Update dependency rubocop-rspec to v3.4.0

Reviewed-on: #215

.annotaterb.yml

@@ -0,0 +1,58 @@
+---
+:position: before
+:position_in_additional_file_patterns: before
+:position_in_class: before
+:position_in_factory: before
+:position_in_fixture: before
+:position_in_routes: before
+:position_in_serializer: before
+:position_in_test: before
+:classified_sort: true
+:exclude_controllers: true
+:exclude_factories: true
+:exclude_fixtures: false
+:exclude_helpers: true
+:exclude_scaffolds: true
+:exclude_serializers: false
+:exclude_sti_subclasses: false
+:exclude_tests: true
+:force: false
+:format_markdown: false
+:format_rdoc: false
+:format_yard: false
+:frozen: false
+:ignore_model_sub_dir: false
+:ignore_unknown_models: false
+:include_version: false
+:show_check_constraints: false
+:show_complete_foreign_keys: false
+:show_foreign_keys: true
+:show_indexes: true
+:simple_indexes: false
+:sort: false
+:timestamp: false
+:trace: false
+:with_comment: true
+:with_column_comments: true
+:with_table_comments: true
+:active_admin: false
+:command: 
+:debug: false
+:hide_default_column_types: ''
+:hide_limit_column_types: ''
+:ignore_columns: 
+:ignore_routes: 
+:models: true
+:routes: false
+:skip_on_db_migrate: false
+:target_action: :do_annotations
+:wrapper: 
+:wrapper_close: 
+:wrapper_open: 
+:classes_default_to_s: []
+:additional_file_patterns: []
+:model_dir:
+- app/models
+:require: []
+:root_dir:
+- ''

.dockerignore

@@ -35,3 +35,4 @@
 /app/assets/builds/*
 !/app/assets/builds/.keep
 /public/assets
+.docker-compose.yml

.gitea/workflows/build.yml

@@ -3,6 +3,7 @@ on:
   push:
     branches:
       - main
+  pull_request:
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
@@ -25,12 +26,21 @@ jobs:
           username: ${{ secrets.PRIVATE_REGISTRY_USERNAME }}
           password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
 
-      - name: Build and push
+      - name: Build and push intermediate stages (build)
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: |
-            ${{ secrets.PRIVATE_REGISTRY_HOST }}/${{ env.GITHUB_REPOSITORY }}:latest
-          cache-from: type=registry,ref=user/app:latest
+          target: build
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ${{ secrets.PRIVATE_REGISTRY_HOST }}/${{ env.GITHUB_REPOSITORY }}:build
+          cache-from: type=registry,ref=${{ secrets.PRIVATE_REGISTRY_HOST }}/${{ env.GITHUB_REPOSITORY }}:build
+          cache-to: type=inline
+
+      - name: Build and push (final)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ${{ secrets.PRIVATE_REGISTRY_HOST }}/${{ env.GITHUB_REPOSITORY }}:latest
+          cache-from: type=registry,ref=${{ secrets.PRIVATE_REGISTRY_HOST }}/${{ env.GITHUB_REPOSITORY }}:latest
           cache-to: type=inline

.gitea/workflows/license_finder.yml

@@ -8,16 +8,14 @@ concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 jobs:
-  build-static-assets:
+  check-licenses:
     runs-on: ubuntu-latest
     steps:
         - uses: actions/checkout@v4
           with:
             token: ${{ secrets.GITHUB_TOKEN }}
-        - uses: ruby/setup-ruby@v1
-          with:
-            ruby-version: '3.3'
-        - name: Install license finder gem
-          run: gem install license_finder
+        - uses: ruby/setup-ruby@v1.207.0
+        - name: Install project dependencies
+          run: bundle install --jobs `getconf _NPROCESSORS_ONLN`
         - name: Run license finder
           run: license_finder

.gitea/workflows/tests.yml

@@ -22,8 +22,9 @@ jobs:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@v1.207.0
       - run: bundle install
+      - run: bundle exec rubocop --force-exclusion --parallel
       - name: Wait until Postgres is ready to accept connections
         run: |
           apt-get update && apt-get install -f -y postgresql-client

.gitignore

@@ -33,3 +33,6 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+
+# Ignore swagger generated documentation
+swagger/v1/swagger.yaml

.rubocop.yml

@@ -0,0 +1,29 @@
+require:
+  - rubocop-rails
+  - rubocop-factory_bot
+  - rubocop-rspec
+  - rubocop-rspec_rails
+AllCops:
+  NewCops: enable
+  Exclude:
+    - 'db/**/*'
+    - 'config/**/*'
+    - 'script/**/*'
+    - 'bin/*'
+    - '*.yml'
+Layout/LineLength:
+  Max: 120
+RSpec/ExampleLength:
+  Enabled: false
+Metrics/ModuleLength:
+  Enabled: false
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+Style/Documentation:
+  Enabled: false
+Metrics/MethodLength:
+  Max: 20
+Rails/SkipsModelValidations:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-ruby-3.3.5
+ruby-3.4.1

Dockerfile

@@ -1,8 +1,8 @@
 # syntax = docker/dockerfile:1
 
 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
-ARG RUBY_VERSION=3.3.5
-FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base
+ARG RUBY_VERSION=3.4.1
+FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim AS base
 
 # Rails app lives here
 WORKDIR /rails
@@ -16,11 +16,11 @@ ENV RAILS_ENV="production" \
 RUN apt-get update && apt-get install -y nodejs
 
 # Throw-away build stage to reduce size of final image
-FROM base as build
+FROM base AS build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config
+    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config libyaml-dev
 
 # Install application gems
 COPY Gemfile Gemfile.lock ./

Dockerfile.dev

@@ -0,0 +1,42 @@
+# syntax = docker/dockerfile:1
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+ARG RUBY_VERSION=3.4.1
+FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base
+
+# Rails app lives here
+WORKDIR /rails
+
+RUN apt-get update && apt-get install -y nodejs
+
+FROM base as build
+
+# Install packages needed to build gems
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config libyaml-dev
+
+# Install application gems
+COPY Gemfile Gemfile.lock ./
+RUN bundle install
+
+# Copy application code
+COPY . .
+
+# Final stage for app image
+FROM base
+
+# Install packages needed for deployment
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libvips postgresql-client && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Copy built artifacts: gems, application
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build /rails /rails
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["./bin/rails", "server", "--binding=0.0.0.0"]

Gemfile

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
-ruby '3.3.5'
+ruby '3.4.1'
 gem 'bootsnap', require: false
 gem 'csv'
 gem 'importmap-rails'
@@ -8,29 +10,44 @@ gem 'jbuilder'
 gem 'money'
 gem 'pg', '~> 1.1'
 gem 'puma', '>= 5.0'
-gem 'rails', '~> 7.2.0', '>= 7.2.1'
+gem 'rails', '~> 8.0.0', '>= 8.0.0'
 gem 'redis', '>= 4.0.1'
 gem 'sprockets-rails'
 gem 'stimulus-rails'
 gem 'turbo-rails'
 gem 'tzinfo-data', platforms: %i[windows jruby]
 
+gem 'acts_as_tenant'
 gem 'faker'
+gem 'httparty'
 gem 'jsonapi-rails'
+gem 'pluck_to_hash'
 gem 'rack-cors'
 gem 'react-rails'
+gem 'rswag'
 gem 'rubytree'
 
 group :development, :test do
+  gem 'annotaterb'
   gem 'debug', platforms: %i[mri windows]
   gem 'factory_bot_rails'
+  gem 'license_finder'
   gem 'pry'
-  gem 'rspec-rails', '~> 7.0.0'
+  gem 'rspec-rails', '~> 7.1.0'
+  gem 'shoulda-matchers', '~> 6.0'
 end
 
 group :development do
+  gem 'letter_opener_web'
   gem 'rubocop'
+  gem 'rubocop-factory_bot', require: false
+  gem 'rubocop-rails', require: false
+  gem 'rubocop-rspec', require: false
+  gem 'rubocop-rspec_rails', require: false
   gem 'web-console'
 end
 
-gem "solid_queue", "~> 1.0"
+gem 'chroma'
+gem 'solid_queue', '~> 1.0'
+
+gem 'devise', '~> 4.9'

Gemfile.lock

@@ -1,66 +1,65 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.2.2)
-      actionpack (= 7.2.2)
-      activesupport (= 7.2.2)
+    actioncable (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.2.2)
-      actionpack (= 7.2.2)
-      activejob (= 7.2.2)
-      activerecord (= 7.2.2)
-      activestorage (= 7.2.2)
-      activesupport (= 7.2.2)
+    actionmailbox (8.0.1)
+      actionpack (= 8.0.1)
+      activejob (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
-    actionmailer (7.2.2)
-      actionpack (= 7.2.2)
-      actionview (= 7.2.2)
-      activejob (= 7.2.2)
-      activesupport (= 7.2.2)
+    actionmailer (8.0.1)
+      actionpack (= 8.0.1)
+      actionview (= 8.0.1)
+      activejob (= 8.0.1)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (7.2.2)
-      actionview (= 7.2.2)
-      activesupport (= 7.2.2)
+    actionpack (8.0.1)
+      actionview (= 8.0.1)
+      activesupport (= 8.0.1)
       nokogiri (>= 1.8.5)
-      racc
-      rack (>= 2.2.4, < 3.2)
+      rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actiontext (7.2.2)
-      actionpack (= 7.2.2)
-      activerecord (= 7.2.2)
-      activestorage (= 7.2.2)
-      activesupport (= 7.2.2)
+    actiontext (8.0.1)
+      actionpack (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.2.2)
-      activesupport (= 7.2.2)
+    actionview (8.0.1)
+      activesupport (= 8.0.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.2.2)
-      activesupport (= 7.2.2)
+    activejob (8.0.1)
+      activesupport (= 8.0.1)
       globalid (>= 0.3.6)
-    activemodel (7.2.2)
-      activesupport (= 7.2.2)
-    activerecord (7.2.2)
-      activemodel (= 7.2.2)
-      activesupport (= 7.2.2)
+    activemodel (8.0.1)
+      activesupport (= 8.0.1)
+    activerecord (8.0.1)
+      activemodel (= 8.0.1)
+      activesupport (= 8.0.1)
       timeout (>= 0.4.0)
-    activestorage (7.2.2)
-      actionpack (= 7.2.2)
-      activejob (= 7.2.2)
-      activerecord (= 7.2.2)
-      activesupport (= 7.2.2)
+    activestorage (8.0.1)
+      actionpack (= 8.0.1)
+      activejob (= 8.0.1)
+      activerecord (= 8.0.1)
+      activesupport (= 8.0.1)
       marcel (~> 1.0)
-    activesupport (7.2.2)
+    activesupport (8.0.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -72,30 +71,46 @@ GEM
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    acts_as_tenant (1.0.1)
+      rails (>= 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    annotaterb (4.13.0)
     ast (2.4.2)
     babel-source (5.8.35)
     babel-transpiler (0.7.0)
       babel-source (>= 4.0, < 6)
       execjs (~> 2.0)
     base64 (0.2.0)
-    benchmark (0.3.0)
-    bigdecimal (3.1.8)
+    bcrypt (3.1.20)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
     bindex (0.8.1)
     bootsnap (1.18.4)
       msgpack (~> 1.2)
     builder (3.3.0)
+    childprocess (5.1.0)
+      logger (~> 1.5)
+    chroma (0.2.0)
     coderay (1.1.3)
     concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crass (1.0.6)
-    csv (3.3.0)
-    date (3.3.4)
-    debug (1.9.2)
+    csv (3.3.2)
+    date (3.4.1)
+    debug (1.10.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
+    devise (4.9.4)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
     diff-lcs (1.5.1)
     drb (2.2.1)
-    erubi (1.13.0)
+    erubi (1.13.1)
     et-orbi (1.2.11)
       tzinfo
     execjs (2.9.1)
@@ -111,20 +126,26 @@ GEM
       raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
+    httparty (0.22.0)
+      csv
+      mini_mime (>= 1.0.0)
+      multi_xml (>= 0.5.2)
     i18n (1.14.6)
       concurrent-ruby (~> 1.0)
-    importmap-rails (2.0.3)
+    importmap-rails (2.1.0)
       actionpack (>= 6.0.0)
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
-    io-console (0.7.2)
-    irb (1.14.1)
+    io-console (0.8.0)
+    irb (1.14.3)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jbuilder (2.13.0)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
-    json (2.7.5)
+    json (2.9.1)
+    json-schema (5.0.1)
+      addressable (~> 2.8)
     jsonapi-deserializable (0.2.0)
     jsonapi-parser (0.1.1)
     jsonapi-rails (0.4.1)
@@ -137,8 +158,26 @@ GEM
     jsonapi-serializable (0.3.1)
       jsonapi-renderer (~> 0.2.0)
     language_server-protocol (3.17.0.3)
-    logger (1.6.1)
-    loofah (2.22.0)
+    launchy (3.0.1)
+      addressable (~> 2.8)
+      childprocess (~> 5.0)
+    letter_opener (1.10.0)
+      launchy (>= 2.2, < 4)
+    letter_opener_web (3.0.0)
+      actionmailer (>= 6.1)
+      letter_opener (~> 1.9)
+      railties (>= 6.1)
+      rexml
+    license_finder (7.2.1)
+      bundler
+      csv (~> 3.2)
+      rubyzip (>= 1, < 3)
+      thor (~> 1.2)
+      tomlrb (>= 1.3, < 2.1)
+      with_env (= 1.1.0)
+      xml-simple (~> 1.1.9)
+    logger (1.6.5)
+    loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -147,13 +186,16 @@ GEM
       net-pop
       net-smtp
     marcel (1.0.4)
-    method_source (1.0.0)
+    method_source (1.1.0)
     mini_mime (1.1.5)
-    minitest (5.25.1)
+    mini_portile2 (2.8.8)
+    minitest (5.25.4)
     money (6.19.0)
       i18n (>= 0.6.4, <= 2)
     msgpack (1.7.2)
-    net-imap (0.4.17)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
+    net-imap (0.5.2)
       date
       net-protocol
     net-pop (0.1.2)
@@ -163,29 +205,36 @@ GEM
     net-smtp (0.5.0)
       net-protocol
     nio4r (2.7.4)
-    nokogiri (1.16.7-aarch64-linux)
+    nokogiri (1.18.1)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.16.7-arm-linux)
+    nokogiri (1.18.1-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.16.7-arm64-darwin)
+    nokogiri (1.18.1-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86-linux)
+    nokogiri (1.18.1-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-darwin)
+    nokogiri (1.18.1-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-linux)
+    nokogiri (1.18.1-x86_64-linux-gnu)
       racc (~> 1.4)
+    orm_adapter (0.5.0)
     parallel (1.26.3)
-    parser (3.3.5.1)
+    parser (3.3.7.0)
       ast (~> 2.4.1)
       racc
     pg (1.5.9)
-    pry (0.14.2)
+    pluck_to_hash (1.0.2)
+      activerecord (>= 4.0.2)
+      activesupport (>= 4.0.2)
+    pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    psych (5.1.2)
+    psych (5.2.2)
+      date
       stringio
-    puma (6.4.3)
+    public_suffix (6.0.1)
+    puma (6.5.0)
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.8.1)
@@ -196,33 +245,32 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (2.1.0)
+    rackup (2.2.1)
       rack (>= 3)
-      webrick (~> 1.8)
-    rails (7.2.2)
-      actioncable (= 7.2.2)
-      actionmailbox (= 7.2.2)
-      actionmailer (= 7.2.2)
-      actionpack (= 7.2.2)
-      actiontext (= 7.2.2)
-      actionview (= 7.2.2)
-      activejob (= 7.2.2)
-      activemodel (= 7.2.2)
-      activerecord (= 7.2.2)
-      activestorage (= 7.2.2)
-      activesupport (= 7.2.2)
+    rails (8.0.1)
+      actioncable (= 8.0.1)
+      actionmailbox (= 8.0.1)
+      actionmailer (= 8.0.1)
+      actionpack (= 8.0.1)
+      actiontext (= 8.0.1)
+      actionview (= 8.0.1)
+      activejob (= 8.0.1)
+      activemodel (= 8.0.1)
+      activerecord (= 8.0.1)
+      activestorage (= 8.0.1)
+      activesupport (= 8.0.1)
       bundler (>= 1.15.0)
-      railties (= 7.2.2)
+      railties (= 8.0.1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
-    railties (7.2.2)
-      actionpack (= 7.2.2)
-      activesupport (= 7.2.2)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -230,7 +278,7 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.7.0)
+    rdoc (6.10.0)
       psych (>= 4.0.0)
     react-rails (3.2.1)
       babel-transpiler (>= 0.7.0)
@@ -242,9 +290,13 @@ GEM
       redis-client (>= 0.22.0)
     redis-client (0.22.2)
       connection_pool
-    regexp_parser (2.9.2)
-    reline (0.5.10)
+    regexp_parser (2.10.0)
+    reline (0.6.0)
       io-console (~> 0.5)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
+    rexml (3.3.9)
     rspec-core (3.13.2)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.3)
@@ -253,7 +305,7 @@ GEM
     rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (7.0.1)
+    rspec-rails (7.1.0)
       actionpack (>= 7.0)
       activesupport (>= 7.0)
       railties (>= 7.0)
@@ -262,23 +314,53 @@ GEM
       rspec-mocks (~> 3.13)
       rspec-support (~> 3.13)
     rspec-support (3.13.1)
-    rubocop (1.68.0)
+    rswag (2.16.0)
+      rswag-api (= 2.16.0)
+      rswag-specs (= 2.16.0)
+      rswag-ui (= 2.16.0)
+    rswag-api (2.16.0)
+      activesupport (>= 5.2, < 8.1)
+      railties (>= 5.2, < 8.1)
+    rswag-specs (2.16.0)
+      activesupport (>= 5.2, < 8.1)
+      json-schema (>= 2.2, < 6.0)
+      railties (>= 5.2, < 8.1)
+      rspec-core (>= 2.14)
+    rswag-ui (2.16.0)
+      actionpack (>= 5.2, < 8.1)
+      railties (>= 5.2, < 8.1)
+    rubocop (1.70.0)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.4, < 3.0)
-      rubocop-ast (>= 1.32.2, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.36.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.33.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.37.0)
       parser (>= 3.3.1.0)
+    rubocop-factory_bot (2.26.1)
+      rubocop (~> 1.61)
+    rubocop-rails (2.29.0)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.52.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rspec (3.4.0)
+      rubocop (~> 1.61)
+    rubocop-rspec_rails (2.30.0)
+      rubocop (~> 1.61)
+      rubocop-rspec (~> 3, >= 3.0.1)
     ruby-progressbar (1.13.0)
-    rubytree (2.1.0)
-      json (~> 2.0, > 2.3.1)
-    securerandom (0.3.1)
-    solid_queue (1.0.0)
+    rubytree (2.1.1)
+      json (~> 2.0, > 2.9)
+    rubyzip (2.3.2)
+    securerandom (0.4.1)
+    shoulda-matchers (6.4.0)
+      activesupport (>= 5.2.0)
+    solid_queue (1.1.2)
       activejob (>= 7.1)
       activerecord (>= 7.1)
       concurrent-ruby (>= 1.3.1)
@@ -294,26 +376,32 @@ GEM
       sprockets (>= 3.0.0)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
-    stringio (3.1.1)
+    stringio (3.1.2)
     thor (1.3.2)
     tilt (2.4.0)
-    timeout (0.4.1)
+    timeout (0.4.3)
+    tomlrb (2.0.3)
     turbo-rails (2.0.11)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.6.0)
-    useragent (0.16.10)
+    uri (1.0.2)
+    useragent (0.16.11)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webrick (1.8.2)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
+    with_env (1.1.0)
+    xml-simple (1.1.9)
+      rexml
     zeitwerk (2.7.1)
 
 PLATFORMS
@@ -325,25 +413,39 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  acts_as_tenant
+  annotaterb
   bootsnap
+  chroma
   csv
   debug
+  devise (~> 4.9)
   factory_bot_rails
   faker
+  httparty
   importmap-rails
   jbuilder
   jsonapi-rails
+  letter_opener_web
+  license_finder
   money
   pg (~> 1.1)
+  pluck_to_hash
   pry
   puma (>= 5.0)
   rack-cors
-  rails (~> 7.2.0, >= 7.2.1)
+  rails (~> 8.0.0, >= 8.0.0)
   react-rails
   redis (>= 4.0.1)
-  rspec-rails (~> 7.0.0)
+  rspec-rails (~> 7.1.0)
+  rswag
   rubocop
+  rubocop-factory_bot
+  rubocop-rails
+  rubocop-rspec
+  rubocop-rspec_rails
   rubytree
+  shoulda-matchers (~> 6.0)
   solid_queue (~> 1.0)
   sprockets-rails
   stimulus-rails
@@ -351,8 +453,166 @@ DEPENDENCIES
   tzinfo-data
   web-console
 
+CHECKSUMS
+  actioncable (8.0.1) sha256=808bff2a4e3aba36f66f0cd65d7a1579ad52fb65e99304442c46051a79689d9b
+  actionmailbox (8.0.1) sha256=bbc7db779be857fb6eb5b53f313d3881cd8cda38a150c3aa25f89f2f9977b08c
+  actionmailer (8.0.1) sha256=7b074e9590e4ec5cebd2fc91d1f9ba4c61bbd4bbd4376f731527da187cd39952
+  actionpack (8.0.1) sha256=c764e4bfc0ad9d3505c09ef9b6fbf9eca4292793550c6b7e2ea93167181bfcba
+  actiontext (8.0.1) sha256=f232d303e854db2098f34d7331fe493a72dc2e53dfce80fbd517c7b93d4b05b2
+  actionview (8.0.1) sha256=3005e3de5ca49ea789bf1ad46002d63fe5aa543c61c341239d3c533757e64f8a
+  activejob (8.0.1) sha256=95acd9a32d498d3a458efbb317f6191fb678758cde0ebb6c68f0b25e0fe3477f
+  activemodel (8.0.1) sha256=f46292fd6dcc128e18d588854298a933fd9eb22544c412b414ec02821062dc78
+  activerecord (8.0.1) sha256=34a7f0610660bb704f0363025d4b8d35ffe8ddc8f5b8147e0809171f724b5306
+  activestorage (8.0.1) sha256=91a8f156638568fac971ff25962a617d9c58fdc0e44eb6bd0edff36aff7df205
+  activesupport (8.0.1) sha256=fd5bc74641c24ac3541055c2879789198ff42adee3e39c2933289ba008912e37
+  acts_as_tenant (1.0.1) sha256=6944e4d64533337938a8817a6b4ff9b11189c9dcc0b1333bb89f3821a4c14c53
+  addressable (2.8.7) sha256=462986537cf3735ab5f3c0f557f14155d778f4b43ea4f485a9deb9c8f7c58232
+  annotaterb (4.13.0) sha256=6f472912002fefa735665b4132de47d0134ebf1efb76a7ef05f579cc4a6b2ff1
+  ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
+  babel-source (5.8.35) sha256=79ef222a9dcb867ac2efa3b0da35b4bcb15a4bfa67b6b2dcbf1e9a29104498d9
+  babel-transpiler (0.7.0) sha256=4c06f4ad9e8e1cabe94f99e11df2f140bb72aca9ba067dbb49dc14d9b98d1570
+  base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
+  bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099
+  benchmark (0.4.0) sha256=0f12f8c495545e3710c3e4f0480f63f06b4c842cc94cec7f33a956f5180e874a
+  bigdecimal (3.1.9) sha256=2ffc742031521ad69c2dfc815a98e426a230a3d22aeac1995826a75dabfad8cc
+  bindex (0.8.1) sha256=7b1ecc9dc539ed8bccfc8cb4d2732046227b09d6f37582ff12e50a5047ceb17e
+  bootsnap (1.18.4) sha256=ac4c42af397f7ee15521820198daeff545e4c360d2772c601fbdc2c07d92af55
+  builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f
+  childprocess (5.1.0) sha256=9a8d484be2fd4096a0e90a0cd3e449a05bc3aa33f8ac9e4d6dcef6ac1455b6ec
+  chroma (0.2.0) sha256=64bdcd36a4765fbcd45adc64960cc153101300b4918f90ffdd89f4e2eb954b54
+  coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b
+  concurrent-ruby (1.3.4) sha256=d4aa926339b0a86b5b5054a0a8c580163e6f5dcbdfd0f4bb916b1a2570731c32
+  connection_pool (2.4.1) sha256=0f40cf997091f1f04ff66da67eabd61a9fe0d4928b9a3645228532512fab62f4
+  crass (1.0.6) sha256=dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d
+  csv (3.3.2) sha256=6ff0c135e65e485d1864dde6c1703b60d34cc9e19bed8452834a0b28a519bd4e
+  date (3.4.1) sha256=bf268e14ef7158009bfeaec40b5fa3c7271906e88b196d958a89d4b408abe64f
+  debug (1.10.0) sha256=11e28ca74875979e612444104f3972bd5ffb9e79179907d7ad46dba44bd2e7a4
+  devise (4.9.4) sha256=920042fe5e704c548aa4eb65ebdd65980b83ffae67feb32c697206bfd975a7f8
+  diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
+  drb (2.2.1) sha256=e9d472bf785f558b96b25358bae115646da0dbfd45107ad858b0bc0d935cb340
+  erubi (1.13.1) sha256=a082103b0885dbc5ecf1172fede897f9ebdb745a4b97a5e8dc63953db1ee4ad9
+  et-orbi (1.2.11) sha256=d26e868cc21db88280a9ec1a50aa3da5d267eb9b2037ba7b831d6c2731f5df64
+  execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
+  factory_bot (6.4.6) sha256=1a9486ce98d318d740d8f5804b885a8265a28f326ecf2bcd4ce9fb27a71a6e04
+  factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
+  faker (3.5.1) sha256=1ad1fbea279d882f486059c23fe3ddb816ccd1d7052c05a45014b4450d859bfc
+  fugit (1.11.1) sha256=e89485e7be22226d8e9c6da411664d0660284b4b1c08cacb540f505907869868
+  globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
+  httparty (0.22.0) sha256=78652a5c9471cf0093d3b2083c2295c9c8f12b44c65112f1846af2b71430fa6c
+  i18n (1.14.6) sha256=dc229a74f5d181f09942dd60ab5d6e667f7392c4ee826f35096db36d1fe3614c
+  importmap-rails (2.1.0) sha256=9f10c67d60651a547579f448100d033df311c5d5db578301374aeb774faae741
+  io-console (0.8.0) sha256=cd6a9facbc69871d69b2cb8b926fc6ea7ef06f06e505e81a64f14a470fddefa2
+  irb (1.14.3) sha256=c457f1f2f1438ae9ce5c5be3981ae2138dec7fb894c7d73777eeeb0a6c0d0752
+  jbuilder (2.13.0) sha256=7200a38a1c0081aa81b7a9757e7a299db75bc58cf1fd45ca7919a91627d227d6
+  json (2.9.1) sha256=d2bdef4644052fad91c1785d48263756fe32fcac08b96a20bb15840e96550d11
+  json-schema (5.0.1) sha256=bef71a82c600a42594911553522e143f7634affc198ed507ef3ded2f920a74a9
+  jsonapi-deserializable (0.2.0) sha256=5f0ca2d3f8404cce1584a314e8a3753be32a56054c942adfe997b87e92bce147
+  jsonapi-parser (0.1.1) sha256=9ee0dc031e88fc7548d56fab66f9716d1e1c06f972b529b8c4617bc42a097020
+  jsonapi-rails (0.4.1) sha256=fa68b927b58f194e8b81f578c0bf18e61575638f45a390f66c832de2e6d179ba
+  jsonapi-rb (0.5.0) sha256=7922a164278f506c43d56277f6bd0800a0b603cc985f7f63fe7241b2628bd105
+  jsonapi-renderer (0.2.2) sha256=b5c44b033d61b4abdb6500fa4ab84807ca0b36ea0e59e47a2c3ca7095a6e447b
+  jsonapi-serializable (0.3.1) sha256=221e657677659d798e268a33ec97a83ec5ea0e4233f931358db84e88056552e9
+  language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
+  launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
+  letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
+  letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
+  license_finder (7.2.1) sha256=179ead19b64b170638b72fd16024233813673ac9d20d5ba75ae0b4444887ef14
+  logger (1.6.5) sha256=c3cfe56d01656490ddd103d38b8993d73d86296adebc5f58cefc9ec03741e56b
+  loofah (2.23.1) sha256=d0a07422cb3b69272e124afa914ef6d517e30d5496b7f1c1fc5b95481f13f75e
+  mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
+  marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
+  method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5
+  mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
+  mini_portile2 (2.8.8) sha256=8e47136cdac04ce81750bb6c09733b37895bf06962554e4b4056d78168d70a75
+  minitest (5.25.4) sha256=9cf2cae25ac4dfc90c988ebc3b917f53c054978b673273da1bd20bcb0778f947
+  money (6.19.0) sha256=ec936fa1e42f2783719241ed9fd52725d0efa628f928feea1eb5c37d5de7daf3
+  msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
+  multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
+  net-imap (0.5.2) sha256=e955b55e539712518bdb4eb747c6514f9c8d56ec4eb8eb573a82a6885a9effea
+  net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
+  net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
+  net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
+  nio4r (2.7.4) sha256=d95dee68e0bb251b8ff90ac3423a511e3b784124e5db7ff5f4813a220ae73ca9
+  nokogiri (1.18.1) sha256=df18be7e96c34736b6abfdeda80c6e845134fb9afe2fe5d4fbc1cf1f89c68475
+  nokogiri (1.18.1-aarch64-linux-gnu) sha256=35837013800e34342fcbaca305f8c49231f6bd4f779bfa23fe7b4686ae82d5b8
+  nokogiri (1.18.1-arm-linux-gnu) sha256=3b873fd6b0cd1ad7c77e87af701075bdfd14c9a6b2f2965c5e00ed29a5627a37
+  nokogiri (1.18.1-arm64-darwin) sha256=d75193f284c899d225943a8944479faedd995a7573ddd5c8308ffbdf2ec55204
+  nokogiri (1.18.1-x86_64-darwin) sha256=d94e3aa6483577495fc8969d6b4b5c075840ce6b1ab09636a6d4177ad171051d
+  nokogiri (1.18.1-x86_64-linux-gnu) sha256=e516cf16ccde67ed4cc595a2621ca5ddd42562ecb24928914b0045a20a41620e
+  orm_adapter (0.5.0) sha256=aa5d0be5d540cbb46d3a93e88061f4ece6a25f6e97d6a47122beb84fe595e9b9
+  parallel (1.26.3) sha256=d86babb7a2b814be9f4b81587bf0b6ce2da7d45969fab24d8ae4bf2bb4d4c7ef
+  parser (3.3.7.0) sha256=7449011771e3e7881297859b849de26a6f4fccd515bece9520a87e7d2116119b
+  pg (1.5.9) sha256=761efbdf73b66516f0c26fcbe6515dc7500c3f0aa1a1b853feae245433c64fdc
+  pluck_to_hash (1.0.2) sha256=1599906239716f98262a41493dd7d4cb72e8d83ad3d76d666deacfc5de50a47e
+  pry (0.15.2) sha256=12d54b8640d3fa29c9211dd4ffb08f3fd8bf7a4fd9b5a73ce5b59c8709385b6b
+  psych (5.2.2) sha256=a4a9477c85d3e858086c38cf64e7096abe40d1b1eed248b01020dec0ff9906ab
+  public_suffix (6.0.1) sha256=61d44e1cab5cbbbe5b31068481cf16976dd0dc1b6b07bd95617ef8c5e3e00c6f
+  puma (6.5.0) sha256=94d1b75cab7f356d52e4f1b17b9040a090889b341dbeee6ee3703f441dc189f2
+  raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882
+  racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
+  rack (3.1.8) sha256=d3fbcbca43dc2b43c9c6d7dfbac01667ae58643c42cea10013d0da970218a1b1
+  rack-cors (2.0.2) sha256=415d4e1599891760c5dc9ef0349c7fecdf94f7c6a03e75b2e7c2b54b82adda1b
+  rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
+  rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
+  rackup (2.2.1) sha256=f737191fd5c5b348b7f0a4412a3b86383f88c43e13b8217b63d4c8d90b9e798d
+  rails (8.0.1) sha256=c86f4cd7834a67c1e5d04a77d35c88a5f56a20e2022ec416fa52c1af2cdc9491
+  rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
+  rails-html-sanitizer (1.6.2) sha256=35fce2ca8242da8775c83b6ba9c1bcaad6751d9eb73c1abaa8403475ab89a560
+  railties (8.0.1) sha256=8f653c6b1b0721b553045bd0deda1f22074b9ddc2209526e6f7285fcf607ac51
+  rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
+  rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
+  rdoc (6.10.0) sha256=db665021883ac9df3ba29cdf71aece960749888db1bf9615b4a584cfa3fa3eda
+  react-rails (3.2.1) sha256=2235db0b240517596b1cb3e26177ab5bc64d3a56579b0415ee242b1691f81f64
+  redis (5.3.0) sha256=6bf810c5ae889187f0c45f77db503310980310afa57cf1640d57f419ccda72b1
+  redis-client (0.22.2) sha256=31fee4b7cf04109b227327fabeaaf1fc5b652cf48a186a03bc607e40767bacc0
+  regexp_parser (2.10.0) sha256=cb6f0ddde88772cd64bff1dbbf68df66d376043fe2e66a9ef77fcb1b0c548c61
+  reline (0.6.0) sha256=57620375dcbe56ec09bac7192bfb7460c716bbf0054dc94345ecaa5438e539d2
+  responders (3.1.1) sha256=92f2a87e09028347368639cfb468f5fefa745cb0dc2377ef060db1cdd79a341a
+  rexml (3.3.9) sha256=d71875b85299f341edf47d44df0212e7658cbdf35aeb69cefdb63f57af3137c9
+  rspec-core (3.13.2) sha256=94fbda6e4738e478f1c7532b7cc241272fcdc8b9eac03a97338b1122e4573300
+  rspec-expectations (3.13.3) sha256=0e6b5af59b900147698ea0ff80456c4f2e69cac4394fbd392fbd1ca561f66c58
+  rspec-mocks (3.13.2) sha256=2327335def0e1665325a9b617e3af9ae20272741d80ac550336309a7c59abdef
+  rspec-rails (7.1.0) sha256=94585b69c4086ca79afae5cc8d2c5e314f6ad32a88c927f9c065b99596e3ee47
+  rspec-support (3.13.1) sha256=48877d4f15b772b7538f3693c22225f2eda490ba65a0515c4e7cf6f2f17de70f
+  rswag (2.16.0) sha256=f07ce41548b9bb51464c38bc7b95af22fee84b90f2d1197a515a623906353086
+  rswag-api (2.16.0) sha256=b653f7bd92e98be18b01ab4525d88950d7b0960e293a99f856b9efcee3ae6074
+  rswag-specs (2.16.0) sha256=8ba26085c408b0bd2ed21dc8015c80f417c7d34c63720ab7133c2549b5bd2a91
+  rswag-ui (2.16.0) sha256=a1f49e927dceda92e6e6e7c1000f1e217ee66c565f69e28131dc98b33cd3a04f
+  rubocop (1.70.0) sha256=96751f8440b36a0ac6e9a8ab596900803118d83d6b83f2037bf8b3d7a5bc440e
+  rubocop-ast (1.37.0) sha256=9513ac88aaf113d04b52912533ffe46475de1362d4aa41141b51b2455827c080
+  rubocop-factory_bot (2.26.1) sha256=8de13cd4edcee5ca800f255188167ecef8dbfc3d1fae9f15734e9d2e755392aa
+  rubocop-rails (2.29.0) sha256=35bffd140c80671453aafac0e2d5ab5b3dd65736a3fc8f3936ccca226b89c234
+  rubocop-rspec (3.4.0) sha256=8721c13b6a8c9530a7ac481cea9423022f946fcf72428bda8289f8b57e4d4885
+  rubocop-rspec_rails (2.30.0) sha256=888112e83f9d7ef7ad2397e9d69a0b9614a4bae24f072c399804a180f80c4c46
+  ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33
+  rubytree (2.1.1) sha256=4925016356a81730e982f1f8c3b5f8da461f18906c77d238bad4c4ba896abd41
+  rubyzip (2.3.2) sha256=3f57e3935dc2255c414484fbf8d673b4909d8a6a57007ed754dde39342d2373f
+  securerandom (0.4.1) sha256=cc5193d414a4341b6e225f0cb4446aceca8e50d5e1888743fac16987638ea0b1
+  shoulda-matchers (6.4.0) sha256=9055bb7f4bb342125fb860809798855c630e05ef5e75837b3168b8e6ee1608b0
+  solid_queue (1.1.2) sha256=178c9396d1cf0dac595c7508da90ddb397d25848ca007b5c5ed48e6ac6fc360c
+  sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
+  sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
+  stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
+  stringio (3.1.2) sha256=204f1828f85cdb39d57cac4abc6dc44b04505a223f131587f2e20ae3729ba131
+  thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
+  tilt (2.4.0) sha256=df74f29a451daed26591a85e8e0cebb198892cb75b6573394303acda273fba4d
+  timeout (0.4.3) sha256=9509f079b2b55fe4236d79633bd75e34c1c1e7e3fb4b56cb5fda61f80a0fe30e
+  tomlrb (2.0.3) sha256=c2736acf24919f793334023a4ff396c0647d93fce702a73c9d348deaa815d4f7
+  turbo-rails (2.0.11) sha256=fc47674736372780abd2a4dc0d84bef242f5ca156a457cd7fa6308291e397fcf
+  tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
+  unicode-display_width (2.6.0) sha256=12279874bba6d5e4d2728cef814b19197dbb10d7a7837a869bab65da943b7f5a
+  uri (1.0.2) sha256=b303504ceb7e5905771fa7fa14b649652fa949df18b5880d69cfb12494791e27
+  useragent (0.16.11) sha256=700e6413ad4bb954bb63547fa098dddf7b0ebe75b40cc6f93b8d54255b173844
+  warden (1.2.9) sha256=46684f885d35a69dbb883deabf85a222c8e427a957804719e143005df7a1efd0
+  web-console (4.2.1) sha256=e7bcf37a10ea2b4ec4281649d1cee461b32232d0a447e82c786e6841fd22fe20
+  websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db
+  websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241
+  with_env (1.1.0) sha256=50b3e4f0a6cda8f90d8a6bd87a6261f6c381429abafb161c4c69ad4a0cd0b6e4
+  xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d
+  zeitwerk (2.7.1) sha256=0945986050e4907140895378e74df1fe882a2271ed087cc6c6d6b00d415a2756
+
 RUBY VERSION
-   ruby 3.3.5p100
+   ruby 3.4.1p0
 
 BUNDLED WITH
-   2.5.17
+   2.6.1

README.md

@@ -1,24 +1,96 @@
-# README
+# Libre Wedding Planner
 
-This README would normally document whatever steps are necessary to get the
-application up and running.
+Libre Wedding Planner is Free, Open Source Software that helps organize several aspects of a wedding.
 
-Things you may want to cover:
+The project is not production-ready yet.
 
-* Ruby version
+## Features
 
-* System dependencies
+The follwing features are either developed or under active development:
 
-* Configuration
+- Guests management
+- Expense management
+- Seating chart
 
-* Database creation
 
-* Database initialization
+## Next steps
 
-* How to run the test suite
+Some ideas we would like to implement next:
 
-* Services (job queues, cache servers, search engines, etc.)
+- Authentication (required to make an instance public)
+- Website with wedding information
+- Attendance confirmation forms
+- Multitenancy
 
-* Deployment instructions
+# Development setup
+
+Libre Wedding Planner is made of two main pieces:
+
+- The backend (this repo), built with Ruby (on Rails)
+- The frontend (repo [here](https://gitea.bustikiller.com/bustikiller/wedding-planner-frontend/)), built with NextJS and React. You will need both to have the service fully working.
+
+Both repositories are expected to live have a common parent directory:
+
+```
+projects <or anything else>
+  |-> wedding-planner 
+  |-> wedding-planner-frontend 
+```
+
+## Docker compose
+
+Docker compose is the recommended way to run Libre Wedding Planner for development purposes. After downloading both repositories, `cd` to the root of `wedding-planner` and run:
+
+```bash
+docker compose up --build
+```
+
+Several containers will be started:
+
+- backend: starts a Rails server that will act as an API.
+- workers: starts a runner of [solid queue](https://github.com/rails/solid_queue/) that takes .care of async tasks.
+- frontend: starts a NextJS application in charge of the frontend.
+- nginx: A reverse proxy that the backend and frontend under the same domain, and routes all requests to the upstream services.
+- db: A Postgres instance used by the backend service.
+
+The backend service will seed the database with fake data. It's worth noting that the Postgres container does not have a volume, so the application will be seeded every time the container is created.
+
+The backend, frontend and workers have hot-reloading enabled, so changes made to the codebase should be reflected in the application on the next request.
+
+Once all containers have started, visit http://libre-wedding-planner.app.localhost/default/dashboard to load the application.
+
+## Multitenancy
+
+LibreWeddingPlanner is designed to manage multiple weddings in a single host. All URLs (in the API and the frontend) are scoped under a slug that is unique per wedding. The slug is made of lowercase letters, numbers, and dashes (-).
+
+The development environment is seeded with a wedding whose slug is `default`.
+## Email delivery
+
+In the development environment, real emails will not be sent. You can visit http://libre-wedding-planner.app.localhost/letter_opener/ to get a list of emails generated by the application.
+
+## Testing
+
+Unit tests can be executed with
+
+```
+bundle exec rspec
+```
+
+## API documentation
+
+Generate the OpenAPI documentation with the command:
+
+```
+rake rswag:specs:swaggerize
+```
+
+The documentation is available in Swagger UI in http://libre-wedding-planner.app.localhost/api/api-docs/index.html. If testing the API through the UI, you will need to select the second server (which includes the `/api` path), intended for development.
+
+## Contributing
+
+Contributions of all kinds (code, UX/UI, testing, translations, etc.) are welcome. The procedures to contribute are still being defined, but don't hesitate to reach out in case you want to participate.
+
+# License
+
+This project is licensed under the GNU Affero General Public License (AGPL). Check [COPYING.md](./COPYING.md) for additional information.
 
-* ...

Rakefile

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require_relative "config/application"
+require_relative 'config/application'
 
 Rails.application.load_tasks

app/channels/application_cable/channel.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module ApplicationCable
   class Channel < ActionCable::Channel::Base
   end

app/channels/application_cable/connection.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module ApplicationCable
   class Connection < ActionCable::Connection::Base
   end

app/controllers/affinities_controller.rb

@@ -0,0 +1,74 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+class AffinitiesController < ApplicationController
+  before_action :set_group, except: :reset
+
+  def index
+    overridden = @group.affinities.each_with_object({}) do |affinity, acc|
+      acc[affinity.another_group(@group).id] = affinity.discomfort
+    end
+
+    for_each_group do |group_id|
+      overridden[group_id] || GroupAffinity::NEUTRAL
+    end
+  end
+
+  def bulk_update
+    affinities = params.expect(affinities: [%i[group_id affinity]]).map(&:to_h).map do |affinity|
+      {
+        group_a_id: @group.id,
+        group_b_id: affinity[:group_id],
+        discomfort: GroupAffinity::MAX_DISCOMFORT - affinity[:affinity]
+      }
+    end
+
+    GroupAffinity.upsert_all(affinities, unique_by: :uindex_group_pair)
+
+    render json: {}, status: :ok
+  rescue ActiveRecord::InvalidForeignKey
+    render json: { error: 'At least one of the group IDs provided does not exist.' }, status: :bad_request
+  rescue ActiveRecord::StatementInvalid
+    render json: { error: 'Invalid group ID or discomfort provided.' }, status: :bad_request
+  end
+
+  def default
+    hierarchy = AffinityGroupsHierarchy.new
+
+    for_each_group do |group_id|
+      hierarchy.default_discomfort(@group.id, group_id).to_f
+    end
+  end
+
+  def reset
+    hierarchy = AffinityGroupsHierarchy.new
+
+    affinities = Group.pluck(:id).combination(2).map do |(group_a_id, group_b_id)|
+      {
+        group_a_id:,
+        group_b_id:,
+        discomfort: hierarchy.default_discomfort(group_a_id, group_b_id).to_f
+      }
+    end
+
+    GroupAffinity.upsert_all(affinities, unique_by: :uindex_group_pair)
+
+    render json: {}, status: :ok
+  end
+
+  private
+
+  def for_each_group
+    Group.where.not(id: @group.id)
+         .pluck(:id)
+         .index_with { |group_id| GroupAffinity::MAX_DISCOMFORT - yield(group_id) }
+         .then { |affinities| render json: affinities }
+  end
+
+  def set_group
+    @group = Group.find(params[:group_id])
+  end
+end

app/controllers/application_controller.rb

@@ -1,15 +1,70 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class ApplicationController < ActionController::Base
+  set_current_tenant_through_filter
+  before_action :set_tenant
+  before_action :authenticate_user!
   after_action :set_csrf_cookie
 
+  skip_before_action :verify_authenticity_token, if: :development_swagger?
+
+  rescue_from ActiveRecord::RecordInvalid do |exception|
+    render json: {
+      message: 'Record invalid',
+      errors: exception.record.errors.full_messages
+    }, status: :unprocessable_entity
+  end
+
+  rescue_from ActionController::ParameterMissing do |exception|
+    render json: {
+      message: 'Parameter missing',
+      errors: [exception.message]
+    }, status: :bad_request
+  end
+
+  rescue_from ActiveRecord::RecordNotFound do |exception|
+    render json: {
+      message: 'Record not found',
+      errors: [exception.message]
+    }, status: :not_found
+  end
+
   private
 
+  def validate_captcha!
+    Rails.logger.info("Captcha params: #{captcha_params}")
+
+    return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])
+
+    render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity
+  end
+
+  def captcha_params
+    params.expect(captcha: %i[id answer])
+  end
+
+  def default_url_options(options = {})
+    options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })
+  end
+
+  def set_tenant
+    set_current_tenant(Wedding.find_by!(slug: params[:slug]))
+  end
+
+  def development_swagger?
+    Rails.env.test? ||
+      (Rails.env.development? && request.headers['referer']&.include?('/api-docs/index.html'))
+  end
+
   def set_csrf_cookie
-      cookies["csrf-token"] = {
+    cookies['csrf-token'] = {
       value: form_authenticity_token,
-        secure: Rails.env.production?,
-        same_site: :strict,
+      secure: false,
+      same_site: :strict
     }
   end
 end

app/controllers/captcha_controller.rb

@@ -0,0 +1,17 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+class CaptchaController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_before_action :set_tenant
+  def create
+    id = LibreCaptcha.new.id
+    render json: {
+      id:,
+      media_url: media_captcha_index_url(id:)
+    }, status: :created
+  end
+end

app/controllers/expenses_controller.rb

@@ -1,7 +1,36 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class ExpensesController < ApplicationController
   def summary
     render json: Expenses::TotalQuery.new.call
   end
+
+  def index
+    render json: Expense.order(pricing_type: :asc, amount: :desc).as_json(only: %i[id name amount pricing_type])
+  end
+
+  def create
+    Expense.create!(expense_params)
+    render json: {}, status: :created
+  end
+
+  def update
+    Expense.find(params[:id]).update!(expense_params)
+    render json: {}, status: :ok
+  end
+
+  def destroy
+    Expense.find(params[:id]).destroy!
+    render json: {}, status: :ok
+  end
+
+  private
+
+  def expense_params
+    params.expect(expense: %i[name amount pricing_type])
+  end
 end

app/controllers/groups_controller.rb

@@ -1,8 +1,48 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class GroupsController < ApplicationController
   def index
-    roots = Group.where(parent_id: nil)
-    render jsonapi: roots, include: [children: [children: [:children]]]
+    query_result = Groups::SummaryQuery.new.call.as_json.map(&:deep_symbolize_keys).map do |group|
+      {
+        id: group[:id],
+        name: group[:name],
+        icon: group[:icon],
+        color: group[:color],
+        parent_id: group[:parent_id],
+        attendance: group.slice(:total, :considered, :invited, :confirmed, :declined, :tentative)
+      }
+    end
+
+    render json: query_result
+  end
+
+  def create
+    group = Group.create!(**group_params, parent:)
+    render json: group.as_json(only: %i[id name icon color parent_id]), status: :created
+  end
+
+  def update
+    group = Group.find(params[:id])
+    group.update!(**group_params, parent:)
+    render json: group.as_json(only: %i[id name icon color parent_id]), status: :ok
+  end
+
+  def destroy
+    Group.find(params[:id]).destroy!
+    render json: {}, status: :ok
+  end
+
+  private
+
+  def parent
+    params[:group][:parent_id].present? ? Group.find(params[:group][:parent_id]) : nil
+  end
+
+  def group_params
+    params.expect(group: %i[name icon color])
   end
 end

app/controllers/guests_controller.rb

@@ -1,32 +1,37 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 require 'csv'
 
 class GuestsController < ApplicationController
   def index
-    @guests = Guest.all.includes(:group)
-                   .joins(:group)
-                   .order('groups.name' => :asc, first_name: :asc, last_name: :asc)
-
-    render jsonapi: @guests
+    render json: Guest.includes(:group)
+                      .left_joins(:group)
+                      .order('groups.name' => :asc, name: :asc)
+                      .as_json(only: %i[id name status], include: { group: { only: %i[id name] } })
   end
 
-  def import
-    csv = CSV.parse(params[:file].read, headers: true)
-    ActiveRecord::Base.transaction do
-      csv.each do |row|
-        guest = Guest.create!(first_name: row['name'])
-
-        guest.affinity_group_list.add(row['affinity_group'])
-        guest.save!
-      end
+  def create
+    Guest.create!(guest_params)
+    render json: {}, status: :created
   end
 
-    redirect_to guests_url
-  end
-
-  def bulk_update
-    Guests::UpdateUseCase.new(guest_ids: params[:guest_ids], params: params.require(:properties).permit(:status)).call
+  def update
+    Guest.find(params[:id]).update!(guest_params)
     render json: {}, status: :ok
   end
+
+  def destroy
+    Guest.find(params[:id]).destroy!
+    render json: {}, status: :ok
+  end
+
+  private
+
+  def guest_params
+    params.expect(guest: %i[name group_id status])
+  end
 end

app/controllers/summary_controller.rb

@@ -0,0 +1,46 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+class SummaryController < ApplicationController
+  def index
+    render json: {
+      expenses:,
+      guests:
+    }
+  end
+
+  private
+
+  def guests
+    guest_summary = Guest.group(:status).count
+
+    {
+      total: guest_summary.except('considered').values.sum,
+      confirmed: guest_summary['confirmed'].to_i,
+      declined: guest_summary['declined'].to_i,
+      tentative: guest_summary['tentative'].to_i,
+      invited: guest_summary['invited'].to_i
+    }
+  end
+
+  def expenses
+    expense_summary = Expenses::TotalQuery.new(wedding: ActsAsTenant.current_tenant).call
+
+    {
+      projected: {
+        total: expense_summary['total_projected'],
+        guests: expense_summary['projected_guests']
+      },
+      confirmed: {
+        total: expense_summary['total_confirmed'],
+        guests: expense_summary['confirmed_guests']
+      },
+      status: {
+        paid: 0
+      }
+    }
+  end
+end

app/controllers/tables_arrangements_controller.rb

@@ -1,16 +1,42 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class TablesArrangementsController < ApplicationController
   def index
-    render json: TablesArrangement.all.order(discomfort: :asc).limit(3).as_json(only: %i[id name discomfort])
+    render json: TablesArrangement.order(discomfort: :asc).limit(3).as_json(only: %i[id name discomfort])
   end
 
   def show
-    Seat.joins(:guest).where(tables_arrangement_id: params[:id])
-        .pluck(:table_number, Arel.sql("guests.first_name || ' ' || guests.last_name "), 'guests.id')
-        .group_by(&:first)
-        .transform_values { |table| table.map { |(_, name, id)| { id:, name: } } }
-        .map { |number, guests| { number:, guests: } }
-        .then { |result| render json: result }
+    Guest.joins(:seats, :group)
+         .where(seats: { tables_arrangement_id: params[:id] })
+         .select('guests.*', 'groups.color', 'seats.table_number')
+         .group_by(&:table_number)
+         .map { |number, guests| format(number:, guests:) }
+         .then { |result| render json: { id: params[:id], tables: result } }
+  end
+
+  private
+
+  def format(number:, guests:)
+    {
+      number: number,
+      discomfort: discomfort(guests: guests),
+      guests: guests.as_json(only: %i[id name color])
+    }
+  end
+
+  def discomfort(guests:)
+    table = Tables::Table.new(guests)
+
+    table.min_per_table = TableSimulatorJob::MIN_PER_TABLE
+    table.max_per_table = TableSimulatorJob::MAX_PER_TABLE
+    calculator = Tables::DiscomfortCalculator.new(table:)
+    {
+      discomfort: calculator.calculate,
+      breakdown: calculator.breakdown
+    }
   end
 end

app/controllers/tokens_controller.rb

@@ -0,0 +1,14 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+class TokensController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_before_action :set_tenant
+
+  def show
+    head :ok
+  end
+end

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,29 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+module Users
+  class ConfirmationsController < Devise::ConfirmationsController
+    clear_respond_to
+    respond_to :json
+
+    def show
+      super do |resource|
+        if resource.errors.empty?
+          respond_to do |format|
+            format.json { render json: resource, status: :ok }
+            format.any { redirect_to root_path }
+          end
+        else
+          render json: {
+            message: 'Record invalid',
+            errors: resource.errors.full_messages
+          }, status: :unprocessable_entity
+        end
+        return
+      end
+    end
+  end
+end

app/controllers/users/registrations_controller.rb

@@ -0,0 +1,34 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+module Users
+  class RegistrationsController < Devise::RegistrationsController
+    clear_respond_to
+    respond_to :json
+
+    before_action :validate_captcha!, only: :create
+
+    def create
+      wedding = Wedding.create(slug: params[:slug])
+      unless wedding.persisted?
+        render json: { errors: wedding.errors.full_messages }, status: :unprocessable_entity
+        return
+      end
+
+      ActsAsTenant.with_tenant(wedding) do
+        super do |user|
+          wedding.destroy unless user.persisted?
+        end
+      end
+    end
+
+    private
+
+    def set_tenant
+      set_current_tenant(nil)
+    end
+  end
+end

app/controllers/users/sessions_controller.rb

@@ -0,0 +1,12 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+module Users
+  class SessionsController < Devise::SessionsController
+    clear_respond_to
+    respond_to :json
+  end
+end

app/extensions/tree_node_extension.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module TreeNodeExtension
   def distance_to_common_ancestor(another_node)
     return 0 if self == another_node

app/helpers/application_helper.rb

@@ -1,4 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module ApplicationHelper
 end

app/helpers/expenses_helper.rb

@@ -1,4 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module ExpensesHelper
 end

app/helpers/groups_helper.rb

@@ -1,4 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module GroupsHelper
 end

app/helpers/guests_helper.rb

@@ -1,4 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module GuestsHelper
 end

app/helpers/tables_arrangements_helper.rb

@@ -1,4 +1,8 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module TablesArrangementsHelper
 end

app/jobs/application_job.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class ApplicationJob < ActiveJob::Base
   # Automatically retry jobs that encountered a deadlock
   # retry_on ActiveRecord::Deadlocked

app/jobs/table_simulator_job.rb

@@ -1,14 +1,23 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class TableSimulatorJob < ApplicationJob
   queue_as :default
 
-  def perform(*_args)
+  MIN_PER_TABLE = 8
+  MAX_PER_TABLE = 10
+
+  def perform(wedding_id)
+    ActsAsTenant.with_tenant(Wedding.find(wedding_id)) do
       engine = VNS::Engine.new
 
       engine.add_perturbation(Tables::Swap)
+      engine.add_perturbation(Tables::Shift)
 
-    initial_solution = Tables::Distribution.new(min_per_table: 8, max_per_table: 10)
+      initial_solution = Tables::Distribution.new(min_per_table: MIN_PER_TABLE, max_per_table: MAX_PER_TABLE)
       initial_solution.random_distribution(Guest.potential.shuffle)
 
       engine.initial_solution = initial_solution
@@ -19,4 +28,5 @@ class TableSimulatorJob < ApplicationJob
 
       best_solution.save!
     end
+  end
 end

app/mailers/application_mailer.rb

@@ -1,6 +1,10 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class ApplicationMailer < ActionMailer::Base
-  default from: "from@example.com"
-  layout "mailer"
+  default from: 'from@example.com'
+  layout 'mailer'
 end

app/models/application_record.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class ApplicationRecord < ActiveRecord::Base
   primary_abstract_class
 end

app/models/expense.rb

@@ -1,4 +1,36 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: expenses
+#
+#  id           :uuid             not null, primary key
+#  amount       :decimal(, )
+#  name         :string
+#  pricing_type :enum             default("fixed"), not null
+#  created_at   :datetime         not null
+#  updated_at   :datetime         not null
+#  wedding_id   :uuid             not null
+#
+# Indexes
+#
+#  index_expenses_on_wedding_id  (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (wedding_id => weddings.id)
+#
 class Expense < ApplicationRecord
+  acts_as_tenant :wedding
+  enum :pricing_type,
+       fixed: 'fixed',
+       per_person: 'per_person'
+
+  validates :name, presence: true
+  validates :amount, presence: true, numericality: { greater_than: 0 }
+  validates :pricing_type, presence: true
 end

app/models/group.rb

@@ -1,13 +1,79 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: groups
+#
+#  id         :uuid             not null, primary key
+#  color      :string
+#  icon       :string
+#  name       :string           not null
+#  order      :integer          default(1), not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  parent_id  :uuid
+#  wedding_id :uuid             not null
+#
+# Indexes
+#
+#  index_groups_on_name        (name) UNIQUE
+#  index_groups_on_parent_id   (parent_id)
+#  index_groups_on_wedding_id  (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (parent_id => groups.id)
+#  fk_rails_...  (wedding_id => weddings.id)
+#
 class Group < ApplicationRecord
+  acts_as_tenant :wedding
+
   validates :name, uniqueness: true
   validates :name, :order, presence: true
 
-  has_many :children, class_name: 'Group', foreign_key: 'parent_id'
+  has_many :children, class_name: 'Group', foreign_key: 'parent_id', dependent: :nullify, inverse_of: :parent
   belongs_to :parent, class_name: 'Group', optional: true
 
+  before_create :set_color
+
   scope :roots, -> { where(parent_id: nil) }
 
-  has_many :guests
+  has_many :guests, dependent: :nullify
+
+  def colorize_children(generation = 1)
+    children.zip(palette(generation)) do |child, raw_color|
+      final_color = raw_color.paint
+      final_color.brighten(60) if final_color.dark?
+
+      child.update!(color: final_color)
+
+      child.colorize_children(generation + 1)
+    end
+  end
+
+  def affinities
+    GroupAffinity.where(group_a_id: id).or(GroupAffinity.where(group_b_id: id))
+  end
+
+  private
+
+  def palette(generation)
+    if generation == 1
+      color.paint.palette.analogous(size: children.count)
+    else
+      color.paint.palette.decreasing_saturation
+    end
+  end
+
+  def set_color
+    return if color.present?
+
+    new_color = "##{SecureRandom.hex(3)}".paint
+    new_color = new_color.lighten(30) if new_color.dark?
+    self.color = new_color
+  end
 end

app/models/group_affinity.rb

@@ -0,0 +1,45 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: group_affinities
+#
+#  id         :bigint           not null, primary key
+#  discomfort :float            not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  group_a_id :uuid             not null
+#  group_b_id :uuid             not null
+#
+# Indexes
+#
+#  index_group_affinities_on_group_a_id  (group_a_id)
+#  index_group_affinities_on_group_b_id  (group_b_id)
+#  uindex_group_pair                     (LEAST(group_a_id, group_b_id), GREATEST(group_a_id, group_b_id)) UNIQUE
+#
+# Foreign Keys
+#
+#  fk_rails_...  (group_a_id => groups.id)
+#  fk_rails_...  (group_b_id => groups.id)
+#
+class GroupAffinity < ApplicationRecord
+  NEUTRAL = 1
+  MIN_DISCOMFORT = 0
+  MAX_DISCOMFORT = 2
+
+  belongs_to :group_a, class_name: 'Group'
+  belongs_to :group_b, class_name: 'Group'
+
+  validates :discomfort,
+            numericality: { greater_than_or_equal_to: MIN_DISCOMFORT, less_than_or_equal_to: MAX_DISCOMFORT }
+
+  def another_group(group)
+    return nil if group != group_a && group != group_b
+
+    group == group_a ? group_b : group_a
+  end
+end

app/models/guest.rb

@@ -1,19 +1,58 @@
 # Copyright (C) 2024 Manuel Bustillo
 
-class Guest < ApplicationRecord
-  belongs_to :group
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
 
-  enum status: {
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: guests
+#
+#  id         :uuid             not null, primary key
+#  name       :string
+#  phone      :string
+#  status     :integer          default("considered")
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  group_id   :uuid
+#  wedding_id :uuid             not null
+#
+# Indexes
+#
+#  index_guests_on_group_id    (group_id)
+#  index_guests_on_wedding_id  (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (group_id => groups.id)
+#  fk_rails_...  (wedding_id => weddings.id)
+#
+class Guest < ApplicationRecord
+  acts_as_tenant :wedding
+  belongs_to :group, optional: true
+
+  enum :status, {
     considered: 0,
     invited: 10,
     confirmed: 20,
     declined: 30,
     tentative: 40
-  }
+  }, validate: true
+
+  validates :name, presence: true
 
   scope :potential, -> { where.not(status: %i[declined considered]) }
 
-  def full_name
-    "#{first_name} #{last_name}"
+  after_destroy :recalculate_simulations
+  after_save :recalculate_simulations, if: :saved_change_to_status?
+
+  has_many :seats, dependent: :delete_all
+
+  private
+
+  def recalculate_simulations
+    TablesArrangement.delete_all
+
+    ActiveJob.perform_all_later(50.times.map { TableSimulatorJob.new(wedding_id) })
   end
 end

app/models/seat.rb

@@ -1,6 +1,35 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: seats
+#
+#  id                    :uuid             not null, primary key
+#  table_number          :integer
+#  created_at            :datetime         not null
+#  updated_at            :datetime         not null
+#  guest_id              :uuid             not null
+#  tables_arrangement_id :uuid             not null
+#  wedding_id            :uuid             not null
+#
+# Indexes
+#
+#  index_seats_on_guest_id               (guest_id)
+#  index_seats_on_tables_arrangement_id  (tables_arrangement_id)
+#  index_seats_on_wedding_id             (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (guest_id => guests.id)
+#  fk_rails_...  (tables_arrangement_id => tables_arrangements.id) ON DELETE => cascade
+#  fk_rails_...  (wedding_id => weddings.id)
+#
 class Seat < ApplicationRecord
+  acts_as_tenant :wedding
   belongs_to :guest
   belongs_to :table_arrangement
 end

app/models/tables_arrangement.rb

@@ -1,7 +1,31 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: tables_arrangements
+#
+#  id         :uuid             not null, primary key
+#  discomfort :integer
+#  name       :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  wedding_id :uuid             not null
+#
+# Indexes
+#
+#  index_tables_arrangements_on_wedding_id  (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (wedding_id => weddings.id)
+#
 class TablesArrangement < ApplicationRecord
-  has_many :seats
+  acts_as_tenant :wedding
+  has_many :seats, dependent: :delete_all
   has_many :guests, through: :seats
 
   before_create :assign_name

app/models/user.rb

@@ -0,0 +1,44 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: users
+#
+#  id                     :uuid             not null, primary key
+#  confirmation_sent_at   :datetime
+#  confirmation_token     :string
+#  confirmed_at           :datetime
+#  email                  :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  failed_attempts        :integer          default(0), not null
+#  locked_at              :datetime
+#  reset_password_sent_at :datetime
+#  reset_password_token   :string
+#  unconfirmed_email      :string
+#  unlock_token           :string
+#  created_at             :datetime         not null
+#  updated_at             :datetime         not null
+#  wedding_id             :uuid             not null
+#
+# Indexes
+#
+#  index_users_on_confirmation_token    (confirmation_token) UNIQUE
+#  index_users_on_email                 (email) UNIQUE
+#  index_users_on_reset_password_token  (reset_password_token) UNIQUE
+#  index_users_on_unlock_token          (unlock_token) UNIQUE
+#  index_users_on_wedding_id            (wedding_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (wedding_id => weddings.id)
+#
+class User < ApplicationRecord
+  acts_as_tenant :wedding
+
+  devise :database_authenticatable, :registerable,
+         :recoverable, :validatable, :confirmable, :lockable
+end

app/models/wedding.rb

@@ -0,0 +1,24 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: weddings
+#
+#  id         :uuid             not null, primary key
+#  slug       :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+# Indexes
+#
+#  index_weddings_on_slug  (slug) UNIQUE
+#
+class Wedding < ApplicationRecord
+  SLUG_REGEX = /[a-z\d-]+/
+
+  validates :slug, presence: true, uniqueness: true, format: { with: /\A#{SLUG_REGEX}\z/ }
+end

app/queries/expenses/total_query.rb

@@ -1,47 +1,51 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module Expenses
   class TotalQuery
+    private attr_reader :wedding
+    def initialize(wedding:)
+      @wedding = wedding
+    end
+
     def call
-      ActiveRecord::Base.connection.execute(query).first
+      ActiveRecord::Base.connection.execute(
+        ActiveRecord::Base.sanitize_sql_array([query, { wedding_id: wedding.id }])
+      ).first
     end
 
     private
 
     def query
-      <<~SQL
+      <<~SQL.squish
         WITH guest_count AS (#{guest_count_per_status}),
              expense_summary AS (#{expense_summary})
-        SELECT expense_summary.fixed,
-               expense_summary.fixed_count,
-               expense_summary.variable,
-               expense_summary.variable_count,
-               expense_summary.total_count,
-               guest_count.confirmed as confirmed_guests,
+        SELECT guest_count.confirmed as confirmed_guests,
                guest_count.projected as projected_guests,
-               expense_summary.fixed + expense_summary.variable * guest_count.confirmed as total,
-               expense_summary.fixed + expense_summary.variable * guest_count.projected as max_projected,
-               (expense_summary.fixed + expense_summary.variable * guest_count.confirmed) / guest_count.confirmed as per_person
+               expense_summary.fixed + expense_summary.variable * guest_count.confirmed as total_confirmed,
+               expense_summary.fixed + expense_summary.variable * guest_count.projected as total_projected
         FROM guest_count, expense_summary;
       SQL
     end
 
     def expense_summary
-      <<~SQL
+      <<~SQL.squish
         SELECT coalesce(sum(amount) filter (where pricing_type = 'fixed'), 0) as fixed,
-               coalesce(count(amount) filter (where pricing_type = 'fixed'), 0) as fixed_count,
-               coalesce(sum(amount) filter (where pricing_type = 'per_person'), 0) as variable,
-               coalesce(count(amount) filter (where pricing_type = 'per_person'), 0) as variable_count,
-               count(*) as total_count
+               coalesce(sum(amount) filter (where pricing_type = 'per_person'), 0) as variable
         FROM expenses
+        WHERE wedding_id = :wedding_id
       SQL
     end
 
     def guest_count_per_status
-      <<~SQL
-        SELECT COALESCE(count(*) filter(where status = #{Guest.statuses["confirmed"]}), 0) as confirmed,
-               COALESCE(count(*) filter(where status IN (#{Guest.statuses.values_at("confirmed", "invited", "tentative").join(",")})), 0) as projected
+      <<~SQL.squish
+        SELECT COALESCE(count(*) filter(where status = #{Guest.statuses['confirmed']}), 0) as confirmed,
+               COALESCE(count(*) filter(where status IN (#{Guest.statuses.values_at('confirmed', 'invited', 'tentative').join(',')})), 0) as projected
         FROM guests
+        WHERE wedding_id = :wedding_id
       SQL
     end
   end

app/queries/groups/summary_query.rb

@@ -0,0 +1,33 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+module Groups
+  class SummaryQuery
+    def call
+      Group.left_joins(:guests).group(:id).pluck_to_hash(
+        :id,
+        :name,
+        :icon,
+        :parent_id,
+        :color,
+        *count_expressions
+      )
+    end
+
+    private
+
+    def count_expressions
+      [
+        Arel.sql('count(*) filter (where status IS NOT NULL) as total'),
+        Arel.sql('count(*) filter (where status = 0) as considered'),
+        Arel.sql('count(*) filter (where status = 10) as invited'),
+        Arel.sql('count(*) filter (where status = 20) as confirmed'),
+        Arel.sql('count(*) filter (where status = 30) as declined'),
+        Arel.sql('count(*) filter (where status = 40) as tentative')
+      ]
+    end
+  end
+end

app/serializers/serializable_group.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class SerializableGroup < JSONAPI::Serializable::Resource
   type 'group'
 

app/serializers/serializable_guest.rb

@@ -1,12 +1,16 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class SerializableGuest < JSONAPI::Serializable::Resource
   type 'guest'
 
   attributes :id, :group_id, :status
 
   attribute :name do
-    "#{@object.first_name} #{@object.last_name}"
+    @object.name
   end
 
   attribute :group_name do

app/services/affinity_groups_hierarchy.rb

@@ -1,7 +1,11 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 class AffinityGroupsHierarchy < Array
-  include Singleton
+  DEFAULT_DISCOMFORT = 1
 
   def initialize
     super
@@ -12,6 +16,9 @@ class AffinityGroupsHierarchy < Array
 
       hydrate(group)
     end
+
+    load_discomforts
+    freeze
   end
 
   def find(id)
@@ -33,8 +40,35 @@ class AffinityGroupsHierarchy < Array
     @references[id_a].distance_to_common_ancestor(@references[id_b])
   end
 
+  def discomfort(id_a, id_b)
+    return 0 if id_a == id_b
+
+    @discomforts[uuid_to_int(id_a) + uuid_to_int(id_b)] || DEFAULT_DISCOMFORT
+  end
+
+  def default_discomfort(id_a, id_b)
+    return 0 if id_a == id_b
+
+    dist = distance(id_a, id_b)
+
+    return DEFAULT_DISCOMFORT if dist.nil?
+
+    Rational(dist, dist + 1)
+  end
+
   private
 
+  def load_discomforts
+    @load_discomforts ||= GroupAffinity.pluck(:group_a_id, :group_b_id,
+                                              :discomfort).each_with_object({}) do |(id_a, id_b, discomfort), acc|
+      acc[uuid_to_int(id_a) + uuid_to_int(id_b)] = discomfort
+    end
+  end
+
+  def uuid_to_int(uuid)
+    uuid.gsub('-', '').hex
+  end
+
   def hydrate(group)
     group.children.each do |child|
       register_child(group.id, child.id)

app/services/libre_captcha.rb

@@ -0,0 +1,22 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+class LibreCaptcha
+  def id
+    HTTParty.post('http://libre-captcha:8888/v2/captcha',
+                  body: {
+                    input_type: 'text',
+                    level: :hard,
+                    media: 'image/png',
+                    size: '350x100'
+                  }.to_json).then { |raw| JSON.parse(raw)['id'] }
+  end
+
+  def valid?(id:, answer:)
+    HTTParty.post('http://libre-captcha:8888/v2/answer',
+                  body: { id:, answer: }.to_json).then { |raw| JSON.parse(raw)['result'] == 'True' }
+  end
+end

app/services/tables/discomfort_calculator.rb

@@ -1,26 +1,56 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module Tables
   class DiscomfortCalculator
-    private attr_reader :table
-    def initialize(table)
+    private attr_reader :table, :hierarchy
+    def initialize(table:, hierarchy: AffinityGroupsHierarchy.new)
       @table = table
+      @hierarchy = hierarchy
     end
 
     def calculate
-      cohesion_penalty
+      breakdown.values.sum
+    end
+
+    def breakdown
+      @breakdown ||= { table_size_penalty:, cohesion_penalty: }
     end
 
     private
 
+    #
+    # Calculates the penalty associated with violating the table size constraints. The penalty is
+    # zero when the limits are honored, and it increases linearly as the number of guests deviates
+    # from the limits. Overcapacity is penalized more severely than undercapacity.
+    #
+    # @return [Number] The penalty associated with violating the table size constraints.
+    #
+    def table_size_penalty
+      case table.size
+      when 0...table.min_per_table then 5 * (table.min_per_table - table.size)
+      when table.min_per_table..table.max_per_table then 0
+      else 5 * (table.size - table.max_per_table)
+      end
+    end
+
     def cohesion_penalty
+      10 * (cohesion_discomfort * 1.0 / table.size)
+    end
+
+    #
+    # Calculates the discomfort of the table based on the cohesion of the guests. The total discomfort
+    # is calculated as the sum of the discomfort of each pair of guests. The discomfort of a pair of
+    # guests is a rational number between 1 (unrelated groups) and 0 (same group).
+    #
+    # @return [Number] Total discomfort of the table.
+    #
+    def cohesion_discomfort
       table.map(&:group_id).tally.to_a.combination(2).sum do |(a, count_a), (b, count_b)|
-        distance = AffinityGroupsHierarchy.instance.distance(a, b)
-
-        next count_a * count_b if distance.nil?
-        next 0 if distance.zero?
-
-        count_a * count_b * Rational(distance, distance + 1)
+        count_a * count_b * hierarchy.discomfort(a, b)
       end
     end
   end

app/services/tables/distribution.rb

@@ -1,21 +1,29 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 require_relative '../../extensions/tree_node_extension'
 
 module Tables
   class Distribution
-    attr_accessor :tables
+    attr_accessor :tables, :min_per_table, :max_per_table
 
     def initialize(min_per_table:, max_per_table:)
       @min_per_table = min_per_table
       @max_per_table = max_per_table
+      @hierarchy = AffinityGroupsHierarchy.new
       @tables = []
     end
 
     def random_distribution(people)
-      @tables = []
-
-      @tables << Table.new(people.slice!(0..rand(@min_per_table..@max_per_table))) while people.any?
+      min_tables = (people.count * 1.0 / @max_per_table).ceil
+      max_tables = (people.count * 1.0 / @min_per_table).ceil
+      @tables = people.in_groups(rand(min_tables..max_tables), false)
+                      .map { |group| Table.new(group) }
+                      .each { |table| table.min_per_table = @min_per_table }
+                      .each { |table| table.max_per_table = @max_per_table }
     end
 
     def discomfort
@@ -28,12 +36,6 @@ module Tables
       "#{@tables.count} tables, discomfort: #{discomfort}"
     end
 
-    def pretty_print
-      @tables.map.with_index do |table, i|
-        "Table #{i + 1} (#{table.count} ppl): (#{local_discomfort(table)}) #{table.map(&:full_name).join(', ')}"
-      end.join("\n")
-    end
-
     def deep_dup
       self.class.new(min_per_table: @min_per_table, max_per_table: @max_per_table).tap do |new_distribution|
         new_distribution.tables = @tables.map(&:dup)
@@ -61,7 +63,7 @@ module Tables
     private
 
     def local_discomfort(table)
-      table.discomfort ||= DiscomfortCalculator.new(table).calculate
+      table.discomfort ||= DiscomfortCalculator.new(table:, hierarchy:).calculate
     end
   end
 end

app/services/tables/shift.rb

@@ -0,0 +1,34 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+module Tables
+  class Shift
+    private attr_reader :initial_solution
+    def initialize(initial_solution)
+      @initial_solution = initial_solution
+    end
+
+    def each
+      @initial_solution.tables.permutation(2) do |table_a, table_b|
+        table_a.dup.each do |person|
+          original_discomfort_a = table_a.reset
+          original_discomfort_b = table_b.reset
+
+          table_a.delete(person)
+          table_b << person
+
+          yield(@initial_solution)
+        ensure
+          table_b.delete(person)
+          table_a << person
+
+          table_a.discomfort = original_discomfort_a
+          table_b.discomfort = original_discomfort_b
+        end
+      end
+    end
+  end
+end

app/services/tables/swap.rb

@@ -1,5 +1,9 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module Tables
   class Swap
     private attr_reader :initial_solution
@@ -9,7 +13,7 @@ module Tables
 
     def each
       @initial_solution.tables.combination(2) do |table_a, table_b|
-        table_a.product(table_b).each do |(person_a, person_b)|
+        table_a.to_a.product(table_b.to_a).each do |(person_a, person_b)|
           original_discomfort_a = table_a.reset
           original_discomfort_b = table_b.reset
 

app/services/tables/table.rb

@@ -1,8 +1,13 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module Tables
-  class Table < Array
-    attr_accessor :discomfort
+  class Table < Set
+    attr_accessor :discomfort, :min_per_table, :max_per_table
+
     def initialize(*args)
       super
       reset

app/services/vns/engine.rb

@@ -1,7 +1,18 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
 module VNS
   class Engine
+    class << self
+      def sequence(elements)
+        elements = elements.to_a
+        (elements + elements.reverse).chunk(&:itself).map(&:first)
+      end
+    end
+
     def target_function(&function)
       @target_function = function
     end
@@ -21,11 +32,8 @@ module VNS
       @best_solution = @initial_solution
       @best_score = @target_function.call(@best_solution)
 
-      puts "Initial score: #{@best_score.to_f}"
-
-      @perturbations.each do |perturbation|
-        puts "Running perturbation: #{perturbation.name}"
-        optimize(perturbation.new(@best_solution))
+      self.class.sequence(@perturbations).each do |perturbation|
+        optimize(perturbation)
       end
 
       @best_solution
@@ -33,17 +41,22 @@ module VNS
 
     private
 
-    def optimize(perturbation)
-      perturbation.each do |alternative_solution|
+    def optimize(perturbation_klass)
+      loop do
+        optimized = false
+
+        perturbation_klass.new(@best_solution).each do |alternative_solution|
           score = @target_function.call(alternative_solution)
           next if score >= @best_score
 
           @best_solution = alternative_solution.deep_dup
           @best_score = score
+          optimized = true
 
-        puts "New lowest score: #{@best_score.to_f}"
+          break
+        end
 
-        return optimize(perturbation.class.new(@best_solution))
+        return unless optimized
       end
     end
   end

app/use_cases/guests/update_use_case.rb

@@ -1,14 +0,0 @@
-# Copyright (C) 2024 Manuel Bustillo
-
-module Guests
-  class UpdateUseCase
-    def initialize(guest_ids:, params:)
-      Guest.where(id: guest_ids).update!(params)
-
-      # TODO: Not all status transitions may require a table re-arrangement
-      TablesArrangement.delete_all
-
-      ActiveJob.perform_all_later(50.times.map { TableSimulatorJob.new })
-    end
-  end
-end

app/views/layouts/mailer.html.erb

@@ -1,5 +1,7 @@
 <%# Copyright (C) 2024 Manuel Bustillo %>
 
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
 <!DOCTYPE html>
 <html>
   <head>

app/views/layouts/mailer.text.erb

@@ -1,3 +1,5 @@
 <%# Copyright (C) 2024 Manuel Bustillo %>
 
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
 <%= yield %>

app/views/users/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,9 @@
+<%# Copyright (C) 2024 Manuel Bustillo %>
+
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
+<p>Welcome <%= @email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(slug: ActsAsTenant.current_tenant&.slug, confirmation_token: @token) %></p>

app/views/users/mailer/email_changed.html.erb

@@ -0,0 +1,11 @@
+<%# Copyright (C) 2024 Manuel Bustillo %>
+
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
+<p>Hello <%= @email %>!</p>
+
+<% if @resource.try(:unconfirmed_email?) %>
+  <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>
+<% else %>
+  <p>We're contacting you to notify you that your email has been changed to <%= @resource.email %>.</p>
+<% end %>

app/views/users/mailer/password_change.html.erb

@@ -0,0 +1,7 @@
+<%# Copyright (C) 2024 Manuel Bustillo %>
+
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
+<p>Hello <%= @resource.email %>!</p>
+
+<p>We're contacting you to notify you that your password has been changed.</p>

app/views/users/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,12 @@
+<%# Copyright (C) 2024 Manuel Bustillo %>
+
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(slug: ActsAsTenant.current_tenant&.slug, reset_password_token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

app/views/users/mailer/unlock_instructions.html.erb

@@ -0,0 +1,11 @@
+<%# Copyright (C) 2024 Manuel Bustillo %>
+
+<%# Copyright (C) 2024-2025 LibreWeddingPlanner contributors %>
+
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(slug: ActsAsTenant.current_tenant&.slug, unlock_token: @token) %></p>

config.ru

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # This file is used by Rack-based servers to start the application.
 
-require_relative "config/environment"
+require_relative 'config/environment'
 
 run Rails.application
 Rails.application.load_server

config/application.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 require_relative 'boot'
 
 require 'rails'

config/boot.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
 require "bundler/setup" # Set up gems listed in the Gemfile.

config/database.yml

@@ -83,6 +83,7 @@ test:
 #
 production:
   <<: *default
+  host: db
   database: wedding_planner_production
   username: wedding_planner
   password: <%= ENV["WEDDING_PLANNER_DATABASE_PASSWORD"] %>

config/environment.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Load the Rails application.
 require_relative "application"
 

config/environments/development.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 require "active_support/core_ext/integer/time"
 
 Rails.application.configure do
@@ -40,8 +42,10 @@ Rails.application.configure do
 
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
-
   config.action_mailer.perform_caching = false
+  config.action_mailer.default_url_options = { host: 'libre-wedding-planner.app.localhost/api' }
+  config.action_mailer.delivery_method = :letter_opener_web
+  config.action_mailer.perform_deliveries = true
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log

config/environments/production.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 require "active_support/core_ext/integer/time"
 
 Rails.application.configure do
@@ -92,6 +94,9 @@ Rails.application.configure do
   #   "example.com",     # Allow requests from example.com
   #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
   # ]
+
+  config.hosts << "app.libreweddingplanner.org"
+
   # Skip DNS rebinding protection for the default health check endpoint.
-  # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
+  config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end

config/environments/test.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 require "active_support/core_ext/integer/time"
 
 # The test environment is used exclusively to run your application's

config/importmap.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Pin npm packages by running ./bin/importmap
 
 pin "application"

config/initializers/acts_as_tenant.rb

@@ -0,0 +1,7 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+ActsAsTenant.configure do |config|
+  config.require_tenant = !Rails.env.test?
+end

config/initializers/assets.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.

config/initializers/colors.rb

@@ -0,0 +1,10 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+Chroma.define_palette :decreasing_saturation do
+  spin(20).desaturate(40)
+  spin(-20).desaturate(40)
+  spin(40).desaturate(40)
+  spin(-40).desaturate(40)
+end

config/initializers/content_security_policy.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Be sure to restart your server when you modify this file.
 
 # Define an application-wide content security policy.

config/initializers/cors.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # config/initializers/cors.rb
 
 Rails.application.config.middleware.insert_before 0, Rack::Cors do

config/initializers/devise.rb

@@ -0,0 +1,317 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+# frozen_string_literal: true
+
+# Assuming you have not yet modified this file, each configuration option below
+# is set to its default value. Note that some are commented out while others
+# are not: uncommented lines are intended to protect your configuration from
+# breaking changes in upgrades (i.e., in the event that future versions of
+# Devise change the default values for those options).
+#
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  # Devise will use the `secret_key_base` as its `secret_key`
+  # by default. You can change it below and use your own secret key.
+  # config.secret_key = '11353ae8c2bf66dd638d9edff9ec82856aecf74bba6c598273559a8750c902d3439da1b301e40c47578577a971f1058dbf37211c107fba5107c29baa654e9888'
+
+  # ==> Controller configuration
+  # Configure the parent class to the devise controllers.
+  # config.parent_controller = 'DeviseController'
+
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in Devise::Mailer,
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = 'noreply@libreweddingplanner.org'
+
+  # Configure the class responsible to send e-mails.
+  # config.mailer = 'Devise::Mailer'
+
+  # Configure the parent class responsible to send e-mails.
+  # config.parent_mailer = 'ActionMailer::Base'
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating a user. The default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating a user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # You can also supply a hash where the value is a boolean determining whether
+  # or not authentication should be aborted when the value is not present.
+  # config.authentication_keys = [:email]
+
+  # Configure parameters from the request object used for authentication. Each entry
+  # given should be a request method and it will automatically be passed to the
+  # find_for_authentication method and considered in your model lookup. For instance,
+  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
+  # The same considerations mentioned for authentication_keys also apply to request_keys.
+  # config.request_keys = []
+
+  # Configure which authentication keys should be case-insensitive.
+  # These keys will be downcased upon creating or modifying a user and when used
+  # to authenticate or find a user. Default is :email.
+  config.case_insensitive_keys = [:email]
+
+  # Configure which authentication keys should have whitespace stripped.
+  # These keys will have whitespace before and after removed upon creating or
+  # modifying a user and when used to authenticate or find a user. Default is :email.
+  config.strip_whitespace_keys = [:email]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:database]` will
+  # enable it only for database authentication.
+  # For API-only applications to support authentication "out-of-the-box", you will likely want to
+  # enable this with :database unless you are using a custom strategy.
+  # The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
+  # config.http_authenticatable = false
+
+  # If 401 status code should be returned for AJAX requests. True by default.
+  # config.http_authenticatable_on_xhr = true
+
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
+
+  # It will change confirmation, password recovery and other workflows
+  # to behave the same regardless if the e-mail provided was right or wrong.
+  # Does not affect registerable.
+  config.paranoid = true
+
+  # By default Devise will store the user in session. You can skip storage for
+  # particular strategies by setting this option.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
+  config.skip_session_storage = [:http_auth]
+
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
+
+  # When false, Devise will not attempt to reload routes on eager load.
+  # This can reduce the time taken to boot the app but if your application
+  # requires the Devise mappings to be loaded during boot time the application
+  # won't boot properly.
+  # config.reload_routes = true
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 12. If
+  # using other algorithms, it sets how many times you want the password to be hashed.
+  # The number of stretches used for generating the hashed password are stored
+  # with the hashed password. This allows you to change the stretches without
+  # invalidating existing passwords.
+  #
+  # Limiting the stretches to just one in testing will increase the performance of
+  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # algorithm), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
+  config.stretches = Rails.env.test? ? 1 : 12
+
+  # Set up a pepper to generate the hashed password.
+  # config.pepper = '6f86425fd587f80f4a338a785a6abbbccf8de7322f70fcccf356118d982942c9421819445f9d236a296fa3c431ef5e509be20e6db03f90ec2b42aa78f3a7e526'
+
+  # Send a notification to the original email when the user's email is changed.
+  config.send_email_changed_notification = false
+
+  # Send a notification email when the user's password is changed.
+  config.send_password_change_notification = false
+
+  # ==> Configuration for :confirmable
+  # A period that the user is allowed to access the website even without
+  # confirming their account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming their account,
+  # access will be blocked just in the third day.
+  # You can also set it to nil, which will allow the user to access the website
+  # without confirming their account.
+  # Default is 0.days, meaning the user cannot access the website without
+  # confirming their account.
+  # config.allow_unconfirmed_access_for = 2.days
+
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  config.confirm_within = 3.days
+
+  # If true, requires any email changes to be confirmed (exactly the same way as
+  # initial account confirmation) to be applied. Requires additional unconfirmed_email
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
+  config.reconfirmable = true
+
+  # Defines which key will be used when confirming an account
+  # config.confirmation_keys = [:email]
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # Options to be passed to the created cookie. For instance, you can set
+  # secure: true in order to force SSL only cookies.
+  # config.rememberable_options = {}
+
+  # ==> Configuration for :validatable
+  # Range for password length.
+  config.password_length = 15..128
+
+  # Email regex used to validate email formats. It simply asserts that
+  # one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again. Default is 30 minutes.
+  # config.timeout_in = 30.minutes
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  config.lock_strategy = :failed_attempts
+
+  # Defines which key will be used when locking and unlocking an account
+  # config.unlock_keys = [:email]
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  config.maximum_attempts = 10
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  config.unlock_in = 1.hour
+
+  # Warn on the last attempt before the account is locked.
+  # config.last_attempt_warning = true
+
+  # ==> Configuration for :recoverable
+  #
+  # Defines which key will be used when recovering the password for an account
+  # config.reset_password_keys = [:email]
+
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 6.hours
+
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  config.sign_in_after_reset_password = true
+
+  # ==> Configuration for :encryptable
+  # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
+  # You can use :sha1, :sha512 or algorithms from others authentication tools as
+  # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
+  # for default behavior) and :restful_authentication_sha1 (then you should set
+  # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
+  # config.encryptor = :sha512
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  config.scoped_views = true
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes (usually :user).
+  # config.default_scope = :user
+
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
+  # config.sign_out_all_scopes = true
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  #
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists.
+  #
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ['*/*', :html, :turbo_stream]
+
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
+  # ==> OmniAuth
+  # Add a new OmniAuth provider. Check the wiki for more information on setting
+  # up on your models and hooks.
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not supported by Devise, or
+  # change the failure app, you can configure them inside the config.warden block.
+  #
+  # config.warden do |manager|
+  #   manager.intercept_401 = false
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
+  # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: '/my_engine'
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+  # ==> Hotwire/Turbo configuration
+  # When using Devise with Hotwire/Turbo, the http status for error responses
+  # and some redirects must match the following. The default in Devise for existing
+  # apps is `200 OK` and `302 Found` respectively, but new apps are generated with
+  # these new defaults that match Hotwire/Turbo behavior.
+  # Note: These might become the new default in future versions of Devise.
+  config.responder.error_status = :unprocessable_entity
+  config.responder.redirect_status = :see_other
+
+  # ==> Configuration for :registerable
+
+  # When set to false, does not sign a user in automatically after their password is
+  # changed. Defaults to true, so a user is signed in automatically after changing a password.
+  # config.sign_in_after_change_password = true
+end

config/initializers/filter_parameter_logging.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Be sure to restart your server when you modify this file.
 
 # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.

config/initializers/inflections.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

config/initializers/permissions_policy.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # Be sure to restart your server when you modify this file.
 
 # Define an application-wide HTTP permissions policy. For further

config/initializers/rswag_api.rb

@@ -0,0 +1,18 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+Rswag::Api.configure do |c|
+
+  # Specify a root folder where Swagger JSON files are located
+  # This is used by the Swagger middleware to serve requests for API descriptions
+  # NOTE: If you're using rswag-specs to generate Swagger, you'll need to ensure
+  # that it's configured to generate files in the same folder
+  c.openapi_root = Rails.root.to_s + '/swagger'
+
+  # Inject a lambda function to alter the returned Swagger prior to serialization
+  # The function will have access to the rack env for the current request
+  # For example, you could leverage this to dynamically assign the "host" property
+  #
+  #c.swagger_filter = lambda { |swagger, env| swagger['host'] = env['HTTP_HOST'] }
+end

config/initializers/rswag_ui.rb

@@ -0,0 +1,20 @@
+# Copyright (C) 2024 Manuel Bustillo
+
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
+Rswag::Ui.configure do |c|
+
+  # List the Swagger endpoints that you want to be documented through the
+  # swagger-ui. The first parameter is the path (absolute or relative to the UI
+  # host) to the corresponding endpoint and the second is a title that will be
+  # displayed in the document selector.
+  # NOTE: If you're using rspec-api to expose Swagger files
+  # (under openapi_root) as JSON or YAML endpoints, then the list below should
+  # correspond to the relative paths for those endpoints.
+
+  c.swagger_endpoint '/api/api-docs/v1/swagger.yaml', 'API V1 Docs'
+
+  # Add Basic Auth in case your API is private
+  # c.basic_auth_enabled = true
+  # c.basic_auth_credentials 'username', 'password'
+end

config/initializers/ruby_extensions.rb

@@ -1,12 +1,14 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 class Numeric
   def to_currency
     Money.from_amount(self, "EUR").format
   end
 end
 
-class Array
+class Set
   def to_table
     Tables::Table.new(self)
   end

config/locales/devise.en.yml

@@ -0,0 +1,65 @@
+# Additional translations at https://github.com/heartcombo/devise/wiki/I18n
+
+en:
+  devise:
+    confirmations:
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account is not activated yet."
+      invalid: "Invalid %{authentication_keys} or password."
+      locked: "Your account is locked."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid %{authentication_keys} or password."
+      timeout: "Your session expired. Please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock instructions"
+      email_changed:
+        subject: "Email Changed"
+      password_change:
+        subject: "Password Changed"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
+    registrations:
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
+      updated: "Your account has been updated successfully."
+      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again."
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
+  errors:
+    messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"

config/puma.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # This configuration file will be evaluated by Puma. The top-level methods that
 # are invoked here are part of Puma's configuration DSL. For more information
 # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.

config/routes.rb

@@ -1,15 +1,47 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 Rails.application.routes.draw do
-  resources :groups, only: :index
-  resources :guests do
-    post :import, on: :collection
+  mount LetterOpenerWeb::Engine, at: "/letter_opener" if Rails.env.development?
+  get 'token' => 'tokens#show', as: :token
+  get 'up' => 'rails/health#show', as: :rails_health_check
+
+  resources :captcha, only: :create do
+    get 'v2/media', to: 'captcha#media', on: :collection, as: :media
+  end
+
+  mount Rswag::Ui::Engine => '/api-docs'
+  mount Rswag::Api::Engine => '/api-docs'
+
+  scope ":slug", constraints: { slug: Wedding::SLUG_REGEX } do
+    devise_for :users, skip: [:registration, :session, :confirmation]
+    devise_scope :user do
+      post 'users', to: 'users/registrations#create'
+
+      post '/users/sign_in', to: 'users/sessions#create'
+      delete '/users/sign_out', to: 'users/sessions#destroy'
+
+      get '/users/confirmation', to: 'users/confirmations#show', as: :confirmation
+    end
+
+    resources :groups, only: %i[index create update destroy] do
+      post 'affinities/reset', to: 'affinities#reset', on: :collection
+      resources :affinities, only: %i[index] do
+        put :bulk_update, on: :collection
+        get :default, on: :collection
+      end
+    end
+
+    resources :guests, only: %i[index create update destroy] do
       post :bulk_update, on: :collection
     end
-  resources :expenses do
+    resources :expenses, only: %i[index create update destroy] do
       get :summary, on: :collection
     end
-  resources :tables_arrangements, only: [:index, :show]
+    resources :tables_arrangements, only: %i[index show]
+    resources :summary, only: :index
 
-  get 'up' => 'rails/health#show', as: :rails_health_check
+    root to: redirect("/%{slug}")
+  end
 end

db/migrate/20240711175425_create_expenses.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 class CreateExpenses < ActiveRecord::Migration[7.1]
   def change
     create_enum :pricing_types, ["fixed", "per_person"]

db/migrate/20240711180753_create_guests.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 class CreateGuests < ActiveRecord::Migration[7.1]
   def change
     create_table :guests, id: :uuid do |t|

db/migrate/20240711181626_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 1)

db/migrate/20240711181627_add_missing_unique_indices.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 2)

db/migrate/20240711181628_add_taggings_counter_cache_to_tags.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 3)

db/migrate/20240711181629_add_missing_taggable_index.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 4)

db/migrate/20240711181630_change_collation_for_tag_names.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 5)

db/migrate/20240711181631_add_missing_indexes_on_taggings.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 6)

db/migrate/20240711181632_add_tenant_to_taggings.acts_as_taggable_on_engine.rb

@@ -1,5 +1,7 @@
 # Copyright (C) 2024 Manuel Bustillo
 
+# Copyright (C) 2024-2025 LibreWeddingPlanner contributors
+
 # frozen_string_literal: true
 
 # This migration comes from acts_as_taggable_on_engine (originally 7)