chore(release): 3.13.2 [skip ci]

## [3.13.2](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.13.1...v3.13.2) (2025-10-14) ### Bug Fixes * **arcade:** only notify room creator of join requests ([bc571e3](bc571e3d0d))
fix(arcade): only notify room creator of join requests
2025-10-14 13:55:57 +00:00 · 2025-10-14 08:55:10 -05:00 · 2025-10-14 13:54:31 +00:00 · 2025-10-14 08:53:39 -05:00 · 2025-10-14 13:53:19 +00:00 · 2025-10-14 08:52:19 -05:00
11 changed files with 172 additions and 37 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,24 @@
+## [3.13.2](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.13.1...v3.13.2) (2025-10-14)
+
+
+### Bug Fixes
+
+* **arcade:** only notify room creator of join requests ([bc571e3](https://github.com/antialias/soroban-abacus-flashcards/commit/bc571e3d0d11fe4142680132d551e25ca626d950))
+
+## [3.13.1](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.13.0...v3.13.1) (2025-10-14)
+
+
+### Bug Fixes
+
+* **arcade:** allow room creator to rejoin restricted/approval rooms ([654ba19](https://github.com/antialias/soroban-abacus-flashcards/commit/654ba19ccca595d34ad205c036c18afb99a494c7))
+
+## [3.13.0](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.12.0...v3.13.0) (2025-10-14)
+
+
+### Features
+
+* **moderation:** add inline feedback and persistent password display ([86e3d41](https://github.com/antialias/soroban-abacus-flashcards/commit/86e3d4199628f95048b9265c9de0adfdc2934f93))
+
 ## [3.12.0](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.11.1...v3.12.0) (2025-10-14)


--- a/apps/web/.claude/settings.local.json
+++ b/apps/web/.claude/settings.local.json
@@ -57,7 +57,10 @@
      "Bash(fi)",
      "Bash(then echo \"TypeScript errors found\")",
      "Bash(else echo \"✓ No TypeScript errors in join page\")",
-      "Bash(npx @biomejs/biome format:*)"
+      "Bash(npx @biomejs/biome format:*)",
+      "Bash(npx drizzle-kit generate:*)",
+      "Bash(ssh nas.home.network \"docker ps | grep -E ''soroban|abaci|web''\")",
+      "Bash(ssh:*)"
    ],
    "deny": [],
    "ask": []
--- a/apps/web/drizzle/0009_add_display_password.sql
+++ b/apps/web/drizzle/0009_add_display_password.sql
@@ -0,0 +1,2 @@
+-- Add display_password column to arcade_rooms for showing plain text passwords to room owners
+ALTER TABLE `arcade_rooms` ADD `display_password` text(100);
--- a/apps/web/src/app/api/arcade/rooms/[roomId]/join-requests/route.ts
+++ b/apps/web/src/app/api/arcade/rooms/[roomId]/join-requests/route.ts
@@ -88,11 +88,12 @@ export async function POST(req: NextRequest, context: RouteContext) {
      `[Join Requests] Created request for user ${viewerId} (${displayName}) to join room ${roomId}`
    )

-    // Broadcast to all members in the room (particularly the host) via socket
+    // Broadcast to the room host (creator) only via socket
    const io = await getSocketIO()
    if (io) {
      try {
-        io.to(`room:${roomId}`).emit('join-request-submitted', {
+        // Send notification only to the room creator's user channel
+        io.to(`user:${room.createdBy}`).emit('join-request-submitted', {
          roomId,
          request: {
            id: request.id,
@@ -103,7 +104,7 @@ export async function POST(req: NextRequest, context: RouteContext) {
        })

        console.log(
-          `[Join Requests] Broadcasted join-request-submitted for user ${viewerId} to room ${roomId}`
+          `[Join Requests] Broadcasted join-request-submitted to room creator ${room.createdBy}`
        )
      } catch (socketError) {
        // Log but don't fail the request if socket broadcast fails
--- a/apps/web/src/app/api/arcade/rooms/[roomId]/join/route.ts
+++ b/apps/web/src/app/api/arcade/rooms/[roomId]/join/route.ts
@@ -83,25 +83,31 @@ export async function POST(req: NextRequest, context: RouteContext) {
      }

      case 'restricted': {
-        // Check for valid pending invitation
-        const invitation = await getInvitation(roomId, viewerId)
-        if (!invitation || invitation.status !== 'pending') {
-          return NextResponse.json(
-            { error: 'You need a valid invitation to join this room' },
-            { status: 403 }
-          )
+        // Room creator can always rejoin their own room
+        if (!isRoomCreator) {
+          // Check for valid pending invitation
+          const invitation = await getInvitation(roomId, viewerId)
+          if (!invitation || invitation.status !== 'pending') {
+            return NextResponse.json(
+              { error: 'You need a valid invitation to join this room' },
+              { status: 403 }
+            )
+          }
        }
        break
      }

      case 'approval-only': {
-        // Check for approved join request
-        const joinRequest = await getJoinRequest(roomId, viewerId)
-        if (!joinRequest || joinRequest.status !== 'approved') {
-          return NextResponse.json(
-            { error: 'Your join request must be approved by the host' },
-            { status: 403 }
-          )
+        // Room creator can always rejoin their own room without approval
+        if (!isRoomCreator) {
+          // Check for approved join request
+          const joinRequest = await getJoinRequest(roomId, viewerId)
+          if (!joinRequest || joinRequest.status !== 'approved') {
+            return NextResponse.json(
+              { error: 'Your join request must be approved by the host' },
+              { status: 403 }
+            )
+          }
        }
        break
      }
--- a/apps/web/src/app/api/arcade/rooms/[roomId]/route.ts
+++ b/apps/web/src/app/api/arcade/rooms/[roomId]/route.ts
@@ -42,8 +42,13 @@ export async function GET(_req: NextRequest, context: RouteContext) {
    // Update room activity when viewing (keeps active rooms fresh)
    await touchRoom(roomId)

+    // Prepare room data - include displayPassword only for room creator
+    const roomData = canModerate
+      ? room // Creator gets full room data including displayPassword
+      : { ...room, displayPassword: undefined } // Others don't see displayPassword
+
    return NextResponse.json({
-      room,
+      room: roomData,
      members,
      memberPlayers, // Map of userId -> active Player[] for each member
      canModerate,
--- a/apps/web/src/app/api/arcade/rooms/[roomId]/settings/route.ts
+++ b/apps/web/src/app/api/arcade/rooms/[roomId]/settings/route.ts
@@ -69,9 +69,11 @@ export async function PATCH(req: NextRequest, context: RouteContext) {
    if (body.password !== undefined) {
      if (body.password === null || body.password === '') {
        updateData.password = null // Clear password
+        updateData.displayPassword = null // Also clear display password
      } else {
        const hashedPassword = await bcrypt.hash(body.password, 10)
        updateData.password = hashedPassword
+        updateData.displayPassword = body.password // Store plain text for display
      }
    }

--- a/apps/web/src/components/nav/ModerationPanel.tsx
+++ b/apps/web/src/components/nav/ModerationPanel.tsx
@@ -95,6 +95,10 @@ export function ModerationPanel({
  const [joinRequests, setJoinRequests] = useState<any[]>([])
  const [passwordCopied, setPasswordCopied] = useState(false)

+  // Inline feedback state
+  const [successMessage, setSuccessMessage] = useState<string>('')
+  const [errorMessage, setErrorMessage] = useState<string>('')
+
  // Ban modal state
  const [showBanModal, setShowBanModal] = useState(false)
  const [banTargetUserId, setBanTargetUserId] = useState<string | null>(null)
@@ -182,8 +186,9 @@ export function ModerationPanel({
      }

      // Success - member will be removed via socket update
+      showSuccess('Player kicked from room')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to kick player')
+      showError(err instanceof Error ? err.message : 'Failed to kick player')
    } finally {
      setActionLoading(null)
    }
@@ -220,8 +225,10 @@ export function ModerationPanel({
        const data = await bansRes.json()
        setBans(data.bans || [])
      }
+
+      showSuccess('Player banned from room')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to ban player')
+      showError(err instanceof Error ? err.message : 'Failed to ban player')
    } finally {
      setActionLoading(null)
      setBanTargetUserId(null)
@@ -257,8 +264,10 @@ export function ModerationPanel({
        const data = await historyRes.json()
        setHistoricalMembers(data.historicalMembers || [])
      }
+
+      showSuccess('Player unbanned')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to unban player')
+      showError(err instanceof Error ? err.message : 'Failed to unban player')
    } finally {
      setActionLoading(null)
    }
@@ -294,9 +303,9 @@ export function ModerationPanel({
        setHistoricalMembers(data.historicalMembers || [])
      }

-      alert(`${userName} has been unbanned and invited back to the room!`)
+      showSuccess(`${userName} has been unbanned and invited back to the room`)
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to unban player')
+      showError(err instanceof Error ? err.message : 'Failed to unban player')
    } finally {
      setActionLoading(null)
    }
@@ -324,9 +333,9 @@ export function ModerationPanel({
        setHistoricalMembers(data.historicalMembers || [])
      }

-      alert(`Invitation sent to ${userName}!`)
+      showSuccess(`Invitation sent to ${userName}`)
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to send invitation')
+      showError(err instanceof Error ? err.message : 'Failed to send invitation')
    } finally {
      setActionLoading(null)
    }
@@ -338,13 +347,19 @@ export function ModerationPanel({

    const loadSettings = async () => {
      try {
-        // Fetch current room data to get access mode
+        // Fetch current room data to get access mode and password
        const roomRes = await fetch(`/api/arcade/rooms/${roomId}`)
        if (roomRes.ok) {
          const data = await roomRes.json()
          const currentAccessMode = data.room?.accessMode || 'open'
          setAccessMode(currentAccessMode)
          setOriginalAccessMode(currentAccessMode)
+
+          // Set password field if room has a password and user is the creator
+          if (currentAccessMode === 'password' && data.room?.displayPassword) {
+            setRoomPassword(data.room.displayPassword)
+            setShowPasswordInput(true)
+          }
        }

        // Fetch join requests if any
@@ -381,12 +396,12 @@ export function ModerationPanel({
        throw new Error(errorData.error || 'Failed to update settings')
      }

-      alert('Room settings updated successfully!')
+      showSuccess('Room settings updated successfully')
      setOriginalAccessMode(accessMode) // Update original to current
      setShowPasswordInput(false)
      setRoomPassword('')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to update settings')
+      showError(err instanceof Error ? err.message : 'Failed to update settings')
    } finally {
      setActionLoading(null)
    }
@@ -414,10 +429,10 @@ export function ModerationPanel({
        throw new Error(errorData.error || 'Failed to transfer ownership')
      }

-      alert(`Ownership transferred to ${newOwner.displayName}!`)
-      onClose() // Close panel since user is no longer host
+      showSuccess(`Ownership transferred to ${newOwner.displayName}`)
+      setTimeout(() => onClose(), 2000) // Close panel after showing message
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to transfer ownership')
+      showError(err instanceof Error ? err.message : 'Failed to transfer ownership')
    } finally {
      setActionLoading(null)
    }
@@ -442,9 +457,9 @@ export function ModerationPanel({
        setJoinRequests(data.requests || [])
      }

-      alert('Join request approved!')
+      showSuccess('Join request approved')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to approve request')
+      showError(err instanceof Error ? err.message : 'Failed to approve request')
    } finally {
      setActionLoading(null)
    }
@@ -468,8 +483,10 @@ export function ModerationPanel({
        const data = await requestsRes.json()
        setJoinRequests(data.requests || [])
      }
+
+      showSuccess('Join request denied')
    } catch (err) {
-      alert(err instanceof Error ? err.message : 'Failed to deny request')
+      showError(err instanceof Error ? err.message : 'Failed to deny request')
    } finally {
      setActionLoading(null)
    }
@@ -484,10 +501,23 @@ export function ModerationPanel({
      setTimeout(() => setPasswordCopied(false), 2000)
    } catch (err) {
      console.error('Failed to copy password:', err)
-      alert('Failed to copy password to clipboard')
+      showError('Failed to copy password to clipboard')
    }
  }

+  // Utility functions for showing feedback
+  const showSuccess = (message: string) => {
+    setSuccessMessage(message)
+    setErrorMessage('')
+    setTimeout(() => setSuccessMessage(''), 5000)
+  }
+
+  const showError = (message: string) => {
+    setErrorMessage(message)
+    setSuccessMessage('')
+    setTimeout(() => setErrorMessage(''), 5000)
+  }
+
  const pendingReports = reports.filter((r) => r.status === 'pending')
  const otherMembers = members.filter((m) => m.userId !== currentUserId)

@@ -534,6 +564,69 @@ export function ModerationPanel({
          Manage members, reports, and bans
        </p>

+        {/* Success/Error Messages */}
+        {(successMessage || errorMessage) && (
+          <div
+            style={{
+              padding: '12px 16px',
+              background: successMessage ? 'rgba(34, 197, 94, 0.1)' : 'rgba(239, 68, 68, 0.1)',
+              border: successMessage
+                ? '1px solid rgba(34, 197, 94, 0.4)'
+                : '1px solid rgba(239, 68, 68, 0.4)',
+              borderRadius: '8px',
+              marginBottom: '16px',
+              display: 'flex',
+              alignItems: 'center',
+              justifyContent: 'space-between',
+              animation: 'fadeIn 0.2s ease',
+            }}
+          >
+            <div
+              style={{
+                display: 'flex',
+                alignItems: 'center',
+                gap: '8px',
+                flex: 1,
+              }}
+            >
+              <span style={{ fontSize: '16px' }}>{successMessage ? '✓' : '⚠'}</span>
+              <span
+                style={{
+                  fontSize: '14px',
+                  fontWeight: '600',
+                  color: successMessage ? 'rgba(34, 197, 94, 1)' : 'rgba(239, 68, 68, 1)',
+                }}
+              >
+                {successMessage || errorMessage}
+              </span>
+            </div>
+            <button
+              type="button"
+              onClick={() => {
+                setSuccessMessage('')
+                setErrorMessage('')
+              }}
+              style={{
+                background: 'none',
+                border: 'none',
+                color: successMessage ? 'rgba(34, 197, 94, 0.8)' : 'rgba(239, 68, 68, 0.8)',
+                fontSize: '18px',
+                cursor: 'pointer',
+                padding: '0 4px',
+                lineHeight: 1,
+              }}
+              onMouseEnter={(e) => {
+                e.currentTarget.style.opacity = '1'
+              }}
+              onMouseLeave={(e) => {
+                e.currentTarget.style.opacity = '0.8'
+              }}
+            >
+              ✕
+            </button>
+          </div>
+        )}
+
        {/* Tabs */}
        <div
          style={{
--- a/apps/web/src/db/schema/arcade-rooms.ts
+++ b/apps/web/src/db/schema/arcade-rooms.ts
@@ -30,6 +30,7 @@ export const arcadeRooms = sqliteTable('arcade_rooms', {
    .notNull()
    .default('open'),
  password: text('password', { length: 255 }), // Hashed password for password-protected rooms
+  displayPassword: text('display_password', { length: 100 }), // Plain text password for display to room owner

  // Game configuration
  gameName: text('game_name', {
--- a/apps/web/src/lib/arcade/tests/room-manager.test.ts
+++ b/apps/web/src/lib/arcade/tests/room-manager.test.ts
@@ -62,6 +62,7 @@ describe('Room Manager', () => {
    ttlMinutes: 60,
    accessMode: 'open',
    password: null,
+    displayPassword: null,
    gameName: 'matching',
    gameConfig: { difficulty: 6 },
    status: 'lobby',
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "soroban-monorepo",
-  "version": "3.12.0",
+  "version": "3.13.2",
  "private": true,
  "description": "Beautiful Soroban Flashcard Generator - Monorepo",
  "workspaces": [
Author	SHA1	Message	Date
semantic-release-bot	2fb6ead4f2	chore(release): 3.13.2 [skip ci] ## [3.13.2](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.13.1...v3.13.2) (2025-10-14) ### Bug Fixes * arcade: only notify room creator of join requests ([`bc571e3`](`bc571e3d0d`))	2025-10-14 13:55:57 +00:00
Thomas Hallock	bc571e3d0d	fix(arcade): only notify room creator of join requests Fixes issue where ALL room members were seeing join request approval toasts, but only the creator can approve them, leading to confusing error messages when non-creators clicked approve/deny. Changes: - Join request notifications now sent only to room creator's user channel - Changed from broadcasting to entire room to targeted user notification - Uses `user:${room.createdBy}` channel instead of `room:${roomId}` Non-host users will no longer see approval toasts they cannot act on. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-14 08:55:10 -05:00
semantic-release-bot	eed7c9b938	chore(release): 3.13.1 [skip ci] ## [3.13.1](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.13.0...v3.13.1) (2025-10-14) ### Bug Fixes * arcade: allow room creator to rejoin restricted/approval rooms ([`654ba19`](`654ba19ccc`))	2025-10-14 13:54:31 +00:00
Thomas Hallock	654ba19ccc	fix(arcade): allow room creator to rejoin restricted/approval rooms Fixes catch-22 where room creator who leaves their own approval-only or restricted room cannot rejoin because: - Approval-only: They need approval but can't approve themselves - Restricted: They need an invitation but can't invite themselves Changes: - Room creator now bypasses invitation check for restricted rooms - Room creator now bypasses approval check for approval-only rooms - Other users still require proper authorization This ensures hosts can always access their own rooms regardless of access mode restrictions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-14 08:53:39 -05:00
semantic-release-bot	f5469cda0c	chore(release): 3.13.0 [skip ci] ## [3.13.0](https://github.com/antialias/soroban-abacus-flashcards/compare/v3.12.0...v3.13.0) (2025-10-14) ### Features * moderation: add inline feedback and persistent password display ([`86e3d41`](`86e3d41996`))	2025-10-14 13:53:19 +00:00
Thomas Hallock	86e3d41996	feat(moderation): add inline feedback and persistent password display - Add success/error message UI component to ModerationPanel - Replace all browser alert() calls with inline React-based feedback - Add displayPassword field to arcade_rooms schema for plain text storage - Create migration to add display_password column - Update settings PATCH route to store both hashed and display passwords - Update room GET route to return displayPassword only to room creator - Update ModerationPanel to populate password field when loading settings - Fix room-manager test to include displayPassword field Password field now persists and displays correctly when reloading the page for room owners in password-protected rooms. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-14 08:52:19 -05:00