Slipmat Week Notes 22/2026

Site Development
,
1

Happy Friday the people of Slipmat!

We’re very close to do the final v2 domain migration. Decided not to rush it but focus on some usability issues and UI stuff instead. This week we got few v2 features back plus a whole lotta UI tweaks. Enjoy the fish, below all the details! :dolphin:

New Features

  • The new song request system has now been integrated into v3. This has been a work in progress since 2020 and has a ton of new features compared to the old one. At the moment the new app is still behind a feature flag for further testing but artists can already enable it to test library imports fom DJ software. Expect to get this fully in use on your events by next week! (To test this turn on experimental_features in your account settings; that enables “Song Library” section for your artist dashboard.) (v2 feature parity)
  • We now have basic public tag pages. Whenever you add relevant tags to your events, your events will be displayed on the corresponding tag pages and driving more organic traffic to your event. (v2 feature parity)
  • There is now Settings on user account page. For the moment you can toggle chat settings and also experimental features. Sound on hilight will play a sound when someone mentiond you in chat, and sound on message will play a sound for every new chat message when the tab is not focused. (v2 feature parity)

Enhancements

  • Artists now have a rudimentary dashboard page. It’s not in any way ready but it’s enough for me to check off the item from the todo list for now. (v2 feature parity)
  • Artist event scheduling form now validates the slug better which allows really long event names and slugs to work properly. Everything on the form is now validated better AND there is much more robust general error detection and automatic reporting in place for ALL UI errors. Thank You for @Taustahemmo and @urbanloveulcer for the reports regarding this one!
  • Artists can now upload event photos right from the scheduling form. (v2 feature parity)
  • User and Artist page templates have been fully refreshed. The content still looks a bit wonky but at least the foundations are now much better.
  • Looking at users profile outside from live page or chat no longer has op/mute buttons for channel admins. This was bit of a weird bug :sweat_smile:
  • User accounts can now belong to multiple artists (and one artist can have multiple members) which allows you to manage multiple artists from one account. (We still don’t have a form to create a new artist but that’s coming soon!)

Bugfixes

  • Legacy v2 account migration flow was partially broken due to a bug in email matching. This is now fixed and properly tested as well. Thank you @telakeppi for the bug report!
  • Artist default event photo now actually works.
  • Setting and changing password now properly updates user session so you can keep using the site normally.
  • Fixed an issue where old song links in chat looked broken. The metadata is now properly versioned so any updates to the song link format won’t break links again.
  • Fixed ~30 various minor issues that were masked by fixing a broken tooling configuration. Automated linting found these minor issues as soon as the configuration was fixed. The bug was caused by overly complex tooling stack that was only partially run in CI (but now we run it properly).

Security Note

Just for full transparency, I want to acknowledge that the legacy account restoration flow is technically a low-risk security issue (because it allows something called account enumeration). This means that if you haven’t migrated, an attacker who already has your v2 email address can abuse the flow to verify that this email indeed has a v2 Slipmat account. This is not a not-issue but it also is about as big of an issue as it sounds. But on the other hand this flow allows us to say “hey cool, we found your old account, you can now reset it via the email we sent you” which is way better than “if you had an account by this email, we’ve sent you an email” (which is, for example, what the normal password reset flow says to keep your account secure).

Given our user base, I think this choice reduces unneeded user misery precisely 99,874% and in general is a huge net positive for the userbase (and staff!) mental health :victory_hand: ..but wanted to say this out loud because we do take security and your privacy very seriously and we take these kind of risks knowingly and not by accident.

1 Like