LotusGuild/cinny
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca09e8e6ca9a8a82f188a9b409edf384f537dddf
cinny/LOTUS_BUGS.md
T
jared ca09e8e6ca
CI / Build & Quality Checks (push) Successful in 10m22s
Details
Trigger Desktop Build / trigger (push) Successful in 5s
Details
feat: presence fix, voice ringing fix, user private notes + doc updates 
- usePresenceUpdater: replace stale closure with readStatus() called at
  invocation time so changing custom status in Profile Settings is never
  silently overwritten by subsequent activity events
- CallEmbedProvider: fix m.space.parent state-key lookup by switching
  getStateEvent → getStateEvents (plural); space channel voice rooms no
  longer trigger the incoming-call ring/animation
- Add useUserNotes hook (io.lotus.user_notes account data, reactive via
  useAccountDataCallback, 500-char limit, cross-device sync)
- UserRoomProfile: add UserPrivateNotes textarea with 800ms debounced
  auto-save, saving indicator, char counter when <100 chars remain;
  shown only when viewing another user's profile
- LOTUS_FEATURES.md: add Private Notes section, Status Revert fix note,
  animation improvements subsection, Seasonal Themes section
- LOTUS_BUGS.md: mark presence revert + voice ringing bugs as resolved
- README.md + landing/index.html: document all new June 2026 features

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 00:47:14 -04:00

5.7 KiB
Raw Blame History

Lotus Chat — Bug Report & Technical Audit

Date: June 2026

This document tracks identified bugs, edge cases, and architectural discrepancies found during the audit of the Lotus Chat codebase. Recommended fixes are provided for each item.

🛡️ Critical Security & Privacy Regressions

1. E2EE Bypass in Media Gallery Downloads

File: src/app/features/room/MediaGallery.tsx (Line 855) Status: CRITICAL

  • Issue: The "Download" button in the Files tab uses mxcUrlToHttp directly and clicks an <a> link.
  • Impact: In encrypted rooms, this downloads the encrypted ciphertext rather than the decrypted file. Users cannot open the downloaded files.
  • Recommended Fix:
    1. Check if the event is encrypted.
    2. If encrypted, use the decryptAttachment logic (similar to useDecryptedMediaUrl) to decrypt the file in memory.
    3. Use file-saver or a Blob URL to trigger the download of the decrypted plaintext.

2. Privacy Leak in URL Previews

File: src/app/components/url-preview/UrlPreviewCard.tsx (Line 1655) Status: PRIVACY RISK

  • Issue: Generic URL preview cards fetch favicons directly from https://www.google.com/s2/favicons?domain=....
  • Impact: This leaks the user's browsing/chat activity (domains of links they see) to Google. It bypasses the "proxied through Matrix" privacy standard.
  • Recommended Fix: Use the proxy URL returned by the Matrix /_matrix/media/v3/preview_url endpoint instead of contacting Google directly.

🚩 Functional & Logic Bugs

1. Presence Updater Reverts Status Updates

File: src/app/hooks/usePresenceUpdater.ts (Line 20) Status: RESOLVED (June 2026)

  • Issue: The storedStatus variable was captured once when the useEffect started.
  • Impact: If a user updated their status message in Profile Settings, the hook would continue broadcasting the old message on every activity event, silently reverting the change.
  • Fix Applied: Replaced the single localStorage.getItem read with a readStatus() function called inside every setOnline and setUnavailable invocation, ensuring the current value is always used.

2. Audio Playback Rate Reset

File: src/app/components/message/content/AudioContent.tsx (Line 97) Status: UX Bug

  • Issue: The playbackRate is set in a useEffect that only depends on [playbackSpeed].
  • Impact: If a user selects a playback speed before the audio blob has finished loading, the <audio> element may reset its rate to 1.0 once the <source> is added.
  • Recommended Fix: Add srcState.data to the useEffect dependencies or set the playbackRate in an onCanPlay handler on the audio element.

3. Room Insights are Static (No Live Updates)

File: src/app/features/room-settings/RoomInsights.tsx (Line 60) Status: Medium Priority

  • Issue: Stats are calculated in a useMemo that only depends on [room].
  • Impact: If new messages arrive while the Insights page is open, the statistics (message counts, top participants, etc.) do not update.
  • Recommended Fix: Add a listener for RoomEvent.Timeline inside the component to trigger a recalculation when new events are added to the room.

4. Incorrect Ringing in Voice Rooms

File: src/app/components/CallEmbedProvider.tsx Status: RESOLVED (June 2026)

  • Issue: Joining a static voice room (Public Space channel) triggered the "Incoming Call" ringing animation and sound.
  • Root Cause: getStateEvent(room, StateEvent.SpaceParent) always returned undefined because m.space.parent events use the parent space's room ID as the state key, not an empty string. The ringing suppression check silently failed.
  • Fix Applied: Replaced getStateEvent with getStateEvents (plural), which returns all events of a given type regardless of state key. A room with any m.space.parent event is correctly identified as a space channel and suppresses ringing.

🎨 UI/UX & Visual Consistency

1. Hardcoded Primary Color in Polls

File: src/app/components/message/content/PollContent.tsx (Line 245) Status: TDS Violation

  • Issue: Uses rgba(var(--mx-primary-rgb, 0,132,255), ...) for selected options and borders.
  • Impact: Polls look like standard Cinny and ignore the Lotus Terminal Design System (TDS) colors.
  • Recommended Fix: Use var(--lt-accent-cyan) or the primary theme accent color.

2. Inaccessible Room Menu on Mobile

File: src/app/features/room-nav/RoomNavItem.tsx (Line 643) Status: MOBILE BUG

  • Issue: The room menu icon (VerticalDots) is hidden on mobile because hover is never active.
  • Impact: Mobile users cannot access room settings, mark as read, or leave rooms from the sidebar.
  • Recommended Fix: Ensure the menu button is visible on mobile for the active room or provide an alternative trigger.

3. Inconsistent Settings Dropdown Styling

File: src/app/features/settings/general/General.tsx Status: UI Consistency

  • Issue: The dropdowns for "Join & Leave Sounds" and "UI Font" use raw HTML <select> elements, which look different from the custom-styled Menu used elsewhere.
  • Recommended Fix: Replace raw selects with the Menu + PopOut pattern used in the "Message Layout" setting.

4. No Camera Focus During Screenshare

File: src/app/features/call/CallControls.tsx Status: UX Bug

  • Issue: When someone is screensharing and another participant turns on their camera, there is no way to switch the primary display to the camera or go fullscreen on it.
  • Recommended Fix: Implement a "Pin/Focus" toggle on participant tiles that overrides the automatic screenshare spotlight.
Reference in New Issue View Git Blame Copy Permalink