Introduce a lightweight quick note flow with draggable/resizable modal editor, unsaved-change protection, and per-user backend storage APIs backed by a dedicated quick_notes schema.
Made-with: Cursor
- Updated the image upload handler to prevent conflicts when the input and output paths are the same, particularly for webp images.
- Introduced a temporary output path for converted images, ensuring the original file is preserved during processing.
- Enhanced error handling to clean up temporary files and maintain the integrity of the final output.
These changes improve the reliability of the image upload process and prevent potential file overwrites.
- Introduced new utility functions to ensure relative directory paths and prevent unsafe segments in environment variables for static and media directories.
- Updated the STATIC_DIR, MEDIA_UPLOAD_SUBDIR, and RELATIVE_TMP_DIR exports to utilize these new functions, improving error handling and validation.
- Adjusted POST_MEDIA_PUBLIC_PREFIX to align with the new static directory structure.
These changes improve the robustness of media and static asset management, ensuring safer and more consistent directory configurations.
- Added components for tag input and display, allowing users to create and manage tags for posts.
- Implemented backend support for tag persistence and filtering in post lists, enabling OR/AND logic for tag-based queries.
- Updated various pages and components to integrate tag functionality, including post creation, editing, and display in lists.
- Enhanced database schema to support tags and their relationships with posts.
These changes provide a comprehensive tagging system that improves content organization and discoverability across the application.
- Introduced a new function to open export downloads in a new tab, improving user experience for task downloads.
- Updated the export job service to use more precise checks for task expiration, enhancing reliability.
- Modified the .gitignore to include temporary files, ensuring a cleaner project structure.
These changes streamline the export process and improve the management of temporary files.
- Added environment variables to control the maximum number of running and queued export tasks, as well as the maximum retained bytes for exports.
- Implemented logic in the export job service to enforce these limits, providing appropriate error messages when limits are exceeded.
- Enhanced the export task creation process to ensure better resource management and prevent server overload.
These changes improve the stability and reliability of the export functionality by managing task concurrency and resource usage.
- Updated the media upload process to store files in the new `static/media` directory instead of `public/upload`.
- Adjusted related components and tests to reflect the new media URL structure, ensuring all references to media assets are consistent with the new path.
- Enhanced the environment configuration to support dynamic directory settings for media uploads and static assets.
- Improved documentation to outline the changes in media asset management and URL handling.
These changes streamline media management and improve the organization of static assets within the project.
- Introduced a new configuration option `showDiscoverInHeaderForGuest` to control the visibility of the "Discover" navigation link for guests.
- Updated the AppShell component to conditionally render the "Discover" link based on the user's login status and the new config option.
- Modified global configuration handling to include the new option, ensuring it is fetched and saved correctly.
- Enhanced middleware to allow guest access to the "Discover" route if the new config option is enabled.
These changes improve the user experience by providing guests with access to discover content while maintaining control over navigation visibility.
- Added pagination functionality to the users and posts management pages, allowing for better navigation through large datasets.
- Updated API endpoints to support pagination parameters and return total counts for users and posts.
- Introduced a reusable pagination component to enhance user experience and streamline page transitions.
These changes improve the overall usability of the admin interface by enabling efficient data handling and display.
Unify public profile aggregation and route canonical handling so the home page acts as a navigation hub with consistent public-only counts, safer external links, and backward-compatible API fields.
Made-with: Cursor
Add full export bundle download, auto-expire missing artifacts on task refresh, and provide task deletion actions in both API and export center UI.
Made-with: Cursor
- Changed asset paths from `/public/assets` to `/public/upload` across various files to ensure consistency in media storage.
- Introduced visibility handling for posts, allowing for better control over comment visibility based on post status.
- Enhanced markdown export functionality with new utilities for exporting unlisted posts and normalizing image URLs.
- Updated tests to reflect changes in asset paths and visibility logic.
These updates improve the overall media management and user experience in handling post visibility and markdown exports.
- Added commented-out styles for code blocks to enhance presentation and usability.
- Updated markdown configuration to disable HTML rendering for improved security.
- Introduced a function to handle path not found errors in the error logger for better error management.
These changes prepare the codebase for future enhancements in markdown rendering and error handling.
- Added `ensureClientMeSynced` function to synchronize client session with server, improving user experience by reducing unnecessary API calls.
- Updated `AppShell`, `public.vue`, and other components to utilize the new synchronization method instead of the previous refresh mechanism.
- Introduced a new API endpoint for session handling, ensuring consistent user state across client and server.
- Refactored `useAuthSession` to manage client session state more effectively, enhancing overall authentication flow.
This update streamlines the authentication process and enhances the reliability of user session management.
- Introduced a new skill for backend security audits, detailing checks for input validation, authentication, and sensitive data handling.
- Enhanced user registration process by adding specific error handling for username conflicts, returning a 409 status code with a user-friendly message.
- Improved file upload security by implementing checks for allowed image formats, ensuring only valid raster images are processed.
- Updated password hashing to use a stronger algorithm, increasing security for user credentials.
- Added tests for image magic byte validation and RSS URL safety checks to ensure robustness in file handling and URL processing.
This update significantly strengthens the security posture of the backend and improves user experience during registration.
- Introduced `GuestHomeSection` and `LoggedInHomeSection` components to provide tailored content for guests and logged-in users.
- Added a quick create button for logged-in users to facilitate easy post creation.
- Updated the AppShell component to include computed properties for visibility of the quick create button based on user login status.
- Refactored the main index page to utilize the new components, improving the overall layout and user engagement.
- Implemented a new utility function for normalizing post slugs to ensure consistent URL formatting.
This update significantly enhances the homepage experience for both guests and registered users, promoting user interaction and content creation.
- Added TypeScript definitions for nodemailer to improve type safety in email handling.
- Refactored comment email test handler to utilize a dedicated logger for better error tracking and debugging.
- Simplified email configuration retrieval by consolidating it into a single object for clarity and maintainability.
This update enhances the email notification system's robustness and developer experience.
Introduce an email field in the user profile, allowing users to input their email address. Implement email format validation on the server side to ensure proper formatting before saving. Update the profile form to include the email input, enhancing user experience and notification capabilities.
Made-with: Cursor
Skip reply notification sending when receiver email format is invalid, while preserving best-effort behavior and adding test coverage for invalid receiver email.
Made-with: Cursor
Pass postId and commentId into reply notification flow and log structured failure context with receiverUserId and reason while keeping best-effort behavior unchanged.
Made-with: Cursor
Trigger reply notification email after comment creation for public and unlisted endpoints with gated checks for global switch, SMTP readiness, receiver preferences, and self-notify suppression.
Made-with: Cursor
Remove legacy guest compatibility fallback in service logic so undefined guestIsAnonymous is treated as false and guest email stays required by default. Update tests to assert missing anonymous flag without email now fails.
Made-with: Cursor
Keep guestIsAnonymous undefined when the field is omitted so legacy-client compatibility fallback can trigger. Explicit false remains strict and still requires guest email.
Made-with: Cursor
Add a temporary legacy fallback so guest payloads missing both guestEmail and guestIsAnonymous are treated as anonymous during rollout. Add service-level and API body parsing tests for guest email rules, logged-in ignore behavior, and public/unlisted passthrough.
Made-with: Cursor
Add guest email validation with anonymous-mode exceptions and persist guestEmail/guestIsAnonymous in comment creation. Update comment form to collect anonymous and email fields for guests and reset them after successful submit.
Made-with: Cursor
Add IP-based rate limiting for the admin test-email API and set SMTP connection/send timeouts to avoid long blocking requests, with extra admin email format validation.
Made-with: Cursor
Add an admin-only test email endpoint with SMTP config and admin email validation, plus a config-page action button to trigger test sends and minimal service tests for key 400 failure paths.
Made-with: Cursor
Restrict global config GET for non-admin users and always mask commentSmtpPass in responses, while preventing admin save from sending empty smtp passwords that would clear existing secrets.
Made-with: Cursor
Apply trim/blank-to-empty normalization for comment email/smtp global keys in setGlobalConfigValue, and replace registry test casts with KnownConfigKey-safe assertions plus normalization coverage.
Made-with: Cursor
- Added constants for common cloud probe paths and prefixes.
- Introduced middleware to handle cloud probe requests with appropriate cache control headers.
- Updated Nuxt configuration to include route rules for cloud probe paths.
This enhances the application's ability to respond to health checks from various cloud platforms.
- Introduced user notes for media assets, allowing admins and users to add descriptions.
- Enhanced media asset listing with reference contexts, providing links to related content.
- Updated API endpoints to support note saving and retrieval.
- Modified database schema to include user notes and related fields.
- Improved search functionality to include user notes in media asset queries.
Made-with: Cursor
- Introduced new types for audit rows and reference details to improve data structure.
- Updated the media storage audit logic to include references for each asset, allowing for better tracking of media usage.
- Enhanced UI to display reference sources for media assets, clarifying the relationship between assets and their references.
- Improved cleanup descriptions and toast messages for better user understanding of actions taken.
Made-with: Cursor
- Added a custom JSON error handler to improve error responses in Nitro.
- Introduced utility functions to determine JSON request types and normalize error messages.
- Updated Nuxt configuration to utilize the new error handler.
Made-with: Cursor
