04737300e6
feat(comments): add complete comment system with guest commenting, moderation, and admin UI
...
Implements a fully self-built comment system for the blog:
Data layer:
- comments table with BIGSERIAL PK, parent_id self-reference (ON DELETE SET NULL),
depth tracking (max 20), status workflow (pending/approved/spam/trash),
content hashing for dedup, GDPR consent tracking, IP/UA storage with auto-purge
- 5 partial indexes optimized for read patterns
- updated_at auto-trigger
API (9 Dioxus server functions):
- Public: get_comments, get_comment_count, create_comment
- Admin: get_pending_comments, get_pending_count, get_all_comments,
approve_comment (with ancestor auto-approval), spam_comment, trash_comment,
batch_update_comment_status
Security:
- Function-level rate limiting (1/sec, burst 5) via FullstackContext IP extraction
- Input validation (name, email, URL scheme, content length, consent)
- Parent chain validation (must be approved, same post)
- Strict comment Markdown renderer (headings→strong, no img/id/data URIs, nofollow links)
- Honeypot anti-spam field
- 5-minute dedup window via SHA-256 content hash
Frontend:
- CommentSection with SuspenseBoundary isolation
- Flat-list rendering with depth-based CSS indentation (responsive)
- Gravatar via cravatar.cn (server-computed, email never exposed)
- Inline reply forms (one-at-a-time via Signal)
- Admin action buttons (approve/spam/delete) visible per-comment
- CommentForm with privacy consent, Markdown hint, loading states
Admin:
- /admin/comments page with status tabs, batch operations, pagination
- Pending count badge on admin dashboard
Infrastructure:
- Shared get_current_admin_user moved from posts/helpers to auth module
- COMMENT_LIMITER rate limiter tier
- Moka caches (60s TTL for comments, 10s for pending count)
- IP/UA purge background task (daily, 90-day retention)
2026-06-11 12:34:26 +08:00
62e2045b35
feat: add cache module with moka-backed post/tag/stats caching
...
- Create src/cache.rs with CacheKey enum, moka cache instances,
getter/setter functions, and invalidation helpers.
- TTLs: post list 60s, tags 300s, single post 600s, stats 60s,
tag posts 120s.
- Register mod cache in src/main.rs.
- All cache internals gated behind #[cfg(feature = "server")]
2026-06-09 16:47:17 +08:00
7d9c4b9e0f
refactor: simplify TraceLayer setup and reformat route definitions
2026-06-09 15:58:18 +08:00
2e2be7b16d
feat: add WebP encoding support with zenwebp
...
- Replace image crate's WebP with zenwebp for better quality/speed
- Add webp.rs module with configurable quality and method
- Update .env.example with WEBP_QUALITY and WEBP_METHOD
- Add WebP decode support in image serving pipeline
- Add detailed timing logs for WebP conversion
2026-06-09 15:30:06 +08:00
3974856f3d
fix: resolve image/upload 500 errors and refactor rate limiting
...
- Separate /uploads and /api/upload routes from Dioxus app to avoid
IncrementalRenderer intercepting non-page requests
- Remove broken SmartIpKeyExtractor-based general_limit() that failed
under Dioxus dev server proxy (Unable To Extract Key)
- Move rate limiting into handlers using governor::RateLimiter directly
- Add IMAGE_LIMITER for /uploads/* serving
- Make all rate limits configurable via environment variables
- Add rate limit config to .env.example with sensible defaults
2026-06-09 09:48:51 +08:00
db33d02154
feat: apply rate limiting middleware to axum router
2026-06-08 16:59:26 +08:00
7963103f62
feat: wire up image processing route replacing ServeDir
2026-06-08 15:13:18 +08:00
26eb62c2ae
fix(upload): disable default body limit and fix error object serialization
2026-06-05 16:52:52 +08:00
76797f1bc3
feat(server): register upload route and static file serving
2026-06-05 15:14:10 +08:00
9da060ac32
refactor: extract sleep_ms to utils/time.rs, deduplicate in hooks and skeletons
2026-06-04 15:11:08 +08:00
269095cc65
feat: configure incremental SSR caching
2026-06-03 14:36:22 +08:00
34e3bcdf95
fix: address code review feedback
...
- Remove unnecessary 'style' from ammonia whitelist (syntect uses classes)
- Log syntect parse errors instead of silently discarding them
- Simplify find_syntax fallback: return &'static directly, remove OnceLock
- Add generated/highlight.css to .gitignore (build artifact)
- Add #[cfg(feature = "server")] guard on mod highlight in main.rs
- Remove redundant code_buffer/code_lang clear on CodeBlock end
2026-06-03 13:13:29 +08:00
11261836c7
feat: add syntect code highlighting with catppuccin themes
...
- Add syntect dependency (server feature, fancy-regex backend)
- Create highlight module with LazyLock globals for SyntaxSet + themes
- Intercept CodeBlock events in markdown rendering for syntax highlighting
- Update ammonia whitelist to allow span/pre/code class/style attributes
- Add generate_highlight_css binary for CSS generation
- Add highlight-css Makefile target (runs before tailwindcss)
- Import generated highlight.css in input.css
- Remove hardcoded code block colors, let catppuccin CSS take over
2026-06-03 11:52:58 +08:00
f3c1718cd0
feat: add use_delayed_loading hook to prevent skeleton flash
2026-06-02 17:53:04 +08:00
9c5b09a278
chore: code cleanup - formatting, EOF newlines, model helper, and UI tweaks
2026-06-02 17:33:28 +08:00
5695b1c62b
feat: add explicit error logging and startup validation
...
- Add DATABASE_URL validation on server startup (exit early with clear error)
- Add tracing::error! to all server functions in api/auth.rs
- Bulk add tracing::error! to all database error handlers in api/posts.rs
- Server 500 errors now log detailed context to terminal
2026-06-02 17:33:28 +08:00
24b04ee638
修复请求日志不输出的问题
...
TraceLayer 默认使用 DEBUG 级别,被 INFO 过滤器过滤;且放在
serve_dioxus_application 之前会被其重建路由时丢弃。将级别提升
至 INFO 并移至 serve_dioxus_application 之后。
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-02 17:33:28 +08:00
李林军
4093178fc3
添加tracing日志并重构服务器启动逻辑
2026-05-27 11:39:09 +08:00
61376f6ba9
修复 admin 路由切换闪烁,全局替换原生导航为客户端路由
...
- 新增全局 UserContext,将用户认证状态提升到 App 级别缓存
- 将 /admin 和 /admin/write 改为嵌套路由,AdminLayout 作为共享父布局
- AdminLayout 使用 Outlet 渲染子页面,避免路由切换时重复挂载
- 修复所有原生 <a> 标签导致的整页刷新问题:
- Header 导航栏 Logo 和 NavItem
- 首页文章卡片、分页按钮
- 归档页文章条目
- 标签页标签云、文章卡片、标签链接
- 登录/注册页面链接
- Dashboard 快捷操作按钮
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 00:18:15 +08:00
8b9c6aa83d
重构 admin 模块,新增共享组件和文章撰写页面
...
- 将 monolithic admin.rs 拆分为 admin/ 目录模块(dashboard、write)
- 新增 components 模块:Header、Footer、AdminLayout
- 新增 /admin/write 文章撰写页面,支持 Markdown 实时预览
- 添加 pulldown-cmark 依赖用于 Markdown 渲染
- .env 移出版本控制,新增 .env.example 模板
- Home、Archives、Tags、Login、Register 等页面适配新组件
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 16:13:18 +08:00
c4dfd1f445
Fix additional clippy warnings and update progress
...
- Add #[allow(dead_code)] to temporarily unused functions
- Remove unused is_expired() and UserRole::as_str()
- Fix unused variable warnings (token, theme)
- Update progress.txt: mark all stories complete
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 17:02:14 +08:00
6df0a7ee19
US-006: 验证 + 修复编译和运行时问题
...
- 修复 migration: role 从 ENUM 改为 VARCHAR(20) 以兼容 tokio-postgres
- 修复 Cargo.toml: 将 chrono/argon2/uuid/rand 改为非 optional,添加 wasm-bindgen/getrandom js
- 修复 main.rs: Tokio runtime panic,改用 std::thread + Runtime::new
- 修复 db/mod.rs wasm stub: DummyPool 替代 deadpool_postgres
- 修复 login/admin.rs: wasm_bindgen::JsCast 条件编译
- 验证通过: 注册✓ 登录✓ get_current_user✓ 重复注册拒绝✓ 错误密码✓
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 16:49:43 +08:00
14b92c3a89
US-005: 后台页面与路由整合
...
- src/router.rs: Dioxus 路由定义 (/login, /register, /admin, /)
- src/main.rs: 整合所有模块 + server block 启动 dotenvy + session 清理任务
- src/tasks/session_cleanup.rs: 每小时清理过期 session
- 修复编译错误: chrono serde, tokio-postgres chrono, argon2 OsRng
- 移除 server_context 依赖,简化 get_current_user 查询
- Tailwind CSS CDN + darkMode class 配置
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 16:29:50 +08:00
2dd53e3516
Initial commit: Dioxus project scaffold
...
Add project configuration and main entry point.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 15:00:12 +08:00
