patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/sojorn_docs/troubleshooting/READ_FIRST.md
Patrick Britton 38653f5854 Sojorn Backend Finalization & Cleanup - Complete Migration from Supabase 
##  Phase 1: Critical Feature Completion (Beacon Voting)
- Add VouchBeacon, ReportBeacon, RemoveBeaconVote methods to PostRepository
- Implement beacon voting HTTP handlers with confidence score calculations
- Register new beacon routes: /beacons/:id/vouch, /beacons/:id/report, /beacons/:id/vouch (DELETE)
- Auto-flag beacons at 5+ reports, confidence scoring (0.5 base + 0.1 per vouch)

##  Phase 2: Feed Logic & Post Distribution Integrity
- Verify unified feed logic supports all content types (Standard, Quips, Beacons)
- Ensure proper distribution: Profile Feed + Main/Home Feed for followers
- Beacon Map integration for location-based content
- Video content filtering for Quips feed

##  Phase 3: The Notification System
- Create comprehensive NotificationService with FCM integration
- Add CreateNotification method to NotificationRepository
- Implement smart deep linking: beacon_map, quip_feed, main_feed
- Trigger notifications for beacon interactions and cross-post comments
- Push notification logic with proper content type detection

##  Phase 4: The Great Supabase Purge
- Delete function_proxy.go and remove /functions/:name route
- Remove SupabaseURL, SupabaseKey from config.go
- Remove SupabaseID field from User model
- Clean all Supabase imports and dependencies
- Sanitize codebase of legacy Supabase references

##  Phase 5: Flutter Frontend Integration
- Implement vouchBeacon(), reportBeacon(), removeBeaconVote() in ApiService
- Replace TODO delay in video_comments_sheet.dart with actual publishComment call
- Fix compilation errors (named parameters, orphaned child properties)
- Complete frontend integration with Go API endpoints

##  Additional Improvements
- Fix compilation errors in threaded_comment_widget.dart (orphaned child property)
- Update video_comments_sheet.dart to use proper named parameters
- Comprehensive error handling and validation
- Production-ready notification system with deep linking

##  Migration Status: 100% Complete
- Backend: Fully migrated from Supabase to custom Go/Gin API
- Frontend: Integrated with new Go endpoints
- Notifications: Complete FCM integration with smart routing
- Database: Clean of all Supabase dependencies
- Features: All functionality preserved and enhanced

Ready for VPS deployment and production testing!
2026-01-30 09:24:31 -06:00

2.6 KiB
Raw Blame History

ARCHITECTURAL CONSTRAINT: SUPABASE AUTHENTICATION & TOKEN MANAGEMENT

CRITICAL RULE: You are STRICTLY FORBIDDEN from implementing manual JWT refresh logic, manual token expiration checks, or custom 401 retry loops in ApiService or any other service.

Context: The Supabase Flutter SDK (supabase_flutter) manages the session lifecycle, token refreshing, and persistence automatically. Previous attempts to manually refresh sessions created a race condition with the SDK, triggering Supabase's "Token Reuse Detection," which invalidates the user's entire session family and logs them out.

Enforcement Guidelines:

  1. NO Manual Refreshes:

    • Never call supabase.auth.refreshSession() manually inside API interceptors or service methods.
    • Never strictly check session.expiresAt before making a call. Trust the SDK to handle the header.
    • Forbidden Pattern: if (tokenExpired) await refreshSession();

  2. NO Custom 401 Handling:

    • Do not wrap API calls in try/catch blocks that specifically catch 401 Unauthorized to attempt a re-login or refresh.
    • If a 401 occurs, allow the error to bubble up. The app's AuthGate (listening to the onAuthStateChange stream) will handle the logout naturally.

  3. Required Initialization Pattern (main.dart):

    • Always initialize Supabase with the PKCE flow to ensure stability on mobile.
    • Code Standard: 
      await Supabase.initialize(
  url: ...,
  anonKey: ...,
  authOptions: const FlutterAuthClientOptions(
    authFlowType: AuthFlowType.pkce, // MANDATORY
    autoRefreshToken: true,
  ),
);

  4. Required Edge Function Call Pattern (api_service.dart):

    • Use the SDK's functions.invoke method. It automatically injects the correct, fresh Bearer token.
    • Code Standard: 
      // DO THIS:
final response = await _supabase.functions.invoke('function-name', ...);

// DO NOT DO THIS:
// final token = _supabase.auth.currentSession.accessToken;
// final response = http.post(..., headers: {'Authorization': 'Bearer $token'});

  5. State Management (auth_provider.dart):

    • User state must always be derived reactively from supabase.auth.authStateChanges. Never rely on a static User? variable that might become stale.

Correction Protocol: If you encounter code that violates these rules (e.g., variables like _refreshCooldown or _refreshInFlight), DELETE IT IMMEDIATELY and refactor to use the standard SDK methods.