Skip to content

wave: report T&C and privacy policy versions on login#1899

Merged
jtourkos merged 2 commits into
mainfrom
feat/log-tc-consent-on-login-537
May 8, 2026
Merged

wave: report T&C and privacy policy versions on login#1899
jtourkos merged 2 commits into
mainfrom
feat/log-tc-consent-on-login-537

Conversation

@jtourkos
Copy link
Copy Markdown
Collaborator

@jtourkos jtourkos commented May 8, 2026
edited
Loading

Summary

  • Adds src/lib/utils/wave/legal-versions.ts: a single source of truth for the version strings of the Wave Terms & Rules and Privacy Policy. The login button appends both as query params on the wave OAuth login URL so the backend can persist a click-wrap consent record (drips-network/wave#537).
  • Refactors the URL construction in log-in-button.svelte into a small buildLoginHref helper that always emits termsVersion + privacyVersion, plus the existing backTo / skipWelcome / ref when applicable.
  • Drives the "effective as of …" line on /legal/privacy from the same PRIVACY_POLICY_VERSION constant. Updating the policy text and bumping the recorded version are now one diff — display and transport can't drift.

Why FE-reported (not server-side) versions

The wave backend stores whatever this PR sends. We record the rendered version because that is the value the user actually saw on screen, which is what click-wrap defensibility hinges on. A server-side resolution path would let the BE config drift ahead of the FE during partial deploys and record values the user never saw — the opposite of what the audit record is for.

The state isn't HMAC-signed. A determined client could submit a wrong version, but tampering only deflates the user's own recorded version, which is self-defeating: re-prompt enforcement is forward-looking off the live constant on the next sensitive action. This matches industry click-wrap norms (GitHub, Stripe, Apple).

Coordination with backend

Pairs with drips-network/wave#537. The wave backend now requires termsVersion and privacyVersion query params on GET /api/auth/oauth/github/login and rejects missing values with a 400 before the GitHub redirect. Deploy this PR before the wave PR — otherwise every login attempt 400s until the FE catches up.

Test plan

  • npm run lint clean on the changed files
  • npm run check shows no new errors/warnings on changed files
  • Manual: load /wave/login, click "Log in with GitHub", inspect the URL — confirm termsVersion=2026-04-27&privacyVersion=2026-04-29 is present
  • Manual: load /legal/privacy, scroll to bottom — confirm the effective date reads "April 29, 2026" (rendered from the constant)
  • Manual (post-merge with wave): complete login end-to-end, confirm a tc_consents row is written with both versions
  • Manual: log out, bump PRIVACY_POLICY_VERSION locally, log in again — confirm a new tc_consents row appears with the bumped version while the old one's consented_at is preserved

jtourkos added 2 commits May 8, 2026 15:27
@jtourkos
wave: report T&C and privacy policy versions on login
83fb68a 
Wave backend (drips-network/wave#537) now requires `termsVersion` and
`privacyVersion` query params on the GitHub OAuth login URL so it can
persist a consent record per user/version pair. Add a small constants
module as the source of truth for the document versions, and append
both params alongside the existing `backTo`/`skipWelcome`/`ref` params
in the login button.

Bump the constants whenever the Terms & Rules or Privacy Policy is
materially updated; the backend will write a fresh consent row on the
next login while preserving the timestamp of any earlier consent.
@jtourkos
wave: source privacy policy effective date from the version constant
784dd6d 
Drive the "effective as of …" line on /legal/privacy from
PRIVACY_POLICY_VERSION rather than a hand-typed string. The constant
is also what the login button reports to the wave backend on consent,
so display and transport are now guaranteed to come from the same
source — bumping the policy text and the login-time recorded version
become a single diff.

Bump PRIVACY_POLICY_VERSION to 2026-04-29 to match the date already
stated on the page.
@jtourkos jtourkos requested a review from efstajas May 8, 2026 13:53
@jtourkos jtourkos merged commit 784dd6d into main May 8, 2026
6 of 8 checks passed
@jtourkos jtourkos deleted the feat/log-tc-consent-on-login-537 branch May 8, 2026 14:57
@railway-app railway-app Bot temporarily deployed to Drips App / mainnet May 8, 2026 14:57 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efstajas efstajas efstajas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jtourkos @efstajas