ContextMenu: reusable hook-based component that positions a menu at
the cursor and auto-closes on outside click or Escape.
ChannelList:
- Right-click channel -> Edit Name, Permissions, Delete Channel
- Right-click group header -> Edit Name, Create Channel Here, Delete Group
- Inline rename: replacing name text with an input, commits on Enter/blur
- CreateChannelModal now accepts defaultGroupId to pre-select a group
ServerBar:
- Right-click server icon -> Server Settings, Invite People, Leave Server
- Leave calls DELETE /servers/{id}/members/me
Backend:
- Added LeaveServer handler (DELETE /servers/{serverID}/members/me)
- Server owner cannot leave; must transfer or delete
The token column was dropped in a previous migration step
(ALTER TABLE webhooks DROP COLUMN IF EXISTS token), but the
CREATE INDEX referencing it still ran, causing migration failure
on databases where the column was already removed.
Phase 7.1 — Per-channel notification settings
- New notification_settings table (user_id, channel_id, level)
- GET/PUT/DELETE handlers under /channels/{channelID}/notifications
- Push dispatch and @mention loops filtered by notification level
- Frontend: bell icon per channel cycling all/mentions/none
Phase 7.4 — Read receipts
- New read_states table (user_id, channel_id, last_read_message_id)
- PUT /channels/{channelID}/read and GET /users/me/read-states
- Auto-mark-read when messages load in ChatArea
- Unread dot for channels never opened
Also: favicon/icon refresh in index.html
- New VideoGrid component: live camera feeds (local + remote) in VoicePanel
- Camera toggle in VoiceControls: enable/disable video per participant
- Noise suppression toggle in VoiceControls + voice store
- VOICE_WHISPER WS event: backend routes whisper to target user only
- Whisper UI: per-participant whisper button, notification toasts with dismiss
- Fix circular import between voice.ts and ws.ts (use lazy accessor)
Backend:
- Login handler accepts username OR email via the same field
- New PUT /auth/me/password endpoint (verifies current password,
requires min 8 chars for new password)
Frontend:
- Login form shows EMAIL OR USERNAME field (single field for both)
- Auth store updated with changePassword function
- UserSettings has new CHANGE PASSWORD section
Backend:
- Add GET /api/v1/servers/{serverID}/members endpoint
- Wire MemberHandler routes in main.go
Frontend:
- Create member store (fetchMembers by server ID)
- MemberList now fetches members from API instead of empty props
- ChatArea: show channel name instead of ID, add error display,
add flex-1 + min-w-0 to input for proper sizing, error handling
on sendMessage
The channel Create handler was expecting server_id in the JSON body,
but the frontend sends it in the URL path (/servers/{serverID}/channels).
Now reads serverID from chi.URLParam and only requires name in the body.
The old CSRF middleware used exact string matching against a static list
of origins (https://host, http://localhost:port). This broke when the
frontend ran on a different port (Vite dev server) or accessed via LAN IP.
New behavior:
- Origin hostname matching: any Origin whose hostname matches cfg.Host
is trusted, regardless of scheme or port
- Localhost variants always trusted: localhost, 127.0.0.1, ::1
- Additional origins can be passed explicitly (future env var support)
Frontend:
- Settings link in header next to logout
- [+] button to create server (name + optional icon)
- [#] button to join server via invite code
- [+] button to create channel (name, type, category)
- Server name shown instead of UUID in channel list header
- /invites/:code route wired for JoinServer component
Backend:
- Wire role CRUD + member-role assignment routes (MANAGE_SERVER gated)
- Seed @everyone default role on server creation
- Added @Summary/@Router/@Param/@Success/@Security annotations to all API handlers
- Regenerated docs/swagger.json, docs/swagger.yaml, docs/docs.go with full endpoint definitions
- Fixed generated docs.go to remove unsupported LeftDelim/RightDelim fields