wip

Author: omargfh

.vscode/settings.json

@@ -1,4 +1,5 @@
 {
+  "window.title": "MC Frontend${separator}${separator}${rootName}${separator}${profileName}",
   "files.watcherExclude": {
     "**/target": true
   },
@@ -69,5 +70,14 @@
     "apps/nettango": true
   },
 
-  "cSpell.words": ["autogen", "iconify", "netlogo", "Nuxt", "Pathnames", "reka", "vueuse"]
+  "cSpell.words": [
+    "autogen",
+    "cooldown",
+    "iconify",
+    "netlogo",
+    "Nuxt",
+    "Pathnames",
+    "reka",
+    "vueuse"
+  ]
 }

apps/modeling-commons-backend/doc/model-statistics-plan.md

@@ -42,6 +42,9 @@ model ModelInteraction {
   ipHash        String?              // sha256(ip + daily salt) — NOT raw IP (PII)
   userAgent     String?              // truncated
   referer       String?
+  geo           Json?                // e.g. { country: 'US', region: 'CA', city: 'San Francisco' }
+  cookie        String?              // single-browser, cross-session, cross-user, cross-IP dedupe key
+
   createdAt     DateTime             @default(now()) @db.Timestamptz(3)
 
   model Model @relation(fields: [modelId], references: [id], onDelete: Cascade)
@@ -92,7 +95,8 @@ One migration: the enum, both tables, new back-relations on `User` and `Model`.
   - `POST /v1/models/:id/runs`
   - `POST /v1/models/:id/downloads`
   - `POST /v1/models/:id/shares`
-  
+  - `GET /v1/models/:id/interactions`  -> `{ likes, views, runs, downloads, shares, likedByMe }`
+
   Optional body `{ versionNumber?: number }`. Auth optional — do not require.
 
 ## Read path
@@ -106,7 +110,6 @@ WHERE "modelId" = $1 GROUP BY kind;
 
 Plus like count and `likedByMe`. Acceptable for now.
 
-For list endpoints (`GET /v1/models`), use subqueries per card. When slow, denormalize counters onto `Model` (maintained by service). Pre-beta / solo-authored — no premature denormalization.
 
 ## Shared infrastructure
 
@@ -123,19 +126,28 @@ export function getClientIp(req: FastifyRequest): string {
   );
 }
 
+export function generateUniqueId(): string {
+  return crypto.randomBytes(16).toString('hex');
+}
+
 export function getClientContext(req: FastifyRequest): ClientContext {
   return {
     userId:    req.user?.id ?? null,
     sessionId: req.session?.id ?? null,
     ipHash:    hashIp(getClientIp(req)),
     userAgent: (req.headers['user-agent'] ?? '').slice(0, 512),
     referer:   (req.headers['referer']    ?? '').slice(0, 512),
+    cookie:    (req.cookies['_mc_uid'] ?? '').slice(0, 64),
   };
 }
+
 ```
 
 Refactor `src/server/plugins/rate-limit.ts` to call `getClientIp`.
 
+Add global middleware to send `_mc_uid` cookie if not present (generate random value, 1-year expiry).
+Enables cross-session dedup without login.
+
 ### IP hashing
 
 `hashIp = sha256(ip + DAILY_SALT).slice(0, 32)` — daily salt rotation prevents cross-day correlation and reversal. Raw IPs are PII under GDPR/CCPA. Same-day uniqueness still computable. Matches Plausible / Fathom / anonymized Matomo.

apps/modeling-commons-backend/generated/prisma/edge.js

@@ -20429,7 +20429,7 @@ export namespace Prisma {
   }
 
   export type PasskeyCreateInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     credentialID: string
@@ -20443,7 +20443,7 @@ export namespace Prisma {
   }
 
   export type PasskeyUncheckedCreateInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     userId: string
@@ -20485,7 +20485,7 @@ export namespace Prisma {
   }
 
   export type PasskeyCreateManyInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     userId: string
@@ -23725,7 +23725,7 @@ export namespace Prisma {
   }
 
   export type PasskeyCreateWithoutUserInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     credentialID: string
@@ -23738,7 +23738,7 @@ export namespace Prisma {
   }
 
   export type PasskeyUncheckedCreateWithoutUserInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     credentialID: string
@@ -26245,7 +26245,7 @@ export namespace Prisma {
   }
 
   export type PasskeyCreateManyUserInput = {
-    id: string
+    id?: string
     name?: string | null
     publicKey: string
     credentialID: string

apps/modeling-commons-backend/generated/prisma/index.d.ts

@@ -1,5 +1,5 @@
 {
-  "name": "prisma-client-645edd08e1ac9c4ec391ebfe9fe4bb8e5e28ca6ecda7d67ffe1ca5ecf45dc0db",
+  "name": "prisma-client-ffb4175b3d989f143b4c17294faf56e5aa5960c8e06161db4869db1179d74e18",
   "main": "index.js",
   "types": "index.d.ts",
   "browser": "default.js",

apps/modeling-commons-backend/generated/prisma/index.js

@@ -129,7 +129,7 @@ model Verification {
 }
 
 model Passkey {
-  id           String    @id
+  id           String    @id @default(uuid())
   name         String?
   publicKey    String
   userId       String

apps/modeling-commons-backend/generated/prisma/package.json

@@ -129,7 +129,7 @@ model Verification {
 }
 
 model Passkey {
-  id            String @id
+  id            String @id @default(uuid())
 	name          String?
 	publicKey     String
 	userId        String

apps/modeling-commons-backend/generated/prisma/schema.prisma

@@ -0,0 +1,7 @@
+# Decisions
+
+- 2026-04-21: Use `/verify-email` as the guest-facing verification-needed page and send verification callbacks to `/login?verified=1`, preserving a safe `next` path when present.
+- 2026-04-21: Use a single `/reset-password` page for both reset-link requests and token-based password updates so Better Auth's redirect callback lands on one stable frontend route.
+- 2026-04-21: Route successful email/password sign-ins through `/passkey?next=...` so users can add a platform passkey before continuing to the destination page.
+- 2026-04-21: Scaffold profile settings at `/profile/settings`, but only persist fields the backend currently patches (`userKind` and `isProfilePublic`); keep name, email, and avatar as read-only account metadata for now.
+- 2026-04-21: Keep auth/settings pages thin by routing auth and passkey mutations through composables, and prefer Nuxt UI defaults plus scoped semantic CSS over utility-heavy page markup for new UI in this app.

apps/modeling-commons-backend/prisma/schema.prisma

@@ -14,5 +14,7 @@ NUXT_PUBLIC_APP_URL="http://localhost:3005"
 NUXT_STORAGE_BASE_URL="http://localhost:51090"
 ADMIN_DASHBOARD_URL="http://localhost:3005/admin"
 
+NUXT_PUBLIC_GA_TRACKING_ID=
+
 # Enable for Development
 # NUXT_DEV_TOOLS=true