GlitchRealm Games

Dev Log — 2026-03-07

Summary: Implemented site maintenance mode UI in admin panel, removed it from developer dashboard, added maintenance page with live countdown, and fixed datetime-local timezone bug.
Files changed:
maintenance-check.js — check+redirect for maintenance mode (existing)
maintenance.html — added live countdown UI and auto-refresh on expiry
index.html — added “Maintenance” nav + sec-maintenance form
admin.js — added loadMaintenance() and save/clear handlers; fixed datetime handling for datetime-local
developer-dashboard.html — removed previous maintenance admin UI
firestore.rules — added site_config/{configId} rule (deployed)
Bug fix: Replaced toISOString() usage with local-time formatting when populating the datetime-local input to avoid UTC shifts causing midnight resets.
How to test:
Run local dev server (e.g., netlify dev) and open /admin → log in as a developer.
Go to Maintenance section, set “Expected End” with date+time, save.
Visit site as non-admin: should redirect to maintenance.html showing countdown.

Can’t show the admin dashboard either then the sidebar for reasons
Added a link to the repo at the footer

Security (17 fixes)

Hardened CORS, CSP, and added Permissions-Policy header in netlify.toml/_headers
Patched XSS vectors & open redirect vulnerabilities across auth flows
Tightened Firestore rules & Storage rules
Ran npm audit fix on Cloud Functions
Deleted legacy sign-in page (subdomains/GlitchRealm Sign In Page/)
Malware Removal

Removed ad-injection script (3nbf4.com) from sw.js; bumped service worker cache to v8
New Features

Cookie consent banner (cookie-consent.js) — bottom bar + preferences modal, wired to footer “Manage Consent” link on all pages
OG/Twitter meta tags added to 18 pages
Sitemap expanded from 21 → 41 URLs (clean extensionless paths)
RSS feed added to index.html
Skip-to-content keyboard nav link in header
Bug Fixes

404 page: converted from news-specific to site-wide generic
index.html: removed duplicate nesting
offline.html: fixed duplicate theme-color meta, pointed broken game link to /utilities/Offline Game/
manifest.json: start_url changed from index.html to /
Structured Data

JSON-LD: added CodeRunner & ByteWars games, fixed contact email to [email protected]

Added a HackClub Ai to the support page because the other one was crappy. Added a updated footer which in my opinion looks WAYY better. Made some big SEO improvements. Tested ads in certain areas and the user can choose if they want ads. made my service worker better for cache(This has not been published yet due to netlify issues). Added more stuff to the support page. Added a full legal hub with all legal docs and how to contact the Gli

Date: January 9, 2026
Feature: Real-time RSS status monitoring with dynamic priority reordering

Changes Made
File: support.html

1. RSS Status Widget (Lines ~1607-1955)
   HTML Structure:

Added #rss-status-container between existing status indicator and contact button
Implemented #status-detail-modal for expanded status views
Loading spinner and error states
CSS Additions:

.rss-status-widget: Glassmorphic container matching cyberpunk theme
.status-badge: Color-coded indicators (UP: cyan/green, DOWN: red, DEGRADED: yellow)
.read-more-link: Cyan-accented expandable triggers
.modal-overlay: Full-screen popup with backdrop blur
Countdown timer with –primary-cyan accent
JavaScript Features:

Multi-source fallback: status.glitchrealm.ca → CORS proxy → feed.atom → RSS feeds
Dual format parsing: RSS 2.0 + Atom
HTML parsing to extract status labels (Resolved, Operational, Down)
30-second auto-refresh with live countdown timer
Truncates descriptions to 120 chars with “Read more →” links
Stores full data in window.rssStatusData for modal access
Modal controls: click/backdrop/ESC to close
2. Dynamic Widget Reordering
Modified updateStatusUI() function:

Monitors Firestore status_updates/current document
Yellow/Red staff status → #staff-update-container moves above #rss-status-container
Green staff status → #rss-status-container moves above #staff-update-container
Uses existing window.firebaseFirestore, window.onSnapshot from firebase-core.js
Why: Critical incidents (yellow/red) prioritize manual updates over automated metrics. Normal operations (green) show live uptime first.

Architecture Compliance
✅ Global window pattern (no new Firebase dependencies)
✅ No build system (pure vanilla JS)
✅ Cyberpunk theme variables (–primary-cyan)
✅ No external npm packages

Testing Checklist
RSS multi-source fallback works
30-second countdown updates
Modal interactions functional
Real-time Firestore reordering

Been working on same new stuff: New status in support page
Improving performance and fixing issuesw

Summary: Replaced the external DoAI chatbot with an in-page GlitchBot and moved API calls server-side via a Netlify function. This removes the exposed client key and centralizes AI access through a server-side proxy using an environment variable.

Key Changes:

Server proxy: Added support-proxy.js and support-proxy.js to proxy requests to the Hack Club AI endpoint. Proxy uses SUPPORT_API_KEY from environment.
UI: Replaced the external widget in support.html with an in-page chat UI (GlitchBot) that posts to /.netlify/functions/support-proxy. Adds keyboard shortcut Ctrl/⌘ + /.
Legacy cleanup: Removed the DoAI loader and helper code from support.html.
Local dev route: Function also exists under functions so Netlify’s dev & deploy flows can use the proxy.
Why this change:

Prevents accidental client-side exposure of secret API keys.
Gives tighter control over request/response handling, error messages, and rate-limiting.
Simplifies styling and behavior (no external widget script dependency).
How it works (technical):

Frontend sends POST JSON (same shape as original curl) to /.netlify/functions/support-proxy.
Netlify function forwards that payload to https://ai.hackclub.com/proxy/v1/chat/completions with Authorization: Bearer <SUPPORT_API_KEY>.
Proxy returns the upstream response to the client (content-type preserved when possible).
Env & deploy notes:

Locally: use Netlify CLI (netlify dev) after setting SUPPORT_API_KEY in your local env.
Verify chat flow: open support.html, press Ctrl/⌘ + /, ask a question, confirm a valid reply.
Check function logs in Netlify if upstream returns errors.
Security & follow-ups:

Summary
Working on GlitchRealm: core platform (static HTML/CSS/JS), Firebase auth/firestore, Supabase for assets, Netlify hosting.
Focus: game submissions, playtime tracking, dev/admin flows, security rules.
Completed (recent)
Firebase global init pattern stabilized (firebase-core.js).
Playtime tracker integrated into game launcher and /Games/* entries.
Submit-game multi-step form wired to Firestore game_submissions.
Supabase image uploads for game covers and avatars implemented.
Netlify deployment config in netlify.toml and status page separated.
In Progress
Harden firestore.rules validators for merged-document checks.
Clean up inconsistent per-page firebase re-inits.
Developer UID management audit (currently hardcoded across files).
Next Tasks
Move DEV_UIDS to protected Firestore collection or environment variable (document access flow).
Files to update: submit-game.html, games.html, moderation.html, firestore.rules
Add Firestore rules unit tests with Firebase emulator and GitHub Actions CI.
Add workflow: .github/workflows/firestore-tests.yml
Implement App Check + rate limiting for submission/review endpoints.
Create automated Firestore export schedule (Cloud Scheduler → Cloud Function).
Blockers / Risks
Firestore validators reject edits if UI omits required fields (playUrl, coverImageUrl). Editor forms must preserve these fields in update payloads.
Hardcoded DEV_UIDS everywhere is a security/maintenance risk.
Asset licensing: non-code assets are All Rights Reserved — must avoid accidental distribution.
Immediate Action Items (priority)
Add form dataset preservation for playUrl/coverImageUrl in submit-game edit flows (script.js / submit-game.html).
Add App Check token enforcement on Cloud Functions.
Create a minimal Game Template in /Games/Template/ showing playtime tracker + firebase usage.
Add CI job to run firestore.rules tests on PRs.

I’m working on my first project! This is so exciting. I can’t wait to share more updates as I build.