Every 10 minutes, the cron now logs:
- When it triggers and completes
- Satoshi rate fetched (or failure)
- Number of eligible shareholders found
- If 0 found: warns about shareholders with revenue but mismatched criteria
- Per-shareholder: revenue, filmmaker ID, lightning address
- Payment preparation: amount in sats, destination address
- Duplicate detection
- Payment send result (completed or failed with error)
- Revenue deduction confirmation
Co-authored-by: Cursor <cursoragent@cursor.com>
- "Go back" replaced with red italic "fuck you, I wanna be lame"
- After dismissing, sovereign trap no longer intercepts clicks
- Form fields become real inputs (email/password) for actual use
- sovereignDismissed state resets when modal reopens or closes
Co-authored-by: Cursor <cursoragent@cursor.com>
Cards now scale to match the Algos grid proportions at each breakpoint
(1/3, 1/4, 1/5, 1/6 of viewport) while remaining in a horizontally
scrolling flex row with nav buttons on desktop.
Co-authored-by: Cursor <cursoragent@cursor.com>
ContentRow and Browse My List sections now use a responsive CSS grid
instead of fixed-width cards in a horizontal scroll:
- Mobile: 2 columns grid
- md (768px): 3 columns
- lg (1024px): 4 columns
- xl (1280px): 5 columns
- 2xl (1536px): 6 columns
Cards fill the available width at every breakpoint, matching the
Algos/Trending tab grid layout for visual consistency.
Scroll nav buttons hidden on desktop (grid doesn't scroll).
Co-authored-by: Cursor <cursoragent@cursor.com>
The filter grid was using md:grid-cols-3 (3 cards) while Films
horizontal rows showed 6. Updated to md:4 lg:5 xl:6 so both
views scale consistently across breakpoints.
Co-authored-by: Cursor <cursoragent@cursor.com>
Cards were feeling too large at 5 per row. Updated calc to fit 6
cards uniformly across ContentRow and Browse (My List sections).
Co-authored-by: Cursor <cursoragent@cursor.com>
Root cause: HLS content is AES-128 encrypted, but the key endpoint
required mandatory auth (HybridAuthGuard). HLS.js fetches the key
without auth headers, causing a silent 401 and playback failure.
Backend:
- Changed key.controller.ts to use OptionalHybridAuthGuard
- Free content (price <= 0) now serves keys without authentication
- Paid content still requires auth, returns 401 for anon requests
- Added Content entity injection to look up pricing
Frontend:
- Configured HLS.js xhrSetup to attach Bearer token on /key requests
- Uses nostr_token or auth_token from sessionStorage
- Ensures logged-in users can play paid encrypted content
Co-authored-by: Cursor <cursoragent@cursor.com>
- NAH! text now slides in from the left with a scale punch and glow
- Own your privacy phase slides in from the left with a smooth fade
- Close button restyled to match ContentDetailModal (circular, glassmorphism, blur)
Co-authored-by: Cursor <cursoragent@cursor.com>
- Modal now opens in register mode by default instead of login
- Removed the subtitle text under the heading
- Fake form fields update based on mode (Create a password vs Enter)
- Toggle text reads "Already have an account? Sign in" first
- Forgot password only shows in login mode
Co-authored-by: Cursor <cursoragent@cursor.com>
When users click on the legacy email/password form, the form zooms
out and a bold "NAH!" animates in. This transitions to an
"Own your privacy" message with a "Generate Sovereign Identity"
button that creates a new Nostr keypair, logs the user in, and
presents a red glassmorphism "Download your new identity" button
that saves the nsec/npub keypair to a text file.
Uses applesauce PrivateKeyAccount.fromKey() for proper account
registration and persistence.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replaced the hero-info-button class with a dark glass morphism style
matching the nav buttons — dark translucent background, subtle inset
highlight, backdrop blur, and hover lift. Added an -or- divider
between the Nostr Extension and Amber login options.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replace the flat #141414 grey background with a dark glass container
matching the header's floating-glass style — rgba(6,6,6,0.92) with
backdrop-filter blur, subtle white/6% border, and layered shadows.
Updated the hero gradient to blend seamlessly into the new base.
Co-authored-by: Cursor <cursoragent@cursor.com>
Reordered the right-side header actions so the search icon appears
before the Sign In button when the user is not authenticated.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Stream endpoint now accepts both content ID and project ID,
falling back to project lookup when content ID is not found
- Added /contents/:id/stream-debug diagnostic endpoint that checks
file existence in both private and public MinIO buckets
- Stream endpoint now verifies raw file exists before generating
presigned URL, returning a clear error if file is missing
- Added comprehensive logging throughout the stream pipeline
- VideoPlayer now logs stream URL, API responses, and playback errors
to browser console for easier debugging
- Bumped CACHEBUST for frontend (19), API (11), and ffmpeg-worker (13)
Co-authored-by: Cursor <cursoragent@cursor.com>
Cards used a fixed 280px width which showed ~6 on most desktops.
Algorithm filter tabs used a 5-column grid. This mismatch caused
layout jumping when switching tabs.
Now uses calc((100vw - 12rem) / 5) so exactly 5 cards are visible
on desktop for all scroll rows (Films, My List, Rentals, etc.),
matching the 5-column grid in filter views. Mobile stays at 200px.
Co-authored-by: Cursor <cursoragent@cursor.com>
Mobile browsers block navigator.clipboard.readText() unless called
inside a user gesture (tap/click). The old flow relied on the
visibilitychange event to auto-read the clipboard when the user
returned from Amber, which silently failed.
New flow:
1. User taps "Sign in with Amber" → opens Amber via Android intent
2. User approves in Amber → pubkey copied to clipboard
3. User returns to browser → sees "Complete Sign-in" button
4. User taps "Complete Sign-in" → clipboard read succeeds (user gesture)
5. Pubkey decoded, account registered, backend session created
Also handles npub/nprofile decoding and provides clear error messages
for empty clipboard, missing permissions, and non-Android devices.
Co-authored-by: Cursor <cursoragent@cursor.com>
The filmmakerService.usesSelfHosted() was tied to the content source
toggle, returning true only for 'indeehub-api'. When the user switched
to 'topdocfilms' or 'indeehub', the mergePublishedFilmmakerProjects()
function routed filmmaker API calls to the wrong (external) API, so
backstage-created films never appeared.
Now in production (USE_MOCK=false), filmmaker operations always use
the self-hosted backend regardless of which content catalog is active.
The content source toggle only affects the browse page catalog display.
Co-authored-by: Cursor <cursoragent@cursor.com>
The sw.js and workbox-*.js files were being caught by the immutable
static asset regex (expires 1y), causing stale service workers and
potential 502 errors during re-registration. Use location = /sw.js
(exact match, highest Nginx priority) and a regex for workbox files
that appears before the asset cache block.
Also removes the dead duplicate location blocks at the bottom of
the config that were never reached due to regex priority.
Co-authored-by: Cursor <cursoragent@cursor.com>
vue-tsc flagged variables as unused since their template references are
inside HTML comments. Prefix with underscores and comment out the
related functions/imports so the production build passes cleanly.
Co-authored-by: Cursor <cursoragent@cursor.com>
These are dev/testing tools that shouldn't be visible in production.
Commented out for now so they can be re-enabled easily.
Co-authored-by: Cursor <cursoragent@cursor.com>
The frontend calls GET /subscriptions but only GET /subscriptions/active
existed. Add a root GET handler that returns the same data.
Co-authored-by: Cursor <cursoragent@cursor.com>
Rent shareholder payouts are denominated in sats and don't need a
USD/sat exchange rate. Skip the getSatoshiRate() call for rent-type
payments so they are never blocked by rate-API 429s or outages.
Also fix a misleading log message that said "USD" instead of "sats".
Co-authored-by: Cursor <cursoragent@cursor.com>
- Migration to ALTER rents.usd_amount from numeric(5,2) to numeric(15,2)
which was causing "numeric field overflow" 500 errors when saving
rental prices >= 1000 sats (e.g. 1200 sats)
- Also widen season_rents.usd_amount for consistency
- Add /webhooks/btcpay route alias (BTCPay was posting to /btcpay but
the endpoint was /btcpay-webhook, causing 404s on payment callbacks)
- Skip ECS autoscaling cron when TRANSCODING_API_URL is not set
(eliminates "security token invalid" error spam every minute)
- Reduce payment cron from EVERY_MINUTE to EVERY_10_MINUTES to avoid
429 rate limiting on the BTC price API
- Bump API CACHEBUST to 10
Co-authored-by: Cursor <cursoragent@cursor.com>
Nginx was serving /storage/.../*.jpg from the local filesystem instead of
proxying to MinIO because the static asset regex location (~* \.(jpg|...)$)
takes priority over plain prefix locations. Adding ^~ ensures the /storage/
and /storage-private/ prefix locations always win over regex matches.
Same root cause as the earlier 405 on thumbnail uploads.
Co-authored-by: Cursor <cursoragent@cursor.com>
The worker was completely broken because of 4 mismatches with the API:
1. Field names: API sends {correlationId, inputKey, outputKey, inputBucket,
outputBucket} but worker expected {contentId, sourceKey, outputPrefix}.
All fields were undefined, so jobs silently failed.
2. No status callback: Worker never updated content status to 'completed',
so projects never appeared as published (content stuck in 'processing').
Now updates status directly in PostgreSQL.
3. Wrong bucket: Worker uploaded HLS to private bucket, but the stream
controller checks the public bucket. Now uploads to outputBucket (public).
4. Wrong manifest name: Worker output index.m3u8 but codebase expects
file.m3u8. Aligned with helper.ts convention.
Co-authored-by: Cursor <cursoragent@cursor.com>
The rental check catch block was incorrectly setting hasActiveRental=true
for project owners when the API call failed (e.g. auth token not synced).
This showed a "Rented" badge with no time remaining and hid the rent button.
- Separate "owner can play" from "has active rental" via new isOwner computed
- canPlay now includes isOwner so owners always have playback access
- Catch block no longer fakes a rental — keeps the badge accurate
- New purple "Your project" badge for owners (distinct from green "Rented")
Co-authored-by: Cursor <cursoragent@cursor.com>
Nginx regex locations are evaluated in order — the static asset caching
rule (.jpg, .png, etc.) was matching image upload URLs before the MinIO
bucket proxy could handle them, causing PUT requests to return 405.
Moved the /indeedhub-*/ proxy location to the top of the regex block.
Co-authored-by: Cursor <cursoragent@cursor.com>
The backend was generating presigned S3 URLs pointing to the internal
MinIO endpoint (http://minio:9000), which browsers block on HTTPS pages.
- Add a second S3 client in upload.service.ts configured with FRONTEND_URL
for generating browser-facing presigned URLs (both upload and download)
- Add nginx proxy location for /indeedhub-private/ and /indeedhub-public/
paths that forwards to MinIO without rewriting (preserves S3v4 signatures)
- Keep internal S3 client for server-side operations (copy, delete, etc.)
Co-authored-by: Cursor <cursoragent@cursor.com>
Migration AddedWithdrawalFrequency1733770884555 referenced payment_methods
table that was never created. Modified to CREATE TABLE IF NOT EXISTS with
all columns, then drop lightning_address from filmmakers.
Co-authored-by: Cursor <cursoragent@cursor.com>
Escape single quote in seed-episodic-subgenres migration that caused
"column Children's Animation does not exist" PostgreSQL error.
Co-authored-by: Cursor <cursoragent@cursor.com>
TypeORM's manager.save/delete with string table names still uses
entity metadata internally (triggers SELECT with all entity columns).
Converted SeedSubgenres, RemoveLastGenres, and SeedEpisodicSubgenres
to use queryRunner.query() with raw SQL to avoid column mismatches.
Co-authored-by: Cursor <cursoragent@cursor.com>
Portainer tries to pull named images from Docker Hub before building.
Removing image: tags so it builds directly from Dockerfiles. The
CACHEBUST build arg handles cache invalidation.
Co-authored-by: Cursor <cursoragent@cursor.com>
MusicVideosUpdate and AddEpisodicGenres migrations used TypeORM
entity classes which reference columns that don't exist at their
migration timestamp (e.g. trailer_old, later entity fields).
Rewrote both to use raw SQL INSERT/UPDATE statements.
Also bumped CACHEBUST to v3 to force backend image rebuild.
Co-authored-by: Cursor <cursoragent@cursor.com>
Docker was reusing old cached images even on redeploy. By adding
explicit image names with version tags (e.g. indeehub-app:v2),
Docker must build new images since the old ones had no tag or a
different tag. Bump the version (v2 -> v3) to force future rebuilds.
Co-authored-by: Cursor <cursoragent@cursor.com>
Docker's build cache was preventing Portainer from picking up
code changes. Adding a CACHEBUST ARG before COPY invalidates
all subsequent layers when the value changes.
Co-authored-by: Cursor <cursoragent@cursor.com>
The MinIO S3 API is accessed internally via the Docker network.
The admin console is not needed externally and was causing
port 9001 conflicts with other services on the host.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Simplified the genre seeding process by replacing bulk save with individual insert queries, enhancing performance and error handling.
- Removed unnecessary comments and streamlined the deletion process for genres, ensuring clarity in migration scripts.
- Updated the `down` method to accurately restore deleted genres, maintaining data integrity during rollbacks.
- Updated SSL settings in database.module.ts and ormconfig.ts to use DATABASE_SSL environment variable for better control over SSL usage.
- Clarified comments to indicate that SSL is only necessary for remote PostgreSQL instances, enhancing understanding for local development setups.
- Modified Nginx configuration to trust the outer reverse proxy's X-Forwarded-Proto header, enhancing protocol handling.
- Updated initMockMode function in mock.ts to use the backend health endpoint for improved error handling and timeout management, ensuring a more robust fallback to mock data when the backend is unreachable.
- Modified baseURL and cdnURL in api.config.ts to include VITE_INDEEHUB_API_URL, enhancing the ability to switch between different API endpoints.
- Updated initMockMode function in mock.ts to reflect the changes in API URL handling, ensuring consistency across the application.
- Revised .env.portainer to update sensitive credentials and streamline comments for clarity.
- Adjusted docker-compose.yml to remove unnecessary variable references, enhancing readability and maintainability.
- Updated VideoPlayer component to improve type handling and refactor seeking logic for better performance.
- Enhanced library service to include providerId in the rentContent method for improved data handling.
- Refactored auth store to integrate account management functionality.
- Cleaned up ProjectEditor and Settings views by removing unused computed properties and refining method types.
- Modified .env.portainer to include new environment variables for S3 private bucket URL, Nostr JWT secrets, and SendGrid options.
- Updated docker-compose.yml to support the new environment variables, enhancing service configurations.
- Added a seed content script to the backend package.json for initializing the database with sample data.
- Refactored helper functions to construct S3 URLs more robustly, accommodating potential missing configurations.
- Enhanced dev.sh script to seed the database if empty, ensuring content availability during development.
- Updated docker-compose.yml to include environment variable support for services, enhancing flexibility in configuration.
- Refactored Dockerfile to utilize build arguments for VITE environment variables, allowing for better customization during builds.
- Improved Nginx configuration to handle larger video uploads by increasing client_max_body_size to 5GB.
- Enhanced backend Dockerfile to include wget for health checks and improved startup logging for database migrations.
- Added validation for critical environment variables in the backend to ensure necessary configurations are present before application startup.
- Updated content streaming logic to support direct HLS URL construction, improving streaming reliability and user experience.
- Refactored various components and services to streamline access checks and improve error handling during content playback.
- Integrated HLS.js version 1.6.15 into the project for improved video streaming capabilities.
- Updated the ContentsController to check for HLS manifest availability and fall back to presigned URLs for original files if not found.
- Enhanced the VideoPlayer component to handle loading and error states more effectively, improving user experience during streaming.
- Refactored content service methods to return detailed streaming information, including HLS and DASH manifest URLs.
