ClassHub (Next.js)

ClassHub is a small Next.js app for a private class/community:

• News feed with likes and comments
• Petitions with voting
• User profile (name, username, avatar upload)
• Telegram-bot login flow (token-based) with access requests + admin approval

Tech Stack

• Next.js (App Router) + React
• PostgreSQL (postgres driver)
• Supabase Storage (avatars + admin image uploads)
• Telegram Bot webhook for authentication / access requests

Local Development

Requirements:

• Node.js 18+
• A PostgreSQL database (Supabase recommended)

Install deps and run dev:

npm install
npm run dev

App will be available at http://localhost:3000.

Environment Variables

Create .env.local (or copy from .env.example) and set the values.

Server-side:

• DATABASE_URL (required): Postgres connection string
• DATABASE_SSL (optional): set to true if your provider requires SSL
• ADMIN_KEY (required): protects /api/admin/* routes
• TELEGRAM_BOT_USERNAME (optional): used for generating login links; defaults to ClassHub10BBot
• TELEGRAM_BOT_TOKEN (required): Telegram bot token for sending messages
• TELEGRAM_WEBHOOK_SECRET (optional): validates Telegram webhook requests via x-telegram-bot-api-secret-token
• SUPABASE_URL (required for uploads): https://<project-ref>.storage.supabase.co
• SUPABASE_SERVICE_ROLE_KEY (required for uploads): Supabase service_role JWT
• SUPABASE_STORAGE_BUCKET (optional): defaults to avatars
• SUPABASE_STORAGE_PUBLIC (optional): defaults to true

Client-side:

• NEXT_PUBLIC_API_BASE (optional): keep empty for same-origin; set only if UI and API are on different hosts
• NEXT_PUBLIC_ADMIN_KEY (optional): admin UI uses this to call admin routes (note: this is exposed in the browser)

Security note:

• Do not commit real secrets. If you ever committed them, rotate tokens/keys and remove them from git history.

Database

The app expects these tables to exist:

• allowed_users (whitelist of users + role + profile)
• auth_tokens (login tokens generated by UI and confirmed via Telegram webhook)
• access_requests (Telegram users requesting access)
  See db/access_requests.sql.
• news, news_likes, news_comments
• petitions, petition_votes

Telegram Auth Flow

1. User clicks "Через Telegram бота" in the login modal.
2. App calls POST /api/auth/generate_link and gets a t.me/<bot>?start=auth_<token> link.
3. User opens the bot via the link.
4. Telegram webhook (POST /api/telegram/webhook) confirms the token if the user is already allowed.
5. The site automatically polls POST /api/auth/verify until the token is confirmed and then logs the user in.
6. If the user is not in allowed_users, the webhook creates/updates a row in access_requests with status=pending.

Webhook URL:

• https://<your-domain>/api/telegram/webhook

If you set TELEGRAM_WEBHOOK_SECRET, also set Telegram webhook secret_token to the same value.

Admin

UI:

• /admin?tab=news create news posts (optionally upload an image)
• /admin?tab=petition create petitions
• /admin?tab=users manage allowed users and access requests

API routes (protected by ADMIN_KEY):

• GET/POST /api/admin/access_requests
• GET/POST /api/admin/allowed_users
• DELETE /api/admin/allowed_users/:telegramId
• POST /api/admin/upload/image (Supabase Storage upload)

Health Endpoints

• GET /api/health
• GET /health

Troubleshooting

Windows next build EPERM on .next:

1. Stop next dev (and any node processes using the repo)
2. Delete .next
3. Run npm run build again