175 Commits

Author SHA1 Message Date
hobokenchicken d663638387 feat(phase8.1): server groups — table, CRUD handler, collapsible channel sections 2026-06-30 12:50:53 -04:00
hobokenchicken 6d66d7775f docs: mark phase 7 complete in roadmap + parity 2026-06-30 12:42:57 -04:00
hobokenchicken cc6ed741f0 feat(phase7): per-channel notification settings and read receipts
Phase 7.1 — Per-channel notification settings
- New notification_settings table (user_id, channel_id, level)
- GET/PUT/DELETE handlers under /channels/{channelID}/notifications
- Push dispatch and @mention loops filtered by notification level
- Frontend: bell icon per channel cycling all/mentions/none

Phase 7.4 — Read receipts
- New read_states table (user_id, channel_id, last_read_message_id)
- PUT /channels/{channelID}/read and GET /users/me/read-states
- Auto-mark-read when messages load in ChatArea
- Unread dot for channels never opened

Also: favicon/icon refresh in index.html
2026-06-30 12:39:14 -04:00
hobokenchicken ab3e6053c8 docs: mark phase 6 complete in roadmap + parity 2026-06-30 12:29:17 -04:00
hobokenchicken 775bd953b0 feat(phase6): video grid, noise suppression, whisper system
- New VideoGrid component: live camera feeds (local + remote) in VoicePanel
- Camera toggle in VoiceControls: enable/disable video per participant
- Noise suppression toggle in VoiceControls + voice store
- VOICE_WHISPER WS event: backend routes whisper to target user only
- Whisper UI: per-participant whisper button, notification toasts with dismiss
- Fix circular import between voice.ts and ws.ts (use lazy accessor)
2026-06-30 12:21:53 -04:00
hobokenchicken 3c063d4f56 docs: update roadmap, feature parity, and readme through phase 5 2026-06-30 11:53:33 -04:00
hobokenchicken 6db4e3cc2d feat(phase5): scheduling/availability - DB, API, UI in server settings 2026-06-30 11:29:43 -04:00
hobokenchicken 74d2153ffa feat(phase5): list channels - todo/in_progress/done columns, CRUD 2026-06-30 11:26:15 -04:00
hobokenchicken dbebc1f381 feat(phase5): docs channels - CRUD, wiki sidebar, markdown editor 2026-06-30 11:19:32 -04:00
hobokenchicken e65ce54e36 feat(phase5): calendar channels - events, RSVPs, calendar view 2026-06-30 11:15:40 -04:00
hobokenchicken 58ce09cc18 feat(phase4): rich profiles, badges DB, block list 2026-06-30 11:04:32 -04:00
hobokenchicken 368172e3d6 feat(phase3): forum channels + tags + card UI 2026-06-30 10:44:52 -04:00
hobokenchicken f3f03df710 feat(phase3): threads backend + thread panel UI 2026-06-30 10:36:18 -04:00
hobokenchicken bd260183ef feat(phase2): channel permission overrides + expanded role UI + audit log cleanup 2026-06-30 10:28:03 -04:00
hobokenchicken d7c84647e5 feat(phase2): bulk delete + audit log; update roadmap/parity docs 2026-06-30 10:20:57 -04:00
hobokenchicken d3b7f39b9e fix(build): make build-web works; gofmt all Go files 2026-06-30 10:01:11 -04:00
hobokenchicken 30e159cbdb sync: phase 1 backend + frontend from server 2026-06-30 09:26:03 -04:00
hobokenchicken d4cdd89544 docs: 8-phase roadmap to Guilded feature parity 2026-06-30 08:38:37 -04:00
hobokenchicken 1945703893 fix: case-insensitive login for username and email 2026-06-30 08:24:41 -04:00
hobokenchicken e380d4e381 docs: feature parity comparison with Discord, Guilded, TeamSpeak 6, Fluxer 2026-06-30 08:18:23 -04:00
hobokenchicken bbd7992e12 fix: nil pushHandler crash in message Create 2026-06-29 16:06:00 -04:00
hobokenchicken 6c8defb6fd feat: realtime status, mentions, push notifications 2026-06-29 15:52:34 -04:00
hobokenchicken 282a436995 fix: construct invite URL from code on frontend 2026-06-29 15:35:22 -04:00
hobokenchicken 6a737c3db3 fix: invite handler used creator_id but DB column is created_by 2026-06-29 15:32:24 -04:00
hobokenchicken 7261ebaafa fix: invite routes were double-nested under /invites causing 404->SPA fallback 2026-06-29 15:30:20 -04:00
hobokenchicken 2d3bf48e66 fix: add invite button, voice join dedup, voice panel immediate render 2026-06-29 15:28:05 -04:00
hobokenchicken a8a09cf7b4 fix: CSRF and WS origin check trust request Host header (same-origin) 2026-06-29 14:38:18 -04:00
hobokenchicken 7f56571004 fix: WS origin check now uses hostname matching instead of exact strings 2026-06-29 14:33:39 -04:00
hobokenchicken 369737565e fix: WebSocket cookie auth + connect on layout mount 2026-06-29 14:30:29 -04:00
hobokenchicken 90289fede1 sync: all server-side fixes and features 2026-06-29 14:24:45 -04:00
hobokenchicken c189bd2d83 fix: return messages in chronological order (oldest first) 2026-06-29 14:18:56 -04:00
hobokenchicken 175ec90705 fix: blank page on channel click + logout issue 2026-06-29 14:16:32 -04:00
hobokenchicken a7da8104d7 fix: channel List reads serverID from URL param, not query string 2026-06-29 14:11:33 -04:00
hobokenchicken 368d1f9427 fix: ensure reply_to column exists via ALTER TABLE in migration 2026-06-29 14:05:56 -04:00
hobokenchicken 9f138deb9d feat: login with username or email + change password
Backend:
- Login handler accepts username OR email via the same field
- New PUT /auth/me/password endpoint (verifies current password,
  requires min 8 chars for new password)

Frontend:
- Login form shows EMAIL OR USERNAME field (single field for both)
- Auth store updated with changePassword function
- UserSettings has new CHANGE PASSWORD section
2026-06-29 14:00:19 -04:00
hobokenchicken fec0eb1917 fix: use single quotes for SQL COALESCE defaults (not double quotes) 2026-06-29 13:53:17 -04:00
root 23902de912 feat: server members API + member list in sidebar + fix chat input
Backend:
- Add GET /api/v1/servers/{serverID}/members endpoint
- Wire MemberHandler routes in main.go

Frontend:
- Create member store (fetchMembers by server ID)
- MemberList now fetches members from API instead of empty props
- ChatArea: show channel name instead of ID, add error display,
  add flex-1 + min-w-0 to input for proper sizing, error handling
  on sendMessage
2026-06-29 17:51:32 +00:00
root bb67a7652e fix: resolve duplicate path prefix issues for message and webhook routes 2026-06-29 17:48:28 +00:00
hobokenchicken de465c6527 fix: read serverID from URL param instead of body in channel create
The channel Create handler was expecting server_id in the JSON body,
but the frontend sends it in the URL path (/servers/{serverID}/channels).
Now reads serverID from chi.URLParam and only requires name in the body.
2026-06-29 13:35:50 -04:00
hobokenchicken 118155d737 fix: support DUMPSTER_CSRF_ORIGINS env var for LAN access
The CSRF middleware was rejecting requests from LAN IPs because
cfg.Host defaults to 'localhost' which doesn't match the LAN IP.

Now supports DUMPSTER_CSRF_ORIGINS env var (comma-separated list of
full origins) for additional trusted origins beyond cfg.Host.

Removed debug logging from CSRF middleware.
2026-06-29 13:20:07 -04:00
hobokenchicken 5c7e461dad fix: CSRF middleware now trusts origin hostname match instead of exact prefix
The old CSRF middleware used exact string matching against a static list
of origins (https://host, http://localhost:port). This broke when the
frontend ran on a different port (Vite dev server) or accessed via LAN IP.

New behavior:
- Origin hostname matching: any Origin whose hostname matches cfg.Host
  is trusted, regardless of scheme or port
- Localhost variants always trusted: localhost, 127.0.0.1, ::1
- Additional origins can be passed explicitly (future env var support)
2026-06-29 12:57:52 -04:00
hobokenchicken 3f33859f4a feat: UI for server/channel creation, settings link, role management backend
Frontend:
- Settings link in header next to logout
- [+] button to create server (name + optional icon)
- [#] button to join server via invite code
- [+] button to create channel (name, type, category)
- Server name shown instead of UUID in channel list header
- /invites/:code route wired for JoinServer component

Backend:
- Wire role CRUD + member-role assignment routes (MANAGE_SERVER gated)
- Seed @everyone default role on server creation
2026-06-29 12:50:46 -04:00
root 3072cda051 fix: resolve Sscanf greedy parsing bug in VerifyPassword 2026-06-29 16:25:58 +00:00
root a81a8e6901 fix: make session cookie Secure attribute optional for HTTP/LAN dev 2026-06-29 16:19:58 +00:00
root d122133e93 config: expose vite dev server to lan and configure api proxy 2026-06-29 16:14:11 +00:00
root 78c0c28ff5 fix: shell and nvm path sourcing in Makefile web targets 2026-06-29 16:10:03 +00:00
root 4eaab40e48 fix: expose local ports in compose and auto-load .env in config package 2026-06-29 15:48:29 +00:00
root bd2a7ec2a6 fix: load LiveKit and WebPush configuration fields in Load() 2026-06-29 15:45:06 +00:00
hobokenchicken 88756a72fa security: LOW findings + fix .gitignore overmatch
- Swagger UI restricted to localhost only
- Message content length limit (4000 chars max) on create + update
- Bot/server/webhook ownership checks return 404 instead of 403
  (prevents resource ID enumeration)
- Fix .gitignore: /server instead of server to stop ignoring
  internal/server/ directory
2026-06-29 09:41:44 -04:00
hobokenchicken d25763cc84 feat(voice): add AudioPresets and publish defaults for voice quality 2026-06-29 09:37:25 -04:00