Replaces the third-party iframe form on both the homepage and contact page
with the self-hosted form: drag-and-drop photo upload, honeypot, rate
limiting, inline validation, auto-reply email. Adds multer/sharp/nodemailer
dependencies and the /api/contact endpoint to server.js.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Click anywhere on the top bar of a photo card to toggle selection
(replaces the tiny checkbox)
- Drag across the grid to rubber-band select multiple photos at once
- Selected cards show a blue ring + tinted header + solid checkmark icon
- Cards swept during drag show a green ring preview before releasing
- Fixed innerHTML += perf issue (now builds all cards then sets once)
- Thumbnails used in grid so page loads faster
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Restructured presets as single-tag accumulators (click multiple to build up tags)
- Added 6 new tags: bridal-shower, cocktail, signature, indoor, outdoor, mitzvah
- Fixed organic/garland alias conflict
- Presets stored in data/presets.json with full CRUD API (add, edit, delete from admin)
- Edit modal shows photo thumbnail, prev/next navigation, preset buttons
- Keyboard shortcuts: Ctrl+Enter to save, arrow keys to navigate, Esc to close
- "Needs tagging" filter in manage view shows only uncategorized/low-tag photos
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Photos reseeded from disk now sort by their original upload time
instead of all getting the same insertion timestamp.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously all .webp files were indexed including thumbnails and medium
variants, causing each photo to appear three times in the gallery.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Loads bpb-watermark.svg at startup, converts black fills to semi-transparent
white (35% opacity), and composites it centered at 45% image width over every
uploaded photo. Removes the old diagonal "BEACH PARTY BALLOONS" text overlay.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- gallery backend: replace origin whitelist with wildcard CORS — NPMplus
was stripping the Allow-Origin header; wildcard passes through reliably
and is appropriate for a public photo gallery
- gallery.js: hardcode photobackend.beachpartyballoons.com as the API base
(NPMplus already routes this subdomain) and remove dead port fallbacks
- nginx.conf: add /photos and /uploads proxy routes to gallery-backend
(kept for direct-nginx access; NPMplus handles external traffic)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- nginx: add /photos and /uploads proxy routes to gallery-backend so the
browser can reach the gallery API without needing direct port access
- gallery.js: drop hardcoded port/subdomain fallbacks; use same-origin path
via the new nginx routes
- square.ts: pass buyerEmailAddress to createPayment so Square auto-sends
a payment receipt to the customer on capture
- square.ts: create fulfillments in RESERVED state (was PROPOSED) so staff
can mark orders complete/filled directly from the Square dashboard
- CartDrawer: merge Custom Vinyl into the Shape Balloon line item (one fewer
Square line item per vinyl order); show modifier price deltas in cart
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace plausible.io with metrics.beachpartyballoons.com across all
main-site pages and estore layout.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace all bare info@ occurrences with a click-to-reveal pattern:
- New EmailLink React component (base64 decode on click, never in DOM pre-click)
- privacy, terms, refund pages use EmailLink
- contact/index.html uses a vanilla JS button with the same pattern
- PaymentForm mailto builder uses atob() to keep email out of source literals
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- main-site/server.js: add requireAuth middleware to POST /api/update-status
- gallery-backend/routes/photos.js: add requireAuth to upload, delete, and update routes
- admin/admin.js: send Authorization: Bearer header on all mutating requests (fetch + XHR upload); handle 401 on update-status and photo save
- docker-compose.yml: pass ADMIN_PASSWORD to gallery-backend; remove MongoDB public port mapping (27017:27017)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix Chrome Rose Gold hex (#B76E79 → #C17F87) so it no longer
conflicts with Classic Rose Gold; image still used for display
- ScrollToTop hides when cart drawer is open and uses z-index 98
(below the drawer); uses drawerOpen from CartContext
- Search now switches to All tab automatically so results span every
item, not just the active category
- Add sendAdminErrorAlert() to notify.ts; checkout route emails
admin@beachpartyballoons.com on unexpected server errors and on
critical calendar-write failures; card decline errors are not
forwarded (customers can self-resolve those)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Classic Rose Gold and Chrome Rose Gold share the same hex (#B76E79),
so clicking one would deselect the other. Switched all selection
checks (toggle, remove, highlight) to use color.name which is unique.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ScrollToTop component matching main site's green Top button
(appears after 130px scroll, same styling and font)
- Fix main-site server.js: JS/CSS now use max-age=3600 + must-revalidate
instead of 30d immutable — changes reach users within 1 hour instead
of being stuck in browser cache for a month
- Images/fonts keep 30d immutable (safe, as they are content-addressed)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dockerfile: create /app/data owned by nextjs before USER switch so fresh
deployments work without manual chown. Existing servers need:
sudo chown -R 1001:1001 estore/data
- nav.js: fix footer legal links to point to /shop/privacy|terms|refund
(pages live in estore, not main site)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
