Release 1.4

* Upgrade geodb plan to increase radius and page limit

* Speed location debounce

.env.example

@@ -1,17 +1,7 @@
-# Rename this file to `.env` and fill in the values.
+# You already have access to basic local functionality (UI, authentication, database read access).
 
-# Required variables for basic local functionality
-
-# For database connection. A 16-character password with digits and letters.
-SUPABASE_DB_PASSWORD=
-
-# For authentication.
-# Ask the project admin. Should start with "AIza".
-NEXT_PUBLIC_FIREBASE_API_KEY=
-
-# The URL where your local backend server is running.
-# You can change the port if needed.
-NEXT_PUBLIC_API_URL=localhost:8088
+# openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in backend/shared/src/googleApplicationCredentials-dev.json -out secrets/googleApplicationCredentials-dev.json.enc
+GOOGLE_CREDENTIALS_ENC_PWD=nP7s3274uzOG4c2t
 
 
 # Optional variables for full local functionality
@@ -20,10 +10,6 @@ NEXT_PUBLIC_API_URL=localhost:8088
 # Create a free account at https://rapidapi.com/wirefreethought/api/geodb-cities and get an API key.
 GEODB_API_KEY=
 
-# For analytics like page views, user actions, feature usage, etc.
-# Create a free account at https://posthog.com and get a project API key. Should start with "phc_".
-POSTHOG_KEY=
-
 # For sending emails (e.g. for user sign up, password reset, notifications, etc.).
 # Create a free account at https://resend.com and get an API key. Should start with "re_".
-RESEND_API_KEY=
+RESEND_KEY=

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: CompassMeet # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: compassconnections # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
+thanks_dev: # Replace with a single thanks.dev username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/workflows/ci.yml

@@ -46,10 +46,12 @@ jobs:
 #       npx playwright install
 
       - name: Run E2E tests
+        env:
+          NEXT_PUBLIC_API_URL: localhost:8088
+          NEXT_PUBLIC_FIREBASE_ENV: PROD
+          NEXT_PUBLIC_FIREBASE_API_KEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_API_KEY }}
+          NEXT_PUBLIC_SUPABASE_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_KEY }}
         run: |
-          NEXT_PUBLIC_API_URL=localhost:8088 \
-          NEXT_PUBLIC_FIREBASE_ENV=PROD \
-          NEXT_PUBLIC_FIREBASE_API_KEY=${{ secrets.NEXT_PUBLIC_FIREBASE_API_KEY }} \
           yarn --cwd=web serve &
           npx wait-on http://localhost:3000
           npx playwright test tests/playwright

.gitignore

@@ -55,9 +55,34 @@ tsconfig.tsbuildinfo
 
 *prisma/migrations
 martin
+email-preview
 .obsidian
 .idea
 *.last-run.json
 
 *lock.hcl
 /web/pages/test.tsx
+
+*.png
+*.jpg
+*.jpeg
+*.gif
+*.svg
+*.mp4
+*.mov
+*.avi
+*.wmv
+*.mp3
+*.wav
+*.flac
+*.aac
+*.zip
+*.tar.gz
+*.rar
+/favicon_color.ico
+/backend/shared/src/googleApplicationCredentials-dev.json
+*.tfstate
+*.tfstate.backup
+*.terraform
+/backups/firebase/auth/data/
+/backups/firebase/storage/data/

CONTRIBUTING.md

@@ -19,7 +19,7 @@ We welcome pull requests, but only if they meet the project's quality and design
 3. **Add the upstream remote**:
 
    ```bash
-   git remote add upstream https://github.com/CompassMeet/Compass.git
+   git remote add upstream https://github.com/CompassConnections/Compass.git
    ```
 
 ## Create a New Branch

README.md

@@ -1,13 +1,13 @@
 
-[![CI](https://github.com/CompassMeet/Compass/actions/workflows/ci.yml/badge.svg)](https://github.com/CompassMeet/Compass/actions/workflows/ci.yml)
-[![CD](https://github.com/CompassMeet/Compass/actions/workflows/cd.yml/badge.svg)](https://github.com/CompassMeet/Compass/actions/workflows/cd.yml)
+[![CI](https://github.com/CompassConnections/Compass/actions/workflows/ci.yml/badge.svg)](https://github.com/CompassConnections/Compass/actions/workflows/ci.yml)
+[![CD](https://github.com/CompassConnections/Compass/actions/workflows/cd.yml/badge.svg)](https://github.com/CompassConnections/Compass/actions/workflows/cd.yml)
 ![Vercel](https://deploy-badge.vercel.app/vercel/bayesbond)
 
 # Compass
 
-This repository provides the source code for [Compass](https://compassmeet.com), a web application for people to form deep 1-on-1 relationships in a fully transparent and efficient way. And it just got released!
+This repository contains the source code for [Compass](https://compassmeet.com) — an open platform for forming deep, authentic 1-on-1 connections with clarity and efficiency.
 
-**We can’t do this alone.** Whatever your skills—coding, design, writing, moderation, marketing, or even small donations—you can make a real difference. [Contribute](https://www.compassmeet.com/about) in any way you can and help our community thrive!
+**We can’t do this alone.** Whatever your skills—coding, design, writing, moderation, marketing, or even small donations—you can make a real difference. [Contribute](https://www.compassmeet.com/support) in any way you can and help our community thrive!
 
 ## Features
 
@@ -18,10 +18,32 @@ This repository provides the source code for [Compass](https://compassmeet.com),
 - Open source
 - Democratically governed
 
-A detailed description of the vision is available [here](https://martinbraquet.com/meeting-rational).
+You can find a lot of interesting info in the [About page](https://www.compassmeet.com/about) and the [FAQ](https://www.compassmeet.com/faq) as well.
+A detailed description of the early vision is also available in this [blog post](https://martinbraquet.com/meeting-rational) (you can disregard the parts about rationality, as Compass shifted to a more general audience).
+
+<p style="text-align: center;">
+  <img src="https://firebasestorage.googleapis.com/v0/b/compass-130ba.firebasestorage.app/o/misc%2Fdemo_compass.gif?alt=media&token=e3ae4334-4e3f-4026-b121-c08b4b724cd1" alt="Compass Demo" width="600">
+</p>
 
 ## To Do
 
+No contribution is too small—whether it’s changing a color, resizing a button, tweaking a font, or improving wording. Bigger contributions like adding new profile fields, building modules, or improving onboarding are equally welcome. The goal is to make the platform better step by step, and every improvement counts. If you see something that could be clearer, smoother, or more engaging, **please jump in**!
+
+The complete, official list of tasks is available [here on ClickUp](https://sharing.clickup.com/90181043445/l/h/6-901810339879-1/bbfd32f4f4bf64b). If you are working on one task, just assign it to yourself and move its status to "in progress". If there is also a GitHub issue for that task, assign it to yourself as well.
+
+To have edit access to the ClickUp workspace, you need an admin to manually give you permission (one time thing). To do so, just use your preferred option:
+- Ask or DM an admin on Discord
+- Email hello@compassmeet.com
+- Raise an issue on GitHub
+
+If you want to add tasks without creating an account, you can simply email
+```
+a.t.901810339879.u-276866260.b847aba1-2709-4f17-b4dc-565a6967c234@tasks.clickup.com
+```
+Put the task title in the email subject and the task description in the email content.
+
+Here is a tailored selection of things that would be very useful. If you want to help but don’t know where to start, just ask us on [Discord](https://discord.gg/8Vd7jzqjun).
+
 - [x] Authentication (user/password and Google Sign In)
 - [x] Set up PostgreSQL in Production with supabase
 - [x] Set up web hosting (vercel)
@@ -29,20 +51,37 @@ A detailed description of the vision is available [here](https://martinbraquet.c
 - [x] Ask for detailed info upon registration (location, desired type of connection, prompt answers, gender, etc.)
 - [x] Set up page listing all the profiles
 - [x] Search through most profile variables
-- [x] (Set up chat / direct messaging)
-- [x] Set up domain name (https://compassmeet.com)
+- [x] Set up chat / direct messaging
+- [x] Set up domain name (compassmeet.com)
+- [ ] Add mobile app (React Native on Android and iOS)
+- [ ] Add better onboarding (tooltips, modals, etc.)
+- [ ] Add modules to learn more about each other (personality test, conflict style, love languages, etc.)
+- [ ] Add modules to improve interpersonal skills (active listening, nonviolent communication, etc.)
+- [ ] Add calendar integration and scheduling
+- [ ] Add events (group calls, in-person meetups, etc.)
 
 #### Secondary To Do
 
-Any action item is open to anyone for collaboration, but the following ones are particularly easy to do for first-time contributors.
+Everything is open to anyone for collaboration, but the following ones are particularly easy to do for first-time contributors.
 
+- [x] Clean up learn more page
+- [x] Add dark theme
 - [ ] Add profile features (intellectual interests, cause areas, personality type, conflict style, etc.)
 - [ ] Add filters to search through remaining profile features (politics, religion, education level, etc.)
 - [ ] Cover with tests (very important, just the test template and framework are ready)
-- [ ] Clean up terms and conditions
-- [ ] Clean up privacy notice
-- [x] Clean up learn more page
-- [x] Add dark theme
+- [ ] Make the app more user-friendly and appealing (UI/UX)
+- [ ] Clean up terms and conditions (convert to Markdown)
+- [ ] Clean up privacy notice (convert to Markdown)
+- [ ] Add other authentication methods (GitHub, Facebook, Apple, phone, etc.)
+- [ ] Add email verification
+- [ ] Add password reset
+- [x] Add automated welcome email
+- [ ] Security audit and penetration testing
+- [ ] Make `deploy-api.sh` run automatically on push to `main` branch
+- [ ] Create settings page (change email, password, delete account, etc.)
+- [ ] Improve [financials](web/public/md/financials.md) page (donor / acknowledgments, etc.)
+- [ ] Improve loading sign (e.g., animation of a compass moving around)
+- [ ] Show compatibility score in profile page
 
 ## Implementation
 
@@ -55,13 +94,13 @@ The web app is coded in Typescript using React as front-end. It includes:
 
 ## Development
 
-Below are all the steps to contribute. If you have any trouble or questions, please don't hesitate to open an issue or contact us on [Discord](https://discord.gg/8Vd7jzqjun)! We're responsive and happy to help.
+Below are the steps to contribute. If you have any trouble or questions, please don't hesitate to open an issue or contact us on [Discord](https://discord.gg/8Vd7jzqjun)! We're responsive and happy to help.
 
 ### Installation
 
-Clone the repo and navigating into it:
+Fork the [repo](https://github.com/CompassConnections/Compass) on GitHub (button in top right). Then, clone your repo and navigating into it:
 ```bash
-git clone git@github.com:CompassMeet/Compass.git
+git clone https://github.com/<your-username>/Compass.git
 cd Compass
 ```
 
@@ -69,7 +108,7 @@ Install `opentofu`, `docker`, and `yarn`. Try running this on Linux or macOS for
 ```bash
 ./setup.sh
 ```
-If it doesn't work, you can install them manually (Google how to install `opentofu`, `docker`, and `yarn` for your OS).
+If it doesn't work, you can install them manually (google how to install `opentofu`, `docker`, and `yarn` for your OS).
 
 Then, install the dependencies for this project:
 ```bash
@@ -78,59 +117,25 @@ yarn install
 
 ### Environment Variables
 
+Almost all the features will work out of the box, so you can skip this step and come back later if you need to test the following services: email, geolocation.
+
 We can't make the following information public, for security and privacy reasons:
 - Database, otherwise anyone could access all the user data (including private messages)
 - Firebase, otherwise anyone could remove users or modify the media files
-- Email, analytics, and location services, otherwise anyone could use our paid plan
+- Email, analytics, and location services, otherwise anyone could use the service plans Compass paid for and run up the bill.
 
-So, for your development, we will give you user-specific access when possible (e.g., Firebase) and for the rest you will need to set up cloned services (email, locations, etc.) and store your secrets as environment variables.
+That's why we separate all those services between production and development environments, so that you can code freely without impacting the functioning of the deployed platform.
+Contributors should use the default keys for local development. Production uses a separate environment with stricter rules and private keys that are not shared.
 
-To do so, simply create an `.env` file as a copy of `.env.example`, open it, and fill in the variables according to the instructions in the file:
-```bash
-cp .env.example .env
-```
-
-### Installing PostgreSQL
-
-Run the following commands to set up your local development database. Run only the section that corresponds to your operating system.
-
-On macOS:
-```bash
-brew install postgresql
-brew services start postgresql
-```
-
-On Linux:
-```bash
-sudo apt update
-sudo apt install postgresql postgresql-contrib
-sudo systemctl start postgresql
-````
-
-On Windows, you can download PostgreSQL from the [official website](https://www.postgresql.org/download/windows/).
-
-### Database Initialization
-
-Create a database named `compass` and set the password for the `postgres` user:
-```bash
-sudo -u postgres psql
-ALTER USER postgres WITH PASSWORD 'password';  
-\q
-```
-
-Create the database
-```bash
-...
-```
-Note that your local database will be made of synthetic data, not real users. This is fine for development and testing.
+If you do need one of the few remaining services, you need to set them up and store your own secrets as environment variables. To do so, simply open `.env` and fill in the variables according to the instructions in the file.
 
 ### Tests
 
 Make sure the tests pass:
 ```bash
-yarn test
+yarn test tests/jest/
 ```
-TODO: fix tests
+TODO: make `yarn test` run all the tests, not just the ones in `tests/jest/`.
 
 ### Running the Development Server
 
@@ -139,11 +144,50 @@ Start the development server:
 yarn dev
 ```
 
-Once the server is running, visit http://localhost:3000 to start using the app. You can sign up and visit the profiles; you should see 5 synthetic profiles.
+Once the server is running, visit http://localhost:3000 to start using the app. You can sign up and visit the profiles; you should see a few synthetic profiles.
+
+Note: it's normal if page loading locally is much slower than the deployed version. It can take up to 10 seconds, it would be great to improve that though!
+
+### Contributing
 
 Now you can start contributing by making changes and submitting pull requests!
 
+We recommend using a good code editor (VSCode, WebStorm, Cursor, etc.) with Typescript support and a good AI assistant (GitHub Copilot, etc.) to make your life easier. To debug, you can use the browser developer tools (F12), specifically:
+- Components tab to see the React component tree and props (you need to install the [React Developer Tools](https://react.dev/learn/react-developer-tools) extension)
+- Console tab for errors and logs
+- Network tab to see the requests and responses
+- Storage tab to see cookies and local storage
+
+You can also add `console.log()` statements in the code.
+
+If you are new to Typescript or the open-source space, you could start with small changes, such as tweaking some web components or improving wording in some pages. You can find those files in `web/public/md/`.
+
 See [development.md](docs/development.md) for additional instructions, such as adding new profile features.
 
+### Submission
+
+Add the original repo as upstream for syncing:
+```bash
+git remote add upstream https://github.com/CompassConnections/Compass.git
+```
+
+Create a new branch for your changes:
+```bash
+git checkout -b <branch-name>
+```
+
+Make changes, then stage and commit:
+```bash
+git add .
+git commit -m "Describe your changes"
+```
+
+Push branch to your fork:
+```bash
+git push origin <branch-name>
+```
+
+Finally, open a Pull Request on GitHub from your `fork/<branch-name>` → `CompassConnections/Compass` main branch.
+
 ## Acknowledgements
 This project is built on top of [manifold.love](https://github.com/sipec/polylove), an open-source dating platform licensed under the MIT License. We greatly appreciate their work and contributions to open-source, which have significantly aided in the development of some core features such as direct messaging, prompts, and email notifications. We invite the community to explore and contribute to other open-source projects like manifold.love as well, especially if you're interested in functionalities that deviate from Compass' ideals of deep, intentional connections.

SECURITY.md

@@ -8,5 +8,5 @@
 
 ## Reporting a Vulnerability
 
-Contact the development team to report a vulnerability. You should receive updates within a week.
+Contact the development team at compass.meet.info@gmail.com to report a vulnerability. You should receive updates within a week.
 

_old/app/layout.tsx

@@ -30,7 +30,7 @@ export default function RootLayout(
         <footer className="p-6 text-center text-gray-500">
           <div className="mb-2">
             <a
-              href="https://github.com/CompassMeet/Compass"
+              href="https://github.com/CompassConnections/Compass"
               target="_blank"
               rel="noopener noreferrer"
               className="inline-flex items-center text-gray-500 hover:text-gray-700 transition"

_old/app/manifesto/page.tsx

@@ -1,6 +1,5 @@
 'use client';
 
-import {aColor, supportEmail} from "@/lib/client/constants";
 import Image from 'next/image';
 
 export default function PrivacyPage() {

_old/app/page.tsx

@@ -49,7 +49,7 @@ export default function HomePage() {
       {/* Header */}
       {/*<header className="flex justify-between items-center p-2 max-w-6xl mx-auto w-full">*/}
       {/*  <a */}
-      {/*    href="https://github.com/CompassMeet/Compass" */}
+      {/*    href="https://github.com/CompassConnections/Compass" */}
       {/*    target="_blank" */}
       {/*    rel="noopener noreferrer"*/}
       {/*    className="text-gray-700 hover: transition"*/}

_old/components/ui/PromptAnswer.tsx

@@ -3,7 +3,7 @@
 import {useEffect, useState} from 'react';
 import {Textarea} from '@/components/ui/textarea';
 import {Select, SelectContent, SelectItem, SelectTrigger, SelectValue,} from '@/components/ui/select';
-import {cons} from "effect/List";
+// import {cons} from "effect/List";
 
 type Prompt = {
   id: string;

_old/lib/client/constants.tsx

@@ -0,0 +1,2 @@
+'use client';
+

backend/api/Dockerfile

@@ -1,19 +1,20 @@
 # prereq: first do `yarn build` to compile typescript & etc.
 
-FROM node:19-alpine
+FROM node:20-alpine
 WORKDIR /usr/src/app
 
 # Install PM2 globally
 RUN yarn global add pm2
 
-# Remove?
-COPY tsconfig.json ./
-
-# first get dependencies in for efficient docker layering
+# Fet dependencies in for efficient docker layering
 COPY dist/package.json dist/yarn.lock ./
-RUN yarn install --frozen-lockfile --production
 
-# then copy over typescript payload
+# Clean yarn cache to reduce image size
+RUN yarn install --frozen-lockfile --production && \
+    yarn cache clean --force && \
+    rm -rf /usr/local/share/.cache/yarn
+
+# Copy over typescript payload
 COPY dist ./
 
 # Copy the PM2 ecosystem configuration

backend/api/README.md

@@ -1,33 +1,38 @@
 # Backend API
 
-This is the code for the API running at `api.compassmeet.com`.
+This is the code for the API running at https://api.compassmeet.com.
 It runs in a docker inside a Google Cloud virtual machine.
 
 ### Requirements
 
 You must have the `gcloud` CLI.
 
-On MacOS:
+On macOS:
+
 ```bash
 brew install --cask google-cloud-sdk
 ```
 
 On Linux:
+
 ```bash
 sudo apt-get update && sudo apt-get install google-cloud-sdk
 ```
 
 Then:
+
 ```bash
 gcloud init
 gcloud auth login
 gcloud config set project YOUR_PROJECT_ID
 ```
+
 ### Setup
 
 This section is only for the people who are creating a server from scratch, for instance for a forked project.
 
 One-time commands you may need to run:
+
 ```bash
 gcloud artifacts repositories create builds \
   --repository-format=docker \
@@ -49,8 +54,25 @@ gcloud projects add-iam-policy-binding compass-130ba \
     --member="serviceAccount:253367029065-compute@developer.gserviceaccount.com" \
     --role="roles/secretmanager.secretAccessor"
 gcloud run services list
+gcloud compute backend-services update api-backend \
+  --global \
+  --timeout=600s
 ```
 
+Set up the saved search notifications job:
+
+```bash
+gcloud scheduler jobs create http daily-saved-search-notifications \
+  --schedule="0 16 * * *" \
+  --uri="https://api.compassmeet.com/internal/send-search-notifications" \
+  --http-method=POST \
+  --headers="x-api-key=<API_KEY>" \
+  --time-zone="UTC" \
+  --location=us-west1
+```
+
+View it [here](https://console.cloud.google.com/cloudscheduler).
+
 ##### DNS
 
 * After deployment, Terraform assigns a static external IP to this resource.
@@ -60,6 +82,7 @@ gcloud run services list
 gcloud compute addresses describe api-lb-ip-2 --global --format="get(address)"
 34.117.20.215
 ```
+
 Since Vercel manages your domain (`compassmeet.com`):
 
 1. Log in to [Vercel dashboard](https://vercel.com/dashboard).
@@ -67,7 +90,7 @@ Since Vercel manages your domain (`compassmeet.com`):
 3. Add an **A record** for your API subdomain:
 
 | Type | Name | Value        | TTL   |
-| ---- | ---- | ------------ | ----- |
+|------|------|--------------|-------|
 | A    | api  | 34.123.45.67 | 600 s |
 
 * `Name` is just the subdomain: `api` → `api.compassmeet.com`.
@@ -85,7 +108,6 @@ curl -I https://api.compassmeet.com
 * `nslookup` should return the LB IP (`34.123.45.67`).
 * `curl -I` should return `200 OK` from your service.
 
-
 If SSL isn’t ready (may take 15 mins), check LB logs:
 
 ```bash
@@ -96,7 +118,9 @@ gcloud compute ssl-certificates describe api-lb-cert-2
 
 Secrets are strings that shouldn't be checked into Git (eg API keys, passwords).
 
-Add the secrets for your specific project in [Google Cloud Secrets manager](https://console.cloud.google.com/security/secret-manager), so that the virtual machine can access them.
+Add the secrets for your specific project
+in [Google Cloud Secrets manager](https://console.cloud.google.com/security/secret-manager), so that the virtual machine
+can access them.
 
 For Compass, the name of the secrets are in [secrets.ts](../../common/src/secrets.ts).
 
@@ -111,13 +135,16 @@ In root directory, run the local api with hot reload, along with all the other b
 ### Deploy
 
 Run in this directory to deploy your code to the server.
+
 ```bash
 ./deploy-api.sh prod
 ```
 
 ### Connect to the server
 
-Run in this directory to connect to the API server running as virtual machine in Google Cloud. You can access logs, files, debug, etc.
+Run in this directory to connect to the API server running as virtual machine in Google Cloud. You can access logs,
+files, debug, etc.
+
 ```bash
 ./ssh-api.sh prod
 ```
@@ -128,4 +155,11 @@ Useful commands once inside the server:
 sudo journalctl -u konlet-startup --no-pager -efb
 sudo docker logs -f $(sudo docker ps -alq)
 docker exec -it $(sudo docker ps -alq) sh
+docker run -it --rm $(docker images -q | head -n 1) sh
+docker rmi -f $(docker images -aq)
 ```
+
+### Documentation
+
+The API docs are available at https://api.compassmeet.com. They are defined in [openapi.json](openapi.json).
+Just a few endpoints are mentioned in that JSON doc. Feel free to help by adding the remaining ones!

backend/api/deploy-api.sh

@@ -11,6 +11,8 @@
 
 set -e
 
+cd "$(dirname "$0")"
+
 source ../../.env
 
 ENV=${1:-prod}
@@ -28,7 +30,6 @@ IMAGE_TAG="${TIMESTAMP}-${GIT_REVISION}"
 IMAGE_URL="${REGION}-docker.pkg.dev/${PROJECT}/builds/${SERVICE_NAME}:${IMAGE_TAG}"
 
 echo "🚀 Deploying ${SERVICE_NAME} to ${ENV} ($(date "+%Y-%m-%d %I:%M:%S %p"))"
-yarn add tsconfig-paths
 yarn build
 
 gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin us-west1-docker.pkg.dev

backend/api/ecosystem.config.js

@@ -3,7 +3,7 @@ module.exports = {
         {
             name: "api",
             script: "node",
-            args: "-r tsconfig-paths/register --dns-result-order=ipv4first backend/api/lib/serve.js",
+            args: "--dns-result-order=ipv4first backend/api/lib/serve.js",
             env: {
                 NODE_ENV: "production",
                 NODE_PATH: "/usr/src/app/node_modules",  // <- ensures Node finds tsconfig-paths

backend/api/main.tf

@@ -175,7 +175,7 @@ resource "google_compute_backend_service" "api_backend" {
 # URL map
 resource "google_compute_url_map" "api_url_map" {
   name            = "${local.service_name}-url-map"
-  default_service = google_compute_backend_service.api_backend.id
+  default_service = google_compute_backend_service.api_backend.self_link
 
   host_rule {
     hosts        = ["*"]
@@ -185,9 +185,33 @@ resource "google_compute_url_map" "api_url_map" {
   path_matcher {
     name            = "allpaths"
     default_service = google_compute_backend_service.api_backend.self_link
+  #
+  #   # Priority 0: passthrough /v0/* requests
+  #   route_rules {
+  #     priority = 1
+  #     match_rules {
+  #       prefix_match = "/v0"
+  #     }
+  #     service = google_compute_backend_service.api_backend.self_link
+  #   }
+  #
+  #   # Priority 1: rewrite everything else to /v0
+  #   route_rules {
+  #     priority = 2
+  #     match_rules {
+  #       prefix_match = "/"
+  #     }
+  #     route_action {
+  #       url_rewrite { # This may break websockets (the Upgrade and Connection headers must pass through untouched).
+  #         path_prefix_rewrite = "/v0/"
+  #       }
+  #     }
+  #     service = google_compute_backend_service.api_backend.self_link
+  #   }
   }
 }
 
+
 # HTTPS proxy
 resource "google_compute_target_https_proxy" "api_https_proxy" {
   name             = "${local.service_name}-https-proxy"

backend/api/openapi.json

@@ -0,0 +1,29 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Compass API",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/health": {
+      "get": {
+        "summary": "Health",
+        "responses": {
+          "200": {
+            "description": "OK"
+          }
+        }
+      }
+    },
+    "/get-profiles": {
+      "get": {
+        "summary": "List profiles",
+        "responses": {
+          "200": {
+            "description": "OK"
+          }
+        }
+      }
+    }
+  }
+}

backend/api/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@compass/api",
   "description": "Backend API endpoints",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "private": true,
   "scripts": {
     "watch:compile": "npx concurrently \"tsc -b --watch --preserveWatchOutput\" \"(cd ../../common && tsc-alias --watch)\" \"(cd ../shared && tsc-alias --watch)\" \"(cd ../email && tsc-alias --watch)\" \"tsc-alias --watch\"",
@@ -13,15 +13,15 @@
     "debug": "nodemon -r tsconfig-paths/register --watch src -e ts --watch ../../common/src --watch ../shared/src --exec \"yarn build && node --inspect-brk src/serve.ts\"",
     "dist": "yarn dist:clean && yarn dist:copy",
     "dist:clean": "rm -rf dist && mkdir -p dist/common/lib dist/backend/shared/lib dist/backend/api/lib dist/backend/email/lib",
-    "dist:copy": "rsync -a --delete ../../common/lib/ dist/common/lib && rsync -a --delete ../shared/lib/ dist/backend/shared/lib && rsync -a --delete ../email/lib/ dist/backend/email/lib && rsync -a --delete  ./lib/* dist/backend/api/lib && cp ../../yarn.lock dist && cp package.json dist",
+    "dist:copy": "rsync -a --delete ../../common/lib/ dist/common/lib && rsync -a --delete ../shared/lib/ dist/backend/shared/lib && rsync -a --delete ../email/lib/ dist/backend/email/lib && rsync -a --delete  ./lib/* dist/backend/api/lib && cp ../../yarn.lock dist && cp package.json dist && cp openapi.json dist",
     "watch": "tsc -w",
     "verify": "yarn --cwd=../.. verify",
     "verify:dir": "npx eslint . --max-warnings 0",
     "regen-types": "cd ../supabase && make ENV=prod regen-types",
-    "regen-types-dev": "cd ../supabase && make ENV=dev regen-types"
+    "regen-types-dev": "cd ../supabase && make ENV=dev regen-types-dev"
   },
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=20.0.0"
   },
   "main": "src/serve.ts",
   "dependencies": {
@@ -45,24 +45,28 @@
     "cors": "2.8.5",
     "dayjs": "1.11.4",
     "express": "4.18.1",
-    "firebase-admin": "11.11.1",
+    "firebase-admin": "13.5.0",
     "gcp-metadata": "6.1.0",
     "jsonwebtoken": "9.0.0",
     "lodash": "4.17.21",
     "pg-promise": "11.4.1",
     "posthog-node": "4.11.0",
-    "react": "19.0.0",
-    "react-dom": "19.0.0",
-    "react-email": "3.0.7",
     "resend": "4.1.2",
     "string-similarity": "4.0.4",
+    "swagger-jsdoc": "6.2.8",
+    "swagger-ui-express": "5.0.1",
     "tsconfig-paths": "4.2.0",
     "twitter-api-v2": "1.15.0",
     "ws": "8.17.0",
+    "react": "18.2.0",
+    "react-dom": "18.2.0",
     "zod": "3.21.4"
   },
   "devDependencies": {
     "@types/cors": "2.8.17",
+    "@types/react": "18.3.5",
+    "@types/react-dom": "18.3.0",
+    "@types/swagger-ui-express": "4.1.8",
     "@types/ws": "8.5.10"
   }
 }

backend/api/src/app.ts

@@ -1,56 +1,64 @@
-import { API, type APIPath } from 'common/api/schema'
-import { APIError, pathWithPrefix } from 'common/api/utils'
+import {API, type APIPath} from 'common/api/schema'
+import {APIError, pathWithPrefix} from 'common/api/utils'
 import cors from 'cors'
 import * as crypto from 'crypto'
-import express from 'express'
-import { type ErrorRequestHandler, type RequestHandler } from 'express'
-import { hrtime } from 'node:process'
-import { withMonitoringContext } from 'shared/monitoring/context'
-import { log } from 'shared/monitoring/log'
-import { metrics } from 'shared/monitoring/metrics'
-import { banUser } from './ban-user'
-import { blockUser, unblockUser } from './block-user'
-import { getCompatibleLoversHandler } from './compatible-lovers'
-import { createComment } from './create-comment'
-import { createCompatibilityQuestion } from './create-compatibility-question'
-import { createLover } from './create-lover'
-import { createUser } from './create-user'
-import { getCompatibilityQuestions } from './get-compatibililty-questions'
-import { getLikesAndShips } from './get-likes-and-ships'
-import { getLoverAnswers } from './get-lover-answers'
-import { getLovers } from './get-lovers'
-import { getSupabaseToken } from './get-supabase-token'
-import { getDisplayUser, getUser } from './get-user'
-import { getMe } from './get-me'
-import { hasFreeLike } from './has-free-like'
-import { health } from './health'
-import { typedEndpoint, type APIHandler } from './helpers/endpoint'
-import { hideComment } from './hide-comment'
-import { likeLover } from './like-lover'
-import { markAllNotifsRead } from './mark-all-notifications-read'
-import { removePinnedPhoto } from './remove-pinned-photo'
-import { report } from './report'
-import { searchLocation } from './search-location'
-import { searchNearCity } from './search-near-city'
-import { shipLovers } from './ship-lovers'
-import { starLover } from './star-lover'
-import { updateLover } from './update-lover'
-import { updateMe } from './update-me'
-import { deleteMe } from './delete-me'
-import { getCurrentPrivateUser } from './get-current-private-user'
-import { createPrivateUserMessage } from './create-private-user-message'
+import express, {type ErrorRequestHandler, type RequestHandler} from 'express'
+import {hrtime} from 'node:process'
+import {withMonitoringContext} from 'shared/monitoring/context'
+import {log} from 'shared/monitoring/log'
+import {metrics} from 'shared/monitoring/metrics'
+import {banUser} from './ban-user'
+import {blockUser, unblockUser} from './block-user'
+import {getCompatibleProfilesHandler} from './compatible-profiles'
+import {createComment} from './create-comment'
+import {createCompatibilityQuestion} from './create-compatibility-question'
+import {createProfile} from './create-profile'
+import {createUser} from './create-user'
+import {getCompatibilityQuestions} from './get-compatibililty-questions'
+import {getLikesAndShips} from './get-likes-and-ships'
+import {getProfileAnswers} from './get-profile-answers'
+import {getProfiles} from './get-profiles'
+import {getSupabaseToken} from './get-supabase-token'
+import {getDisplayUser, getUser} from './get-user'
+import {getMe} from './get-me'
+import {hasFreeLike} from './has-free-like'
+import {health} from './health'
+import {type APIHandler, typedEndpoint} from './helpers/endpoint'
+import {hideComment} from './hide-comment'
+import {likeProfile} from './like-profile'
+import {markAllNotifsRead} from './mark-all-notifications-read'
+import {removePinnedPhoto} from './remove-pinned-photo'
+import {report} from './report'
+import {searchLocation} from './search-location'
+import {searchNearCity} from './search-near-city'
+import {shipProfiles} from './ship-profiles'
+import {starProfile} from './star-profile'
+import {updateProfile} from './update-profile'
+import {updateMe} from './update-me'
+import {deleteMe} from './delete-me'
+import {getCurrentPrivateUser} from './get-current-private-user'
+import {createPrivateUserMessage} from './create-private-user-message'
 import {
   getChannelMemberships,
   getChannelMessages,
   getLastSeenChannelTime,
   setChannelLastSeenTime,
 } from 'api/get-private-messages'
-import { searchUsers } from './search-users'
-import { createPrivateUserMessageChannel } from './create-private-user-message-channel'
-import { leavePrivateUserMessageChannel } from './leave-private-user-message-channel'
-import { updatePrivateUserMessageChannel } from './update-private-user-message-channel'
-import { getNotifications } from './get-notifications'
-import { updateNotifSettings } from './update-notif-setting'
+import {searchUsers} from './search-users'
+import {createPrivateUserMessageChannel} from './create-private-user-message-channel'
+import {leavePrivateUserMessageChannel} from './leave-private-user-message-channel'
+import {updatePrivateUserMessageChannel} from './update-private-user-message-channel'
+import {getNotifications} from './get-notifications'
+import {updateNotifSettings} from './update-notif-setting'
+import {setLastOnlineTime} from './set-last-online-time'
+import swaggerUi from "swagger-ui-express"
+import * as fs from "fs"
+import {sendSearchNotifications} from "api/send-search-notifications";
+import {sendDiscordMessage} from "common/discord/core";
+import {getMessagesCount} from "api/get-messages-count";
+import {createVote} from "api/create-vote";
+import {vote} from "api/vote";
+import {contact} from "api/contact";
 
 const allowCorsUnrestricted: RequestHandler = cors({})
 
@@ -66,15 +74,15 @@ const requestMonitoring: RequestHandler = (req, _res, next) => {
   const traceId = traceContext
     ? traceContext.split('/')[0]
     : crypto.randomUUID()
-  const context = { endpoint: req.path, traceId }
+  const context = {endpoint: req.path, traceId}
   withMonitoringContext(context, () => {
     const startTs = hrtime.bigint()
     log(`${req.method} ${req.url}`)
-    metrics.inc('http/request_count', { endpoint: req.path })
+    metrics.inc('http/request_count', {endpoint: req.path})
     next()
     const endTs = hrtime.bigint()
     const latencyMs = Number(endTs - startTs) / 1e6
-    metrics.push('http/request_latency', latencyMs, { endpoint: req.path })
+    metrics.push('http/request_latency', latencyMs, {endpoint: req.path})
   })
 }
 
@@ -82,7 +90,7 @@ const apiErrorHandler: ErrorRequestHandler = (error, _req, res, _next) => {
   if (error instanceof APIError) {
     log.info(error)
     if (!res.headersSent) {
-      const output: { [k: string]: unknown } = { message: error.message }
+      const output: { [k: string]: unknown } = {message: error.message}
       if (error.details != null) {
         output.details = error.details
       }
@@ -91,7 +99,7 @@ const apiErrorHandler: ErrorRequestHandler = (error, _req, res, _next) => {
   } else {
     log.error(error)
     if (!res.headersSent) {
-      res.status(500).json({ message: error.stack, error })
+      res.status(500).json({message: error.stack, error})
     }
   }
 }
@@ -99,6 +107,22 @@ const apiErrorHandler: ErrorRequestHandler = (error, _req, res, _next) => {
 export const app = express()
 app.use(requestMonitoring)
 
+const swaggerDocument = JSON.parse(fs.readFileSync("./openapi.json", "utf-8"))
+swaggerDocument.info = {
+  ...swaggerDocument.info,
+  description: "Compass is a free, open-source platform to help people form deep, meaningful, and lasting connections — whether platonic, romantic, or collaborative. It’s made possible by contributions from the community, including code, ideas, feedback, and donations. Unlike typical apps, Compass prioritizes values, interests, and personality over swipes and ads, giving you full control over who you discover and how you connect.",
+  version: "1.0.0",
+  contact: {
+    name: "Compass",
+    email: "hello@compassmeet.com",
+    url: "https://compassmeet.com"
+  }
+};
+
+const rootPath = pathWithPrefix("/")
+app.get(rootPath, swaggerUi.setup(swaggerDocument))
+app.use(rootPath, swaggerUi.serve)
+
 app.options('*', allowCorsUnrestricted)
 
 const handlers: { [k in APIPath]: APIHandler<k> } = {
@@ -116,26 +140,29 @@ const handlers: { [k in APIPath]: APIHandler<k> } = {
   'ban-user': banUser,
   report: report,
   'create-user': createUser,
-  'create-lover': createLover,
+  'create-profile': createProfile,
   me: getMe,
   'me/private': getCurrentPrivateUser,
   'me/update': updateMe,
   'update-notif-settings': updateNotifSettings,
   'me/delete': deleteMe,
-  'update-lover': updateLover,
-  'like-lover': likeLover,
-  'ship-lovers': shipLovers,
+  'update-profile': updateProfile,
+  'like-profile': likeProfile,
+  'ship-profiles': shipProfiles,
   'get-likes-and-ships': getLikesAndShips,
   'has-free-like': hasFreeLike,
-  'star-lover': starLover,
-  'get-lovers': getLovers,
-  'get-lover-answers': getLoverAnswers,
+  'star-profile': starProfile,
+  'get-profiles': getProfiles,
+  'get-profile-answers': getProfileAnswers,
   'get-compatibility-questions': getCompatibilityQuestions,
   'remove-pinned-photo': removePinnedPhoto,
   'create-comment': createComment,
   'hide-comment': hideComment,
   'create-compatibility-question': createCompatibilityQuestion,
-  'compatible-lovers': getCompatibleLoversHandler,
+  'create-vote': createVote,
+  'vote': vote,
+  'contact': contact,
+  'compatible-profiles': getCompatibleProfilesHandler,
   'search-location': searchLocation,
   'search-near-city': searchNearCity,
   'create-private-user-message': createPrivateUserMessage,
@@ -146,12 +173,14 @@ const handlers: { [k in APIPath]: APIHandler<k> } = {
   'get-channel-messages': getChannelMessages,
   'get-channel-seen-time': getLastSeenChannelTime,
   'set-channel-seen-time': setChannelLastSeenTime,
+  'get-messages-count': getMessagesCount,
+  'set-last-online-time': setLastOnlineTime,
 }
 
 Object.entries(handlers).forEach(([path, handler]) => {
   const api = API[path as APIPath]
   const cache = cacheController((api as any).cache)
-  const url = '/' + pathWithPrefix(path as APIPath)
+  const url = pathWithPrefix('/' + path as APIPath)
 
   const apiRoute = [
     url,
@@ -173,6 +202,31 @@ Object.entries(handlers).forEach(([path, handler]) => {
   }
 })
 
+// console.debug('COMPASS_API_KEY:', process.env.COMPASS_API_KEY)
+
+// Internal Endpoints
+app.post(pathWithPrefix("/internal/send-search-notifications"),
+  async (req, res) => {
+    const apiKey = req.header("x-api-key");
+    if (apiKey !== process.env.COMPASS_API_KEY) {
+      return res.status(401).json({error: "Unauthorized"});
+    }
+
+    try {
+      const result = await sendSearchNotifications()
+      return res.status(200).json(result)
+    } catch (err) {
+      console.error("Failed to send notifications:", err);
+      await sendDiscordMessage(
+        "Failed to send [daily notifications](https://console.cloud.google.com/cloudscheduler?project=compass-130ba) for bookmarked searches...",
+        "health"
+      )
+      return res.status(500).json({error: "Internal server error"});
+    }
+  }
+);
+
+
 app.use(allowCorsUnrestricted, (req, res) => {
   if (req.method === 'OPTIONS') {
     res.status(200).send()
@@ -181,7 +235,7 @@ app.use(allowCorsUnrestricted, (req, res) => {
       .status(404)
       .set('Content-Type', 'application/json')
       .json({
-        message: `The requested route '${req.path}' does not exist. Please check your URL for any misspellings or refer to app.ts`,
+        message: `This is the Compass API, but the requested route '${req.path}' does not exist. Please check your URL for any misspellings, the docs at https://api.compassmeet.com, or simply refer to app.ts on GitHub`,
       })
   }
 })

backend/api/src/compatible-lovers.ts

@@ -1,61 +0,0 @@
-import { groupBy, sortBy } from 'lodash'
-import { APIError, type APIHandler } from 'api/helpers/endpoint'
-import { getCompatibilityScore } from 'common/love/compatibility-score'
-import {
-  getLover,
-  getCompatibilityAnswers,
-  getGenderCompatibleLovers,
-} from 'shared/love/supabase'
-import { log } from 'shared/utils'
-
-export const getCompatibleLoversHandler: APIHandler<
-  'compatible-lovers'
-> = async (props) => {
-  return getCompatibleLovers(props.userId)
-}
-
-export const getCompatibleLovers = async (userId: string) => {
-  const lover = await getLover(userId)
-
-  log('got lover', {
-    id: lover?.id,
-    userId: lover?.user_id,
-    username: lover?.user?.username,
-  })
-
-  if (!lover) throw new APIError(404, 'Lover not found')
-
-  const lovers = await getGenderCompatibleLovers(lover)
-
-  const loverAnswers = await getCompatibilityAnswers([
-    userId,
-    ...lovers.map((l) => l.user_id),
-  ])
-  log('got lover answers ' + loverAnswers.length)
-
-  const answersByUserId = groupBy(loverAnswers, 'creator_id')
-  const loverCompatibilityScores = Object.fromEntries(
-    lovers.map(
-      (l) =>
-        [
-          l.user_id,
-          getCompatibilityScore(
-            answersByUserId[lover.user_id] ?? [],
-            answersByUserId[l.user_id] ?? []
-          ),
-        ] as const
-    )
-  )
-
-  const sortedCompatibleLovers = sortBy(
-    lovers,
-    (l) => loverCompatibilityScores[l.user_id].score
-  ).reverse()
-
-  return {
-    status: 'success',
-    lover,
-    compatibleLovers: sortedCompatibleLovers,
-    loverCompatibilityScores,
-  }
-}

backend/api/src/compatible-profiles.ts

@@ -0,0 +1,61 @@
+import { groupBy, sortBy } from 'lodash'
+import { APIError, type APIHandler } from 'api/helpers/endpoint'
+import { getCompatibilityScore } from 'common/love/compatibility-score'
+import {
+  getProfile,
+  getCompatibilityAnswers,
+  getGenderCompatibleProfiles,
+} from 'shared/love/supabase'
+import { log } from 'shared/utils'
+
+export const getCompatibleProfilesHandler: APIHandler<
+  'compatible-profiles'
+> = async (props) => {
+  return getCompatibleProfiles(props.userId)
+}
+
+export const getCompatibleProfiles = async (userId: string) => {
+  const profile = await getProfile(userId)
+
+  log('got profile', {
+    id: profile?.id,
+    userId: profile?.user_id,
+    username: profile?.user?.username,
+  })
+
+  if (!profile) throw new APIError(404, 'Profile not found')
+
+  const profiles = await getGenderCompatibleProfiles(profile)
+
+  const profileAnswers = await getCompatibilityAnswers([
+    userId,
+    ...profiles.map((l) => l.user_id),
+  ])
+  log('got profile answers ' + profileAnswers.length)
+
+  const answersByUserId = groupBy(profileAnswers, 'creator_id')
+  const profileCompatibilityScores = Object.fromEntries(
+    profiles.map(
+      (l) =>
+        [
+          l.user_id,
+          getCompatibilityScore(
+            answersByUserId[profile.user_id] ?? [],
+            answersByUserId[l.user_id] ?? []
+          ),
+        ] as const
+    )
+  )
+
+  const sortedCompatibleProfiles = sortBy(
+    profiles,
+    (l) => profileCompatibilityScores[l.user_id].score
+  ).reverse()
+
+  return {
+    status: 'success',
+    profile,
+    compatibleProfiles: sortedCompatibleProfiles,
+    profileCompatibilityScores,
+  }
+}

backend/api/src/contact.ts

@@ -0,0 +1,41 @@
+import {APIError, APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {insert} from 'shared/supabase/utils'
+import {tryCatch} from 'common/util/try-catch'
+import {sendDiscordMessage} from "common/discord/core";
+import {jsonToMarkdown} from "common/md";
+
+// Stores a contact message into the `contact` table
+// Web sends TipTap JSON in `content`; we store it as string in `description`.
+// If optional content metadata is provided, we include it; otherwise we fall back to user-centric defaults.
+export const contact: APIHandler<'contact'> = async (
+  {content, userId},
+  _auth
+) => {
+  const pg = createSupabaseDirectClient()
+
+  const {error} = await tryCatch(
+    insert(pg, 'contact', {
+      user_id: userId,
+      content: JSON.stringify(content),
+    })
+  )
+
+  if (error) throw new APIError(500, 'Failed to submit contact message')
+
+  const continuation = async () => {
+    try {
+      const md = jsonToMarkdown(content)
+      const message: string = `**New Contact Message**\n${md}`
+      await sendDiscordMessage(message, 'contact')
+    } catch (e) {
+      console.error('Failed to send discord contact', e)
+    }
+  }
+
+  return {
+    success: true,
+    result: {},
+    continue: continuation,
+  }
+}

backend/api/src/create-comment.ts

@@ -32,8 +32,8 @@ export const createComment: APIHandler<'create-comment'> = async (
   if (!onUser) throw new APIError(404, 'User not found')
 
   const pg = createSupabaseDirectClient()
-  const comment = await pg.one<Row<'lover_comments'>>(
-    `insert into lover_comments (user_id, user_name, user_username, user_avatar_url, on_user_id, content, reply_to_comment_id)
+  const comment = await pg.one<Row<'profile_comments'>>(
+    `insert into profile_comments (user_id, user_name, user_username, user_avatar_url, on_user_id, content, reply_to_comment_id)
         values ($1, $2, $3, $4, $5, $6, $7) returning *`,
     [
       creator.id,
@@ -46,7 +46,7 @@ export const createComment: APIHandler<'create-comment'> = async (
     ]
   )
   if (onUser.id !== creator.id)
-    await createNewCommentOnLoverNotification(
+    await createNewCommentOnProfileNotification(
       onUser,
       creator,
       richTextToString(content),
@@ -84,7 +84,7 @@ const validateComment = async (
   return { content, creator }
 }
 
-const createNewCommentOnLoverNotification = async (
+const createNewCommentOnProfileNotification = async (
   onUser: User,
   creator: User,
   sourceText: string,
@@ -104,7 +104,7 @@ const createNewCommentOnLoverNotification = async (
     createdTime: Date.now(),
     isSeen: false,
     sourceId: commentId.toString(),
-    sourceType: 'comment_on_lover',
+    sourceType: 'comment_on_profile',
     sourceUpdateType: 'created',
     sourceUserName: creator.name,
     sourceUserUsername: creator.username,

backend/api/src/create-lover.ts

@@ -1,46 +0,0 @@
-import { APIError, APIHandler } from 'api/helpers/endpoint'
-import { createSupabaseDirectClient } from 'shared/supabase/init'
-import { log, getUser } from 'shared/utils'
-import { HOUR_MS } from 'common/util/time'
-import { removePinnedUrlFromPhotoUrls } from 'shared/love/parse-photos'
-import { track } from 'shared/analytics'
-import { updateUser } from 'shared/supabase/users'
-import { tryCatch } from 'common/util/try-catch'
-import { insert } from 'shared/supabase/utils'
-
-export const createLover: APIHandler<'create-lover'> = async (body, auth) => {
-  const pg = createSupabaseDirectClient()
-
-  const { data: existingUser } = await tryCatch(
-    pg.oneOrNone<{ id: string }>('select id from lovers where user_id = $1', [
-      auth.uid,
-    ])
-  )
-  if (existingUser) {
-    throw new APIError(400, 'User already exists')
-  }
-
-  await removePinnedUrlFromPhotoUrls(body)
-  const user = await getUser(auth.uid)
-  if (!user) throw new APIError(401, 'Your account was not found')
-  if (user.createdTime > Date.now() - HOUR_MS) {
-    // If they just signed up, set their avatar to be their pinned photo
-    updateUser(pg, auth.uid, { avatarUrl: body.pinned_url })
-  }
-
-  console.log('body', body)
-
-  const { data, error } = await tryCatch(
-    insert(pg, 'lovers', { user_id: auth.uid, ...body })
-  )
-
-  if (error) {
-    log.error('Error creating user: ' + error.message)
-    throw new APIError(500, 'Error creating user')
-  }
-
-  log('Created user', data)
-  await track(user.id, 'create lover', { username: user.username })
-
-  return data
-}

backend/api/src/create-profile.ts

@@ -0,0 +1,92 @@
+import { APIError, APIHandler } from 'api/helpers/endpoint'
+import { createSupabaseDirectClient } from 'shared/supabase/init'
+import { log, getUser } from 'shared/utils'
+import { HOUR_MS } from 'common/util/time'
+import { removePinnedUrlFromPhotoUrls } from 'shared/love/parse-photos'
+import { track } from 'shared/analytics'
+import { updateUser } from 'shared/supabase/users'
+import { tryCatch } from 'common/util/try-catch'
+import { insert } from 'shared/supabase/utils'
+import {sendDiscordMessage} from "common/discord/core";
+import {jsonToMarkdown} from "common/md";
+
+export const createProfile: APIHandler<'create-profile'> = async (body, auth) => {
+  const pg = createSupabaseDirectClient()
+
+  const { data: existingUser } = await tryCatch(
+    pg.oneOrNone<{ id: string }>('select id from profiles where user_id = $1', [
+      auth.uid,
+    ])
+  )
+  if (existingUser) {
+    throw new APIError(400, 'User already exists')
+  }
+
+  await removePinnedUrlFromPhotoUrls(body)
+  const user = await getUser(auth.uid)
+  if (!user) throw new APIError(401, 'Your account was not found')
+  if (user.createdTime > Date.now() - HOUR_MS) {
+    // If they just signed up, set their avatar to be their pinned photo
+    updateUser(pg, auth.uid, { avatarUrl: body.pinned_url })
+  }
+
+  console.debug('body', body)
+
+  const { data, error } = await tryCatch(
+    insert(pg, 'profiles', { user_id: auth.uid, ...body })
+  )
+
+  if (error) {
+    log.error('Error creating user: ' + error.message)
+    throw new APIError(500, 'Error creating user')
+  }
+
+  log('Created user', data)
+
+  const continuation = async () => {
+    try {
+      await track(auth.uid, 'create profile', {username: user.username})
+    } catch (e) {
+      console.error('Failed to track create profile', e)
+    }
+    try {
+      let message: string = `[**${user.name}**](https://www.compassmeet.com/${user.username}) just created a profile`
+      if (body.bio) {
+        const bioText = jsonToMarkdown(body.bio)
+        if (bioText) message += `\n${bioText}`
+      }
+      await sendDiscordMessage(message, 'members')
+    } catch (e) {
+      console.error('Failed to send discord new profile', e)
+    }
+    try {
+      const nProfiles = await pg.one<number>(
+        `SELECT count(*) FROM profiles`,
+        [],
+        (r) => Number(r.count)
+      )
+
+      const isMilestone = (n: number) => {
+        return (
+          [15, 20, 30, 40].includes(n) || // early milestones
+          n % 50 === 0
+        )
+      }
+      console.debug(nProfiles, isMilestone(nProfiles))
+      if (isMilestone(nProfiles)) {
+        await sendDiscordMessage(
+          `We just reached **${nProfiles}** total profiles! 🎉`,
+          'general',
+        )
+      }
+
+    } catch (e) {
+      console.error('Failed to send discord user milestone', e)
+    }
+  }
+
+  return {
+    result: data,
+    continue: continuation,
+  }
+}

backend/api/src/create-user.ts

@@ -1,27 +1,26 @@
 import * as admin from 'firebase-admin'
-import { PrivateUser } from 'common/user'
-import { randomString } from 'common/util/random'
-import { cleanDisplayName, cleanUsername } from 'common/util/clean-username'
-import { getIp, track } from 'shared/analytics'
-import { APIError, APIHandler } from './helpers/endpoint'
-import { getDefaultNotificationPreferences } from 'common/user-notification-preferences'
-import { removeUndefinedProps } from 'common/util/object'
-import { generateAvatarUrl } from 'shared/helpers/generate-and-update-avatar-urls'
-import { getStorage } from 'firebase-admin/storage'
-import { DEV_CONFIG } from 'common/envs/dev'
-import { PROD_CONFIG } from 'common/envs/prod'
-import { RESERVED_PATHS } from 'common/envs/constants'
-import { log, isProd, getUser, getUserByUsername } from 'shared/utils'
-import { createSupabaseDirectClient } from 'shared/supabase/init'
-import { insert } from 'shared/supabase/utils'
-import { convertPrivateUser, convertUser } from 'common/supabase/users'
+import {PrivateUser} from 'common/user'
+import {randomString} from 'common/util/random'
+import {cleanDisplayName, cleanUsername} from 'common/util/clean-username'
+import {getIp, track} from 'shared/analytics'
+import {APIError, APIHandler} from './helpers/endpoint'
+import {getDefaultNotificationPreferences} from 'common/user-notification-preferences'
+import {removeUndefinedProps} from 'common/util/object'
+import {generateAvatarUrl} from 'shared/helpers/generate-and-update-avatar-urls'
+import {IS_LOCAL, RESERVED_PATHS} from 'common/envs/constants'
+import {getUser, getUserByUsername, log} from 'shared/utils'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {insert} from 'shared/supabase/utils'
+import {convertPrivateUser, convertUser} from 'common/supabase/users'
+import {getBucket} from "shared/firebase-utils";
+import {sendWelcomeEmail} from "email/functions/helpers";
 
 export const createUser: APIHandler<'create-user'> = async (
   props,
   auth,
   req
 ) => {
-  const { deviceToken: preDeviceToken, adminToken } = props
+  const {deviceToken: preDeviceToken} = props
   const firebaseUser = await admin.auth().getUser(auth.uid)
 
   const testUserAKAEmailPasswordUser =
@@ -52,7 +51,7 @@ export const createUser: APIHandler<'create-user'> = async (
   const rawName = fbUser.displayName || emailName || 'User' + randomString(4)
   const name = cleanDisplayName(rawName)
 
-  const bucket = getStorage().bucket(getStorageBucketId())
+  const bucket = getBucket()
   const avatarUrl = fbUser.photoURL
     ? fbUser.photoURL
     : await generateAvatarUrl(auth.uid, name, bucket)
@@ -63,7 +62,9 @@ export const createUser: APIHandler<'create-user'> = async (
 
   // Check username case-insensitive
   const dupes = await pg.one<number>(
-    `select count(*) from users where username ilike $1`,
+    `select count(*)
+     from users
+     where username ilike $1`,
     [username],
     (r) => r.count
   )
@@ -71,7 +72,7 @@ export const createUser: APIHandler<'create-user'> = async (
   const isReservedName = RESERVED_PATHS.includes(username)
   if (usernameExists || isReservedName) username += randomString(4)
 
-  const { user, privateUser } = await pg.tx(async (tx) => {
+  const {user, privateUser} = await pg.tx(async (tx) => {
     const preexistingUser = await getUser(auth.uid, tx)
     if (preexistingUser)
       throw new APIError(403, 'User already exists', {
@@ -81,13 +82,13 @@ export const createUser: APIHandler<'create-user'> = async (
     // Check exact username to avoid problems with duplicate requests
     const sameNameUser = await getUserByUsername(username, tx)
     if (sameNameUser)
-      throw new APIError(403, 'Username already taken', { username })
+      throw new APIError(403, 'Username already taken', {username})
 
     const user = removeUndefinedProps({
       avatarUrl,
       isBannedFromPosting: Boolean(
         (deviceToken && bannedDeviceTokens.includes(deviceToken)) ||
-          (ip && bannedIpAddresses.includes(ip))
+        (ip && bannedIpAddresses.includes(ip))
       ),
       link: {},
     })
@@ -120,10 +121,19 @@ export const createUser: APIHandler<'create-user'> = async (
     }
   })
 
-  log('created user ', { username: user.username, firebaseId: auth.uid })
+  log('created user ', {username: user.username, firebaseId: auth.uid})
 
   const continuation = async () => {
-    await track(auth.uid, 'create lover', { username: user.username })
+    try {
+      await track(auth.uid, 'create profile', {username: user.username})
+    } catch (e) {
+      console.error('Failed to track create profile', e)
+    }
+    try {
+      if (!IS_LOCAL) await sendWelcomeEmail(user, privateUser)
+    } catch (e) {
+      console.error('Failed to sendWelcomeEmail', e)
+    }
   }
 
   return {
@@ -135,12 +145,6 @@ export const createUser: APIHandler<'create-user'> = async (
   }
 }
 
-function getStorageBucketId() {
-  return isProd()
-    ? PROD_CONFIG.firebaseConfig.storageBucket
-    : DEV_CONFIG.firebaseConfig.storageBucket
-}
-
 // Automatically ban users with these device tokens or ip addresses.
 const bannedDeviceTokens = [
   'fa807d664415',

backend/api/src/create-vote.ts

@@ -0,0 +1,27 @@
+import { createSupabaseDirectClient } from 'shared/supabase/init'
+import { getUser } from 'shared/utils'
+import { APIHandler, APIError } from './helpers/endpoint'
+import { insert } from 'shared/supabase/utils'
+import { tryCatch } from 'common/util/try-catch'
+
+export const createVote: APIHandler<
+  'create-vote'
+> = async ({ title, description, isAnonymous }, auth) => {
+  const creator = await getUser(auth.uid)
+  if (!creator) throw new APIError(401, 'Your account was not found')
+
+  const pg = createSupabaseDirectClient()
+
+  const { data, error } = await tryCatch(
+    insert(pg, 'votes', {
+      creator_id: creator.id,
+      title,
+      description,
+      is_anonymous: isAnonymous,
+    })
+  )
+
+  if (error) throw new APIError(401, 'Error creating question')
+
+  return { data }
+}

backend/api/src/delete-me.ts

@@ -1,11 +1,11 @@
-import { getUser } from 'shared/utils'
-import { APIError, APIHandler } from './helpers/endpoint'
-import { updatePrivateUser, updateUser } from 'shared/supabase/users'
-import { createSupabaseDirectClient } from 'shared/supabase/init'
-import { FieldVal } from 'shared/supabase/utils'
+import {getUser} from 'shared/utils'
+import {APIError, APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import * as admin from "firebase-admin";
+import {deleteUserFiles} from "shared/firebase-utils";
 
 export const deleteMe: APIHandler<'me/delete'> = async (body, auth) => {
-  const { username } = body
+  const {username} = body
   const user = await getUser(auth.uid)
   if (!user) {
     throw new APIError(401, 'Your account was not found')
@@ -16,13 +16,29 @@ export const deleteMe: APIHandler<'me/delete'> = async (body, auth) => {
       `Incorrect username. You are logged in as ${user.username}. Are you sure you want to delete this account?`
     )
   }
+  const userId = user.id
+  if (!userId) {
+    throw new APIError(400, 'Invalid user ID')
+  }
 
+  // Remove user data from Supabase
   const pg = createSupabaseDirectClient()
-  await updateUser(pg, auth.uid, {
-    userDeleted: true,
-    isBannedFromPosting: true,
-  })
-  await updatePrivateUser(pg, auth.uid, {
-    email: FieldVal.delete(),
-  })
+  await pg.none('DELETE FROM users WHERE id = $1', [userId])
+  await pg.none('DELETE FROM private_users WHERE id = $1', [userId])
+  await pg.none('DELETE FROM profiles WHERE user_id = $1', [userId])
+  await pg.none('DELETE FROM bookmarked_searches WHERE creator_id = $1', [userId])
+  await pg.none('DELETE FROM love_compatibility_answers WHERE creator_id = $1', [userId])
+  // May need to also delete from other tables in the future (such as messages, compatibility responses, etc.)
+
+  // Delete user files from Firebase Storage
+  await deleteUserFiles(user.username)
+
+  // Remove user from Firebase Auth
+  try {
+    const auth = admin.auth()
+    await auth.deleteUser(userId)
+    console.debug(`Deleted user ${userId} from Firebase Auth and Supabase`)
+  } catch (e) {
+    console.error('Error deleting user from Firebase Auth:', e)
+  }
 }

backend/api/src/get-compatibililty-questions.ts

@@ -2,6 +2,15 @@ import { type APIHandler } from 'api/helpers/endpoint'
 import { createSupabaseDirectClient } from 'shared/supabase/init'
 import { Row } from 'common/supabase/utils'
 
+export function shuffle<T>(array: T[]): T[] {
+  const arr = [...array]; // copy to avoid mutating the original
+  for (let i = arr.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [arr[i], arr[j]] = [arr[j], arr[i]];
+  }
+  return arr;
+}
+
 export const getCompatibilityQuestions: APIHandler<
   'get-compatibility-questions'
 > = async (_props, _auth) => {
@@ -22,17 +31,18 @@ export const getCompatibilityQuestions: APIHandler<
         love_questions.answer_type = 'compatibility_multiple_choice'
     GROUP BY 
         love_questions.id
-    ORDER BY 
-        score DESC
+    ORDER BY
+         love_questions.importance_score
     `,
     []
   )
 
-  if (false)
-    console.log(
-      'got questions',
-      questions.map((q) => q.question + ' ' + q.score)
-    )
+  // const questions = shuffle(dbQuestions)
+
+  // console.debug(
+  //   'got questions',
+  //   questions.map((q) => q.question + ' ' + q.score)
+  // )
 
   return {
     status: 'success',

backend/api/src/get-likes-and-ships.ts

@@ -22,11 +22,11 @@ export const getLikesAndShipsMain = async (userId: string) => {
     `
       select target_id, love_likes.created_time
       from love_likes
-      join lovers on lovers.user_id = love_likes.target_id
+      join profiles on profiles.user_id = love_likes.target_id
       join users on users.id = love_likes.target_id
       where creator_id = $1
         and looking_for_matches
-        and lovers.pinned_url is not null
+        and profiles.pinned_url is not null
         and (data->>'isBannedFromPosting' != 'true' or data->>'isBannedFromPosting' is null)
       order by created_time desc
     `,
@@ -44,11 +44,11 @@ export const getLikesAndShipsMain = async (userId: string) => {
     `
       select creator_id, love_likes.created_time
       from love_likes
-      join lovers on lovers.user_id = love_likes.creator_id
+      join profiles on profiles.user_id = love_likes.creator_id
       join users on users.id = love_likes.creator_id
       where target_id = $1
         and looking_for_matches
-        and lovers.pinned_url is not null
+        and profiles.pinned_url is not null
         and (data->>'isBannedFromPosting' != 'true' or data->>'isBannedFromPosting' is null)
       order by created_time desc
     `,
@@ -71,11 +71,11 @@ export const getLikesAndShipsMain = async (userId: string) => {
       target1_id, target2_id, creator_id, love_ships.created_time,
       target1_id as target_id
     from love_ships
-    join lovers on lovers.user_id = love_ships.target1_id
+    join profiles on profiles.user_id = love_ships.target1_id
     join users on users.id = love_ships.target1_id
     where target2_id = $1
-      and lovers.looking_for_matches
-      and lovers.pinned_url is not null
+      and profiles.looking_for_matches
+      and profiles.pinned_url is not null
       and (users.data->>'isBannedFromPosting' != 'true' or users.data->>'isBannedFromPosting' is null)
 
     union all
@@ -84,11 +84,11 @@ export const getLikesAndShipsMain = async (userId: string) => {
       target1_id, target2_id, creator_id, love_ships.created_time,
       target2_id as target_id
     from love_ships
-    join lovers on lovers.user_id = love_ships.target2_id
+    join profiles on profiles.user_id = love_ships.target2_id
     join users on users.id = love_ships.target2_id
     where target1_id = $1
-      and lovers.looking_for_matches
-      and lovers.pinned_url is not null
+      and profiles.looking_for_matches
+      and profiles.pinned_url is not null
       and (users.data->>'isBannedFromPosting' != 'true' or users.data->>'isBannedFromPosting' is null)
     `,
     [userId],

backend/api/src/get-lovers.ts

@@ -1,134 +0,0 @@
-import { type APIHandler } from 'api/helpers/endpoint'
-import { convertRow } from 'shared/love/supabase'
-import { createSupabaseDirectClient } from 'shared/supabase/init'
-import {
-  from,
-  join,
-  limit,
-  orderBy,
-  renderSql,
-  select,
-  where,
-} from 'shared/supabase/sql-builder'
-import { getCompatibleLovers } from 'api/compatible-lovers'
-import { intersection } from 'lodash'
-
-export const getLovers: APIHandler<'get-lovers'> = async (props, _auth) => {
-  const pg = createSupabaseDirectClient()
-  const {
-    limit: limitParam,
-    after,
-    name,
-    genders,
-    pref_gender,
-    pref_age_min,
-    pref_age_max,
-    pref_relation_styles,
-    wants_kids_strength,
-    has_kids,
-    is_smoker,
-    geodbCityIds,
-    compatibleWithUserId,
-    orderBy: orderByParam,
-  } = props
-
-  // compatibility. TODO: do this in sql
-  if (orderByParam === 'compatibility_score') {
-    if (!compatibleWithUserId) return { status: 'fail', lovers: [] }
-
-    const { compatibleLovers } = await getCompatibleLovers(compatibleWithUserId)
-    const lovers = compatibleLovers.filter(
-      (l) =>
-        (!name || l.user.name.toLowerCase().includes(name.toLowerCase())) &&
-        (!genders || genders.includes(l.gender)) &&
-        (!pref_gender || intersection(pref_gender, l.pref_gender).length) &&
-        (!pref_age_min || l.age >= pref_age_min) &&
-        (!pref_age_max || l.age <= pref_age_max) &&
-        (!pref_relation_styles ||
-          intersection(pref_relation_styles, l.pref_relation_styles).length) &&
-        (!wants_kids_strength ||
-          wants_kids_strength == -1 ||
-          (wants_kids_strength >= 2
-            ? l.wants_kids_strength >= wants_kids_strength
-            : l.wants_kids_strength <= wants_kids_strength)) &&
-        (has_kids == undefined ||
-          has_kids == -1 ||
-          (has_kids == 0 && !l.has_kids) ||
-          (l.has_kids && l.has_kids > 0)) &&
-        (!is_smoker || l.is_smoker === is_smoker) &&
-        (!geodbCityIds ||
-          (l.geodb_city_id && geodbCityIds.includes(l.geodb_city_id)))
-    )
-
-    const cursor = after
-      ? lovers.findIndex((l) => l.id.toString() === after) + 1
-      : 0
-    console.log(cursor)
-
-    return {
-      status: 'success',
-      lovers: lovers.slice(cursor, cursor + limitParam),
-    }
-  }
-
-  const query = renderSql(
-    select('lovers.*, name, username, users.data as user'),
-    from('lovers'),
-    join('users on users.id = lovers.user_id'),
-    where('looking_for_matches = true'),
-    // where(`pinned_url is not null and pinned_url != ''`),
-    where(
-      `(data->>'isBannedFromPosting' != 'true' or data->>'isBannedFromPosting' is null)`
-    ),
-    where(`data->>'userDeleted' != 'true' or data->>'userDeleted' is null`),
-
-    name &&
-      where(`lower(users.name) ilike '%' || lower($(name)) || '%'`, { name }),
-
-    genders?.length && where(`gender = ANY($(gender))`, { gender: genders }),
-
-    pref_gender?.length &&
-      where(`pref_gender && $(pref_gender)`, { pref_gender }),
-
-    pref_age_min !== undefined &&
-      where(`age >= $(pref_age_min)`, { pref_age_min }),
-
-    pref_age_max !== undefined &&
-      where(`age <= $(pref_age_max)`, { pref_age_max }),
-
-    pref_relation_styles?.length &&
-      where(`pref_relation_styles && $(pref_relation_styles)`, {
-        pref_relation_styles,
-      }),
-
-    wants_kids_strength !== undefined &&
-      wants_kids_strength !== -1 &&
-      where(
-        wants_kids_strength >= 2
-          ? `wants_kids_strength >= $(wants_kids_strength)`
-          : `wants_kids_strength <= $(wants_kids_strength)`,
-        { wants_kids_strength }
-      ),
-
-    has_kids === 0 && where(`has_kids IS NULL OR has_kids = 0`),
-    has_kids && has_kids > 0 && where(`has_kids > 0`),
-
-    is_smoker !== undefined && where(`is_smoker = $(is_smoker)`, { is_smoker }),
-
-    geodbCityIds?.length &&
-      where(`geodb_city_id = ANY($(geodbCityIds))`, { geodbCityIds }),
-
-    orderBy(`${orderByParam} desc`),
-    after &&
-      where(
-        `lovers.${orderByParam} < (select lovers.${orderByParam} from lovers where id = $(after))`,
-        { after }
-      ),
-
-    limit(limitParam)
-  )
-
-  const lovers = await pg.map(query, [], convertRow)
-
-  return { status: 'success', lovers: lovers }
-}

backend/api/src/get-messages-count.ts

@@ -0,0 +1,18 @@
+import {APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from "shared/supabase/init";
+
+export const getMessagesCount: APIHandler<'get-messages-count'> = async (_, auth) => {
+  const pg = createSupabaseDirectClient()
+  const result = await pg.one(
+    `
+        SELECT COUNT(*) AS count
+        FROM private_user_messages;
+    `,
+    []
+  );
+  const count = Number(result.count);
+  console.debug('private_user_messages count:', count);
+  return {
+    count: count,
+  }
+}

backend/api/src/get-profile-answers.ts

@@ -2,7 +2,7 @@ import { type APIHandler } from 'api/helpers/endpoint'
 import { createSupabaseDirectClient } from 'shared/supabase/init'
 import { Row } from 'common/supabase/utils'
 
-export const getLoverAnswers: APIHandler<'get-lover-answers'> = async (
+export const getProfileAnswers: APIHandler<'get-profile-answers'> = async (
   props,
   _auth
 ) => {

backend/api/src/get-profiles.ts

@@ -0,0 +1,225 @@
+import {type APIHandler} from 'api/helpers/endpoint'
+import {convertRow} from 'shared/love/supabase'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {from, join, leftJoin, limit, orderBy, renderSql, select, where,} from 'shared/supabase/sql-builder'
+import {getCompatibleProfiles} from 'api/compatible-profiles'
+import {intersection} from 'lodash'
+import {MAX_INT, MIN_BIO_LENGTH, MIN_INT} from "common/constants";
+
+export type profileQueryType = {
+  limit?: number | undefined,
+  after?: string | undefined,
+  // Search and filter parameters
+  name?: string | undefined,
+  genders?: String[] | undefined,
+  pref_gender?: String[] | undefined,
+  pref_age_min?: number | undefined,
+  pref_age_max?: number | undefined,
+  pref_relation_styles?: String[] | undefined,
+  pref_romantic_styles?: String[] | undefined,
+  wants_kids_strength?: number | undefined,
+  has_kids?: number | undefined,
+  is_smoker?: boolean | undefined,
+  shortBio?: boolean | undefined,
+  geodbCityIds?: String[] | undefined,
+  lat?: number | undefined,
+  lon?: number | undefined,
+  radius?: number | undefined,
+  compatibleWithUserId?: string | undefined,
+  skipId?: string | undefined,
+  orderBy?: string | undefined,
+  lastModificationWithin?: string | undefined,
+}
+
+const userActivityColumns = ['last_online_time']
+
+
+export const loadProfiles = async (props: profileQueryType) => {
+  const pg = createSupabaseDirectClient()
+  console.debug(props)
+  const {
+    limit: limitParam,
+    after,
+    name,
+    genders,
+    pref_gender,
+    pref_age_min,
+    pref_age_max,
+    pref_relation_styles,
+    pref_romantic_styles,
+    wants_kids_strength,
+    has_kids,
+    is_smoker,
+    shortBio,
+    geodbCityIds,
+    lat,
+    lon,
+    radius,
+    compatibleWithUserId,
+    orderBy: orderByParam = 'created_time',
+    lastModificationWithin,
+    skipId,
+  } = props
+
+  const filterLocation = lat && lon && radius
+
+  const keywords = name ? name.split(",").map(q => q.trim()).filter(Boolean) : []
+  // console.debug('keywords:', keywords)
+
+  // compatibility. TODO: do this in sql
+  if (orderByParam === 'compatibility_score') {
+    if (!compatibleWithUserId) {
+      console.error('Incompatible with user ID')
+      throw Error('Incompatible with user ID')
+    }
+
+    const {compatibleProfiles} = await getCompatibleProfiles(compatibleWithUserId)
+    const profiles = compatibleProfiles.filter(
+      (l) =>
+        (!name || l.user.name.toLowerCase().includes(name.toLowerCase())) &&
+        (!genders || genders.includes(l.gender)) &&
+        (!pref_gender || intersection(pref_gender, l.pref_gender).length) &&
+        (!pref_age_min || (l.age ?? MAX_INT) >= pref_age_min) &&
+        (!pref_age_max || (l.age ?? MIN_INT) <= pref_age_max) &&
+        (!pref_relation_styles ||
+          intersection(pref_relation_styles, l.pref_relation_styles).length) &&
+        (!pref_romantic_styles ||
+          intersection(pref_romantic_styles, l.pref_romantic_styles).length) &&
+        (!wants_kids_strength ||
+          wants_kids_strength == -1 ||
+          (wants_kids_strength >= 2
+            ? l.wants_kids_strength >= wants_kids_strength
+            : l.wants_kids_strength <= wants_kids_strength)) &&
+        (has_kids == undefined ||
+          has_kids == -1 ||
+          (has_kids == 0 && !l.has_kids) ||
+          (l.has_kids && l.has_kids > 0)) &&
+        (!is_smoker || l.is_smoker === is_smoker) &&
+        (l.id.toString() != skipId) &&
+        (!geodbCityIds ||
+          (l.geodb_city_id && geodbCityIds.includes(l.geodb_city_id))) &&
+        (!filterLocation ||(
+          l.city_latitude && l.city_longitude &&
+          Math.abs(l.city_latitude - lat) < radius / 69.0 &&
+          Math.abs(l.city_longitude - lon) < radius / (69.0 * Math.cos(lat * Math.PI / 180)) &&
+          Math.pow(l.city_latitude - lat, 2) + Math.pow((l.city_longitude - lon) * Math.cos(lat * Math.PI / 180), 2) < Math.pow(radius / 69.0, 2)
+          )) &&
+        (shortBio || (l.bio_length ?? 0) >= MIN_BIO_LENGTH)
+    )
+
+    const cursor = after
+      ? profiles.findIndex((l) => l.id.toString() === after) + 1
+      : 0
+    console.debug(cursor)
+
+    if (limitParam) return profiles.slice(cursor, cursor + limitParam)
+
+    return profiles
+  }
+
+  const tablePrefix = userActivityColumns.includes(orderByParam) ? 'user_activity' : 'profiles'
+  const userActivityJoin = 'user_activity on user_activity.user_id = profiles.user_id'
+
+  const query = renderSql(
+    select('profiles.*, name, username, users.data as user, user_activity.last_online_time'),
+    from('profiles'),
+    join('users on users.id = profiles.user_id'),
+    leftJoin(userActivityJoin),
+    where('looking_for_matches = true'),
+    // where(`pinned_url is not null and pinned_url != ''`),
+    where(
+      `(data->>'isBannedFromPosting' != 'true' or data->>'isBannedFromPosting' is null)`
+    ),
+    where(`data->>'userDeleted' != 'true' or data->>'userDeleted' is null`),
+
+    ...keywords.map(word => where(
+      `lower(users.name) ilike '%' || lower($(word)) || '%' or lower(bio::text) ilike '%' || lower($(word)) || '%' or bio_tsv @@ phraseto_tsquery('english', $(word))`,
+      {word}
+    )),
+
+    genders?.length && where(`gender = ANY($(gender))`, {gender: genders}),
+
+    pref_gender?.length &&
+    where(`pref_gender && $(pref_gender)`, {pref_gender}),
+
+    pref_age_min &&
+    where(`age >= $(pref_age_min) or age is null`, {pref_age_min}),
+
+    pref_age_max &&
+    where(`age <= $(pref_age_max) or age is null`, {pref_age_max}),
+
+    pref_relation_styles?.length &&
+    where(
+      `pref_relation_styles IS NULL OR pref_relation_styles = '{}' OR pref_relation_styles && $(pref_relation_styles)`,
+      {pref_relation_styles}
+    ),
+
+    pref_romantic_styles?.length &&
+    where(
+      `pref_romantic_styles IS NULL OR pref_romantic_styles = '{}' OR pref_romantic_styles && $(pref_romantic_styles)`,
+      {pref_romantic_styles}
+    ),
+
+    !!wants_kids_strength &&
+    wants_kids_strength !== -1 &&
+    where(
+      wants_kids_strength >= 2
+        ? `wants_kids_strength >= $(wants_kids_strength)`
+        : `wants_kids_strength <= $(wants_kids_strength)`,
+      {wants_kids_strength}
+    ),
+
+    has_kids === 0 && where(`has_kids IS NULL OR has_kids = 0`),
+    has_kids && has_kids > 0 && where(`has_kids > 0`),
+
+    is_smoker !== undefined && where(`is_smoker = $(is_smoker)`, {is_smoker}),
+
+    geodbCityIds?.length &&
+    where(`geodb_city_id = ANY($(geodbCityIds))`, {geodbCityIds}),
+
+    // miles par degree of lat: earth's radius (3950 miles) * pi / 180 = 69.0
+    filterLocation && where(`
+      city_latitude BETWEEN $(target_lat) - ($(radius) / 69.0)
+           AND $(target_lat) + ($(radius) / 69.0)
+      AND city_longitude BETWEEN $(target_lon) - ($(radius) / (69.0 * COS(RADIANS($(target_lat)))))
+           AND $(target_lon) + ($(radius) / (69.0 * COS(RADIANS($(target_lat)))))
+      AND SQRT(
+            POWER(city_latitude - $(target_lat), 2)
+          + POWER((city_longitude - $(target_lon)) * COS(RADIANS($(target_lat))), 2)
+          ) <= $(radius) / 69.0
+      `, {target_lat: lat, target_lon: lon, radius}),
+
+    skipId && where(`profiles.user_id != $(skipId)`, {skipId}),
+
+    orderBy(`${tablePrefix}.${orderByParam} DESC`),
+    after &&
+    where(
+      `${tablePrefix}.${orderByParam} < (
+      SELECT ${tablePrefix}.${orderByParam}
+      FROM profiles
+      LEFT JOIN ${userActivityJoin}
+      WHERE profiles.id = $(after)
+    )`,
+      {after}
+    ),
+
+    !shortBio && where(`bio_length >= ${MIN_BIO_LENGTH}`, {MIN_BIO_LENGTH}),
+
+    lastModificationWithin && where(`last_modification_time >= NOW() - INTERVAL $(lastModificationWithin)`, {lastModificationWithin}),
+
+    limitParam && limit(limitParam)
+  )
+
+  // console.debug('query:', query)
+
+  return await pg.map(query, [], convertRow)
+}
+
+export const getProfiles: APIHandler<'get-profiles'> = async (props, _auth) => {
+  try {
+    const profiles = await loadProfiles(props)
+    return {status: 'success', profiles: profiles}
+  } catch {
+    return {status: 'fail', profiles: []}
+  }
+}

backend/api/src/get-supabase-token.ts

@@ -1,8 +1,6 @@
-import { sign } from 'jsonwebtoken'
-import { APIError, APIHandler } from './helpers/endpoint'
-import { DEV_CONFIG } from 'common/envs/dev'
-import { PROD_CONFIG } from 'common/envs/prod'
-import { isProd } from 'shared/utils'
+import {sign} from 'jsonwebtoken'
+import {APIError, APIHandler} from './helpers/endpoint'
+import {ENV_CONFIG} from "common/envs/constants";
 
 export const getSupabaseToken: APIHandler<'get-supabase-token'> = async (
   _,
@@ -12,21 +10,17 @@ export const getSupabaseToken: APIHandler<'get-supabase-token'> = async (
   if (jwtSecret == null) {
     throw new APIError(500, "No SUPABASE_JWT_SECRET; couldn't sign token.")
   }
-  const instanceId = isProd()
-    ? PROD_CONFIG.supabaseInstanceId
-    : DEV_CONFIG.supabaseInstanceId
+  const instanceId = ENV_CONFIG.supabaseInstanceId
   if (!instanceId) {
     throw new APIError(500, 'No Supabase instance ID in config.')
   }
-  const payload = { role: 'anon' } // postgres role
+  const payload = {role: 'anon'} // postgres role
   return {
     jwt: sign(payload, jwtSecret, {
       algorithm: 'HS256', // same as what supabase uses for its auth tokens
       expiresIn: '1d',
       audience: instanceId,
-      issuer: isProd()
-        ? PROD_CONFIG.firebaseConfig.projectId
-        : DEV_CONFIG.firebaseConfig.projectId,
+      issuer: ENV_CONFIG.firebaseConfig.projectId,
       subject: auth.uid,
     }),
   }

backend/api/src/helpers/endpoint.ts

@@ -1,35 +1,29 @@
 import * as admin from 'firebase-admin'
-import { z } from 'zod'
-import { Request, Response, NextFunction } from 'express'
+import {z} from 'zod'
+import {NextFunction, Request, Response} from 'express'
 
-import { PrivateUser } from 'common/user'
-import { APIError } from 'common/api/utils'
-export { APIError } from 'common/api/utils'
-import {
-  API,
-  APIPath,
-  APIResponseOptionalContinue,
-  APISchema,
-  ValidatedAPIParams,
-} from 'common/api/schema'
-import { log } from 'shared/utils'
-import { getPrivateUserByKey } from 'shared/utils'
+import {PrivateUser} from 'common/user'
+import {APIError} from 'common/api/utils'
+import {API, APIPath, APIResponseOptionalContinue, APISchema, ValidatedAPIParams,} from 'common/api/schema'
+import {getPrivateUserByKey, log} from 'shared/utils'
 
-export type Json = Record<string, unknown> | Json[]
-export type JsonHandler<T extends Json> = (
-  req: Request,
-  res: Response
-) => Promise<T>
-export type AuthedHandler<T extends Json> = (
-  req: Request,
-  user: AuthedUser,
-  res: Response
-) => Promise<T>
-export type MaybeAuthedHandler<T extends Json> = (
-  req: Request,
-  user: AuthedUser | undefined,
-  res: Response
-) => Promise<T>
+export {APIError} from 'common/api/utils'
+
+// export type Json = Record<string, unknown> | Json[]
+// export type JsonHandler<T extends Json> = (
+//   req: Request,
+//   res: Response
+// ) => Promise<T>
+// export type AuthedHandler<T extends Json> = (
+//   req: Request,
+//   user: AuthedUser,
+//   res: Response
+// ) => Promise<T>
+// export type MaybeAuthedHandler<T extends Json> = (
+//   req: Request,
+//   user: AuthedUser | undefined,
+//   res: Response
+// ) => Promise<T>
 
 export type AuthedUser = {
   uid: string
@@ -39,6 +33,29 @@ type JwtCredentials = { kind: 'jwt'; data: admin.auth.DecodedIdToken }
 type KeyCredentials = { kind: 'key'; data: string }
 type Credentials = JwtCredentials | KeyCredentials
 
+// export async function verifyIdToken(payload: string): Promise<DecodedIdToken> {
+// TODO: make local dev work without firebase admin SDK setup.
+// if (IS_LOCAL) {
+//   // Skip real verification locally (to avoid needing to set up admin service account).
+//   return {
+//     aud: "",
+//     auth_time: 0,
+//     email_verified: false,
+//     exp: 0,
+//     firebase: {identities: {}, sign_in_provider: ""},
+//     iat: 0,
+//     iss: "",
+//     phone_number: "",
+//     picture: "",
+//     sub: "",
+//     uid: 'dev-user',
+//     user_id: 'dev-user',
+//     email: 'dev-user@example.com'
+//   };
+// }
+//   return await admin.auth().verifyIdToken(payload);
+// }
+
 export const parseCredentials = async (req: Request): Promise<Credentials> => {
   const auth = admin.auth()
   const authHeader = req.get('Authorization')
@@ -57,14 +74,14 @@ export const parseCredentials = async (req: Request): Promise<Credentials> => {
         throw new APIError(401, 'Firebase JWT payload undefined.')
       }
       try {
-        return { kind: 'jwt', data: await auth.verifyIdToken(payload) }
+        return {kind: 'jwt', data: await auth.verifyIdToken(payload)}
       } catch (err) {
         // This is somewhat suspicious, so get it into the firebase console
         console.error('Error verifying Firebase JWT: ', err, scheme, payload)
         throw new APIError(500, 'Error validating token.')
       }
     case 'Key':
-      return { kind: 'key', data: payload }
+      return {kind: 'key', data: payload}
     default:
       throw new APIError(401, 'Invalid auth scheme; must be "Key" or "Bearer".')
   }
@@ -76,7 +93,7 @@ export const lookupUser = async (creds: Credentials): Promise<AuthedUser> => {
       if (typeof creds.data.user_id !== 'string') {
         throw new APIError(401, 'JWT must contain user ID.')
       }
-      return { uid: creds.data.user_id, creds }
+      return {uid: creds.data.user_id, creds}
     }
     case 'key': {
       const key = creds.data
@@ -84,7 +101,7 @@ export const lookupUser = async (creds: Credentials): Promise<AuthedUser> => {
       if (!privateUser) {
         throw new APIError(401, `No private user exists with API key ${key}.`)
       }
-      return { uid: privateUser.id, creds: { privateUser, ...creds } }
+      return {uid: privateUser.id, creds: {privateUser, ...creds}}
     }
     default:
       throw new APIError(401, 'Invalid credential type.')
@@ -109,45 +126,45 @@ export const validate = <T extends z.ZodTypeAny>(schema: T, val: unknown) => {
   }
 }
 
-export const jsonEndpoint = <T extends Json>(fn: JsonHandler<T>) => {
-  return async (req: Request, res: Response, next: NextFunction) => {
-    try {
-      res.status(200).json(await fn(req, res))
-    } catch (e) {
-      next(e)
-    }
-  }
-}
-
-export const authEndpoint = <T extends Json>(fn: AuthedHandler<T>) => {
-  return async (req: Request, res: Response, next: NextFunction) => {
-    try {
-      const authedUser = await lookupUser(await parseCredentials(req))
-      res.status(200).json(await fn(req, authedUser, res))
-    } catch (e) {
-      next(e)
-    }
-  }
-}
-
-export const MaybeAuthedEndpoint = <T extends Json>(
-  fn: MaybeAuthedHandler<T>
-) => {
-  return async (req: Request, res: Response, next: NextFunction) => {
-    let authUser: AuthedUser | undefined = undefined
-    try {
-      authUser = await lookupUser(await parseCredentials(req))
-    } catch {
-      // it's treated as an anon request
-    }
-
-    try {
-      res.status(200).json(await fn(req, authUser, res))
-    } catch (e) {
-      next(e)
-    }
-  }
-}
+// export const jsonEndpoint = <T extends Json>(fn: JsonHandler<T>) => {
+//   return async (req: Request, res: Response, next: NextFunction) => {
+//     try {
+//       res.status(200).json(await fn(req, res))
+//     } catch (e) {
+//       next(e)
+//     }
+//   }
+// }
+//
+// export const authEndpoint = <T extends Json>(fn: AuthedHandler<T>) => {
+//   return async (req: Request, res: Response, next: NextFunction) => {
+//     try {
+//       const authedUser = await lookupUser(await parseCredentials(req))
+//       res.status(200).json(await fn(req, authedUser, res))
+//     } catch (e) {
+//       next(e)
+//     }
+//   }
+// }
+//
+// export const MaybeAuthedEndpoint = <T extends Json>(
+//   fn: MaybeAuthedHandler<T>
+// ) => {
+//   return async (req: Request, res: Response, next: NextFunction) => {
+//     let authUser: AuthedUser | undefined = undefined
+//     try {
+//       authUser = await lookupUser(await parseCredentials(req))
+//     } catch {
+//       // it's treated as an anon request
+//     }
+//
+//     try {
+//       res.status(200).json(await fn(req, authUser, res))
+//     } catch (e) {
+//       next(e)
+//     }
+//   }
+// }
 
 export type APIHandler<N extends APIPath> = (
   props: ValidatedAPIParams<N>,
@@ -157,11 +174,63 @@ export type APIHandler<N extends APIPath> = (
   req: Request
 ) => Promise<APIResponseOptionalContinue<N>>
 
+// Simple in-memory fixed-window rate limiter keyed by auth uid (or IP if unauthenticated)
+// Not suitable for multi-instance deployments without a shared store, but provides basic protection.
+// Limits are configurable via env:
+//   API_RATE_LIMIT_PER_MIN_AUTHED
+//   API_RATE_LIMIT_PER_MIN_UNAUTHED
+// Endpoints can be exempted by adding their name to RATE_LIMIT_EXEMPT (comma-separated)
+const __rateLimitState: Map<string, { windowStart: number; count: number }> = new Map()
+
+function getRateLimitConfig() {
+  const authed = Number(process.env.API_RATE_LIMIT_PER_MIN_AUTHED ?? 120)
+  const unAuthed = Number(process.env.API_RATE_LIMIT_PER_MIN_UNAUTHED ?? 120)
+  return {authedLimit: authed, unAuthLimit: unAuthed}
+}
+
+function rateLimitKey(name: string, req: Request, auth?: AuthedUser) {
+  if (auth) return `uid:${auth.uid}`
+  // fallback to IP for unauthenticated requests
+  return `ip:${req.ip}`
+}
+
+function checkRateLimit(name: string, req: Request, res: Response, auth?: AuthedUser) {
+  const {authedLimit, unAuthLimit} = getRateLimitConfig()
+
+  const key = rateLimitKey(name, req, auth)
+  const limit = auth ? authedLimit : unAuthLimit
+  const now = Date.now()
+  const windowMs = 60_000
+  const windowStart = Math.floor(now / windowMs) * windowMs
+
+  let state = __rateLimitState.get(key)
+  if (!state || state.windowStart !== windowStart) {
+    state = {windowStart, count: 0}
+    __rateLimitState.set(key, state)
+  }
+  state.count += 1
+
+  const remaining = Math.max(0, limit - state.count)
+  const reset = Math.ceil((state.windowStart + windowMs - now) / 1000)
+
+  // Set standard-ish rate limit headers
+  res.setHeader('X-RateLimit-Limit', String(limit))
+  res.setHeader('X-RateLimit-Remaining', String(Math.max(0, remaining)))
+  res.setHeader('X-RateLimit-Reset', String(reset))
+
+  // console.log(`Rate limit check for ${key} on ${name}: ${state.count}/${limit} (remaining: ${remaining}, resets in ${reset}s)`)
+
+  if (state.count > limit) {
+    res.setHeader('Retry-After', String(reset))
+    throw new APIError(429, 'Too Many Requests: rate limit exceeded.')
+  }
+}
+
 export const typedEndpoint = <N extends APIPath>(
   name: N,
   handler: APIHandler<N>
 ) => {
-  const { props: propSchema, authed: authRequired, method } = API[name]
+  const {props: propSchema, authed: authRequired, rateLimited = false, method} = API[name] as APISchema<N>
 
   return async (req: Request, res: Response, next: NextFunction) => {
     let authUser: AuthedUser | undefined = undefined
@@ -171,6 +240,15 @@ export const typedEndpoint = <N extends APIPath>(
       if (authRequired) return next(e)
     }
 
+    // Apply rate limiting before invoking the handler
+    if (rateLimited) {
+      try {
+        checkRateLimit(String(name), req, res, authUser)
+      } catch (e) {
+        return next(e)
+      }
+    }
+
     const props = {
       ...(method === 'GET' ? req.query : req.body),
       ...req.params,
@@ -195,7 +273,7 @@ export const typedEndpoint = <N extends APIPath>(
         // Convert bigint to number, b/c JSON doesn't support bigint.
         const convertedResult = deepConvertBigIntToNumber(result)
 
-        res.status(200).json(convertedResult ?? { success: true })
+        res.status(200).json(convertedResult ?? {success: true})
       }
 
       if (hasContinue) {

backend/api/src/hide-comment.ts

@@ -10,8 +10,8 @@ export const hideComment: APIHandler<'hide-comment'> = async (
   auth
 ) => {
   const pg = createSupabaseDirectClient()
-  const comment = await pg.oneOrNone<Row<'lover_comments'>>(
-    `select * from lover_comments where id = $1`,
+  const comment = await pg.oneOrNone<Row<'profile_comments'>>(
+    `select * from profile_comments where id = $1`,
     [commentId]
   )
   if (!comment) {
@@ -26,7 +26,7 @@ export const hideComment: APIHandler<'hide-comment'> = async (
     throw new APIError(403, 'You are not allowed to hide this comment')
   }
 
-  await pg.none(`update lover_comments set hidden = $2 where id = $1`, [
+  await pg.none(`update profile_comments set hidden = $2 where id = $1`, [
     commentId,
     hide,
   ])

backend/api/src/junk-drawer/private-messages.ts

@@ -163,7 +163,7 @@ const notifyOtherUserInChannelIfInactive = async (
   // TODO: notification only for active user
 
   const otherUser = await getUser(otherUserId.user_id)
-  console.log('otherUser:', otherUser)
+  console.debug('otherUser:', otherUser)
   if (!otherUser) return
 
   await createNewMessageNotification(creator, otherUser, channelId)
@@ -175,7 +175,7 @@ const createNewMessageNotification = async (
   channelId: number
 ) => {
   const privateUser = await getPrivateUser(toUser.id)
-  console.log('privateUser:', privateUser)
+  console.debug('privateUser:', privateUser)
   if (!privateUser) return
   await sendNewMessageEmail(privateUser, fromUser, toUser, channelId)
 }