Skip to content

Travers9483/Review-Map

Repository files navigation

πŸ—ΊοΈ Review Map NZ

An interactive, community-driven location review platform for New Zealand. Users can explore locations on a live map, watch embedded video reviews, leave their own star-rated community reviews, and log in with their social accounts. Admins can moderate content via a built-in panel.

Live demo URL: YOUR_SITE_URL β€” update this once deployed.


✨ Features

Feature Description
πŸ“ Interactive Map Leaflet.js map with custom markers and fly-to animations
⭐ Community Reviews Logged-in users can submit star-rated reviews per location
πŸŽ₯ Video Embeds YouTube, TikTok, Instagram & Facebook video embeds per location
πŸ” Social Login Google OAuth, TikTok Login Kit, Meta (Instagram/Facebook)
πŸŒ™ Dark / Light Mode Toggle saved in localStorage
πŸ›‘οΈ Admin Panel Report flagging, user banning, admin management
πŸ” Search & Sort Filter by name/day; sort by day, score, community rating, or unvisited
πŸ”’ Rate Limiting Per-IP review limits enforced client-side (localStorage)
🚫 Profanity Filter Client-side word list filter applied to review submissions
πŸ“± Responsive Mobile-friendly layout

🧱 Tech Stack

Layer Technology
Frontend Vanilla HTML5, CSS3, JavaScript (ES6 modules) β€” no build step required
Map Engine Leaflet.js v1.9.4 with CartoDB dark/light tile layers
Database Supabase (PostgreSQL) β€” tables, Row Level Security (RLS), SECURITY DEFINER functions
Auth Supabase Auth β€” Google OAuth, custom TikTok & Instagram flows
Backend Functions Netlify Functions (Node.js) β€” serverless OAuth token exchange for TikTok and Instagram
Hosting Netlify β€” static site + serverless functions
Fonts Google Fonts β€” Outfit
Icons FontAwesome 6
Geocoding Nominatim / OpenStreetMap β€” converts admin-entered addresses to lat/lng

πŸš€ Getting Started

Prerequisites


1. Clone the Repository

git clone https://github.com/YOUR_USERNAME/review-map.git
cd review-map

2. Set Up Supabase

  1. Create a new project at supabase.com.
  2. Go to SQL Editor β†’ New Query and run supabase_setup.sql β€” this creates all tables, functions, RLS policies, and seeds a few sample locations.
  3. (Optional) If you need TikTok or Instagram login, also run:
    • supabase_tiktok_migration.sql
    • supabase_insta_migration.sql
    • supabase_tiktok_fix.sql (if needed)
  4. In Authentication β†’ Providers, enable:
    • Google β€” paste in your Google OAuth Client ID and Secret from Google Cloud Console
    • (Optional) Any other providers you need

Supabase Database Schema Overview

locations   β€” Map pin records (name, coordinates, rating, review text, video URL, etc.)
profiles    β€” Users created from social login (display name, avatar, provider, admin/ban status)
reviews     β€” Community-submitted reviews (linked to location + user)
reports     β€” Flagged reviews (admin moderation queue)

RLS is fully enabled. Key functions:

  • handle_new_user() β€” trigger that auto-creates a profile on first login
  • upsert_location(loc JSONB) β€” SECURITY DEFINER function for admin writes (bypasses RLS safely)
  • is_user_admin() / is_user_banned() β€” used in RLS policies

Make Yourself an Admin

After your first login, run this in the Supabase SQL Editor:

UPDATE profiles SET is_admin = TRUE WHERE id = 'paste-your-user-uuid-here';

Find your UUID under Authentication β†’ Users.


3. Configure the App

Copy the example config file and fill in your credentials:

cp js/config.example.js js/config.js

Edit js/config.js:

// Find these in your Supabase project β†’ Settings β†’ API
export const SUPABASE_URL      = 'https://xxxx.supabase.co';
export const SUPABASE_ANON_KEY = 'your-anon-key-here';

// From your TikTok Developer App (Client Key only β€” secret stays on the server)
export const TIKTOK_CLIENT_KEY = 'your-tiktok-client-key';

⚠️ Never commit js/config.js β€” it is excluded by .gitignore. Only config.example.js is tracked.


4. Set Up Netlify Functions (Social Login)

The OAuth token exchange for TikTok and Instagram must happen server-side (the client secret must never be exposed in the browser). This is handled by two Netlify Functions in netlify/functions/:

Function Purpose
tiktok-token.js Exchanges TikTok auth code for access token
insta-token.js Exchanges Instagram auth code for access token

Set the following environment variables in your Netlify dashboard (Site Settings β†’ Environment Variables):

Variable Where to Find It
SUPABASE_URL Supabase β†’ Settings β†’ API
SUPABASE_SERVICE_ROLE_KEY Supabase β†’ Settings β†’ API (service role β€” keep secret!)
TIKTOK_CLIENT_KEY TikTok Developer App
TIKTOK_CLIENT_SECRET TikTok Developer App
META_APP_ID Meta Developer App
META_APP_SECRET Meta Developer App

5. Configure OAuth Redirect URIs

In each social platform's developer portal, you must whitelist your deployment URL as an allowed redirect. Set these based on your actual Netlify/custom domain:

Supabase (Google OAuth):

  • Supabase β†’ Authentication β†’ URL Configuration β†’ Site URL: https://your-domain.com
  • Redirect URL: https://your-domain.com

TikTok Developer App:

  • Redirect URI: https://your-domain.com/tiktok-callback.html

Meta Developer App (Instagram):

  • Valid OAuth Redirect URIs: https://your-domain.com/instagram-callback.html

6. Deploy to Netlify

Option A β€” Netlify CLI

npm install -g netlify-cli
netlify login
netlify init
netlify deploy --prod

Option B β€” GitHub Integration (Recommended)

  1. Push your repo to GitHub.
  2. In Netlify, click Add new site β†’ Import an existing project.
  3. Connect your GitHub repository.
  4. Netlify auto-detects netlify.toml and deploys.
  5. Add your environment variables under Site Settings β†’ Environment Variables.

Option C β€” Any Static Host (Google-only login)

If you only need Google login (no TikTok/Instagram), you can deploy the static files to any host (GitHub Pages, Vercel, Cloudflare Pages, etc.) β€” no serverless functions required for Google auth. You still need to set SUPABASE_URL and SUPABASE_ANON_KEY in js/config.js.


πŸ“ Project Structure

review-map/
β”œβ”€β”€ index.html                  # Main app shell
β”œβ”€β”€ privacy.html                # Privacy Policy
β”œβ”€β”€ terms.html                  # Terms of Service
β”œβ”€β”€ tiktok-callback.html        # TikTok OAuth callback handler
β”œβ”€β”€ instagram-callback.html     # Instagram OAuth callback handler
β”œβ”€β”€ styles.css                  # All styles (dark/light theme, layout, components)
β”œβ”€β”€ favicon.svg                 # SVG favicon
β”œβ”€β”€ netlify.toml                # Netlify build config
β”œβ”€β”€ supabase_setup.sql          # Full DB schema + seed data (run this first)
β”œβ”€β”€ supabase_tiktok_migration.sql
β”œβ”€β”€ supabase_insta_migration.sql
β”œβ”€β”€ supabase_tiktok_fix.sql
β”œβ”€β”€ netlify/
β”‚   └── functions/
β”‚       β”œβ”€β”€ tiktok-token.js     # Serverless: TikTok OAuth token exchange
β”‚       └── insta-token.js      # Serverless: Instagram OAuth token exchange
└── js/
    β”œβ”€β”€ config.js               # ⚠️ YOUR CREDENTIALS (gitignored)
    β”œβ”€β”€ config.example.js       # Template β€” copy this to config.js
    β”œβ”€β”€ main.js                 # App entry point β€” wires everything together
    β”œβ”€β”€ appState.js             # Global UI state (user session, theme, admin mode)
    β”œβ”€β”€ state.js                # LocationState class β€” Supabase data layer
    β”œβ”€β”€ components/
    β”‚   β”œβ”€β”€ Map.js              # Leaflet map, markers, popups, review forms
    β”‚   β”œβ”€β”€ Sidebar.js          # Location list, search, sorting
    β”‚   └── AdminModal.js       # Add/edit location modal + toast notifications
    β”œβ”€β”€ services/
    β”‚   β”œβ”€β”€ SupabaseClient.js   # Supabase JS client singleton
    β”‚   β”œβ”€β”€ AuthService.js      # Google + social login orchestration
    β”‚   β”œβ”€β”€ TikTokAuthService.js
    β”‚   β”œβ”€β”€ InstaAuthService.js
    β”‚   └── ReviewService.js    # CRUD for reviews, profanity filter, cache
    β”œβ”€β”€ data/
    β”‚   └── locations.js        # Static sample locations (fallback / seed reference)
    └── utils/
        └── embeds.js           # Video URL β†’ embed HTML converter

πŸ” Security Notes

  • js/config.js is gitignored β€” only placeholder credentials are tracked via config.example.js.
  • The Supabase service role key is only ever used inside Netlify Functions (server-side). It is never exposed to the browser.
  • TikTok and Instagram client secrets are stored exclusively as Netlify environment variables.
  • Row Level Security (RLS) is enforced on all Supabase tables.
  • The upsert_location RPC uses SECURITY DEFINER with an explicit admin check to safely bypass RLS for admin writes only.

πŸ“ Customising for Your Use Case

This project was built as a community review map for New Zealand locations, but it's generic enough to adapt for any use case:

  • Change the map centre β€” edit setView([-40.9006, 174.8860], 6) in js/components/Map.js
  • Expand beyond NZ β€” remove or adjust nzBounds and the countrycodes=nz geocoding parameter in AdminModal.js
  • Change the colour scheme β€” edit the CSS variables at the top of styles.css
  • Remove social logins you don't need β€” comment out the relevant buttons in index.html and skip those migrations/env vars

πŸ“„ License

MIT β€” free to use, modify, and distribute. See LICENSE for details.

About

An interactive map for community-based location reviews across New Zealand. Built with vanilla JS, Leaflet.js, and Supabase. Features social login (Google, TikTok, Instagram), community ratings, video embeds, dark/light mode, and an admin moderation panel.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors