xfy/yggdrasil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
110 Commits 1 Branch 2 Tags
Commit Graph

27 Commits

Author SHA1 Message Date
xfy
593666135c feat: add DB connection retry logic with get_conn() helper 2026-06-04 10:03:56 +08:00
xfy
3d19f62fb4 fix: prevent syntax-highlighted spans from being displayed as block due to Tailwind .block class conflict 2026-06-03 16:18:24 +08:00
xfy
34e3bcdf95 fix: address code review feedback 
- Remove unnecessary 'style' from ammonia whitelist (syntect uses classes)
- Log syntect parse errors instead of silently discarding them
- Simplify find_syntax fallback: return &'static directly, remove OnceLock
- Add generated/highlight.css to .gitignore (build artifact)
- Add #[cfg(feature = "server")] guard on mod highlight in main.rs
- Remove redundant code_buffer/code_lang clear on CodeBlock end
 2026-06-03 13:13:29 +08:00
xfy
11261836c7 feat: add syntect code highlighting with catppuccin themes 
- Add syntect dependency (server feature, fancy-regex backend)
- Create highlight module with LazyLock globals for SyntaxSet + themes
- Intercept CodeBlock events in markdown rendering for syntax highlighting
- Update ammonia whitelist to allow span/pre/code class/style attributes
- Add generate_highlight_css binary for CSS generation
- Add highlight-css Makefile target (runs before tailwindcss)
- Import generated highlight.css in input.css
- Remove hardcoded code block colors, let catppuccin CSS take over
 2026-06-03 11:52:58 +08:00
xfy
6c039e16e8 refactor(api): remove unused word_count/reading_time from RenderedContent 2026-06-03 10:54:02 +08:00
xfy
61ae3abbc2 fix(api): generate ASCII-only slugs with timestamp fallback 
Use is_ascii_alphanumeric() instead of is_alphanumeric() to keep
URLs clean. Non-ASCII characters (CJK, etc.) are replaced with
dashes. When the result is empty (pure non-ASCII title), fall back
to a Unix timestamp.
 2026-06-03 10:33:11 +08:00
xfy
f5413e00cc fix(auth): prevent password_hash from reaching the frontend 
Introduce PublicUser struct without password_hash field. The
get_current_user server function now returns PublicUser via
CurrentUserResponse, so Argon2 hashes are never serialized to WASM.

Internal server-side functions (get_current_admin_user) continue
using the full User struct.
 2026-06-03 10:32:15 +08:00
xfy
8146a8a779 perf(api): split row_to_post into list and full variants 
List pages (home, tags, search, admin) now use row_to_post_list which
reads pre-rendered content_html from DB instead of re-rendering markdown
on every request. Only get_post_by_slug uses row_to_post_full which
includes TOC, anchors, word count, and prev/next navigation.
 2026-06-03 10:29:46 +08:00
xfy
19e5a0be41 fix(api): correct count_words for CJK characters 
Chinese characters (U+4E00-U+9FFF) also return true for is_alphabetic(),
so they were being counted as part of English words instead of individually.
Fix: check CJK range before is_alphabetic().
 2026-06-03 10:25:38 +08:00
xfy
0290f4d2e7 fix(api): remove debug logging that caused UTF-8 boundary panic; configure ammonia to preserve anchor attributes 2026-06-03 10:09:14 +08:00
xfy
0c34df4ba7 fix(api): configure ammonia to preserve class and aria-hidden attributes for anchor links 2026-06-03 09:54:16 +08:00
xfy
fb4f5790fc fix(api): remove hidden attr from anchor links, use CSS display instead 2026-06-03 09:48:12 +08:00
xfy
5ff58fec59 fix(api): fix markdown rendering to properly handle code blocks and other elements 2026-06-02 18:30:26 +08:00
xfy
14e4a26dc0 fix(api): use rendered HTML with anchors in row_to_post 2026-06-02 18:28:24 +08:00
xfy
1088691dca feat(api): enhance markdown rendering with TOC, anchors, word count; add cover_image support; prev/next post navigation 2026-06-02 18:17:21 +08:00
xfy
9c5b09a278 chore: code cleanup - formatting, EOF newlines, model helper, and UI tweaks 2026-06-02 17:33:28 +08:00
xfy
1950646bef feat: add shared components, new pages, and pagination 2026-06-02 17:33:28 +08:00
xfy
36231a8ec2 feat: add XSS sanitization with ammonia for markdown rendering 2026-06-02 17:33:28 +08:00
xfy
327738c2e0 refactor: replace post_status ENUM with TEXT + CHECK constraint 2026-06-02 17:33:28 +08:00
xfy
32e8407ed7 fix: use Debug format {:?} for database errors 
tokio-postgres Display only shows 'db error', use {:?} for full error chain
 2026-06-02 17:33:28 +08:00
xfy
5695b1c62b feat: add explicit error logging and startup validation 
- Add DATABASE_URL validation on server startup (exit early with clear error)
- Add tracing::error! to all server functions in api/auth.rs
- Bulk add tracing::error! to all database error handlers in api/posts.rs
- Server 500 errors now log detailed context to terminal
 2026-06-02 17:33:28 +08:00
xfy
973d6f3d57 feat: add posts, tags database schema and API 
- Add migration 002_posts.sql with posts, tags, post_tags tables
- Add Post/Tag/PostStats models with PostStatus enum
- Add posts API with full CRUD:
  - create_post, update_post, delete_post (admin only)
  - get_post_by_slug, list_published_posts (public)
  - list_posts, get_post_stats (admin)
  - list_tags, get_posts_by_tag, search_posts (public)
- Slug auto-generation with uniqueness check
- Server-side markdown rendering with pulldown-cmark
- Auto-summary extraction from markdown
- Soft delete support
 2026-06-02 17:33:28 +08:00
xfy
0be0719fdb 将 session cookie 改为后端 HttpOnly 设置 
- login 通过 Set-Cookie 响应头设置 HttpOnly cookie
- get_current_user 从请求 Cookie header 读取 token,匹配具体 session
- logout 通过 Set-Cookie 清除 cookie,并删除对应 session
- 移除前端 document.cookie 操作代码

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 23:54:58 +08:00
xfy
91d9c04a3d 支持使用邮箱登录 
- 登录查询同时匹配 username 或 email
- 更新登录页标签和 placeholder

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 16:16:40 +08:00
xfy
c4dfd1f445 Fix additional clippy warnings and update progress 
- Add #[allow(dead_code)] to temporarily unused functions
- Remove unused is_expired() and UserRole::as_str()
- Fix unused variable warnings (token, theme)
- Update progress.txt: mark all stories complete

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 17:02:14 +08:00
xfy
14b92c3a89 US-005: 后台页面与路由整合 
- src/router.rs: Dioxus 路由定义 (/login, /register, /admin, /)
- src/main.rs: 整合所有模块 + server block 启动 dotenvy + session 清理任务
- src/tasks/session_cleanup.rs: 每小时清理过期 session
- 修复编译错误: chrono serde, tokio-postgres chrono, argon2 OsRng
- 移除 server_context 依赖,简化 get_current_user 查询
- Tailwind CSS CDN + darkMode class 配置

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 16:29:50 +08:00
xfy
b2a1e13c79 US-003: 认证 API (Server Functions) 
- src/api/auth.rs: register, login, logout, get_current_user
- register(): 输入验证 + 首个用户 admin + 后续关闭注册
- login(): argon2 验证 + session 创建 + token 返回
- logout(): session 清理
- get_current_user(): 从 cookie 读取 token,返回 Option<User>
- 使用 server_context().request_parts() 读取请求 cookie

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 16:21:11 +08:00