[1.0.1] - 2025-12-04

Fixed

• Security hardening and CodeQL fixes: captions handling and safe DOM updates in static/player.js.

[0.9.2] - 2025-12-04

Security

• Fixed DOM-based XSS Vulnerability:
  • Patched static/player.js to strictly validate video URLs and ensure they are assigned only to <video> elements.
  • Replaced direct src property assignment with setAttribute('src', ...) for safer handling.
  • Hardened getSafeVideoUrl to always return canonical absolute URLs, preventing relative path exploits.
  • Resolved CodeQL alert for "DOM text reinterpreted as HTML".

[0.9.1] - 2025-12-03

Added

• Custom Thumbnail Upload
  • Added option to upload a custom thumbnail image directly during the video upload process.
  • Backend logic updated to prioritize user-uploaded thumbnails over auto-generated ones.
• Confirmation Modals
  • Implemented custom, theme-aware confirmation dialogs for critical actions (Delete Video, Toggle Visibility).
  • Replaced native browser alerts with a styled modal in base.html.

Security

• Fixed DOM-based XSS Vulnerability:
  • Patched static/player.js to sanitize video URLs using getSafeVideoUrl before assignment to the player.
  • Resolved CodeQL alert for "DOM text reinterpreted as HTML".
• Fixed Information Exposure:
  • Patched test.py to prevent leaking internal exception details in the heatmap API.
  • Generic error messages are now returned to the client, with detailed logging on the server.

Fixed

• Video Deletion Logic
  • Fixed database error when deleting videos by explicitly removing related records (Reactions, ViewHistory, Comments) first.
  • Added error logging for deletion failures.

[0.8.2] - 2025-12-02

Added

• Profile Settings & Management
  • Added /settings page for users to update profile details (Username, Display Name, Bio, Location, Gender).
  • Implemented profile picture upload and update functionality.
  • Replaced static age field with date_of_birth (Date type) for dynamic age calculation.
  • Updated registration flow to capture Date of Birth.
• Subscriptions Page
  • Added /subscriptions route displaying a personalized feed of videos from subscribed channels.
  • Smart Sorting: Subscribed channels are prioritized based on user engagement (view history).
  • Top Panel: Horizontal scrollable list of subscribed channels with avatars.
• Enhanced Navigation Bar
  • Responsive Design: Navbar buttons automatically switch to icon-only mode on smaller screens (< 1100px).
  • Profile Integration: Replaced text display name with user's profile picture (squircle style).
  • Icon Refresh: Updated Upload and Settings icons to cleaner, standard SVG icons.
  • Mobile Optimization: Improved layout for mobile devices, hiding non-essential text labels.

Changed

• Watch Page UI
  • Removed redundant "Subscribe" button from the channel info bar (kept the main action button).
  • Reduced spacing between channel avatar and name for a tighter layout.
  • Updated channel name link color to match main text color (white in dark mode) instead of accent color.
• Database Schema
  • Updated User model to include date_of_birth column.
  • Added age property to User model for dynamic calculation.

[0.8.1] - 2025-12-02

Security

• Fixed Information Exposure Vulnerability:
  • Patched views.py and test.py to prevent returning raw exception messages to the client in the voice search API.
  • Generic error messages are now returned to the user, while detailed errors are logged server-side.

[0.8.0] - 2025-12-02

Added

• Voice Search Capability
  • Implemented voice search using SpeechRecognition and Vosk for offline support.
  • Added microphone button to the search bar with pulsing visual feedback.
  • Added backend API endpoint /voice_search to handle audio processing securely.
  • Integrated static-ffmpeg for reliable audio conversion across environments.
  • Added voice.py module for natural language query processing (e.g., "Show me funny cats" -> "funny cats").
• Enhanced Search UI
  • Redesigned search bar with a modern, unified container.
  • Added search icon button and improved focus states.
  • Added real-time feedback ("Listening...", "Processing...") and error handling.

Changed

• Configuration
  • Un-hardcoded sensitive configuration values (SECRET_KEY, VOSK_MODEL_PATH) to use environment variables.
  • Updated app.py and test.py to respect these environment variables.

[0.7.2] - 2025-12-02

Security

• Fixed DOM-based XSS Vulnerability:
  • Patched static/player.js to prevent potential DOM text reinterpretation as HTML by normalizing video URLs before assignment.
• Fixed Open Redirect Vulnerabilities:
  • Removed unsafe usage of request.referrer in views.py and test.py to prevent open redirect attacks.
  • Replaced redirects with explicit url_for routing.
• Hardened Configuration:
  • Disabled Flask debug mode by default in test.py (now controlled via FLASK_DEBUG environment variable).

[0.7.1] - 2025-12-02

Fixed

• Fixed security vulnerability #19

[0.7.0] - 2025-12-01

Added

• Machine Learning Recommendation Engine
  • Implemented a content-based filtering algorithm to personalize video feeds.
  • Vector-Based Profiling: Builds weighted user profile vectors based on watch history (Categories, Tags, Channels).
  • Dynamic Weighting:
    • Recency Decay: Recent views are weighted higher (5% decay per step).
    • Replay Boosting: Repeated views increase feature weights logarithmically.
    • Short-Term Context: Immediate last 2 videos get a massive 2.5x weight boost to capture "current mood".
  • Similarity Scoring: Recommendations are generated via dot product similarity between user vectors and video attributes.
  • Homepage Sections:
    • For You: Personalized recommendations for logged-in users; random selection for guests.
    • Latest: Most recent uploads.
    • Trending: Most viewed videos.
    • From : Videos from a channel the user watches frequently.
  • Up Next: "Watch" page suggestions are now powered by the ML engine for logged-in users.

Changed

• Homepage Redesign:
  • Replaced single "Recommended" list with categorized sections ("For You", "Latest", "Trending", "From Channel").
  • Sections are dynamically hidden if empty or not applicable (e.g., for new users).
  • Limited each section to 4 videos for a cleaner layout.
• Database Schema:
  • Added category and tags columns to Video model.
  • Added ViewHistory model to track user viewing activity with timestamps.
  • Updated init_db to automatically migrate schema for new columns.
• Upload Flow:
  • Added Category dropdown and Tags input to the video upload form.

[0.6.1] - 2025-12-01

Fixed

• Fixed player visibility in fullscreen mode.

[0.6.0] - 2025-12-01

Added

• Asynchronous Comments System
  • Implemented Comment model with user and video relationships.
  • Added API endpoints for adding and deleting comments (/video/<id>/comment, /comment/<id>/delete).
  • Updated watch.html to display comments section with user avatars and timestamps.
  • Integrated async_actions.js to handle comment submission and deletion without page reloads.
  • Comments update dynamically in the UI upon submission.

[0.5.4] - 2025-12-01

Changed

• Replaced all UI emojis with SVG icons for better visual consistency and scalability.
  • Player controls (Play, Pause, Mute, Volume, Theatre, Fullscreen, Replay).
  • Theme toggle (Sun/Moon).
  • Interaction buttons (Like, Dislike).
  • Added Bell icon to Subscribe button.
  • Video thumbnail placeholders.

[0.5.3] - 2025-12-01

Fixed

• Fixed asynchronous actions (like, dislike, subscribe) causing page reloads.
• Fixed issue where form.action was shadowed by input named "action", breaking AJAX requests.
• Improved AJAX detection in backend to support ajax=1 query parameter.
• Updated base.html to reference the correct async_actions.js script.

[0.5.2] - 2025-12-01

Fixed

• Fixed video player timer logic to correctly display hours for long videos (e.g. 1:30:21 instead of 30:21).

[0.5.1] - 2025-12-01

Changed

• Increased maximum video upload size limit to 16GB (from 2GB).

[0.5.0] - 2025-12-01

Fixed

• Fixed issue with search causing error.

[0.4.2] - 2025-11-30

Changed

• UI improvements merged from UI branch.

[0.4.1] - 2025-11-29

Fixed

• Template & Route Compatibility

  • Refactored test.py to use Flask Blueprints (main, auth) matching the production app structure.
  • Updated all templates (base.html, home.html, user.html, etc.) to use namespaced url_for calls (e.g., main.home).
  • Fixed BuildError caused by mismatched endpoint names between templates and route definitions.
  • Added missing /search route to views.py to prevent crashes.

• File Uploads & Serving

  • Fixed profile picture upload paths in auth.py to explicitly use forward slashes for compatibility.
  • Updated uploaded_file route in test.py to support serving files from subdirectories (e.g., uploads/profiles/).
  • Fixed issue where uploaded profile pictures were not displaying due to incorrect URL generation.

• View Counting

  • Reverted view counting logic to correctly exclude video owners from incrementing their own view counts.

[0.4.0] - 2025-11-29

Added

• Video Player Theatre Mode
  • Now video player can switch to theatre mode, giving best viewing experience.

Fixed

• Fixed fullscreen mode to include proper aspect ratio.

[0.3.1] - 2025-11-29

Added

• Video Player Replay Functionality

  • Replay button (🔄) appears when video ends
  • Large centered replay button (96px circle)
  • Play button changes to replay icon when video ends
  • Works with both HTML5 and YouTube videos
  • Multiple replay methods: center button, control button, or space bar
  • Replay button stays above "Up Next" overlay
  • Enhanced visual feedback with hover effects

• Player Visual Enhancements

  • Replay button hover effect: darker background + scale(1.05)
  • Smooth transitions (0.2s ease)
  • Darker replay button background for better visibility
  • Replay button z-index increased to 35 (above overlay at 30)

Changed

• Modified player.js to handle video end state
• Added showReplayBtn() and hideReplayBtn() helper functions
• Updated play button click behavior to detect ended state
• Updated big play button to handle replay functionality
• Enhanced .vf-bigplay CSS with z-index and hover effects
• "Play Next" button now properly resets replay state

Fixed

• Replay button now stays clickable above "Up Next" overlay
• No interference between replay and "Up Next" features
• Video properly restarts from beginning on replay
• Button states correctly managed across play/pause/replay

[0.3.0] - 2025-11-29

Added

• Comprehensive Form Element Styling
  • Enhanced all input types with theme-aware styling
  • Custom file upload button with accent color and hover effects
  • Styled select dropdowns with proper focus/hover states
  • Textarea with vertical resize and minimum height
  • Number input with visible spin buttons
  • Checkbox and radio button styling with accent color
  • Form validation s...

ViewFlow

Version: 0.4.1

ViewFlow is a lightweight Flask-based video sharing prototype used for local development and UI iteration. It provides a minimal video upload, playback (HTML5 + YouTube iframe), channel pages, simple subscription and like/dislike reactions, and a custom themeable player UI.

This repository is intended as a development playground, not a production-ready system.

Features

• Upload and serve local video files (stored in uploads/).
• Custom player that supports HTML5 videos and YouTube iframes with custom controls.
• Like/dislike reactions and subscribe/unsubscribe (stored in SQLite DB).
• Enhanced user profiles with display name, age, gender, location, bio, and profile pictures.
• Per-video privacy (public/private) and owner-only delete.
• Light/Dark theme with a persistent toggle stored in localStorage.
• Async actions for reactions and subscriptions to avoid full page reloads.
• Comprehensive registration system with profile customization.

Quick start (development)

Prerequisites:

• Python 3.10+ (tested locally with 3.12)
• A working virtual environment is recommended

1. Create and activate a virtualenv (optional but recommended):

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt  # or install flask and sqlalchemy manually

2. Run the dev server (default port 5000):

python3 test.py
# or use a different port:
PORT=8080 python3 test.py

3. Open http://127.0.0.1:5000 (or chosen port) in your browser.

Notes:

• The app creates an uploads/ directory and a SQLite DB file (viewflow.db) automatically when started.
• .gitignore excludes viewflow.db and the uploads/ folder so local artifacts are not committed.

Data and migrations

• This project uses a simple, best-effort approach to add missing columns to the SQLite DB (via ALTER TABLE) when the server starts. This is intended only for development convenience. For production apps use a migration tool such as Alembic.

Development notes

• Templates live in templates/ for easy editing.
• Static assets are in static/ (player, styles, async JS, theme script).
• The lightweight dev server is test.py which contains models, routes, and initialization logic for testing.