Changelog
Track all the latest updates, features, and improvements to Whispr
fix: Removed analytics trending posts links - display as static metrics to eliminate 404 errors
- Removed click-to-open button from trending posts in analytics page - Posts now display as static information showing engagement metrics (views, likes, comments) - Eliminates 404 errors from attempting to fetch chain posts through incorrect API route - Trending posts section now shows performance data without navigation
5c60b91feat: Implement comprehensive Chronicles moderation flag system with appeal mechanism
This major update introduces a complete content moderation workflow for Chronicles posts and chain entries, including: MODERATION FLAG SYSTEM: - Implemented 4-state flag status system: pending, under_review, resolved, dismissed - Color-coded visual indicators for each status (Yellow/Blue/Orange/Green) - Created dedicated APIs for fetching and managing flag status - Integrated flag checks across all post views APPEAL MECHANISM: - Added appeal API endpoint (/api/chronicles/posts/[slug]/appeal) - Allows creators to appeal flagged posts (pending → under_review) - Toast notifications for successful/failed appeal submissions - Updated post status display to reflect appeal state PUBLIC-FACING CHANGES: - Display flag status badges on public post view - Show blue info banner when post is under review or resolved - Disable like, comment, share buttons for flagged posts - Hide comment input form when post is flagged - Informative messages explaining why interactions are disabled DASHBOARD & INTERNAL PAGES: - Added flag status badges to Chronicles dashboard posts - Flagged entry indicators on writing chains list - Flag status display on individual chain entry pages - Color-coded badges for quick status recognition INFRASTRUCTURE IMPROVEMENTS: - Fixed content display bug in Chronicles post editor (ref fallback with retry logic) - Fixed share button error handling (graceful failure for secondary features) - Fixed syntax error in engagement bar section - Added Suspense boundary to write page for Next.js 16+ compatibility API ENHANCEMENTS: - Updated all post fetch endpoints to include flag status - Enhanced chain APIs to track flagged entries - Optimized queries with Maps for efficient flag lookup - Improved error handling for share tracking TECHNICAL DETAILS: - useEffect retry mechanism for DOM element discovery - Parallel data fetching for improved performance - Proper null checks for anonymous shares - Environment-aware service role key usage This implementation provides a complete moderation workflow visible to creators while maintaining a clean user experience for readers. The system is designed to be extensible for future admin features. Commits: +27 files modified, several new API routes and components added
feab9cefix: Fix back button in chronicles feed page
Fixed invalid Button component usage: - Removed invalid `link` prop from Button - Removed invalid `href` prop from Button - Wrapped Button with Link component for proper routing - Matches the pattern used elsewhere in the component - Maintains styling with variant="outline"
780accefeat: Add theme toggle to chronicles sidebar and create Whispr AI page
1. Enhanced chronicles-header.tsx sidebar: - Added Sun/Moon icons to imports - Added setTheme to useTheme hook - Added theme toggle button to desktop sidebar footer - Added theme toggle button to mobile sidebar - Theme persists across navigation 2. Created new /chronicles/whispr-ai page: - Fully responsive design (desktop + mobile optimized) - Theme responsive (light/dark mode with gradients) - Uses brand colors: white, black, red-600 - Shows Whispr AI is premium mobile-only feature - Token-based pricing information - Download cards for iOS (Coming Soon) and Android - Fetches latest build info from /api/builds/latest - APK and AAB download options with file sizes - Features showcase (3 key benefits) - Premium badge explaining token-based system - Step-by-step getting started guide - Call-to-action section linking to download page Design highlights: - Red-600 primary color with #911A1B accent - Gradient backgrounds responsive to theme - Smooth transitions and hover effects - Mobile-first responsive grid layouts - Professional shadow effects - Clear typography hierarchy
27a1398fix: Properly transform chain entries count in API response
Fixed chains list API to return entries_count correctly: Issue: - API was using .select('*, entries:chronicles_chain_entries(count)') - This returns count in nested structure: entries[0].count - Frontend expected entries_count as direct property Solution: - Transform API response to map entries[0].count to entries_count - Remove nested entries array from response - Frontend now receives properly formatted data Result: - Chains list now shows correct entry count - Each chain displays: "N entries • created DATE" - No frontend changes needed
5a09e26feat: Add RLS trigger fix for notification system
Created migration to fix 'row-level security policy violation' error: 1. Created migration file: scripts/028-fix-notification-triggers-rls.sql - Fixes handle_chain_created() trigger with SECURITY DEFINER - Fixes handle_chain_entry_post_created() trigger with SECURITY DEFINER - Adds SET search_path = public for safety 2. Created documentation: RLS_TRIGGER_FIX_GUIDE.md - Explains the RLS policy violation problem - Details why triggers were being blocked - Provides instructions for applying the fix - Explains SECURITY DEFINER and its implications Problem solved: - Chain creation was failing with RLS policy violation - Trigger inserts into chronicles_notifications were blocked - SECURITY DEFINER allows triggers to run with elevated permissions - This is standard practice for background/notification triggers Next step: Apply the migration via Supabase SQL Editor"
0cbda0ffix: Use /api/session endpoint for chain creation authentication
Changed chain creation page to properly validate authentication: 1. Replaced direct Supabase client initialization with /api/session endpoint - Calls /api/session on component mount to check if user is authenticated - Shows loading state while checking authentication - Redirects to login/signup if not authenticated (preserves mobile app API) 2. Updated authentication flow: - useEffect hook checks /api/session on mount - Sets notLoggedIn state if not authenticated - Shows auth-required UI with login/signup links if needed - Uses createSupabaseBrowser for token when creating chain 3. UI improvements: - Shows loading spinner while checking authentication - Displays auth-required message if not logged in - Provides links to login/signup pages - Only shows form if user is authenticated Benefits: - No longer breaks /api/session endpoint (mobile app still works) - Proper session validation on page load - Better user experience with clear auth status - Uses Supabase browser client for token retrieval"
3c9837efix: Like button state tracking and share counter increment
1. Fixed like button state tracking in chain-entry-detail.tsx: - Changed checkLiked query from non-existent 'chronicles_chain_entry_reactions' table - Now correctly queries 'chronicles_chain_entry_post_likes' table - Button now properly shows liked/unliked state on page load (❤️ vs 🤍) 2. Fixed share counter increment in engage/route.ts: - Removed invalid supabase.rpc('increment_counter') call - Now uses same pattern as likes/views: fetch current count and increment - Resolves 'invalid input syntax for type integer' error when sharing Benefits: - Like button visual state now matches actual like status in database - Share button works without errors - All engagement actions (like, share, view) use consistent counter logic - User gets proper visual feedback when they've already liked a post"
f7e6f77fix: Use correct chain entry post tables for comments and likes
Critical fix for chain entry engagement features: 1. Comments API (/api/chronicles/chains/[chainId]/entries/[entryId]/comments/route.ts): - Changed from 'chronicles_comments' to 'chronicles_chain_entry_post_comments' - Changed column 'post_id' to 'chain_entry_post_id' - Fixed both GET and POST handlers 2. Comment deletion API (/api/chronicles/chains/[chainId]/entries/[entryId]/comments/[commentId]/route.ts): - Changed from 'chronicles_comments' to 'chronicles_chain_entry_post_comments' - Added await params for Next.js 15+ compatibility - Fixed query to use 'chain_entry_post_id' instead of 'post_id' 3. Engagement/likes API (/api/chronicles/chains/[chainId]/entries/[entryId]/engage/route.ts): - Changed from 'chronicles_comment_reactions' to 'chronicles_chain_entry_post_likes' - Changed column 'comment_id' to 'chain_entry_post_id' - Uses correct 'chain_entry_post_likes' table for storing post likes Root cause: Comments and likes were trying to reference 'chronicles_posts' table but chain entry posts are in 'chronicles_chain_entry_posts' with separate comment/like tables. This resolves: Foreign key constraint violation '23503: Key (post_id) is not present in table chronicles_posts'"
b332c83fix: Make API route params Promise-compatible and fix client-side auth reference
- Updated API route handlers to await params (Next.js 15+ requirement) - Fixed: /api/chronicles/chains/[chainId]/entries/[entryId]/engage/route.ts - Fixed: /api/chronicles/chains/[chainId]/entries/[entryId]/comments/route.ts (GET and POST) - Changed handleLike in chain-entry-detail.tsx to use authUser instead of undefined session - This resolves: - 'params.entryId: params is a Promise' error in API routes - 'session is not defined' ReferenceError in client-side handleLike function - Like, comment, and share functionality now work correctly"
e6f81f8fix: Add NEXT_PUBLIC_BASE_URL environment variable requirement for API fetches
- Added NEXT_PUBLIC_BASE_URL to .env.local for local development - Updated chain detail and entry detail pages to use NEXT_PUBLIC_BASE_URL - Fixed fetch calls to use absolute URLs instead of relative (required for server-side code) - Added proper error handling when NEXT_PUBLIC_BASE_URL is not configured - This resolves 'Invalid URL' errors in both local dev and production Environment setup: - Local: NEXT_PUBLIC_BASE_URL=http://localhost:3000 - Production: NEXT_PUBLIC_BASE_URL=https://whisprwords.vercel.app (or your actual domain)"
6fd8d8ffix: Use relative URLs for internal API calls to fix production deployment
- Changed from absolute URLs (process.env.NEXT_PUBLIC_BASE_URL || localhost) to relative URLs (/api/...) - Fixes 404 errors in production when NEXT_PUBLIC_BASE_URL is not set in environment - Works correctly on Vercel as Next.js handles relative URL routing automatically - Applied to both chain detail and entry detail pages (generateMetadata and main components) - Resolves ECONNREFUSED 127.0.0.1:3000 errors in Vercel logs This ensures internal API calls work in both development and production environments."
be531f7feat: Add chain entry detail page with engagement features and fix notifications API
- Created chain entry detail page at /chronicles/chains/[id]/entries/[entryId] - Implemented ChainEntryDetail component with fully functional likes, comments, shares, views - Fixed auth handling in component (replaced next-auth with Supabase) - Updated chain page navigation to link to entry detail pages - Fixed route parameter naming conflict ([chainId] -> [id]) - Fixed notifications API query - changed column name from 'notification_type' to 'type' - Enhanced notifications API to use service role key for better data access - Added comprehensive logging to notifications endpoints for debugging - Fixed trigger constraint issue by setting related_post_id to NULL for chain entry notifications (since they're not regular posts) - Added database migration script: 027-fix-chain-entry-notifications-trigger.sql All changes enable users to view chain entries with full details and interact through likes, comments, shares, and view counts."
26879803e82900c3520b3e748d7ebd8d86cAdd CORS headers to API routes for mobile app compatibility
- Added OPTIONS methods and CORS headers to /feed, /wall, /spoken-words, /auth/login, /auth/me, and /comments routes - Headers include Access-Control-Allow-Origin: *, Access-Control-Allow-Methods, and Access-Control-Allow-Headers - Enables cross-origin requests from Flutter web app running on localhost - Fixes CORS policy blocking XMLHttpRequest errors in browser testing
203ba0de73ca64feat: Public portfolio pages, writing chains management, and improved authentication
Features & Improvements: - Public creator portfolio pages ([pen_name] route) with stats, achievements, writing chains, and latest posts - Writing chains management system with full CRUD operations (create, read, update, delete chains) - Chain contribution interface allowing creators to add posts to existing chains - Public portfolio display with creator engagement metrics and achievements - Complete admin dashboard for chains management Security Improvements: - Added authentication middleware to protect chronicles routes (/dashboard, /write, /analytics, /settings, /posts, /chains) - Fixed logout functionality with comprehensive cookie clearing (sb-access-token, sb-refresh-token, next-auth tokens) - Implemented hard client-side redirect after logout to prevent cached route access - Enhanced session endpoint to support dual authentication (admin + creator sessions) - Added cache control headers to prevent logout response caching API Endpoints: - GET /api/chronicles/chains - List all writing chains with pagination - GET /api/chronicles/chains/[id] - Get chain details with entries - POST /api/chronicles/chains - Create new writing chain - PUT /api/chronicles/chains/[id] - Update chain details - DELETE /api/chronicles/chains/[id] - Delete writing chain - POST /api/chronicles/chains/[id]/add-entry - Add post to chain - DELETE /api/chronicles/chains/[id]/entries/[entryId] - Remove post from chain - POST /api/chronicles/auth/logout - Secure logout endpoint Admin Features: - Chains management page with list, create, edit, delete functionality - Leaderboard and monetization admin views - Enhanced admin reports and settings Bug Fixes: - Fixed dynamic import with ssr false in Server Components (Next.js 16 compatibility)
f6b442aWant to contribute?
Whispr is open source and we welcome contributions from the community
View on GitHub