Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

Deploying a Receipt Management Portal for quickdumpnow.com While Refactoring Port Sheet Automation

This session involved two parallel streams of work: deploying a new receipts portal for a trailer rental business and rebuilding the authentication layer for an automated port sheet data pipeline. Both required careful coordination of static site hosting, API authentication, and CloudFront caching.

The Receipt Portal Problem

The quickdumpnow.com domain needed a functional receipts upload page at /books, but requests to https://quickdumpnow.com/books were returning the homepage instead of the dedicated page. Root cause: the static site hosted in S3 had a CloudFront custom error response configured to serve the homepage for all 404 errors—a common pattern for single-page applications that backfired here.

The existing infrastructure:

  • S3 bucket: quickdumpnow.com (configured for static website hosting)
  • CloudFront distribution: d1234567890abc.cloudfront.net (with custom 404→homepage redirect)
  • Route53 alias pointing quickdumpnow.com to CloudFront
  • Local repo path: /Users/cb/Documents/repos/sites/quickdumpnow.com/

The solution involved three steps:

Step 1: Fix the Books Page Model ID

The local file at /Users/cb/Documents/repos/sites/quickdumpnow.com/books/index.html had a hardcoded form model ID pointing to a test/development form instead of the production form. Updated it to reference the correct Google Form ID for receipt submissions. This ensures submissions route to the right collection spreadsheet.

Step 2: Deploy to S3 with Dual Keys

CloudFront serves objects from S3, and S3 respects file extensions. To support both /books/index.html (explicit path) and /books/ (pretty URL) requests, we uploaded the HTML file twice:

aws s3 cp books/index.html s3://quickdumpnow.com/books/index.html --content-type "text/html"
aws s3 cp books/index.html s3://quickdumpnow.com/books --content-type "text/html"

The second command stores it under the bare books key, allowing S3 to serve it when the request path is /books (without trailing slash). This is necessary because most static site hosting configs treat directory requests differently than explicit file requests.

We also updated robots.txt to block the /books path from search indexing until the page is ready for public discovery:

User-agent: *
Disallow: /books

Step 3: Invalidate CloudFront Cache

CloudFront caches objects at edge locations. New objects don't automatically invalidate old cached responses. We created two invalidations:

  • Pattern: /books and /books/
  • Pattern: /robots.txt

CloudFront invalidations typically propagate within 30–60 seconds. We verified the distribution config to confirm the origin was correctly set to the S3 bucket and that no path-rewriting rules were interfering.

Result: https://quickdumpnow.com/books now serves the receipt portal instead of the homepage.

The Port Sheet Authentication Crisis

The second stream addressed a deeper infrastructure problem: the automated port sheet system was failing because OAuth tokens had expired, and the token refresh mechanism wasn't working reliably.

The existing system:

  • Apps Script file: PortSheetReporter.gs on queenofsandiego.com domain
  • Python tool: /Users/cb/Documents/repos/tools/jada_port_sheet.py
  • Target spreadsheet: JADA Port Log 2026 (Google Drive)
  • Target calendar: JADA Sailing Calendar (Google Calendar)
  • Stored credentials: credential JSON files in the tools directory

The problem: both tools needed valid OAuth tokens to access Google APIs, but tokens expire after 1 hour. The refresh token mechanism wasn't functioning, likely due to credential file mismatches or scope issues.

Diagnosing the Token Problem

We inspected both credential files to understand the OAuth setup:

  • Drive API credential: standard OAuth 2.0 Desktop Client with refresh token scope
  • Calendar API credential: separate OAuth 2.0 client, potentially with different scopes
  • Existing token file: contained valid refresh_token but possibly stale access token

The issue: the jada_port_sheet.py` script was attempting to refresh the calendar token, but the client ID in the token file didn't match the current credential file, or the stored refresh token had been revoked.

Building the Reauth Script

To solve this, we created a new standalone tool: /Users/cb/Documents/repos/tools/reauth_jada_calendar.py

This script:

  • Launches a local OAuth flow using the correct credential file
  • Listens on localhost:8765 for the OAuth redirect
  • Stores the new access token and refresh token in a standardized format
  • Validates that the token includes necessary scopes for calendar operations

Why a separate script? Mixing token refresh logic with data processing logic makes debugging harder. By isolating authentication, we can:

  • Test authentication independently of the port sheet logic
  • Reuse the script for other calendar-dependent tools
  • Document the token flow in one place

Handling Port Conflicts

When running the reauth script, port 8765 was already in use by a stale Python process from a previous development session. We identified and killed the orphaned process:

lsof -i :8765
kill -9 <PID>

This is a common issue when OAuth flows are interrupted mid-session. The workaround: always use the same localhost port for redirect URIs (so it's configured in the OAuth app settings), and ensure cleanup on script exit.

The Port Sheet Entry

Once authentication was stabilized, we added the charter entry for yesterday's sailing (Joseph Zurek, $1,845.72) to the JADA Port Log 2026 spreadsheet. The entry required understanding the sheet structure:

  • Tab: April 2026 (created if missing)
  • Row format: [Date, Captain Name, Vessel, Hours, Rate, Total, Notes]
  • Data: [Yesterday's date, Joseph Zurek, charter vessel, hours sailed, hourly rate, $1845.72, ""]

We used Google Sheets API v4 to append the row, specifying the correct sheetId (not just tab name, as multiple tabs can have overlapping names across different files).

Key Decisions

Why dual S3 uploads for the