Commit graph

226 commits

Author SHA1 Message Date
Patrick Britton e3d626c040 Add admin login endpoint (no Turnstile), use port 3002 2026-02-06 09:33:52 -06:00
Patrick Britton 896fd51dbc Fix: remove legacy admin appeal routes that conflict with new admin group 2026-02-06 09:29:27 -06:00
Patrick Britton 96616bd81f Add admin panel: backend middleware, handler, routes + Next.js frontend 2026-02-06 09:15:57 -06:00
Patrick Britton 0954c1e2a3 feat: add Turnstile to login, improve email templates, and security cleanup
- Add Cloudflare Turnstile verification to login flow
- Add API_BASE_URL and APP_BASE_URL to config for environment flexibility
- Redesign verification and password reset emails with modern HTML templates
- Use config URLs instead of hardcoded domains in auth handlers
- Remove sensitive logging from OTK operations for security
- Delete unused deployment and draft inspection scripts
- Add TURNSTILE_SITE_KEY to Flutter run
2026-02-06 08:51:34 -06:00
Patrick Britton c9d8e0c7e6 feat: comprehensive security audit and cleanup
SECURITY CLEANUP COMPLETED

 High Priority - Sensitive Data Removed:
- Delete directus_ecosystem_with_keys.js (contained DB password & API keys)
- Delete directus_ecosystem_updated.js (contained credentials)
- Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key)
- Delete temp_server.env (complete production secrets)
- Delete check_config.js (API key inspection script)
- Delete extract_keys.ps1/.bat (key extraction scripts)
- Delete fix_database_url.sh (server IP & SSH paths)
- Delete setup_fcm_server.sh (sensitive config procedures)

 Medium Priority - AI-Generated Test Files:
- Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests)
- Delete 10 test registration JSON files (registration flow tests)
- Delete 4 temporary Go files (AI-generated patches)

 Low Priority - Temporary Artifacts:
- Delete _tmp_* files and directories
- Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini)
- Delete import requests.py (Python test script)

 Files Secured (Legitimate):
- Keep .env file (contains legitimate production secrets)
- Keep production scripts and configuration files
- Keep organized migrations and documentation

 Cleanup Summary:
- 30+ files removed
- Risk level: HIGH  LOW
- No exposed API keys or credentials
- Clean project structure
- Enhanced security posture

 Documentation Added:
- SECURITY_AUDIT_CLEANUP.md - Complete audit report
- SQL_MIGRATION_ORGANIZATION.md - Migration organization guide
- ENHANCED_REGISTRATION_FLOW.md - Registration system docs
- TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs
- USER_APPEAL_SYSTEM.md - Appeal system documentation

Benefits:
- Eliminated API key exposure
- Removed sensitive server information
- Clean AI-generated test artifacts
- Professional project organization
- Enhanced security practices
- Comprehensive documentation
2026-02-05 09:22:30 -06:00
Patrick Britton 0bb1dd4055 feat: organize SQL scripts into structured migration folders
- Create organized migration folder structure:
  - database/ - Core schema changes and migrations
  - tests/ - Test scripts and verification queries
  - directus/ - Directus CMS configuration scripts
  - fixes/ - Database fixes and patches
  - archive/ - Historical and deprecated scripts

- Move 60+ SQL files from root to appropriate folders
- Add comprehensive README with usage guidelines
- Consolidate old migrations_archive into new archive folder
- Maintain clear separation of concerns for different script types

Benefits:
- Cleaner project root directory
- Easier to find specific types of SQL scripts
- Better organization for maintenance and development
- Clear documentation for migration procedures
- Proper separation of production vs development scripts
2026-02-05 09:13:47 -06:00
Patrick Britton 73019a0e6c fix: update Turnstile environment variable name
- Change TURNSTILE_SECRET_KEY to TURNSTILE_SECRET to match server .env
- Update config loading to use correct environment variable
- Update .env.example for consistency
2026-02-05 09:10:26 -06:00
Patrick Britton 4eebd27e69 feat: implement Cloudflare Turnstile, terms acceptance, and email preferences
- Add Cloudflare Turnstile verification to registration flow
- Require terms of service and privacy policy acceptance
- Add email newsletter and contact preference options
- Update User model with email preference fields
- Create database migration for email preferences
- Add Turnstile service with Cloudflare API integration
- Update registration request structure with new required fields
- Add Turnstile secret key configuration
- Include development bypass for testing

Registration now requires:
- Turnstile token verification
- Terms of service acceptance
- Privacy policy acceptance
- Optional email newsletter/contact preferences
2026-02-05 08:59:05 -06:00
Patrick Britton 997d6437be feat: implement nuanced violation system with content deletion
- Replace immediate bans with content deletion + account marking
- Hard violations: immediate content deletion, account warning/suspension
- Soft violations: content hidden pending moderation/appeal
- Add content deletion tracking and account status changes
- Implement progressive account status (active  warning  suspended  banned)
- Track content deletions, warnings, and suspensions in violation history
- Update violation thresholds to be more lenient (3 hard = banned, 8 total = banned)
- Add content deletion reason and account status change tracking

This creates a more nuanced approach where users get multiple chances
before being banned, with clear content removal for serious violations.
2026-02-05 07:59:35 -06:00
Patrick Britton 277fc299b2 fix: remove unused variables in appeal handler 2026-02-05 07:57:21 -06:00
Patrick Britton 17d9df47e1 fix: remove unused scoresMap variables in moderation service 2026-02-05 07:56:40 -06:00
Patrick Britton c6aa867b0c feat: implement comprehensive user appeal system
- Add database schema for violations, appeals, and ban management
- Create violation tiers (hard vs soft violations)
- Implement automatic violation detection and user ban logic
- Add appeal service with monthly limits and deadlines
- Create appeal handler for user and admin interfaces
- Add API routes for violation management and appeals
- Update moderation service to auto-create violations
- Support evidence uploads and appeal context
- Track violation history and patterns for ban decisions

This creates a complete user-facing appeal system where:
- Hard violations (hate speech, slurs) = no appeal
- Soft violations (gray areas) = appealable with limits
- Too many violations = automatic ban
- Users can track violation history in settings
- Admins can review appeals in Directus
2026-02-05 07:55:45 -06:00
Patrick Britton 9726cb2ad4 feat: implement comprehensive AI moderation for all content types
- Add AI moderation to comments (was missing protection)
- Enhance post moderation to analyze images, videos, thumbnails
- Add FlagComment method for comment flagging
- Extract media URLs for comprehensive content analysis
- Update moderation config and models
- Add OpenAI and Google Vision API integration
- Fix database connection to use localhost

This ensures all text, image, and video content is protected by AI moderation.
2026-02-05 07:47:37 -06:00
Patrick Britton 33ea9b1d56 feat: notify archive instead of delete, fix api domain failsafe 2026-02-04 19:38:02 -06:00
Patrick Britton 0f6a91e319 feat: implement traditional threaded quips (comments) sheet with rich text post body and expand functionality. 2026-02-04 18:44:20 -06:00
Patrick Britton 933161cb65 Fix Android notification click bug and improve FCM logging
- Add FLUTTER_NOTIFICATION_CLICK intent filter to AndroidManifest.xml
- Extend initial notification message delay for terminated-state deep linking
- Add robust logging to notification listeners for easier debugging
2026-02-04 18:01:01 -06:00
Patrick Britton 48dfc76173 Fix compilation error in notification_service.dart 2026-02-04 17:46:53 -06:00
Patrick Britton c635da552d Implement robust notification deep linking
- Create SecureChatLoaderScreen for linking to conversations by ID
- Add /secure-chat/:id route to AppRoutes
- Update NotificationService to use AppRoutes.router for all navigation
- Fix Follow and Post navigation routes in NotificationService
- Decouple notification handling from manual Navigator pushes
2026-02-04 17:42:37 -06:00
Patrick Britton 69358b016f Fix compilation errors in followers/following and privacy screens
- Fix FollowersFollowingScreen: correct imports, AppTheme references, SignedMediaImage param
- Fix profile_screen.dart: move _navigateToConnections to _ProfileScreenState, pass callback to _ProfileHeader
- Fix profile_settings_screen.dart: update property names (isPrivate, defaultVisibility)
2026-02-04 17:21:08 -06:00
Patrick Britton adeffe691e Add followers/following screen and comprehensive privacy settings
Features:
- Create FollowersFollowingScreen with tabs for followers/following lists
- Make follower/following counts tappable on profile to navigate to connections
- Create comprehensive PrivacySettingsScreen with sections for:
  - Account privacy (private account toggle)
  - Post visibility defaults
  - Interaction controls (who can message/comment)
  - Discovery settings (search visibility)
  - Circle (close friends) management placeholder
  - Data export and blocked users
- Update ProfilePrivacySettings model with additional fields
- Connect to new backend API endpoints
2026-02-04 16:46:20 -06:00
Patrick Britton 9fec6754d9 Add comprehensive social graph implementation documentation 2026-02-04 16:20:49 -06:00
Patrick Britton 61165000a9 Implement social graph, circle privacy, and data export system
Backend Infrastructure:
- Add circle_members table and is_in_circle() SQL function
- Implement GetFollowers/GetFollowing with pagination and trust scores
- Add complete circle management (add/remove/list members)
- Create comprehensive data export for GDPR compliance

API Endpoints:
- GET /users/:id/followers - List user's followers
- GET /users/:id/following - List users they follow
- POST /users/circle/:id - Add to close friends circle
- DELETE /users/circle/:id - Remove from circle
- GET /users/circle/members - List circle members
- GET /users/me/export - Export all user data as JSON

Note: Circle visibility enforcement in feed queries needs manual completion in post_repository.go GetFeed(), GetPostsByAuthor(), and GetPostByID() methods.
2026-02-04 16:19:05 -06:00
Patrick Britton e1470c8f52 Add smooth fade-in animation to signed images for premium feel 2026-02-04 13:37:53 -06:00
Patrick Britton 92d8920183 Fix 413 Request Entity Too Large and refine image display aesthetics 2026-02-04 13:32:46 -06:00
Patrick Britton 3c91dc64c9 feat(notifications): make push messages more specific and include chosen reaction emoji 2026-02-04 13:00:05 -06:00
Patrick Britton 0531e8f878 feat(notifications): improve reaction notification titles with emojis 2026-02-04 12:57:44 -06:00
Patrick Britton 23bf5a15b4 feat(notifications): add actor_handle and navigation targets for deep linking 2026-02-04 12:52:16 -06:00
Patrick Britton 80d7d92ebd fix(notifications): use background context for async notifications 2026-02-04 12:35:00 -06:00
Patrick Britton 6e1ba291c0 fix(push): use SendEachForMulticast to avoid deprecated FCM batch API 2026-02-04 12:20:25 -06:00
Patrick Britton 3f3e228e8a feat: Add comprehensive notification system including model, UI, and service integration, alongside new deployment documentation. 2026-02-04 12:17:58 -06:00
Patrick Britton 13feb70356 fix: removed deprecated fcm dependency and updated firebase sdk 2026-02-04 12:09:49 -06:00
Patrick Britton 1c654ad7b5 feat: added notifications for post reactions 2026-02-04 11:35:58 -06:00
Patrick Britton f77bd72c57 feat: Implement comprehensive reaction display widget, add numerous new screens, services, models, documentation, and configuration files. 2026-02-04 10:57:00 -06:00
Patrick Britton 72ae644758 feat: notification system refinements and api route fixes 2026-02-04 10:51:01 -06:00
Patrick Britton 002f960142 Update terminology, fix search feed, and deploy updates 2026-02-03 21:44:08 -06:00
Patrick Britton 403f522a0b fix(cors): allow X-Signature headers for valid web requests 2026-02-03 18:09:50 -06:00
Patrick Britton 98637c6d9c feat: finalize notification system (android manifest, token revocation, backend logs) 2026-02-03 17:33:45 -06:00
Patrick Britton 87523428a7 feat: add initial VS Code configurations and development environment setup for Flutter, Supabase, and Deno. 2026-02-03 17:28:52 -06:00
Patrick Britton ffdd77ce76 Security update for .gitignore: catch all common secret and certificate file extensions and remove tracked environment files 2026-02-03 17:26:47 -06:00
Patrick Britton 5f2c3a971f Ignore bloated binaries and large log files to reduce repository size 2026-02-03 17:19:15 -06:00
Patrick Britton 10ae2944d2 feat: Initialize Sojorn Flutter application with core UI, services, E2EE, backup, and build scripts for various platforms. 2026-02-03 17:13:28 -06:00
Patrick Britton 78f43494a2 Update saved posts route and handler 2026-02-03 16:52:40 -06:00
Patrick Britton a1d47f8e95 Add reaction system and security improvements 2026-02-01 16:06:12 -06:00
Patrick Britton 2cc8cfb1d0 Reactions tweaks 2026-02-01 14:25:27 -06:00
Patrick Britton a6c7834b3b Remove old ReactionStrip to avoid duplication
- Remove old ReactionStrip component from PostActions
- Remove unused top reactions calculation
- Remove ReactionStrip import
- Keep only SmartReactionButton for clean interface
- Eliminate redundant reaction display
- Simplify action row layout
2026-02-01 14:22:35 -06:00
Patrick Britton 94ffb419ae Replace appreciate button with smart reaction button
- Remove appreciate button functionality (redundant with reactions)
- Create SmartReactionButton that shows:
  - Plus icon when no reactions exist
  - Top reaction + count when reactions exist
  - User's reaction + count when user has reacted
- Update ReactionPicker to show existing reactions first with counts
- Add visual indicators for selected reactions and counts
- Maintain full reaction functionality in single button
- Improve UX by consolidating reaction interactions
2026-02-01 14:16:20 -06:00
Patrick Britton 6cb19b056d Add reaction picker for selecting emoji reactions
- Create ReactionPicker component with 24 common emoji options
- Show emoji grid in dialog with proper styling
- Update PostActions to show picker instead of default heart
- Add _showReactionPicker method with showDialog
- Update ReactionStrip onAdd callback to use picker
- Maintain full reaction functionality with user choice
- Add proper styling with borders and shadows to picker
2026-02-01 14:07:39 -06:00
Patrick Britton fb9748c795 Update reaction strip to show only top 3 reactions with full functionality
- Add logic to sort reactions by count and take top 3
- Maintain full ReactionStrip functionality (toggle, add, tooltips)
- Only limit display to top 3 most popular reactions
- Keep all reaction state management and API calls
- Preserve visual design and interactions
- Add button still available for adding new reactions
2026-02-01 14:01:54 -06:00
Patrick Britton eb3957febc Restrict clickable area to user profile section only
- Remove InkWell wrapper from entire card
- Add separate InkWell for PostHeader area only
- Add separate InkWell for PostBody and PostMedia areas
- Only user name/avatar area navigates to profile
- Post content areas navigate to post detail (onTap)
- PostMenu remains separate and unaffected
- Add AppRoutes import for profile navigation
- Maintain proper visual feedback with borderRadius
2026-02-01 14:00:54 -06:00
Patrick Britton d3b102aaf5 Make card borders lighter and add spacing between cards
- Change border color from brightNavy to navyBlue with 0.3 opacity (lighter)
- Reduce border width from 2px to 1.5px for subtler appearance
- Lighten shadow opacity from 0.18 to 0.12 for softer effect
- Reduce shadow blur from 24 to 20 and offset from 8 to 6
- Add 16px bottom margin between cards for proper spacing
- Maintain overall card design while making it more subtle
2026-02-01 13:59:22 -06:00