patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
168 commits 2 branches 0 tags 189 MiB
Commit graph

168 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Britton d73b73ac89 Remove hardcoded reserved names - all reserved usernames now DB-only via admin console 2026-02-06 17:26:02 -06:00
Patrick Britton 2fb413c8d2 Admin console: reserved usernames management + claim request review system 2026-02-06 17:13:15 -06:00
Patrick Britton 6a1f20759b Add reserved username + inappropriate content validation for registration and profile updates 2026-02-06 16:32:14 -06:00
Patrick Britton 9d7aa46a0d Fix bracket mismatch in notifications_screen.dart 2026-02-06 16:15:03 -06:00
Patrick Britton 72264c3044 NotificationsScreen + DiscoverScreen: match Thread screen AppBar (back, home/search/chat actions, full-page push) 2026-02-06 16:12:12 -06:00
Patrick Britton 8d52e34647 DiscoverScreen: match Thread screen AppBar (back, title, home/chat actions) 2026-02-06 16:04:49 -06:00
Patrick Britton b8bd45c0f9 NotificationsScreen: match Thread screen AppBar (back, title, home/chat actions, tab bar) 2026-02-06 16:03:50 -06:00
Patrick Britton 858d57b5b2 Keep original bottom nav, navigate search/notifications inside shell with Threads-style top bar 2026-02-06 16:00:07 -06:00
Patrick Britton 8623596903 Revert "Threads-style nav: Home, Search, +, Activity (heart+badge), Profile as bottom nav tabs" 
This reverts commit 7f81923b3e.
 2026-02-06 15:58:58 -06:00
Patrick Britton 7f81923b3e Threads-style nav: Home, Search, +, Activity (heart+badge), Profile as bottom nav tabs 2026-02-06 15:57:16 -06:00
Patrick Britton 863ddfe654 Revert "Fix: Search and Notifications render inside shell (bottom nav stays visible), remove duplicate nav" 
This reverts commit d3aa09424e.
 2026-02-06 15:55:33 -06:00
Patrick Britton d3aa09424e Fix: Search and Notifications render inside shell (bottom nav stays visible), remove duplicate nav 2026-02-06 15:51:59 -06:00
Patrick Britton c9add58b8b Revert "Threads-style nav: move Search and Activity into bottom nav tabs, remove duplicate nav from NotificationsScreen" 
This reverts commit 1376802f76.
 2026-02-06 15:50:38 -06:00
Patrick Britton 1376802f76 Threads-style nav: move Search and Activity into bottom nav tabs, remove duplicate nav from NotificationsScreen 2026-02-06 15:49:46 -06:00
Patrick Britton a94c91da24 Fix notification badge: exclude archived from count, recalculate on archive, update trigger 2026-02-06 15:44:58 -06:00
Patrick Britton d83cdb3778 Fix orphaned string literals in local_message_store.dart causing build failure 2026-02-06 15:40:36 -06:00
Patrick Britton 2ad148f607 Refactor SendPulse into shared service, wire app registration to Sojorn Members list (book 568122) 2026-02-06 15:33:58 -06:00
Patrick Britton 90ff6e223b Wire SendPulse newsletter signup into waitlist endpoint, add subscriber to address book 568090 2026-02-06 14:45:51 -06:00
Patrick Britton b91e42d005 Add coming soon landing page with waitlist signup, add waitlist API endpoint 2026-02-06 14:40:37 -06:00
Patrick Britton 8186e9e71c Fix notifications: add archived_at to model/queries, archived tab returns only archived, add bottom nav to notifications screen 2026-02-06 14:30:18 -06:00
Patrick Britton 46566f394b Clean up: fix run scripts, remove 190+ debug print statements from 22 files, keep only FCM debugPrints for active notification work 2026-02-06 14:13:03 -06:00
Patrick Britton b14e1fbfa3 Fix notification badge: archive marks as read; change notifications to full page 2026-02-06 13:04:36 -06:00
Patrick Britton 9fafda2e13 Fix moderation queue: add dismissed/actioned to CHECK constraint, full ban workflow from queue 2026-02-06 12:56:52 -06:00
Patrick Britton 1d8ef9135e Admin: preset reason options for ban/suspend/activate modals + custom option 2026-02-06 12:41:43 -06:00
Patrick Britton e5fd9bcaa5 Add account restored email on reactivation from ban/suspend 2026-02-06 12:39:18 -06:00
Patrick Britton d1b01aa5b2 Content jailing: hide all posts/comments on ban/suspend, restore on activate 2026-02-06 12:37:03 -06:00
Patrick Britton d32da021fb Fix admin ban: add banned/suspended to user_status enum, remove bad audit_log query 2026-02-06 12:30:00 -06:00
Patrick Britton 6edaf9206f Admin: fix silent error swallowing - show alerts on action failures 2026-02-06 12:23:52 -06:00
Patrick Britton 7e721aea21 Admin moderation: ban emails, post removal emails with strikes, appeal flow 2026-02-06 12:14:13 -06:00
Patrick Britton f4701b0d24 Ban enforcement: immediate session kill, IP logging, login/register/middleware checks 2026-02-06 12:09:02 -06:00
Patrick Britton 70fa1dddca Fix content filter: remove word boundaries to catch concatenated slurs 2026-02-06 12:01:19 -06:00
Patrick Britton b5002c1ce4 Replace blocked content popup with Instagram-style inline banner 2026-02-06 11:53:32 -06:00
Patrick Britton f6c4bb88e0 Add layered content moderation: hard blocklist + strike system + client-side filter 2026-02-06 11:46:30 -06:00
Patrick Britton 35740f3fc6 Remove model param from OpenAI moderation request - let API default 2026-02-06 11:35:19 -06:00
Patrick Britton cc7c39ac33 Fix moderation: use text-moderation-latest model, fix FlagPost/FlagComment queries, add violation functions 2026-02-06 11:32:41 -06:00
Patrick Britton a87fcb60b6 Fix email verification: table-based HTML template, URL-encode tokens, remove base64 padding 2026-02-06 11:26:51 -06:00
Patrick Britton 66fe4bd60e Fix OpenAI Moderation API: correct response parsing, use omni-moderation-latest model 2026-02-06 11:12:00 -06:00
Patrick Britton ec5a0aad8b Fix posts query (like/comment counts), add multi-select with bulk actions to all list pages 2026-02-06 11:06:54 -06:00
Patrick Britton 766392e5b0 Visible Turnstile widget with refresh button, always verify on backend 2026-02-06 10:31:05 -06:00
Patrick Britton de5ad23763 Fix: skip Turnstile when no token provided (IP access before DNS) 2026-02-06 10:29:55 -06:00
Patrick Britton 29772fa1e4 Add R2 storage browser to admin panel 2026-02-06 10:13:35 -06:00
Patrick Britton 14d8ca9ac0 Add invisible Turnstile verification to admin login 2026-02-06 09:40:43 -06:00
Patrick Britton e3d626c040 Add admin login endpoint (no Turnstile), use port 3002 2026-02-06 09:33:52 -06:00
Patrick Britton 896fd51dbc Fix: remove legacy admin appeal routes that conflict with new admin group 2026-02-06 09:29:27 -06:00
Patrick Britton 96616bd81f Add admin panel: backend middleware, handler, routes + Next.js frontend 2026-02-06 09:15:57 -06:00
Patrick Britton 0954c1e2a3 feat: add Turnstile to login, improve email templates, and security cleanup 
- Add Cloudflare Turnstile verification to login flow
- Add API_BASE_URL and APP_BASE_URL to config for environment flexibility
- Redesign verification and password reset emails with modern HTML templates
- Use config URLs instead of hardcoded domains in auth handlers
- Remove sensitive logging from OTK operations for security
- Delete unused deployment and draft inspection scripts
- Add TURNSTILE_SITE_KEY to Flutter run
 2026-02-06 08:51:34 -06:00
Patrick Britton c9d8e0c7e6 feat: comprehensive security audit and cleanup 
SECURITY CLEANUP COMPLETED

 High Priority - Sensitive Data Removed:
- Delete directus_ecosystem_with_keys.js (contained DB password & API keys)
- Delete directus_ecosystem_updated.js (contained credentials)
- Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key)
- Delete temp_server.env (complete production secrets)
- Delete check_config.js (API key inspection script)
- Delete extract_keys.ps1/.bat (key extraction scripts)
- Delete fix_database_url.sh (server IP & SSH paths)
- Delete setup_fcm_server.sh (sensitive config procedures)

 Medium Priority - AI-Generated Test Files:
- Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests)
- Delete 10 test registration JSON files (registration flow tests)
- Delete 4 temporary Go files (AI-generated patches)

 Low Priority - Temporary Artifacts:
- Delete _tmp_* files and directories
- Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini)
- Delete import requests.py (Python test script)

 Files Secured (Legitimate):
- Keep .env file (contains legitimate production secrets)
- Keep production scripts and configuration files
- Keep organized migrations and documentation

 Cleanup Summary:
- 30+ files removed
- Risk level: HIGH  LOW
- No exposed API keys or credentials
- Clean project structure
- Enhanced security posture

 Documentation Added:
- SECURITY_AUDIT_CLEANUP.md - Complete audit report
- SQL_MIGRATION_ORGANIZATION.md - Migration organization guide
- ENHANCED_REGISTRATION_FLOW.md - Registration system docs
- TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs
- USER_APPEAL_SYSTEM.md - Appeal system documentation

Benefits:
- Eliminated API key exposure
- Removed sensitive server information
- Clean AI-generated test artifacts
- Professional project organization
- Enhanced security practices
- Comprehensive documentation
 2026-02-05 09:22:30 -06:00
Patrick Britton 0bb1dd4055 feat: organize SQL scripts into structured migration folders 
- Create organized migration folder structure:
  - database/ - Core schema changes and migrations
  - tests/ - Test scripts and verification queries
  - directus/ - Directus CMS configuration scripts
  - fixes/ - Database fixes and patches
  - archive/ - Historical and deprecated scripts

- Move 60+ SQL files from root to appropriate folders
- Add comprehensive README with usage guidelines
- Consolidate old migrations_archive into new archive folder
- Maintain clear separation of concerns for different script types

Benefits:
- Cleaner project root directory
- Easier to find specific types of SQL scripts
- Better organization for maintenance and development
- Clear documentation for migration procedures
- Proper separation of production vs development scripts
 2026-02-05 09:13:47 -06:00
Patrick Britton 73019a0e6c fix: update Turnstile environment variable name 
- Change TURNSTILE_SECRET_KEY to TURNSTILE_SECRET to match server .env
- Update config loading to use correct environment variable
- Update .env.example for consistency
 2026-02-05 09:10:26 -06:00
Patrick Britton 4eebd27e69 feat: implement Cloudflare Turnstile, terms acceptance, and email preferences 
- Add Cloudflare Turnstile verification to registration flow
- Require terms of service and privacy policy acceptance
- Add email newsletter and contact preference options
- Update User model with email preference fields
- Create database migration for email preferences
- Add Turnstile service with Cloudflare API integration
- Update registration request structure with new required fields
- Add Turnstile secret key configuration
- Include development bypass for testing

Registration now requires:
- Turnstile token verification
- Terms of service acceptance
- Privacy policy acceptance
- Optional email newsletter/contact preferences
 2026-02-05 08:59:05 -06:00