Merge branch 'develop' into yn/feat/users-counter

Author: YNazymko12

frontend/.env.example

@@ -66,3 +66,27 @@ GMAIL_USER=
 
 # --- Security
 CSRF_SECRET=
+
+CHECKOUT_RATE_LIMIT_MAX=10
+CHECKOUT_RATE_LIMIT_WINDOW_SECONDS=300
+
+# Stripe webhook rate limit envs (applied per reason; reason-specific overrides generic).
+# Missing signature has its own envs with fallback to generic, then legacy invalid_sig.
+STRIPE_WEBHOOK_MISSING_SIG_RL_MAX=30
+STRIPE_WEBHOOK_MISSING_SIG_RL_WINDOW_SECONDS=60
+
+# Generic Stripe webhook rate limit fallback (applies to missing_sig and invalid_sig).
+STRIPE_WEBHOOK_RL_MAX=30
+STRIPE_WEBHOOK_RL_WINDOW_SECONDS=60
+
+# Invalid signature envs (canonical for invalid_sig, legacy fallback for missing_sig).
+STRIPE_WEBHOOK_INVALID_SIG_RL_MAX=30
+STRIPE_WEBHOOK_INVALID_SIG_RL_WINDOW_SECONDS=60
+
+# SECURITY: If true, trust x-real-ip / x-forwarded-for headers for rate limiting.
+# Enable ONLY behind Cloudflare or a trusted reverse proxy that overwrites these headers.
+# Default: false (empty/0/false).
+TRUST_FORWARDED_HEADERS=0
+
+# emergency switch
+RATE_LIMIT_DISABLED=0

frontend/app/[locale]/about/page.tsx

@@ -1,15 +1,29 @@
+import { getPlatformStats } from "@/lib/about/stats"
+import { getSponsors } from "@/lib/about/github-sponsors"
+
 import { HeroSection } from "@/components/about/HeroSection"
+import { TopicsSection } from "@/components/about/TopicsSection"
 import { FeaturesSection } from "@/components/about/FeaturesSection"
 import { PricingSection } from "@/components/about/PricingSection"
 import { CommunitySection } from "@/components/about/CommunitySection"
 
-export default function AboutPage() {
+export default async function AboutPage() {
+  const [stats, sponsors] = await Promise.all([
+    getPlatformStats(),
+    getSponsors()
+  ])
+
   return (
-    <main className="min-h-screen bg-neutral-950 text-white">
-      <HeroSection />
+    <main className="min-h-screen bg-gray-50 dark:bg-black overflow-hidden text-gray-900 dark:text-white
+      w-[100vw] relative left-[50%] right-[50%] -ml-[50vw] -mr-[50vw]"
+    >
+      
+      <HeroSection stats={stats} />
+      <TopicsSection />
       <FeaturesSection />
-      <PricingSection />
+      <PricingSection sponsors={sponsors} />
       <CommunitySection />
+      
     </main>
   )
-}
+}

frontend/app/[locale]/blog/[slug]/PostDetails.tsx

@@ -5,6 +5,8 @@ import { getTranslations } from 'next-intl/server';
 import { client } from '@/client';
 import { Link } from '@/i18n/routing';
 
+export const revalidate = 0;
+
 type SocialLink = {
   _key?: string;
   platform?: string;
@@ -116,11 +118,15 @@ export default async function PostDetails({
   const slugParam = String(slug || '').trim();
   if (!slugParam) return notFound();
 
-  const post: Post | null = await client.fetch(query, {
+  const post: Post | null = await client
+    .withConfig({ useCdn: false })
+    .fetch(query, {
     slug: slugParam,
     locale,
   });
-  const recommendedAll: Post[] = await client.fetch(recommendedQuery, {
+  const recommendedAll: Post[] = await client
+    .withConfig({ useCdn: false })
+    .fetch(recommendedQuery, {
     slug: slugParam,
     locale,
   });
@@ -156,7 +162,7 @@ export default async function PostDetails({
             href={`/blog?category=${encodeURIComponent(post.categories[0])}`}
             className="inline-flex items-center gap-1 hover:text-[#ff00ff] transition"
           >
-            {post.categories[0]}
+            {post.categories[0] === 'Growth' ? 'Career' : post.categories[0]}
           </Link>
         </div>
       )}

frontend/app/[locale]/blog/category/[category]/page.tsx

@@ -0,0 +1,101 @@
+import groq from 'groq';
+import { notFound } from 'next/navigation';
+import { getTranslations } from 'next-intl/server';
+import { client } from '@/client';
+import { BlogCategoryGrid } from '@/components/blog/BlogCategoryGrid';
+
+export const revalidate = 0;
+
+type Author = {
+  name?: string;
+  image?: string;
+};
+
+type Post = {
+  _id: string;
+  title: string;
+  slug: { current: string };
+  publishedAt?: string;
+  categories?: string[];
+  mainImage?: string;
+  body?: any[];
+  author?: Author;
+};
+
+type Category = {
+  _id: string;
+  title: string;
+};
+
+const categoriesQuery = groq`
+  *[_type == "category"] | order(orderRank asc) {
+    _id,
+    title
+  }
+`;
+
+export default async function BlogCategoryPage({
+  params,
+}: {
+  params: Promise<{ locale: string; category: string }>;
+}) {
+  const { locale, category } = await params;
+  const t = await getTranslations({ locale, namespace: 'blog' });
+  const categoryKey = String(category || '').toLowerCase();
+  const categories: Category[] = await client
+    .withConfig({ useCdn: false })
+    .fetch(categoriesQuery);
+  const matchedCategory = categories.find(
+    item => slugify(item.title) === categoryKey
+  );
+
+  if (!matchedCategory) return notFound();
+  const categoryTitle = matchedCategory.title;
+  const displayTitle =
+    categoryTitle === 'Growth' ? 'Career' : categoryTitle;
+
+  const posts: Post[] = await client.withConfig({ useCdn: false }).fetch(
+    groq`
+      *[_type == "post" && defined(slug.current) && $category in categories[]->title]
+        | order(publishedAt desc) {
+          _id,
+          "title": coalesce(title[$locale], title[lower($locale)], title.uk, title.en, title.pl, title),
+          slug,
+          publishedAt,
+          "categories": categories[]->title,
+          "body": coalesce(body[$locale], body[lower($locale)], body.uk, body.en, body.pl, body)[]{
+            ...,
+            children[]{ text }
+          },
+          "mainImage": mainImage.asset->url,
+          "author": author->{
+            "name": coalesce(name[$locale], name[lower($locale)], name.uk, name.en, name.pl, name),
+            "image": image.asset->url
+          }
+        }
+    `,
+    { locale, category: categoryTitle }
+  );
+
+  return (
+    <main className="max-w-6xl mx-auto px-6 py-12">
+      <h1 className="text-4xl font-bold mb-4 text-center">
+        {displayTitle}
+      </h1>
+      <div className="mt-12">
+        <BlogCategoryGrid posts={posts} />
+      </div>
+      {!posts.length && (
+        <p className="text-center text-gray-500 mt-10">{t('noPosts')}</p>
+      )}
+    </main>
+  );
+}
+
+function slugify(value: string) {
+  return value
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9\s-]/g, '')
+    .replace(/\s+/g, '-');
+}

frontend/app/[locale]/blog/page.tsx

@@ -3,6 +3,8 @@ import { getTranslations } from 'next-intl/server';
 import { client } from '@/client';
 import BlogFilters from '@/components/blog/BlogFilters';
 
+export const revalidate = 0;
+
 export async function generateMetadata({
   params,
 }: {
@@ -25,7 +27,7 @@ export default async function BlogPage({
   const { locale } = await params;
   const t = await getTranslations({ locale, namespace: 'blog' });
 
-  const posts = await client.fetch(
+  const posts = await client.withConfig({ useCdn: false }).fetch(
     groq`
       *[_type == "post" && defined(slug.current)]
         | order(publishedAt desc) {
@@ -62,7 +64,7 @@ export default async function BlogPage({
     `,
     { locale }
   );
-  const categories = await client.fetch(
+  const categories = await client.withConfig({ useCdn: false }).fetch(
     groq`
       *[_type == "category"] | order(orderRank asc) {
         _id,

frontend/app/[locale]/contacts/page.tsx

@@ -44,4 +44,4 @@ export default function ContactsPage() {
       </ul>
     </main>
   );
-}
+}

frontend/app/[locale]/dashboard/page.tsx

@@ -7,6 +7,7 @@ import { getUserQuizStats } from '@/db/queries/quiz';
 import { ProfileCard } from '@/components/dashboard/ProfileCard';
 import { StatsCard } from '@/components/dashboard/StatsCard';
 import { QuizSavedBanner } from '@/components/dashboard/QuizSavedBanner';
+import { PostAuthQuizSync } from "@/components/auth/PostAuthQuizSync";
 
 export const metadata = {
   title: 'Dashboard | DevLovers',
@@ -28,9 +29,9 @@ export default async function DashboardPage({ params }: { params: Promise<{ loca
   const averageScore =
     totalAttempts > 0
       ? Math.round(
-          attempts.reduce((acc, curr) => acc + Number(curr.percentage), 0) /
-            totalAttempts
-        )
+        attempts.reduce((acc, curr) => acc + Number(curr.percentage), 0) /
+        totalAttempts
+      )
       : 0;
 
   const lastActiveDate =
@@ -57,6 +58,7 @@ export default async function DashboardPage({ params }: { params: Promise<{ loca
 
   return (
     <main className="relative min-h-[calc(100vh-80px)] overflow-hidden">
+      <PostAuthQuizSync />
       <div
         className="absolute inset-0 pointer-events-none -z-10"
         aria-hidden="true"

frontend/app/[locale]/forgot-password/page.tsx

@@ -1,123 +1,7 @@
 "use client";
-import { Link } from "@/i18n/routing";
-import { useState } from "react";
-import { useSearchParams } from "next/navigation";
-import { Button } from "@/components/ui/button";
 
-export default function ForgotPasswordPage() {
-    const searchParams = useSearchParams();
-    const returnTo = searchParams.get("returnTo");
-
-    const [loading, setLoading] = useState(false);
-    const [email, setEmail] = useState("");
-    const [submitted, setSubmitted] = useState(false);
-    const [error, setError] = useState<string | null>(null);
-
-    async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
-        e.preventDefault();
-        setLoading(true);
-        setError(null);
-
-        try {
-            const res = await fetch("/api/auth/password-reset", {
-                method: "POST",
-                headers: { "Content-Type": "application/json" },
-                body: JSON.stringify({ email }),
-            });
-
-            if (!res.ok) {
-                setError("Something went wrong. Please try again.");
-                return;
-            }
-
-            setSubmitted(true);
-        } catch (err) {
-            console.error("Password reset request failed:", err);
-            setError("Network error. Please check your connection and try again.");
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    return (
-        <div className="mx-auto max-w-sm py-12">
-            <h1 className="mb-6 text-2xl font-semibold">
-                Forgot password
-            </h1>
+import { ForgotPasswordForm } from "@/components/auth/ForgotPasswordForm";
 
-            {submitted ? (
-                <div className="rounded-md border border-green-400 bg-green-50 p-4 text-sm text-green-800">
-                    <p>
-                        If an account for{" "}
-                        <strong>{email}</strong> exists, we’ve sent a
-                        password reset link.
-                    </p>
-
-                    <p className="mt-2">
-                        Please check your inbox and follow the
-                        instructions to reset your password.
-                    </p>
-
-                    <Link
-                        href={
-                            returnTo
-                                ? `/login?returnTo=${encodeURIComponent(returnTo)}`
-                                : "/login"
-                        }
-                        className="mt-4 inline-block underline"
-                    >
-                        Back to login
-                    </Link>
-                </div>
-            ) : (
-                <form onSubmit={onSubmit} className="space-y-4">
-                    <p className="text-sm text-gray-600">
-                        Enter your email address and we’ll send
-                        you a link to reset your password.
-                    </p>
-
-                    <input
-                        type="email"
-                        required
-                        placeholder="Email"
-                        value={email}
-                        onChange={e => setEmail(e.target.value)}
-                        className="w-full rounded border px-3 py-2"
-                    />
-
-                    {error && (
-                        <p className="text-sm text-red-600">
-                            {error}
-                        </p>
-                    )}
-
-                    <Button
-                        type="submit"
-                        disabled={loading}
-                        className="w-full"
-                    >
-                        {loading
-                            ? "Sending reset link..."
-                            : "Send reset link"}
-                    </Button>
-                </form>
-            )}
-
-            {!submitted && (
-                <p className="mt-4 text-sm text-gray-600">
-                    Remembered your password?{" "}
-                    <Link
-                        href={
-                            returnTo
-                                ? `/login?returnTo=${encodeURIComponent(returnTo)}`
-                                : "/login"
-                        }
-                        className="underline"
-                    >
-                        Log in
-                    </Link>
-                </p>
-            )}
-        </div>
-    );
+export default function ForgotPasswordPage() {
+    return <ForgotPasswordForm />;
 }