manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
397 commits 3 branches 0 tags 7.3 MiB
Commit graph

7 commits

Author SHA1 Message Date
Mannu
80390e7f13 fix(billing): allow Razorpay Checkout domains in CSP 
Checkout.razorpay.com script + payment iframe were blocked by CSP
(CHECKOUT_LOAD_FAILED). Added Razorpay to:
- script-src: https://checkout.razorpay.com
- frame-src:  https://*.razorpay.com https://api.razorpay.com (payment iframe)
- connect-src: https://*.razorpay.com + lumberjack.razorpay.com (telemetry)
- img-src:    https://*.razorpay.com (payment-method logos)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-06 12:59:38 +05:30
Mannu
a89ab96a12 fix: add analytics.manohargupta.com to CSP connect-src 
Browser was blocking the POST to analytics.manohargupta.com/api/send
with 'Failed to fetch' because the Content-Security-Policy connect-src
only listed plausible.io (old analytics tool, now removed).

- connect-src: replace plausible.io with analytics.manohargupta.com
- script-src: remove plausible.io (no longer needed, Umami script is self-hosted)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 21:30:54 +05:30
Mannu
dad0611350 SEO overhaul: metadata, robots, sitemap, structured data 
- Add metadataBase to root layout so OG/Twitter/canonical URLs resolve
  to absolute https URLs (fixes broken social previews)
- New src/lib/seo.ts with SITE_URL + JSON-LD builders
- New robots.ts (disallow api/admin/private app paths) and sitemap.ts
  (marketing pages + blog posts with real lastmod dates)
- JSON-LD: Organization/WebSite/SoftwareApplication on home,
  Blog+Breadcrumb on blog list, BlogPosting+Breadcrumb on posts
- Per-page canonical + Open Graph on all marketing pages; article OG
  + Twitter cards on blog posts; per-post dynamic OG image
- noindex on (app) and admin layouts; richer PWA manifest
- Fix CSP to allow plausible.io in script-src/connect-src (analytics
  was silently blocked)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-05-29 11:03:04 +05:30
Mannu
b6814579c6 feat(pwa): add Serwist service worker, manifest, icons, install prompt 
- Wrap next.config.ts with @serwist/next (webpack mode, disabled in dev)
- Service worker: NetworkOnly for /api/*, offline fallback → /~offline
- Web app manifest via Next.js metadata API (app/manifest.ts)
- PNG icon set generated with sharp (192, 512, maskable-512, apple-180)
- iOS meta tags: appleWebApp, themeColor viewport export
- Middleware: pwaAssets early-return so /sw.js never gets a 302→login
- Offline fallback page at /~offline (static, no auth dependency)
- InstallPrompt component: beforeinstallprompt (Android) + iOS Share sheet instructions
- Logout (menu/page.tsx): purge all SW caches on signout (shared-device safety)
- Fix invite/[token]/page.tsx params type for Next.js 16 (use(params))
- Build script: next build --webpack (Serwist requires webpack, not Turbopack)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 23:20:48 +05:30
Mannu
2196c3d07d Security hardening: auth, bcrypt, rate-limiting, RLS, audit 2026-05-16 23:11:01 +05:30
Mannu
3e1dcb0866 chore: add Dockerfile and docker config 2026-05-10 03:38:03 +05:30
Mannu
70e289e13b chore: initial setup 2026-05-10 03:33:32 +05:30