patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
140 commits 2 branches 0 tags 189 MiB
Commit graph

77 commits

Author SHA1 Message Date
Patrick Britton 8d419ba057 fix: close ALL NSFW leaks - GetPostByID, GetPostChain, GetPostFocusContext now filter NSFW server-side 2026-02-08 00:27:23 -06:00
Patrick Britton 25d3e213ea fix: hide NSFW posts entirely when user hasn't enabled NSFW - backend filtering + Flutter safety net 2026-02-08 00:19:44 -06:00
Patrick Britton b51c9ba90b feat: email notifications for deactivate/delete, typed confirmations, chat backup manager, provider invalidation on logout 2026-02-07 23:39:51 -06:00
Patrick Britton 77ef1ecac5 feat: wire image + video thumbnail moderation into post creation flow (OpenRouter vision model, worst-outcome merge) 2026-02-07 18:21:36 -06:00
Patrick Britton 8d00dc4fda fix: add is_nsfw/nsfw_reason to all post queries (profile, detail, saved, liked, chain, focus context) 2026-02-07 18:12:35 -06:00
Patrick Britton 8ea63edf8c fix: exclude NSFW posts from search, discover, trending, hashtag pages - only allow in following feed + own profile 2026-02-07 17:39:31 -06:00
Patrick Britton 27b48128fe feat: full NSFW system - Cinemax rules, auto-reclassify with warning, not-allowed removal with appeal email, blur toggle setting, user self-labeling 2026-02-07 16:58:57 -06:00
Patrick Britton 1f0461b4f4 feat: AI moderation audit log with admin feedback for training - DB migration, service methods, admin endpoints 2026-02-07 16:35:50 -06:00
Patrick Britton c83317c29c fix: COALESCE all bare p.duration_ms to prevent NULL scan crash on focus-context and other queries 2026-02-07 16:29:35 -06:00
Patrick Britton 10c48f1fd7 fix: badge count uses live query instead of stale cached column, excludes archived 2026-02-07 15:15:02 -06:00
Patrick Britton 67f74deb58 feat: anonymous beacons, video metadata stripping, remove beacon author exposure 
- GetNearbyBeacons no longer returns author info (anonymous placeholder)
- Beacons excluded from profile posts (GetPostsByAuthor)
- Vouch/report notifications removed for beacon privacy
- MediaHandler strips all metadata (EXIF/GPS/device) via ffmpeg before R2 upload
- Flutter beacon UI shows 'Anonymous Beacon' instead of author info
 2026-02-07 12:02:47 -06:00
Patrick Britton ecc02e10cc feat: implement account deactivation, deletion (14-day), and immediate destroy with email confirmation 2026-02-07 11:13:11 -06:00
Patrick Britton 95056aee82 Fix AI moderation: wrap content with moderation prefix, add temperature=0 and max_tokens to prevent conversational replies 2026-02-06 21:03:46 -06:00
Patrick Britton b10595f252 Age gating: birth month/year in registration, under-16 login block, under-18 NSFW block 2026-02-06 20:56:00 -06:00
Patrick Britton 256592379a NSFW content system: blur overlay, user toggle, AI tri-state (clean/nsfw/flag), feed filtering 2026-02-06 20:42:23 -06:00
Patrick Britton e81e9e52b7 Fix AI moderation parser: robust JSON extraction + score-based flagging override 2026-02-06 20:19:36 -06:00
Patrick Britton d40baf9bee AI moderation: detailed explanations per category in test results 2026-02-06 20:06:23 -06:00
Patrick Britton 7c52a1a1ed AI moderation config: OpenRouter integration, admin console page, 10s quip limit 2026-02-06 19:48:36 -06:00
Patrick Britton d73b73ac89 Remove hardcoded reserved names - all reserved usernames now DB-only via admin console 2026-02-06 17:26:02 -06:00
Patrick Britton 2fb413c8d2 Admin console: reserved usernames management + claim request review system 2026-02-06 17:13:15 -06:00
Patrick Britton 6a1f20759b Add reserved username + inappropriate content validation for registration and profile updates 2026-02-06 16:32:14 -06:00
Patrick Britton a94c91da24 Fix notification badge: exclude archived from count, recalculate on archive, update trigger 2026-02-06 15:44:58 -06:00
Patrick Britton 2ad148f607 Refactor SendPulse into shared service, wire app registration to Sojorn Members list (book 568122) 2026-02-06 15:33:58 -06:00
Patrick Britton 8186e9e71c Fix notifications: add archived_at to model/queries, archived tab returns only archived, add bottom nav to notifications screen 2026-02-06 14:30:18 -06:00
Patrick Britton b14e1fbfa3 Fix notification badge: archive marks as read; change notifications to full page 2026-02-06 13:04:36 -06:00
Patrick Britton 9fafda2e13 Fix moderation queue: add dismissed/actioned to CHECK constraint, full ban workflow from queue 2026-02-06 12:56:52 -06:00
Patrick Britton e5fd9bcaa5 Add account restored email on reactivation from ban/suspend 2026-02-06 12:39:18 -06:00
Patrick Britton d1b01aa5b2 Content jailing: hide all posts/comments on ban/suspend, restore on activate 2026-02-06 12:37:03 -06:00
Patrick Britton d32da021fb Fix admin ban: add banned/suspended to user_status enum, remove bad audit_log query 2026-02-06 12:30:00 -06:00
Patrick Britton 7e721aea21 Admin moderation: ban emails, post removal emails with strikes, appeal flow 2026-02-06 12:14:13 -06:00
Patrick Britton f4701b0d24 Ban enforcement: immediate session kill, IP logging, login/register/middleware checks 2026-02-06 12:09:02 -06:00
Patrick Britton 70fa1dddca Fix content filter: remove word boundaries to catch concatenated slurs 2026-02-06 12:01:19 -06:00
Patrick Britton f6c4bb88e0 Add layered content moderation: hard blocklist + strike system + client-side filter 2026-02-06 11:46:30 -06:00
Patrick Britton 35740f3fc6 Remove model param from OpenAI moderation request - let API default 2026-02-06 11:35:19 -06:00
Patrick Britton cc7c39ac33 Fix moderation: use text-moderation-latest model, fix FlagPost/FlagComment queries, add violation functions 2026-02-06 11:32:41 -06:00
Patrick Britton a87fcb60b6 Fix email verification: table-based HTML template, URL-encode tokens, remove base64 padding 2026-02-06 11:26:51 -06:00
Patrick Britton 66fe4bd60e Fix OpenAI Moderation API: correct response parsing, use omni-moderation-latest model 2026-02-06 11:12:00 -06:00
Patrick Britton ec5a0aad8b Fix posts query (like/comment counts), add multi-select with bulk actions to all list pages 2026-02-06 11:06:54 -06:00
Patrick Britton 766392e5b0 Visible Turnstile widget with refresh button, always verify on backend 2026-02-06 10:31:05 -06:00
Patrick Britton de5ad23763 Fix: skip Turnstile when no token provided (IP access before DNS) 2026-02-06 10:29:55 -06:00
Patrick Britton 29772fa1e4 Add R2 storage browser to admin panel 2026-02-06 10:13:35 -06:00
Patrick Britton 14d8ca9ac0 Add invisible Turnstile verification to admin login 2026-02-06 09:40:43 -06:00
Patrick Britton e3d626c040 Add admin login endpoint (no Turnstile), use port 3002 2026-02-06 09:33:52 -06:00
Patrick Britton 96616bd81f Add admin panel: backend middleware, handler, routes + Next.js frontend 2026-02-06 09:15:57 -06:00
Patrick Britton 0954c1e2a3 feat: add Turnstile to login, improve email templates, and security cleanup 
- Add Cloudflare Turnstile verification to login flow
- Add API_BASE_URL and APP_BASE_URL to config for environment flexibility
- Redesign verification and password reset emails with modern HTML templates
- Use config URLs instead of hardcoded domains in auth handlers
- Remove sensitive logging from OTK operations for security
- Delete unused deployment and draft inspection scripts
- Add TURNSTILE_SITE_KEY to Flutter run
 2026-02-06 08:51:34 -06:00
Patrick Britton c9d8e0c7e6 feat: comprehensive security audit and cleanup 
SECURITY CLEANUP COMPLETED

 High Priority - Sensitive Data Removed:
- Delete directus_ecosystem_with_keys.js (contained DB password & API keys)
- Delete directus_ecosystem_updated.js (contained credentials)
- Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key)
- Delete temp_server.env (complete production secrets)
- Delete check_config.js (API key inspection script)
- Delete extract_keys.ps1/.bat (key extraction scripts)
- Delete fix_database_url.sh (server IP & SSH paths)
- Delete setup_fcm_server.sh (sensitive config procedures)

 Medium Priority - AI-Generated Test Files:
- Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests)
- Delete 10 test registration JSON files (registration flow tests)
- Delete 4 temporary Go files (AI-generated patches)

 Low Priority - Temporary Artifacts:
- Delete _tmp_* files and directories
- Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini)
- Delete import requests.py (Python test script)

 Files Secured (Legitimate):
- Keep .env file (contains legitimate production secrets)
- Keep production scripts and configuration files
- Keep organized migrations and documentation

 Cleanup Summary:
- 30+ files removed
- Risk level: HIGH  LOW
- No exposed API keys or credentials
- Clean project structure
- Enhanced security posture

 Documentation Added:
- SECURITY_AUDIT_CLEANUP.md - Complete audit report
- SQL_MIGRATION_ORGANIZATION.md - Migration organization guide
- ENHANCED_REGISTRATION_FLOW.md - Registration system docs
- TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs
- USER_APPEAL_SYSTEM.md - Appeal system documentation

Benefits:
- Eliminated API key exposure
- Removed sensitive server information
- Clean AI-generated test artifacts
- Professional project organization
- Enhanced security practices
- Comprehensive documentation
 2026-02-05 09:22:30 -06:00
Patrick Britton 73019a0e6c fix: update Turnstile environment variable name 
- Change TURNSTILE_SECRET_KEY to TURNSTILE_SECRET to match server .env
- Update config loading to use correct environment variable
- Update .env.example for consistency
 2026-02-05 09:10:26 -06:00
Patrick Britton 4eebd27e69 feat: implement Cloudflare Turnstile, terms acceptance, and email preferences 
- Add Cloudflare Turnstile verification to registration flow
- Require terms of service and privacy policy acceptance
- Add email newsletter and contact preference options
- Update User model with email preference fields
- Create database migration for email preferences
- Add Turnstile service with Cloudflare API integration
- Update registration request structure with new required fields
- Add Turnstile secret key configuration
- Include development bypass for testing

Registration now requires:
- Turnstile token verification
- Terms of service acceptance
- Privacy policy acceptance
- Optional email newsletter/contact preferences
 2026-02-05 08:59:05 -06:00
Patrick Britton 997d6437be feat: implement nuanced violation system with content deletion 
- Replace immediate bans with content deletion + account marking
- Hard violations: immediate content deletion, account warning/suspension
- Soft violations: content hidden pending moderation/appeal
- Add content deletion tracking and account status changes
- Implement progressive account status (active  warning  suspended  banned)
- Track content deletions, warnings, and suspensions in violation history
- Update violation thresholds to be more lenient (3 hard = banned, 8 total = banned)
- Add content deletion reason and account status change tracking

This creates a more nuanced approach where users get multiple chances
before being banned, with clear content removal for serious violations.
 2026-02-05 07:59:35 -06:00
Patrick Britton 277fc299b2 fix: remove unused variables in appeal handler 2026-02-05 07:57:21 -06:00