04737300e6
feat(comments): add complete comment system with guest commenting, moderation, and admin UI
...
Implements a fully self-built comment system for the blog:
Data layer:
- comments table with BIGSERIAL PK, parent_id self-reference (ON DELETE SET NULL),
depth tracking (max 20), status workflow (pending/approved/spam/trash),
content hashing for dedup, GDPR consent tracking, IP/UA storage with auto-purge
- 5 partial indexes optimized for read patterns
- updated_at auto-trigger
API (9 Dioxus server functions):
- Public: get_comments, get_comment_count, create_comment
- Admin: get_pending_comments, get_pending_count, get_all_comments,
approve_comment (with ancestor auto-approval), spam_comment, trash_comment,
batch_update_comment_status
Security:
- Function-level rate limiting (1/sec, burst 5) via FullstackContext IP extraction
- Input validation (name, email, URL scheme, content length, consent)
- Parent chain validation (must be approved, same post)
- Strict comment Markdown renderer (headings→strong, no img/id/data URIs, nofollow links)
- Honeypot anti-spam field
- 5-minute dedup window via SHA-256 content hash
Frontend:
- CommentSection with SuspenseBoundary isolation
- Flat-list rendering with depth-based CSS indentation (responsive)
- Gravatar via cravatar.cn (server-computed, email never exposed)
- Inline reply forms (one-at-a-time via Signal)
- Admin action buttons (approve/spam/delete) visible per-comment
- CommentForm with privacy consent, Markdown hint, loading states
Admin:
- /admin/comments page with status tabs, batch operations, pagination
- Pending count badge on admin dashboard
Infrastructure:
- Shared get_current_admin_user moved from posts/helpers to auth module
- COMMENT_LIMITER rate limiter tier
- Moka caches (60s TTL for comments, 10s for pending count)
- IP/UA purge background task (daily, 90-day retention)
2026-06-11 12:34:26 +08:00
5d018864c2
refactor: remove PageLayout from all frontend pages, delegate to FrontendLayout
...
- Remove PageLayout wrapper from Home, HomePage, Archives, Tags,
TagDetail, PostDetail, Search, and About components
- Remove unused imports: use_nav_items, use_route, PageLayout, Route
- Pages now render only their content; Header/Footer are provided by
FrontendLayout via the router's #[layout] attribute
- Skeleton screens (DelayedSkeleton) remain in data-loading branches
- This eliminates redundant Header/Footer re-mounting on every route
change, which was the primary source of page transition flicker
Files changed:
- src/pages/home.rs: remove PageLayout, keep HomeInfo + HomePosts
- src/pages/about.rs: remove PageLayout, render content directly
- src/pages/archives.rs: remove PageLayout, keep header + ArchivesContent
- src/pages/post_detail.rs: remove PageLayout, keep PostDetailContent
- src/pages/search.rs: remove PageLayout, keep search form + results
- src/pages/tags.rs: remove PageLayout from Tags and TagDetail
2026-06-03 18:38:11 +08:00
b6cabe489f
feat: migrate frontend to database-driven posts
...
- Replace hardcoded POSTS with API-driven data in home, archives, tags
- Add post detail page /post/:slug with HTML rendering
- Add admin posts management page with list and soft delete
- Update dashboard with real stats from database
- Add admin navigation for posts management
- Fix PartialEq derives for Post, Tag, PostStats models
- Use use_resource and use_memo for data fetching with proper loading states
2026-06-02 17:33:28 +08:00
