- Add async initialize() method for reliable initialization waiting
- Add static create() factory method for easy async creation
- Add initialization state tracking with isInitialized flag
- Add warning system for methods called before full initialization
- Update server.js to use proper async initialization pattern
- Maintain backward compatibility with constructor-only usage
- Add accessibility improvement for reduced motion preferences in CSS
Fixes the race condition issue where consumers relied on arbitrary
timeouts instead of properly waiting for async initialization to complete.
- Add comprehensive no-op fallback profanity filter with all required methods
- Prevent runtime errors when profanity filter initialization fails
- Add startup logging to clearly indicate profanity filter status
- Include _isFallback property for monitoring and debugging
- Ensure all routes continue to function even with fallback filter
- Maintain security awareness with clear warning messages
- Create public/utils.js with shared frontend utility functions
- Extract parseUTCDate, getTimeAgo, getTimeRemaining, getRemainingClass to utils.js
- Remove duplicate functions from admin.js, app-mapbox.js, app-google.js, and app.js
- Add utils.js script import to index.html and admin.html
- Add comprehensive JSDoc documentation for all utility functions
- Ensure consistent UTC timestamp parsing across all frontend scripts
This addresses Copilot AI feedback about function duplication across multiple frontend scripts.
Now all timestamp and time calculation logic is centralized in one maintainable module.
Benefits:
- Single source of truth for time-related utilities
- Easier maintenance and updates
- Consistent behavior across all frontend components
- Better code organization and documentation
- Reduced bundle size through deduplication
- Add proper error handling to prevent undefined profanityFilter from being passed to routes
- Implement fallback no-op profanity filter strategy when initialization fails
- Add validation check before setupRoutes() to ensure profanityFilter is defined
- Provide clear error messages and security warnings when fallback is used
- Update graceful shutdown to safely handle both real and fallback profanity filters
Fallback profanity filter:
- Allows all content to pass through (security risk but prevents crash)
- Provides proper method signatures for API compatibility
- Logs prominent security warnings about disabled filtering
- Returns appropriate error messages for admin operations
This prevents runtime errors while maintaining service availability, with clear warnings about the security implications.
- Add parseUTCDate helper function to handle timestamp UTC parsing consistently
- Eliminates code duplication across getTimeAgo, getTimeRemaining, and expiry functions
- Applied to admin.js, app-mapbox.js, app-google.js, and app.js
- Ensures consistent UTC timezone handling throughout all frontend JavaScript
- Addresses Copilot AI feedback for better code maintainability and DRY principles
The parseUTCDate function handles the logic:
timestamp.includes('T') ? timestamp : timestamp + 'Z'
This ensures all timestamp parsing uses the same UTC interpretation logic.
- Fixed getTimeAgo(), getTimeRemaining(), and getRemainingClass() functions
- Database stores UTC timestamps but frontend was treating them as local time
- Added logic to append 'Z' to timestamps without timezone info to force UTC interpretation
- Now properly shows 48-hour countdown instead of incorrect 52-hour or 28-hour values
- Affects both main app (app-mapbox.js) and admin panel (admin.js)
- Updated getTimeRemaining() function to use 48 hours instead of 24 hours
- Updated getRemainingClass() function to calculate remaining time based on 48 hours
- Frontend now matches backend 48-hour expiration policy
- Time remaining display will now show up to ~47h instead of ~23h for new reports
- Corrected API endpoint URLs from /api/admin/profanity/words to /api/admin/profanity-words
- Fixed profanity test endpoint from /api/admin/profanity/test to /api/admin/test-profanity
- Updated data handling to match actual API response format
- Fixed profanity test results display to match API analysis structure
- All CRUD operations for profanity words now working correctly
- Added tab-based admin interface with separate Profanity Filter tab
- Implemented custom word management (add/delete words with severity levels)
- Added profanity filter testing interface for real-time validation
- Integrated with profanity database API endpoints
- Added comprehensive CSS styling for new UI components
- Full admin interface for managing custom profanity words and categories
- Create dedicated ProfanityFilter class with isolated SQLite database
- Separate profanity.db from main application database to prevent SQLITE_MISUSE errors
- Add comprehensive custom word management (CRUD operations)
- Implement advanced profanity detection with leetspeak and pattern matching
- Add admin UI for managing custom profanity words
- Add extensive test suites for both profanity filter and API routes
- Update server.js to use isolated profanity filter
- Add proper database initialization and cleanup methods
- Support in-memory databases for testing
Breaking changes:
- Profanity filter now uses separate database file
- Updated admin API endpoints for profanity management
- Enhanced profanity detection capabilities
- Add dark mode overrides for table cell text colors to ensure visibility
- Remove Google Maps API key exposure from /api/config endpoint (security fix)
- Update privacy policy to clarify international server hosting
- Switch from CDN resources to local files for better control
- Add SCSS build system for future styling improvements
Applied the exact same selector pattern as admin table:
- .reports-table th, .reports-table td { color: var(--text-color); }
This ensures both header and data cells explicitly inherit the correct
text color variable, matching the admin table behavior exactly.
Should resolve the white text visibility issue in dark mode.
Updated reports table to use the same robust styling as admin table:
✅ Added:
- border-radius: 8px and overflow: hidden for rounded corners
- box-shadow: 0 2px 4px var(--shadow) for elevation
- color: var(--text-color) on table element for inheritance
- Consistent border styling with 1px borders
- font-weight: bold for headers (matching admin)
✅ Improved:
- Better dark mode support with proper color inheritance
- Consistent visual appearance between admin and public tables
- Removed duplicate box-shadow from table-container
- Simplified header borders (removed 2px, sticky positioning complexity)
Both tables now share the same visual design language and dark mode behavior.
The admin table was working correctly because it explicitly sets 'color: var(--text-color)'
on all table cells, but the main reports table (Table View on homepage) was missing this.
Added 'color: var(--text-color)' to '.reports-table td' to ensure all table cells
use the proper text color in both light and dark modes.
This fixes the gray-on-gray readability issue in the details table view.
Problem: Text with opacity created gray-on-gray which was hard to read in dark mode.
Solution: Added dedicated color variables for text hierarchy:
- --text-color: Primary text (bright)
- --text-secondary: Secondary text (medium brightness)
- --text-tertiary: Tertiary text (dimmer but still readable)
Dark mode colors:
- Primary: #e0e0e0 (bright white-ish)
- Secondary: #b0b0b0 (medium gray)
- Tertiary: #909090 (dimmer gray)
Light mode colors:
- Primary: #333 (dark)
- Secondary: #666 (medium gray)
- Tertiary: #999 (light gray)
This provides much better contrast and readability in dark mode while maintaining the visual hierarchy.
- Updated table cell colors to use CSS variables instead of hardcoded values
- Fixed location-cell, details-cell, time-cell text colors for dark mode
- Improved contrast with opacity adjustments for secondary text
- Updated status colors (urgent/warning/normal) to work better in dark mode
- Fixed autocomplete, input-help, disclaimer, and table-info text colors
- All text now properly adapts to both light and dark themes
The public /api/locations endpoint was only returning locations within 48 hours,
but it should also include persistent locations regardless of their age.
Updated SQL query to: 'WHERE created_at > ? OR persistent = 1'
This ensures that:
- Regular reports show for 48 hours (as intended)
- Persistent reports show indefinitely (as intended)
- Both types appear on the public map and homepage
Security improvements:
- Auto-logout after 30 minutes of inactivity
- Session warning 5 minutes before expiry with option to extend
- Activity-based session extension on user interaction
- Session validation on page load and API calls
- Periodic session validity checks every minute
- Secure cleanup of tokens and timers on logout
- Protection against expired session usage
This prevents unauthorized access if admin leaves session open or if tokens are compromised.
- Updated all static asset URLs to use iceymi.b-cdn.net CDN
- Changed favicon, CSS, and JS file references in index.html, admin.html, and privacy.html
- API calls remain pointed to origin server for dynamic content
- Ready for CDN deployment with proper cache separation
- Created custom map markers with distinct colors and symbols:
- 🔒 Green circles with lock icon for persistent reports
- ⚠️ Red circles with warning icon for temporary reports
- Updated popup text to indicate persistent status
- Applied consistent styling to both MapBox and Nominatim versions
- Enhanced visual distinction between report types on the map
- Updated getTimeRemaining() to return 'Persistent' for persistent reports
- Modified getRemainingClass() to handle persistent report styling
- Table view now clearly indicates which reports are persistent vs. expiring
- Maintains color coding for non-persistent reports based on time remaining
- Enhanced mobile responsiveness across entire site and admin panel
- Optimized layouts, font sizes, and spacing for screens ≤768px and ≤480px
- Made forms, tables, maps, and buttons touch-friendly
- Added responsive breakpoints for better mobile experience
- Added persistent reports functionality
- Added 'persistent' column to database with automatic migration
- Updated cleanup logic to preserve persistent reports (no auto-expiration)
- Added admin panel toggle for marking reports as persistent
- Added persistent report count to admin dashboard stats
- Visual indicators with lock/unlock icons for persistent status
- Improved admin panel UI
- Standardized header button styling and sizing
- Added 'Return to Homepage' button for better navigation
- Enhanced mobile responsiveness for admin interface
- Fixed table layouts and button arrangements for mobile devices
- Backend API enhancements
- New PATCH endpoint for toggling persistent status
- Updated admin routes to include persistent field
- Backwards compatible database migration
✨ New Features:
- Toggle between map and table view for current reports
- Table view shows location, details, reported time, and time remaining
- Color-coded time remaining: urgent (red), warning (orange), normal (green)
- Responsive design with mobile-optimized table layout
- Real-time updates work in both map and table views
- Sorted by most recent reports first
🎨 UI Improvements:
- Professional toggle buttons with active state
- Clean table design with hover effects
- Accessibility-friendly with proper titles and tooltips
- Mobile-responsive layout adjustments
🚀 Better UX:
- Easy switching between visual map and detailed table
- Time remaining countdown helps prioritize urgent reports
- Searchable and scannable table format for quick review
- Maintains all existing functionality while adding new view
- Use proper rate_limit block syntax with key, rate, and window
- Rate 30 requests per minute for general API
- Rate 5 requests per minute for location submissions
- Should resolve 'wrong argument count' error
- Combined @submit matcher conditions into single block
- Fixed 'matcher is defined more than once' error
- Proper Caddyfile syntax for combining path and method matchers
- Simplified rate limiting syntax to use 30r/m and 5r/m format
- Fixed matcher syntax for submission rate limiting
- Should resolve 'wrong argument count' error in Caddy
- Compatible with caddy-ratelimit plugin syntax
- Install Go 1.21.5 for ARM64 architecture
- Use xcaddy to build Caddy with caddy-ratelimit plugin
- Create custom systemd service for plugin-enabled Caddy
- Restore rate limiting configuration in Caddyfile
- Production-ready setup with proper security and rate limiting
- Automatic SSL with enhanced protection against API abuse
- Added explicit HTTP to HTTPS redirects for clarity
- Improved security headers including CSP for MapBox/OSM
- Added health checks for reverse proxy
- Implemented rate limiting for API protection
- Added structured logging for security monitoring
- Enhanced compression with gzip and zstd
- Comprehensive www/non-www redirect handling
- Production-ready configuration for ICE Watch
- Changed all git clone URLs to use SSH (git@github.com:)
- Fixed repository name to derekslenk/ice (correct repo name)
- Updated both deployment script and README
- Provides better security for server deployments
- Created S3 bucket: ice-puremichigan-lol
- Updated all references to use correct bucket name
- Applied public access policy for scripts/* path
- Ready for automated deployment via GitHub Actions
- Changed deployment URLs from /icewatch to /scripts
- Added cache control headers for better performance
- Updated bucket policy for scripts/* public access
- All deployment files now use consistent scripts/ path
