(SP: 3) [Frontend] Complete About page redesign: fix merge conflicts with develop

Author: yevheniidatsenko

frontend/.env.example

@@ -66,3 +66,27 @@ GMAIL_USER=
 
 # --- Security
 CSRF_SECRET=
+
+CHECKOUT_RATE_LIMIT_MAX=10
+CHECKOUT_RATE_LIMIT_WINDOW_SECONDS=300
+
+# Stripe webhook rate limit envs (applied per reason; reason-specific overrides generic).
+# Missing signature has its own envs with fallback to generic, then legacy invalid_sig.
+STRIPE_WEBHOOK_MISSING_SIG_RL_MAX=30
+STRIPE_WEBHOOK_MISSING_SIG_RL_WINDOW_SECONDS=60
+
+# Generic Stripe webhook rate limit fallback (applies to missing_sig and invalid_sig).
+STRIPE_WEBHOOK_RL_MAX=30
+STRIPE_WEBHOOK_RL_WINDOW_SECONDS=60
+
+# Invalid signature envs (canonical for invalid_sig, legacy fallback for missing_sig).
+STRIPE_WEBHOOK_INVALID_SIG_RL_MAX=30
+STRIPE_WEBHOOK_INVALID_SIG_RL_WINDOW_SECONDS=60
+
+# SECURITY: If true, trust x-real-ip / x-forwarded-for headers for rate limiting.
+# Enable ONLY behind Cloudflare or a trusted reverse proxy that overwrites these headers.
+# Default: false (empty/0/false).
+TRUST_FORWARDED_HEADERS=0
+
+# emergency switch
+RATE_LIMIT_DISABLED=0

frontend/app/[locale]/blog/[slug]/PostDetails.tsx

@@ -5,6 +5,8 @@ import { getTranslations } from 'next-intl/server';
 import { client } from '@/client';
 import { Link } from '@/i18n/routing';
 
+export const revalidate = 0;
+
 type SocialLink = {
   _key?: string;
   platform?: string;
@@ -116,11 +118,15 @@ export default async function PostDetails({
   const slugParam = String(slug || '').trim();
   if (!slugParam) return notFound();
 
-  const post: Post | null = await client.fetch(query, {
+  const post: Post | null = await client
+    .withConfig({ useCdn: false })
+    .fetch(query, {
     slug: slugParam,
     locale,
   });
-  const recommendedAll: Post[] = await client.fetch(recommendedQuery, {
+  const recommendedAll: Post[] = await client
+    .withConfig({ useCdn: false })
+    .fetch(recommendedQuery, {
     slug: slugParam,
     locale,
   });
@@ -156,7 +162,7 @@ export default async function PostDetails({
             href={`/blog?category=${encodeURIComponent(post.categories[0])}`}
             className="inline-flex items-center gap-1 hover:text-[#ff00ff] transition"
           >
-            {post.categories[0]}
+            {post.categories[0] === 'Growth' ? 'Career' : post.categories[0]}
           </Link>
         </div>
       )}

frontend/app/[locale]/blog/category/[category]/page.tsx

@@ -0,0 +1,101 @@
+import groq from 'groq';
+import { notFound } from 'next/navigation';
+import { getTranslations } from 'next-intl/server';
+import { client } from '@/client';
+import { BlogCategoryGrid } from '@/components/blog/BlogCategoryGrid';
+
+export const revalidate = 0;
+
+type Author = {
+  name?: string;
+  image?: string;
+};
+
+type Post = {
+  _id: string;
+  title: string;
+  slug: { current: string };
+  publishedAt?: string;
+  categories?: string[];
+  mainImage?: string;
+  body?: any[];
+  author?: Author;
+};
+
+type Category = {
+  _id: string;
+  title: string;
+};
+
+const categoriesQuery = groq`
+  *[_type == "category"] | order(orderRank asc) {
+    _id,
+    title
+  }
+`;
+
+export default async function BlogCategoryPage({
+  params,
+}: {
+  params: Promise<{ locale: string; category: string }>;
+}) {
+  const { locale, category } = await params;
+  const t = await getTranslations({ locale, namespace: 'blog' });
+  const categoryKey = String(category || '').toLowerCase();
+  const categories: Category[] = await client
+    .withConfig({ useCdn: false })
+    .fetch(categoriesQuery);
+  const matchedCategory = categories.find(
+    item => slugify(item.title) === categoryKey
+  );
+
+  if (!matchedCategory) return notFound();
+  const categoryTitle = matchedCategory.title;
+  const displayTitle =
+    categoryTitle === 'Growth' ? 'Career' : categoryTitle;
+
+  const posts: Post[] = await client.withConfig({ useCdn: false }).fetch(
+    groq`
+      *[_type == "post" && defined(slug.current) && $category in categories[]->title]
+        | order(publishedAt desc) {
+          _id,
+          "title": coalesce(title[$locale], title[lower($locale)], title.uk, title.en, title.pl, title),
+          slug,
+          publishedAt,
+          "categories": categories[]->title,
+          "body": coalesce(body[$locale], body[lower($locale)], body.uk, body.en, body.pl, body)[]{
+            ...,
+            children[]{ text }
+          },
+          "mainImage": mainImage.asset->url,
+          "author": author->{
+            "name": coalesce(name[$locale], name[lower($locale)], name.uk, name.en, name.pl, name),
+            "image": image.asset->url
+          }
+        }
+    `,
+    { locale, category: categoryTitle }
+  );
+
+  return (
+    <main className="max-w-6xl mx-auto px-6 py-12">
+      <h1 className="text-4xl font-bold mb-4 text-center">
+        {displayTitle}
+      </h1>
+      <div className="mt-12">
+        <BlogCategoryGrid posts={posts} />
+      </div>
+      {!posts.length && (
+        <p className="text-center text-gray-500 mt-10">{t('noPosts')}</p>
+      )}
+    </main>
+  );
+}
+
+function slugify(value: string) {
+  return value
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9\s-]/g, '')
+    .replace(/\s+/g, '-');
+}

frontend/app/[locale]/blog/page.tsx

@@ -3,6 +3,8 @@ import { getTranslations } from 'next-intl/server';
 import { client } from '@/client';
 import BlogFilters from '@/components/blog/BlogFilters';
 
+export const revalidate = 0;
+
 export async function generateMetadata({
   params,
 }: {
@@ -25,7 +27,7 @@ export default async function BlogPage({
   const { locale } = await params;
   const t = await getTranslations({ locale, namespace: 'blog' });
 
-  const posts = await client.fetch(
+  const posts = await client.withConfig({ useCdn: false }).fetch(
     groq`
       *[_type == "post" && defined(slug.current)]
         | order(publishedAt desc) {
@@ -62,7 +64,7 @@ export default async function BlogPage({
     `,
     { locale }
   );
-  const categories = await client.fetch(
+  const categories = await client.withConfig({ useCdn: false }).fetch(
     groq`
       *[_type == "category"] | order(orderRank asc) {
         _id,

frontend/app/[locale]/dashboard/page.tsx

@@ -7,6 +7,7 @@ import { getUserQuizStats } from '@/db/queries/quiz';
 import { ProfileCard } from '@/components/dashboard/ProfileCard';
 import { StatsCard } from '@/components/dashboard/StatsCard';
 import { QuizSavedBanner } from '@/components/dashboard/QuizSavedBanner';
+import { PostAuthQuizSync } from "@/components/auth/PostAuthQuizSync";
 
 export const metadata = {
   title: 'Dashboard | DevLovers',
@@ -28,9 +29,9 @@ export default async function DashboardPage({ params }: { params: Promise<{ loca
   const averageScore =
     totalAttempts > 0
       ? Math.round(
-          attempts.reduce((acc, curr) => acc + Number(curr.percentage), 0) /
-            totalAttempts
-        )
+        attempts.reduce((acc, curr) => acc + Number(curr.percentage), 0) /
+        totalAttempts
+      )
       : 0;
 
   const lastActiveDate =
@@ -57,6 +58,7 @@ export default async function DashboardPage({ params }: { params: Promise<{ loca
 
   return (
     <main className="relative min-h-[calc(100vh-80px)] overflow-hidden">
+      <PostAuthQuizSync />
       <div
         className="absolute inset-0 pointer-events-none -z-10"
         aria-hidden="true"

frontend/app/[locale]/layout.tsx

@@ -3,11 +3,13 @@ import { Toaster } from 'sonner';
 import { NextIntlClientProvider } from 'next-intl';
 import { getMessages } from 'next-intl/server';
 import { notFound } from 'next/navigation';
+import groq from 'groq';
 
 import { locales } from '@/i18n/config';
 import Footer from '@/components/shared/Footer';
 import { ThemeProvider } from '@/components/theme/ThemeProvider';
 import { getCurrentUser } from '@/lib/auth';
+import { client } from '@/client';
 
 import { MainSwitcher } from '@/components/header/MainSwitcher';
 import { AppChrome } from '@/components/header/AppChrome';
@@ -29,6 +31,16 @@ export default async function LocaleLayout({
 
   const messages = await getMessages({ locale });
   const user = await getCurrentUser();
+  const blogCategories: Array<{ _id: string; title: string }> = await client
+    .withConfig({ useCdn: false })
+    .fetch(
+      groq`
+        *[_type == "category"] | order(orderRank asc) {
+          _id,
+          title
+        }
+      `
+    );
 
   const userExists = Boolean(user);
   const enableAdmin =
@@ -49,8 +61,18 @@ export default async function LocaleLayout({
         enableSystem
         disableTransitionOnChange
       >
-        <AppChrome userExists={userExists} showAdminLink={showAdminNavLink}>
-          <MainSwitcher>{children}</MainSwitcher>
+        <AppChrome
+          userExists={userExists}
+          showAdminLink={showAdminNavLink}
+          blogCategories={blogCategories}
+        >
+          <MainSwitcher
+            userExists={userExists}
+            showAdminLink={showAdminNavLink}
+            blogCategories={blogCategories}
+          >
+            {children}
+          </MainSwitcher>
         </AppChrome>
 
         <Footer />

frontend/app/[locale]/login/page.tsx

@@ -4,10 +4,6 @@ import { useLocale } from "next-intl";
 import { Link } from "@/i18n/routing";
 import { useState } from "react";
 import { useSearchParams } from "next/navigation";
-import {
-  getPendingQuizResult,
-  clearPendingQuizResult,
-} from "@/lib/quiz/guest-quiz";
 import { Button } from "@/components/ui/button";
 import { OAuthButtons } from "@/components/auth/OAuthButtons";
 
@@ -74,50 +70,6 @@ export default function LoginPage() {
         return;
       }
 
-      const pendingResult = getPendingQuizResult();
-
-      if (pendingResult && data?.userId) {
-        try {
-          const quizRes = await fetch("/api/quiz/guest-result", {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
-              userId: data.userId,
-              quizId: pendingResult.quizId,
-              answers: pendingResult.answers,
-              violations: pendingResult.violations,
-              timeSpentSeconds:
-                pendingResult.timeSpentSeconds,
-            }),
-          });
-
-          if (!quizRes.ok) {
-            throw new Error(
-              `Failed to save quiz result: ${quizRes.status}`
-            );
-          }
-
-          const result = await quizRes.json();
-
-          if (result.success) {
-            sessionStorage.setItem(
-              "quiz_just_saved",
-              JSON.stringify({
-                score: result.score,
-                total: result.totalQuestions,
-                percentage: result.percentage,
-                pointsAwarded: result.pointsAwarded,
-                quizSlug: pendingResult.quizSlug,
-              })
-            );
-          }
-        } catch (err) {
-          console.error("Failed to save quiz result:", err);
-        } finally {
-          clearPendingQuizResult();
-        }
-      }
-
       const redirectTarget =
         returnTo && isSafeRedirectUrl(returnTo)
           ? returnTo

frontend/app/[locale]/shop/admin/products/[id]/edit/page.tsx

@@ -11,6 +11,7 @@ import { db } from '@/db';
 import { products, productPrices } from '@/db/schema';
 import type { CurrencyCode } from '@/lib/shop/currency';
 import { currencyValues } from '@/lib/shop/currency';
+import { issueCsrfToken } from '@/lib/security/csrf';
 
 export const dynamic = 'force-dynamic';
 
@@ -75,6 +76,7 @@ export default async function EditProductPage({
               : parseMajorToMinor(product.originalPrice),
         },
       ];
+  const csrfToken = issueCsrfToken('admin:products:update');
 
   return (
     <>
@@ -83,6 +85,7 @@ export default async function EditProductPage({
         <ProductForm
           mode="edit"
           productId={product.id}
+          csrfToken={csrfToken}
           initialValues={{
             title: product.title,
             slug: product.slug,