Loading workspace insights... Statistics interval
7 days30 daysLatest CI Pipeline Executions
44114b9f feat(discordsh): server directory topsite components + proto/SQL schema (#7423)
* feat(discordsh): server directory topsite components, proto, and SQL schema
Add server browsing UI with category filters, sort options, and vote buttons.
Includes proto schema for DiscordShData service and SQL schema with RLS, vote
cooldown, and denormalized counters in dedicated discordsh schema.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(discordsh): harden SQL schema — service/proxy pattern, RLS lockdown
- Split discordsh_core.sql into discordsh_servers.sql + discordsh_votes.sql
(one file per table, matching mc schema convention)
- Fix categories validator: allow empty arrays (DEFAULT '{}' no longer fails CHECK)
- Fix vote spoofing: service_cast_vote(server_id, user_id) internal only,
proxy_cast_vote(server_id) derives identity from auth.uid()
- Fix role detection: auth.role() instead of current_setting('role')
- Advisory lock in service_cast_vote for vote race safety
- REVOKE EXECUTE from PUBLIC on all SECURITY DEFINER/trigger functions
- ALTER FUNCTION OWNER TO service_role on all functions
- Protect status, is_online, bumped_at from client-side mutation
- Add URL validation (is_safe_url CHECK) on icon_url, banner_url
- Default new submissions to status=2 (pending) instead of status=1
- Comprehensive verification blocks with privilege/ownership assertions
* fix(discordsh): add rate limiting, global REVOKE, and deeper SQL hardening
- Servers: gate INSERT through proxy_submit_server (max 5 pending per user),
freeze owner_id in column protection, reject duplicate categories,
global REVOKE ALL on schema objects
- Votes: add 50-vote/24h daily cap, server_id snowflake validation in proxy,
cooldown error includes remaining time, verify authenticated cannot
INSERT/DELETE directly
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> 9728a7e3 feat(mc): add 10 combat potions, fix evelyn effect IDs, bump pumpkin submodule (#7316)
- Add PotionEffects struct for data-driven per-potion custom effects
- Fix evelyn_potion effect IDs: 6→5 (instant_health), 10→9 (regeneration)
- Add 10 new combat potions: berserker_brew, shadow_veil_elixir,
iron_skin_tonic, phoenix_tears, titan_draft, windwalker_serum,
nightshade_extract, stoneguard_elixir, bloodlust_potion, voidstep_tincture
- Fix particle variants: LavaParticle→Lava, WitchMagic→Witch
- Replace hardcoded potion logic with generic per-potion effect handling
- Add resource pack files: 11 item JSONs, 11 model JSONs, 11 textures (64x64)
- Bump pumpkin submodule to eaff2153 (feat: potion effect application on drink)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>