RaspberryPiFoundation · jamiebenstead · Jun 12, 2026 · Jun 12, 2026 · Jun 12, 2026
diff --git a/.env.example b/.env.example
@@ -72,4 +72,6 @@ PARDOT_SUBSCRIPTION_URL=
 # Cloudflare Turnstile bot protection. This is a test key that always passes.
 # Others are available for testing purposes at
 # https://developers.cloudflare.com/turnstile/troubleshooting/testing/.
-CLOUDFLARE_TURNSTILE_SECRET_KEY=1x0000000000000000000000000000000AA
+CLOUDFLARE_TURNSTILE_SECRET_KEY=1x0000000000000000000000000000000AA
+
+HOSTNAME=localhost
diff --git a/app/controllers/api/events_controller.rb b/app/controllers/api/events_controller.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Api
+  class EventsController < ApiController
+    before_action :authorize_user
+
+    def create
+      event = Event.new(event_params.merge(user_id: current_user.id, time: Time.current))
+      if event.save
+        head :created
+      else
+        render json: { error: event.errors }, status: :bad_request
+      end
+    end
+
+    private
+
+    def event_params
+      params.expect(event: [:name, { properties: {} }])
+    end
+  end
+end
diff --git a/app/controllers/api/schools_controller.rb b/app/controllers/api/schools_controller.rb
@@ -20,6 +20,7 @@ def create
 
       if result.success?
         @school = result[:school]
+        track_event('School - Created', school_id: @school.id)
         render :show, formats: [:json], status: :created
       else
         render json: {

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
@@ -47,4 +47,8 @@ def internal_server_error(exception)
   def render_error_as_json(exception, status)
     render json: { error: "#{exception.class}: #{exception.message}" }, status:
   end
+
+  def track_event(name, properties = {})
+    Event.create!(user_id: current_user.id, name:, properties:, time: Time.current)
+  end
 end
diff --git a/app/models/event.rb b/app/models/event.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Event < ApplicationRecord
+  validates :name, presence: true
+  validates :time, presence: true
+  validates :user_id, presence: true
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -105,6 +105,8 @@
 
     get  '/join/:join_code', to: 'join#show'
     post '/join/:join_code', to: 'join#create'
+
+    resources :events, only: %i[create]
   end
 
   resource :github_webhooks, only: :create, defaults: { formats: :json }

diff --git a/db/migrate/20260612144637_create_events_table.rb b/db/migrate/20260612144637_create_events_table.rb
@@ -0,0 +1,10 @@
+class CreateEventsTable < ActiveRecord::Migration[8.1]
+  def change
+    create_table :events, id: :uuid do |t|
+      t.uuid :user_id
+      t.string :name, null: false
+      t.jsonb :properties
+      t.datetime :time, null: false
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/spec/features/event/creating_event_spec.rb b/spec/features/event/creating_event_spec.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Create events', type: :request do
+  let(:headers) { { Authorization: UserProfileMock::TOKEN } }
+  let(:user) { create(:user) }
+
+  before do
+    authenticated_in_hydra_as(user)
+  end
+
+  it('posting event returns created status') do
+    post('/api/events', headers:, params: { event: { name: 'Test Event', properties: { key: 'value' } } })
+    expect(response).to have_http_status(:created)
+  end
+
+  it('creating an event without a name returns bad request') do
+    post('/api/events', headers:, params: { event: { properties: { key: 'value' } } })
+    expect(response).to have_http_status(:bad_request)
+  end
+
+  it('created event is stored in the database with correct attributes') do
+    post('/api/events', headers:, params: { event: { name: 'Test Event', properties: { key: 'value' } } })
+    event = Event.last
+    expect(event.name).to eq('Test Event')
+    expect(event.properties).to eq({ 'key' => 'value' })
+  end
+
+  it('creating an event without authentication returns unauthorized') do
+    post('/api/events', params: { event: { name: 'Test Event', properties: { key: 'value' } } })
+    expect(response).to have_http_status(:unauthorized)
+  end
+end
diff --git a/spec/features/school/creating_a_school_spec.rb b/spec/features/school/creating_a_school_spec.rb
@@ -57,4 +57,14 @@
     post '/api/schools'
     expect(response).to have_http_status(:unauthorized)
   end
+
+  it 'records a school created event' do
+    post('/api/schools', headers:, params:)
+    expect(Event.last).to have_attributes(
+      name: 'School - Created',
+      user_id: user.id,
+      properties: { 'school_id' => School.last.id },
+      time: be_within(1.second).of(Time.current)
+    )
+  end
 end