- Introduce repeat button with active state styling and toggle logic in player.js
- Update background grid animation to use faster, distance-scaled flyby passes for more dynamic visuals
- Extend song view model (`songs.js`) to include uploader's display name
- Improve user verification flow (`users.js`) to ensure fresh state after async password check
- Add uploader info line in public song page view
feat(users): implement user disabling functionality with admin controls
- Add `disabled` column to users table via migration
- Update login flow to reject disabled accounts with 403 error
- Introduce new `/admin/users` route for admin-only user management (disable/enable, verify email, delete with content)
- Extend users service to support listing all users, toggling disabled status, admin verification, and cascading deletion of user's songs/playlists
- Add admin UI for managing users with visual indication of disabled accounts (opacity reduction)
- Update navigation to include "Users" link for admins
```
- Display playlist creator name on public and admin playlist views
- Add shuffle playback button for playlists in player UI
- Implement drag-and-drop reordering for playlist tracks with visual feedback
- Improve email verification UX: redirect pending users to verify page with resend option
- Simplify admin routes by removing redundant role checks (user-based filtering already handled)
- Adjust featured playlist count and add "show all" links on home page
- Introduce email_verified column and email_verifications table for token-based verification
- Add nodemailer dependency and create mailer service (SMTP + dev fallback to console)
- On registration, generate 24h verification token and send email (or log URL in dev)
- Add /verify-email GET route to validate tokens and mark user as verified
- Add /resend-verification POST route for logged-in users to re-send link
- Update flash system with new warning style for unverified users
- Update .env.example with APP_BASE_URL and SMTP_* configuration variables
Note: existing users are grandfathered in (email_verified=1) via migration.
- Add public/logged_in/private visibility levels to songs and playlists via database migration (002_visibility.sql)
- Replace old `is_public` boolean with new `visibility` enum in admin forms, API schemas, and services
- Implement access control logic:
- Guests see only public items that don't contain restricted tracks
- Logged-in users see public + logged_in items (excluding private ones)
- Admins see all; regular users manage their own content
- Auto-upgrade playlist visibility when adding more restrictive songs
- Add UI badges for visibility levels and update admin views to reflect new hierarchy
PWA enhancements:
- Update web manifest with proper name, colors, and icon paths
- Add service worker (sw.js) with cache-first for static assets and network-first for HTML
- Register SW at root (/sw.js) with Service-Worker-Allowed header for full origin scope
- Add theme-color meta tag and navigate.js for client-side routing
Other:
- Update admin nav label from "Admin" to "My Music" to reflect role-based access
Brian Fertig