- Introduced a new configuration option `showDiscoverInHeaderForGuest` to control the visibility of the "Discover" navigation link for guests.
- Updated the AppShell component to conditionally render the "Discover" link based on the user's login status and the new config option.
- Modified global configuration handling to include the new option, ensuring it is fetched and saved correctly.
- Enhanced middleware to allow guest access to the "Discover" route if the new config option is enabled.
These changes improve the user experience by providing guests with access to discover content while maintaining control over navigation visibility.
- Added pagination functionality to the users and posts management pages, allowing for better navigation through large datasets.
- Updated API endpoints to support pagination parameters and return total counts for users and posts.
- Introduced a reusable pagination component to enhance user experience and streamline page transitions.
These changes improve the overall usability of the admin interface by enabling efficient data handling and display.
Unify public profile aggregation and route canonical handling so the home page acts as a navigation hub with consistent public-only counts, safer external links, and backward-compatible API fields.
Made-with: Cursor
Add full export bundle download, auto-expire missing artifacts on task refresh, and provide task deletion actions in both API and export center UI.
Made-with: Cursor
- Changed asset paths from `/public/assets` to `/public/upload` across various files to ensure consistency in media storage.
- Introduced visibility handling for posts, allowing for better control over comment visibility based on post status.
- Enhanced markdown export functionality with new utilities for exporting unlisted posts and normalizing image URLs.
- Updated tests to reflect changes in asset paths and visibility logic.
These updates improve the overall media management and user experience in handling post visibility and markdown exports.
- Added commented-out styles for code blocks to enhance presentation and usability.
- Updated markdown configuration to disable HTML rendering for improved security.
- Introduced a function to handle path not found errors in the error logger for better error management.
These changes prepare the codebase for future enhancements in markdown rendering and error handling.
- Added `ensureClientMeSynced` function to synchronize client session with server, improving user experience by reducing unnecessary API calls.
- Updated `AppShell`, `public.vue`, and other components to utilize the new synchronization method instead of the previous refresh mechanism.
- Introduced a new API endpoint for session handling, ensuring consistent user state across client and server.
- Refactored `useAuthSession` to manage client session state more effectively, enhancing overall authentication flow.
This update streamlines the authentication process and enhances the reliability of user session management.
- Introduced a new skill for backend security audits, detailing checks for input validation, authentication, and sensitive data handling.
- Enhanced user registration process by adding specific error handling for username conflicts, returning a 409 status code with a user-friendly message.
- Improved file upload security by implementing checks for allowed image formats, ensuring only valid raster images are processed.
- Updated password hashing to use a stronger algorithm, increasing security for user credentials.
- Added tests for image magic byte validation and RSS URL safety checks to ensure robustness in file handling and URL processing.
This update significantly strengthens the security posture of the backend and improves user experience during registration.
- Introduced `GuestHomeSection` and `LoggedInHomeSection` components to provide tailored content for guests and logged-in users.
- Added a quick create button for logged-in users to facilitate easy post creation.
- Updated the AppShell component to include computed properties for visibility of the quick create button based on user login status.
- Refactored the main index page to utilize the new components, improving the overall layout and user engagement.
- Implemented a new utility function for normalizing post slugs to ensure consistent URL formatting.
This update significantly enhances the homepage experience for both guests and registered users, promoting user interaction and content creation.
- Added TypeScript definitions for nodemailer to improve type safety in email handling.
- Refactored comment email test handler to utilize a dedicated logger for better error tracking and debugging.
- Simplified email configuration retrieval by consolidating it into a single object for clarity and maintainability.
This update enhances the email notification system's robustness and developer experience.
Introduce an email field in the user profile, allowing users to input their email address. Implement email format validation on the server side to ensure proper formatting before saving. Update the profile form to include the email input, enhancing user experience and notification capabilities.
Made-with: Cursor
Skip reply notification sending when receiver email format is invalid, while preserving best-effort behavior and adding test coverage for invalid receiver email.
Made-with: Cursor
Pass postId and commentId into reply notification flow and log structured failure context with receiverUserId and reason while keeping best-effort behavior unchanged.
Made-with: Cursor
Trigger reply notification email after comment creation for public and unlisted endpoints with gated checks for global switch, SMTP readiness, receiver preferences, and self-notify suppression.
Made-with: Cursor
Remove legacy guest compatibility fallback in service logic so undefined guestIsAnonymous is treated as false and guest email stays required by default. Update tests to assert missing anonymous flag without email now fails.
Made-with: Cursor
Keep guestIsAnonymous undefined when the field is omitted so legacy-client compatibility fallback can trigger. Explicit false remains strict and still requires guest email.
Made-with: Cursor
Add a temporary legacy fallback so guest payloads missing both guestEmail and guestIsAnonymous are treated as anonymous during rollout. Add service-level and API body parsing tests for guest email rules, logged-in ignore behavior, and public/unlisted passthrough.
Made-with: Cursor
Add guest email validation with anonymous-mode exceptions and persist guestEmail/guestIsAnonymous in comment creation. Update comment form to collect anonymous and email fields for guests and reset them after successful submit.
Made-with: Cursor
Add IP-based rate limiting for the admin test-email API and set SMTP connection/send timeouts to avoid long blocking requests, with extra admin email format validation.
Made-with: Cursor
Add an admin-only test email endpoint with SMTP config and admin email validation, plus a config-page action button to trigger test sends and minimal service tests for key 400 failure paths.
Made-with: Cursor
Restrict global config GET for non-admin users and always mask commentSmtpPass in responses, while preventing admin save from sending empty smtp passwords that would clear existing secrets.
Made-with: Cursor
Apply trim/blank-to-empty normalization for comment email/smtp global keys in setGlobalConfigValue, and replace registry test casts with KnownConfigKey-safe assertions plus normalization coverage.
Made-with: Cursor
- Added constants for common cloud probe paths and prefixes.
- Introduced middleware to handle cloud probe requests with appropriate cache control headers.
- Updated Nuxt configuration to include route rules for cloud probe paths.
This enhances the application's ability to respond to health checks from various cloud platforms.
- Introduced user notes for media assets, allowing admins and users to add descriptions.
- Enhanced media asset listing with reference contexts, providing links to related content.
- Updated API endpoints to support note saving and retrieval.
- Modified database schema to include user notes and related fields.
- Improved search functionality to include user notes in media asset queries.
Made-with: Cursor
- Introduced new types for audit rows and reference details to improve data structure.
- Updated the media storage audit logic to include references for each asset, allowing for better tracking of media usage.
- Enhanced UI to display reference sources for media assets, clarifying the relationship between assets and their references.
- Improved cleanup descriptions and toast messages for better user understanding of actions taken.
Made-with: Cursor
- Added a custom JSON error handler to improve error responses in Nitro.
- Introduced utility functions to determine JSON request types and normalize error messages.
- Updated Nuxt configuration to utilize the new error handler.
Made-with: Cursor
