From 4895d2ef2e2196792684e2d1f0826dbc74a0366f Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:27:53 -0600
Subject: [PATCH 1/7] feat: overhaul GIF picker with masonry layout,
 lazy-loading, and share URLs

- Replace CSS grid with dynamic masonry columns (2-3 based on width)
- Add IntersectionObserver to auto-play visible GIFs and show stills off-screen
- Use WEBP for grid previews (smaller/faster), full GIF for comment sharing
- Add search icon to search field for better visual affordance
- Increase GIF fetch limit from 20 to 30
- Reduce displayed GIF sizes in comments for better readability
---
 src/lib/components/CommentInput.svelte  |   7 +-
 src/lib/components/CommentsSheet.svelte |  13 +-
 src/lib/components/GifPicker.svelte     | 154 ++++++++++++++++++------
 src/routes/api/gifs/search/+server.ts   |   8 +-
 4 files changed, 132 insertions(+), 50 deletions(-)

diff --git a/src/lib/components/CommentInput.svelte b/src/lib/components/CommentInput.svelte
index 2d3c095..7727a46 100644
--- a/src/lib/components/CommentInput.svelte
+++ b/src/lib/components/CommentInput.svelte
@@ -17,7 +17,7 @@
 		replyingTo: { id: string; username: string } | null;
 		submitting: boolean;
 		gifEnabled?: boolean;
-		attachedGif: { url: string; stillUrl: string } | null;
+		attachedGif: { url: string; stillUrl: string; shareUrl?: string } | null;
 		members?: GroupMember[];
 		onsubmit: (text: string, gifUrl?: string) => void;
 		oncancelreply: () => void;
@@ -42,7 +42,7 @@
 	function handleSubmit(e: SubmitEvent) {
 		e.preventDefault();
 		if (!canSubmit || submitting) return;
-		onsubmit(text.trim(), attachedGif?.url);
+		onsubmit(text.trim(), attachedGif?.shareUrl || attachedGif?.url);
 	}
 </script>
 
@@ -83,7 +83,8 @@
 			text = t;
 		}}
 		onsubmit={() => {
-			if (canSubmit && !submitting) onsubmit(text.trim(), attachedGif?.url);
+			if (canSubmit && !submitting)
+				onsubmit(text.trim(), attachedGif?.shareUrl || attachedGif?.url);
 		}}
 	/>
 	<button type="submit" disabled={!canSubmit || submitting}>Send</button>
diff --git a/src/lib/components/CommentsSheet.svelte b/src/lib/components/CommentsSheet.svelte
index 706a686..7c39a4d 100644
--- a/src/lib/components/CommentsSheet.svelte
+++ b/src/lib/components/CommentsSheet.svelte
@@ -45,6 +45,7 @@
 		id: string;
 		url: string;
 		stillUrl: string;
+		shareUrl: string;
 		width: number;
 		height: number;
 	} | null>(null);
@@ -373,16 +374,18 @@
 	.comment-gif,
 	.reply-gif {
 		display: block;
-		border-radius: var(--radius-sm);
-		margin-top: var(--space-xs);
+		border-radius: var(--radius-md);
+		margin-top: var(--space-sm);
 		object-fit: contain;
+		background: var(--bg-surface);
+		padding: 2px;
 	}
 	.comment-gif {
-		max-width: 200px;
-		max-height: 160px;
+		max-width: 150px;
+		max-height: 150px;
 	}
 	.reply-gif {
-		max-width: 160px;
+		max-width: 120px;
 		max-height: 120px;
 	}
 	.comment-actions {
diff --git a/src/lib/components/GifPicker.svelte b/src/lib/components/GifPicker.svelte
index eb5dc27..e44d89a 100644
--- a/src/lib/components/GifPicker.svelte
+++ b/src/lib/components/GifPicker.svelte
@@ -1,9 +1,12 @@
 <script lang="ts">
+	import MagnifyingGlassIcon from 'phosphor-svelte/lib/MagnifyingGlassIcon';
+
 	interface GifResult {
 		id: string;
 		title: string;
 		url: string;
 		stillUrl: string;
+		shareUrl: string;
 		width: number;
 		height: number;
 	}
@@ -20,6 +23,21 @@
 	let gifs = $state<GifResult[]>([]);
 	let loading = $state(false);
 	let debounceTimer: ReturnType<typeof setTimeout> | null = null;
+	let gridEl = $state<HTMLDivElement | null>(null);
+	let colCount = $state(2);
+
+	// Distribute GIFs across N columns by shortest-column-first
+	let columns = $derived.by(() => {
+		const cols: GifResult[][] = Array.from({ length: colCount }, () => []);
+		const heights = new Array(colCount).fill(0);
+		for (const gif of gifs) {
+			const ratio = gif.height / gif.width;
+			const shortest = heights.indexOf(Math.min(...heights));
+			cols[shortest].push(gif);
+			heights[shortest] += ratio;
+		}
+		return cols;
+	});
 
 	$effect(() => {
 		loadGifs();
@@ -29,7 +47,6 @@
 	});
 
 	$effect(() => {
-		// Debounced search on query change
 		const q = query;
 		if (debounceTimer) clearTimeout(debounceTimer);
 		debounceTimer = setTimeout(() => {
@@ -37,10 +54,44 @@
 		}, 300);
 	});
 
+	// Observe grid width to set column count
+	$effect(() => {
+		if (!gridEl) return;
+		const ro = new ResizeObserver((entries) => {
+			const w = entries[0].contentRect.width;
+			if (w >= 480) colCount = 3;
+			else colCount = 2;
+		});
+		ro.observe(gridEl);
+		return () => ro.disconnect();
+	});
+
+	// IntersectionObserver: auto-play visible GIFs, show stills for off-screen
+	$effect(() => {
+		if (!gridEl) return;
+		const io = new IntersectionObserver(
+			(entries) => {
+				for (const entry of entries) {
+					const img = entry.target as HTMLImageElement;
+					const animatedUrl = img.dataset.animated;
+					const stillUrl = img.dataset.still;
+					if (!animatedUrl || !stillUrl) continue;
+					img.src = entry.isIntersecting ? animatedUrl : stillUrl;
+				}
+			},
+			{ root: gridEl, rootMargin: '100px 0px' }
+		);
+
+		const imgs = gridEl.querySelectorAll<HTMLImageElement>('img[data-animated]');
+		imgs.forEach((img) => io.observe(img));
+
+		return () => io.disconnect();
+	});
+
 	async function loadGifs(q?: string) {
 		loading = true;
 		try {
-			const searchParams = q?.trim() ? `q=${encodeURIComponent(q.trim())}&limit=20` : 'limit=20';
+			const searchParams = q?.trim() ? `q=${encodeURIComponent(q.trim())}&limit=30` : 'limit=30';
 			const res = await fetch(`/api/gifs/search?${searchParams}`);
 			if (res.ok) {
 				const data = await res.json();
@@ -55,37 +106,38 @@
 
 <div class="gif-picker">
 	<div class="picker-header">
-		<input type="text" bind:value={query} placeholder="Search GIFs..." inputmode="search" />
+		<div class="search-field">
+			<MagnifyingGlassIcon size={16} weight="bold" />
+			<input type="text" bind:value={query} placeholder="Search GIPHY" inputmode="search" />
+		</div>
 		<button class="close-btn" onclick={ondismiss}>&times;</button>
 	</div>
 
-	<div class="gif-grid">
+	<div class="gif-grid" bind:this={gridEl}>
 		{#if loading && gifs.length === 0}
-			<p class="status">Loading...</p>
+			<div class="status-wrap">
+				<p class="status">Loading...</p>
+			</div>
 		{:else if gifs.length === 0}
-			<p class="status">No GIFs found</p>
+			<div class="status-wrap">
+				<p class="status">No GIFs found</p>
+			</div>
 		{:else}
-			{#each gifs as gif (gif.id)}
-				<button
-					class="gif-item"
-					onclick={() => onselect(gif)}
-					style="aspect-ratio: {gif.width}/{gif.height}"
-				>
-					<img
-						src={gif.stillUrl}
-						alt={gif.title}
-						loading="lazy"
-						onmouseenter={(e) => {
-							(e.currentTarget as HTMLImageElement).src = gif.url;
-						}}
-						onmouseleave={(e) => {
-							(e.currentTarget as HTMLImageElement).src = gif.stillUrl;
-						}}
-						ontouchstart={(e) => {
-							(e.currentTarget as HTMLImageElement).src = gif.url;
-						}}
-					/>
-				</button>
+			{#each columns as col, i (i)}
+				<div class="masonry-col">
+					{#each col as gif (gif.id)}
+						<button class="gif-item" onclick={() => onselect(gif)}>
+							<img
+								src={gif.stillUrl}
+								data-animated={gif.url}
+								data-still={gif.stillUrl}
+								alt={gif.title}
+								loading="lazy"
+								style="aspect-ratio: {gif.width}/{gif.height}"
+							/>
+						</button>
+					{/each}
+				</div>
 			{/each}
 		{/if}
 	</div>
@@ -104,26 +156,37 @@
 
 	.picker-header {
 		display: flex;
+		align-items: center;
 		gap: var(--space-sm);
 		padding: var(--space-sm) var(--space-md);
 		flex-shrink: 0;
 	}
 
-	.picker-header input {
+	.search-field {
 		flex: 1;
-		padding: var(--space-xs) var(--space-md);
+		display: flex;
+		align-items: center;
+		gap: var(--space-sm);
+		padding: var(--space-sm) var(--space-md);
 		border: 1px solid var(--border);
 		border-radius: var(--radius-full);
 		background: var(--bg-surface);
-		color: var(--text-primary);
-		font-size: 0.875rem;
-		outline: none;
+		color: var(--text-muted);
 		transition: border-color 0.2s ease;
 	}
-	.picker-header input:focus {
+	.search-field:focus-within {
 		border-color: var(--accent-primary);
 	}
-	.picker-header input::placeholder {
+	.search-field input {
+		flex: 1;
+		background: none;
+		border: none;
+		color: var(--text-primary);
+		font-size: 0.875rem;
+		outline: none;
+		padding: 0;
+	}
+	.search-field input::placeholder {
 		color: var(--text-muted);
 	}
 
@@ -142,15 +205,18 @@
 		overflow-y: auto;
 		-webkit-overflow-scrolling: touch;
 		overscroll-behavior-y: contain;
-		display: grid;
-		grid-template-columns: 1fr 1fr;
-		gap: var(--space-xs);
+		display: flex;
+		gap: 3px;
 		padding: 0 var(--space-sm) var(--space-sm);
-		align-content: start;
 	}
 
+	.status-wrap {
+		flex: 1;
+		display: flex;
+		align-items: center;
+		justify-content: center;
+	}
 	.status {
-		grid-column: 1 / -1;
 		text-align: center;
 		color: var(--text-muted);
 		font-size: 0.875rem;
@@ -158,6 +224,13 @@
 		margin: 0;
 	}
 
+	.masonry-col {
+		flex: 1;
+		display: flex;
+		flex-direction: column;
+		gap: 3px;
+	}
+
 	.gif-item {
 		background: var(--bg-surface);
 		border: none;
@@ -166,13 +239,14 @@
 		cursor: pointer;
 		padding: 0;
 		transition: transform 0.1s ease;
+		display: block;
 	}
 	.gif-item:active {
 		transform: scale(0.97);
 	}
 	.gif-item img {
 		width: 100%;
-		height: 100%;
+		height: auto;
 		object-fit: cover;
 		display: block;
 	}
diff --git a/src/routes/api/gifs/search/+server.ts b/src/routes/api/gifs/search/+server.ts
index 9a45a3b..b7586c2 100644
--- a/src/routes/api/gifs/search/+server.ts
+++ b/src/routes/api/gifs/search/+server.ts
@@ -27,14 +27,18 @@ export const GET: RequestHandler = withAuth(async ({ url }, _auth) => {
 			id: string;
 			title: string;
 			images: {
-				fixed_width: { url: string; width: string; height: string };
+				fixed_width: { url: string; webp: string; width: string; height: string };
 				fixed_width_still: { url: string; width: string; height: string };
+				downsized: { url: string; width: string; height: string };
 			};
 		}) => ({
 			id: g.id,
 			title: g.title,
-			url: g.images.fixed_width.url,
+			// Use WEBP for grid preview (smaller, faster than GIF)
+			url: g.images.fixed_width.webp || g.images.fixed_width.url,
 			stillUrl: g.images.fixed_width_still.url,
+			// Larger rendition for sharing in comments
+			shareUrl: g.images.downsized?.url || g.images.fixed_width.url,
 			width: parseInt(g.images.fixed_width.width),
 			height: parseInt(g.images.fixed_width.height)
 		})

From 0f8a040459bf00c5e03fc03c2f49153557a31f78 Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:28:00 -0600
Subject: [PATCH 2/7] refactor: move file picker out of AvatarCropModal, pass
 image URL as prop

AvatarCropModal now receives imageUrl as a prop instead of opening the
file picker internally. Settings page handles file selection and object
URL lifecycle, making the modal simpler and more reusable.
---
 src/lib/components/AvatarCropModal.svelte | 105 ++++++----------------
 src/routes/(app)/settings/+page.svelte    |  41 +++++++--
 2 files changed, 63 insertions(+), 83 deletions(-)

diff --git a/src/lib/components/AvatarCropModal.svelte b/src/lib/components/AvatarCropModal.svelte
index c855bf4..9fbaa41 100644
--- a/src/lib/components/AvatarCropModal.svelte
+++ b/src/lib/components/AvatarCropModal.svelte
@@ -3,18 +3,18 @@
 	import Cropper from 'svelte-easy-crop';
 
 	const {
+		imageUrl,
 		ondismiss,
 		onuploaded
 	}: {
+		imageUrl: string;
 		ondismiss: () => void;
 		onuploaded: (avatarPath: string) => void;
 	} = $props();
 
 	let visible = $state(false);
-	let imageUrl = $state<string | null>(null);
 	let uploading = $state(false);
 	let closedViaBack = false;
-	let fileInput = $state<HTMLInputElement | null>(null);
 
 	let crop = $state({ x: 0, y: 0 });
 	let zoom = $state(1);
@@ -26,9 +26,6 @@
 		});
 		document.body.style.overflow = 'hidden';
 
-		// Open file picker immediately
-		setTimeout(() => fileInput?.click(), 100);
-
 		pushState('', { sheet: 'avatarCrop' });
 		const handlePopState = () => {
 			closedViaBack = true;
@@ -40,21 +37,9 @@
 			document.body.style.overflow = '';
 			window.removeEventListener('popstate', handlePopState);
 			if (!closedViaBack) history.back();
-			if (imageUrl) URL.revokeObjectURL(imageUrl);
 		};
 	});
 
-	function handleFileSelect(e: Event) {
-		const input = e.target as HTMLInputElement;
-		const file = input.files?.[0];
-		if (!file) {
-			// User cancelled file picker
-			ondismiss();
-			return;
-		}
-		imageUrl = URL.createObjectURL(file);
-	}
-
 	function handleCropComplete(e: {
 		pixels: { x: number; y: number; width: number; height: number };
 	}) {
@@ -90,7 +75,7 @@
 	}
 
 	async function handleSave() {
-		if (!imageUrl || !croppedPixels || uploading) return;
+		if (!croppedPixels || uploading) return;
 		uploading = true;
 
 		try {
@@ -116,58 +101,38 @@
 	}
 </script>
 
-<input
-	bind:this={fileInput}
-	type="file"
-	accept="image/*"
-	class="file-input"
-	onchange={handleFileSelect}
-/>
-
 <div class="overlay" class:visible onclick={dismiss} role="presentation"></div>
 
 <div class="modal" class:visible>
-	{#if imageUrl}
-		<div class="crop-header">
-			<button class="header-btn cancel" onclick={dismiss}>Cancel</button>
-			<span class="header-title">Move and scale</span>
-			<button class="header-btn save" onclick={handleSave} disabled={uploading}>
-				{uploading ? 'Saving...' : 'Save'}
-			</button>
-		</div>
-
-		<div class="crop-area">
-			<Cropper
-				image={imageUrl}
-				bind:crop
-				bind:zoom
-				aspect={1}
-				cropShape="round"
-				showGrid={false}
-				minZoom={1}
-				maxZoom={5}
-				restrictPosition={true}
-				oncropcomplete={handleCropComplete}
-			/>
-		</div>
-
-		<div class="zoom-controls">
-			<input type="range" min={1} max={5} step={0.01} bind:value={zoom} class="zoom-slider" />
-		</div>
-	{:else}
-		<div class="loading-state">
-			<span class="loading-text">Select a photo...</span>
-		</div>
-	{/if}
+	<div class="crop-header">
+		<button class="header-btn cancel" onclick={dismiss}>Cancel</button>
+		<span class="header-title">Move and scale</span>
+		<button class="header-btn save" onclick={handleSave} disabled={uploading}>
+			{uploading ? 'Saving...' : 'Save'}
+		</button>
+	</div>
+
+	<div class="crop-area">
+		<Cropper
+			image={imageUrl}
+			bind:crop
+			bind:zoom
+			aspect={1}
+			cropShape="round"
+			showGrid={false}
+			minZoom={1}
+			maxZoom={5}
+			restrictPosition={true}
+			oncropcomplete={handleCropComplete}
+		/>
+	</div>
+
+	<div class="zoom-controls">
+		<input type="range" min={1} max={5} step={0.01} bind:value={zoom} class="zoom-slider" />
+	</div>
 </div>
 
 <style>
-	.file-input {
-		position: absolute;
-		opacity: 0;
-		pointer-events: none;
-	}
-
 	.overlay {
 		position: fixed;
 		inset: 0;
@@ -253,16 +218,4 @@
 		accent-color: var(--accent-primary);
 		height: 4px;
 	}
-
-	.loading-state {
-		flex: 1;
-		display: flex;
-		align-items: center;
-		justify-content: center;
-	}
-
-	.loading-text {
-		color: var(--text-muted);
-		font-size: 0.875rem;
-	}
 </style>
diff --git a/src/routes/(app)/settings/+page.svelte b/src/routes/(app)/settings/+page.svelte
index b46321d..87762e3 100644
--- a/src/routes/(app)/settings/+page.svelte
+++ b/src/routes/(app)/settings/+page.svelte
@@ -43,9 +43,10 @@
 	const isHost = $derived(group?.createdBy === user?.id);
 
 	let activeTab = $state<'me' | 'group'>('me');
-	let showAvatarCrop = $state(false);
+	let avatarCropImage = $state<string | null>(null);
 	let avatarOverride = $state<string | null | undefined>(undefined);
 	let avatarCacheBust = $state(0);
+	let avatarFileInput = $state<HTMLInputElement | null>(null);
 	const avatarPath = $derived(
 		avatarOverride !== undefined ? avatarOverride : (user?.avatarPath ?? null)
 	);
@@ -53,10 +54,20 @@
 		avatarPath ? `/api/profile/avatar/${avatarPath}?v=${avatarCacheBust}` : null
 	);
 
+	function handleAvatarFileSelect(e: Event) {
+		const input = e.target as HTMLInputElement;
+		const file = input.files?.[0];
+		if (file) {
+			avatarCropImage = URL.createObjectURL(file);
+		}
+		// Reset so the same file can be re-selected
+		input.value = '';
+	}
+
 	function handleAvatarUploaded(path: string) {
 		avatarOverride = path;
 		avatarCacheBust = Date.now();
-		showAvatarCrop = false;
+		avatarCropImage = null;
 	}
 
 	async function handleRemoveAvatar() {
@@ -98,8 +109,8 @@
 	});
 
 	onMount(async () => {
-		const isMobile = /Android|iPhone|iPad|iPod/i.test(navigator.userAgent);
-		showShareCta = isMobile || import.meta.env.DEV;
+		const isIos = /iPhone|iPad|iPod/i.test(navigator.userAgent);
+		showShareCta = isIos;
 
 		pushSupported = isPushSupported();
 		if (pushSupported) {
@@ -176,7 +187,14 @@
 	{#if activeTab === 'me'}
 		<div class="tab-content">
 			<div class="profile-header">
-				<button class="avatar-btn" onclick={() => (showAvatarCrop = true)}>
+				<input
+					bind:this={avatarFileInput}
+					type="file"
+					accept="image/*"
+					onchange={handleAvatarFileSelect}
+					style="position:absolute;opacity:0;pointer-events:none;"
+				/>
+				<button class="avatar-btn" onclick={() => avatarFileInput?.click()}>
 					{#if avatarUrl}
 						<img src={avatarUrl} alt="Profile" class="avatar-large avatar-img" />
 					{:else}
@@ -350,8 +368,17 @@
 		</div>
 	{/if}
 
-	{#if showAvatarCrop}
-		<AvatarCropModal ondismiss={() => (showAvatarCrop = false)} onuploaded={handleAvatarUploaded} />
+	{#if avatarCropImage}
+		<AvatarCropModal
+			imageUrl={avatarCropImage}
+			ondismiss={() => {
+				if (avatarCropImage) {
+					URL.revokeObjectURL(avatarCropImage);
+					avatarCropImage = null;
+				}
+			}}
+			onuploaded={handleAvatarUploaded}
+		/>
 	{/if}
 
 	<footer class="version-footer">

From efb896d9c6c71aed8c4f351788f5b0f50a2bceef Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:28:53 -0600
Subject: [PATCH 3/7] feat: prevent users from liking or reacting to their own
 clips

Disable the favorite button and block reaction gestures (double-tap,
long-press, picker) when viewing your own clip.
---
 src/lib/components/ActionSidebar.svelte | 27 ++++++++++++++++++++++---
 src/lib/components/ReelItem.svelte      |  5 +++++
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/lib/components/ActionSidebar.svelte b/src/lib/components/ActionSidebar.svelte
index 5341e34..97be29a 100644
--- a/src/lib/components/ActionSidebar.svelte
+++ b/src/lib/components/ActionSidebar.svelte
@@ -14,6 +14,7 @@
 		originalUrl,
 		muted = true,
 		uiHidden = false,
+		isOwn = false,
 		onsave,
 		oncomment,
 		onreactionhold,
@@ -26,12 +27,17 @@
 		originalUrl: string;
 		muted?: boolean;
 		uiHidden?: boolean;
+		isOwn?: boolean;
 		onsave: () => void;
 		oncomment: () => void;
 		onreactionhold?: (x: number, y: number) => void;
 		onmute?: () => void;
 	} = $props();
 
+	const saveLabel = $derived.by(() => {
+		if (isOwn) return 'Cannot like own clip';
+		return favorited ? 'Unsave' : 'Save';
+	});
 	let saveBtnEl: HTMLButtonElement | null = $state(null);
 	let holdTimer: ReturnType<typeof setTimeout> | null = null;
 	let holdFired = false;
@@ -106,10 +112,12 @@
 	<button
 		class="sidebar-btn"
 		class:active={favorited}
+		class:disabled={isOwn}
 		bind:this={saveBtnEl}
-		onpointerdown={handleSaveDown}
-		onpointerup={handleSaveUp}
-		aria-label={favorited ? 'Unsave' : 'Save'}
+		onpointerdown={isOwn ? stop : handleSaveDown}
+		onpointerup={isOwn ? stop : handleSaveUp}
+		aria-label={saveLabel}
+		disabled={isOwn}
 	>
 		<span class="icon-circle" class:pop={justSaved}>
 			{#if reactedEmoji && reactedEmoji !== '❤️' && REACTION_MAP.has(reactedEmoji)}
@@ -221,6 +229,19 @@
 		color: var(--accent-magenta);
 	}
 
+	.sidebar-btn.disabled {
+		opacity: 0.3;
+		cursor: not-allowed;
+	}
+
+	.sidebar-btn.disabled .icon-circle {
+		background: var(--reel-icon-circle-bg);
+	}
+
+	.sidebar-btn.disabled:active .icon-circle {
+		transform: none;
+	}
+
 	.unread-badge {
 		position: absolute;
 		top: -2px;
diff --git a/src/lib/components/ReelItem.svelte b/src/lib/components/ReelItem.svelte
index 769034c..41e9ef2 100644
--- a/src/lib/components/ReelItem.svelte
+++ b/src/lib/components/ReelItem.svelte
@@ -95,6 +95,7 @@
 	const localUnreadCount = $derived(
 		unreadOverride !== null ? unreadOverride : clip.unreadCommentCount
 	);
+	const isOwn = $derived(clip.addedBy === currentUserId);
 	const reactedEmoji = $derived(
 		Object.entries(clip.reactions).find(([, v]) => v.reacted)?.[0] ?? null
 	);
@@ -240,6 +241,7 @@
 			el.currentTime = Math.max(0, Math.min(relative ? el.currentTime + time : time, duration));
 	}
 	function fireHeartReaction(cx: number, cy: number) {
+		if (isOwn) return;
 		showerEmoji = '❤️';
 		showerX = cx;
 		showerY = cy;
@@ -277,6 +279,7 @@
 
 	function handlePickEmoji(emoji: string) {
 		showPicker = false;
+		if (isOwn) return;
 		showerEmoji = emoji;
 		showerX = pickerX;
 		showerY = pickerY;
@@ -285,6 +288,7 @@
 		if (!clip.favorited) onfavorited(clip.id);
 	}
 	function triggerReactionPickerHold(bx: number, by: number) {
+		if (isOwn) return;
 		pickerX = bx;
 		pickerY = by;
 		pickerDragMode = true;
@@ -373,6 +377,7 @@
 			originalUrl={clip.originalUrl}
 			{muted}
 			{uiHidden}
+			{isOwn}
 			onsave={() => onfavorited(clip.id)}
 			oncomment={() => {
 				commentsAutoFocus = false;

From 519036b38aeb54f31559ae8fa471066f13321c46 Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:29:00 -0600
Subject: [PATCH 4/7] feat: use textarea for caption editing to support
 multi-line captions

---
 src/lib/components/ReelOverlayActions.svelte | 21 ++++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/lib/components/ReelOverlayActions.svelte b/src/lib/components/ReelOverlayActions.svelte
index bada956..9471dd9 100644
--- a/src/lib/components/ReelOverlayActions.svelte
+++ b/src/lib/components/ReelOverlayActions.svelte
@@ -27,7 +27,7 @@
 	let _saving = $state(false);
 	let saved = $state(false);
 	let deleting = $state(false);
-	let inputEl: HTMLInputElement | null = $state(null);
+	let inputEl: HTMLTextAreaElement | null = $state(null);
 
 	$effect(() => {
 		if (editing) {
@@ -84,10 +84,7 @@
 		confirmingDelete = false;
 	}
 	function handleKeydown(e: KeyboardEvent) {
-		if (e.key === 'Enter') {
-			e.preventDefault();
-			saveEdit();
-		} else if (e.key === 'Escape') {
+		if (e.key === 'Escape') {
 			cancelEdit();
 		}
 	}
@@ -100,14 +97,14 @@
 		onclick={(e) => e.stopPropagation()}
 		onkeydown={(e) => e.stopPropagation()}
 	>
-		<input
+		<textarea
 			bind:this={inputEl}
-			type="text"
 			bind:value={editValue}
 			onkeydown={handleKeydown}
 			maxlength={200}
+			rows={3}
 			placeholder="Add a caption..."
-		/>
+		></textarea>
 		<div class="edit-actions">
 			<button class="edit-action save" onclick={saveEdit}>Save</button>
 			<button class="edit-action cancel" onclick={cancelEdit}>Cancel</button>
@@ -251,7 +248,7 @@
 	.caption-edit {
 		margin-bottom: var(--space-sm);
 	}
-	.caption-edit input {
+	.caption-edit textarea {
 		width: 100%;
 		padding: 8px 12px;
 		background: var(--reel-input-bg);
@@ -262,12 +259,14 @@
 		color: var(--reel-text);
 		font-size: 0.875rem;
 		font-family: var(--font-body);
+		line-height: 1.4;
 		outline: none;
+		resize: none;
 	}
-	.caption-edit input:focus {
+	.caption-edit textarea:focus {
 		border-color: var(--accent-primary);
 	}
-	.caption-edit input::placeholder {
+	.caption-edit textarea::placeholder {
 		color: var(--reel-text-placeholder);
 	}
 	.edit-actions {

From 552f1d8cb326fe29701a7ec64dad4dc7bf79030b Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:29:03 -0600
Subject: [PATCH 5/7] fix: add giphy.com to CSP img-src for GIF rendering in
 comments

---
 src/hooks.server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index ed70dab..eb0085e 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -57,7 +57,7 @@ function setSecurityHeaders(response: Response): void {
 			"script-src 'self' 'unsafe-inline'",
 			"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
 			"font-src 'self' https://fonts.gstatic.com",
-			"img-src 'self' blob: data: https://i.scdn.co",
+			"img-src 'self' blob: data: https://i.scdn.co https://*.giphy.com",
 			"media-src 'self' blob:",
 			"connect-src 'self'",
 			"frame-ancestors 'none'"

From a79a0215db8c5efca8b34f6f4581d0d4e3428dcd Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:29:08 -0600
Subject: [PATCH 6/7] docs: document ORIGIN env var for SvelteKit CSRF
 protection behind proxies

---
 .env.example         | 10 +++++++++-
 Dockerfile           |  2 ++
 docs/architecture.md | 15 ++++++++++++++-
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 57a39d8..0eba10f 100644
--- a/.env.example
+++ b/.env.example
@@ -25,10 +25,18 @@ VAPID_PUBLIC_KEY=
 VAPID_PRIVATE_KEY=
 VAPID_SUBJECT=mailto:you@example.com
 
-# App URL (REQUIRED — used for CSRF protection, Twilio webhooks, and invite links)
+# App URL (REQUIRED — used for invite links, Twilio webhooks, and internal references)
 # Must match the public URL users access (e.g. https://scrolly.example.com)
 PUBLIC_APP_URL=http://localhost:3000
 
+# SvelteKit origin (REQUIRED behind a reverse proxy)
+# SvelteKit checks the Origin header on form submissions for CSRF protection.
+# Behind a reverse proxy, SvelteKit can't determine the correct origin on its own
+# and will reject requests with a silent 403 (before app-level logging).
+# docker-compose.yml sets this automatically from PUBLIC_APP_URL.
+# For manual deployments, set this to your public URL.
+# ORIGIN=https://scrolly.example.com
+
 # Data directory (optional — defaults to ./data)
 # DATA_DIR=./data
 
diff --git a/Dockerfile b/Dockerfile
index 245a3f4..12e9e5a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,6 +46,8 @@ RUN mkdir -p /app/data && chown -R scrolly:scrolly /app
 ENV APP_VERSION=${APP_VERSION}
 ENV NODE_ENV=production
 ENV PORT=3000
+# SvelteKit CSRF protection — must match the public URL when behind a reverse proxy.
+# docker-compose.yml overrides this with PUBLIC_APP_URL or DOMAIN.
 ENV ORIGIN=http://localhost:3000
 
 VOLUME /app/data
diff --git a/docs/architecture.md b/docs/architecture.md
index be3faf2..0b682f8 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -180,11 +180,24 @@ VPS (Ubuntu, e.g., DigitalOcean or Hetzner)
 2. Clone repo, `npm install`, `npm run build`
 3. Create `data/videos/` directory
 4. Configure environment variables (see `.env` template in repo)
-5. Start app: `pm2 start build/index.js --name scrolly`
+5. Start app: `ORIGIN=https://your-domain.com pm2 start build/index.js --name scrolly`
 6. Generate VAPID keys: `npx web-push generate-vapid-keys`
 7. Configure Twilio for SMS verification codes (see deployment docs)
 8. Set up a reverse proxy (Caddy, nginx, etc.) for HTTPS
 
+### ORIGIN and CSRF Protection
+
+SvelteKit has built-in CSRF protection that checks the `Origin` header on form submissions. Behind a reverse proxy, SvelteKit can't determine the correct origin on its own and will reject requests with a **silent 403** — the rejection happens before the request reaches app-level logging, so nothing appears in `docker logs` or application output.
+
+**Set the `ORIGIN` environment variable** to your public URL (e.g., `ORIGIN=https://scrolly.example.com`):
+
+- **Docker:** `docker-compose.yml` sets this automatically from `PUBLIC_APP_URL`. The Caddy overlay sets it from `DOMAIN`.
+- **Manual:** Set `ORIGIN` in your shell environment or process manager config.
+
+This only affects form submissions (SvelteKit form actions). API endpoints (`/api/*` routes via `+server.ts`) are not subject to CSRF origin checks.
+
+**Troubleshooting:** If you see unexplained 403 errors on POST requests that don't appear in your app logs, check that `ORIGIN` matches the URL users access in their browser (protocol + domain, no trailing slash).
+
 ## PWA Configuration
 
 **manifest.json:**

From 6c1909a2c410fa5cb87cabf0da6c0501bfa177e7 Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Sun, 1 Mar 2026 09:29:28 -0600
Subject: [PATCH 7/7] fix: misc UI improvements

- Hide speed pill on mobile (touch-only devices)
- Disable video right-click context menu
- Only show iOS Shortcut nudge on iOS devices
- Add explicit 'Open Scrolly' button on share success page
- Prevent horizontal swipe from hijacking progress bar interaction
---
 src/lib/components/ReelVideo.svelte |  1 +
 src/lib/components/SpeedPill.svelte |  5 +++++
 src/lib/stores/shortcutNudge.ts     |  9 +++++++--
 src/routes/(app)/+page.svelte       | 13 +++++++++++--
 src/routes/share/+page.svelte       | 23 +++++++++++++++++++++--
 5 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/src/lib/components/ReelVideo.svelte b/src/lib/components/ReelVideo.svelte
index b0b57c0..00551a3 100644
--- a/src/lib/components/ReelVideo.svelte
+++ b/src/lib/components/ReelVideo.svelte
@@ -81,6 +81,7 @@
 			loop={!autoScroll}
 			muted
 			class="reel-video"
+			oncontextmenu={(e) => e.preventDefault()}
 			onended={() => {
 				if (autoScroll) onended();
 			}}
diff --git a/src/lib/components/SpeedPill.svelte b/src/lib/components/SpeedPill.svelte
index 41d1cc2..1593c58 100644
--- a/src/lib/components/SpeedPill.svelte
+++ b/src/lib/components/SpeedPill.svelte
@@ -70,4 +70,9 @@
 	.speed-pill:active {
 		transform: scale(0.93);
 	}
+	@media (max-width: 768px) {
+		.speed-pill {
+			display: none;
+		}
+	}
 </style>
diff --git a/src/lib/stores/shortcutNudge.ts b/src/lib/stores/shortcutNudge.ts
index 47cf2a0..bdd39f1 100644
--- a/src/lib/stores/shortcutNudge.ts
+++ b/src/lib/stores/shortcutNudge.ts
@@ -9,12 +9,17 @@ function getInitial(): boolean {
 	return localStorage.getItem(STORAGE_KEY) === 'true';
 }
 
+function isIosDevice(): boolean {
+	if (!browser) return false;
+	return /iPhone|iPad|iPod/.test(navigator.userAgent);
+}
+
 export const shortcutNudgeDismissed = writable(getInitial());
 
-/** Show the shortcut nudge only when install banner is not visible and nudge hasn't been dismissed */
+/** Show the shortcut nudge only on iOS, when install banner is not visible and nudge hasn't been dismissed */
 export const showShortcutNudge = derived(
 	[shortcutNudgeDismissed, showInstallBanner],
-	([$dismissed, $showInstall]) => !$dismissed && !$showInstall
+	([$dismissed, $showInstall]) => isIosDevice() && !$dismissed && !$showInstall
 );
 
 export function dismissShortcutNudge(): void {
diff --git a/src/routes/(app)/+page.svelte b/src/routes/(app)/+page.svelte
index 023d588..894ffa4 100644
--- a/src/routes/(app)/+page.svelte
+++ b/src/routes/(app)/+page.svelte
@@ -227,11 +227,18 @@
 		const el = feedWrapper;
 		let startX = 0;
 		let startY = 0;
+		let tracking = false;
 		let decided = false;
 		let isHorizontal = false;
 
 		function onTouchStart(e: TouchEvent) {
 			if (swipeAnimating) return;
+			const target = e.target as HTMLElement;
+			if (target.closest('.progress-bar')) {
+				tracking = false;
+				return;
+			}
+			tracking = true;
 			startX = e.touches[0].clientX;
 			startY = e.touches[0].clientY;
 			decided = false;
@@ -240,7 +247,7 @@
 		}
 
 		function onTouchMove(e: TouchEvent) {
-			if (swipeAnimating) return;
+			if (!tracking || swipeAnimating) return;
 			const dx = e.touches[0].clientX - startX;
 			const dy = e.touches[0].clientY - startY;
 
@@ -261,13 +268,15 @@
 		}
 
 		function onTouchEnd() {
-			if (!isHorizontal || swipeX === 0) {
+			if (!tracking || !isHorizontal || swipeX === 0) {
+				tracking = false;
 				decided = false;
 				isHorizontal = false;
 				isHorizontalSwiping = false;
 				return;
 			}
 
+			tracking = false;
 			decided = false;
 			isHorizontal = false;
 			isHorizontalSwiping = false;
diff --git a/src/routes/share/+page.svelte b/src/routes/share/+page.svelte
index ad3ff7f..4f5f7ab 100644
--- a/src/routes/share/+page.svelte
+++ b/src/routes/share/+page.svelte
@@ -8,6 +8,7 @@
 		detectPlatform,
 		isPlatformAllowed
 	} from '$lib/url-validation';
+	import { addToast } from '$lib/stores/toasts';
 	import XCircleIcon from 'phosphor-svelte/lib/XCircleIcon';
 	import ProhibitIcon from 'phosphor-svelte/lib/ProhibitIcon';
 	import CheckIcon from 'phosphor-svelte/lib/CheckIcon';
@@ -32,6 +33,8 @@
 	let loading = $state(false);
 	let error = $state('');
 	let success = $state(false);
+	let clipId = $state('');
+	let contentType = $state('');
 
 	async function handleSubmit() {
 		error = '';
@@ -47,14 +50,29 @@
 				error = data.error || 'Failed to add clip';
 				return;
 			}
+			clipId = data.clip.id;
+			contentType = data.clip.contentType ?? 'video';
 			success = true;
-			setTimeout(() => goto(resolve('/')), 1500);
 		} catch {
 			error = 'Something went wrong';
 		} finally {
 			loading = false;
 		}
 	}
+
+	function openFeed() {
+		if (clipId) {
+			const label = contentType === 'music' ? 'song' : 'video';
+			addToast({
+				type: 'processing',
+				message: `Adding ${label} to feed...`,
+				clipId,
+				contentType,
+				autoDismiss: 0
+			});
+		}
+		goto(resolve('/'));
+	}
 </script>
 
 <svelte:head>
@@ -84,7 +102,8 @@
 				<CheckIcon size={28} weight="bold" />
 			</div>
 			<h1 class="share-title">Added!</h1>
-			<p class="share-desc">Taking you to the feed...</p>
+			<p class="share-desc">Your clip is downloading.</p>
+			<button class="btn-primary" onclick={openFeed}>Open Scrolly</button>
 		{:else}
 			<div class="icon-wrap">
 				<ExportIcon size={28} />