76f1b8dd53
feat: add rate limiting configurations
2026-06-08 16:57:48 +08:00
771b155a88
refactor: split posts.rs and fix N+1 with JOIN+array_agg
2026-06-08 16:53:31 +08:00
32131377c3
refactor: integrate tags module into posts.rs and mod.rs
2026-06-08 16:45:20 +08:00
441060e7c2
refactor: extract tag operations into api/tags.rs
2026-06-08 16:44:38 +08:00
6e4e72b232
refactor: extract markdown rendering into api/markdown.rs
2026-06-08 16:42:55 +08:00
4c88d5e2bb
refactor: extract slug utilities into api/slug.rs
2026-06-08 16:40:44 +08:00
e5d37aa034
refactor(api): extract error helper functions, DRY up db/query/tx error handling
2026-06-08 16:17:03 +08:00
717266db1e
fix: resolve conditional compilation and dead code warnings
2026-06-08 16:11:24 +08:00
2c08c6c7fd
fix(image): case-insensitive format matching in process_image
2026-06-08 15:29:17 +08:00
8b1b949bf8
refactor: apply formatting to image.rs
2026-06-08 15:13:18 +08:00
d584ef6e00
fix(image): improve cache keys, case-insensitive format, strict thumb validation
2026-06-08 15:13:18 +08:00
1f009f57c8
feat: add image processing handler with resize/thumbnail/rotate/format
2026-06-08 15:13:18 +08:00
6d28c2b4ce
feat(api): add get_post_by_id server function for editing
2026-06-05 17:29:48 +08:00
22de5add83
fix(api): restore deleted_at filter in slug uniqueness check
2026-06-05 16:20:43 +08:00
c7668c679c
fix(api): include deleted posts in slug uniqueness check
2026-06-05 16:02:45 +08:00
371ebcf8f9
fix(upload): gate axum imports behind #[cfg(feature = "server")]
...
Wrap all axum imports and constants with #[cfg(feature = "server")]
to prevent WASM compilation failures. Provide a no-op stub for
non-server builds.
Fixes: error[E0433]: cannot find module or crate in scope
2026-06-05 15:08:19 +08:00
93020a8e14
fix(upload): remove space in filename format and unused UploadResponse struct
2026-06-05 15:00:29 +08:00
1bae3446e6
feat(api): add image upload handler with admin auth
2026-06-05 14:56:29 +08:00
81d3d72a48
feat: enable extended markdown parsing with table support in post rendering
2026-06-04 18:06:46 +08:00
675349a5b4
fix: add #[cfg(feature = server)] to server-only imports for WASM compatibility
2026-06-04 16:40:42 +08:00
e5ce1580e2
fix: restore dead_code allow on CreatePostRequest to suppress warning
2026-06-04 16:25:05 +08:00
1830fc9f2e
cleanup: remove dead code, debug prints, and unused dead_code allow attributes
2026-06-04 16:20:43 +08:00
c27b2d513e
perf: pre-compile regex patterns and extract markdown stripping to utils/text.rs
2026-06-04 16:08:01 +08:00
28707d3c3a
refactor: reuse session validation in get_current_admin_user via get_user_by_token
2026-06-04 16:02:47 +08:00
d3be04bcec
refactor: extract session parsing to auth/session.rs and db error helpers to api/utils.rs
2026-06-04 15:16:40 +08:00
593666135c
feat: add DB connection retry logic with get_conn() helper
2026-06-04 10:03:56 +08:00
3d19f62fb4
fix: prevent syntax-highlighted spans from being displayed as block due to Tailwind .block class conflict
2026-06-03 16:18:24 +08:00
34e3bcdf95
fix: address code review feedback
...
- Remove unnecessary 'style' from ammonia whitelist (syntect uses classes)
- Log syntect parse errors instead of silently discarding them
- Simplify find_syntax fallback: return &'static directly, remove OnceLock
- Add generated/highlight.css to .gitignore (build artifact)
- Add #[cfg(feature = "server")] guard on mod highlight in main.rs
- Remove redundant code_buffer/code_lang clear on CodeBlock end
2026-06-03 13:13:29 +08:00
11261836c7
feat: add syntect code highlighting with catppuccin themes
...
- Add syntect dependency (server feature, fancy-regex backend)
- Create highlight module with LazyLock globals for SyntaxSet + themes
- Intercept CodeBlock events in markdown rendering for syntax highlighting
- Update ammonia whitelist to allow span/pre/code class/style attributes
- Add generate_highlight_css binary for CSS generation
- Add highlight-css Makefile target (runs before tailwindcss)
- Import generated highlight.css in input.css
- Remove hardcoded code block colors, let catppuccin CSS take over
2026-06-03 11:52:58 +08:00
6c039e16e8
refactor(api): remove unused word_count/reading_time from RenderedContent
2026-06-03 10:54:02 +08:00
61ae3abbc2
fix(api): generate ASCII-only slugs with timestamp fallback
...
Use is_ascii_alphanumeric() instead of is_alphanumeric() to keep
URLs clean. Non-ASCII characters (CJK, etc.) are replaced with
dashes. When the result is empty (pure non-ASCII title), fall back
to a Unix timestamp.
2026-06-03 10:33:11 +08:00
f5413e00cc
fix(auth): prevent password_hash from reaching the frontend
...
Introduce PublicUser struct without password_hash field. The
get_current_user server function now returns PublicUser via
CurrentUserResponse, so Argon2 hashes are never serialized to WASM.
Internal server-side functions (get_current_admin_user) continue
using the full User struct.
2026-06-03 10:32:15 +08:00
8146a8a779
perf(api): split row_to_post into list and full variants
...
List pages (home, tags, search, admin) now use row_to_post_list which
reads pre-rendered content_html from DB instead of re-rendering markdown
on every request. Only get_post_by_slug uses row_to_post_full which
includes TOC, anchors, word count, and prev/next navigation.
2026-06-03 10:29:46 +08:00
19e5a0be41
fix(api): correct count_words for CJK characters
...
Chinese characters (U+4E00-U+9FFF) also return true for is_alphabetic(),
so they were being counted as part of English words instead of individually.
Fix: check CJK range before is_alphabetic().
2026-06-03 10:25:38 +08:00
0290f4d2e7
fix(api): remove debug logging that caused UTF-8 boundary panic; configure ammonia to preserve anchor attributes
2026-06-03 10:09:14 +08:00
0c34df4ba7
fix(api): configure ammonia to preserve class and aria-hidden attributes for anchor links
2026-06-03 09:54:16 +08:00
fb4f5790fc
fix(api): remove hidden attr from anchor links, use CSS display instead
2026-06-03 09:48:12 +08:00
5ff58fec59
fix(api): fix markdown rendering to properly handle code blocks and other elements
2026-06-02 18:30:26 +08:00
14e4a26dc0
fix(api): use rendered HTML with anchors in row_to_post
2026-06-02 18:28:24 +08:00
1088691dca
feat(api): enhance markdown rendering with TOC, anchors, word count; add cover_image support; prev/next post navigation
2026-06-02 18:17:21 +08:00
9c5b09a278
chore: code cleanup - formatting, EOF newlines, model helper, and UI tweaks
2026-06-02 17:33:28 +08:00
1950646bef
feat: add shared components, new pages, and pagination
2026-06-02 17:33:28 +08:00
36231a8ec2
feat: add XSS sanitization with ammonia for markdown rendering
2026-06-02 17:33:28 +08:00
327738c2e0
refactor: replace post_status ENUM with TEXT + CHECK constraint
2026-06-02 17:33:28 +08:00
32e8407ed7
fix: use Debug format {:?} for database errors
...
tokio-postgres Display only shows 'db error', use {:?} for full error chain
2026-06-02 17:33:28 +08:00
5695b1c62b
feat: add explicit error logging and startup validation
...
- Add DATABASE_URL validation on server startup (exit early with clear error)
- Add tracing::error! to all server functions in api/auth.rs
- Bulk add tracing::error! to all database error handlers in api/posts.rs
- Server 500 errors now log detailed context to terminal
2026-06-02 17:33:28 +08:00
973d6f3d57
feat: add posts, tags database schema and API
...
- Add migration 002_posts.sql with posts, tags, post_tags tables
- Add Post/Tag/PostStats models with PostStatus enum
- Add posts API with full CRUD:
- create_post, update_post, delete_post (admin only)
- get_post_by_slug, list_published_posts (public)
- list_posts, get_post_stats (admin)
- list_tags, get_posts_by_tag, search_posts (public)
- Slug auto-generation with uniqueness check
- Server-side markdown rendering with pulldown-cmark
- Auto-summary extraction from markdown
- Soft delete support
2026-06-02 17:33:28 +08:00
0be0719fdb
将 session cookie 改为后端 HttpOnly 设置
...
- login 通过 Set-Cookie 响应头设置 HttpOnly cookie
- get_current_user 从请求 Cookie header 读取 token,匹配具体 session
- logout 通过 Set-Cookie 清除 cookie,并删除对应 session
- 移除前端 document.cookie 操作代码
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 23:54:58 +08:00
91d9c04a3d
支持使用邮箱登录
...
- 登录查询同时匹配 username 或 email
- 更新登录页标签和 placeholder
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 16:16:40 +08:00
c4dfd1f445
Fix additional clippy warnings and update progress
...
- Add #[allow(dead_code)] to temporarily unused functions
- Remove unused is_expired() and UserRole::as_str()
- Fix unused variable warnings (token, theme)
- Update progress.txt: mark all stories complete
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 17:02:14 +08:00
