Feat/390 activity feed#548
Open
Sage-senpai wants to merge 118 commits into
Open
Conversation
Implement full moderation system including: - Ban/timeout users with duration options (1m, 5m, 10m, 1h, permanent) - Delete messages with context menu - Slow mode (3s, 5s, 10s, 30s intervals) - Follower-only chat mode - Link blocking with URL regex detection - Active bans management panel Database changes: - Add chat_bans table with expires_at for timeouts - Add slow_mode_seconds, follower_only_chat, link_blocking to users table API endpoints: - POST /api/streams/chat/ban - ban/timeout users - DELETE /api/streams/chat/ban/[username] - unban users - GET /api/streams/chat/ban - list active bans - PATCH /api/streams/settings - update chat settings - Updated POST /api/streams/chat with enforcement logic UI components: - Right-click context menu on chat messages (stream owner only) - ChatModerationSettings panel in stream manager - Ban list with unban functionality - Settings toggles for follower-only and link blocking Enforcement: - Server-side validation for all moderation rules - 429 responses with Retry-After headers for timeouts - Clear error messages for banned/timed-out users
- Add mocks for permanent ban check - Add mocks for timeout check - Add mocks for slow mode validation - Update combined lookup to include moderation settings
- Remove slow mode mock when slow_mode_seconds is 0 - Add streamer_id to combined lookup mock
Adds preset tip buttons above chat input to send XLM tips quickly. Posts a system tip message to chat and shows a stacked tip alert overlay on the player. Closes StreamFi-x#368 Made-with: Cursor
Adds paid stream access configuration and a viewer payment gate. The server verifies USDC payments on Stellar Horizon and stores grants with tx hash replay protection. Closes StreamFi-x#375 Made-with: Cursor
Implements the full Transak fiat → crypto on-ramp flow including widget lifecycle, order persistence, webhook verification, balance auto-refresh, USDC trustline guidance, Privy custodial wallet UX, and error fallbacks.
…ration feat: Chat Moderation Tools for Streamers
Keep both StreamAccessSettings (access-control) and ChatModerationSettings (dev) in stream manager page, and combine index definitions in schema.sql. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…l-foundation Feat/access control foundation
setStreamData was called without accessType and accessConfig, causing a TS error and silently dropping access-control settings on save. Use a functional state update to spread existing state. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Covers POST and GET handlers across all three import sources (twitch, youtube, json). Includes edge cases for: - invalid source / missing data fields - user rate limit (24h) and DB errors - overwrite_existing flag behaviour - social_links and categories field mapping - twitch token never persisted to DB - youtube ssrf guard - job status polling Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three pre-existing errors unrelated to the import api: - app/api/users/[username]/route.ts: password_hash destructured intentionally to omit it — suppress no-unused-vars - StreamAccessSettings.tsx: add curly braces to if statements - view-stream.tsx: add curly brace to if statement; suppress no-unused-vars on isCheckingAccess (set but never read) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace chained .replace() calls in decodeHTMLEntities with a single-pass regex to prevent double-unescaping (CodeQL high alert) - Add eslint-disable-next-line on stub functions in lib/stream/access.ts where _-prefixed params are intentionally unused pending future issues - Run prettier on files that had format drift Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(routes-f): data import api for onboarding from other platforms
…ations-system feat: add realtime notifications system
…on, and background jobs API - Issue StreamFi-x#405: Shared Zod validation layer (_lib/validate.ts, _lib/schemas.ts) with validateBody/validateQuery helpers; dev-only /validate testing endpoint; import/route.ts refactored to use shared validators - Issue StreamFi-x#399: Username conflict resolution API (check availability + suggestions, reserved/banned word list, admin dispute resolution with atomic DB transaction) - Issue StreamFi-x#396: Background jobs API (enqueue, poll status, cancel) with cron processor, exponential backoff retry, 30-day auto-cleanup; DB migration for jobs table
feat(routes-f): add VOD chapter timestamps endpoints
Implements four new route handlers: - POST/GET /api/routes-f/feedback + PATCH /api/routes-f/feedback/[id] - GET/POST/DELETE /api/routes-f/maintenance - POST/GET /api/routes-f/export (async job pattern) - GET /api/routes-f/audit (admin only) - lib/audit.ts: fire-and-forget insertAuditLog() helper Closes StreamFi-x#400, StreamFi-x#398, StreamFi-x#395, StreamFi-x#393
…ck-maintenance-export-audit
… endpoints - GET/PATCH /api/routes-f/monetization: per-creator tipping, subscription price, gift cooldown config - GET/POST /api/routes-f/integrations: connect Discord, YouTube, Twitter/X integrations - DELETE /api/routes-f/integrations/[platform]: disconnect a specific integration - GET /api/routes-f/content/rules: public platform moderation rules with defaults - PATCH /api/routes-f/content/rules: admin-only rules update (id, title, description, severity) - GET /api/routes-f/credits: user credit balance and expiry - POST /api/routes-f/credits/redeem: redeem voucher code with expiry and double-redemption guards - GET/POST /api/routes-f/credits/admin: admin voucher issuance and redemption status listing All routes follow existing patterns: verifySession, Zod validation, ensureXxxSchema auto-provisioning, and admin gates via is_admin on users table.
…egrations-content-credits feat(api): add monetization, integrations, content rules, and credits…
- GET /api/routes-f/creator/bio?username= - public endpoint for creator bio - PATCH /api/routes-f/creator/bio - authenticated creator updates bio - Supports bio_text (max 500 chars), social_links (max 5), schedule_text (max 200 chars), banner_url - Database schema with route_f_creator_bios table
- GET /api/routes-f/stream/recording - list recordings for authenticated creator - PATCH /api/routes-f/stream/recording/[id] - update recording metadata (title, visibility, thumbnail_url) - DELETE /api/routes-f/stream/recording/[id] - permanently delete recording (requires confirm: true) - Visibility options: public, unlisted, private - Database schema with route_f_stream_recordings table - Pagination support with cursor-based navigation
- GET /api/routes-f/stream/soundtrack?stream_id= - returns now playing track and playlist - POST /api/routes-f/stream/soundtrack/play - start a track (track_id, stream_id) - PUT /api/routes-f/stream/soundtrack/skip - skip to next track - PUT /api/routes-f/stream/soundtrack/stop - stop playback - Track catalog sourced from route_f_soundtrack_catalog table - now_playing visible to viewers via public GET - Only stream owner can control playback - Database schema with soundtrack catalog, now_playing, and playlists tables
- GET /api/routes-f/clips/captions?clip_id= - list caption tracks for a clip - POST /api/routes-f/clips/captions - upload a caption track (clip_id, language, label, vtt_content) - DELETE /api/routes-f/clips/captions/[id] - remove a caption track - Language validation: BCP-47 tags (e.g., en, es, fr, en-US) - WebVTT content validation: must start with WEBVTT and contain at least one cue - Max 5 caption tracks per clip - Database schema with route_f_clip_captions table
…lti-endpoints Feat/routes f multi endpoints
…-routes-f-dev feat(routes-f): add engagement and recommendation apis
- merge access/check for paid grants, token_gated horizon check, and session wallet - add quick tip bar, tip alerts, token gated gate, chat moderation hooks - tipmodal defers confirmation to container; add funds nudge on low xlm Made-with: Cursor
Made-with: Cursor
…m-tipping-chat feat: live stream tipping via chat (quick-tip buttons)
…routes implemented frontend and dispute resolution documentation
|
@Sage-senpai is attempting to deploy a commit to the david's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
@Sage-senpai Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Closes #390
Changes proposed
What were you told to do?
Implement a cursor-paginated user activity feed API with two endpoints:
GET /api/routes-f/activity— paginated feed of user activity eventsGET /api/routes-f/activity/daily— aggregated daily summaryWhat did you do?
Schema & migration
route_f_activity_eventstable with columns:id,user_id,type,actor_id,metadata(JSONB),created_at(user_id, created_at DESC)for efficient feed queriesapp/api/routes-f/activity/_lib/db.ts(lazy DDL) anddb/migrations/20260330_add_activity_events.sqlTypes (
types/activity.ts)ActivityEventType— union of 8 event types (tip_received, tip_sent, new_follower, stream_started, stream_ended, gift_received, gift_sent, recording_ready)ActivityTypeFilter— query param filter values (all, tips, follows, streams, gifts)FILTER_TO_TYPES— maps filter values to DB event typesActivityFeedResponse,DailySummaryResponseGET /api/routes-f/activity
limit(1-100, default 20),cursor(ISO timestamp),type(all|tips|follows|streams|gifts)created_at < $cursorwith fetchlimit + 1trick to detect next pageuserstable to include actor username/avatar{ events: [], next_cursor: null }(not 404)GET /api/routes-f/activity/daily?date=YYYY-MM-DD
dateparam (400 if missing/invalid)FILTER (WHERE ...)clausestips_received,tips_received_xlm,followers_gained,stream_duration_s,peak_viewersUpstream side-effect inserts
app/api/users/follow/route.ts— insertsnew_followerevent after successful followapp/api/streams/start/route.ts— insertsstream_startedon POST,stream_endedon DELETE (with duration/peak_viewers from session)app/api/routes-f/gifts/route.ts— inserts bothgift_receivedandgift_senteventsNote: Tip events (
tip_received/tip_sent) are not yet instrumented — there is no dedicated tip transaction route to hook into (onlytips/refresh-totalwhich is a read-only endpoint).Check List
Screenshots/Videos
N/A — API-only changes. Example responses:
GET /api/routes-f/activity?type=tips&limit=2
{ "events": [ { "id": "uuid", "type": "tip_received", "actor": { "username": "alice", "avatar": "/img/alice.png" }, "metadata": { "amount": "50", "currency": "XLM" }, "created_at": "2026-03-30T12:00:00.000Z" } ], "next_cursor": null }