[FA-27] UserNovelDataService bootstrapped, going to do author's posts first i think

Reviewed-on: #56

FictionArchive.Service.Shared/Extensions/AuthenticationExtensions.cs

@@ -6,6 +6,7 @@ using Microsoft.IdentityModel.Tokens;
 using FictionArchive.Service.Shared.Constants;
 using FictionArchive.Service.Shared.Models.Authentication;
 using System.Linq;
+using System.Security.Claims;
 
 namespace FictionArchive.Service.Shared.Extensions;
 
@@ -78,7 +79,7 @@ public static class AuthenticationExtensions
 
                 logger.LogDebug(
                     "JWT token validated for subject: {Subject}",
-                    context.Principal?.FindFirst("sub")?.Value ?? "unknown");
+                    context.Principal?.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? "unknown");
 
                 return existingEvents?.OnTokenValidated?.Invoke(context) ?? Task.CompletedTask;
             }

FictionArchive.Service.UserNovelDataService/Dockerfile

@@ -0,0 +1,23 @@
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+USER $APP_UID
+WORKDIR /app
+EXPOSE 8080
+EXPOSE 8081
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+ARG BUILD_CONFIGURATION=Release
+WORKDIR /src
+COPY ["FictionArchive.Service.UserNovelDataService/FictionArchive.Service.UserNovelDataService.csproj", "FictionArchive.Service.UserNovelDataService/"]
+RUN dotnet restore "FictionArchive.Service.UserNovelDataService/FictionArchive.Service.UserNovelDataService.csproj"
+COPY . .
+WORKDIR "/src/FictionArchive.Service.UserNovelDataService"
+RUN dotnet build "./FictionArchive.Service.UserNovelDataService.csproj" -c $BUILD_CONFIGURATION -o /app/build
+
+FROM build AS publish
+ARG BUILD_CONFIGURATION=Release
+RUN dotnet publish "./FictionArchive.Service.UserNovelDataService.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
+
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+ENTRYPOINT ["dotnet", "FictionArchive.Service.UserNovelDataService.dll"]

FictionArchive.Service.UserNovelDataService/FictionArchive.Service.UserNovelDataService.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <Nullable>enable</Nullable>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <Content Include="..\.dockerignore">
+        <Link>.dockerignore</Link>
+      </Content>
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\FictionArchive.Service.Shared\FictionArchive.Service.Shared.csproj" />
+    </ItemGroup>
+
+</Project>

FictionArchive.Service.UserNovelDataService/GraphQL/Mutation.cs

@@ -0,0 +1,6 @@
+namespace FictionArchive.Service.UserNovelDataService.GraphQL;
+
+public class Mutation
+{
+    
+}

FictionArchive.Service.UserNovelDataService/GraphQL/Query.cs

@@ -0,0 +1,6 @@
+namespace FictionArchive.Service.UserNovelDataService.GraphQL;
+
+public class Query
+{
+    
+}

FictionArchive.Service.UserNovelDataService/Program.cs

@@ -0,0 +1,75 @@
+using FictionArchive.Common.Extensions;
+using FictionArchive.Service.Shared;
+using FictionArchive.Service.Shared.Extensions;
+using FictionArchive.Service.Shared.Services.EventBus.Implementations;
+using FictionArchive.Service.UserNovelDataService.GraphQL;
+using FictionArchive.Service.UserNovelDataService.Services;
+
+namespace FictionArchive.Service.UserNovelDataService;
+
+public class Program
+{
+    public static void Main(string[] args)
+    {
+        var builder = WebApplication.CreateBuilder(args);
+        
+        var isSchemaExport = SchemaExportDetector.IsSchemaExportMode(args);
+
+        builder.AddLocalAppsettings();
+        
+        builder.Services.AddMemoryCache();
+        builder.Services.AddHealthChecks();
+        
+        #region Event Bus
+
+        if (!isSchemaExport)
+        {
+            builder.Services.AddRabbitMQ(opt =>
+            {
+                builder.Configuration.GetSection("RabbitMQ").Bind(opt);
+            });
+        }
+
+        #endregion
+        
+        #region GraphQL
+
+        builder.Services.AddDefaultGraphQl<Query, Mutation>()
+            .AddAuthorization();
+        
+        #endregion
+        
+        #region Database
+
+        builder.Services.RegisterDbContext<UserNovelDataServiceDbContext>(
+            builder.Configuration.GetConnectionString("DefaultConnection"),
+            skipInfrastructure: isSchemaExport);
+        
+        #endregion
+        
+        // Authentication & Authorization
+        builder.Services.AddOidcAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+        
+        var app = builder.Build();
+        
+        // Update database (skip in schema export mode)
+        if (!isSchemaExport)
+        {
+            using var scope = app.Services.CreateScope();
+            var dbContext = scope.ServiceProvider.GetRequiredService<UserNovelDataServiceDbContext>();
+            dbContext.UpdateDatabase();
+        }
+        
+        app.UseHttpsRedirection();
+
+        app.MapHealthChecks("/healthz");
+
+        app.UseAuthentication();
+        app.UseAuthorization();
+
+        app.MapGraphQL();
+
+        app.RunWithGraphQLCommands(args);
+    }
+}

FictionArchive.Service.UserNovelDataService/Properties/launchSettings.json

@@ -0,0 +1,38 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:26318",
+      "sslPort": 44303
+    }
+  },
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:5130",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:7298;http://localhost:5130",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

FictionArchive.Service.UserNovelDataService/Services/UserNovelDataServiceDbContext.cs

@@ -0,0 +1,11 @@
+using FictionArchive.Service.Shared.Services.Database;
+using Microsoft.EntityFrameworkCore;
+
+namespace FictionArchive.Service.UserNovelDataService.Services;
+
+public class UserNovelDataServiceDbContext : FictionArchiveDbContext
+{
+    public UserNovelDataServiceDbContext(DbContextOptions options, ILogger<UserNovelDataServiceDbContext> logger) : base(options, logger)
+    {
+    }
+}

FictionArchive.Service.UserNovelDataService/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

FictionArchive.Service.UserNovelDataService/appsettings.json

@@ -0,0 +1,16 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "ConnectionStrings": {
+    "DefaultConnection": "Host=localhost;Database=FictionArchive_UserNovelDataService;Username=postgres;password=postgres"
+  },
+  "RabbitMQ": {
+    "ConnectionString": "amqp://localhost",
+    "ClientIdentifier": "UserNovelDataService"
+  },
+  "AllowedHosts": "*"
+}

FictionArchive.Service.UserService.Tests/FictionArchive.Service.UserService.Tests.csproj

@@ -0,0 +1,30 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="FluentAssertions" Version="6.12.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.11" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
+    <PackageReference Include="NSubstitute" Version="5.1.0" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\FictionArchive.Service.UserService\FictionArchive.Service.UserService.csproj" />
+  </ItemGroup>
+
+</Project>

FictionArchive.Service.UserService.Tests/UserManagementServiceTests.cs

@@ -0,0 +1,329 @@
+using FictionArchive.Service.Shared.Services.EventBus;
+using FictionArchive.Service.UserService.Models.Database;
+using FictionArchive.Service.UserService.Services;
+using FictionArchive.Service.UserService.Services.AuthenticationClient;
+using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+using FluentAssertions;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging.Abstractions;
+using NSubstitute;
+using Xunit;
+
+namespace FictionArchive.Service.UserService.Tests;
+
+public class UserManagementServiceTests
+{
+    #region Helper Methods
+
+    private static UserServiceDbContext CreateDbContext()
+    {
+        var options = new DbContextOptionsBuilder<UserServiceDbContext>()
+            .UseInMemoryDatabase($"UserManagementServiceTests-{Guid.NewGuid()}")
+            .Options;
+
+        return new UserServiceDbContext(options, NullLogger<UserServiceDbContext>.Instance);
+    }
+
+    private static UserManagementService CreateService(
+        UserServiceDbContext dbContext,
+        IAuthenticationServiceClient authClient,
+        IEventBus? eventBus = null)
+    {
+        return new UserManagementService(
+            dbContext,
+            NullLogger<UserManagementService>.Instance,
+            authClient,
+            eventBus ?? Substitute.For<IEventBus>());
+    }
+
+    private static User CreateTestUser(string username, string email, int availableInvites = 5)
+    {
+        return new User
+        {
+            Username = username,
+            Email = email,
+            OAuthProviderId = Guid.NewGuid().ToString(),
+            Disabled = false,
+            AvailableInvites = availableInvites
+        };
+    }
+
+    #endregion
+
+    #region InviteUserAsync Tests
+
+    [Fact]
+    public async Task InviteUserAsync_WithValidInviter_CreatesUserAndDecrementsInvites()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 3);
+        dbContext.Users.Add(inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        authClient.CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())
+            .Returns(new AuthentikUserResponse { Pk = 123, Uid = "authentik-uid-456" });
+        authClient.SendRecoveryEmailAsync(Arg.Any<int>()).Returns(true);
+
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "new@test.com", "newuser");
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Username.Should().Be("newuser");
+        result.Email.Should().Be("new@test.com");
+        result.InviterId.Should().Be(inviter.Id);
+        result.AvailableInvites.Should().Be(0);
+        inviter.AvailableInvites.Should().Be(2);
+
+        await authClient.Received(1).CreateUserAsync("newuser", "new@test.com", "newuser");
+        await authClient.Received(1).SendRecoveryEmailAsync(123);
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_WithNoAvailableInvites_ReturnsNull()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 0);
+        dbContext.Users.Add(inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "new@test.com", "newuser");
+
+        // Assert
+        result.Should().BeNull();
+        await authClient.DidNotReceive().CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>());
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_WithDuplicateEmail_ReturnsNull()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var existingUser = CreateTestUser("existing", "existing@test.com");
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 3);
+        dbContext.Users.AddRange(existingUser, inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "existing@test.com", "newuser");
+
+        // Assert
+        result.Should().BeNull();
+        await authClient.DidNotReceive().CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>());
+        inviter.AvailableInvites.Should().Be(3); // Not decremented
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_WithDuplicateUsername_ReturnsNull()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var existingUser = CreateTestUser("existinguser", "existing@test.com");
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 3);
+        dbContext.Users.AddRange(existingUser, inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "new@test.com", "existinguser");
+
+        // Assert
+        result.Should().BeNull();
+        await authClient.DidNotReceive().CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>());
+        inviter.AvailableInvites.Should().Be(3); // Not decremented
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_WhenAuthentikFails_ReturnsNull()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 3);
+        dbContext.Users.Add(inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        authClient.CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())
+            .Returns((AuthentikUserResponse?)null);
+
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "new@test.com", "newuser");
+
+        // Assert
+        result.Should().BeNull();
+        await authClient.DidNotReceive().SendRecoveryEmailAsync(Arg.Any<int>());
+
+        // Verify no user was added to the database
+        var usersInDb = await dbContext.Users.ToListAsync();
+        usersInDb.Should().HaveCount(1); // Only the inviter
+        inviter.AvailableInvites.Should().Be(3); // Not decremented
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_WhenRecoveryEmailFails_StillCreatesUser()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 3);
+        dbContext.Users.Add(inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        authClient.CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())
+            .Returns(new AuthentikUserResponse { Pk = 123, Uid = "authentik-uid-456" });
+        authClient.SendRecoveryEmailAsync(Arg.Any<int>()).Returns(false); // Email fails
+
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "new@test.com", "newuser");
+
+        // Assert - User should still be created despite email failure
+        result.Should().NotBeNull();
+        result!.Username.Should().Be("newuser");
+        inviter.AvailableInvites.Should().Be(2);
+
+        // Verify user was added to database
+        var usersInDb = await dbContext.Users.ToListAsync();
+        usersInDb.Should().HaveCount(2);
+    }
+
+    [Fact]
+    public async Task InviteUserAsync_SetsCorrectUserProperties()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var inviter = CreateTestUser("inviter", "inviter@test.com", availableInvites: 5);
+        dbContext.Users.Add(inviter);
+        await dbContext.SaveChangesAsync();
+
+        var authentikUid = "authentik-uid-789";
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        authClient.CreateUserAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())
+            .Returns(new AuthentikUserResponse { Pk = 456, Uid = authentikUid });
+        authClient.SendRecoveryEmailAsync(Arg.Any<int>()).Returns(true);
+
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.InviteUserAsync(inviter, "newuser@test.com", "newusername");
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Username.Should().Be("newusername");
+        result.Email.Should().Be("newuser@test.com");
+        result.OAuthProviderId.Should().Be(authentikUid);
+        result.InviterId.Should().Be(inviter.Id);
+        result.AvailableInvites.Should().Be(0);
+        result.Disabled.Should().BeFalse();
+        result.Id.Should().NotBeEmpty();
+    }
+
+    #endregion
+
+    #region GetUserByOAuthProviderIdAsync Tests
+
+    [Fact]
+    public async Task GetUserByOAuthProviderIdAsync_WithExistingUser_ReturnsUser()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var oAuthProviderId = "oauth-provider-123";
+        var user = new User
+        {
+            Username = "testuser",
+            Email = "test@test.com",
+            OAuthProviderId = oAuthProviderId,
+            Disabled = false,
+            AvailableInvites = 5
+        };
+        dbContext.Users.Add(user);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.GetUserByOAuthProviderIdAsync(oAuthProviderId);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Username.Should().Be("testuser");
+        result.OAuthProviderId.Should().Be(oAuthProviderId);
+    }
+
+    [Fact]
+    public async Task GetUserByOAuthProviderIdAsync_WithNonExistingUser_ReturnsNull()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.GetUserByOAuthProviderIdAsync("non-existing-id");
+
+        // Assert
+        result.Should().BeNull();
+    }
+
+    #endregion
+
+    #region GetUsers Tests
+
+    [Fact]
+    public async Task GetUsers_ReturnsAllUsers()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var user1 = CreateTestUser("user1", "user1@test.com");
+        var user2 = CreateTestUser("user2", "user2@test.com");
+        var user3 = CreateTestUser("user3", "user3@test.com");
+        dbContext.Users.AddRange(user1, user2, user3);
+        await dbContext.SaveChangesAsync();
+
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.GetUsers().ToListAsync();
+
+        // Assert
+        result.Should().HaveCount(3);
+        result.Select(u => u.Username).Should().BeEquivalentTo(new[] { "user1", "user2", "user3" });
+    }
+
+    [Fact]
+    public async Task GetUsers_WithEmptyDb_ReturnsEmptyQueryable()
+    {
+        // Arrange
+        using var dbContext = CreateDbContext();
+        var authClient = Substitute.For<IAuthenticationServiceClient>();
+        var service = CreateService(dbContext, authClient);
+
+        // Act
+        var result = await service.GetUsers().ToListAsync();
+
+        // Assert
+        result.Should().BeEmpty();
+    }
+
+    #endregion
+}

FictionArchive.Service.UserService/FictionArchive.Service.UserService.csproj

@@ -22,6 +22,12 @@
         <PrivateAssets>all</PrivateAssets>
         <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       </PackageReference>
+      <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <Folder Include="Models\IntegrationEvents\" />
+      <Folder Include="Services\EventHandlers\" />
     </ItemGroup>
 
 </Project>

FictionArchive.Service.UserService/GraphQL/Mutation.cs

@@ -1,38 +1,53 @@
-using FictionArchive.Service.Shared.Constants;
+using System.Security.Claims;
 using FictionArchive.Service.UserService.Models.DTOs;
 using FictionArchive.Service.UserService.Services;
 using HotChocolate.Authorization;
+using HotChocolate.Types;
 
 namespace FictionArchive.Service.UserService.GraphQL;
 
 public class Mutation
 {
-    [Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
-    public async Task<UserDto> RegisterUser(string username, string email, string oAuthProviderId,
-        string? inviterOAuthProviderId, UserManagementService userManagementService)
+    [Authorize]
+    [Error<InvalidOperationException>]
+    public async Task<UserDto> InviteUser(
+        string email,
+        string username,
+        UserManagementService userManagementService,
+        ClaimsPrincipal claimsPrincipal)
     {
-        var user = await userManagementService.RegisterUser(username, email, oAuthProviderId, inviterOAuthProviderId);
+        // Get the current user's OAuth provider ID from claims
+        var oAuthProviderId = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+        if (string.IsNullOrEmpty(oAuthProviderId))
+        {
+            throw new InvalidOperationException("Unable to determine current user identity");
+        }
+
+        // Get the inviter from the database
+        var inviter = await userManagementService.GetUserByOAuthProviderIdAsync(oAuthProviderId);
+        if (inviter == null)
+        {
+            throw new InvalidOperationException("Current user not found in the system");
+        }
+
+        // Invite the new user
+        var newUser = await userManagementService.InviteUserAsync(inviter, email, username);
+        if (newUser == null)
+        {
+            throw new InvalidOperationException(
+                "Failed to invite user. Either you have no available invites, or the email/username is already in use.");
+        }
 
         return new UserDto
         {
-            Id = user.Id,
-            CreatedTime = user.CreatedTime,
-            LastUpdatedTime = user.LastUpdatedTime,
-            Username = user.Username,
-            Email = user.Email,
-            Disabled = user.Disabled,
-            Inviter = user.Inviter != null
-                ? new UserDto
-                {
-                    Id = user.Inviter.Id,
-                    CreatedTime = user.Inviter.CreatedTime,
-                    LastUpdatedTime = user.Inviter.LastUpdatedTime,
-                    Username = user.Inviter.Username,
-                    Email = user.Inviter.Email,
-                    Disabled = user.Inviter.Disabled,
-                    Inviter = null // Limit recursion to one level
-                }
-                : null
+            Id = newUser.Id,
+            CreatedTime = newUser.CreatedTime,
+            LastUpdatedTime = newUser.LastUpdatedTime,
+            Username = newUser.Username,
+            Email = newUser.Email,
+            Disabled = newUser.Disabled,
+            AvailableInvites = newUser.AvailableInvites,
+            InviterId = newUser.InviterId
         };
     }
 }

FictionArchive.Service.UserService/GraphQL/Query.cs

@@ -1,34 +1,43 @@
+using System.Security.Claims;
 using FictionArchive.Service.UserService.Models.DTOs;
 using FictionArchive.Service.UserService.Services;
 using HotChocolate.Authorization;
+using HotChocolate.Data;
 
 namespace FictionArchive.Service.UserService.GraphQL;
 
 public class Query
 {
     [Authorize]
-    public IQueryable<UserDto> GetUsers(UserManagementService userManagementService)
+    [UseProjection]
+    [UseFirstOrDefault]
+    public IQueryable<UserDto> GetCurrentUser(
+        UserServiceDbContext dbContext,
+        ClaimsPrincipal claimsPrincipal)
     {
-        return userManagementService.GetUsers().Select(user => new UserDto
+        var oAuthProviderId = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+        if (string.IsNullOrEmpty(oAuthProviderId))
         {
-            Id = user.Id,
-            CreatedTime = user.CreatedTime,
-            LastUpdatedTime = user.LastUpdatedTime,
-            Username = user.Username,
-            Email = user.Email,
-            Disabled = user.Disabled,
-            Inviter = user.Inviter != null
-                ? new UserDto
+            return Enumerable.Empty<UserDto>().AsQueryable();
+        }
+
+        return dbContext.Users
+            .Where(u => u.OAuthProviderId == oAuthProviderId)
+            .Select(u => new UserDto
+            {
+                Id = u.Id,
+                CreatedTime = u.CreatedTime,
+                LastUpdatedTime = u.LastUpdatedTime,
+                Username = u.Username,
+                Email = u.Email,
+                Disabled = u.Disabled,
+                AvailableInvites = u.AvailableInvites,
+                InviterId = u.InviterId,
+                InvitedUsers = u.InvitedUsers.Select(iu => new InvitedUserDto
                 {
-                    Id = user.Inviter.Id,
-                    CreatedTime = user.Inviter.CreatedTime,
-                    LastUpdatedTime = user.Inviter.LastUpdatedTime,
-                    Username = user.Inviter.Username,
-                    Email = user.Inviter.Email,
-                    Disabled = user.Inviter.Disabled,
-                    Inviter = null // Limit recursion to one level
-                }
-                : null
-        });
+                    Username = iu.Username,
+                    Email = iu.Email
+                }).ToList()
+            });
     }
 }

FictionArchive.Service.UserService/Migrations/20251229151921_AddAvailableInvites.Designer.cs

@@ -0,0 +1,83 @@
+// <auto-generated />
+using System;
+using FictionArchive.Service.UserService.Services;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace FictionArchive.Service.UserService.Migrations
+{
+    [DbContext(typeof(UserServiceDbContext))]
+    [Migration("20251229151921_AddAvailableInvites")]
+    partial class AddAvailableInvites
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("FictionArchive.Service.UserService.Models.Database.User", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<int>("AvailableInvites")
+                        .HasColumnType("integer");
+
+                    b.Property<Instant>("CreatedTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<bool>("Disabled")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("Email")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<Guid?>("InviterId")
+                        .HasColumnType("uuid");
+
+                    b.Property<Instant>("LastUpdatedTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("OAuthProviderId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("Username")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("InviterId");
+
+                    b.HasIndex("OAuthProviderId")
+                        .IsUnique();
+
+                    b.ToTable("Users");
+                });
+
+            modelBuilder.Entity("FictionArchive.Service.UserService.Models.Database.User", b =>
+                {
+                    b.HasOne("FictionArchive.Service.UserService.Models.Database.User", "Inviter")
+                        .WithMany()
+                        .HasForeignKey("InviterId");
+
+                    b.Navigation("Inviter");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

FictionArchive.Service.UserService/Migrations/20251229151921_AddAvailableInvites.cs

@@ -0,0 +1,29 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace FictionArchive.Service.UserService.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddAvailableInvites : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<int>(
+                name: "AvailableInvites",
+                table: "Users",
+                type: "integer",
+                nullable: false,
+                defaultValue: 0);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "AvailableInvites",
+                table: "Users");
+        }
+    }
+}

FictionArchive.Service.UserService/Migrations/UserServiceDbContextModelSnapshot.cs

@@ -29,6 +29,9 @@ namespace FictionArchive.Service.UserService.Migrations
                         .ValueGeneratedOnAdd()
                         .HasColumnType("uuid");
 
+                    b.Property<int>("AvailableInvites")
+                        .HasColumnType("integer");
+
                     b.Property<Instant>("CreatedTime")
                         .HasColumnType("timestamp with time zone");
 

FictionArchive.Service.UserService/Models/DTOs/InvitedUserDto.cs

@@ -0,0 +1,7 @@
+namespace FictionArchive.Service.UserService.Models.DTOs;
+
+public class InvitedUserDto
+{
+    public required string Username { get; init; }
+    public required string Email { get; init; }
+}

FictionArchive.Service.UserService/Models/DTOs/UserDto.cs

@@ -7,9 +7,11 @@ public class UserDto
     public Guid Id { get; init; }
     public Instant CreatedTime { get; init; }
     public Instant LastUpdatedTime { get; init; }
+
     public required string Username { get; init; }
     public required string Email { get; init; }
-    // OAuthProviderId intentionally omitted for security
     public bool Disabled { get; init; }
-    public UserDto? Inviter { get; init; }
+    public int AvailableInvites { get; init; }
+    public Guid? InviterId { get; init; }
+    public List<InvitedUserDto>? InvitedUsers { get; init; }
 }

FictionArchive.Service.UserService/Models/Database/User.cs

@@ -6,15 +6,14 @@ namespace FictionArchive.Service.UserService.Models.Database;
 [Index(nameof(OAuthProviderId), IsUnique = true)]
 public class User : BaseEntity<Guid>
 {
-    public string Username { get; set; }
-    public string Email { get; set; }
-    public string OAuthProviderId { get; set; }
-    
-    
+    public required string Username { get; set; }
+    public required string Email { get; set; }
+    public required string OAuthProviderId { get; set; }
     public bool Disabled { get; set; }
-    
-    /// <summary>
-    /// The user that generated an invite used by this user.
-    /// </summary>
+    public int AvailableInvites { get; set; } = 0;
+
+    // Navigation properties
+    public Guid? InviterId { get; set; }
     public User? Inviter { get; set; }
+    public ICollection<User> InvitedUsers { get; set; } = new List<User>();
 }

FictionArchive.Service.UserService/Models/IntegrationEvents/AuthUserAddedEvent.cs

@@ -1,16 +0,0 @@
-using FictionArchive.Service.Shared.Services.EventBus;
-
-namespace FictionArchive.Service.UserService.Models.IntegrationEvents;
-
-public class AuthUserAddedEvent : IIntegrationEvent
-{
-    public string OAuthProviderId { get; set; }
-    
-    public string InviterOAuthProviderId { get; set; }
-
-    // The email of the user that created the event
-    public string EventUserEmail { get; set; }
-
-    // The username of the user that created the event
-    public string EventUserUsername { get; set; }
-}

FictionArchive.Service.UserService/Models/IntegrationEvents/UserInvitedEvent.cs

@@ -0,0 +1,17 @@
+using FictionArchive.Service.Shared.Services.EventBus;
+
+namespace FictionArchive.Service.UserService.Models.IntegrationEvents;
+
+public class UserInvitedEvent : IIntegrationEvent
+{
+    // Invited user info
+    public Guid InvitedUserId { get; set; }
+    public required string InvitedUsername { get; set; }
+    public required string InvitedEmail { get; set; }
+    public required string InvitedOAuthProviderId { get; set; }
+
+    // Inviter info
+    public Guid InviterId { get; set; }
+    public required string InviterUsername { get; set; }
+    public required string InviterOAuthProviderId { get; set; }
+}

FictionArchive.Service.UserService/Program.cs

@@ -1,11 +1,12 @@
+using System.Net.Http.Headers;
 using FictionArchive.Common.Extensions;
 using FictionArchive.Service.Shared;
 using FictionArchive.Service.Shared.Extensions;
 using FictionArchive.Service.Shared.Services.EventBus.Implementations;
 using FictionArchive.Service.UserService.GraphQL;
-using FictionArchive.Service.UserService.Models.IntegrationEvents;
 using FictionArchive.Service.UserService.Services;
-using FictionArchive.Service.UserService.Services.EventHandlers;
+using FictionArchive.Service.UserService.Services.AuthenticationClient;
+using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
 
 namespace FictionArchive.Service.UserService;
 
@@ -25,19 +26,34 @@ public class Program
             builder.Services.AddRabbitMQ(opt =>
             {
                 builder.Configuration.GetSection("RabbitMQ").Bind(opt);
-            })
-            .Subscribe<AuthUserAddedEvent, AuthUserAddedEventHandler>();
+            });
         }
 
         #endregion
-        
+
         #region GraphQL
-        
+
         builder.Services.AddDefaultGraphQl<Query, Mutation>()
             .AddAuthorization();
-        
+
         #endregion
-        
+
+        #region Authentik Client
+
+        builder.Services.Configure<AuthentikConfiguration>(
+            builder.Configuration.GetSection("Authentik"));
+
+        var authentikConfig = builder.Configuration.GetSection("Authentik").Get<AuthentikConfiguration>();
+        builder.Services.AddHttpClient<IAuthenticationServiceClient, AuthentikClient>(client =>
+            {
+                client.BaseAddress = new Uri(authentikConfig?.BaseUrl ?? "https://localhost");
+                client.DefaultRequestHeaders.Authorization =
+                    new AuthenticationHeaderValue("Bearer", authentikConfig?.ApiToken ?? "");
+            })
+            .AddStandardResilienceHandler();
+
+        #endregion
+
         builder.Services.RegisterDbContext<UserServiceDbContext>(
             builder.Configuration.GetConnectionString("DefaultConnection"),
             skipInfrastructure: isSchemaExport);

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikAddUserRequest.cs

@@ -0,0 +1,21 @@
+using Newtonsoft.Json;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikAddUserRequest
+{
+    [JsonProperty("username")]
+    public required string Username { get; set; }
+
+    [JsonProperty("name")]
+    public required string DisplayName { get; set; }
+
+    [JsonProperty("email")]
+    public required string Email { get; set; }
+
+    [JsonProperty("is_active")]
+    public bool IsActive { get; set; } = true;
+
+    [JsonProperty("type")]
+    public string Type { get; } = "external";
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikClient.cs

@@ -0,0 +1,88 @@
+using System.Text;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikClient : IAuthenticationServiceClient
+{
+    private readonly HttpClient _httpClient;
+    private readonly ILogger<AuthentikClient> _logger;
+    private readonly AuthentikConfiguration _configuration;
+
+    public AuthentikClient(
+        HttpClient httpClient,
+        ILogger<AuthentikClient> logger,
+        IOptions<AuthentikConfiguration> configuration)
+    {
+        _httpClient = httpClient;
+        _logger = logger;
+        _configuration = configuration.Value;
+    }
+
+    public async Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName)
+    {
+        var request = new AuthentikAddUserRequest
+        {
+            Username = username,
+            Email = email,
+            DisplayName = displayName,
+            IsActive = true
+        };
+
+        try
+        {
+            var json = JsonConvert.SerializeObject(request);
+            var content = new StringContent(json, Encoding.UTF8, "application/json");
+            var response = await _httpClient.PostAsync("/api/v3/core/users/", content);
+
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorContent = await response.Content.ReadAsStringAsync();
+                _logger.LogError(
+                    "Failed to create user in Authentik. Status: {StatusCode}, Error: {Error}",
+                    response.StatusCode, errorContent);
+                return null;
+            }
+
+            var responseJson = await response.Content.ReadAsStringAsync();
+            var userResponse = JsonConvert.DeserializeObject<AuthentikUserResponse>(responseJson);
+            _logger.LogInformation("Successfully created user {Username} in Authentik with pk {Pk}",
+                username, userResponse?.Pk);
+
+            return userResponse;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Exception while creating user {Username} in Authentik", username);
+            return null;
+        }
+    }
+
+    public async Task<bool> SendRecoveryEmailAsync(int authentikUserId)
+    {
+        try
+        {
+            var response = await _httpClient.PostAsync(
+                $"/api/v3/core/users/{authentikUserId}/recovery_email/?email_stage={_configuration.EmailStageId}",
+                null);
+
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorContent = await response.Content.ReadAsStringAsync();
+                _logger.LogError(
+                    "Failed to send recovery email for user {UserId}. Status: {StatusCode}, Error: {Error}",
+                    authentikUserId, response.StatusCode, errorContent);
+                return false;
+            }
+
+            _logger.LogInformation("Successfully sent recovery email to Authentik user {UserId}", authentikUserId);
+            return true;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Exception while sending recovery email to Authentik user {UserId}", authentikUserId);
+            return false;
+        }
+    }
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikConfiguration.cs

@@ -0,0 +1,8 @@
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikConfiguration
+{
+    public string BaseUrl { get; set; } = string.Empty;
+    public string ApiToken { get; set; } = string.Empty;
+    public string EmailStageId { get; set; }
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/Authentik/AuthentikUserResponse.cs

@@ -0,0 +1,27 @@
+using Newtonsoft.Json;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+public class AuthentikUserResponse
+{
+    [JsonProperty("pk")]
+    public int Pk { get; set; }
+
+    [JsonProperty("username")]
+    public string Username { get; set; } = string.Empty;
+
+    [JsonProperty("name")]
+    public string Name { get; set; } = string.Empty;
+
+    [JsonProperty("email")]
+    public string Email { get; set; } = string.Empty;
+
+    [JsonProperty("is_active")]
+    public bool IsActive { get; set; }
+
+    [JsonProperty("is_superuser")]
+    public bool IsSuperuser { get; set; }
+
+    [JsonProperty("uid")]
+    public string Uid { get; set; } = string.Empty;
+}

FictionArchive.Service.UserService/Services/AuthenticationClient/IAuthenticationServiceClient.cs

@@ -0,0 +1,22 @@
+using FictionArchive.Service.UserService.Services.AuthenticationClient.Authentik;
+
+namespace FictionArchive.Service.UserService.Services.AuthenticationClient;
+
+public interface IAuthenticationServiceClient
+{
+    /// <summary>
+    /// Creates a new user in the authentication provider.
+    /// </summary>
+    /// <param name="username">The username for the new user</param>
+    /// <param name="email">The email address for the new user</param>
+    /// <param name="displayName">The display name for the new user</param>
+    /// <returns>The created user response, or null if creation failed</returns>
+    Task<AuthentikUserResponse?> CreateUserAsync(string username, string email, string displayName);
+
+    /// <summary>
+    /// Sends a password recovery email to the user.
+    /// </summary>
+    /// <param name="authentikUserId">The Authentik user ID (pk)</param>
+    /// <returns>True if the email was sent successfully, false otherwise</returns>
+    Task<bool> SendRecoveryEmailAsync(int authentikUserId);
+}

FictionArchive.Service.UserService/Services/EventHandlers/AuthUserAddedEventHandler.cs

@@ -1,23 +0,0 @@
-using FictionArchive.Service.Shared.Services.EventBus;
-using FictionArchive.Service.UserService.Models.IntegrationEvents;
-using FictionArchive.Service.UserService.Models.Database;
-using Microsoft.EntityFrameworkCore; // Add this line to include the UserModel
-
-namespace FictionArchive.Service.UserService.Services.EventHandlers;
-
-public class AuthUserAddedEventHandler : IIntegrationEventHandler<AuthUserAddedEvent>
-{
-    private readonly UserManagementService _userManagementService;
-    private readonly ILogger<AuthUserAddedEventHandler> _logger;
-
-    public AuthUserAddedEventHandler(UserServiceDbContext dbContext, ILogger<AuthUserAddedEventHandler> logger, UserManagementService userManagementService)
-    {
-        _logger = logger;
-        _userManagementService = userManagementService;
-    }
-
-    public async Task Handle(AuthUserAddedEvent @event)
-    {
-        await _userManagementService.RegisterUser(@event.EventUserUsername, @event.EventUserEmail, @event.OAuthProviderId, @event.InviterOAuthProviderId);
-    }
-}

FictionArchive.Service.UserService/Services/UserManagementService.cs

@@ -1,4 +1,7 @@
+using FictionArchive.Service.Shared.Services.EventBus;
 using FictionArchive.Service.UserService.Models.Database;
+using FictionArchive.Service.UserService.Models.IntegrationEvents;
+using FictionArchive.Service.UserService.Services.AuthenticationClient;
 using Microsoft.EntityFrameworkCore;
 
 namespace FictionArchive.Service.UserService.Services;
@@ -7,39 +10,142 @@ public class UserManagementService
 {
     private readonly ILogger<UserManagementService> _logger;
     private readonly UserServiceDbContext _dbContext;
+    private readonly IAuthenticationServiceClient _authClient;
+    private readonly IEventBus _eventBus;
 
-    public UserManagementService(UserServiceDbContext dbContext, ILogger<UserManagementService> logger)
+    public UserManagementService(
+        UserServiceDbContext dbContext,
+        ILogger<UserManagementService> logger,
+        IAuthenticationServiceClient authClient,
+        IEventBus eventBus)
     {
         _dbContext = dbContext;
         _logger = logger;
+        _authClient = authClient;
+        _eventBus = eventBus;
     }
 
-    public async Task<User> RegisterUser(string username, string email, string oAuthProviderId,
-        string? inviterOAuthProviderId)
+    /// <summary>
+    /// Invites a new user by creating them in Authentik, saving to the database, and sending a recovery email.
+    /// </summary>
+    /// <param name="inviter">The user sending the invite</param>
+    /// <param name="email">Email address of the invitee</param>
+    /// <param name="username">Username for the invitee</param>
+    /// <returns>The created user, or null if the invite failed</returns>
+    public async Task<User?> InviteUserAsync(User inviter, string email, string username)
     {
-        var newUser = new User();
-        User? inviter =
-            await _dbContext.Users.FirstOrDefaultAsync(user => user.OAuthProviderId == inviterOAuthProviderId);
-        if (inviter == null && inviterOAuthProviderId != null)
+        // Check if inviter has available invites
+        if (inviter.AvailableInvites <= 0)
         {
-            _logger.LogCritical(
-                "A user with OAuthProviderId {OAuthProviderId} was marked as having inviter with OAuthProviderId {inviterOAuthProviderId}, but no user was found with that value.",
-                inviterOAuthProviderId, inviterOAuthProviderId);
-            newUser.Disabled = true;
+            _logger.LogWarning("User {InviterId} has no available invites", inviter.Id);
+            return null;
         }
 
-        newUser.Username = username;
-        newUser.Email = email;
-        newUser.OAuthProviderId = oAuthProviderId;
+        // Check if email is already in use
+        var existingUser = await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.Email == email);
+
+        if (existingUser != null)
+        {
+            _logger.LogWarning("Email {Email} is already in use", email);
+            return null;
+        }
+
+        // Check if username is already in use
+        var existingUsername = await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.Username == username);
+
+        if (existingUsername != null)
+        {
+            _logger.LogWarning("Username {Username} is already in use", username);
+            return null;
+        }
+
+        // Create user in Authentik
+        var authentikUser = await _authClient.CreateUserAsync(username, email, username);
+        if (authentikUser == null)
+        {
+            _logger.LogError("Failed to create user {Username} in Authentik", username);
+            return null;
+        }
+
+        // Send recovery email via Authentik
+        var emailSent = await _authClient.SendRecoveryEmailAsync(authentikUser.Pk);
+        if (!emailSent)
+        {
+            _logger.LogWarning(
+                "User {Username} was created in Authentik but recovery email failed to send. Authentik pk: {Pk}",
+                username, authentikUser.Pk);
+            // Continue anyway - the user is created, admin can resend email manually
+        }
+
+        // Create user in local database
+        var newUser = new User
+        {
+            Username = username,
+            Email = email,
+            OAuthProviderId = authentikUser.Uid,
+            Disabled = false,
+            AvailableInvites = 0,
+            InviterId = inviter.Id
+        };
+
+        _dbContext.Users.Add(newUser);
+
+        // Decrement inviter's available invites
+        inviter.AvailableInvites--;
+
+        await _dbContext.SaveChangesAsync();
+
+        await _eventBus.Publish(new UserInvitedEvent
+        {
+            InvitedUserId = newUser.Id,
+            InvitedUsername = newUser.Username,
+            InvitedEmail = newUser.Email,
+            InvitedOAuthProviderId = newUser.OAuthProviderId,
+            InviterId = inviter.Id,
+            InviterUsername = inviter.Username,
+            InviterOAuthProviderId = inviter.OAuthProviderId
+        });
+
+        _logger.LogInformation(
+            "User {Username} was successfully invited by {InviterId}. New user id: {NewUserId}",
+            username, inviter.Id, newUser.Id);
 
-        _dbContext.Users.Add(newUser); // Add the new user to the DbContext
-        await _dbContext.SaveChangesAsync(); // Save changes to the database
-        
         return newUser;
     }
 
+    /// <summary>
+    /// Gets a user by their OAuth provider ID (Authentik UID).
+    /// </summary>
+    public async Task<User?> GetUserByOAuthProviderIdAsync(string oAuthProviderId)
+    {
+        return await _dbContext.Users
+            .AsQueryable()
+            .FirstOrDefaultAsync(u => u.OAuthProviderId == oAuthProviderId);
+    }
+
+    /// <summary>
+    /// Gets all users as a queryable for GraphQL.
+    /// </summary>
     public IQueryable<User> GetUsers()
     {
         return _dbContext.Users.AsQueryable();
     }
+
+    /// <summary>
+    /// Gets all users invited by a specific user.
+    /// </summary>
+    /// <param name="inviterId">The ID of the user who sent the invites</param>
+    /// <returns>List of users invited by the specified user</returns>
+    public async Task<List<User>> GetInvitedByUserAsync(Guid inviterId)
+    {
+        return await _dbContext.Users
+            .AsQueryable()
+            .Where(u => u.InviterId == inviterId)
+            .OrderByDescending(u => u.CreatedTime)
+            .ToListAsync();
+    }
 }

FictionArchive.Service.UserService/Services/UserServiceDbContext.cs

@@ -7,7 +7,7 @@ namespace FictionArchive.Service.UserService.Services;
 public class UserServiceDbContext : FictionArchiveDbContext
 {
     public DbSet<User> Users { get; set; }
-    
+
     public UserServiceDbContext(DbContextOptions options, ILogger<UserServiceDbContext> logger) : base(options, logger)
     {
     }

FictionArchive.Service.UserService/appsettings.json

@@ -12,6 +12,11 @@
     "ConnectionString": "amqp://localhost",
     "ClientIdentifier": "UserService"
   },
+  "Authentik": {
+    "BaseUrl": "https://auth.orfl.xyz",
+    "ApiToken": "REPLACE_ME",
+    "EmailStageId": "10df0c18-8802-4ec7-852e-3cdd355514d3"
+  },
   "AllowedHosts": "*",
   "OIDC": {
     "Authority": "https://auth.orfl.xyz/application/o/fiction-archive/",

FictionArchive.sln

@@ -1,5 +1,6 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
+#
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Common", "FictionArchive.Common\FictionArchive.Common.csproj", "{ABF1BA10-9E76-45BE-9947-E20445A68147}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.API", "FictionArchive.API\FictionArchive.API.csproj", "{420CC1A1-9DBC-40EC-B9E3-D4B25D71B9A9}"
@@ -14,12 +15,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.Sche
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.UserService", "FictionArchive.Service.UserService\FictionArchive.Service.UserService.csproj", "{EE4D4795-2F79-4614-886D-AF8DA77120AC}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.AuthenticationService", "FictionArchive.Service.AuthenticationService\FictionArchive.Service.AuthenticationService.csproj", "{70C4AE82-B01E-421D-B590-C0F47E63CD0C}"
-EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.FileService", "FictionArchive.Service.FileService\FictionArchive.Service.FileService.csproj", "{EC64A336-F8A0-4BED-9CA3-1B05AD00631D}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.NovelService.Tests", "FictionArchive.Service.NovelService.Tests\FictionArchive.Service.NovelService.Tests.csproj", "{166E645E-9DFB-44E8-8CC8-FA249A11679F}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.UserService.Tests", "FictionArchive.Service.UserService.Tests\FictionArchive.Service.UserService.Tests.csproj", "{10C38C89-983D-4544-8911-F03099F66AB8}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FictionArchive.Service.UserNovelDataService", "FictionArchive.Service.UserNovelDataService\FictionArchive.Service.UserNovelDataService.csproj", "{A278565B-D440-4AB9-B2E2-41BA3B3AD82A}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -54,10 +57,6 @@ Global
 		{EE4D4795-2F79-4614-886D-AF8DA77120AC}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EE4D4795-2F79-4614-886D-AF8DA77120AC}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{EE4D4795-2F79-4614-886D-AF8DA77120AC}.Release|Any CPU.Build.0 = Release|Any CPU
-		{70C4AE82-B01E-421D-B590-C0F47E63CD0C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{70C4AE82-B01E-421D-B590-C0F47E63CD0C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{70C4AE82-B01E-421D-B590-C0F47E63CD0C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{70C4AE82-B01E-421D-B590-C0F47E63CD0C}.Release|Any CPU.Build.0 = Release|Any CPU
 		{EC64A336-F8A0-4BED-9CA3-1B05AD00631D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{EC64A336-F8A0-4BED-9CA3-1B05AD00631D}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EC64A336-F8A0-4BED-9CA3-1B05AD00631D}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -66,5 +65,13 @@ Global
 		{166E645E-9DFB-44E8-8CC8-FA249A11679F}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{166E645E-9DFB-44E8-8CC8-FA249A11679F}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{166E645E-9DFB-44E8-8CC8-FA249A11679F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{10C38C89-983D-4544-8911-F03099F66AB8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{10C38C89-983D-4544-8911-F03099F66AB8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{10C38C89-983D-4544-8911-F03099F66AB8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{10C38C89-983D-4544-8911-F03099F66AB8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A278565B-D440-4AB9-B2E2-41BA3B3AD82A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A278565B-D440-4AB9-B2E2-41BA3B3AD82A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A278565B-D440-4AB9-B2E2-41BA3B3AD82A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A278565B-D440-4AB9-B2E2-41BA3B3AD82A}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 EndGlobal

fictionarchive-web-astro/src/lib/components/AuthenticationDisplay.svelte

@@ -44,6 +44,12 @@
 			<div
 				class="absolute right-0 z-50 mt-2 w-48 rounded-md bg-white p-2 shadow-lg dark:bg-gray-800"
 			>
+				<a
+					href="/settings"
+					class="flex w-full items-center justify-start rounded-md px-4 py-2 text-sm font-medium hover:bg-gray-100 dark:hover:bg-gray-700"
+				>
+					Settings
+				</a>
 				<Button variant="ghost" class="w-full justify-start" onclick={handleLogout}>
 					Sign out
 				</Button>

fictionarchive-web-astro/src/lib/components/NovelDetailPage.svelte

@@ -665,7 +665,6 @@
 
 <!-- Delete Confirmation Modal -->
 {#if showDeleteConfirm && novel}
-	<!-- svelte-ignore a11y_no_noninteractive_element_interactions -->
 	<div
 		class="fixed inset-0 z-50 flex items-center justify-center bg-black/50 backdrop-blur-sm"
 		onclick={() => !deleting && (showDeleteConfirm = false)}

fictionarchive-web-astro/src/lib/components/SettingsPage.svelte

@@ -0,0 +1,211 @@
+<script lang="ts">
+	import { onMount } from 'svelte';
+	import { client } from '$lib/graphql/client';
+	import {
+		GetSettingsPageDataDocument,
+		InviteUserDocument,
+		type GetSettingsPageDataQuery
+	} from '$lib/graphql/__generated__/graphql';
+	import * as Tabs from '$lib/components/ui/tabs';
+	import { Button } from '$lib/components/ui/button';
+	import { Input } from '$lib/components/ui/input';
+	import { Card, CardContent, CardHeader, CardTitle } from '$lib/components/ui/card';
+	import { Badge } from '$lib/components/ui/badge';
+
+	let currentUser: GetSettingsPageDataQuery['currentUser'] | null = $state(null);
+	let fetching = $state(true);
+	let error: string | null = $state(null);
+
+	// Form state
+	let email = $state('');
+	let username = $state('');
+	let submitting = $state(false);
+	let formError: string | null = $state(null);
+	let formSuccess = $state(false);
+
+	const availableInvites = $derived(currentUser?.availableInvites ?? 0);
+	const canInvite = $derived(availableInvites > 0 && !submitting && !formSuccess);
+
+	async function fetchData() {
+		fetching = true;
+		error = null;
+
+		try {
+			const result = await client.query(GetSettingsPageDataDocument, {}).toPromise();
+
+			if (result.error) {
+				error = result.error.message;
+				return;
+			}
+
+			if (result.data) {
+				currentUser = result.data.currentUser;
+			}
+		} catch (e) {
+			error = e instanceof Error ? e.message : 'Unknown error';
+		} finally {
+			fetching = false;
+		}
+	}
+
+	async function handleInvite(e: Event) {
+		e.preventDefault();
+
+		if (!email.trim() || !username.trim()) {
+			formError = 'Please fill in all fields';
+			return;
+		}
+
+		submitting = true;
+		formError = null;
+
+		try {
+			const result = await client
+				.mutation(InviteUserDocument, {
+					input: { email: email.trim(), username: username.trim() }
+				})
+				.toPromise();
+
+			if (result.error) {
+				formError = result.error.message;
+				return;
+			}
+
+			if (result.data?.inviteUser?.errors?.length) {
+				formError = result.data.inviteUser.errors[0].message;
+				return;
+			}
+
+			if (result.data?.inviteUser?.userDto) {
+				formSuccess = true;
+				// Refresh data to update invite count and list
+				await fetchData();
+				// Reset form after delay
+				setTimeout(() => {
+					email = '';
+					username = '';
+					formSuccess = false;
+				}, 2000);
+			}
+		} catch (e) {
+			formError = e instanceof Error ? e.message : 'Unknown error occurred';
+		} finally {
+			submitting = false;
+		}
+	}
+
+	onMount(() => {
+		fetchData();
+	});
+</script>
+
+<div class="space-y-6">
+	<div>
+		<h1 class="text-3xl font-bold">Settings</h1>
+		<p class="text-muted-foreground">Manage your account settings</p>
+	</div>
+
+	{#if fetching}
+		<div class="flex items-center justify-center py-12">
+			<div class="text-muted-foreground">Loading...</div>
+		</div>
+	{:else if error}
+		<Card>
+			<CardContent class="py-6">
+				<p class="text-destructive">{error}</p>
+				<Button class="mt-4" onclick={fetchData}>Try Again</Button>
+			</CardContent>
+		</Card>
+	{:else}
+		<Tabs.Root value="invites">
+			<Tabs.List class="mb-6">
+				<Tabs.Trigger value="invites">Invites</Tabs.Trigger>
+			</Tabs.List>
+
+			<Tabs.Content value="invites" class="space-y-6">
+				<!-- Invite Form -->
+				<Card>
+					<CardHeader>
+						<CardTitle class="flex items-center gap-3">
+							Invite a User
+							<Badge variant={availableInvites > 0 ? 'default' : 'secondary'}>
+								{availableInvites} remaining
+							</Badge>
+						</CardTitle>
+					</CardHeader>
+					<CardContent>
+						<form onsubmit={handleInvite} class="space-y-4">
+							<div class="grid gap-4 sm:grid-cols-2">
+								<div class="space-y-2">
+									<label for="invite-email" class="text-sm font-medium">Email</label>
+									<Input
+										id="invite-email"
+										type="email"
+										placeholder="user@example.com"
+										bind:value={email}
+										disabled={!canInvite}
+									/>
+								</div>
+								<div class="space-y-2">
+									<label for="invite-username" class="text-sm font-medium">Username</label>
+									<Input
+										id="invite-username"
+										type="text"
+										placeholder="username"
+										bind:value={username}
+										disabled={!canInvite}
+									/>
+								</div>
+							</div>
+
+							{#if formError}
+								<p class="text-destructive text-sm">{formError}</p>
+							{/if}
+
+							{#if formSuccess}
+								<p class="text-green-600 dark:text-green-400 text-sm">
+									Invitation sent successfully! The user will receive an email to set up their account.
+								</p>
+							{/if}
+
+							<Button type="submit" disabled={!canInvite || !email.trim() || !username.trim()}>
+								{#if submitting}
+									Sending...
+								{:else if formSuccess}
+									Sent!
+								{:else}
+									Send Invite
+								{/if}
+							</Button>
+						</form>
+					</CardContent>
+				</Card>
+
+				<!-- Invited Users List -->
+				<Card>
+					<CardHeader>
+						<CardTitle>Invited Users</CardTitle>
+					</CardHeader>
+					<CardContent>
+						{#if !currentUser?.invitedUsers?.length}
+							<p class="text-muted-foreground text-sm">
+								You haven't invited anyone yet.
+							</p>
+						{:else}
+							<div class="divide-y">
+								{#each currentUser.invitedUsers as user (user.username)}
+									<div class="flex items-center justify-between py-3 first:pt-0 last:pb-0">
+										<div>
+											<p class="font-medium">{user.username}</p>
+											<p class="text-muted-foreground text-sm">{user.email}</p>
+										</div>
+									</div>
+								{/each}
+							</div>
+						{/if}
+					</CardContent>
+				</Card>
+			</Tabs.Content>
+		</Tabs.Root>
+	{/if}
+</div>

fictionarchive-web-astro/src/lib/graphql/__generated__/graphql.ts

@@ -156,6 +156,27 @@ export type InstantFilterInput = {
   or?: InputMaybe<Array<InstantFilterInput>>;
 };
 
+export type InvalidOperationError = Error & {
+  message: Scalars['String']['output'];
+};
+
+export type InviteUserError = InvalidOperationError;
+
+export type InviteUserInput = {
+  email: Scalars['String']['input'];
+  username: Scalars['String']['input'];
+};
+
+export type InviteUserPayload = {
+  errors: Maybe<Array<InviteUserError>>;
+  userDto: Maybe<UserDto>;
+};
+
+export type InvitedUserDto = {
+  email: Scalars['String']['output'];
+  username: Scalars['String']['output'];
+};
+
 export type JobKey = {
   group: Scalars['String']['output'];
   name: Scalars['String']['output'];
@@ -215,7 +236,7 @@ export type Mutation = {
   deleteNovel: DeleteNovelPayload;
   fetchChapterContents: FetchChapterContentsPayload;
   importNovel: ImportNovelPayload;
-  registerUser: RegisterUserPayload;
+  inviteUser: InviteUserPayload;
   runJob: RunJobPayload;
   scheduleEventJob: ScheduleEventJobPayload;
   translateText: TranslateTextPayload;
@@ -242,8 +263,8 @@ export type MutationImportNovelArgs = {
 };
 
 
-export type MutationRegisterUserArgs = {
-  input: RegisterUserInput;
+export type MutationInviteUserArgs = {
+  input: InviteUserInput;
 };
 
 
@@ -422,11 +443,11 @@ export type PersonDtoSortInput = {
 
 export type Query = {
   chapter: Maybe<ChapterReaderDto>;
+  currentUser: Array<UserDto>;
   jobs: Array<SchedulerJob>;
   novels: Maybe<NovelsConnection>;
   translationEngines: Array<TranslationEngineDescriptor>;
   translationRequests: Maybe<TranslationRequestsConnection>;
-  users: Array<UserDto>;
 };
 
 
@@ -463,17 +484,6 @@ export type QueryTranslationRequestsArgs = {
   where?: InputMaybe<TranslationRequestDtoFilterInput>;
 };
 
-export type RegisterUserInput = {
-  email: Scalars['String']['input'];
-  inviterOAuthProviderId?: InputMaybe<Scalars['String']['input']>;
-  oAuthProviderId: Scalars['String']['input'];
-  username: Scalars['String']['input'];
-};
-
-export type RegisterUserPayload = {
-  userDto: Maybe<UserDto>;
-};
-
 export type RunJobError = JobPersistenceError;
 
 export type RunJobInput = {
@@ -700,11 +710,13 @@ export type UnsignedIntOperationFilterInputType = {
 };
 
 export type UserDto = {
+  availableInvites: Scalars['Int']['output'];
   createdTime: Scalars['Instant']['output'];
   disabled: Scalars['Boolean']['output'];
   email: Scalars['String']['output'];
   id: Scalars['UUID']['output'];
-  inviter: Maybe<UserDto>;
+  invitedUsers: Maybe<Array<InvitedUserDto>>;
+  inviterId: Maybe<Scalars['UUID']['output']>;
   lastUpdatedTime: Scalars['Instant']['output'];
   username: Scalars['String']['output'];
 };
@@ -738,6 +750,13 @@ export type ImportNovelMutationVariables = Exact<{
 
 export type ImportNovelMutation = { importNovel: { novelUpdateRequestedEvent: { novelUrl: string } | null } };
 
+export type InviteUserMutationVariables = Exact<{
+  input: InviteUserInput;
+}>;
+
+
+export type InviteUserMutation = { inviteUser: { userDto: { id: any, username: string, email: string } | null, errors: Array<{ message: string }> | null } };
+
 export type GetChapterQueryVariables = Exact<{
   novelId: Scalars['UnsignedInt']['input'];
   chapterOrder: Scalars['UnsignedInt']['input'];
@@ -763,9 +782,16 @@ export type NovelsQueryVariables = Exact<{
 
 export type NovelsQuery = { novels: { edges: Array<{ cursor: string, node: { id: any, url: string, name: string, description: string, rawStatus: NovelStatus, lastUpdatedTime: any, coverImage: { newPath: string | null } | null, chapters: Array<{ order: any, name: string }>, tags: Array<{ key: string, displayName: string, tagType: TagType }> } }> | null, pageInfo: { hasNextPage: boolean, endCursor: string | null } } | null };
 
+export type GetSettingsPageDataQueryVariables = Exact<{ [key: string]: never; }>;
+
+
+export type GetSettingsPageDataQuery = { currentUser: Array<{ id: any, username: string, availableInvites: number, invitedUsers: Array<{ username: string, email: string }> | null }> };
+
 
 export const DeleteNovelDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"DeleteNovel"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"input"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"DeleteNovelInput"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"deleteNovel"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"input"},"value":{"kind":"Variable","name":{"kind":"Name","value":"input"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"boolean"}},{"kind":"Field","name":{"kind":"Name","value":"errors"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"InlineFragment","typeCondition":{"kind":"NamedType","name":{"kind":"Name","value":"Error"}},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"message"}}]}}]}}]}}]}}]} as unknown as DocumentNode<DeleteNovelMutation, DeleteNovelMutationVariables>;
 export const ImportNovelDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"ImportNovel"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"input"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ImportNovelInput"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"importNovel"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"input"},"value":{"kind":"Variable","name":{"kind":"Name","value":"input"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"novelUpdateRequestedEvent"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"novelUrl"}}]}}]}}]}}]} as unknown as DocumentNode<ImportNovelMutation, ImportNovelMutationVariables>;
+export const InviteUserDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"InviteUser"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"input"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"InviteUserInput"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"inviteUser"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"input"},"value":{"kind":"Variable","name":{"kind":"Name","value":"input"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"userDto"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"username"}},{"kind":"Field","name":{"kind":"Name","value":"email"}}]}},{"kind":"Field","name":{"kind":"Name","value":"errors"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"InlineFragment","typeCondition":{"kind":"NamedType","name":{"kind":"Name","value":"InvalidOperationError"}},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"message"}}]}}]}}]}}]}}]} as unknown as DocumentNode<InviteUserMutation, InviteUserMutationVariables>;
 export const GetChapterDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetChapter"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"novelId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"UnsignedInt"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"chapterOrder"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"UnsignedInt"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"chapter"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"novelId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"novelId"}}},{"kind":"Argument","name":{"kind":"Name","value":"chapterOrder"},"value":{"kind":"Variable","name":{"kind":"Name","value":"chapterOrder"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"order"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"body"}},{"kind":"Field","name":{"kind":"Name","value":"url"}},{"kind":"Field","name":{"kind":"Name","value":"revision"}},{"kind":"Field","name":{"kind":"Name","value":"createdTime"}},{"kind":"Field","name":{"kind":"Name","value":"lastUpdatedTime"}},{"kind":"Field","name":{"kind":"Name","value":"images"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"newPath"}}]}},{"kind":"Field","name":{"kind":"Name","value":"novelId"}},{"kind":"Field","name":{"kind":"Name","value":"novelName"}},{"kind":"Field","name":{"kind":"Name","value":"totalChapters"}},{"kind":"Field","name":{"kind":"Name","value":"prevChapterOrder"}},{"kind":"Field","name":{"kind":"Name","value":"nextChapterOrder"}}]}}]}}]} as unknown as DocumentNode<GetChapterQuery, GetChapterQueryVariables>;
 export const NovelDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"Novel"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"id"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"UnsignedInt"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"novels"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"where"},"value":{"kind":"ObjectValue","fields":[{"kind":"ObjectField","name":{"kind":"Name","value":"id"},"value":{"kind":"ObjectValue","fields":[{"kind":"ObjectField","name":{"kind":"Name","value":"eq"},"value":{"kind":"Variable","name":{"kind":"Name","value":"id"}}}]}}]}},{"kind":"Argument","name":{"kind":"Name","value":"first"},"value":{"kind":"IntValue","value":"1"}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"nodes"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"description"}},{"kind":"Field","name":{"kind":"Name","value":"url"}},{"kind":"Field","name":{"kind":"Name","value":"rawLanguage"}},{"kind":"Field","name":{"kind":"Name","value":"rawStatus"}},{"kind":"Field","name":{"kind":"Name","value":"statusOverride"}},{"kind":"Field","name":{"kind":"Name","value":"externalId"}},{"kind":"Field","name":{"kind":"Name","value":"createdTime"}},{"kind":"Field","name":{"kind":"Name","value":"lastUpdatedTime"}},{"kind":"Field","name":{"kind":"Name","value":"author"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"externalUrl"}}]}},{"kind":"Field","name":{"kind":"Name","value":"source"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"key"}},{"kind":"Field","name":{"kind":"Name","value":"url"}}]}},{"kind":"Field","name":{"kind":"Name","value":"coverImage"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"newPath"}}]}},{"kind":"Field","name":{"kind":"Name","value":"tags"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"key"}},{"kind":"Field","name":{"kind":"Name","value":"displayName"}},{"kind":"Field","name":{"kind":"Name","value":"tagType"}}]}},{"kind":"Field","name":{"kind":"Name","value":"chapters"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"order"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"lastUpdatedTime"}},{"kind":"Field","name":{"kind":"Name","value":"images"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"newPath"}}]}}]}}]}}]}}]}}]} as unknown as DocumentNode<NovelQuery, NovelQueryVariables>;
-export const NovelsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"Novels"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"first"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"Int"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"after"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"where"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"NovelDtoFilterInput"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"order"}},"type":{"kind":"ListType","type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"NovelDtoSortInput"}}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"novels"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"first"},"value":{"kind":"Variable","name":{"kind":"Name","value":"first"}}},{"kind":"Argument","name":{"kind":"Name","value":"after"},"value":{"kind":"Variable","name":{"kind":"Name","value":"after"}}},{"kind":"Argument","name":{"kind":"Name","value":"where"},"value":{"kind":"Variable","name":{"kind":"Name","value":"where"}}},{"kind":"Argument","name":{"kind":"Name","value":"order"},"value":{"kind":"Variable","name":{"kind":"Name","value":"order"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"edges"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"cursor"}},{"kind":"Field","name":{"kind":"Name","value":"node"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"url"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"description"}},{"kind":"Field","name":{"kind":"Name","value":"coverImage"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"newPath"}}]}},{"kind":"Field","name":{"kind":"Name","value":"rawStatus"}},{"kind":"Field","name":{"kind":"Name","value":"lastUpdatedTime"}},{"kind":"Field","name":{"kind":"Name","value":"chapters"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"order"}},{"kind":"Field","name":{"kind":"Name","value":"name"}}]}},{"kind":"Field","name":{"kind":"Name","value":"tags"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"key"}},{"kind":"Field","name":{"kind":"Name","value":"displayName"}},{"kind":"Field","name":{"kind":"Name","value":"tagType"}}]}}]}}]}},{"kind":"Field","name":{"kind":"Name","value":"pageInfo"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"hasNextPage"}},{"kind":"Field","name":{"kind":"Name","value":"endCursor"}}]}}]}}]}}]} as unknown as DocumentNode<NovelsQuery, NovelsQueryVariables>;
+export const NovelsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"Novels"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"first"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"Int"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"after"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"where"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"NovelDtoFilterInput"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"order"}},"type":{"kind":"ListType","type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"NovelDtoSortInput"}}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"novels"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"first"},"value":{"kind":"Variable","name":{"kind":"Name","value":"first"}}},{"kind":"Argument","name":{"kind":"Name","value":"after"},"value":{"kind":"Variable","name":{"kind":"Name","value":"after"}}},{"kind":"Argument","name":{"kind":"Name","value":"where"},"value":{"kind":"Variable","name":{"kind":"Name","value":"where"}}},{"kind":"Argument","name":{"kind":"Name","value":"order"},"value":{"kind":"Variable","name":{"kind":"Name","value":"order"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"edges"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"cursor"}},{"kind":"Field","name":{"kind":"Name","value":"node"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"url"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"description"}},{"kind":"Field","name":{"kind":"Name","value":"coverImage"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"newPath"}}]}},{"kind":"Field","name":{"kind":"Name","value":"rawStatus"}},{"kind":"Field","name":{"kind":"Name","value":"lastUpdatedTime"}},{"kind":"Field","name":{"kind":"Name","value":"chapters"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"order"}},{"kind":"Field","name":{"kind":"Name","value":"name"}}]}},{"kind":"Field","name":{"kind":"Name","value":"tags"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"key"}},{"kind":"Field","name":{"kind":"Name","value":"displayName"}},{"kind":"Field","name":{"kind":"Name","value":"tagType"}}]}}]}}]}},{"kind":"Field","name":{"kind":"Name","value":"pageInfo"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"hasNextPage"}},{"kind":"Field","name":{"kind":"Name","value":"endCursor"}}]}}]}}]}}]} as unknown as DocumentNode<NovelsQuery, NovelsQueryVariables>;
+export const GetSettingsPageDataDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetSettingsPageData"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"currentUser"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"username"}},{"kind":"Field","name":{"kind":"Name","value":"availableInvites"}},{"kind":"Field","name":{"kind":"Name","value":"invitedUsers"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"username"}},{"kind":"Field","name":{"kind":"Name","value":"email"}}]}}]}}]}}]} as unknown as DocumentNode<GetSettingsPageDataQuery, GetSettingsPageDataQueryVariables>;

fictionarchive-web-astro/src/lib/graphql/mutations/inviteUser.graphql

@@ -0,0 +1,14 @@
+mutation InviteUser($input: InviteUserInput!) {
+  inviteUser(input: $input) {
+    userDto {
+      id
+      username
+      email
+    }
+    errors {
+      ... on InvalidOperationError {
+        message
+      }
+    }
+  }
+}

fictionarchive-web-astro/src/lib/graphql/queries/settings.graphql

@@ -0,0 +1,11 @@
+query GetSettingsPageData {
+  currentUser {
+    id
+    username
+    availableInvites
+    invitedUsers {
+      username
+      email
+    }
+  }
+}

fictionarchive-web-astro/src/pages/settings/index.astro

@@ -0,0 +1,8 @@
+---
+import AppLayout from '../../layouts/AppLayout.astro';
+import SettingsPage from '../../lib/components/SettingsPage.svelte';
+---
+
+<AppLayout title="Settings - FictionArchive">
+	<SettingsPage client:load />
+</AppLayout>