Update README.md

README.md

@@ -1,30 +1,21 @@
-<div align="center"><img src="https://github.com/user-attachments/assets/3864f785-7a68-47fd-ac9f-0632ad440264" align="center"></div>
-<h1 align="center">MHSF</h1>
+# ![MHSF Cover](/.github/github-banner.png)
 
 <div align="center"><img alt="nextjs" height="56" src="https://cdn.jsdelivr.net/npm/@intergrav/devins-badges@3/assets/cozy-minimal/built-with/nextjs_64h.png" /> <a href="https://mhsf.app/docs"><img alt="docs" height="56" src="https://cdn.jsdelivr.net/npm/@intergrav/devins-badges@3/assets/cozy/documentation/generic_64h.png" />&nbsp;<a href="https://mhsf.app/"><img alt="mhsf.app" height="56" src="https://github.com/user-attachments/assets/9e0d0a39-1a88-4683-8567-a0b59a6cdb66" /></a></div>
 
+## The MHSF Project
 
-An open-source customizable server-list for Minehut built in React. Check it out at [mhsf.app](https://mhsf.app), and maybe give this repo a star!
+A modern, third-party Minehut server list that is completely open-source, built using top of the line web technologies. Not built to take your money or time, find a server in minutes. Completely ad-free.
 
-## Info
-
-![Alt](https://repobeats.axiom.co/api/embed/0ee8fb5584604adac02f04cff49f1091af45c3a8.svg "Repobeats analytics image")
-
-## Tech-stack
-
-[React](https://react.dev): Component based syntaxing for the web <br/>
-[Next.js](https://nextjs.org): Handles API, server-based metadata, and so much more.<br/>
-[Clerk](https://clerk.com): Authentication for MHSF (very cool library) <br/>
-[TailwindCSS](https://tailwindcss.com): Styling without CSS, simplified<br/>
-[shadcn/ui](https://ui.shadcn.com): Provides the awesome UI for MHSF<br/>
-And many other smaller libraries are in use to make sure MHSF is feature-packed.<br/>
+## Security
+Please privately disclose any security problems with a support email or via GitHub (`Security` tab -> `Report a vulnerability`).
 
 ## Contributing
 
-> [!NOTE]
-> Do you use Java and not JavaScript/TypeScript? You can also contribute to [MHSFPV (Minehut Server List Player Validator)](https://github.com/DeveloLongScript/MHSFPV), a player validator plugin to link accounts. It's relatively small, but can use commits.
+Thank you for taking your time to contribute!
+Please make sure you read this guide [here](https://github.com/DeveloLongScript/MHSF/blob/main/CONTRIBUTING.md).
 
-The contributing guide is [here](https://github.com/DeveloLongScript/MHSF/blob/main/CONTRIBUTING.md).
+## Support
+Make a GitHub issue or contact via email, [`support@mhsf.app`](mailto:support@mhsf.app).
 
 ## Licensing
 

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+This is the security notice for MHSF. The policy explains how vulnerabilities should be reported.
+
+## Reporting a Vulnerability
+If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. **Do not open a GitHub issue for a found vulnerability.**
+
+Send details to either *a)* `support@mhsf.app` or *b)* GitHub Security (`Security` tab -> `Report a vulnerability`) including:
+
+- the website, page or repository where the vulnerability can be observed
+- a brief description of the vulnerability
+- optionally the type of vulnerability and any related [OWASP category](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project)
+- non-destructive exploitation details
+
+We will do our best to reply as fast as possible.
+
+## Scope
+The following vulnerabilities are not in scope:
+
+- volumetric vulnerabilities, for example overwhelming a service with a high volume of requests
+- reports indicating that our services do not fully align with "best practice", for example missing security headers
+
+If you aren't sure, you can still reach out via email or direct message.
+
+---
+
+This notice is inspired by the [Python Discord Security Notice](https://www.pythondiscord.com/pages/security-notice/).

apps/www/next.config.js

@@ -45,6 +45,22 @@ const nextConfig = {
 			},
 		];
 	},
+	async rewrites() {
+		return [
+			{
+				source: "/ingest/static/:path*",
+				destination: "https://us-assets.i.posthog.com/static/:path*",
+			},
+			{
+				source: "/ingest/:path*",
+				destination: "https://us.i.posthog.com/:path*",
+			},
+			{
+				source: "/ingest/decide",
+				destination: "https://us.i.posthog.com/decide",
+			},
+		];
+	},
 	eslint: {
 		ignoreDuringBuilds: true,
 	},

apps/www/package.json

@@ -56,6 +56,7 @@
 		"nextjs-toploader": "^1.6.12",
 		"nprogress": "^0.2.0",
 		"postcss-obfuscator": "^1.6.1",
+		"posthog-js": "^1.230.2",
 		"prettier": "^3.3.1",
 		"react": "^19.0.0",
 		"react-dom": "^19.0.0",

apps/www/src/app/(main)/layout.tsx

@@ -26,7 +26,6 @@
  * OTHER DEALINGS IN THE SOFTWARE.
  */
 
-import { Analytics } from "@vercel/analytics/react";
 import { SpeedInsights } from "@vercel/speed-insights/next";
 import { GeistSans } from "geist/font/sans";
 import "../globals.css";
@@ -41,6 +40,7 @@ import { Inter as interFont } from "next/font/google";
 import LayoutPart from "@/components/feat/LayoutPart";
 import AllBanners from "@/components/feat/AllBanners";
 import Footer from "@/components/misc/Footer";
+import { PostHogProvider } from "@/components/misc/PosthogProvider";
 
 export const viewport: Viewport = {
   themeColor: "black",
@@ -57,14 +57,15 @@ export default async function RootLayout({
     <ClerkThemeProvider className={GeistSans.className}>
       <ThemeProvider attribute="class" defaultTheme="system" enableSystem>
         <TooltipProvider>
+          <PostHogProvider>
             <AllBanners />
             <LayoutPart>{children}</LayoutPart>
             <ThemedToaster />
             <CommandBarer />
             <SpeedInsights />
-          <Analytics />
             <NewDomainDialog />
             <Footer />
+          </PostHogProvider>
         </TooltipProvider>
       </ThemeProvider>
     </ClerkThemeProvider>

apps/www/src/components/misc/PosthogProvider.tsx

@@ -0,0 +1,102 @@
+/*
+ * MHSF, Minehut Server List
+ * All external content is rather licensed under the ECA Agreement
+ * located here: https://mhsf.app/docs/legal/external-content-agreement
+ *
+ * All code under MHSF is licensed under the MIT License
+ * by open source contributors
+ *
+ * Copyright (c) 2025 dvelo
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */
+"use client";
+
+import { usePathname, useSearchParams } from "next/navigation";
+import { useEffect, Suspense } from "react";
+import { usePostHog } from "posthog-js/react";
+
+import { useAuth, useUser } from '@clerk/nextjs'
+import posthog from "posthog-js";
+import { PostHogProvider as PHProvider } from "posthog-js/react";
+
+export function PostHogProvider({ children }: { children: React.ReactNode }) {
+  useEffect(() => {
+    posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY as string, {
+      api_host: "/ingest",
+      ui_host: "https://us.posthog.com",
+      person_profiles: "identified_only", // or 'always' to create profiles for anonymous users as well
+      capture_pageview: false, // Disable automatic pageview capture, as we capture manually
+      capture_pageleave: true
+    });
+  }, []);
+
+  return (
+    <PHProvider client={posthog}>
+      <SuspendedPostHogPageView />
+      {children}
+    </PHProvider>
+  );
+}
+
+function PostHogPageView() {
+  const pathname = usePathname();
+  const searchParams = useSearchParams();
+  const posthog = usePostHog();
+  const { isSignedIn, userId } = useAuth()
+  const { user } = useUser()
+
+  // Track pageviews
+  useEffect(() => {
+    if (pathname && posthog) {
+      let url = window.origin + pathname;
+      if (searchParams?.toString()) {
+        url = `${url}?${searchParams?.toString()}`;
+      }
+
+      posthog.capture("$pageview", { $current_url: url });
+    }
+  }, [pathname, searchParams, posthog]);
+
+  useEffect(() => {
+    if (isSignedIn && userId && user && !posthog._isIdentified()) {
+      posthog.identify(userId, {
+        email: user.primaryEmailAddress?.emailAddress,
+        username: user.username,
+      })
+    }
+    if (!isSignedIn && posthog._isIdentified()) {
+      posthog.reset()
+    }
+  }, [posthog, user])
+
+  return null;
+}
+
+// Wrap PostHogPageView in Suspense to avoid the useSearchParams usage above
+// from de-opting the whole app into client-side rendering
+// See: https://nextjs.org/docs/messages/deopted-into-client-rendering
+function SuspendedPostHogPageView() {
+  return (
+    <Suspense fallback={null}>
+      <PostHogPageView />
+    </Suspense>
+  );
+}