Feat/rounds#108
Merged
Merged
Conversation
Align timeline markers and progress, move winner count into the awards section, and refine winner and prize presentation on round detail pages.
|
@xSatori is attempting to deploy a commit to the r4to's projects Team on Vercel. A member of the Team first needs to authorize it. |
Blocker fixes for the Rounds feature (stacked on feat/rounds): #1 Signature verification — the write path (request/submit/vote) was non-functional for all users. The client signs via thirdweb account.signMessage, which returns an ERC-1271/6492 smart-account signature (every wallet is AA-wrapped, sponsorGas:true), but the server verified with viem's offline EOA-only verifyMessage utility (no client), which can't validate contract signatures. Move verification to a server-only module using viem's public-client verifyMessage Action with the Base serverPublicClient. Forms now bind the signed message to the active (smart) account address (the actual signer) instead of the EOA view address, so the embedded wallet matches the signature. r4topunk#2 Admin PII leak — /rounds/admin was an ungated Server Component that fetched round requests (requester name + email) and passed them as props to a client component whose isAdmin check only hides DOM, so the RSC payload shipped emails to every visitor. Requests now load client-side from a new signature-gated POST /api/rounds/admin/requests route that verifies an approved-admin signature before returning PII. The admin dashboard signs with the admin EOA (allowlist is EOA-keyed) when available. r4topunk#4 Typecheck — annotate the implicit-any row mapper in services/rounds.ts (now tsc-clean once pg is installed). Also: document ROUNDS_DATABASE_URL / DATABASE_URL in env.example, and add unit tests covering the signing-message/digest contract that keeps client and server in agreement. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
5 tasks
Closes the missing admin write path (review finding r4topunk#3): nothing wrote the `rounds` table, so listPublicRounds always returned empty and the submit/vote loop was unreachable. Now an approved admin can turn a pending round request into a live round directly from the dashboard. - services/rounds.ts: approveRoundRequest() — transactional; builds a published+active round (and round_awards) from the request's already- validated fields, marks the request approved. Slug collisions resolve to the next free `${slug}-${n}`. rejectRoundRequest() marks it rejected. - validation.ts: resolveRoundSlug() — pure, unit-tested slug de-duplication. - POST /api/rounds/admin/request-review — admin-gated (isRoundAdminAddress + signature whose payload binds requestId + decision, so an admin list/auth signature can't be replayed as an approval). - RoundsAdminDashboard: Approve/Reject buttons on pending requests, shared signed-auth helper, refresh after approve. - Tests: resolveRoundSlug (base/collision/fallback). 78 passed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implementation Notes
/rounds/rounds/[slug]/rounds/[slug]/submit/rounds/request/rounds/adminGET /api/roundsGET /api/rounds/[slug]POST /api/rounds/requestPOST /api/rounds/[slug]/submitPOST /api/rounds/[slug]/voteROUNDS_DATABASE_URL, falling back toDATABASE_PUBLIC_URLorDATABASE_URL.Testing
pnpm test— 7 test files passed, 70 tests passed, 1 todo.