fix(comments): enforce strict default non-anonymous guest rule

Remove legacy guest compatibility fallback in service logic so undefined guestIsAnonymous is treated as false and guest email stays required by default. Update tests to assert missing anonymous flag without email now fails.

Made-with: Cursor

server/service/post-comments/guest-fields.test.ts

@@ -32,11 +32,11 @@ describe("resolveGuestFields", () => {
     ).toEqual({ guestEmail: null, guestIsAnonymous: false });
   });
 
-  test("legacy payload without guest email fields falls back to anonymous", () => {
+  test("guest with undefined anonymous flag defaults to non-anonymous and requires email", () => {
-    expect(
+    expect(() =>
       resolveGuestFields({
         viewerPresent: false,
       }),
-    ).toEqual({ guestEmail: null, guestIsAnonymous: true });
+    ).toThrow(GuestCommentValidationError);
   });
 });

server/service/post-comments/guest-fields.ts

@@ -14,10 +14,7 @@ export function resolveGuestFields(input: {
     return { guestEmail: null, guestIsAnonymous: false };
   }
 
-  // 兼容过渡策略：旧客户端尚未上送 guestEmail/guestIsAnonymous 时，按匿名处理，避免发布窗口内全量 400。
+  const guestIsAnonymous = input.guestIsAnonymous === true;
-  // 待所有客户端完成升级后可移除此分支，恢复严格“默认非匿名且邮箱必填”语义。
-  const isLegacyGuestPayload = input.guestEmail == null && input.guestIsAnonymous === undefined;
-  const guestIsAnonymous = input.guestIsAnonymous === true || isLegacyGuestPayload;
   const guestEmail = validateGuestCommentEmail(input.guestEmail, guestIsAnonymous);
   return { guestEmail, guestIsAnonymous };
 }