patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
173 commits 2 branches 0 tags 189 MiB
Commit graph

54 commits

Author SHA1 Message Date
Patrick Britton 24a69f8cbb fix: use article title as post body instead of bare URL for RSS posts 2026-02-09 08:39:02 -06:00
Patrick Britton 41407feb58 fix: use browser UA for link preview fetch, add error logging to bg goroutines 2026-02-09 08:22:27 -06:00
Patrick Britton 9879064824 fix: remove dead ResolveGoogleNewsURL reference from link_preview_service 2026-02-09 08:06:47 -06:00
Patrick Britton 6860916792 feat: replace Google News RSS with SearXNG news API for article discovery 2026-02-09 08:05:47 -06:00
Patrick Britton ebbe8d92d1 feat: article pipeline - two-phase discover/post flow with DB-backed article cache and status tracking 2026-02-08 20:01:35 -06:00
Patrick Britton d8988dc870 feat: add RSS account type - posts link directly without AI, update admin UI 2026-02-08 19:32:57 -06:00
Patrick Britton da5a366cc1 fix: use GUID for Google News article dedup, fall back to RSS source URL when link resolution fails 2026-02-08 19:08:48 -06:00
Patrick Britton 70261d839b fix: replace slow HTTP-based Google News URL resolution with instant base64 protobuf decode 2026-02-08 18:58:54 -06:00
Patrick Britton 4704708c2c fix: resolve Google News URLs to actual source articles before fetching link previews 2026-02-08 18:48:49 -06:00
Patrick Britton aa0e75d35f fix: safe domains scan - use time.Time for timestamp columns instead of string 2026-02-08 14:02:00 -06:00
Patrick Britton 8b4198e6f0 feat: safe domains management - admin UI, CRUD endpoints, URL safety checker, seeded domains 2026-02-08 13:47:08 -06:00
Patrick Britton e9e140df5e feat: link preview system - OG tag fetching, safe URL validation, full-width thumbnail card 2026-02-08 13:27:13 -06:00
Patrick Britton d623320256 feat: switch news RSS to Google News site: format with redirect resolution 2026-02-08 13:02:57 -06:00
Patrick Britton cae9a479da fix: remove user_id from profiles query - column doesn't exist 2026-02-08 12:13:36 -06:00
Patrick Britton 3d371e965e feat: add ListOfficialProfiles endpoint + profiles grid in admin UI 2026-02-08 11:39:27 -06:00
Patrick Britton 2dae622dea feat: official accounts management - AI post generation, RSS news import (NPR/AP/BMTN), scheduled auto-posting, admin UI 2026-02-08 11:30:44 -06:00
Patrick Britton 27b48128fe feat: full NSFW system - Cinemax rules, auto-reclassify with warning, not-allowed removal with appeal email, blur toggle setting, user self-labeling 2026-02-07 16:58:57 -06:00
Patrick Britton 1f0461b4f4 feat: AI moderation audit log with admin feedback for training - DB migration, service methods, admin endpoints 2026-02-07 16:35:50 -06:00
Patrick Britton ecc02e10cc feat: implement account deactivation, deletion (14-day), and immediate destroy with email confirmation 2026-02-07 11:13:11 -06:00
Patrick Britton 95056aee82 Fix AI moderation: wrap content with moderation prefix, add temperature=0 and max_tokens to prevent conversational replies 2026-02-06 21:03:46 -06:00
Patrick Britton 256592379a NSFW content system: blur overlay, user toggle, AI tri-state (clean/nsfw/flag), feed filtering 2026-02-06 20:42:23 -06:00
Patrick Britton e81e9e52b7 Fix AI moderation parser: robust JSON extraction + score-based flagging override 2026-02-06 20:19:36 -06:00
Patrick Britton d40baf9bee AI moderation: detailed explanations per category in test results 2026-02-06 20:06:23 -06:00
Patrick Britton 7c52a1a1ed AI moderation config: OpenRouter integration, admin console page, 10s quip limit 2026-02-06 19:48:36 -06:00
Patrick Britton d73b73ac89 Remove hardcoded reserved names - all reserved usernames now DB-only via admin console 2026-02-06 17:26:02 -06:00
Patrick Britton 2fb413c8d2 Admin console: reserved usernames management + claim request review system 2026-02-06 17:13:15 -06:00
Patrick Britton 6a1f20759b Add reserved username + inappropriate content validation for registration and profile updates 2026-02-06 16:32:14 -06:00
Patrick Britton 2ad148f607 Refactor SendPulse into shared service, wire app registration to Sojorn Members list (book 568122) 2026-02-06 15:33:58 -06:00
Patrick Britton e5fd9bcaa5 Add account restored email on reactivation from ban/suspend 2026-02-06 12:39:18 -06:00
Patrick Britton d1b01aa5b2 Content jailing: hide all posts/comments on ban/suspend, restore on activate 2026-02-06 12:37:03 -06:00
Patrick Britton 7e721aea21 Admin moderation: ban emails, post removal emails with strikes, appeal flow 2026-02-06 12:14:13 -06:00
Patrick Britton f4701b0d24 Ban enforcement: immediate session kill, IP logging, login/register/middleware checks 2026-02-06 12:09:02 -06:00
Patrick Britton 70fa1dddca Fix content filter: remove word boundaries to catch concatenated slurs 2026-02-06 12:01:19 -06:00
Patrick Britton f6c4bb88e0 Add layered content moderation: hard blocklist + strike system + client-side filter 2026-02-06 11:46:30 -06:00
Patrick Britton 35740f3fc6 Remove model param from OpenAI moderation request - let API default 2026-02-06 11:35:19 -06:00
Patrick Britton cc7c39ac33 Fix moderation: use text-moderation-latest model, fix FlagPost/FlagComment queries, add violation functions 2026-02-06 11:32:41 -06:00
Patrick Britton a87fcb60b6 Fix email verification: table-based HTML template, URL-encode tokens, remove base64 padding 2026-02-06 11:26:51 -06:00
Patrick Britton 66fe4bd60e Fix OpenAI Moderation API: correct response parsing, use omni-moderation-latest model 2026-02-06 11:12:00 -06:00
Patrick Britton 0954c1e2a3 feat: add Turnstile to login, improve email templates, and security cleanup 
- Add Cloudflare Turnstile verification to login flow
- Add API_BASE_URL and APP_BASE_URL to config for environment flexibility
- Redesign verification and password reset emails with modern HTML templates
- Use config URLs instead of hardcoded domains in auth handlers
- Remove sensitive logging from OTK operations for security
- Delete unused deployment and draft inspection scripts
- Add TURNSTILE_SITE_KEY to Flutter run
 2026-02-06 08:51:34 -06:00
Patrick Britton c9d8e0c7e6 feat: comprehensive security audit and cleanup 
SECURITY CLEANUP COMPLETED

 High Priority - Sensitive Data Removed:
- Delete directus_ecosystem_with_keys.js (contained DB password & API keys)
- Delete directus_ecosystem_updated.js (contained credentials)
- Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key)
- Delete temp_server.env (complete production secrets)
- Delete check_config.js (API key inspection script)
- Delete extract_keys.ps1/.bat (key extraction scripts)
- Delete fix_database_url.sh (server IP & SSH paths)
- Delete setup_fcm_server.sh (sensitive config procedures)

 Medium Priority - AI-Generated Test Files:
- Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests)
- Delete 10 test registration JSON files (registration flow tests)
- Delete 4 temporary Go files (AI-generated patches)

 Low Priority - Temporary Artifacts:
- Delete _tmp_* files and directories
- Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini)
- Delete import requests.py (Python test script)

 Files Secured (Legitimate):
- Keep .env file (contains legitimate production secrets)
- Keep production scripts and configuration files
- Keep organized migrations and documentation

 Cleanup Summary:
- 30+ files removed
- Risk level: HIGH  LOW
- No exposed API keys or credentials
- Clean project structure
- Enhanced security posture

 Documentation Added:
- SECURITY_AUDIT_CLEANUP.md - Complete audit report
- SQL_MIGRATION_ORGANIZATION.md - Migration organization guide
- ENHANCED_REGISTRATION_FLOW.md - Registration system docs
- TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs
- USER_APPEAL_SYSTEM.md - Appeal system documentation

Benefits:
- Eliminated API key exposure
- Removed sensitive server information
- Clean AI-generated test artifacts
- Professional project organization
- Enhanced security practices
- Comprehensive documentation
 2026-02-05 09:22:30 -06:00
Patrick Britton 4eebd27e69 feat: implement Cloudflare Turnstile, terms acceptance, and email preferences 
- Add Cloudflare Turnstile verification to registration flow
- Require terms of service and privacy policy acceptance
- Add email newsletter and contact preference options
- Update User model with email preference fields
- Create database migration for email preferences
- Add Turnstile service with Cloudflare API integration
- Update registration request structure with new required fields
- Add Turnstile secret key configuration
- Include development bypass for testing

Registration now requires:
- Turnstile token verification
- Terms of service acceptance
- Privacy policy acceptance
- Optional email newsletter/contact preferences
 2026-02-05 08:59:05 -06:00
Patrick Britton 17d9df47e1 fix: remove unused scoresMap variables in moderation service 2026-02-05 07:56:40 -06:00
Patrick Britton c6aa867b0c feat: implement comprehensive user appeal system 
- Add database schema for violations, appeals, and ban management
- Create violation tiers (hard vs soft violations)
- Implement automatic violation detection and user ban logic
- Add appeal service with monthly limits and deadlines
- Create appeal handler for user and admin interfaces
- Add API routes for violation management and appeals
- Update moderation service to auto-create violations
- Support evidence uploads and appeal context
- Track violation history and patterns for ban decisions

This creates a complete user-facing appeal system where:
- Hard violations (hate speech, slurs) = no appeal
- Soft violations (gray areas) = appealable with limits
- Too many violations = automatic ban
- Users can track violation history in settings
- Admins can review appeals in Directus
 2026-02-05 07:55:45 -06:00
Patrick Britton 9726cb2ad4 feat: implement comprehensive AI moderation for all content types 
- Add AI moderation to comments (was missing protection)
- Enhance post moderation to analyze images, videos, thumbnails
- Add FlagComment method for comment flagging
- Extract media URLs for comprehensive content analysis
- Update moderation config and models
- Add OpenAI and Google Vision API integration
- Fix database connection to use localhost

This ensures all text, image, and video content is protected by AI moderation.
 2026-02-05 07:47:37 -06:00
Patrick Britton 3c91dc64c9 feat(notifications): make push messages more specific and include chosen reaction emoji 2026-02-04 13:00:05 -06:00
Patrick Britton 0531e8f878 feat(notifications): improve reaction notification titles with emojis 2026-02-04 12:57:44 -06:00
Patrick Britton 23bf5a15b4 feat(notifications): add actor_handle and navigation targets for deep linking 2026-02-04 12:52:16 -06:00
Patrick Britton 6e1ba291c0 fix(push): use SendEachForMulticast to avoid deprecated FCM batch API 2026-02-04 12:20:25 -06:00
Patrick Britton 72ae644758 feat: notification system refinements and api route fixes 2026-02-04 10:51:01 -06:00
Patrick Britton 002f960142 Update terminology, fix search feed, and deploy updates 2026-02-03 21:44:08 -06:00