From 69cfa3bdda189ac9bdfb67efd6d37e884043260c Mon Sep 17 00:00:00 2001
From: snackman <samgold24@gmail.com>
Date: Tue, 5 May 2026 13:09:25 -0400
Subject: [PATCH 1/3] feat: require X account verification to comment

- Add x_verified, x_oauth_id, x_avatar_url columns to profiles
- Create useXVerification hook for OAuth identity linking
- Gate comment input behind X verification with connect CTA
- Replace free-text X handle input with OAuth verify/disconnect UI
- Re-enable CommentSection with verification gate
- Add analytics tracking for X connect/disconnect
---
 src/components/AuthModal.tsx                  |  38 +++++--
 src/components/CommentSection.tsx             |  81 ++++++++------
 src/components/EventCard.tsx                  |   3 +-
 src/hooks/useEventComments.ts                 |  12 +-
 src/hooks/useProfile.ts                       |   7 +-
 src/hooks/useXVerification.ts                 | 105 ++++++++++++++++++
 src/lib/analytics.ts                          |   5 +
 src/lib/profile-cache.ts                      |   4 +-
 src/lib/types.ts                              |   4 +
 .../20260505_add_x_verification.sql           |   5 +
 10 files changed, 211 insertions(+), 53 deletions(-)
 create mode 100644 src/hooks/useXVerification.ts
 create mode 100644 supabase/migrations/20260505_add_x_verification.sql

diff --git a/src/components/AuthModal.tsx b/src/components/AuthModal.tsx
index 1f299125..671f5636 100644
--- a/src/components/AuthModal.tsx
+++ b/src/components/AuthModal.tsx
@@ -14,6 +14,7 @@ import { getSocialLinks } from '@/lib/social-urls';
 
 import { supabase } from '@/lib/supabase';
 import { useProfile } from '@/hooks/useProfile';
+import { useXVerification } from '@/hooks/useXVerification';
 import { useFriends } from '@/hooks/useFriends';
 import { useFriendRequests } from '@/hooks/useFriendRequests';
 import type { ETHDenverEvent, NativeAd, UserSearchResult, FriendRequest } from '@/lib/types';
@@ -377,6 +378,7 @@ export function UserMenu({ events, itinerary, onOpenFriends, onSubmitEvent, pend
   const { friendCount, refreshFriends: localRefreshFriends } = useFriends();
   const { config } = useAdminConfig();
   const { theme, setTheme } = useTheme();
+  const { isXVerified, linkX, unlinkX } = useXVerification();
 
   const refreshFriends = useCallback(async () => {
     await localRefreshFriends();
@@ -765,18 +767,32 @@ export function UserMenu({ events, itinerary, onOpenFriends, onSubmitEvent, pend
                     </div>
                   </div>
 
-                  <div>
-                    <div className="flex items-center bg-[var(--theme-bg-primary)] border border-[var(--theme-border-primary)] rounded-lg focus-within:border-[var(--theme-accent)]">
-                      <span className="text-[var(--theme-text-muted)] text-sm ml-3 shrink-0 select-none font-bold leading-none" style={{ fontFamily: 'serif' }}>{'\u{1D54F}'}</span>
-                      <input
-                        type="text"
-                        value={xHandle}
-                        onChange={(e) => setXHandle(e.target.value.replace(/^@/, ''))}
-                        placeholder="X handle"
-                        className="flex-1 bg-transparent text-[var(--theme-text-primary)] text-sm px-2 py-2 focus:outline-none placeholder:text-[var(--theme-text-muted)]"
-                      />
+                  {/* X Account */}
+                  {profile?.x_verified ? (
+                    <div className="flex items-center gap-2 bg-[var(--theme-bg-primary)] border border-green-500/30 rounded-lg px-3 py-2">
+                      <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current text-[var(--theme-text-secondary)]" aria-hidden="true">
+                        <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
+                      </svg>
+                      <span className="text-sm text-[var(--theme-text-primary)]">@{profile.x_handle}</span>
+                      <Check className="w-3.5 h-3.5 text-green-400" />
+                      <button
+                        onClick={unlinkX}
+                        className="ml-auto text-xs text-red-400 hover:text-red-300 transition-colors cursor-pointer"
+                      >
+                        Disconnect
+                      </button>
                     </div>
-                  </div>
+                  ) : (
+                    <button
+                      onClick={linkX}
+                      className="flex items-center gap-2 w-full bg-[var(--theme-bg-primary)] border border-[var(--theme-border-primary)] hover:border-[var(--theme-accent)] rounded-lg px-3 py-2 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] transition-colors cursor-pointer"
+                    >
+                      <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current" aria-hidden="true">
+                        <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
+                      </svg>
+                      Connect X Account
+                    </button>
+                  )}
 
                   <div>
                     <div className="flex items-center bg-[var(--theme-bg-primary)] border border-[var(--theme-border-primary)] rounded-lg focus-within:border-[var(--theme-accent)]">
diff --git a/src/components/CommentSection.tsx b/src/components/CommentSection.tsx
index fb3dc61d..3987f5f7 100644
--- a/src/components/CommentSection.tsx
+++ b/src/components/CommentSection.tsx
@@ -10,6 +10,7 @@ import { getDisplayName } from '@/lib/user-display';
 import UserAvatar from './UserAvatar';
 import ProfileCardModal from './ProfileCardModal';
 import { trackCommentExpand, trackCommentAdd, trackCommentDelete, trackCommentVisibilityToggle } from '@/lib/analytics';
+import { useXVerification } from '@/hooks/useXVerification';
 
 interface CommentSectionProps {
   eventId: string;
@@ -19,6 +20,7 @@ interface CommentSectionProps {
 
 export function CommentSection({ eventId, commentCount = 0, eventName }: CommentSectionProps) {
   const { user } = useAuth();
+  const { isXVerified, linkX } = useXVerification();
   const [expanded, setExpanded] = useState(false);
   const [isMobile, setIsMobile] = useState(false);
   const { comments, loading, addComment, deleteComment } = useEventComments(
@@ -164,45 +166,60 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
   );
 
   // Shared input content
-  const inputContent = user && (
-    <div className="flex items-center gap-2">
-      <div className="flex-1 flex items-center gap-1 bg-[var(--theme-bg-tertiary)]/50 border border-[var(--theme-border-primary)] rounded-lg px-2 py-1.5">
-        <input
-          type="text"
-          value={text}
-          onChange={(e) => setText(e.target.value)}
-          onKeyDown={(e) => {
-            if (e.key === 'Enter' && !e.shiftKey) {
-              e.preventDefault();
-              handleSubmit();
-            }
-          }}
-          placeholder="Add a comment..."
-          maxLength={500}
-          className="flex-1 bg-transparent text-xs text-[var(--theme-text-primary)] placeholder-slate-500 outline-none min-w-0"
-        />
+  const inputContent = user ? (
+    isXVerified ? (
+      <div className="flex items-center gap-2">
+        <div className="flex-1 flex items-center gap-1 bg-[var(--theme-bg-tertiary)]/50 border border-[var(--theme-border-primary)] rounded-lg px-2 py-1.5">
+          <input
+            type="text"
+            value={text}
+            onChange={(e) => setText(e.target.value)}
+            onKeyDown={(e) => {
+              if (e.key === 'Enter' && !e.shiftKey) {
+                e.preventDefault();
+                handleSubmit();
+              }
+            }}
+            placeholder="Add a comment..."
+            maxLength={500}
+            className="flex-1 bg-transparent text-xs text-[var(--theme-text-primary)] placeholder-slate-500 outline-none min-w-0"
+          />
+          <button
+            onClick={() => { const next = visibility === 'public' ? 'friends' : 'public'; trackCommentVisibilityToggle(next); setVisibility(next); }}
+            className={`text-[9px] px-1.5 py-0.5 rounded border shrink-0 cursor-pointer transition-colors ${
+              visibility === 'friends'
+                ? ''
+                : 'border-[var(--theme-border-primary)] text-[var(--theme-text-muted)] hover:text-[var(--theme-text-secondary)]'
+            }`}
+            style={visibility === 'friends' ? { borderColor: 'color-mix(in srgb, var(--friend-blue) 40%, transparent)', color: 'var(--friend-blue)', backgroundColor: 'color-mix(in srgb, var(--friend-blue) 10%, transparent)' } : undefined}
+            title={visibility === 'public' ? 'Visible to everyone' : 'Visible to friends only'}
+          >
+            {visibility === 'public' ? 'public' : 'friends'}
+          </button>
+        </div>
         <button
-          onClick={() => { const next = visibility === 'public' ? 'friends' : 'public'; trackCommentVisibilityToggle(next); setVisibility(next); }}
-          className={`text-[9px] px-1.5 py-0.5 rounded border shrink-0 cursor-pointer transition-colors ${
-            visibility === 'friends'
-              ? ''
-              : 'border-[var(--theme-border-primary)] text-[var(--theme-text-muted)] hover:text-[var(--theme-text-secondary)]'
-          }`}
-          style={visibility === 'friends' ? { borderColor: 'color-mix(in srgb, var(--friend-blue) 40%, transparent)', color: 'var(--friend-blue)', backgroundColor: 'color-mix(in srgb, var(--friend-blue) 10%, transparent)' } : undefined}
-          title={visibility === 'public' ? 'Visible to everyone' : 'Visible to friends only'}
+          onClick={handleSubmit}
+          disabled={!text.trim()}
+          className="p-1.5 rounded-lg bg-[var(--theme-accent)] hover:bg-[var(--theme-accent-hover)] disabled:bg-[var(--theme-bg-tertiary)] disabled:text-[var(--theme-text-muted)] text-[var(--theme-accent-text)] transition-colors cursor-pointer disabled:cursor-not-allowed"
         >
-          {visibility === 'public' ? 'public' : 'friends'}
+          <Send className="w-3.5 h-3.5" />
         </button>
       </div>
+    ) : (
       <button
-        onClick={handleSubmit}
-        disabled={!text.trim()}
-        className="p-1.5 rounded-lg bg-[var(--theme-accent)] hover:bg-[var(--theme-accent-hover)] disabled:bg-[var(--theme-bg-tertiary)] disabled:text-[var(--theme-text-muted)] text-[var(--theme-accent-text)] transition-colors cursor-pointer disabled:cursor-not-allowed"
+        onClick={(e) => {
+          e.stopPropagation();
+          linkX();
+        }}
+        className="flex items-center justify-center gap-2 w-full py-2.5 px-3 rounded-lg border border-[var(--theme-border-primary)] bg-[var(--theme-bg-tertiary)]/50 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] hover:border-[var(--theme-accent)] transition-colors cursor-pointer"
       >
-        <Send className="w-3.5 h-3.5" />
+        <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current" aria-hidden="true">
+          <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
+        </svg>
+        Connect X to comment
       </button>
-    </div>
-  );
+    )
+  ) : null;
 
   // Mobile: render bottom-sheet modal via portal
   if (isMobile) {
diff --git a/src/components/EventCard.tsx b/src/components/EventCard.tsx
index 1e4c2e9d..05d317b7 100644
--- a/src/components/EventCard.tsx
+++ b/src/components/EventCard.tsx
@@ -404,8 +404,7 @@ export const EventCard = memo(function EventCard({
               compact={compact}
             />
           )}
-          {/* Comments disabled until social verification is in place */}
-          {/* <CommentSection eventId={event.id} commentCount={commentCount} eventName={event.name} /> */}
+          <CommentSection eventId={event.id} commentCount={commentCount} eventName={event.name} />
           {checkedInFriends && checkedInFriends.length > 0 && (
             <button
               onClick={(e) => {
diff --git a/src/hooks/useEventComments.ts b/src/hooks/useEventComments.ts
index 916cd445..40ea5fd2 100644
--- a/src/hooks/useEventComments.ts
+++ b/src/hooks/useEventComments.ts
@@ -37,19 +37,19 @@ export function useEventComments(eventId: string | null) {
 
       // Fetch display names for comment authors
       const userIds = [...new Set((data ?? []).map((c: { user_id: string }) => c.user_id))];
-      let profileMap = new Map<string, { display_name: string | null; x_handle: string | null; rsvp_name: string | null; avatar_url: string | null; job_title: string | null; company: string | null; linkedin_url: string | null; telegram_handle: string | null }>();
+      let profileMap = new Map<string, { display_name: string | null; x_handle: string | null; rsvp_name: string | null; avatar_url: string | null; job_title: string | null; company: string | null; linkedin_url: string | null; telegram_handle: string | null; x_verified: boolean }>();
 
       if (userIds.length > 0) {
         const { data: profiles } = await supabase
           .from('profiles')
-          .select('user_id, display_name, x_handle, rsvp_name, avatar_url, job_title, company, linkedin_url, telegram_handle')
+          .select('user_id, display_name, x_handle, rsvp_name, avatar_url, job_title, company, linkedin_url, telegram_handle, x_verified')
           .in('user_id', userIds);
 
         if (profiles) {
           profileMap = new Map(
-            profiles.map((p: { user_id: string; display_name: string | null; x_handle: string | null; rsvp_name: string | null; avatar_url: string | null; job_title: string | null; company: string | null; linkedin_url: string | null; telegram_handle: string | null }) => [
+            profiles.map((p: { user_id: string; display_name: string | null; x_handle: string | null; rsvp_name: string | null; avatar_url: string | null; job_title: string | null; company: string | null; linkedin_url: string | null; telegram_handle: string | null; x_verified: boolean }) => [
               p.user_id,
-              { display_name: p.display_name, x_handle: p.x_handle, rsvp_name: p.rsvp_name, avatar_url: p.avatar_url, job_title: p.job_title, company: p.company, linkedin_url: p.linkedin_url, telegram_handle: p.telegram_handle },
+              { display_name: p.display_name, x_handle: p.x_handle, rsvp_name: p.rsvp_name, avatar_url: p.avatar_url, job_title: p.job_title, company: p.company, linkedin_url: p.linkedin_url, telegram_handle: p.telegram_handle, x_verified: p.x_verified ?? false },
             ])
           );
         }
@@ -69,6 +69,7 @@ export function useEventComments(eventId: string | null) {
             company: profile?.company ?? undefined,
             linkedin_url: profile?.linkedin_url ?? undefined,
             telegram_handle: profile?.telegram_handle ?? undefined,
+            x_verified: profile?.x_verified ?? false,
           };
         })
       );
@@ -102,7 +103,7 @@ export function useEventComments(eventId: string | null) {
         // Fetch own profile for display
         const { data: profile } = await supabase
           .from('profiles')
-          .select('display_name, x_handle, rsvp_name, avatar_url, job_title, company, linkedin_url, telegram_handle')
+          .select('display_name, x_handle, rsvp_name, avatar_url, job_title, company, linkedin_url, telegram_handle, x_verified')
           .eq('user_id', user.id)
           .single();
 
@@ -119,6 +120,7 @@ export function useEventComments(eventId: string | null) {
             company: profile?.company ?? undefined,
             linkedin_url: profile?.linkedin_url ?? undefined,
             telegram_handle: profile?.telegram_handle ?? undefined,
+            x_verified: profile?.x_verified ?? false,
           },
         ]);
       }
diff --git a/src/hooks/useProfile.ts b/src/hooks/useProfile.ts
index 5e328fc5..f007d07d 100644
--- a/src/hooks/useProfile.ts
+++ b/src/hooks/useProfile.ts
@@ -91,7 +91,7 @@ export function useProfile() {
       try {
         const { data, error } = await supabase
           .from('profiles')
-          .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url, telegram_handle, company, linkedin_url, job_title')
+          .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url, telegram_handle, company, linkedin_url, job_title, x_verified, x_oauth_id, x_avatar_url')
           .eq('user_id', user!.id)
           .maybeSingle();
 
@@ -116,6 +116,9 @@ export function useProfile() {
             company: null,
             linkedin_url: null,
             job_title: null,
+            x_verified: false,
+            x_oauth_id: null,
+            x_avatar_url: null,
           };
 
           const { error: insertError } = await supabase
@@ -126,7 +129,7 @@ export function useProfile() {
             // Could be a race condition — try fetching again
             const { data: retryData } = await supabase
               .from('profiles')
-              .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url, telegram_handle, company, linkedin_url, job_title')
+              .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url, telegram_handle, company, linkedin_url, job_title, x_verified, x_oauth_id, x_avatar_url')
               .eq('user_id', user!.id)
               .maybeSingle();
 
diff --git a/src/hooks/useXVerification.ts b/src/hooks/useXVerification.ts
new file mode 100644
index 00000000..ed1dec86
--- /dev/null
+++ b/src/hooks/useXVerification.ts
@@ -0,0 +1,105 @@
+'use client';
+
+import { useState, useEffect, useCallback } from 'react';
+import { useAuth } from '@/contexts/AuthContext';
+import { supabase } from '@/lib/supabase';
+
+export function useXVerification() {
+  const { user } = useAuth();
+  const [isXVerified, setIsXVerified] = useState(false);
+  const [xHandle, setXHandle] = useState<string | null>(null);
+  const [loading, setLoading] = useState(true);
+
+  // Fetch verification status from profile
+  useEffect(() => {
+    if (!user) {
+      setIsXVerified(false);
+      setXHandle(null);
+      setLoading(false);
+      return;
+    }
+
+    async function checkVerification() {
+      const { data } = await supabase
+        .from('profiles')
+        .select('x_verified, x_handle, x_oauth_id')
+        .eq('user_id', user!.id)
+        .single();
+
+      if (data) {
+        setIsXVerified(data.x_verified ?? false);
+        setXHandle(data.x_handle ?? null);
+      }
+      setLoading(false);
+    }
+
+    checkVerification();
+  }, [user]);
+
+  // After OAuth redirect, detect newly linked X identity and update profile
+  useEffect(() => {
+    if (!user || isXVerified) return;
+
+    const twitterIdentity = user.identities?.find(
+      (id) => id.provider === 'twitter'
+    );
+
+    if (twitterIdentity) {
+      const handle = twitterIdentity.identity_data?.user_name;
+      const avatarUrl = twitterIdentity.identity_data?.avatar_url;
+      const oauthId = twitterIdentity.id;
+
+      if (handle && oauthId) {
+        // Update profile with verified X data
+        supabase
+          .from('profiles')
+          .update({
+            x_handle: handle,
+            x_verified: true,
+            x_oauth_id: oauthId,
+            x_avatar_url: avatarUrl || null,
+          })
+          .eq('user_id', user.id)
+          .then(() => {
+            setIsXVerified(true);
+            setXHandle(handle);
+          });
+      }
+    }
+  }, [user, isXVerified]);
+
+  const linkX = useCallback(async () => {
+    const { error } = await supabase.auth.linkIdentity({
+      provider: 'twitter',
+      options: {
+        redirectTo: window.location.origin + window.location.pathname,
+      },
+    });
+    if (error) console.error('Failed to link X:', error);
+    // Browser will redirect to X OAuth
+  }, []);
+
+  const unlinkX = useCallback(async () => {
+    if (!user) return;
+
+    const twitterIdentity = user.identities?.find(
+      (id) => id.provider === 'twitter'
+    );
+
+    if (twitterIdentity) {
+      await supabase.auth.unlinkIdentity(twitterIdentity);
+      await supabase
+        .from('profiles')
+        .update({
+          x_verified: false,
+          x_oauth_id: null,
+          x_avatar_url: null,
+        })
+        .eq('user_id', user.id);
+
+      setIsXVerified(false);
+    }
+  }, [user]);
+
+  return { isXVerified, xHandle, loading, linkX, unlinkX };
+}
diff --git a/src/lib/analytics.ts b/src/lib/analytics.ts
index 4e764de8..28a74956 100644
--- a/src/lib/analytics.ts
+++ b/src/lib/analytics.ts
@@ -235,3 +235,8 @@ export const trackItineraryView = () =>
 // Error tracking
 export const trackError = (message: string, source?: string) =>
   track('error', { message: message.slice(0, 100), ...(source ? { source } : {}) });
+
+// X (Twitter) verification
+export const trackXConnectStart = () => track('x_connect_start');
+export const trackXConnectSuccess = () => track('x_connect_success');
+export const trackXDisconnect = () => track('x_disconnect');
diff --git a/src/lib/profile-cache.ts b/src/lib/profile-cache.ts
index e8e90f5c..451ca6be 100644
--- a/src/lib/profile-cache.ts
+++ b/src/lib/profile-cache.ts
@@ -7,6 +7,7 @@ export interface CachedProfile {
   x_handle: string | null;
   rsvp_name: string | null;
   avatar_url: string | null;
+  x_verified: boolean;
 }
 
 const cache = new Map<string, CachedProfile>();
@@ -30,7 +31,7 @@ export async function fetchProfiles(
   if (uncached.length > 0) {
     const { data } = await client
       .from('profiles')
-      .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url')
+      .select('user_id, email, display_name, x_handle, rsvp_name, avatar_url, x_verified')
       .in('user_id', uncached);
 
     for (const p of data ?? []) {
@@ -41,6 +42,7 @@ export async function fetchProfiles(
         x_handle: p.x_handle ?? null,
         rsvp_name: p.rsvp_name ?? null,
         avatar_url: p.avatar_url ?? null,
+        x_verified: p.x_verified ?? false,
       };
       cache.set(p.user_id, profile);
       result.set(p.user_id, profile);
diff --git a/src/lib/types.ts b/src/lib/types.ts
index e8002384..baa2e241 100644
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@@ -66,6 +66,9 @@ export interface UserProfile {
   company: string | null;
   linkedin_url: string | null;
   job_title: string | null;
+  x_verified: boolean;
+  x_oauth_id: string | null;
+  x_avatar_url: string | null;
 }
 
 export interface Friend {
@@ -130,6 +133,7 @@ export interface EventComment {
   company?: string;
   linkedin_url?: string;
   telegram_handle?: string;
+  x_verified?: boolean;
 }
 
 export interface FriendLocation {
diff --git a/supabase/migrations/20260505_add_x_verification.sql b/supabase/migrations/20260505_add_x_verification.sql
new file mode 100644
index 00000000..910ef104
--- /dev/null
+++ b/supabase/migrations/20260505_add_x_verification.sql
@@ -0,0 +1,5 @@
+ALTER TABLE profiles ADD COLUMN IF NOT EXISTS x_verified boolean NOT NULL DEFAULT false;
+ALTER TABLE profiles ADD COLUMN IF NOT EXISTS x_oauth_id text;
+ALTER TABLE profiles ADD COLUMN IF NOT EXISTS x_avatar_url text;
+
+CREATE INDEX IF NOT EXISTS idx_profiles_x_verified ON profiles(x_verified) WHERE x_verified = true;

From 36add682d8803351d6d1681a59ea94e3342604e7 Mon Sep 17 00:00:00 2001
From: snackman <samgold24@gmail.com>
Date: Tue, 5 May 2026 23:17:54 -0400
Subject: [PATCH 2/3] fix: show sign-in prompt for unauthenticated users in
 comments

When not logged in, tapping the comment area now shows a "Sign in to comment"
button that opens the auth modal.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/components/CommentSection.tsx | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/components/CommentSection.tsx b/src/components/CommentSection.tsx
index 3987f5f7..6472fd11 100644
--- a/src/components/CommentSection.tsx
+++ b/src/components/CommentSection.tsx
@@ -11,6 +11,7 @@ import UserAvatar from './UserAvatar';
 import ProfileCardModal from './ProfileCardModal';
 import { trackCommentExpand, trackCommentAdd, trackCommentDelete, trackCommentVisibilityToggle } from '@/lib/analytics';
 import { useXVerification } from '@/hooks/useXVerification';
+import { AuthModal } from './AuthModal';
 
 interface CommentSectionProps {
   eventId: string;
@@ -28,6 +29,7 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
   );
   const [text, setText] = useState('');
   const [visibility, setVisibility] = useState<'public' | 'friends'>('public');
+  const [showAuth, setShowAuth] = useState(false);
   const [selectedProfile, setSelectedProfile] = useState<{
     userId: string;
     displayName?: string | null;
@@ -219,7 +221,17 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
         Connect X to comment
       </button>
     )
-  ) : null;
+  ) : (
+    <button
+      onClick={(e) => {
+        e.stopPropagation();
+        setShowAuth(true);
+      }}
+      className="flex items-center justify-center gap-2 w-full py-2.5 px-3 rounded-lg border border-[var(--theme-border-primary)] bg-[var(--theme-bg-tertiary)]/50 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] hover:border-[var(--theme-accent)] transition-colors cursor-pointer"
+    >
+      Sign in to comment
+    </button>
+  );
 
   // Mobile: render bottom-sheet modal via portal
   if (isMobile) {
@@ -274,11 +286,9 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
               </div>
 
               {/* Sticky input at bottom */}
-              {user && (
-                <div className="border-t border-[var(--theme-border-primary)] px-4 py-3" style={{ paddingBottom: 'max(0.75rem, env(safe-area-inset-bottom))' }}>
-                  {inputContent}
-                </div>
-              )}
+              <div className="border-t border-[var(--theme-border-primary)] px-4 py-3" style={{ paddingBottom: 'max(0.75rem, env(safe-area-inset-bottom))' }}>
+                {inputContent}
+              </div>
             </div>
           </div>,
           document.body
@@ -297,6 +307,7 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
             telegramHandle={selectedProfile.telegramHandle}
           />
         )}
+        <AuthModal isOpen={showAuth} onClose={() => setShowAuth(false)} />
       </>
     );
   }
@@ -338,6 +349,7 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
           telegramHandle={selectedProfile.telegramHandle}
         />
       )}
+      <AuthModal isOpen={showAuth} onClose={() => setShowAuth(false)} />
     </div>
   );
 }

From 0abe8c7dd81292a56d1ffeb64c495ce722e14c1d Mon Sep 17 00:00:00 2001
From: snackman <samgold24@gmail.com>
Date: Tue, 5 May 2026 23:39:34 -0400
Subject: [PATCH 3/3] fix: unified "Connect X to comment" CTA with inline email
 prompt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Always show "Connect X to comment" regardless of auth state
- If not logged in, clicking shows email input → creates account silently
  (no OTP required until next login) → proceeds to X OAuth
- If logged in but X not verified → goes straight to X OAuth
- Removes separate "Sign in" button and AuthModal dependency

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/components/CommentSection.tsx | 166 +++++++++++++++++++++---------
 1 file changed, 115 insertions(+), 51 deletions(-)

diff --git a/src/components/CommentSection.tsx b/src/components/CommentSection.tsx
index 6472fd11..ac38ced1 100644
--- a/src/components/CommentSection.tsx
+++ b/src/components/CommentSection.tsx
@@ -5,13 +5,13 @@ import { createPortal } from 'react-dom';
 import { Send, Trash2, MessageCircle, X } from 'lucide-react';
 import { useAuth } from '@/contexts/AuthContext';
 import { useEventComments } from '@/hooks/useEventComments';
+import { supabase } from '@/lib/supabase';
 import { timeAgo } from '@/lib/time-parse';
 import { getDisplayName } from '@/lib/user-display';
 import UserAvatar from './UserAvatar';
 import ProfileCardModal from './ProfileCardModal';
 import { trackCommentExpand, trackCommentAdd, trackCommentDelete, trackCommentVisibilityToggle } from '@/lib/analytics';
 import { useXVerification } from '@/hooks/useXVerification';
-import { AuthModal } from './AuthModal';
 
 interface CommentSectionProps {
   eventId: string;
@@ -29,7 +29,10 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
   );
   const [text, setText] = useState('');
   const [visibility, setVisibility] = useState<'public' | 'friends'>('public');
-  const [showAuth, setShowAuth] = useState(false);
+  const [showEmailPrompt, setShowEmailPrompt] = useState(false);
+  const [email, setEmail] = useState('');
+  const [emailLoading, setEmailLoading] = useState(false);
+  const [emailError, setEmailError] = useState<string | null>(null);
   const [selectedProfile, setSelectedProfile] = useState<{
     userId: string;
     displayName?: string | null;
@@ -167,69 +170,131 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
     </>
   );
 
+  // Handle email sign-up then X OAuth link
+  const handleEmailThenLinkX = async () => {
+    if (!email.trim()) return;
+    setEmailLoading(true);
+    setEmailError(null);
+
+    // Sign up with a random password — auto-confirms since enable_confirmations = false
+    // Next login they'll use OTP
+    const { error } = await supabase.auth.signUp({
+      email: email.trim(),
+      password: crypto.randomUUID(),
+    });
+
+    if (error) {
+      // If account exists, they need to sign in properly
+      if (error.message?.includes('already registered') || error.status === 422) {
+        setEmailError('Account exists — sign in from the menu first');
+      } else {
+        setEmailError(error.message);
+      }
+      setEmailLoading(false);
+      return;
+    }
+
+    // Account created + session active, now start X OAuth
+    setEmailLoading(false);
+    linkX();
+  };
+
   // Shared input content
-  const inputContent = user ? (
-    isXVerified ? (
-      <div className="flex items-center gap-2">
-        <div className="flex-1 flex items-center gap-1 bg-[var(--theme-bg-tertiary)]/50 border border-[var(--theme-border-primary)] rounded-lg px-2 py-1.5">
-          <input
-            type="text"
-            value={text}
-            onChange={(e) => setText(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter' && !e.shiftKey) {
-                e.preventDefault();
-                handleSubmit();
-              }
-            }}
-            placeholder="Add a comment..."
-            maxLength={500}
-            className="flex-1 bg-transparent text-xs text-[var(--theme-text-primary)] placeholder-slate-500 outline-none min-w-0"
-          />
-          <button
-            onClick={() => { const next = visibility === 'public' ? 'friends' : 'public'; trackCommentVisibilityToggle(next); setVisibility(next); }}
-            className={`text-[9px] px-1.5 py-0.5 rounded border shrink-0 cursor-pointer transition-colors ${
-              visibility === 'friends'
-                ? ''
-                : 'border-[var(--theme-border-primary)] text-[var(--theme-text-muted)] hover:text-[var(--theme-text-secondary)]'
-            }`}
-            style={visibility === 'friends' ? { borderColor: 'color-mix(in srgb, var(--friend-blue) 40%, transparent)', color: 'var(--friend-blue)', backgroundColor: 'color-mix(in srgb, var(--friend-blue) 10%, transparent)' } : undefined}
-            title={visibility === 'public' ? 'Visible to everyone' : 'Visible to friends only'}
-          >
-            {visibility === 'public' ? 'public' : 'friends'}
-          </button>
-        </div>
+  const inputContent = user && isXVerified ? (
+    <div className="flex items-center gap-2">
+      <div className="flex-1 flex items-center gap-1 bg-[var(--theme-bg-tertiary)]/50 border border-[var(--theme-border-primary)] rounded-lg px-2 py-1.5">
+        <input
+          type="text"
+          value={text}
+          onChange={(e) => setText(e.target.value)}
+          onKeyDown={(e) => {
+            if (e.key === 'Enter' && !e.shiftKey) {
+              e.preventDefault();
+              handleSubmit();
+            }
+          }}
+          placeholder="Add a comment..."
+          maxLength={500}
+          className="flex-1 bg-transparent text-xs text-[var(--theme-text-primary)] placeholder-slate-500 outline-none min-w-0"
+        />
         <button
-          onClick={handleSubmit}
-          disabled={!text.trim()}
-          className="p-1.5 rounded-lg bg-[var(--theme-accent)] hover:bg-[var(--theme-accent-hover)] disabled:bg-[var(--theme-bg-tertiary)] disabled:text-[var(--theme-text-muted)] text-[var(--theme-accent-text)] transition-colors cursor-pointer disabled:cursor-not-allowed"
+          onClick={() => { const next = visibility === 'public' ? 'friends' : 'public'; trackCommentVisibilityToggle(next); setVisibility(next); }}
+          className={`text-[9px] px-1.5 py-0.5 rounded border shrink-0 cursor-pointer transition-colors ${
+            visibility === 'friends'
+              ? ''
+              : 'border-[var(--theme-border-primary)] text-[var(--theme-text-muted)] hover:text-[var(--theme-text-secondary)]'
+          }`}
+          style={visibility === 'friends' ? { borderColor: 'color-mix(in srgb, var(--friend-blue) 40%, transparent)', color: 'var(--friend-blue)', backgroundColor: 'color-mix(in srgb, var(--friend-blue) 10%, transparent)' } : undefined}
+          title={visibility === 'public' ? 'Visible to everyone' : 'Visible to friends only'}
         >
-          <Send className="w-3.5 h-3.5" />
+          {visibility === 'public' ? 'public' : 'friends'}
         </button>
       </div>
-    ) : (
       <button
-        onClick={(e) => {
-          e.stopPropagation();
-          linkX();
-        }}
-        className="flex items-center justify-center gap-2 w-full py-2.5 px-3 rounded-lg border border-[var(--theme-border-primary)] bg-[var(--theme-bg-tertiary)]/50 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] hover:border-[var(--theme-accent)] transition-colors cursor-pointer"
+        onClick={handleSubmit}
+        disabled={!text.trim()}
+        className="p-1.5 rounded-lg bg-[var(--theme-accent)] hover:bg-[var(--theme-accent-hover)] disabled:bg-[var(--theme-bg-tertiary)] disabled:text-[var(--theme-text-muted)] text-[var(--theme-accent-text)] transition-colors cursor-pointer disabled:cursor-not-allowed"
       >
-        <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current" aria-hidden="true">
-          <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
-        </svg>
-        Connect X to comment
+        <Send className="w-3.5 h-3.5" />
       </button>
-    )
+    </div>
+  ) : user && !isXVerified ? (
+    // Logged in but X not verified — go straight to X OAuth
+    <button
+      onClick={(e) => {
+        e.stopPropagation();
+        linkX();
+      }}
+      className="flex items-center justify-center gap-2 w-full py-2.5 px-3 rounded-lg border border-[var(--theme-border-primary)] bg-[var(--theme-bg-tertiary)]/50 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] hover:border-[var(--theme-accent)] transition-colors cursor-pointer"
+    >
+      <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current" aria-hidden="true">
+        <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
+      </svg>
+      Connect X to comment
+    </button>
+  ) : showEmailPrompt ? (
+    // Not logged in — email prompt before X OAuth
+    <div className="space-y-2">
+      <div className="flex items-center gap-2">
+        <input
+          type="email"
+          value={email}
+          onChange={(e) => setEmail(e.target.value)}
+          onKeyDown={(e) => {
+            if (e.key === 'Enter') {
+              e.preventDefault();
+              handleEmailThenLinkX();
+            }
+          }}
+          placeholder="Enter your email..."
+          className="flex-1 bg-[var(--theme-bg-tertiary)]/50 border border-[var(--theme-border-primary)] rounded-lg px-3 py-2 text-sm text-[var(--theme-text-primary)] placeholder-slate-500 outline-none min-w-0"
+          autoFocus
+        />
+        <button
+          onClick={handleEmailThenLinkX}
+          disabled={!email.trim() || emailLoading}
+          className="px-3 py-2 rounded-lg bg-[var(--theme-accent)] hover:bg-[var(--theme-accent-hover)] disabled:bg-[var(--theme-bg-tertiary)] disabled:text-[var(--theme-text-muted)] text-[var(--theme-accent-text)] text-sm transition-colors cursor-pointer disabled:cursor-not-allowed"
+        >
+          {emailLoading ? '...' : 'Go'}
+        </button>
+      </div>
+      {emailError && (
+        <p className="text-xs text-red-400">{emailError}</p>
+      )}
+    </div>
   ) : (
+    // Not logged in — show connect CTA
     <button
       onClick={(e) => {
         e.stopPropagation();
-        setShowAuth(true);
+        setShowEmailPrompt(true);
       }}
       className="flex items-center justify-center gap-2 w-full py-2.5 px-3 rounded-lg border border-[var(--theme-border-primary)] bg-[var(--theme-bg-tertiary)]/50 text-sm text-[var(--theme-text-secondary)] hover:text-[var(--theme-text-primary)] hover:border-[var(--theme-accent)] transition-colors cursor-pointer"
     >
-      Sign in to comment
+      <svg viewBox="0 0 24 24" className="w-4 h-4 fill-current" aria-hidden="true">
+        <path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z" />
+      </svg>
+      Connect X to comment
     </button>
   );
 
@@ -307,7 +372,6 @@ export function CommentSection({ eventId, commentCount = 0, eventName }: Comment
             telegramHandle={selectedProfile.telegramHandle}
           />
         )}
-        <AuthModal isOpen={showAuth} onClose={() => setShowAuth(false)} />
       </>
     );
   }