Skip to content

feat: community post/comment/reply reactions#810

Open
clbotdev wants to merge 7 commits into
mainfrom
feat/community-reactions
Open

feat: community post/comment/reply reactions#810
clbotdev wants to merge 7 commits into
mainfrom
feat/community-reactions

Conversation

@clbotdev

@clbotdev clbotdev commented Jun 20, 2026

Copy link
Copy Markdown
Collaborator

Closes #809 and #535

Part 1: Community Reactions (Closes #809)

Evolve the community post/comment/reply like system to support multiple emoji reactions.

Backend

  • New CommunityReaction type in common-models
  • Updated CommunityPost, CommunityComment, CommunityCommentReply to include reactions
  • New GraphQL mutations for toggling reactions
  • Migration script to convert existing likes to reactions format

Frontend

  • New emoji-picker and reactions-bar components
  • Updated post-card and comment with reactions bar

Part 2: Webhook Signature Verification (Closes #535)

Implements webhook signature verification for all three payment processors.

Changes

  • Stripe: Uses stripe.webhooks.constructEvent() with stripeWebhookSecret
  • Razorpay: HMAC-SHA256 with timingSafeEqual for x-razorpay-signature
  • LemonSqueezy: HMAC-SHA256 with timingSafeEqual for x-signature
  • Webhook route: reads raw body via req.text(), forwards signature headers
  • Updated Payment interface verify() signature
  • Added stripeWebhookSecret to SiteInfo/SettingsSchema

Verification

  • All 712 tests pass (84 suites)
  • TypeScript compilation clean, lint clean, prettier clean

Ubuntu added 6 commits June 20, 2026 14:22
…ay & LemonSqueezy

- Stripe: Uses stripe.webhooks.constructEvent() with webhookSecret to verify
  signatures and validate checkout.session.completed / invoice.paid events.
- Razorpay: Uses HMAC-SHA256 with timingSafeEqual for signature validation
  on order.paid and subscription.charged events.
- LemonSqueezy: Uses HMAC-SHA256 with timingSafeEqual for x-signature
  validation on order_created (one_time), subscription_payment_success,
  and subscription_resumed events.
- Webhook route: Reads raw body via req.text() and forwards signature
  headers to paymentMethod.verify().
- Payment interface: Updated verify() signature to accept rawBody and headers.
- DB schema: Added stripeWebhookSecret to SiteInfo/SettingsSchema.
- Fixed TypeScript type errors with Uint8Array wrapping for
  crypto.timingSafeEqual calls.
- Cleaned pre-existing unused import lint errors in comment.tsx and
  post-card.tsx.
@clbotdev clbotdev changed the title feat: community post/comment/reply reactions (#809) feat: community post/comment/reply reactions + Fix #535: Webhook signature verification Jul 7, 2026
…, Razorpay & LemonSqueezy"

This reverts commit 57b3da2.
import { CommunityMedia, CommunityPost } from "@courselit/common-models";
import { capitalize, truncate } from "@courselit/utils";
import { MessageSquare, Pin, ThumbsUp } from "lucide-react";
import { MessageSquare, Pin } from "lucide-react";
@rajat1saxena rajat1saxena changed the title feat: community post/comment/reply reactions + Fix #535: Webhook signature verification feat: community post/comment/reply reactions Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Community post/comment/reply reactions. Webhook signature verification

2 participants