feat: v2 slots new version

[supalarry]

Linear CAL-5052

[linear]

CAL-5052 platform - refactor - v2 slots

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
cal-com-ui-playground	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 7, 2025 4:09pm

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
cal	⬜️ Ignored (Inspect)	Visit Preview		Feb 7, 2025 4:09pm
calcom-web-canary	⬜️ Ignored (Inspect)	Visit Preview		Feb 7, 2025 4:09pm

[liferays]

Hello,

I’d like to emphasize an important point. Alongside the default "reserve slot" behavior, which reserves a slot for 5 minutes, we need the flexibility to define how far into the future a slot can be reserved. For instance, instead of the default 5-minute duration, we should be able to reserve a slot for an extended period—up to 1000 years, if needed—effectively keeping the slot reserved indefinitely until we trigger a "Delete a selected slot" API or complete a booking.

This functionality would be particularly useful when building on top of Cal.com using its platform API, such as when creating predefined classes.

[liferays]

If possible, it would be great to include the ability to return reserved slots along with their slot ID and datetime. This would be especially beneficial for managing predefined timed classes or events across various platforms.

[supalarry]

Hello,

I’d like to emphasize an important point. Alongside the default "reserve slot" behavior, which reserves a slot for 5 minutes, we need the flexibility to define how far into the future a slot can be reserved. For instance, instead of the default 5-minute duration, we should be able to reserve a slot for an extended period—up to 1000 years, if needed—effectively keeping the slot reserved indefinitely until we trigger a "Delete a selected slot" API or complete a booking.

This functionality would be particularly useful when building on top of Cal.com using its platform API, such as when creating predefined classes.

Thanks for the input and it's a great idea! Luckily, this is implemented in this PR. Here is an example POST request made to /v2/slots/reservations with the reservationDuration set to 60 minutes with following request body:

{
    eventTypeId: 10,
    slotStart: "2050-09-05T10:00:00.000Z",
    reservationDuration: 60,
}

[supalarry]

If possible, it would be great to include the ability to return reserved slots along with their slot ID and datetime. This would be especially beneficial for managing predefined timed classes or events across various platforms.

The response of reserving a slot can be viewed here: reserve-slot.output.ts

Slots don't have IDs per se, but reservations do, so response contains UID of the reservation and the slotStart telling when slot starts and more.

[ThyMinimalDev]

we should enable providing orgSlug or orgId, there can be conflicts between username + eventslug of org users being the same than username + eventslug of non org ursers

[ThyMinimalDev]

I see in the inputs that we allow orgSlug, we can just specify here that for org users they should also pass the org slug

[supalarry]

Good catch - in commit fix: handle same username in org and non org I make sure that we can scope by organizationSlug query parameter and added tests in slots.controller.e2e-spec.ts - i set up org user with profile username X and event type Y and then normal user with username X and event type Y and then fetch org user availability using profile username + event type slug using organizationSlug param and then normal user without organizationParam. The tests are on line 1859.

[ThyMinimalDev]

this is a cool feature but we should only enable it when authenticated with apikey / next auth / access token

[ThyMinimalDev]

too easy to abuse it to block the schedule of someone

[ThyMinimalDev]

if not authenticated force 5

[liferays]

Great! But instead of forcing back to 5, return an auth validation error, as sensitive and high-dependency cases can be critical for the (Platform).
If no duration is set, it should function normally without any type of auth, with 5 min as default duration.

[supalarry]

Great idea! In commit fix: allow reservationDuration only for authed requests I implemented that

1. if no authentification is passed then reservationDuration can't be set
2. if invalid authentification is passed then 400 bad request error is thrown.

This can be seen in e2e tests slots.controller.e2e-spec.ts

[supalarry]

@joeauyeung had added this code but I replaced it with 'getOrganizationUserByUsername' below which does not check 'User.username' like this function did but 'Profile.username'.