Added more database content and Comment Functionality. Fixed some minor UI issues with comments and other things. Added better MD support. #71
Conversation
- Implemented TerminalScreen component for direct messaging. - Added command handling for chat commands (help, clear, echo, friends, chat, exit, msg, open, status). - Integrated API calls for fetching users, chat peers, and direct messages. - Enhanced MarkdownText component to support SVG rendering. - Updated MediaGallery to handle SVG items. - Modified ProjectCard to render project summaries using Markdown. - Changed header navigation to point to the terminal screen. - Added ApiDirectMessage type and related API functions for messaging.
There was a problem hiding this comment.
Pull request overview
This PR introduces a direct-messaging feature (backend routes + DB schema + frontend API/types + a new “Terminal” chat UI), expands markdown rendering support (including SVG handling), and adds like interactions in stream/post detail screens.
Changes:
- Added backend direct-message APIs and SQLite schema for storing direct messages, plus push notification payload support for message notifications.
- Added a new
/terminalscreen for terminal-style commands and direct-message chat, wired from header + notifications. - Improved markdown rendering across the app (project cards, stream detail, create-stream preview), including SVG display.
Reviewed changes
Copilot reviewed 20 out of 26 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/services/api.ts | Adds API helpers for direct-message peers, history, and sending messages. |
| frontend/constants/Types.ts | Introduces ApiDirectMessage type used by the new messaging UI/API. |
| frontend/components/header.tsx | Routes header action to the new /terminal screen and updates icon. |
| frontend/components/ProjectCard.tsx | Renders project summary via MarkdownText and adjusts builder tag styling. |
| frontend/components/MediaGallery.tsx | Adds a WebView-based SVG renderer with loading state. |
| frontend/components/MarkdownText.tsx | Enhances markdown image handling (URL normalization + SVG rendering via WebView). |
| frontend/app/terminal.tsx | New terminal/chat UI that drives direct-message workflows. |
| frontend/app/stream/[projectId].tsx | Adds like state + optimistic like toggling; uses MarkdownText for description. |
| frontend/app/post/[postId].tsx | Adds post-like state + optimistic toggling; refactors comment composer placement/layout. |
| frontend/app/notifications.tsx | Supports “direct_message” notifications and deep-links into /terminal chat. |
| frontend/app/create-stream.tsx | Adds markdown preview for description and updates placeholder text. |
| frontend/app/_layout.tsx | Adds push-notification response handling to deep-link into relevant screens (incl. terminal chat). |
| backend/api/main.go | Registers new /messages/... routes with auth + same-user enforcement. |
| backend/api/internal/types/types.go | Adds DirectMessage API type. |
| backend/api/internal/handlers/notifications_routes.go | Includes actor_id/actor_name in push payload data. |
| backend/api/internal/handlers/direct_message_routes.go | New handlers for listing peers, fetching history, and creating direct messages. |
| backend/api/internal/database/user_queries.go | Adds case-insensitive username->ID lookup used by messaging queries. |
| backend/api/internal/database/direct_message_queries.go | Implements DB queries for direct message creation, history, and peer listing. |
| backend/api/internal/database/dev.sqlite3-shm | Adds a SQLite shm file (environment artifact). |
| backend/api/internal/database/db.go | Ensures DirectMessages table + indexes exist on startup. |
| backend/api/internal/database/create_tables.sql | Adds DirectMessages table + indexes to schema bootstrap SQL. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| originWhitelist={["*"]} | ||
| source={{ html: svgHtml }} | ||
| style={[styles.svgWebView, !isSvgLoaded && styles.hidden]} | ||
| scrollEnabled={false} |
There was a problem hiding this comment.
MarkdownImage renders SVGs by fetching markup and injecting it into a WebView (originWhitelist={['*']}) with default WebView settings (JavaScript enabled by default). Since the SVG content is remote/untrusted, this can allow script execution or data exfiltration inside the WebView. Consider not inlining SVG markup, or lock the WebView down (restrict whitelist, disable JS/DOM storage, and sanitize/escape any injected markup).
| originWhitelist={["*"]} | |
| source={{ html: svgHtml }} | |
| style={[styles.svgWebView, !isSvgLoaded && styles.hidden]} | |
| scrollEnabled={false} | |
| originWhitelist={["about:blank"]} | |
| source={{ html: svgHtml }} | |
| style={[styles.svgWebView, !isSvgLoaded && styles.hidden]} | |
| scrollEnabled={false} | |
| javaScriptEnabled={false} | |
| domStorageEnabled={false} |
| router.GET("/messages/:username/peers", handlers.RequireAuth(), handlers.RequireSameUser(), handlers.GetDirectChatPeers) | ||
| router.GET("/messages/:username/with/:other", handlers.RequireAuth(), handlers.RequireSameUser(), handlers.GetDirectMessages) | ||
| router.POST("/messages/:username/with/:other", handlers.RequireAuth(), handlers.RequireSameUser(), handlers.CreateDirectMessage) | ||
|
|
There was a problem hiding this comment.
New direct-message routes are introduced here, but the backend has an existing integration test suite under backend/api/internal/tests and there are currently no tests covering /messages/... behaviors (peers list, message creation, pagination, auth/same-user enforcement). Please add tests for these endpoints to prevent regressions.
| CREATE INDEX IF NOT EXISTS idx_post_saves_user ON PostSaves(user_id); | ||
| CREATE INDEX IF NOT EXISTS idx_direct_messages_sender ON DirectMessages(sender_id); | ||
| CREATE INDEX IF NOT EXISTS idx_direct_messages_recipient ON DirectMessages(recipient_id); | ||
| CREATE INDEX IF NOT EXISTS idx_direct_messages_created ON DirectMessages(creation_date DESC); |
There was a problem hiding this comment.
The idx_direct_messages_created index definition differs between schema bootstrap (create_tables.sql creates it as creation_date DESC) and runtime migration (ensureDirectMessageSchema creates it without an order). This can lead to schema drift depending on initialization path and makes performance tuning harder. Consider keeping the index definition consistent in both places (same sort order and SQL).
| CREATE INDEX IF NOT EXISTS idx_direct_messages_created ON DirectMessages(creation_date DESC); | |
| CREATE INDEX IF NOT EXISTS idx_direct_messages_created ON DirectMessages(creation_date); |
| const html = React.useMemo(() => { | ||
| const content = svgMarkup | ||
| ? svgMarkup | ||
| : `<img src="${source}" style="max-width:100%;height:auto;" />`; | ||
| return `<!doctype html><html><body style="margin:0;padding:0;background:transparent;display:flex;align-items:center;justify-content:center">${content}</body></html>`; | ||
| }, [source, svgMarkup]); | ||
|
|
||
| return ( | ||
| <LazyFadeIn visible={isReady}> | ||
| {isReady ? ( | ||
| <View | ||
| style={[ | ||
| styles.media, | ||
| styles.svg, | ||
| styles.svgContainer, | ||
| { backgroundColor: colors.surfaceAlt }, | ||
| ]} | ||
| > | ||
| <WebView | ||
| originWhitelist={["*"]} | ||
| source={{ html }} | ||
| style={[styles.svgWebView, !isLoaded && styles.hidden]} | ||
| scrollEnabled={false} | ||
| onLoadEnd={() => setIsLoaded(true)} | ||
| /> |
There was a problem hiding this comment.
The SVG rendering path is injecting remote content into a WebView with originWhitelist={['*']} and without disabling JavaScript. Because svgMarkup is fetched from an untrusted URL and interpolated directly into html, this can enable script execution / HTML injection via malicious SVGs or crafted source values. Consider avoiding WebView for SVGs, or at minimum restrict the whitelist (e.g. https only), set javaScriptEnabled={false} / domStorageEnabled={false}, and ensure any interpolated URLs are properly escaped/sanitized before building the HTML string.
Added more database content and Comment Functionality. Fixed some minor UI issues with comments and other things. Added better MD support.