Smash or Pass - README

A secure, private web application for voluntary photo rating. Users submit their own photos and receive ratings from authenticated community members.

🌟 Key Features

• Private & Secure: No guest access, no public endpoints
• Voluntary Only: Users must upload their own photo and consent to participation
• Smart Voting: One vote per user per profile, never show duplicates
• Photo Safety: File validation, size limits, and MIME type checking
• Admin Controls: Delete inappropriate content and ban users
• Rate Limiting: Protection against abuse
• Modern UI: Smooth, intuitive interface with Tailwind CSS

🚀 Quick Start

Prerequisites

• Node.js 18+
• Supabase account (free)
• Vercel account (for deployment, optional)

Local Setup

1. Install dependencies:

   npm install

2. Create .env.local:

   NEXT_PUBLIC_SUPABASE_URL=your_url
   NEXT_PUBLIC_SUPABASE_ANON_KEY=your_key
   NEXT_PUBLIC_ADMIN_EMAIL=your@email.com

3. Run development server:

   npm run dev

4. Open browser: http://localhost:3000

📖 Full Setup Guide

See SETUP_GUIDE.md for:

• Complete Supabase configuration
• Database schema setup
• Google OAuth configuration
• Vercel deployment instructions
• Troubleshooting guide

🏗️ Architecture

Pages

• /auth/login - Sign up / login
• /feed - Rate profiles (Smash or Pass)
• /upload - Upload your own photo
• /profile - View your profile and stats
• /admin - Admin dashboard (admin only)

API Routes

• POST /api/votes - Record a vote
• GET /api/profiles - Fetch unrated profiles
• POST /api/upload - Upload photo
• GET /api/user-profile - Get user stats
• POST /api/reports - Report inappropriate profile
• GET/DELETE /api/admin/profiles - Admin profile management
• POST /api/admin/ban-user - Ban user

🔒 Security

• ✅ Email & Google OAuth authentication via Supabase
• ✅ All routes require authentication
• ✅ Image MIME type validation
• ✅ File size limits (10MB)
• ✅ Dimension limits (2000x2000px max)
• ✅ Rate limiting on API endpoints
• ✅ Required consent checkbox
• ✅ Input sanitization
• ✅ No search engine indexing
• ✅ SQL injection prevention (parameterized queries)
• ✅ Row-level security (RLS) in database

📦 Tech Stack

• Frontend: Next.js 14, React, Tailwind CSS
• Backend: Next.js API Routes
• Auth: Supabase Auth
• Database: PostgreSQL (Supabase)
• Storage: Supabase Storage
• Deployment: Vercel

🎨 UI Components

• ProtectedRoute - Authentication guard wrapper
• Navigation - Header with nav links and logout
• FeedCard - Profile swiping interface
• PhotoUploader - File upload with preview
• ProfileCard - User stats display
• AdminPanel - Content moderation interface

📊 Database Schema

profiles

• id - UUID primary key
• user_id - References auth.users
• photo_url - Storage URL
• consent_given - Boolean (always true)
• created_at - Timestamp

votes

• id - UUID primary key
• voter_id - References auth.users
• target_profile_id - References profiles
• vote_type - 'smash' or 'pass'
• created_at - Timestamp

reports

• id - UUID primary key
• profile_id - References profiles
• reporter_id - References auth.users
• reason - Report explanation
• created_at - Timestamp

🚀 Deployment

Deploy to Vercel:

1. Push code to GitHub
2. Import repository in Vercel
3. Add environment variables:
   • NEXT_PUBLIC_SUPABASE_URL
   • NEXT_PUBLIC_SUPABASE_ANON_KEY
   • NEXT_PUBLIC_ADMIN_EMAIL
4. Deploy
5. Update Supabase auth redirect URLs

🛠️ Development

Build for production

npm run build
npm run start

Lint code

npm run lint

📝 Environment Variables

Variable	Required	Description
NEXT_PUBLIC_SUPABASE_URL	Yes	Your Supabase project URL
NEXT_PUBLIC_SUPABASE_ANON_KEY	Yes	Supabase anonymous public key
NEXT_PUBLIC_ADMIN_EMAIL	No	Email for admin panel access

⚙️ Configuration

Upload Limits

• File size: 10MB max
• Dimensions: 2000x2000px max
• Rate: 3 uploads per 24 hours
• Formats: JPEG, PNG, WebP

API Rate Limits

• General: 30 requests per minute per IP

Voting

• One vote per user per profile
• Vote types: 'smash' or 'pass'
• No vote changes allowed

🆘 Troubleshooting

Can't login?

• Verify credentials in Supabase Auth
• Check email confirmation

Photos not uploading?

• Check file size and format
• Verify storage bucket exists in Supabase

Admin panel not accessible?

• Verify NEXT_PUBLIC_ADMIN_EMAIL matches your email
• Restart dev server after env changes

Votes not working?

• Check browser console for errors
• Verify database tables exist

📄 License

MIT License - See LICENSE file

🤝 Contributing

This is a private application. For customization, modify the code directly.

📞 Support

Refer to:

• SETUP_GUIDE.md for detailed instructions
• Supabase Docs
• Next.js Docs

---

Built with ❤️ for safe, consensual community rating