xfy
04737300e6
Implements a fully self-built comment system for the blog: Data layer: - comments table with BIGSERIAL PK, parent_id self-reference (ON DELETE SET NULL), depth tracking (max 20), status workflow (pending/approved/spam/trash), content hashing for dedup, GDPR consent tracking, IP/UA storage with auto-purge - 5 partial indexes optimized for read patterns - updated_at auto-trigger API (9 Dioxus server functions): - Public: get_comments, get_comment_count, create_comment - Admin: get_pending_comments, get_pending_count, get_all_comments, approve_comment (with ancestor auto-approval), spam_comment, trash_comment, batch_update_comment_status Security: - Function-level rate limiting (1/sec, burst 5) via FullstackContext IP extraction - Input validation (name, email, URL scheme, content length, consent) - Parent chain validation (must be approved, same post) - Strict comment Markdown renderer (headings→strong, no img/id/data URIs, nofollow links) - Honeypot anti-spam field - 5-minute dedup window via SHA-256 content hash Frontend: - CommentSection with SuspenseBoundary isolation - Flat-list rendering with depth-based CSS indentation (responsive) - Gravatar via cravatar.cn (server-computed, email never exposed) - Inline reply forms (one-at-a-time via Signal) - Admin action buttons (approve/spam/delete) visible per-comment - CommentForm with privacy consent, Markdown hint, loading states Admin: - /admin/comments page with status tabs, batch operations, pagination - Pending count badge on admin dashboard Infrastructure: - Shared get_current_admin_user moved from posts/helpers to auth module - COMMENT_LIMITER rate limiter tier - Moka caches (60s TTL for comments, 10s for pending count) - IP/UA purge background task (daily, 90-day retention)
Yggdrasil
基于 Dioxus 0.7 的全栈博客系统,Rust 单一代码库同时编译为 WASM 前端和原生服务端。
技术栈
- 框架: Dioxus 0.7 (fullstack)
- 数据库: PostgreSQL + tokio-postgres
- 样式: Tailwind CSS v4
- 密码: Argon2
- 会话: UUID token + cookie
功能
- 邮箱注册 / 登录(单管理员模式,首次注册后关闭)
- 会话管理与自动过期清理
- 暗色 / 亮色主题切换
- 后台文章撰写(Tiptap Markdown 编辑器)
- 文章归档与标签浏览
开发
依赖 Rust 1.95+、wasm32 目标、dx CLI、tailwindcss CLI v4 和 PostgreSQL。
# 配置数据库
DATABASE_URL=postgres://postgres:postgres@localhost:5432/yggdrasil
# 运行迁移
psql $DATABASE_URL -f migrations/001_init.sql
# 启动开发服务器
make dev
构建
make build