xfy/yggdrasil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
280 Commits 1 Branch 2 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
xfy
ec2f3e313e refactor(comments): remove consented_at column from migration and model 2026-06-11 13:24:00 +08:00
xfy
04737300e6 feat(comments): add complete comment system with guest commenting, moderation, and admin UI 
Implements a fully self-built comment system for the blog:

Data layer:
- comments table with BIGSERIAL PK, parent_id self-reference (ON DELETE SET NULL),
  depth tracking (max 20), status workflow (pending/approved/spam/trash),
  content hashing for dedup, GDPR consent tracking, IP/UA storage with auto-purge
- 5 partial indexes optimized for read patterns
- updated_at auto-trigger

API (9 Dioxus server functions):
- Public: get_comments, get_comment_count, create_comment
- Admin: get_pending_comments, get_pending_count, get_all_comments,
  approve_comment (with ancestor auto-approval), spam_comment, trash_comment,
  batch_update_comment_status

Security:
- Function-level rate limiting (1/sec, burst 5) via FullstackContext IP extraction
- Input validation (name, email, URL scheme, content length, consent)
- Parent chain validation (must be approved, same post)
- Strict comment Markdown renderer (headings→strong, no img/id/data URIs, nofollow links)
- Honeypot anti-spam field
- 5-minute dedup window via SHA-256 content hash

Frontend:
- CommentSection with SuspenseBoundary isolation
- Flat-list rendering with depth-based CSS indentation (responsive)
- Gravatar via cravatar.cn (server-computed, email never exposed)
- Inline reply forms (one-at-a-time via Signal)
- Admin action buttons (approve/spam/delete) visible per-comment
- CommentForm with privacy consent, Markdown hint, loading states

Admin:
- /admin/comments page with status tabs, batch operations, pagination
- Pending count badge on admin dashboard

Infrastructure:
- Shared get_current_admin_user moved from posts/helpers to auth module
- COMMENT_LIMITER rate limiter tier
- Moka caches (60s TTL for comments, 10s for pending count)
- IP/UA purge background task (daily, 90-day retention)
 2026-06-11 12:34:26 +08:00
xfy
4f368e6fb8 test: add 122 unit tests across 12 modules 
Cover utils/text, api/slug, auth/password, auth/session,
models/post, models/user, api/auth validation, api/markdown,
api/image, highlight, api/rate_limit. Add make test target.
 2026-06-09 09:25:44 +08:00
xfy
c26c62558e fix: add status_badge_class for badge styling, restore posts table backgrounds 2026-06-04 16:17:41 +08:00
xfy
58e9dbc5b7 refactor: add status_label/status_class/formatted_date helpers to Post model 2026-06-04 16:13:49 +08:00
xfy
f5413e00cc fix(auth): prevent password_hash from reaching the frontend 
Introduce PublicUser struct without password_hash field. The
get_current_user server function now returns PublicUser via
CurrentUserResponse, so Argon2 hashes are never serialized to WASM.

Internal server-side functions (get_current_admin_user) continue
using the full User struct.
 2026-06-03 10:32:15 +08:00
xfy
203591ff65 feat(model): extend Post with cover_image, reading_time, word_count, toc_html, prev/next nav 2026-06-02 18:13:04 +08:00
xfy
9c5b09a278 chore: code cleanup - formatting, EOF newlines, model helper, and UI tweaks 2026-06-02 17:33:28 +08:00
xfy
b6cabe489f feat: migrate frontend to database-driven posts 
- Replace hardcoded POSTS with API-driven data in home, archives, tags
- Add post detail page /post/:slug with HTML rendering
- Add admin posts management page with list and soft delete
- Update dashboard with real stats from database
- Add admin navigation for posts management
- Fix PartialEq derives for Post, Tag, PostStats models
- Use use_resource and use_memo for data fetching with proper loading states
 2026-06-02 17:33:28 +08:00
xfy
973d6f3d57 feat: add posts, tags database schema and API 
- Add migration 002_posts.sql with posts, tags, post_tags tables
- Add Post/Tag/PostStats models with PostStatus enum
- Add posts API with full CRUD:
  - create_post, update_post, delete_post (admin only)
  - get_post_by_slug, list_published_posts (public)
  - list_posts, get_post_stats (admin)
  - list_tags, get_posts_by_tag, search_posts (public)
- Slug auto-generation with uniqueness check
- Server-side markdown rendering with pulldown-cmark
- Auto-summary extraction from markdown
- Soft delete support
 2026-06-02 17:33:28 +08:00
xfy
c4dfd1f445 Fix additional clippy warnings and update progress 
- Add #[allow(dead_code)] to temporarily unused functions
- Remove unused is_expired() and UserRole::as_str()
- Fix unused variable warnings (token, theme)
- Update progress.txt: mark all stories complete

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 17:02:14 +08:00
xfy
a767f81d21 US-002: 用户模型与认证模块 
- src/models/user.rs: User 结构体 + UserRole 枚举 (admin/blocked)
- src/models/session.rs: Session 结构体
- src/auth/password.rs: argon2 密码哈希和验证
- src/auth/session.rs: UUID v4 token 生成、30天过期、过期检查

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-25 16:17:27 +08:00