- gateway proxy: trim trailing slash before forwarding upstream. gin's
RedirectTrailingSlash adds /nodes → /nodes/ while render-svc redirects
/nodes/ → /nodes, forming an infinite redirect loop (admin pages 500'd)
- accept is_admin as bool OR string "true" in render/file/notification/gateway
auth middleware (identity emits it as a string) — admin endpoints were 403'ing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Token auto-refresh (middleware):
- Proactively refresh fr_access when < 120s remain — no more silent 15-min kick
- Inlines /v1/auth/refresh call in middleware, stamps new cookies on response
- /admin/* protected: is_admin JWT claim required, else redirect /dashboard
- apiFetch() (src/lib/api/fetch.ts): client-side 401 → auto-refresh → retry;
de-duplicates concurrent refresh calls; redirects to /auth on failure
Studio → Render V2 wiring:
- scenes[] no longer sent to POST /api/render (V2 render-svc fetches project
from Studio service via saved_project_id directly)
- renderRequestSchema.scenes is now optional
- RenderModal uses apiFetch for auto-refresh on 401 during polling
Admin panel (/admin/*):
- Admin layout: server-side is_admin guard + top nav (Nodes, Render Queue)
- /admin/nodes: lists all nodes from GET /v1/nodes with status badges,
heartbeat age, slot usage, tags; Drain (PATCH status=Draining) + Release actions
- /admin/renders: render job table with step filter tabs; progress bars,
error messages, Retry + Cancel per-row actions; polls GET /v1/renders
- API proxy routes: /api/admin/nodes/:id/drain|release,
/api/admin/renders/:id/retry|cancel — all validate is_admin in JWT before proxying
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
render-svc:
- db.UpdateJobPreview(): writes base64 PNG to render_jobs.image_preview_b64
(only on active jobs; Done/Failed/Cancelled rows ignored)
- POST /v1/internal/render/jobs/:job_id/preview — node agent endpoint
- Route registered under /v1/internal (nodeAuth)
node-agent:
- runner.PreviewFn callback type alongside ProgressFn
- runner.preview.go: GeneratePreviewB64(percent, quality, resolution)
— pure stdlib (image/png + encoding/base64), no external deps
— 320×180 dark frame with animated progress bar + colored indicator dots
- mock render: pushes a preview frame at every step (5→95%)
- real AE render: pushes a preview frame every 30s
- client.UpdatePreview(): POST /v1/internal/render/jobs/:job_id/preview
- main.go: onPreview callback wires client.UpdatePreview() into runner.Run()
frontend:
- render-jobs.ts: RenderJobRow.preview_b64 field; read from progress endpoint
- status/route.ts: previewB64 included in JSON response
- RenderModal: aspect-ratio preview pane during polling — shows spinner until
first frame arrives, then live-updates with each poll (every 3s);
step label overlaid as badge bottom-right
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Frontend build args and runtime env no longer need NEXT_PUBLIC_SUPABASE_URL,
NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, STRIPE_SECRET_KEY,
STRIPE_WEBHOOK_SECRET — all replaced by V2 gateway. .env.v2.example updated to
reflect the current V2-only config.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
V2 render orchestrator (render-svc) + future node-agent Go binary replace
the entire server/ directory. All dead dependencies uninstalled.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- render-jobs.ts: replace Supabase client with V2 gateway calls
POST /v1/renders (saved_project_id + quality + resolution + frame_rate)
GET /v1/renders/:id/progress for status polling
GET /v1/renders/:id + /v1/exports/:id/download-url for completed output URL
triggerRenderWorker is now a no-op (V2 dispatches internally)
- render/route.ts: add getAccessToken() guard, pass token to createRenderJob
- render/[jobId]/status/route.ts: add getAccessToken() guard, pass token to getRenderJob
- Delete src/lib/supabase/, src/lib/supabase.ts — no remaining consumers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/api/checkout now resolves the requested plan (pro|business × monthly|annual)
to a plan GUID via gateway /v1/plans (codes follow pro_monthly / business_annual)
and POSTs /v1/users/me/plan/purchase. The payments service owns the gateway
(ZarinPal/Stripe) and returns redirect_url, which we hand back unchanged.
Removes the orphaned Stripe→Supabase webhook + lib/stripe.ts client: profile
plan reads come from Identity now, so the Supabase profiles upsert loop is dead.
V2 payments has its own gateway callback (skip-auth, payment-callback route).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- dashboard/settings/page.tsx now resolves the current user via getCurrentUser()
(Identity JWT cookie) instead of the Supabase server client; display name comes
from Identity's full_name.
- Remove src/app/auth/callback/route.ts — the Supabase OAuth code-exchange
callback is unreferenced now that auth runs entirely on Identity.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds two authenticated gateway proxies and rewires the settings UI to them:
- POST /api/auth/password → Identity /v1/auth/password/change (server-side
re-validates current password; drops the client-side re-auth round-trip)
- PATCH /api/profile → Identity PATCH /v1/users/me (full_name)
SettingsProfile and SettingsSecurity now fetch these routes instead of the
Supabase browser client.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
getUserProfile now calls the gateway /v1/users/me and /v1/users/me/plan with
the access-token cookie, mapping plan_code → PlanId. Falls back to a free-plan
profile when signed out or Identity is unreachable. Stripe ids drop to null
(V2 billing runs through the payments service). Signature unchanged so the
dashboard plan badge + settings call sites are untouched.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
User-saved projects now read/write through the gateway /v1/saved-projects
(studio schema) using the Identity access-token cookie, replacing the
Supabase `projects` table. Adds src/lib/api/saved-projects.ts client that
maps studio snake_case DTOs into the existing DashboardProject shape.
- DashboardProjectsContent: lists via studio service, degrades gracefully
- /api/projects GET: studio list; POST: copy-from-template create
(studio requires original_project_id; falls back to scene_data.templateId)
- /api/projects/[projectId] GET/PATCH: proxy to studio with JWT
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Nexus npm-group proxy intermittently returns 500s / corrupted
tarballs while back-filling its cache. Wrap npm ci in a 5-attempt retry
loop with raised fetch-retry budget so successive passes converge.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
next build runs ESLint (stricter than tsc --noEmit), which failed on the
unused `type` param in fetchCategories with no-unused-vars, breaking the
frontend production build. Reference it via `void type;` while keeping
the signature for API compatibility.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Idempotent SQL seed (deterministic UUIDs, ON CONFLICT DO NOTHING) that
inserts 4 categories and 8 published template containers linked to them,
so the public site shows real data through the gateway /v1/* routes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
src/lib/admin-api.ts now reads categories/templates/projects from the
V2 content service via the gateway (/v1/*) instead of the legacy
admin-api (:5000). Maps V2 snake_case DTOs (CategoryResponse tree,
PagedResponse<ContainerSummaryResponse>) into the existing camelCase
AdminCategory/AdminProject shapes, so call sites are unchanged and the
hardcoded fallback still applies when the gateway is unreachable.
V2 containers are video templates (primary_mode is a render mode, not a
type), so all map to type "video". Query params use camelCase
(pageSize/isPublished) since .NET binds query strings by property name,
not the snake_case used in response bodies.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
PlansController had a class-level [Authorize] that gated the public
plans list, contradicting the gateway's optionalAuth on /plans. Mark
List/GetById [AllowAnonymous] and resolve tenant optionally so
anonymous callers receive global plans (purchase/current-plan stay
authenticated).
Frontend container stayed "unhealthy" because busybox wget resolves
localhost to IPv6 [::1] while the Next.js standalone server binds
IPv4 only. Use 127.0.0.1 in the healthcheck.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.
Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.
Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).
Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add videoMaker + imageMaker namespace to en.json and fa.json
(hero, features x5, use-cases x4, CTA per section)
- Pricing.tsx: replace hardcoded heading with t('pricing.heading')
- VideoMakerHero/Features/UseCases/Cta: full useTranslations wiring
- ImageMakerHero/Features/UseCases/Cta: full useTranslations wiring
- Features/UseCases arrays moved inside components; icons kept as
module-level constants to avoid per-render allocation
soroush.asadi