sojorn

Author	SHA1	Message	Date
Patrick Britton	cae9a479da	fix: remove user_id from profiles query - column doesn't exist	2026-02-08 12:13:36 -06:00
Patrick Britton	3d371e965e	feat: add ListOfficialProfiles endpoint + profiles grid in admin UI	2026-02-08 11:39:27 -06:00
Patrick Britton	2dae622dea	feat: official accounts management - AI post generation, RSS news import (NPR/AP/BMTN), scheduled auto-posting, admin UI	2026-02-08 11:30:44 -06:00
Patrick Britton	6621e323e6	feat: admin create user + import content (posts/quips/beacons) endpoints	2026-02-08 09:43:55 -06:00
Patrick Britton	8d419ba057	fix: close ALL NSFW leaks - GetPostByID, GetPostChain, GetPostFocusContext now filter NSFW server-side	2026-02-08 00:27:23 -06:00
Patrick Britton	25d3e213ea	fix: hide NSFW posts entirely when user hasn't enabled NSFW - backend filtering + Flutter safety net	2026-02-08 00:19:44 -06:00
Patrick Britton	b51c9ba90b	feat: email notifications for deactivate/delete, typed confirmations, chat backup manager, provider invalidation on logout	2026-02-07 23:39:51 -06:00
Patrick Britton	77ef1ecac5	feat: wire image + video thumbnail moderation into post creation flow (OpenRouter vision model, worst-outcome merge)	2026-02-07 18:21:36 -06:00
Patrick Britton	8d00dc4fda	fix: add is_nsfw/nsfw_reason to all post queries (profile, detail, saved, liked, chain, focus context)	2026-02-07 18:12:35 -06:00
Patrick Britton	8ea63edf8c	fix: exclude NSFW posts from search, discover, trending, hashtag pages - only allow in following feed + own profile	2026-02-07 17:39:31 -06:00
Patrick Britton	27b48128fe	feat: full NSFW system - Cinemax rules, auto-reclassify with warning, not-allowed removal with appeal email, blur toggle setting, user self-labeling	2026-02-07 16:58:57 -06:00
Patrick Britton	1f0461b4f4	feat: AI moderation audit log with admin feedback for training - DB migration, service methods, admin endpoints	2026-02-07 16:35:50 -06:00
Patrick Britton	c83317c29c	fix: COALESCE all bare p.duration_ms to prevent NULL scan crash on focus-context and other queries	2026-02-07 16:29:35 -06:00
Patrick Britton	10c48f1fd7	fix: badge count uses live query instead of stale cached column, excludes archived	2026-02-07 15:15:02 -06:00
Patrick Britton	67f74deb58	feat: anonymous beacons, video metadata stripping, remove beacon author exposure - GetNearbyBeacons no longer returns author info (anonymous placeholder) - Beacons excluded from profile posts (GetPostsByAuthor) - Vouch/report notifications removed for beacon privacy - MediaHandler strips all metadata (EXIF/GPS/device) via ffmpeg before R2 upload - Flutter beacon UI shows 'Anonymous Beacon' instead of author info	2026-02-07 12:02:47 -06:00
Patrick Britton	ecc02e10cc	feat: implement account deactivation, deletion (14-day), and immediate destroy with email confirmation	2026-02-07 11:13:11 -06:00
Patrick Britton	95056aee82	Fix AI moderation: wrap content with moderation prefix, add temperature=0 and max_tokens to prevent conversational replies	2026-02-06 21:03:46 -06:00
Patrick Britton	b10595f252	Age gating: birth month/year in registration, under-16 login block, under-18 NSFW block	2026-02-06 20:56:00 -06:00
Patrick Britton	256592379a	NSFW content system: blur overlay, user toggle, AI tri-state (clean/nsfw/flag), feed filtering	2026-02-06 20:42:23 -06:00
Patrick Britton	e81e9e52b7	Fix AI moderation parser: robust JSON extraction + score-based flagging override	2026-02-06 20:19:36 -06:00
Patrick Britton	d40baf9bee	AI moderation: detailed explanations per category in test results	2026-02-06 20:06:23 -06:00
Patrick Britton	7c52a1a1ed	AI moderation config: OpenRouter integration, admin console page, 10s quip limit	2026-02-06 19:48:36 -06:00
Patrick Britton	d73b73ac89	Remove hardcoded reserved names - all reserved usernames now DB-only via admin console	2026-02-06 17:26:02 -06:00
Patrick Britton	2fb413c8d2	Admin console: reserved usernames management + claim request review system	2026-02-06 17:13:15 -06:00
Patrick Britton	6a1f20759b	Add reserved username + inappropriate content validation for registration and profile updates	2026-02-06 16:32:14 -06:00
Patrick Britton	a94c91da24	Fix notification badge: exclude archived from count, recalculate on archive, update trigger	2026-02-06 15:44:58 -06:00
Patrick Britton	2ad148f607	Refactor SendPulse into shared service, wire app registration to Sojorn Members list (book 568122)	2026-02-06 15:33:58 -06:00
Patrick Britton	8186e9e71c	Fix notifications: add archived_at to model/queries, archived tab returns only archived, add bottom nav to notifications screen	2026-02-06 14:30:18 -06:00
Patrick Britton	b14e1fbfa3	Fix notification badge: archive marks as read; change notifications to full page	2026-02-06 13:04:36 -06:00
Patrick Britton	9fafda2e13	Fix moderation queue: add dismissed/actioned to CHECK constraint, full ban workflow from queue	2026-02-06 12:56:52 -06:00
Patrick Britton	e5fd9bcaa5	Add account restored email on reactivation from ban/suspend	2026-02-06 12:39:18 -06:00
Patrick Britton	d1b01aa5b2	Content jailing: hide all posts/comments on ban/suspend, restore on activate	2026-02-06 12:37:03 -06:00
Patrick Britton	d32da021fb	Fix admin ban: add banned/suspended to user_status enum, remove bad audit_log query	2026-02-06 12:30:00 -06:00
Patrick Britton	7e721aea21	Admin moderation: ban emails, post removal emails with strikes, appeal flow	2026-02-06 12:14:13 -06:00
Patrick Britton	f4701b0d24	Ban enforcement: immediate session kill, IP logging, login/register/middleware checks	2026-02-06 12:09:02 -06:00
Patrick Britton	70fa1dddca	Fix content filter: remove word boundaries to catch concatenated slurs	2026-02-06 12:01:19 -06:00
Patrick Britton	f6c4bb88e0	Add layered content moderation: hard blocklist + strike system + client-side filter	2026-02-06 11:46:30 -06:00
Patrick Britton	35740f3fc6	Remove model param from OpenAI moderation request - let API default	2026-02-06 11:35:19 -06:00
Patrick Britton	cc7c39ac33	Fix moderation: use text-moderation-latest model, fix FlagPost/FlagComment queries, add violation functions	2026-02-06 11:32:41 -06:00
Patrick Britton	a87fcb60b6	Fix email verification: table-based HTML template, URL-encode tokens, remove base64 padding	2026-02-06 11:26:51 -06:00
Patrick Britton	66fe4bd60e	Fix OpenAI Moderation API: correct response parsing, use omni-moderation-latest model	2026-02-06 11:12:00 -06:00
Patrick Britton	ec5a0aad8b	Fix posts query (like/comment counts), add multi-select with bulk actions to all list pages	2026-02-06 11:06:54 -06:00
Patrick Britton	766392e5b0	Visible Turnstile widget with refresh button, always verify on backend	2026-02-06 10:31:05 -06:00
Patrick Britton	de5ad23763	Fix: skip Turnstile when no token provided (IP access before DNS)	2026-02-06 10:29:55 -06:00
Patrick Britton	29772fa1e4	Add R2 storage browser to admin panel	2026-02-06 10:13:35 -06:00
Patrick Britton	14d8ca9ac0	Add invisible Turnstile verification to admin login	2026-02-06 09:40:43 -06:00
Patrick Britton	e3d626c040	Add admin login endpoint (no Turnstile), use port 3002	2026-02-06 09:33:52 -06:00
Patrick Britton	96616bd81f	Add admin panel: backend middleware, handler, routes + Next.js frontend	2026-02-06 09:15:57 -06:00
Patrick Britton	0954c1e2a3	feat: add Turnstile to login, improve email templates, and security cleanup - Add Cloudflare Turnstile verification to login flow - Add API_BASE_URL and APP_BASE_URL to config for environment flexibility - Redesign verification and password reset emails with modern HTML templates - Use config URLs instead of hardcoded domains in auth handlers - Remove sensitive logging from OTK operations for security - Delete unused deployment and draft inspection scripts - Add TURNSTILE_SITE_KEY to Flutter run	2026-02-06 08:51:34 -06:00
Patrick Britton	c9d8e0c7e6	feat: comprehensive security audit and cleanup SECURITY CLEANUP COMPLETED High Priority - Sensitive Data Removed: - Delete directus_ecosystem_with_keys.js (contained DB password & API keys) - Delete directus_ecosystem_updated.js (contained credentials) - Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key) - Delete temp_server.env (complete production secrets) - Delete check_config.js (API key inspection script) - Delete extract_keys.ps1/.bat (key extraction scripts) - Delete fix_database_url.sh (server IP & SSH paths) - Delete setup_fcm_server.sh (sensitive config procedures) Medium Priority - AI-Generated Test Files: - Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests) - Delete 10 test registration JSON files (registration flow tests) - Delete 4 temporary Go files (AI-generated patches) Low Priority - Temporary Artifacts: - Delete _tmp_* files and directories - Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini) - Delete import requests.py (Python test script) Files Secured (Legitimate): - Keep .env file (contains legitimate production secrets) - Keep production scripts and configuration files - Keep organized migrations and documentation Cleanup Summary: - 30+ files removed - Risk level: HIGH LOW - No exposed API keys or credentials - Clean project structure - Enhanced security posture Documentation Added: - SECURITY_AUDIT_CLEANUP.md - Complete audit report - SQL_MIGRATION_ORGANIZATION.md - Migration organization guide - ENHANCED_REGISTRATION_FLOW.md - Registration system docs - TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs - USER_APPEAL_SYSTEM.md - Appeal system documentation Benefits: - Eliminated API key exposure - Removed sensitive server information - Clean AI-generated test artifacts - Professional project organization - Enhanced security practices - Comprehensive documentation	2026-02-05 09:22:30 -06:00

1 2

81 commits