xfy/yggdrasil
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
131 Commits 1 Branch 2 Tags
Commit Graph

13 Commits

Author SHA1 Message Date
xfy
675349a5b4 fix: add #[cfg(feature = server)] to server-only imports for WASM compatibility 2026-06-04 16:40:42 +08:00
xfy
28707d3c3a refactor: reuse session validation in get_current_admin_user via get_user_by_token 2026-06-04 16:02:47 +08:00
xfy
d3be04bcec refactor: extract session parsing to auth/session.rs and db error helpers to api/utils.rs 2026-06-04 15:16:40 +08:00
xfy
593666135c feat: add DB connection retry logic with get_conn() helper 2026-06-04 10:03:56 +08:00
xfy
f5413e00cc fix(auth): prevent password_hash from reaching the frontend 
Introduce PublicUser struct without password_hash field. The
get_current_user server function now returns PublicUser via
CurrentUserResponse, so Argon2 hashes are never serialized to WASM.

Internal server-side functions (get_current_admin_user) continue
using the full User struct.
 2026-06-03 10:32:15 +08:00
xfy
9c5b09a278 chore: code cleanup - formatting, EOF newlines, model helper, and UI tweaks 2026-06-02 17:33:28 +08:00
xfy
32e8407ed7 fix: use Debug format {:?} for database errors 
tokio-postgres Display only shows 'db error', use {:?} for full error chain
 2026-06-02 17:33:28 +08:00
xfy
5695b1c62b feat: add explicit error logging and startup validation 
- Add DATABASE_URL validation on server startup (exit early with clear error)
- Add tracing::error! to all server functions in api/auth.rs
- Bulk add tracing::error! to all database error handlers in api/posts.rs
- Server 500 errors now log detailed context to terminal
 2026-06-02 17:33:28 +08:00
xfy
0be0719fdb 将 session cookie 改为后端 HttpOnly 设置 
- login 通过 Set-Cookie 响应头设置 HttpOnly cookie
- get_current_user 从请求 Cookie header 读取 token,匹配具体 session
- logout 通过 Set-Cookie 清除 cookie,并删除对应 session
- 移除前端 document.cookie 操作代码

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 23:54:58 +08:00
xfy
91d9c04a3d 支持使用邮箱登录 
- 登录查询同时匹配 username 或 email
- 更新登录页标签和 placeholder

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 16:16:40 +08:00
xfy
c4dfd1f445 Fix additional clippy warnings and update progress 
- Add #[allow(dead_code)] to temporarily unused functions
- Remove unused is_expired() and UserRole::as_str()
- Fix unused variable warnings (token, theme)
- Update progress.txt: mark all stories complete

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 17:02:14 +08:00
xfy
14b92c3a89 US-005: 后台页面与路由整合 
- src/router.rs: Dioxus 路由定义 (/login, /register, /admin, /)
- src/main.rs: 整合所有模块 + server block 启动 dotenvy + session 清理任务
- src/tasks/session_cleanup.rs: 每小时清理过期 session
- 修复编译错误: chrono serde, tokio-postgres chrono, argon2 OsRng
- 移除 server_context 依赖,简化 get_current_user 查询
- Tailwind CSS CDN + darkMode class 配置

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 16:29:50 +08:00
xfy
b2a1e13c79 US-003: 认证 API (Server Functions) 
- src/api/auth.rs: register, login, logout, get_current_user
- register(): 输入验证 + 首个用户 admin + 后续关闭注册
- login(): argon2 验证 + session 创建 + token 返回
- logout(): session 清理
- get_current_user(): 从 cookie 读取 token,返回 Option<User>
- 使用 server_context().request_parts() 读取请求 cookie

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 16:21:11 +08:00