Skip to main content

🔴 v2.121.0 - Shopify Widget Mastery & Security Authentication Overhaul

⭐⭐⭐ Complex • 28 commits • 212 files changed
This release marks a major milestone in Nudj’s Shopify integration journey and transforms security authentication across the platform. Retailers now have unprecedented control over their Shopify widgets with theming and configuration tools, while all users benefit from industry-standard OTP authentication replacing the previous magic link system. Enhanced analytics, improved UX, and better feature flag management round out this comprehensive release.

What’s New

  • Shopify Widget Designer - Full theming and configuration control with colors, button styles, spacing, icons, and positioning without writing code
  • OTP Authentication System - Secure one-time password authentication replaces magic links with better security and reduced phishing risk
  • Challenge Drop-Off Analytics - Understand exactly where users abandon challenges with detailed funnel analysis and step-by-step insights
  • Shopify Widget Variants - Streamlined “simplified” widget option for minimal footprint with achievements support
  • Smart Feature Flag Integration - Seamlessly hide UI elements when features are disabled, providing cleaner experiences for custom configurations
  • Enhanced Authentication UX - OTP timer preservation during navigation and prevention of duplicate submissions for better reliability

Apps Updated

User App

✓ Updated - 12 changes

API

✓ Updated - 8 changes

Admin

✓ Updated - 6 changes

Design System

✓ Updated - i18n & components

API Client

✓ Updated - Schema additions

Database

✓ Updated - Migrations & models

Detailed Changes

Retailers can now design and customize Shopify widgets directly in the admin panel with live previews and zero code required.What You Get:
  • Visual Designer - Intuitive UI for configuring widget appearance without touching code
  • Color Customization - Full control over widget colors, buttons, backgrounds, and text
  • Button Styling - Choose from multiple button styles (solid, outline, ghost) with custom colors
  • Spacing Controls - Adjust padding, margins, and gaps for perfect widget fit
  • Border Radius Editor - Round corners and customize border radius values
  • Icon Selection - Choose from 15+ icon options for the widget launcher button
  • Position Control - Select widget position (bottom-right, bottom-left, top-right, top-left, etc.)
  • Widget Variants - Switch between standard and simplified widget layouts
  • Live Preview - See changes in real-time before publishing to storefronts
  • Theme Persistence - Settings saved per Shopify community for easy management
Customer Impact:
  • Non-technical retailers can now match widget branding to store aesthetic
  • Reduced design implementation time and support requests
  • Better conversion rates through cohesive customer experience
  • Multi-store retailers can customize per storefront
Technical Highlights:
  • New WidgetModeSelector component for layout selection
  • Modular design components: ColorPicker, BorderRadiusSelector, ButtonStyleSelector, SpacingControls, IconSelector
  • Real-time WidgetPreview component for live customization feedback
  • Extended database schema with ShopifyWidgetThemeDTO and related models
  • New API endpoints for widget settings retrieval and updates
Files Changed: 34 files including new Shopify components, widget settings routes, database migrations, and API schema updates
Replace the previous magic link authentication with industry-standard one-time password (OTP) authentication, delivering better security and improved user experience across the platform.The Problem: Magic link authentication, while convenient, introduces security risks:
  • Vulnerable to phishing attacks if links are intercepted
  • Tokens valid for extended periods increase exposure window
  • No verification that the person accessing the link is the intended user
  • Links can be forwarded to unauthorized parties
What’s Fixed & Improved:
  • OTP-Based Authentication - Users receive 6-digit codes valid for 10 minutes instead of magic links
  • Time-Limited Codes - Short expiration window reduces attack surface
  • Re-submission Prevention - System prevents duplicate OTP submission during redirects
  • Timer Preservation - OTP timer persists when users navigate back to email entry, reducing frustration
  • Email Notifications - Clear email templates inform users of code validity and usage
  • Bilingual Support - Full i18n support across 6 languages
  • Admin & User Unified - Consistent OTP flow for both admin and user app authentication
User Experience Improvements:
  • Users see their 6-digit code on screen and in email
  • 10-minute countdown timer shows code validity
  • Clear feedback if code expires or is invalid
  • Seamless retry without restarting authentication process
  • No email clicking required - safer and more accessible
Technical Architecture:
  • New verify-otp API routes in both admin and user apps
  • verify-otp.ts service for secure code verification
  • Updated email.auth-provider.ts with OTP flow
  • InputOTP component for 6-digit code entry
  • Email template system updated with verification-code.tsx
  • Event-based notification system for OTP delivery
  • System event handling for email sending via handle-system-event.ts
Migration from Magic Links:
  • Existing email-based authentication automatically uses OTP
  • No user action required - seamless transition
  • Magic link email templates replaced with OTP templates
  • All notification infrastructure reuses existing email channels
Files Changed: 34 files across admin app, user app, API, email templates, design system, and notification system
Understand user engagement patterns by analyzing exactly where users abandon challenges with detailed funnel visualization and actionable insights.The Problem: Admins had no visibility into where users drop off during challenges:
  • Can’t see at which step users lose interest
  • No way to identify confusing or lengthy challenge sections
  • Impossible to optimize challenge flow based on data
  • Can’t measure impact of challenge design changes
What You Get:
  • Funnel Chart - Visual representation of user progression through challenge steps
  • Step-by-Step Analytics - See completion rate for each challenge step
  • Drop-Off Identification - Immediately spot which steps have highest abandonment
  • Insight Cards - AI-generated insights on drop-off patterns and trends
  • Action Recommendations - Specific suggestions to improve challenge completion
  • Completion Metrics - Overall challenge completion rate with trend analysis
  • Real-Time Data - Analytics update as users complete challenges
Customer Impact:
  • Identify and fix confusing challenge steps
  • Reduce friction in user journeys
  • Optimize challenge length and complexity
  • Make data-driven decisions on content changes
  • Improve overall engagement metrics
Technical Architecture:
  • New get-challenge-dropoff-analysis.trpc.ts endpoint
  • get-challenge-dropoff-analysis.service.ts for complex funnel calculation
  • Real database analysis with optimized queries (tested with real-db.test.ts)
  • Multiple visualization components: dropoff-funnel-chart.tsx, dropoff-action-cards.tsx, dropoff-insight-card.tsx
  • Server-side data aggregation with dropoff-server.tsx
  • Type-safe models in analytics/challenge/models
Files Changed: 12 files including new analytics endpoints, service layer, UI components, and test coverage
Lightweight widget variant for retailers who want minimal UI footprint with essential gamification features including achievements support.What’s New:
  • Two Widget Modes - Standard full-featured and simplified minimal widgets
  • Mode Toggle - Easy switching between variants in widget settings
  • Achievements Support - Simplified widget displays earned achievements prominently
  • Responsive Design - Optimized for mobile and desktop shopping experiences
  • Fast Loading - Reduced JavaScript bundle for faster widget initialization
  • Achievement Showcase - Display user achievements without cluttering interface
When to Use:
  • Stores with limited screen real estate (mobile-first)
  • Minimalist brand aesthetics
  • Focus on achievements and badges
  • Smaller loyalty programs
Technical Details:
  • New WidgetModeSelector component for easy switching
  • Simplified rendering in widget-content.tsx
  • Support for both widget positions and variants
  • Database schema updates for widget variant tracking
  • Internationalization for variant labels
Files Changed: 17 files including mode selector component, widget rendering, API schema, and i18n updates
Platform now intelligently hides UI elements when their corresponding feature flags are disabled, creating cleaner and more focused user experiences.What’s Improved:
  • Points/XP Hiding - When points system disabled, UI elements disappear automatically
  • Leaderboard Hiding - Leaderboards excluded from view when feature disabled
  • Shop Reference Removal - Shop icons and references hidden in parallax UI when shopping disabled
  • Streak Button Hiding - Streak counter hidden from Friend-of-Brand (FOB) menu when streaks disabled
  • Wallet Access Control - Guest access blocked to wallet when anonymous conversion is enabled
  • Dynamic UI - Interface adapts to community’s enabled features without manual configuration
Customer Impact:
  • Cleaner UI for communities with custom feature sets
  • Reduced user confusion about disabled features
  • Better visual hierarchy focusing on enabled features
  • Seamless experience for communities with feature restrictions
Files Changed: 7 files with intelligent conditional rendering and access control
Multiple improvements to authentication reliability and user experience, particularly around OTP handling and navigation.OTP-Specific Improvements:
  • Timer Persistence - OTP countdown timer maintained when users navigate back to email entry field
  • Duplicate Submission Prevention - System prevents re-submission of OTP during redirect sequences
  • Clear State Management - Proper handling of authentication states across components
  • Error Feedback - Improved error messages for expired or invalid codes
Admin Calendar Fix:
  • Fixed calendar design issues affecting challenge scheduling UI
  • Resolved visual appearance bugs in the admin interface
  • Improved date/time selection experience
Challenge Layout Improvements:
  • Enhanced challenge complete immersive view layout
  • Better spacing and typography for completion screens
  • Improved readability of challenge results
Files Changed: 6 files with targeted fixes and UX improvements
Behind-the-scenes improvements ensuring platform stability and maintainability.Configuration Management:
  • Default email configuration enabled for organizations without custom setup
  • Automatic email system initialization for new organizations
  • Reduced setup steps for first-time email configuration
Database Updates:
  • New migrations for widget settings and theme storage
  • Enhanced models for Shopify widget configuration
  • Improved query performance for analytics endpoints
API Client Updates:
  • Schema additions for new widget theming endpoints
  • Support for challenge drop-off analytics queries
  • Updated DTOs for widget variant support
  • New enums for widget styling options
Shopify Integration Infrastructure:
  • Event handling system for Shopify events
  • Community resolution from Shopify events
  • Enhanced App Proxy configuration
  • Domain handling improvements for widget loading
Files Changed: Multiple infrastructure files ensuring platform stability
Enhanced Shopify integration with event handling capabilities and improved widget loading reliability.What’s New:
  • Event Handling System - Shopify events automatically trigger community resolution
  • Domain Configuration - Uses first domain instead of root domain for widget app URLs
  • CSP Frame-Ancestors - Shopify domains added to Content Security Policy for secure widget embedding
  • Widget Settings Form - Added scroll support for large configuration forms
  • Multi-Store Support - Proper domain handling for merchants with multiple storefronts
Customer Impact:
  • Widgets load reliably across all Shopify store configurations
  • Security maintained with proper CSP policies
  • No configuration errors due to domain mismatches
  • Better form UX for widget configuration
Files Changed: 4 files with infrastructure improvements
Comprehensive i18n updates supporting OTP authentication and widget customization across 6 languages.Languages Supported:
  • English
  • German (Deutsch)
  • Spanish (Español)
  • French (Français)
  • Portuguese (Português)
  • Chinese (中文)
New Translations:
  • OTP code entry and verification terminology
  • Widget theming option labels
  • Widget variant names and descriptions
  • Error messages for authentication flows
  • Analytics and drop-off terminology
Files Changed: 6+ i18n locale files across design system packages

Contributors

James Cockayne@jamescockayne12 commits • +10,589/-988 lines

ZuhayrK00@ZuhayrK008 commits • +2,605/-25,635 lines

Saad K@SaadK944 commits • +3,210/-1,015 lines

Divyesh Bhalala@bhalaladivs3 commits • +321/-46 lines

Release Stats

MetricValue
Total Commits28
Lines Added+16,310
Lines Removed-26,998
Files Changed212
Release Size🔴 Massive
Complexity⭐⭐⭐ Complex

Key Highlights for Different Users

For Store Managers & Merchandisers

  • Shopify Widget Designer lets you customize widget branding to match your store without involving developers
  • Challenge Drop-Off Analytics shows exactly where customers lose interest, helping you optimize challenge design
  • Simplified Widget option provides a cleaner look for stores prioritizing minimal UI

For Community Managers

  • OTP Authentication is more secure and easier to explain to your community members
  • Smart Feature Flag Integration ensures only relevant features appear in your community interface
  • Analytics and insights help you understand engagement patterns and improve challenge design

For Platform Administrators

  • Automatic Email Configuration simplifies organization setup
  • Enhanced Authentication System reduces phishing risks and support tickets
  • Detailed Analytics Endpoints enable custom reporting and business intelligence
v2.121.0 deployed on January 13, 2026