You are browsing as a guest. Sign up (or log in) to start making projects!

Open comments for this post

@hariharann on MonkeySpeak

1h 5m 30s logged

monkeyspeak devlog more fixes (leaderboard + home + cors bug) - ship soon trust ..

tl;dr

  • home page is a 3 column layout now — leaderboard on the left, hero in the middle, top score on the right
  • global leaderboard via supabase — nickname + emoji after a run, no signup, same board for everyone on the site
  • personal bests still local — top score card shows your best for the duration, not whoever is #1 globally
  • supabase wired on vercel with service role key server side only (/api/leaderboard get + post)
  • cors scream from chrome fixed — browser no longer fetches render root directly for proxy health checks

what i changed

home page layout

the thing ig what it does hero leaderboard duration tabs synced with config bar, crown svg for top spots, emoji avatars, your row pinned at the bottom even if you are not top 5 leaderboard save prompt pops after a speed run — pick name + icon (defaulted to hehe 🐵), saves to supabase, remembers name locally for next time top score card personal best for current duration + prompt type only visual cleanup removed hero doodles, tightened title spacing, consolidated duplicate hero css

leaderboard rows used to live in zustand localStorage. ripped that out — supabase is source of truth now. name and emoji prefills still persist locally.

global leaderboard backend

  • new table leaderboard_entries in supabase (migration in supabase/migrations/001_leaderboard_entries.sql)
  • rls enabled, no anon policies — all reads/writes through next.js with SUPABASE_SERVICE_ROLE_KEY
  • upsert rule matches old local behavior: same name + duration + prompt type (case insensitive) only updates if wpm goes up
  • light rate limit on post (~30s per ip) — good enough for hobby scale, not fortress grade
browser → GET/POST /api/leaderboard (vercel)
              ↓ service role
         supabase postgres

render backend unchanged — still deepgram only, no db env vars there.

cors fix (chrome (ofc brave as well) was mad again)

production deepgram mode probes whether the render proxy is alive before connecting. that probe used to be a cross origin fetch at https://monkeyspeak.onrender.com/ from the vercel app.

render cold starts and error pages often ship without cors headers even when express has origin: * — so chrome logged the whole blocked by cors policy thing and deepgram mode thought the proxy was dead.

fix: new same origin route GET /api/deepgram/proxy-health on vercel. server checks render, browser never touches render over http cors. also slapped explicit options handling on the render backend for anything that still hits it directly.

what’s next (maybe)

  • signed run tokens so leaderboard posts are tied to an actual finished test
  • shared rate limit (redis/kv) if spam shows up
  • delete the testmonkey row sitting on prod from smoke testing
  • render keep alive still on the list from v0.1
  • preview env on vercel for prs

ok that was a lot of infra for a monkey with a crown svg but at least the board is real now. lmk in replies if you want the supabase dashboard walkthrough or the security fixes implemented properly.

0
7

Comments 0

No comments yet. Be the first!