to', obj.email, await res.text());
-				}
-			}
-			email_status = allSuccess ? StepStatus.Success : StepStatus.Failure;
-		} catch (e) {
-			supabase_status = StepStatus.Failure;
-			email_status = StepStatus.Failure;
-			console.error(e);
-		}
-	});
-
-    async function dataToBase64(data: string): Promise<string> {
-        try {
-            const url = await QRCode.toDataURL(data);
-            const parts = url.split(',');
-            const base64 = parts[1];
-            return base64;
-        } catch (err) {
-            console.error(err);
-            return '';
-        }
-    }
-
-	async function insert_data_supabase(participants, event) {
-		const names = participants.map((p) => p.name);
-		const surnames = participants.map((p) => p.surname);
-		const emails = participants.map((p) => p.email);
-		const {
-			data: { user },
-			error: authError
-		} = await data.supabase.auth.getUser();
-		const { data: user_profile, error: profileError } = await data.supabase
-			.from('profiles')
-			.select('*, section:sections (id, name)')
-			.eq('id', user?.id)
-			.single();
-		const { data: result, error: qrCodeError } = await data.supabase.rpc('create_qrcodes_bulk', {
-			p_section_id: user_profile?.section.id,
-			p_event_id: event.id,
-			p_names: names,
-			p_surnames: surnames,
-			p_emails: emails
-		});
-		
-		return { result };
-	}
-</script>
-
-<!-- Creating Database Entries -->
-<div class="mb-4 rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 text-xl font-bold">Creating database entries</h2>
-	{#if supabase_status === StepStatus.Waiting}
-		<span class="text-black-600">Waiting...</span>
-	{:else if supabase_status === StepStatus.Loading}
-		<span class="text-black-600">Creating entries...</span>
-	{:else if supabase_status === StepStatus.Success}
-		<span class="text-green-600">Database entries created successfully.</span>
-	{:else if supabase_status === StepStatus.Failure}
-		<span class="text-red-600">Failed to create database entries.</span>
-	{/if}
-</div>
-
-<!-- Sending Emails -->
-<div class="rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 text-xl font-bold">Sending emails</h2>
-	{#if email_status === StepStatus.Waiting}
-		<span class="text-black-600">Waiting...</span>
-	{:else if email_status === StepStatus.Loading}
-		<span class="text-black-600">Sending emails...</span>
-	{:else if email_status === StepStatus.Success}
-		<span class="text-green-600">Emails sent successfully.</span>
-	{:else if email_status === StepStatus.Failure}
-		<span class="text-red-600">Failed to send emails.</span>
-	{/if}
-</div>

src/routes/private/creator/steps/StepConnectGoogle.svelte

@@ -1,75 +0,0 @@
-<script lang="ts">
-	import { onMount } from 'svelte';
-	import { goto } from '$app/navigation';
-
-	export let authorized = false;
-
-	let refreshToken = '';
-	let loading = true;
-
-	let to = '';
-	let subject = '';
-	let body = '';
-
-	async function validateToken(token: string): Promise<boolean> {
-		if (!token) return false;
-		const res = await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({ action: 'validate', refreshToken: token })
-		});
-		if (!res.ok) return false;
-		const data = await res.json();
-		return !!data.valid;
-	}
-
-	onMount(async () => {
-		refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
-		loading = true;
-		authorized = await validateToken(refreshToken);
-		loading = false;
-	});
-
-	/* ⇢ redirects straight to Google via server 302 */
-	const connect = () => goto('/private/api/gmail?action=auth');
-
-	async function disconnect() {
-		if (!confirm('Disconnect Google account?')) return;
-		await fetch('/private/api/gmail', {
-			method: 'POST',
-			headers: { 'Content-Type': 'application/json' },
-			body: JSON.stringify({ action: 'revoke', refreshToken })
-		});
-		localStorage.removeItem('gmail_refresh_token');
-		refreshToken = '';
-		authorized = false;
-	}
-</script>
-
-<div class="mb-4 rounded border border-gray-300 bg-white p-4">
-	{#if loading}
-		<div class="flex items-center space-x-2">
-			<svg class="animate-spin h-5 w-5 text-gray-500" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
-				<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
-				<path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8v8z"></path>
-			</svg>
-			<span>Checking Google connection...</span>
-		</div>
-	{:else}
-		{#if !authorized}
-			<section class="flex items-center justify-between w-full">
-				<p class="mr-4">You haven’t connected your Google account yet.</p>
-				<button class="btn bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded ml-auto" on:click={connect}>
-					Connect Google
-				</button>
-			</section>
-		{:else}
-			<div class="flex items-center space-x-2 text-green-600">
-				<svg class="h-5 w-5" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24">
-					<path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7" />
-				</svg>
-				<span>Your connection to Google is good, proceed to next step</span>
-			</div>
-		{/if}
-	{/if}
-</div>

src/routes/private/creator/steps/StepCraftEmail.svelte

@@ -1,25 +0,0 @@
-<script lang="ts">
-  export let email: { subject: string, body: string } = { subject: '', body: '' };
-</script>
-
-<form class="flex flex-col space-y-4 bg-white p-8 rounded border border-gray-300 w-full shadow-none">
-  <h2 class="text-2xl font-semibold text-center mb-4">Craft Email</h2>
-  <label class="flex flex-col text-gray-700">
-    Subject
-    <input
-      type="text"
-      bind:value={email.subject}
-      class="mt-1 px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-200"
-      required
-    />
-  </label>
-  <label class="flex flex-col text-gray-700">
-    Body
-    <textarea
-      bind:value={email.body}
-      class="mt-1 px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-200 resize-none"
-      rows="6"
-      required
-    ></textarea>
-  </label>
-</form>

src/routes/private/creator/steps/StepCreateEvent.svelte

@@ -1,71 +0,0 @@
-<script lang="ts">
-	import { enhance } from '$app/forms';
-
-	let { event } = $props();
-	let loading = $state(false);
-
-	function handleEnhance() {
-		loading = true;
-
-		return async ({ update }) => {
-			await update();
-			loading = false;
-		};
-	}
-</script>
-
-
-<form method="POST" action="?/create" use:enhance={handleEnhance} class="flex flex-col space-y-4 bg-white p-8 rounded border border-gray-300 w-full shadow-none">
-  <h2 class="text-2xl font-semibold text-center mb-4">Create Event</h2>
-  <label class="flex flex-col text-gray-700">
-    Name
-    <input
-      type="text"
-      name="name"
-      class="mt-1 px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-200"
-      required
-    />
-  </label>
-  <label class="flex flex-col text-gray-700">
-    Date
-    <input
-      type="date"
-      name="date"
-      class="mt-1 px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-200"
-      required
-    />
-  </label>
-  <label class="flex flex-col text-gray-700">
-    Description
-    <textarea
-      name="description"
-      class="mt-1 px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-200 resize-none"
-      rows="3"
-      required
-    ></textarea>
-  </label>
-  <button
-    type="submit"
-    class="w-full py-2 bg-blue-600 text-white rounded hover:bg-blue-700 transition"
-  >
-    Submit
-  </button>
-</form>
-
-{#if Object.keys(event).length === 0}
-  <div class="mt-4 rounded border-l-4 border-gray-500 bg-gray-100 p-4 text-gray-700">
-    {#if loading}
-      <strong>Loading...</strong>
-    {:else}
-      <strong>No event created yet...</strong>
-    {/if}
-  </div>
-{:else}
-  <div class="rounded border-l-4 border-green-500 bg-green-100 p-4 text-green-700 mt-4">
-    <ol>
-      <li><strong>{event.name}</strong></li>
-      <li>{event.date}</li>
-      <li>{event.description}</li>
-    </ol>
-  </div>
-{/if}

src/routes/private/creator/steps/StepFinal.svelte

@@ -1,59 +0,0 @@
-<script lang="ts">
-    import QRCode from 'qrcode';
-
-	const StepState = {
-		Waiting: 'waiting',
-		Processing: 'processing',
-		FinishedSuccess: 'finished_success',
-		FinishedFail: 'finished_fail'
-	};
-
-	let qr_codes_state = $state(StepState.Processing);
-	let emails_state = $state(StepState.FinishedSuccess);
-
-	// Inserts all participants into the database and returns their assigned IDs.
-	async function insert_data_supabase(data, participants, new_event) {
-		const names = participants.map((p) => p.name);
-		const surnames = participants.map((p) => p.surname);
-		const emails = participants.map((p) => p.email);
-		const {
-			data: { user },
-			error: authError
-		} = await data.supabase.auth.getUser();
-		const { data: user_profile, error: profileError } = await data.supabase
-			.from('profiles')
-			.select('*, section:sections (id, name)')
-			.eq('id', user?.id)
-			.single();
-		const { data: result, error: qrCodeError } = await data.supabase.rpc('create_qrcodes_bulk', {
-			p_section_id: user_profile?.section.id,
-			p_event_id: new_event.id,
-			p_names: names,
-			p_surnames: surnames,
-			p_emails: emails
-		});
-
-		return { result };
-	}
-
-    // Creates a base64 interpretation of the ticket ID
-	function createB64QRCode(data) {
-		QRCode.toDataURL('I am a pony!')
-            .then((url) => {
-                const parts = url.split(',');
-                return { base64data: parts[1] };
-			})
-			.catch((err) => {
-				console.error(err);
-			});
-	}
-
-    function sendEmail(email, subject, body, qr_code_base64) {
-        // Here you would implement the logic to send the email.
-        // This is a placeholder function.
-        console.log(`Sending email to ${email} with subject "${subject}" and body "${body}"`);
-        console.log(`QR Code Base64: ${qr_code_base64}`);
-    }
-</script>
-
-Pl

src/routes/private/creator/steps/StepOverview.svelte

@@ -1,78 +0,0 @@
-<script lang="ts">
-	import { goto } from '$app/navigation';
-	
-	let { data, event, participants, email, stepConditions } = $props();
-
-	function redirectToFinish() {
-		// Generate a random variable name
-		const varName = 'event_' + Math.random().toString(36).substr(2, 9);
-		// Save the data to sessionStorage
-		sessionStorage.setItem(
-			varName,
-			JSON.stringify({ event, participants, email })
-		);
-		// Redirect with the variable name as a query parameter
-		goto(`/private/creator/finish?data=${encodeURIComponent(varName)}`);
-	}
-
-</script>
-
-<!-- New Event Overview -->
-<div class="mb-4 rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 text-xl font-bold">Event Overview</h2>
-	<ul class="space-y-1">
-		<li><span class="font-semibold">Name:</span> {event.name}</li>
-		<li><span class="font-semibold">Date:</span> {event.date}</li>
-		<li><span class="font-semibold">Description:</span> {event.description}</li>
-	</ul>
-</div>
-
-<!-- Email Overview -->
-<div class="mb-4 rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 text-xl font-bold">Email Preview</h2>
-	<div class="mb-2"><span class="font-semibold">Subject:</span> {email.subject}</div>
-	<div class="rounded border bg-gray-50 p-2 whitespace-pre-line text-gray-700">
-		<span class="font-semibold"></span>
-		<div>{email.body}</div>
-	</div>
-</div>
-
-<!-- Participants Overview -->
-<div class="rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 text-xl font-bold">Participants ({participants.length})</h2>
-	<ul class="space-y-1">
-		{#each participants.slice(0, 10) as p}
-			<li class="flex items-center gap-2 border-b pb-1 last:border-b-0">
-				<span class="font-semibold">{p.name} {p.surname}</span>
-				<span class="flex-1"></span>
-				<span class="text-right font-mono text-xs text-gray-600">{p.email}</span>
-			</li>
-		{/each}
-	</ul>
-	<p class="mt-2 text-sm text-gray-500">Note: Only the first 10 participants are shown.</p>
-</div>
-
-<button
-	onclick={redirectToFinish}
-	class="mt-4 w-full rounded bg-blue-600 px-4 py-3 font-bold text-white
-	transition-colors duration-200 hover:bg-blue-700
-	disabled:cursor-not-allowed disabled:bg-gray-300 disabled:text-gray-500"
-	disabled={!stepConditions.every(Boolean)}
->
-	Generate QR codes and send
-</button>
-
-<div class="mt-2 space-y-1">
-	{#if !stepConditions[0]}
-		<p class="text-sm text-red-500">Please provide an event name before proceeding.</p>
-	{/if}
-	{#if !stepConditions[1]}
-		<p class="text-sm text-red-500">Please add at least one participant before proceeding.</p>
-	{/if}
-	{#if !stepConditions[2]}
-		<p class="text-sm text-red-500">Please provide an email subject before proceeding.</p>
-	{/if}
-	{#if !stepConditions[3]}
-		<p class="text-sm text-red-500">Please provide an email body before proceeding.</p>
-	{/if}
-</div>

src/routes/private/creator/steps/StepUploadFiles.svelte

@@ -1,65 +0,0 @@
-<script lang="ts">
-	import { enhance } from '$app/forms';
-
-	let { participants = [] } = $props();
-	let loading = $state(false);
-
-	function handleEnhance() {
-		loading = true;
-
-		return async ({ update }) => {
-			await update();
-			loading = false;
-		};
-	}
-</script>
-
-<form
-	method="POST"
-	action="?/participants"
-	use:enhance={handleEnhance}
-	enctype="multipart/form-data"
-	class="flex w-full flex-col space-y-4 rounded border border-gray-300 bg-white p-8 shadow-none"
->
-	<h2 class="mb-4 text-center text-2xl font-semibold">Upload Participants</h2>
-	<label class="flex flex-col text-gray-700">
-		CSV File
-		<input
-			type="file"
-			name="participants"
-			id="participants"
-			accept=".csv"
-			class="mt-1 rounded border border-gray-300 px-3 py-2 focus:ring-2 focus:ring-blue-200 focus:outline-none"
-			required
-		/>
-	</label>
-	<button
-		type="submit"
-		class="w-full rounded bg-blue-600 py-2 text-white transition hover:bg-blue-700"
-	>
-		Submit
-	</button>
-</form>
-
-{#if participants.length === 0}
-	<div class="mt-4 rounded border-l-4 border-gray-500 bg-gray-100 p-4 text-gray-700">
-		{#if loading}
-			<strong>Loading...</strong>
-		{:else}
-			<strong>No participants yet...</strong>
-		{/if}
-	</div>
-{:else}
-	<div class="mt-4 rounded border-l-4 border-green-500 bg-green-50 p-4 text-green-700">
-		<ul class="space-y-2">
-			{#each participants as p, i}
-				<li class="flex items-center justify-between border-b pb-1">
-					<div>
-						<div class="font-semibold">{p.name} {p.surname}</div>
-						<div class="font-mono text-xs text-gray-600">{p.email}</div>
-					</div>
-				</li>
-			{/each}
-		</ul>
-	</div>
-{/if}

src/routes/private/events/+page.server.ts

@@ -1,7 +0,0 @@
-export async function load({ locals }) {
-    const { data: events, error } = await locals.supabase
-        .from('events')
-        .select('*')
-        .order('date', { ascending: false });
-    return { events };
-}

src/routes/private/events/SingleEvent.svelte

@@ -0,0 +1,19 @@
+<script lang="ts">
+    const { id, name, date, archived = false } = $props();
+</script>
+
+<a
+    href={archived ? `/private/events/archived?id=${id}` : `/private/events/event?id=${id}`}
+    class="block border border-gray-300 rounded bg-white p-4 shadow-none transition cursor-pointer hover:border-blue-500 group min-h-[72px] h-full w-full"
+    aria-label={archived ? `View archived event ${name}` : `View event ${name}`}
+>
+    <div class="flex flex-col gap-1">
+        <span class="font-semibold text-lg text-black-700 group-hover:underline flex items-center gap-2">
+            {#if archived}
+                <svg class="inline w-5 h-5 text-gray-400" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24" aria-hidden="true"><rect x="4" y="8" width="16" height="10" rx="2" stroke="currentColor" stroke-width="2" fill="none"/><path d="M8 8V6a4 4 0 1 1 8 0v2" stroke="currentColor" stroke-width="2" fill="none"/></svg>
+            {/if}
+            {name}
+        </span>
+        <span class="text-gray-500 text-sm">{date}</span>
+    </div>
+</a>

src/routes/private/events/archived/+page.svelte

@@ -0,0 +1,77 @@
+<script lang="ts">
+	import { onMount } from 'svelte';
+    import { page } from '$app/state';
+
+	let { data } = $props();
+
+	let event_data = $state();
+	let loading = $state(true);
+
+	onMount(async () => {
+		const event_id = page.url.searchParams.get('id');
+        
+		if (!event_id) {
+			loading = false;
+			return;
+		}
+
+		const { data: event } = await data.supabase
+			.from('events_archived')
+			.select('*')
+			.eq('id', event_id)
+			.single();
+
+		event_data = event;
+		loading = false;
+	});
+</script>
+
+<h1 class="mt-2 mb-4 text-center text-2xl font-bold">Archived Event Overview</h1>
+
+<div class="mb-2 rounded border border-gray-300 bg-white p-4">
+	<div class="flex flex-col gap-1">
+		{#if loading}
+			<div class="h-6 w-40 bg-gray-200 rounded animate-pulse mb-2"></div>
+			<div class="h-4 w-24 bg-gray-100 rounded animate-pulse"></div>
+		{:else}
+			<span class="text-black-700 text-lg font-semibold">{event_data?.name}</span>
+			<span class="text-black-500 text-sm">{event_data?.date}</span>
+		{/if}
+	</div>
+</div>
+
+<div class="mb-2 flex items-center rounded border border-gray-300 bg-white p-4">
+    <div class="flex flex-1 items-center justify-center gap-2">
+        <svg
+            class="inline h-4 w-4 text-blue-600"
+            fill="none"
+            stroke="currentColor"
+            stroke-width="2"
+            viewBox="0 0 24 24"
+        >
+            <circle cx="12" cy="12" r="10" stroke="currentColor" stroke-width="2" fill="none" />
+        </svg>
+        {#if loading}
+            <div class="h-4 w-20 bg-gray-200 rounded animate-pulse"></div>
+        {:else}
+            <span class="text-sm text-gray-700">Total participants ({event_data?.total_participants})</span>
+        {/if}
+    </div>
+    <div class="mx-4 h-8 w-px bg-gray-300"></div>
+    <div class="flex flex-1 items-center justify-center gap-2">
+        <svg
+            class="inline h-4 w-4 text-green-600"
+            fill="none"
+            stroke="currentColor"
+            stroke-width="2"
+            viewBox="0 0 24 24"
+        >
+            <path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7" />
+        </svg>
+        {#if loading}
+            <div class="h-4 w-28 bg-gray-200 rounded animate-pulse"></div>
+        {:else}
+            <span class="text-sm text-gray-700">Scanned participants ({event_data?.scanned_participants})</span>
+        {/if}
+    </div>
+</div>

src/routes/private/events/event/+page.server.ts

@@ -1,13 +0,0 @@
-export async function load({ locals, url }) {
-    const event_id = url.searchParams.get('id');
-    const { data: event_data, error: eventError } = await locals.supabase
-        .from('events')
-        .select('*')
-        .eq('id', event_id)
-        .single()
-    const { data: participants, error: participantsError } = await locals.supabase
-        .from('participants')
-        .select('*, scanned_by:profiles (id, display_name)')
-        .eq('event', event_id)
-    return {event_data, participants};
-}

src/routes/private/events/event/+page.svelte

@@ -1,95 +0,0 @@
-<script lang="ts">
-	let { data } = $props();
-
-	const scannedCount = data.participants.filter((p) => p.scanned).length;
-	const notScannedCount = data.participants.length - scannedCount;
-
-</script>
-
-<h1 class="mt-2 mb-4 text-center text-2xl font-bold">Event Overview</h1>
-
-<div class="mb-2 rounded border border-gray-300 bg-white p-4">
-	<div class="flex flex-col gap-1">
-		<span class="text-black-700 text-lg font-semibold">{data.event_data.name}</span>
-		<span class="text-black-500 text-sm">{data.event_data.date}</span>
-	</div>
-</div>
-
-<div class="mb-2 flex items-center rounded border border-gray-300 bg-white p-4">
-	<div class="flex flex-1 items-center justify-center gap-2">
-		<svg
-			class="inline h-4 w-4 text-green-600"
-			fill="none"
-			stroke="currentColor"
-			stroke-width="2"
-			viewBox="0 0 24 24"
-		>
-			<path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7" />
-		</svg>
-		<span class="text-sm text-gray-700">Scanned ({scannedCount})</span>
-	</div>
-	<div class="mx-4 h-8 w-px bg-gray-300"></div>
-	<div class="flex flex-1 items-center justify-center gap-2">
-		<svg
-			class="inline h-4 w-4 text-red-600"
-			fill="none"
-			stroke="currentColor"
-			stroke-width="2"
-			viewBox="0 0 24 24"
-		>
-			<circle cx="12" cy="12" r="10" stroke="currentColor" stroke-width="2" fill="none" />
-			<line x1="8" y1="8" x2="16" y2="16" stroke="currentColor" stroke-width="2" />
-			<line x1="16" y1="8" x2="8" y2="16" stroke="currentColor" stroke-width="2" />
-		</svg>
-		<span class="text-sm text-gray-700">Not scanned ({notScannedCount})</span>
-	</div>
-</div>
-
-<div class="rounded border border-gray-300 bg-white p-4">
-	<h2 class="mb-2 rounded text-xl font-bold">Participants ({data.participants.length})</h2>
-	<ul class="space-y-1">
-		{#each data.participants as p}
-			<li class="flex items-center gap-2 border-b pb-1 last:border-b-0">
-				{#if p.scanned}
-					<svg
-						title="Scanned"
-						class="mr-2 inline h-4 w-4 text-green-600"
-						fill="none"
-						stroke="currentColor"
-						stroke-width="2"
-						viewBox="0 0 24 24"
-					>
-						<path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7" />
-					</svg>
-				{:else}
-					<svg
-						title="Not scanned"
-						class="mr-2 inline h-4 w-4 text-red-600"
-						fill="none"
-						stroke="currentColor"
-						stroke-width="2"
-						viewBox="0 0 24 24"
-					>
-						<circle cx="12" cy="12" r="10" stroke="currentColor" stroke-width="2" fill="none" />
-						<line x1="8" y1="8" x2="16" y2="16" stroke="currentColor" stroke-width="2" />
-						<line x1="16" y1="8" x2="8" y2="16" stroke="currentColor" stroke-width="2" />
-					</svg>
-				{/if}
-				<span class="font-semibold">{p.name} {p.surname}</span>
-				<span class="flex-1"></span>
-				{#if p.scanned_by}
-					<div class="flex flex-row items-end ml-2">
-						<span class="mr-1 text-xs text-gray-500">
-							{new Date(p.scanned_at).toLocaleTimeString([], {
-								hour: '2-digit',
-								minute: '2-digit',
-								hour12: false
-							})}
-						</span>
-						<span class="text-xs text-gray-500">by {p.scanned_by.display_name}</span>
-					</div>
-				{/if}
-			</li>
-		{/each}
-	</ul>
-</div>

src/routes/private/events/event/new/+page.svelte

@@ -0,0 +1,432 @@
+<script lang="ts">
+	import { onMount } from 'svelte';
+	import { isTokenValid, getUserInfo, revokeToken } from '$lib/google/auth/client.js';
+	import type { GoogleSheet } from '$lib/google/sheets/client.js';
+	import { goto } from '$app/navigation';
+	
+	// Import Components
+	import GoogleAuthStep from './components/GoogleAuthStep.svelte';
+	import EventDetailsStep from './components/EventDetailsStep.svelte';
+	import GoogleSheetsStep from './components/GoogleSheetsStep.svelte';
+	import EmailSettingsStep from './components/EmailSettingsStep.svelte';
+	import StepNavigator from './components/StepNavigator.svelte';
+	import StepNavigation from './components/StepNavigation.svelte';
+
+	let { data } = $props();
+
+	// Step management
+	let currentStep = $state(0); // Start at step 0 for Google auth check
+	const totalSteps = 4; // Increased to include auth step
+
+	// Step 0: Google Auth
+	let authData = $state({
+		isConnected: false,
+		checking: true,
+		connecting: false,
+		showCancelOption: false,
+		token: null as string | null,
+		error: null as string | null,
+		userEmail: null as string | null
+	});
+
+	// Step 1: Event Details
+	let eventData = $state({
+		name: '',
+		date: ''
+	});
+
+	// Step 2: Google Sheets
+	let sheetsData = $state({
+		availableSheets: [] as GoogleSheet[],
+		selectedSheet: null as GoogleSheet | null,
+		sheetData: [] as string[][],
+		columnMapping: {
+			name: 0,  // Initialize to 0 (no column selected)
+			surname: 0,
+			email: 0,
+			confirmation: 0
+		},
+		loading: false,
+		expandedSheetList: true // Add this flag to control sheet list expansion
+	});
+
+	// Step 3: Email
+	let emailData = $state({
+		subject: '',
+		body: ''
+	});
+
+	// General state
+	let loading = $state(false);
+	let errors = $state<Record<string, string>>({});
+
+	onMount(async () => {
+		// Check Google auth status on mount
+		await checkGoogleAuth();
+		
+		if (currentStep === 2) {
+			await loadRecentSheets();
+		}
+	});
+
+	// Google Auth functions
+	async function checkGoogleAuth() {
+		authData.checking = true;
+		try {
+			const accessToken = localStorage.getItem('google_access_token');
+			const refreshToken = localStorage.getItem('google_refresh_token');
+			
+			if (accessToken && refreshToken) {
+				// Check if token is still valid
+				const isValid = await isTokenValid(accessToken);
+				authData.isConnected = isValid;
+				authData.token = accessToken;
+				
+				if (isValid) {
+					// Fetch user info
+					await fetchUserInfo(accessToken);
+				}
+			} else {
+				authData.isConnected = false;
+				authData.userEmail = null;
+			}
+		} catch (error) {
+			console.error('Error checking Google auth:', error);
+			authData.isConnected = false;
+			authData.error = 'Error checking Google connection';
+			authData.userEmail = null;
+		} finally {
+			authData.checking = false;
+		}
+	}
+
+	async function connectToGoogle() {
+		authData.error = '';
+		authData.connecting = true;
+		
+		try {
+			// Open popup window for OAuth
+			const popup = window.open(
+				'/auth/google',
+				'google-auth',
+				'width=500,height=600,scrollbars=yes,resizable=yes,left=' + 
+				Math.round(window.screen.width / 2 - 250) + ',top=' + 
+				Math.round(window.screen.height / 2 - 300)
+			);
+
+			if (!popup) {
+				authData.error = 'Failed to open popup window. Please allow popups for this site.';
+				authData.connecting = false;
+				return;
+			}
+
+			let authCompleted = false;
+			let popupTimer: number | null = null;
+			let cancelTimeout: number | null = null;
+
+			// Listen for messages from the popup
+			const messageHandler = (event: MessageEvent) => {
+				if (event.data?.type === 'GOOGLE_AUTH_SUCCESS') {
+					authCompleted = true;
+					authData.connecting = false;
+					authData.showCancelOption = false;
+					window.removeEventListener('message', messageHandler);
+					
+					// Clean up timers
+					if (popupTimer) clearTimeout(popupTimer);
+					if (cancelTimeout) clearTimeout(cancelTimeout);
+					
+					// Check auth status again after success
+					setTimeout(checkGoogleAuth, 100);
+				}
+			};
+
+			// Clean up function to handle all cleanup in one place
+			const cleanUp = () => {
+				window.removeEventListener('message', messageHandler);
+				if (popupTimer) clearTimeout(popupTimer);
+				if (cancelTimeout) clearTimeout(cancelTimeout);
+				authData.connecting = false;
+			};
+
+			window.addEventListener('message', messageHandler);
+
+			// Set a timeout to check auth status regardless of popup state
+			// This is a workaround for Cross-Origin-Opener-Policy restrictions
+			popupTimer = setTimeout(() => {
+				// Only check if auth isn't already completed
+				if (!authCompleted) {
+					cleanUp();
+					// Check if tokens were stored by the popup before it was closed
+					setTimeout(checkGoogleAuth, 100);
+				}
+			}, 60 * 1000) as unknown as number;
+
+			// After 20 seconds with no response, show cancel option
+			cancelTimeout = setTimeout(() => {
+				if (!authCompleted) {
+					authData.showCancelOption = true;
+				}
+			}, 20 * 1000) as unknown as number;
+
+			// Set a final timeout to clean up everything if nothing else worked
+			setTimeout(() => {
+				if (!authCompleted) {
+					cleanUp();
+				}
+			}, 3 * 60 * 1000); // 3 minute max timeout
+
+		} catch (error) {
+			console.error('Error connecting to Google:', error);
+			authData.error = 'Failed to connect to Google';
+			authData.connecting = false;
+		}
+	}
+	
+	function cancelGoogleAuth() {
+		authData.connecting = false;
+		authData.showCancelOption = false;
+	}
+	
+	async function fetchUserInfo(accessToken: string) {
+		try {
+			// Use the new getUserInfo function from our lib
+			const userData = await getUserInfo(accessToken);
+			if (userData) {
+				authData.userEmail = userData.email;
+			} else {
+				authData.userEmail = null;
+			}
+		} catch (error) {
+			console.error('Error fetching user info:', error);
+			authData.userEmail = null;
+		}
+	}
+	
+	async function disconnectGoogle() {
+		try {
+			// First revoke the token at Google using our API
+			const accessToken = localStorage.getItem('google_access_token');
+			if (accessToken) {
+				await revokeToken(accessToken);
+			}
+			
+			// Remove tokens from local storage
+			localStorage.removeItem('google_access_token');
+			localStorage.removeItem('google_refresh_token');
+			
+			// Update auth state
+			authData.isConnected = false;
+			authData.token = null;
+			authData.userEmail = null;
+			
+			// Clear any selected sheets data
+			sheetsData.availableSheets = [];
+			sheetsData.selectedSheet = null;
+			sheetsData.sheetData = [];
+		} catch (error) {
+			console.error('Error disconnecting from Google:', error);
+			authData.error = 'Failed to disconnect from Google';
+		}
+	}
+
+	// Step navigation
+	function nextStep() {
+		if (validateCurrentStep()) {
+			currentStep = Math.min(currentStep + 1, totalSteps - 1);
+			if (currentStep === 2) {
+				loadRecentSheets();
+			}
+		}
+	}
+
+	function prevStep() {
+		currentStep = Math.max(currentStep - 1, 0);
+	}
+
+	function validateCurrentStep(): boolean {
+		errors = {};
+		
+		if (currentStep === 0) {
+			if (!authData.isConnected) {
+				errors.auth = 'Please connect your Google account to continue';
+				return false;
+			}
+		} else if (currentStep === 1) {
+			if (!eventData.name.trim()) {
+				errors.name = 'Event name is required';
+			}
+			if (!eventData.date) {
+				errors.date = 'Event date is required';
+			}
+		} else if (currentStep === 2) {
+			if (!sheetsData.selectedSheet) {
+				errors.sheet = 'Please select a Google Sheet';
+			}
+			
+			if (sheetsData.selectedSheet) {
+				// Validate column mappings
+				const { name, surname, email, confirmation } = sheetsData.columnMapping;
+				const missingColumns = [];
+				
+				if (!name) missingColumns.push('Name');
+				if (!surname) missingColumns.push('Surname');
+				if (!email) missingColumns.push('Email');
+				if (!confirmation) missingColumns.push('Confirmation');
+				
+				if (missingColumns.length > 0) {
+					errors.sheetData = `Please map the following columns: ${missingColumns.join(', ')}`;
+				}
+			}
+		} else if (currentStep === 3) {
+			if (!emailData.subject.trim()) {
+				errors.subject = 'Email subject is required';
+			}
+			if (!emailData.body.trim()) {
+				errors.body = 'Email body is required';
+			}
+		}
+
+		return Object.keys(errors).length === 0;
+	}
+
+	// Google Sheets functions
+	async function loadRecentSheets() {
+		sheetsData.loading = true;
+		// Always expand the sheet list when loading new sheets
+		sheetsData.expandedSheetList = true;
+		
+		try {
+			// Use the new unified API endpoint
+			const response = await fetch('/private/api/google/sheets/recent', {
+				method: 'GET',
+				headers: {
+					'Authorization': `Bearer ${localStorage.getItem('google_refresh_token')}`
+				}
+			});
+			
+			if (response.ok) {
+				sheetsData.availableSheets = await response.json();
+			}
+		} catch (error) {
+			console.error('Error loading sheets:', error);
+			errors.sheets = 'Failed to load Google Sheets';
+		} finally {
+			sheetsData.loading = false;
+		}
+	}
+
+	async function selectSheet(sheet: GoogleSheet) {
+		const sameSheet = sheetsData.selectedSheet?.id === sheet.id;
+		
+		sheetsData.selectedSheet = sheet;
+		sheetsData.loading = true;
+		
+		// Collapse sheet list when selecting a new sheet
+		if (!sameSheet) {
+			sheetsData.expandedSheetList = false;
+		}
+		
+		try {
+			// Use the new unified API endpoint
+			const response = await fetch(`/private/api/google/sheets/${sheet.id}/data`, {
+				method: 'GET',
+				headers: {
+					'Authorization': `Bearer ${localStorage.getItem('google_refresh_token')}`
+				}
+			});
+			
+			if (response.ok) {
+				const data = await response.json();
+				sheetsData.sheetData = data.values || [];
+			}
+		} catch (error) {
+			console.error('Error loading sheet data:', error);
+			errors.sheetData = 'Failed to load sheet data';
+		} finally {
+			sheetsData.loading = false;
+		}
+	}
+	
+	// Toggle the sheet list expansion
+	function toggleSheetList() {
+		sheetsData.expandedSheetList = !sheetsData.expandedSheetList;
+	}
+
+	// Final submission
+	async function createEvent() {
+		if (!validateCurrentStep()) return;
+
+		loading = true;
+		try {
+			const { error } = await data.supabase.rpc('create_event', {
+				p_name: eventData.name,
+				p_date: eventData.date,
+				p_email_subject: emailData.subject,
+				p_email_body: emailData.body,
+				p_sheet_id: sheetsData.selectedSheet?.id,
+				p_name_column: sheetsData.columnMapping.name,
+				p_surname_column: sheetsData.columnMapping.surname,
+				p_email_column: sheetsData.columnMapping.email,
+				p_confirmation_column: sheetsData.columnMapping.confirmation
+			});
+
+			if (error) throw error;
+
+			// Redirect to events list or show success message
+			goto('/private/events');
+		} catch (error) {
+			console.error('Error creating event:', error);
+			errors.submit = 'Failed to create event. Please try again.';
+		} finally {
+			loading = false;
+		}
+	}
+
+	// Computed values
+	let canProceed = $derived(() => {
+		if (currentStep === 0) return authData.isConnected;
+		if (currentStep === 1) return eventData.name && eventData.date;
+		if (currentStep === 2) {
+			const { name, surname, email, confirmation } = sheetsData.columnMapping;
+			return sheetsData.selectedSheet && name && surname && email && confirmation;
+		}
+		if (currentStep === 3) return emailData.subject && emailData.body;
+		return false;
+	});
+</script>
+
+<div class="max-w-4xl mx-auto p-6">
+	<!-- Header -->
+	<StepNavigator {currentStep} {totalSteps} />
+
+	<!-- Step Content -->
+	<div class="rounded-lg border border-gray-300 bg-white p-6 mb-6">
+		{#if currentStep === 0}
+			<GoogleAuthStep {authData} {errors} {connectToGoogle} {cancelGoogleAuth} {disconnectGoogle} />
+		{:else if currentStep === 1}
+			<EventDetailsStep {eventData} {errors} />
+		{:else if currentStep === 2}
+			<GoogleSheetsStep {sheetsData} {errors} {loadRecentSheets} {selectSheet} {toggleSheetList} />
+		{:else if currentStep === 3}
+			<EmailSettingsStep {emailData} {errors} />
+		{/if}
+
+		{#if errors.submit}
+			<div class="mt-4 p-3 bg-red-50 border border-red-200 rounded">
+				<p class="text-sm text-red-600">{errors.submit}</p>
+			</div>
+		{/if}
+	</div>
+
+	<!-- Navigation -->
+	<StepNavigation 
+		{currentStep} 
+		{totalSteps} 
+		{canProceed} 
+		{loading} 
+		{prevStep} 
+		{nextStep} 
+		{createEvent} 
+	/>
+</div>

src/routes/private/events/event/new/components/EmailSettingsStep.svelte

@@ -0,0 +1,43 @@
+<script lang="ts">
+	let { emailData, errors } = $props<{
+		emailData: {
+			subject: string;
+			body: string;
+		};
+		errors: Record<string, string>;
+	}>();
+</script>
+
+<div class="space-y-6">
+	<div>
+		<label for="emailSubject" class="block text-sm font-medium text-gray-700 mb-2">
+			Email Subject *
+		</label>
+		<input
+			id="emailSubject"
+			type="text"
+			bind:value={emailData.subject}
+			class="w-full px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+			placeholder="Event invitation subject"
+		/>
+		{#if errors.subject}
+			<p class="mt-1 text-sm text-red-600">{errors.subject}</p>
+		{/if}
+	</div>
+
+	<div>
+		<label for="emailBody" class="block text-sm font-medium text-gray-700 mb-2">
+			Email Body *
+		</label>
+		<textarea
+			id="emailBody"
+			bind:value={emailData.body}
+			rows="8"
+			class="w-full px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+			placeholder="Email message content..."
+		></textarea>
+		{#if errors.body}
+			<p class="mt-1 text-sm text-red-600">{errors.body}</p>
+		{/if}
+	</div>
+</div>

src/routes/private/events/event/new/components/EventDetailsStep.svelte

@@ -0,0 +1,44 @@
+<script lang="ts">
+	let { eventData, errors } = $props<{
+		eventData: {
+			name: string;
+			date: string;
+		};
+		errors: Record<string, string>;
+	}>();
+</script>
+
+<div class="space-y-6">
+	<div>
+		<h3 class="text-lg font-medium text-gray-900 mb-4">Event details</h3>
+
+		<label for="eventName" class="block text-sm font-medium text-gray-700 mb-2">
+			Event Name *
+		</label>
+		<input
+			id="eventName"
+			type="text"
+			bind:value={eventData.name}
+			class="w-full px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+			placeholder="Enter event name"
+		/>
+		{#if errors.name}
+			<p class="mt-1 text-sm text-red-600">{errors.name}</p>
+		{/if}
+	</div>
+
+	<div>
+		<label for="eventDate" class="block text-sm font-medium text-gray-700 mb-2">
+			Event Date *
+		</label>
+		<input
+			id="eventDate"
+			type="date"
+			bind:value={eventData.date}
+			class="w-full px-3 py-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+		/>
+		{#if errors.date}
+			<p class="mt-1 text-sm text-red-600">{errors.date}</p>
+		{/if}
+	</div>
+</div>

src/routes/private/events/event/new/components/GoogleAuthStep.svelte

@@ -0,0 +1,144 @@
+<script lang="ts">
+	// Props
+	let { authData, errors, connectToGoogle, cancelGoogleAuth, disconnectGoogle } = $props<{
+		authData: {
+			isConnected: boolean;
+			checking: boolean;
+			connecting: boolean;
+			showCancelOption: boolean;
+			token: string | null;
+			error: string | null;
+			userEmail: string | null;
+		};
+		errors: Record<string, string>;
+		connectToGoogle: () => Promise<void>;
+		cancelGoogleAuth: () => void;
+		disconnectGoogle: () => Promise<void>;
+	}>();
+</script>
+
+<div class="space-y-6">
+	<div class="text-center">
+		<h3 class="text-lg font-medium text-gray-900 mb-4">Connect Your Google Account</h3>
+		<p class="text-gray-600 mb-6">
+			To create events and import participants from Google Sheets, you need to connect your Google account.
+		</p>
+
+		{#if authData.checking}
+			<div class="flex justify-center items-center space-x-2">
+				<div class="animate-spin rounded-full h-6 w-6 border-b-2 border-blue-600"></div>
+				<span class="text-gray-600">Checking connection...</span>
+			</div>
+		{:else if authData.isConnected}
+			<div class="rounded-lg bg-green-50 border border-green-200 p-4 mb-4">
+				<div class="flex items-center justify-start">
+					<div class="justify-start flex flex-col items-start">
+						<p class="text-sm font-medium text-green-800">
+							Google account connected successfully!
+						</p>
+						{#if authData.userEmail}
+							<div class="flex items-center mt-2 bg-white rounded-full px-3 py-1 border border-green-300">
+								<p class="text-sm font-medium text-gray-700">
+									{authData.userEmail}
+								</p>
+							</div>
+						{/if}
+						<p class="text-sm text-green-700 mt-2">
+							You can now access Google Sheets and Gmail features.
+						</p>
+					</div>
+				</div>
+				
+				<div class="mt-4 flex justify-end">
+					<button
+						onclick={disconnectGoogle}
+						class="text-sm text-red-600 hover:text-red-800 flex items-center"
+						aria-label="Disconnect Google account"
+					>
+						<svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4 mr-1" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+							<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 16l4-4m0 0l-4-4m4 4H7m6 4v1a3 3 0 01-3 3H6a3 3 0 01-3-3V7a3 3 0 013-3h4a3 3 0 013 3v1" />
+						</svg>
+						Disconnect
+					</button>
+				</div>
+			</div>
+		{:else}
+			<div class="rounded-lg bg-yellow-50 border border-yellow-200 p-4 mb-4">
+				<div class="flex items-center justify-start">
+					<div class="flex-shrink-0">
+						<svg class="h-5 w-5 text-yellow-400" viewBox="0 0 20 20" fill="currentColor">
+							<path fill-rule="evenodd" d="M8.257 3.099c.765-1.36 2.722-1.36 3.486 0l5.58 9.92c.75 1.334-.213 2.98-1.742 2.98H4.42c-1.53 0-2.493-1.646-1.743-2.98l5.58-9.92zM11 13a1 1 0 11-2 0 1 1 0 012 0zm-1-8a1 1 0 00-1 1v3a1 1 0 002 0V6a1 1 0 00-1-1z" clip-rule="evenodd" />
+						</svg>
+					</div>
+					<div class="ml-3 justify-start flex flex-col items-start">
+						<p class="text-sm font-medium text-yellow-800">
+							Google account not connected
+						</p>
+						<p class="text-sm text-yellow-700 mt-1">
+							Please connect your Google account to continue with event creation.
+						</p>
+					</div>
+				</div>
+			</div>
+
+			<div class="flex flex-col gap-3">
+				<button
+					onclick={connectToGoogle}
+					disabled={authData.connecting}
+					class="inline-flex items-center px-6 py-3 border border-transparent text-base font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 transition disabled:opacity-50 disabled:cursor-not-allowed"
+					aria-label="Connect to Google account"
+				>
+					{#if authData.connecting}
+						<div class="w-5 h-5 mr-2 animate-spin rounded-full border-2 border-white border-t-transparent"></div>
+						Connecting...
+					{:else}
+						<svg class="w-5 h-5 mr-2" viewBox="0 0 24 24">
+							<path fill="currentColor" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/>
+							<path fill="currentColor" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
+							<path fill="currentColor" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/>
+							<path fill="currentColor" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/>
+						</svg>
+						Connect to Google
+					{/if}
+				</button>
+				
+				{#if authData.connecting && authData.showCancelOption}
+					<button
+						onclick={cancelGoogleAuth}
+						class="text-sm text-gray-600 hover:text-gray-900"
+						aria-label="Cancel Google authentication"
+					>
+						Cancel connection
+					</button>
+					<p class="text-xs text-gray-500 mt-1">
+						Taking too long? You can cancel and try again.
+					</p>
+				{/if}
+			</div>
+		{/if}
+
+		{#if authData.error}
+			<div class="mt-4 rounded-lg bg-red-50 border border-red-200 p-4">
+				<div class="flex items-center">
+					<div class="flex-shrink-0">
+						<svg class="h-5 w-5 text-red-400" viewBox="0 0 20 20" fill="currentColor">
+							<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd" />
+						</svg>
+					</div>
+					<div class="ml-3">
+						<p class="text-sm font-medium text-red-800">
+							Connection Error
+						</p>
+						<p class="text-sm text-red-700 mt-1">
+							{authData.error}
+						</p>
+					</div>
+				</div>
+			</div>
+		{/if}
+
+		{#if errors.auth}
+			<p class="mt-2 text-sm text-red-600">{errors.auth}</p>
+		{/if}
+	</div>
+</div>

src/routes/private/events/event/new/components/GoogleSheetsStep.svelte

@@ -0,0 +1,213 @@
+<script lang="ts">
+	import type { GoogleSheet } from '$lib/google/sheets';
+	
+	// Props
+	let { sheetsData, errors, loadRecentSheets, selectSheet, toggleSheetList } = $props<{
+		sheetsData: {
+			availableSheets: GoogleSheet[];
+			selectedSheet: GoogleSheet | null;
+			sheetData: string[][];
+			columnMapping: {
+				name: number;
+				surname: number;
+				email: number;
+				confirmation: number;
+			};
+			loading: boolean;
+			expandedSheetList: boolean;
+		};
+		errors: Record<string, string>;
+		loadRecentSheets: () => Promise<void>;
+		selectSheet: (sheet: GoogleSheet) => Promise<void>;
+		toggleSheetList: () => void;
+	}>();
+</script>
+
+<div class="space-y-6">
+	<div>
+		<h3 class="text-lg font-medium text-gray-900 mb-4">Select Google Sheet</h3>
+		
+		{#if sheetsData.loading && sheetsData.availableSheets.length === 0}
+			<div class="space-y-3">
+				{#each Array(5) as _}
+					<div class="p-4 border border-gray-200 rounded animate-pulse">
+						<div class="h-4 bg-gray-200 rounded w-3/4 mb-2"></div>
+						<div class="h-3 bg-gray-100 rounded w-1/2"></div>
+					</div>
+				{/each}
+			</div>
+		{:else if sheetsData.availableSheets.length === 0}
+			<div class="text-center py-8">
+				<p class="text-gray-500">No Google Sheets found.</p>
+				<button
+					onclick={loadRecentSheets}
+					class="mt-2 px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700 transition"
+				>
+					Refresh
+				</button>
+			</div>
+		{:else}
+			<div class="space-y-3">
+				{#if !sheetsData.expandedSheetList && sheetsData.selectedSheet}
+					<!-- Selected sheet only (collapsed view) -->
+					<div class="flex items-center justify-between p-4 border border-blue-500 bg-blue-50 rounded">
+						<div>
+							<div class="font-medium text-gray-900">{sheetsData.selectedSheet.name}</div>
+							<div class="text-sm text-gray-500">
+								Modified: {new Date(sheetsData.selectedSheet.modifiedTime).toLocaleDateString()}
+							</div>
+						</div>
+						<button
+							onclick={toggleSheetList}
+							class="text-blue-600 hover:text-blue-800 flex items-center"
+							aria-label="Show all sheets"
+						>
+							<span class="text-sm mr-1">Change</span>
+							<svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4" viewBox="0 0 20 20" fill="currentColor">
+								<path fill-rule="evenodd" d="M5.293 7.293a1 1 0 011.414 0L10 10.586l3.293-3.293a1 1 0 111.414 1.414l-4 4a1 1 0 01-1.414 0l-4-4a1 1 0 010-1.414z" clip-rule="evenodd" />
+							</svg>
+						</button>
+					</div>
+				{:else}
+					<!-- All sheets (expanded view) -->
+					<div class="flex justify-between items-center mb-2">
+						<h4 class="text-sm font-medium text-gray-700">Available Sheets</h4>
+						{#if sheetsData.selectedSheet}
+							<button
+								onclick={toggleSheetList}
+								class="text-sm text-blue-600 hover:text-blue-800"
+								aria-label="Hide sheet list"
+							>
+								Collapse list
+							</button>
+						{/if}
+					</div>
+					<div class="grid gap-3">
+						{#each sheetsData.availableSheets as sheet}
+							<button
+								onclick={() => selectSheet(sheet)}
+								class="p-4 text-left border border-gray-200 rounded hover:border-blue-500 transition {
+									sheetsData.selectedSheet?.id === sheet.id ? 'border-blue-500 bg-blue-50' : ''
+								}"
+							>
+								<div class="font-medium text-gray-900">{sheet.name}</div>
+								<div class="text-sm text-gray-500">
+									Modified: {new Date(sheet.modifiedTime).toLocaleDateString()}
+								</div>
+							</button>
+						{/each}
+					</div>
+				{/if}
+			</div>
+		{/if}
+
+		{#if errors.sheet}
+			<p class="mt-2 text-sm text-red-600">{errors.sheet}</p>
+		{/if}
+	</div>
+
+	{#if sheetsData.selectedSheet && sheetsData.sheetData.length > 0}
+		<div>
+			<h3 class="text-lg font-medium text-gray-900 mb-4">Column Mapping</h3>
+			
+			<!-- Instructions for column mapping -->
+			<div class="bg-white p-4 rounded-md border border-gray-300 mb-4">
+				<p class="text-sm text-black-800 mb-2 font-medium">Column Mapping Instructions:</p>
+				<p class="text-sm text-black-700">
+					Select what each column represents by using the dropdown in each column header. 
+					Make sure to assign Name, Surname, Email, and Confirmation columns.
+				</p>
+			</div>
+			
+			<div class="overflow-x-auto">
+				<table class="w-full border border-gray-200 rounded">
+					<thead>
+						<tr class="bg-gray-50">
+							{#each sheetsData.sheetData[0] || [] as header, index}
+								<th class="px-3 py-2 border-b border-gray-200 text-left">
+									<div class="flex flex-col gap-2">
+										<div class="font-medium text-gray-900">
+											{header || `Empty Column ${index + 1}`}
+										</div>
+										<select 
+											class="text-sm normal-case font-normal px-2 py-1 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+											aria-label={`Select data type for column ${index + 1}`}
+											onclick={(e) => e.stopPropagation()}
+											onchange={(e) => {
+												const value = e.target.value;
+												if (value === "none") return;
+												
+												// Reset previous selection if this column was already mapped
+												if (sheetsData.columnMapping.name === index + 1) sheetsData.columnMapping.name = 0;
+												if (sheetsData.columnMapping.surname === index + 1) sheetsData.columnMapping.surname = 0;
+												if (sheetsData.columnMapping.email === index + 1) sheetsData.columnMapping.email = 0;
+												if (sheetsData.columnMapping.confirmation === index + 1) sheetsData.columnMapping.confirmation = 0;
+												
+												// Set new mapping
+												if (value === "name") sheetsData.columnMapping.name = index + 1;
+												else if (value === "surname") sheetsData.columnMapping.surname = index + 1;
+												else if (value === "email") sheetsData.columnMapping.email = index + 1;
+												else if (value === "confirmation") sheetsData.columnMapping.confirmation = index + 1;
+											}}
+										>
+											<option value="none">Select data type</option>
+											<option value="name" selected={sheetsData.columnMapping.name === index + 1}>Name</option>
+											<option value="surname" selected={sheetsData.columnMapping.surname === index + 1}>Surname</option>
+											<option value="email" selected={sheetsData.columnMapping.email === index + 1}>Email</option>
+											<option value="confirmation" selected={sheetsData.columnMapping.confirmation === index + 1}>Confirmation</option>
+										</select>
+										<div class="h-7 mt-1"> <!-- Fixed height container to prevent layout shift -->
+											{#if sheetsData.columnMapping.name === index + 1}
+												<span class="bg-green-100 text-green-800 text-xs px-2 py-1 rounded">Name Column</span>
+											{:else if sheetsData.columnMapping.surname === index + 1}
+												<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded">Surname Column</span>
+											{:else if sheetsData.columnMapping.email === index + 1}
+												<span class="bg-purple-100 text-purple-800 text-xs px-2 py-1 rounded">Email Column</span>
+											{:else if sheetsData.columnMapping.confirmation === index + 1}
+												<span class="bg-amber-100 text-amber-800 text-xs px-2 py-1 rounded">Confirmation Column</span>
+											{:else}
+												<span class="bg-gray-100 text-gray-400 text-xs px-2 py-1 rounded">Not Mapped</span>
+											{/if}
+										</div>
+									</div>
+								</th>
+							{/each}
+						</tr>
+					</thead>
+					<tbody>
+						{#each sheetsData.sheetData.slice(0, 10) as row, rowIndex}
+							<tr class="hover:bg-gray-50">
+								{#each row as cell, cellIndex}
+									<td class="px-3 py-2 border-b border-gray-100 text-sm">
+										<span 
+											class={
+												sheetsData.columnMapping.name === cellIndex + 1 ? 'font-medium text-green-700' : 
+												sheetsData.columnMapping.surname === cellIndex + 1 ? 'font-medium text-blue-700' : 
+												sheetsData.columnMapping.email === cellIndex + 1 ? 'font-medium text-purple-700' : 
+												sheetsData.columnMapping.confirmation === cellIndex + 1 ? 'font-medium text-amber-700' : 
+												'text-gray-700'
+											}
+										>
+											{cell || ''}
+										</span>
+									</td>
+								{/each}
+							</tr>
+						{/each}
+					</tbody>
+				</table>
+			</div>
+			<p class="mt-2 text-sm text-gray-500">Showing first 10 rows</p>
+		</div>
+	{/if}
+
+	{#if sheetsData.loading && sheetsData.selectedSheet}
+		<div class="text-center py-4">
+			<div class="text-gray-600">Loading sheet data...</div>
+		</div>
+	{/if}
+
+	{#if errors.sheetData}
+		<p class="text-sm text-red-600">{errors.sheetData}</p>
+	{/if}
+</div>

src/routes/private/events/event/new/components/StepNavigation.svelte

@@ -0,0 +1,42 @@
+<script lang="ts">
+	// Props
+	let { currentStep, totalSteps, canProceed, loading, prevStep, nextStep, createEvent } = $props<{
+		currentStep: number;
+		totalSteps: number;
+		canProceed: boolean;
+		loading: boolean;
+		prevStep: () => void;
+		nextStep: () => void;
+		createEvent: () => Promise<void>;
+	}>();
+</script>
+
+<div class="flex items-center justify-between">
+	<button
+		onclick={prevStep}
+		disabled={currentStep === 0}
+		class="px-4 py-2 text-gray-700 bg-gray-100 hover:bg-gray-200 rounded transition disabled:opacity-50 disabled:cursor-not-allowed"
+	>
+		Previous
+	</button>
+
+	<div class="flex gap-2">
+		{#if currentStep < totalSteps - 1}
+			<button
+				onclick={nextStep}
+				disabled={!canProceed}
+				class="px-6 py-2 bg-blue-600 text-white font-semibold rounded hover:bg-blue-700 transition disabled:opacity-50 disabled:cursor-not-allowed"
+			>
+				Next
+			</button>
+		{:else}
+			<button
+				onclick={createEvent}
+				disabled={!canProceed || loading}
+				class="px-6 py-2 bg-green-600 text-white font-semibold rounded hover:bg-green-700 transition disabled:opacity-50 disabled:cursor-not-allowed"
+			>
+				{loading ? 'Creating...' : 'Create Event'}
+			</button>
+		{/if}
+	</div>
+</div>

src/routes/private/events/event/new/components/StepNavigator.svelte

@@ -0,0 +1,28 @@
+<script lang="ts">
+	// Props
+	let { currentStep, totalSteps, stepTitle } = $props<{
+		currentStep: number;
+		totalSteps: number;
+	}>();
+</script>
+
+<div class="mb-8">
+    <div class="flex items-center justify-center gap-4 w-full">
+		{#each Array(totalSteps) as _, index}
+			<div class="flex items-center gap-2">
+				<div class="w-8 h-8 rounded-full flex items-center justify-center text-sm font-medium {
+					index === currentStep ? 'bg-blue-600 text-white' :
+					index < currentStep ? 'bg-green-600 text-white' :
+					'bg-gray-200 text-gray-600'
+				}">
+					{index + 1}
+				</div>
+				{#if index < totalSteps - 1}
+					<div class="w-10 h-1 rounded {
+						index < currentStep ? 'bg-green-600' : 'bg-gray-200'
+					}"></div>
+				{/if}
+			</div>
+		{/each}
+	</div>
+</div>

src/routes/private/scanner/+page.svelte

@@ -2,8 +2,8 @@
 	import QRScanner from './QRScanner.svelte';
 	import TicketDisplay from './TicketDisplay.svelte';
 
-	import type { TicketData } from '$lib/types';
-	import { ScanState, defaultTicketData } from '$lib/types';
+	import type { TicketData } from '$lib/types/types';
+	import { ScanState, defaultTicketData } from '$lib/types/types';
 
 	let { data } = $props();
 	let scanned_id = $state<string>("");

src/routes/private/scanner/TicketDisplay.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
-	import type { TicketData } from '$lib/types';
-	import { ScanState } from '$lib/types';
+	import type { TicketData } from '$lib/types/types';
+	import { ScanState } from '$lib/types/types';
 
 	let { ticket_data, scan_state }: { ticket_data: TicketData; scan_state: ScanState } = $props();
 

src/service-worker.ts

@@ -0,0 +1,80 @@
+/// <reference types="@sveltejs/kit" />
+import { build, files, version } from '$service-worker';
+
+// Create a unique cache name for this deployment
+const CACHE = `cache-${version}`;
+
+const ASSETS = [
+	...build, // the app itself
+	...files  // everything in `static`
+];
+
+self.addEventListener('install', (event) => {
+	// Create a new cache and add all files to it
+	async function addFilesToCache() {
+		const cache = await caches.open(CACHE);
+		await cache.addAll(ASSETS);
+	}
+
+	event.waitUntil(addFilesToCache());
+});
+
+self.addEventListener('activate', (event) => {
+	// Remove previous cached data from disk
+	async function deleteOldCaches() {
+		for (const key of await caches.keys()) {
+			if (key !== CACHE) await caches.delete(key);
+		}
+	}
+
+	event.waitUntil(deleteOldCaches());
+});
+
+self.addEventListener('fetch', (event) => {
+	// ignore POST requests etc
+	if (event.request.method !== 'GET') return;
+
+	async function respond() {
+		const url = new URL(event.request.url);
+		const cache = await caches.open(CACHE);
+
+		// `build`/`files` can always be served from the cache
+		if (ASSETS.includes(url.pathname)) {
+			const response = await cache.match(url.pathname);
+
+			if (response) {
+				return response;
+			}
+		}
+
+		// for everything else, try the network first, but
+		// fall back to the cache if we're offline
+		try {
+			const response = await fetch(event.request);
+
+			// if we're offline, fetch can return a value that is not a Response
+			// instead of throwing - and we can't pass this non-Response to respondWith
+			if (!(response instanceof Response)) {
+				throw new Error('invalid response from fetch');
+			}
+
+			if (response.status === 200) {
+				cache.put(event.request, response.clone());
+			}
+
+			return response;
+		} catch (err) {
+			const response = await cache.match(event.request);
+
+			if (response) {
+				return response;
+			}
+
+			// if there's no cache, then just error out
+			// as there is nothing we can do to respond to this request
+			throw err;
+		}
+	}
+
+	event.respondWith(respond());
+});

supabase/.gitignore

@@ -0,0 +1,8 @@
+# Supabase
+.branches
+.temp
+
+# dotenvx
+.env.keys
+.env.local
+.env.*.local

supabase/config.toml

@@ -0,0 +1,322 @@
+# For detailed configuration reference documentation, visit:
+# https://supabase.com/docs/guides/local-development/cli/config
+# A string used to distinguish different Supabase projects on the same host. Defaults to the
+# working directory name when running `supabase init`.
+project_id = "scan-wave"
+
+[api]
+enabled = true
+# Port to use for the API URL.
+port = 54321
+# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API
+# endpoints. `public` and `graphql_public` schemas are included by default.
+schemas = ["public", "graphql_public"]
+# Extra schemas to add to the search_path of every request.
+extra_search_path = ["public", "extensions"]
+# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size
+# for accidental or malicious requests.
+max_rows = 1000
+
+[api.tls]
+# Enable HTTPS endpoints locally using a self-signed certificate.
+enabled = false
+
+[db]
+# Port to use for the local database URL.
+port = 54322
+# Port used by db diff command to initialize the shadow database.
+shadow_port = 54320
+# The database major version to use. This has to be the same as your remote database's. Run `SHOW
+# server_version;` on the remote database to check.
+major_version = 17
+
+[db.pooler]
+enabled = false
+# Port to use for the local connection pooler.
+port = 54329
+# Specifies when a server connection can be reused by other clients.
+# Configure one of the supported pooler modes: `transaction`, `session`.
+pool_mode = "transaction"
+# How many server connections to allow per user/database pair.
+default_pool_size = 20
+# Maximum number of client connections allowed.
+max_client_conn = 100
+
+# [db.vault]
+# secret_key = "env(SECRET_VALUE)"
+
+[db.migrations]
+# If disabled, migrations will be skipped during a db push or reset.
+enabled = true
+# Specifies an ordered list of schema files that describe your database.
+# Supports glob patterns relative to supabase directory: "./schemas/*.sql"
+schema_paths = []
+
+[db.seed]
+# If enabled, seeds the database after migrations during a db reset.
+enabled = true
+# Specifies an ordered list of seed files to load during db reset.
+# Supports glob patterns relative to supabase directory: "./seeds/*.sql"
+sql_paths = ["./seed.sql"]
+
+[realtime]
+enabled = true
+# Bind realtime via either IPv4 or IPv6. (default: IPv4)
+# ip_version = "IPv6"
+# The maximum length in bytes of HTTP request headers. (default: 4096)
+# max_header_length = 4096
+
+[studio]
+enabled = true
+# Port to use for Supabase Studio.
+port = 54323
+# External URL of the API server that frontend connects to.
+api_url = "http://127.0.0.1"
+# OpenAI API Key to use for Supabase AI in the Supabase Studio.
+openai_api_key = "env(OPENAI_API_KEY)"
+
+# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they
+# are monitored, and you can view the emails that would have been sent from the web interface.
+[inbucket]
+enabled = true
+# Port to use for the email testing server web interface.
+port = 54324
+# Uncomment to expose additional ports for testing user applications that send emails.
+# smtp_port = 54325
+# pop3_port = 54326
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+[storage]
+enabled = true
+# The maximum file size allowed (e.g. "5MB", "500KB").
+file_size_limit = "50MiB"
+
+# Image transformation API is available to Supabase Pro plan.
+# [storage.image_transformation]
+# enabled = true
+
+# Uncomment to configure local storage buckets
+# [storage.buckets.images]
+# public = false
+# file_size_limit = "50MiB"
+# allowed_mime_types = ["image/png", "image/jpeg"]
+# objects_path = "./images"
+
+[auth]
+enabled = true
+# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used
+# in emails.
+site_url = "http://127.0.0.1:3000"
+# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
+additional_redirect_urls = ["https://127.0.0.1:3000"]
+# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
+jwt_expiry = 3600
+# If disabled, the refresh token will never expire.
+enable_refresh_token_rotation = true
+# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
+# Requires enable_refresh_token_rotation = true.
+refresh_token_reuse_interval = 10
+# Allow/disallow new user signups to your project.
+enable_signup = true
+# Allow/disallow anonymous sign-ins to your project.
+enable_anonymous_sign_ins = false
+# Allow/disallow testing manual linking of accounts
+enable_manual_linking = false
+# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more.
+minimum_password_length = 6
+# Passwords that do not meet the following requirements will be rejected as weak. Supported values
+# are: `letters_digits`, `lower_upper_letters_digits`, `lower_upper_letters_digits_symbols`
+password_requirements = ""
+
+[auth.rate_limit]
+# Number of emails that can be sent per hour. Requires auth.email.smtp to be enabled.
+email_sent = 2
+# Number of SMS messages that can be sent per hour. Requires auth.sms to be enabled.
+sms_sent = 30
+# Number of anonymous sign-ins that can be made per hour per IP address. Requires enable_anonymous_sign_ins = true.
+anonymous_users = 30
+# Number of sessions that can be refreshed in a 5 minute interval per IP address.
+token_refresh = 150
+# Number of sign up and sign-in requests that can be made in a 5 minute interval per IP address (excludes anonymous users).
+sign_in_sign_ups = 30
+# Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.
+token_verifications = 30
+# Number of Web3 logins that can be made in a 5 minute interval per IP address.
+web3 = 30
+
+# Configure one of the supported captcha providers: `hcaptcha`, `turnstile`.
+# [auth.captcha]
+# enabled = true
+# provider = "hcaptcha"
+# secret = ""
+
+[auth.email]
+# Allow/disallow new user signups via email to your project.
+enable_signup = true
+# If enabled, a user will be required to confirm any email change on both the old, and new email
+# addresses. If disabled, only the new email is required to confirm.
+double_confirm_changes = true
+# If enabled, users need to confirm their email address before signing in.
+enable_confirmations = false
+# If enabled, users will need to reauthenticate or have logged in recently to change their password.
+secure_password_change = false
+# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email.
+max_frequency = "1s"
+# Number of characters used in the email OTP.
+otp_length = 6
+# Number of seconds before the email OTP expires (defaults to 1 hour).
+otp_expiry = 3600
+
+# Use a production-ready SMTP server
+# [auth.email.smtp]
+# enabled = true
+# host = "smtp.sendgrid.net"
+# port = 587
+# user = "apikey"
+# pass = "env(SENDGRID_API_KEY)"
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+# Uncomment to customize email template
+# [auth.email.template.invite]
+# subject = "You have been invited"
+# content_path = "./supabase/templates/invite.html"
+
+[auth.sms]
+# Allow/disallow new user signups via SMS to your project.
+enable_signup = false
+# If enabled, users need to confirm their phone number before signing in.
+enable_confirmations = false
+# Template for sending OTP to users
+template = "Your code is {{ .Code }}"
+# Controls the minimum amount of time that must pass before sending another sms otp.
+max_frequency = "5s"
+
+# Use pre-defined map of phone number to OTP for testing.
+# [auth.sms.test_otp]
+# 4152127777 = "123456"
+
+# Configure logged in session timeouts.
+# [auth.sessions]
+# Force log out after the specified duration.
+# timebox = "24h"
+# Force log out if the user has been inactive longer than the specified duration.
+# inactivity_timeout = "8h"
+
+# This hook runs before a new user is created and allows developers to reject the request based on the incoming user object.
+# [auth.hook.before_user_created]
+# enabled = true
+# uri = "pg-functions://postgres/auth/before-user-created-hook"
+
+# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used.
+# [auth.hook.custom_access_token]
+# enabled = true
+# uri = "pg-functions://<database>/<schema>/<hook_name>"
+
+# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`.
+[auth.sms.twilio]
+enabled = false
+account_sid = ""
+message_service_sid = ""
+# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead:
+auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)"
+
+# Multi-factor-authentication is available to Supabase Pro plan.
+[auth.mfa]
+# Control how many MFA factors can be enrolled at once per user.
+max_enrolled_factors = 10
+
+# Control MFA via App Authenticator (TOTP)
+[auth.mfa.totp]
+enroll_enabled = false
+verify_enabled = false
+
+# Configure MFA via Phone Messaging
+[auth.mfa.phone]
+enroll_enabled = false
+verify_enabled = false
+otp_length = 6
+template = "Your code is {{ .Code }}"
+max_frequency = "5s"
+
+# Configure MFA via WebAuthn
+# [auth.mfa.web_authn]
+# enroll_enabled = true
+# verify_enabled = true
+
+# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`,
+# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin_oidc`, `notion`, `twitch`,
+# `twitter`, `slack`, `spotify`, `workos`, `zoom`.
+[auth.external.apple]
+enabled = false
+client_id = ""
+# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
+secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)"
+# Overrides the default auth redirectUrl.
+redirect_uri = ""
+# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure,
+# or any other third-party OIDC providers.
+url = ""
+# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
+skip_nonce_check = false
+
+# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
+# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
+[auth.web3.solana]
+enabled = false
+
+# Use Firebase Auth as a third-party provider alongside Supabase Auth.
+[auth.third_party.firebase]
+enabled = false
+# project_id = "my-firebase-project"
+
+# Use Auth0 as a third-party provider alongside Supabase Auth.
+[auth.third_party.auth0]
+enabled = false
+# tenant = "my-auth0-tenant"
+# tenant_region = "us"
+
+# Use AWS Cognito (Amplify) as a third-party provider alongside Supabase Auth.
+[auth.third_party.aws_cognito]
+enabled = false
+# user_pool_id = "my-user-pool-id"
+# user_pool_region = "us-east-1"
+
+# Use Clerk as a third-party provider alongside Supabase Auth.
+[auth.third_party.clerk]
+enabled = false
+# Obtain from https://clerk.com/setup/supabase
+# domain = "example.clerk.accounts.dev"
+
+[edge_runtime]
+enabled = true
+# Configure one of the supported request policies: `oneshot`, `per_worker`.
+# Use `oneshot` for hot reload, or `per_worker` for load testing.
+policy = "oneshot"
+# Port to attach the Chrome inspector for debugging edge functions.
+inspector_port = 8083
+# The Deno major version to use.
+deno_version = 1
+
+# [edge_runtime.secrets]
+# secret_key = "env(SECRET_VALUE)"
+
+[analytics]
+enabled = true
+port = 54327
+# Configure one of the supported backends: `postgres`, `bigquery`.
+backend = "postgres"
+
+# Experimental features may be deprecated any time
+[experimental]
+# Configures Postgres storage engine to use OrioleDB (S3)
+orioledb_version = ""
+# Configures S3 bucket URL, eg. <bucket_name>.s3-<region>.amazonaws.com
+s3_host = "env(S3_HOST)"
+# Configures S3 bucket region, eg. us-east-1
+s3_region = "env(S3_REGION)"
+# Configures AWS_ACCESS_KEY_ID for S3 bucket
+s3_access_key = "env(S3_ACCESS_KEY)"
+# Configures AWS_SECRET_ACCESS_KEY for S3 bucket
+s3_secret_key = "env(S3_SECRET_KEY)"

supabase/migrations/20250701144235_remote_schema.sql

@@ -0,0 +1,827 @@
+
+
+SET statement_timeout = 0;
+SET lock_timeout = 0;
+SET idle_in_transaction_session_timeout = 0;
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = on;
+SELECT pg_catalog.set_config('search_path', '', false);
+SET check_function_bodies = false;
+SET xmloption = content;
+SET client_min_messages = warning;
+SET row_security = off;
+
+
+CREATE EXTENSION IF NOT EXISTS "pg_cron" WITH SCHEMA "pg_catalog";
+
+
+
+
+
+
+COMMENT ON SCHEMA "public" IS 'standard public schema';
+
+
+
+CREATE EXTENSION IF NOT EXISTS "pg_graphql" WITH SCHEMA "graphql";
+
+
+
+
+
+
+CREATE EXTENSION IF NOT EXISTS "pg_stat_statements" WITH SCHEMA "extensions";
+
+
+
+
+
+
+CREATE EXTENSION IF NOT EXISTS "pgcrypto" WITH SCHEMA "extensions";
+
+
+
+
+
+
+CREATE EXTENSION IF NOT EXISTS "pgjwt" WITH SCHEMA "extensions";
+
+
+
+
+
+
+CREATE EXTENSION IF NOT EXISTS "supabase_vault" WITH SCHEMA "vault";
+
+
+
+
+
+
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA "extensions";
+
+
+
+
+
+
+CREATE TYPE "public"."section_posititon" AS ENUM (
+    'events_manager',
+    'member'
+);
+
+
+ALTER TYPE "public"."section_posititon" OWNER TO "postgres";
+
+
+CREATE OR REPLACE FUNCTION "public"."archive_event"("_event_id" "uuid") RETURNS "void"
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    AS $$
+DECLARE
+    v_total      bigint;
+    v_scanned    bigint;
+    v_evt        public.events%ROWTYPE;
+BEGIN
+    -------------------------------------------------------------------------
+    -- A. Fetch the event
+    -------------------------------------------------------------------------
+    SELECT * INTO v_evt
+    FROM public.events
+    WHERE id = _event_id;
+
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'archive_event_and_delete(): event % does not exist', _event_id;
+    END IF;
+
+    -------------------------------------------------------------------------
+    -- B. Count participants
+    -------------------------------------------------------------------------
+    SELECT  COUNT(*)                               AS total,
+            COUNT(*) FILTER (WHERE scanned)        AS scanned
+    INTO    v_total, v_scanned
+    FROM    public.participants
+    WHERE   event = _event_id;
+
+    -------------------------------------------------------------------------
+    -- C. Upsert into events_archived (now with section_id)
+    -------------------------------------------------------------------------
+    INSERT INTO public.events_archived (
+             id,           created_at,     date,         name,
+             section_id,   total_participants, scanned_participants )
+    VALUES ( v_evt.id,     clock_timestamp(), v_evt.date, v_evt.name,
+             v_evt.section_id, v_total,         v_scanned )
+    ON CONFLICT (id) DO UPDATE
+          SET created_at          = EXCLUDED.created_at,
+              date                = EXCLUDED.date,
+              name                = EXCLUDED.name,
+              section_id          = EXCLUDED.section_id,
+              total_participants  = EXCLUDED.total_participants,
+              scanned_participants= EXCLUDED.scanned_participants;
+
+    -------------------------------------------------------------------------
+    -- D. Delete original event row (participants cascade away)
+    -------------------------------------------------------------------------
+    DELETE FROM public.events
+    WHERE id = _event_id;
+END;
+$$;
+
+
+ALTER FUNCTION "public"."archive_event"("_event_id" "uuid") OWNER TO "postgres";
+
+
+CREATE OR REPLACE FUNCTION "public"."auto_archive_events"("_age_days" integer DEFAULT 7) RETURNS integer
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    AS $$
+DECLARE
+    v_cnt       int := 0;
+    v_event_id  uuid;
+BEGIN
+    FOR v_event_id IN
+        SELECT id
+        FROM   public.events
+        WHERE  date IS NOT NULL
+          AND  date <= CURRENT_DATE - _age_days
+    LOOP
+        BEGIN
+            PERFORM public.archive_event(v_event_id);
+            v_cnt := v_cnt + 1;
+        EXCEPTION
+            WHEN others THEN
+                -- Optionally record the failure somewhere and continue
+                RAISE WARNING 'Failed to archive event %, %', v_event_id, SQLERRM;
+        END;
+    END LOOP;
+
+    RETURN v_cnt;
+END;
+$$;
+
+
+ALTER FUNCTION "public"."auto_archive_events"("_age_days" integer) OWNER TO "postgres";
+
+SET default_tablespace = '';
+
+SET default_table_access_method = "heap";
+
+
+CREATE TABLE IF NOT EXISTS "public"."events" (
+    "id" "uuid" DEFAULT "gen_random_uuid"() NOT NULL,
+    "created_at" timestamp with time zone DEFAULT "now"() NOT NULL,
+    "created_by" "uuid" DEFAULT "auth"."uid"(),
+    "name" "text",
+    "date" "date",
+    "section_id" "uuid"
+);
+
+
+ALTER TABLE "public"."events" OWNER TO "postgres";
+
+
+COMMENT ON TABLE "public"."events" IS 'Table of all events created';
+
+
+
+CREATE OR REPLACE FUNCTION "public"."create_event"("p_name" "text", "p_date" "date") RETURNS "public"."events"
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    SET "search_path" TO 'public'
+    AS $$
+declare
+  v_user    uuid := auth.uid();                     -- current user
+  v_section uuid;                                   -- their section_id
+  v_evt     public.events%rowtype;                  -- the inserted event
+begin
+  -- 1) lookup the user's section
+  select section_id
+    into v_section
+    from public.profiles
+   where id = v_user;
+
+  if v_section is null then
+    raise exception 'no profile/section found for user %', v_user;
+  end if;
+
+  -- 2) insert into events, filling created_by and section_id
+  insert into public.events (
+    name,
+    date,
+    created_by,
+    section_id
+  )
+  values (
+    p_name,
+    p_date,
+    v_user,
+    v_section
+  )
+  returning * into v_evt;
+
+  -- 3) return the full row
+  return v_evt;
+end;
+$$;
+
+
+ALTER FUNCTION "public"."create_event"("p_name" "text", "p_date" "date") OWNER TO "postgres";
+
+
+CREATE TABLE IF NOT EXISTS "public"."participants" (
+    "id" "uuid" DEFAULT "gen_random_uuid"() NOT NULL,
+    "created_at" timestamp with time zone DEFAULT "now"() NOT NULL,
+    "created_by" "uuid" DEFAULT "auth"."uid"(),
+    "event" "uuid",
+    "name" "text",
+    "surname" "text",
+    "email" "text",
+    "scanned" boolean DEFAULT false,
+    "scanned_at" timestamp with time zone,
+    "scanned_by" "uuid",
+    "section_id" "uuid"
+);
+
+
+ALTER TABLE "public"."participants" OWNER TO "postgres";
+
+
+COMMENT ON TABLE "public"."participants" IS 'Table of all qrcodes issued';
+
+
+
+CREATE OR REPLACE FUNCTION "public"."create_qrcodes_bulk"("p_section_id" "uuid", "p_event_id" "uuid", "p_names" "text"[], "p_surnames" "text"[], "p_emails" "text"[]) RETURNS SETOF "public"."participants"
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    SET "search_path" TO 'public', 'pg_temp'
+    AS $$BEGIN
+    -----------------------------------------------------------------
+    -- 1) keep the array-length check exactly as before
+    -----------------------------------------------------------------
+    IF array_length(p_names, 1)  IS DISTINCT FROM
+       array_length(p_surnames,1) OR
+       array_length(p_names, 1)  IS DISTINCT FROM
+       array_length(p_emails,  1) THEN
+       RAISE EXCEPTION
+         'Names, surnames and emails arrays must all be the same length';
+    END IF;
+
+    RETURN QUERY
+    INSERT INTO public.participants (section_id, event, name, surname, email)
+    SELECT  p_section_id,
+            p_event_id,
+            n, s, e
+    FROM   unnest(p_names, p_surnames, p_emails) AS u(n, s, e)
+    RETURNING *;
+END;$$;
+
+
+ALTER FUNCTION "public"."create_qrcodes_bulk"("p_section_id" "uuid", "p_event_id" "uuid", "p_names" "text"[], "p_surnames" "text"[], "p_emails" "text"[]) OWNER TO "postgres";
+
+
+CREATE OR REPLACE FUNCTION "public"."handle_new_user"() RETURNS "trigger"
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    SET "search_path" TO 'public', 'auth'
+    AS $$begin
+  insert into public.profiles(id, display_name, created_at, updated_at)
+  values (new.id,
+          coalesce(new.raw_user_meta_data ->> 'display_name',   -- meta-data name if present
+                   split_part(new.email, '@', 1)),             -- fallback: part of the email
+          now(), now());
+  return new;
+end;$$;
+
+
+ALTER FUNCTION "public"."handle_new_user"() OWNER TO "postgres";
+
+
+CREATE OR REPLACE FUNCTION "public"."scan_ticket"("_ticket_id" "uuid") RETURNS "void"
+    LANGUAGE "plpgsql" SECURITY DEFINER
+    SET "search_path" TO 'public'
+    AS $$BEGIN
+  UPDATE participants
+  SET scanned = true,
+      scanned_at = NOW(),
+      scanned_by  = auth.uid()
+  WHERE id = _ticket_id;
+  
+  -- optionally, make sure exactly one row was updated
+  IF NOT FOUND THEN
+     RAISE EXCEPTION 'Ticket % not found or already scanned', _ticket_id;
+  END IF;
+END;$$;
+
+
+ALTER FUNCTION "public"."scan_ticket"("_ticket_id" "uuid") OWNER TO "postgres";
+
+
+CREATE TABLE IF NOT EXISTS "public"."events_archived" (
+    "id" "uuid" DEFAULT "gen_random_uuid"() NOT NULL,
+    "created_at" timestamp with time zone DEFAULT "now"() NOT NULL,
+    "date" "date",
+    "name" "text" NOT NULL,
+    "total_participants" numeric,
+    "scanned_participants" numeric,
+    "section_id" "uuid"
+);
+
+
+ALTER TABLE "public"."events_archived" OWNER TO "postgres";
+
+
+CREATE TABLE IF NOT EXISTS "public"."profiles" (
+    "id" "uuid" NOT NULL,
+    "display_name" "text",
+    "created_at" timestamp with time zone DEFAULT "now"(),
+    "updated_at" timestamp with time zone DEFAULT "now"(),
+    "section_id" "uuid",
+    "section_position" "public"."section_posititon" DEFAULT 'member'::"public"."section_posititon" NOT NULL
+);
+
+
+ALTER TABLE "public"."profiles" OWNER TO "postgres";
+
+
+CREATE TABLE IF NOT EXISTS "public"."sections" (
+    "id" "uuid" DEFAULT "gen_random_uuid"() NOT NULL,
+    "created_at" timestamp with time zone DEFAULT "now"() NOT NULL,
+    "name" "text" NOT NULL
+);
+
+
+ALTER TABLE "public"."sections" OWNER TO "postgres";
+
+
+COMMENT ON TABLE "public"."sections" IS 'List of ESN sections using the app';
+
+
+
+ALTER TABLE ONLY "public"."events_archived"
+    ADD CONSTRAINT "events_archived_pkey" PRIMARY KEY ("id");
+
+
+
+ALTER TABLE ONLY "public"."events"
+    ADD CONSTRAINT "events_pkey" PRIMARY KEY ("id");
+
+
+
+ALTER TABLE ONLY "public"."profiles"
+    ADD CONSTRAINT "profiles_pkey" PRIMARY KEY ("id");
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "qrcodes_pkey" PRIMARY KEY ("id");
+
+
+
+ALTER TABLE ONLY "public"."sections"
+    ADD CONSTRAINT "sections_name_key" UNIQUE ("name");
+
+
+
+ALTER TABLE ONLY "public"."sections"
+    ADD CONSTRAINT "sections_pkey" PRIMARY KEY ("id");
+
+
+
+ALTER TABLE ONLY "public"."events_archived"
+    ADD CONSTRAINT "events_archived_section_id_fkey" FOREIGN KEY ("section_id") REFERENCES "public"."sections"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."events"
+    ADD CONSTRAINT "events_created_by_fkey" FOREIGN KEY ("created_by") REFERENCES "auth"."users"("id");
+
+
+
+ALTER TABLE ONLY "public"."events"
+    ADD CONSTRAINT "events_section_id_fkey" FOREIGN KEY ("section_id") REFERENCES "public"."sections"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "participants_created_by_fkey" FOREIGN KEY ("created_by") REFERENCES "auth"."users"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "participants_event_fkey" FOREIGN KEY ("event") REFERENCES "public"."events"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "participants_scanned_by_fkey" FOREIGN KEY ("scanned_by") REFERENCES "public"."profiles"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."profiles"
+    ADD CONSTRAINT "profiles_id_fkey" FOREIGN KEY ("id") REFERENCES "auth"."users"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."profiles"
+    ADD CONSTRAINT "profiles_section_id_fkey" FOREIGN KEY ("section_id") REFERENCES "public"."sections"("id") ON DELETE CASCADE;
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "qrcodes_scanned_by_fkey" FOREIGN KEY ("scanned_by") REFERENCES "auth"."users"("id");
+
+
+
+ALTER TABLE ONLY "public"."participants"
+    ADD CONSTRAINT "qrcodes_section_id_fkey" FOREIGN KEY ("section_id") REFERENCES "public"."sections"("id") ON DELETE CASCADE;
+
+
+
+CREATE POLICY "Access only to section resources" ON "public"."events_archived" FOR SELECT TO "authenticated" USING ((EXISTS ( SELECT 1
+   FROM "public"."profiles" "p"
+  WHERE ("p"."section_id" = "events_archived"."section_id"))));
+
+
+
+CREATE POLICY "Enable select for authenticated users only" ON "public"."profiles" FOR SELECT TO "authenticated" USING (true);
+
+
+
+CREATE POLICY "Enable select for authenticated users only" ON "public"."sections" FOR SELECT TO "authenticated" USING (true);
+
+
+
+CREATE POLICY "Only display section resources" ON "public"."events" FOR SELECT TO "authenticated" USING ((EXISTS ( SELECT 1
+   FROM "public"."profiles" "p"
+  WHERE ("p"."section_id" = "events"."section_id"))));
+
+
+
+CREATE POLICY "Only display section resources" ON "public"."participants" FOR SELECT TO "authenticated" USING ((EXISTS ( SELECT 1
+   FROM "public"."profiles" "p"
+  WHERE ("p"."section_id" = "participants"."section_id"))));
+
+
+
+ALTER TABLE "public"."events" ENABLE ROW LEVEL SECURITY;
+
+
+ALTER TABLE "public"."events_archived" ENABLE ROW LEVEL SECURITY;
+
+
+ALTER TABLE "public"."participants" ENABLE ROW LEVEL SECURITY;
+
+
+ALTER TABLE "public"."profiles" ENABLE ROW LEVEL SECURITY;
+
+
+ALTER TABLE "public"."sections" ENABLE ROW LEVEL SECURITY;
+
+
+
+
+ALTER PUBLICATION "supabase_realtime" OWNER TO "postgres";
+
+
+
+
+
+GRANT USAGE ON SCHEMA "public" TO "postgres";
+GRANT USAGE ON SCHEMA "public" TO "anon";
+GRANT USAGE ON SCHEMA "public" TO "authenticated";
+GRANT USAGE ON SCHEMA "public" TO "service_role";
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+GRANT ALL ON FUNCTION "public"."archive_event"("_event_id" "uuid") TO "anon";
+GRANT ALL ON FUNCTION "public"."archive_event"("_event_id" "uuid") TO "authenticated";
+GRANT ALL ON FUNCTION "public"."archive_event"("_event_id" "uuid") TO "service_role";
+
+
+
+GRANT ALL ON FUNCTION "public"."auto_archive_events"("_age_days" integer) TO "anon";
+GRANT ALL ON FUNCTION "public"."auto_archive_events"("_age_days" integer) TO "authenticated";
+GRANT ALL ON FUNCTION "public"."auto_archive_events"("_age_days" integer) TO "service_role";
+
+
+
+GRANT ALL ON TABLE "public"."events" TO "anon";
+GRANT ALL ON TABLE "public"."events" TO "authenticated";
+GRANT ALL ON TABLE "public"."events" TO "service_role";
+
+
+
+GRANT ALL ON FUNCTION "public"."create_event"("p_name" "text", "p_date" "date") TO "anon";
+GRANT ALL ON FUNCTION "public"."create_event"("p_name" "text", "p_date" "date") TO "authenticated";
+GRANT ALL ON FUNCTION "public"."create_event"("p_name" "text", "p_date" "date") TO "service_role";
+
+
+
+GRANT ALL ON TABLE "public"."participants" TO "anon";
+GRANT ALL ON TABLE "public"."participants" TO "authenticated";
+GRANT ALL ON TABLE "public"."participants" TO "service_role";
+
+
+
+GRANT ALL ON FUNCTION "public"."create_qrcodes_bulk"("p_section_id" "uuid", "p_event_id" "uuid", "p_names" "text"[], "p_surnames" "text"[], "p_emails" "text"[]) TO "anon";
+GRANT ALL ON FUNCTION "public"."create_qrcodes_bulk"("p_section_id" "uuid", "p_event_id" "uuid", "p_names" "text"[], "p_surnames" "text"[], "p_emails" "text"[]) TO "authenticated";
+GRANT ALL ON FUNCTION "public"."create_qrcodes_bulk"("p_section_id" "uuid", "p_event_id" "uuid", "p_names" "text"[], "p_surnames" "text"[], "p_emails" "text"[]) TO "service_role";
+
+
+
+GRANT ALL ON FUNCTION "public"."handle_new_user"() TO "anon";
+GRANT ALL ON FUNCTION "public"."handle_new_user"() TO "authenticated";
+GRANT ALL ON FUNCTION "public"."handle_new_user"() TO "service_role";
+
+
+
+GRANT ALL ON FUNCTION "public"."scan_ticket"("_ticket_id" "uuid") TO "anon";
+GRANT ALL ON FUNCTION "public"."scan_ticket"("_ticket_id" "uuid") TO "authenticated";
+GRANT ALL ON FUNCTION "public"."scan_ticket"("_ticket_id" "uuid") TO "service_role";
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+GRANT ALL ON TABLE "public"."events_archived" TO "anon";
+GRANT ALL ON TABLE "public"."events_archived" TO "authenticated";
+GRANT ALL ON TABLE "public"."events_archived" TO "service_role";
+
+
+
+GRANT ALL ON TABLE "public"."profiles" TO "anon";
+GRANT ALL ON TABLE "public"."profiles" TO "authenticated";
+GRANT ALL ON TABLE "public"."profiles" TO "service_role";
+
+
+
+GRANT ALL ON TABLE "public"."sections" TO "anon";
+GRANT ALL ON TABLE "public"."sections" TO "authenticated";
+GRANT ALL ON TABLE "public"."sections" TO "service_role";
+
+
+
+
+
+
+
+
+
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON SEQUENCES  TO "postgres";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON SEQUENCES  TO "anon";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON SEQUENCES  TO "authenticated";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON SEQUENCES  TO "service_role";
+
+
+
+
+
+
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON FUNCTIONS  TO "postgres";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON FUNCTIONS  TO "anon";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON FUNCTIONS  TO "authenticated";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON FUNCTIONS  TO "service_role";
+
+
+
+
+
+
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON TABLES  TO "postgres";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON TABLES  TO "anon";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON TABLES  TO "authenticated";
+ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT ALL ON TABLES  TO "service_role";
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+RESET ALL;

supabase/migrations/20250701144258_remote_schema.sql

@@ -0,0 +1,34 @@
+revoke select on table "auth"."schema_migrations" from "postgres";
+
+CREATE TRIGGER on_auth_users_created AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION handle_new_user();
+
+
+grant delete on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant insert on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant references on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant select on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant trigger on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant truncate on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant update on table "storage"."s3_multipart_uploads" to "postgres";
+
+grant delete on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant insert on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant references on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant select on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant trigger on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant truncate on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+grant update on table "storage"."s3_multipart_uploads_parts" to "postgres";
+
+