- Prevent server-side exceptions (Application error) on mobile after redirects
- useOneShotSlowHint: guard document; use global setTimeout; conditionally attach visibilitychange
- useConnectionFeedback: guard document.visibilityState; register/remove listeners only on client
- usePageSetup: guard window before tracking referrer and parsing roomId
- tracking: early return when window is undefined
- docs(flows): add “SSR & DOM access guard (must-read)” checklist; renumber next section
- Add multi-language post “Cached ID reconnect: auto rejoin and resume”:
zh, en, ja, ko, de, fr, es under: frontend/content/blog/cached-id-reconnect/*.mdx
- Include cover asset: frontend/public/blog-assets/cached-id-reconnect.webp
- Describe receiver auto-join, reconnect workflow, and resume behavior.
- Tag with WebRTC/P2P/reconnect for discoverability.
- Receiver: auto-fill and join on Retrieve tab when input empty, not in room, no URL roomId, and cachedId exists (ClipboardApp + roomIdCache)
- Sender: “Use cached ID” now immediately joins the room (add onUseCached + disabled to CachedIdActionButton; wire in SendTabPanel)
- UI: add ThemeToggle and integrate into Header (desktop and mobile)
- Styles: replace hardcoded white with design tokens in Retrieve panel (bg-card/text-card-foreground) for dark mode
- Docs: update AI playbook flows and code-map
- Add Messages.meta.blog and text.blog (BlogTexts) to types/messages
- Update all locales with blog UI strings and meta.blog
- Localize blog list, tag pages, and article detail (titles, labels, dates)
- Pass messages to ArticleListItem; TableOfContents supports localized title
- Use dictionary-based metadata; alternates cover all supported locales
- Sitemap: include /[lang]/blog/tag/{tag} and set blog list lastModified to newest post
- JSON-LD: hardcode site URL in getSiteUrl() for consistency
- Attempt reconnection on 'disconnected' | 'failed' | 'closed' states (BaseWebRTC)
- Relax gating: rejoin when roomId exists and any of isPeerDisconnected, isSocketDisconnected, or socketId changed
- Auto re-join room on socket 'connect' if lastJoinedSocketId differs or not in room; send initiator-online for initiators
- Track lastJoinedSocketId after successful join and reset isInRoom when socketId changes to bypass early-return
- Update flows to document mobile background/foreground reconnection and socketId-based rejoin
- Move from flat file structure (privydrop-open-source-en.mdx) to nested structure (privydrop-open-source/en.mdx)
- Update blog.ts to handle new directory-based file organization
- Update duplicate room ID messages across all languages for better clarity
- Enhance cached ID tips with double-click save mode functionality
- Add image optimization cache configuration to Nginx
- Document production environment variable sync requirements
- Add NEXT_IMAGE_UNOPTIMIZED to production config
- Add generic JSON-LD injector component and builders
- components/seo/JsonLd.tsx
- lib/seo/jsonld.ts
- Inject Organization and WebSite JSON-LD globally in [lang]/layout
- Inject WebApplication JSON-LD on the localized home page
- Localize description/url/inLanguage and set alternateName ["PrivyDrop", "PrivyDrop APP"]
- Inject FAQPage JSON-LD only on /[lang]/faq (not on home)
- Build Q&A from messages.text.faqs
- Inject BlogPosting + BreadcrumbList on blog post pages
- Use frontmatter.cover as image, localized breadcrumbs
Notes
- Use stable @id anchors (/#organization, /#website, /[lang]#app, /[lang]/blog/[slug]#post)
- Respect multi-language setup across en/zh/ja/es/de/fr/ko
- SameAs limited to GitHub and X as provided
- Site URL resolved via NEXT_PUBLIC_SITE_URL or defaults to https://www.privydrop.app
- generate-config.sh: add --with-nginx flag handling; when enabled, set NEXT_PUBLIC_API_URL empty to use same-origin /api and /socket.io; add BACKEND_INTERNAL_URL for SSR/internal fetch; adjust lan-tls HTTPS (8443) and TLS generation policy
- deploy.sh: show only valid access URLs when Nginx is enabled (gateway URLs), avoid misleading :3002/:3001 entries
- frontend (env/webrtc): return mutable transports [websocket,polling]; use empty signaling server for same-origin; comments in English
- frontend (next.config): support NEXT_IMAGE_UNOPTIMIZED to turn off image optimization in Docker
- frontend (health): prefer BACKEND_INTERNAL_URL for internal health checks, fallback to public URL/localhost
- docker-compose + Dockerfile(frontend): pass NEXT_IMAGE_UNOPTIMIZED and BACKEND_INTERNAL_URL envs
- generate-config.sh
- Add flags: --no-clean, --reset-ssl, --ssl-mode (letsencrypt|self-signed|provided)
- Stop deleting docker/ssl by default; only wipe on explicit --reset-ssl
- Inject ACME webroot route into HTTP (80) server; create docker/letsencrypt-www
- Default SSL_MODE: full=letsencrypt, private/public=self-signed
- Add enable_https_if_cert_present: append 443 server only when server-cert.pem/server-key.pem exist
- Keep self-signed path generating HTTPS immediately (non-basic)
- docker-compose.yml
- Mount ./docker/letsencrypt-www:/var/www/certbot:ro for Nginx ACME challenges
- deploy.sh
- Add --le-email for Let’s Encrypt account email
- Auto-install certbot once (apt-get) and enable systemd timer if available
- Install deploy hook at /etc/letsencrypt/renewal-hooks/deploy/privydrop-reload.sh to:
- Copy renewed certs into docker/ssl
- Hot-reload Nginx; HUP or restart coturn
- First-time issuance (webroot) for <domain> and turn.<domain> after Nginx:80 is up; copy certs
- Re-run generate-config with --no-clean --ssl-mode letsencrypt to enable 443, then reload Nginx
- Behavior changes
- Full mode prefers Let’s Encrypt by default; HTTPS gets enabled as soon as certs exist
- docker/ssl is no longer wiped by config generation
- Notes
- SNI-based turns:443 is not implemented yet (planned)
- Backward compatible with private/public (self-signed)
Test steps:
bash docker/scripts/generate-config.sh --mode private [--local-ip 192.168.0.113]
bash ./deploy.sh --mode private
Front-end directly inlines NEXT_PUBLIC_API_URL, directly connecting to the backend.
CORS (production) supports comma-separated multiple origins, with localhost and local network IPs included by default.
david_bai