feat: Shareable public collections via /c/{slug}#482
Merged
Conversation
- Add share_slug and is_public columns to user_collections (migration 002) - New API endpoint /api/collections/share: POST toggles sharing (auth), GET fetches public collection (no auth, only public-safe fields) - New public page /c/[slug] with header, install command, component grid grouped by type, and CTA to create own collections - Share button in MyComponentsView: generates link, copies to clipboard, shows shared state. Security reviewed: no leak of clerk_user_id, email, or internal UUIDs
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 4 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="dashboard/src/components/MyComponentsView.tsx">
<violation number="1" location="dashboard/src/components/MyComponentsView.tsx:587">
P1: The Share button currently toggles public state off on a second click, so users can unintentionally unshare a collection instead of copying the link again.</violation>
</file>
<file name="scripts/migrations/002_add_share_slug.sql">
<violation number="1" location="scripts/migrations/002_add_share_slug.sql:7">
P2: This creates a redundant index: `share_slug UNIQUE` already creates an index, so the extra `CREATE INDEX` duplicates it and adds avoidable write overhead.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".gitignore">
<violation number="1" location=".gitignore:76">
P1: Do not ignore the migrations directory; schema migrations should be versioned in git to keep environments reproducible and auditable.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| .crawl-output/ | ||
|
|
||
| # Migrations (applied directly to Neon, not needed in repo) | ||
| scripts/migrations/ |
Contributor
There was a problem hiding this comment.
P1: Do not ignore the migrations directory; schema migrations should be versioned in git to keep environments reproducible and auditable.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .gitignore, line 76:
<comment>Do not ignore the migrations directory; schema migrations should be versioned in git to keep environments reproducible and auditable.</comment>
<file context>
@@ -72,6 +72,9 @@ openspec/
.crawl-output/
+# Migrations (applied directly to Neon, not needed in repo)
+scripts/migrations/
+
# Secrets and credentials
</file context>
Suggested change
| scripts/migrations/ | |
| # scripts/migrations/ |
When collection is already shared, clicking Share now copies the link again instead of disabling sharing. Identified by cubic.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
share_slug(VARCHAR 20, unique) andis_public(boolean) touser_collections— already applied to Neon prod/api/collections/share: POST toggles sharing (auth required), GET fetches public collection data (no auth, only public-safe fields)/c/[slug]: Shows collection name, author, install command with copy button, components grouped by type, and CTA to sign upSecurity
clerk_user_id, email, or internal UUIDs exposed in public responsescomponent_type,component_path,component_name,component_categoryreturnedTest plan
/my-components, select a collection, click Share/c/{slug}in incognito — should show collection publiclySummary by cubic
Add shareable public collections at /c/{slug}. Users can share a collection and install it with one command; the Share button now copies the link if the collection is already public.
dashboard/src/); new/api/collections/share(POST/GET), public page/c/[slug], Share button inMyComponentsView; pre-deploy build-checker at.claude/agents/build-checker.md; fixed esbuild parse error on the shared page.share_slugandis_publictouser_collections; ignorescripts/migrations/in.gitignore.POSTrequires auth + ownership;GETreturns only public-safe fields; author via@clerk/backendwithCLERK_SECRET_KEY.cli-tool/components/; no catalog regen (docs/components.json); no new env vars.Written for commit b224f1e. Summary will update on new commits.