feat(community): Phase 3.C — Identität (Avatar + Klarname-Toggle + Karma + Eulen-Profil)

Macht aus den Pseudonymen echte Charaktere ohne Klarnamen-Zwang. Pixel-Identicon-Avatar (3.C.2): - generateAvatarSvg(displayHash) — pure-function, deterministisch. 5×5 left-mirrored Identicon mit HSL-Foreground/Background aus dem Hash. Inline-SVG, kein Storage, kein img-load-Flicker. - <EulenAvatar> Component im Package, in ItemCard neben dem Pseudonym. Klarname-Toggle (3.C.1): - auth.users + community_show_real_name boolean (default off, opt-in). - PATCH /api/v1/me/profile akzeptiert communityShowRealName. - mana-analytics LEFT JOINs auth.users → bei opt-in liefert auth- required /public + /me/reacted Endpoints zusätzlich realName. - Anonymous /api/v1/public/feedback/* zeigt realName NIE — auch nicht wenn opted-in. Public-Mirror bleibt für SEO + Privacy safe. - Migration 008_community_identity.sql lokal + prod eingespielt. Karma-System (3.C.3): - auth.users + community_karma int. toggleReaction increment/decrement am Author-User (Self-Reactions zählen nicht — kein Self-Farming). - KARMA_THRESHOLDS + tierFromKarma() im Package: Bronze (0-9) / Silver (10-49) / Gold (50-199) / Platin (200+). - ItemCard zeigt Tier-Dot neben dem Pseudonym, Title-Tooltip mit Karma-Zahl. Floor-clamped at 0. Eulen-Profil (3.C.4): - GET /api/v1/public/feedback/eule/{hash} — alle public-Posts dieser Eule + aggregiertes Karma. SHA256-Format-Validation. - /community/eule/[hash] Public-SSR-Route mit Avatar-Hero, Tier-Badge, Karma-Counter, Post-Liste. Author-Klick im ItemCard navigiert hin. - publicFeedbackService.getEulenProfile() im Package. PublicFeedbackItem erweitert um displayHash (public Pseudonym-ID, SHA256 ist one-way → safe to expose) + karma + optional realName. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 21:21:10 +02:00 · 2026-04-27 15:15:16 +02:00 · 2026-04-27 15:15:16 +02:00 · ee5bb2871c
commit ee5bb2871c
parent 42e4d58c8c
16 changed files with 760 additions and 23 deletions
--- a/services/mana-analytics/src/db/schema/auth-users.ts
+++ b/services/mana-analytics/src/db/schema/auth-users.ts
@ -0,0 +1,22 @@
+/**
+ * Read-only cross-schema view of auth.users for the public-community
+ * hub. mana-auth owns the table; we JOIN it from mana-analytics to
+ * enrich feed responses with the post-author's real-name opt-in and
+ * karma score. We never INSERT/UPDATE/DELETE here — that's
+ * mana-auth's job.
+ *
+ * The full auth.users schema is defined in
+ * services/mana-auth/src/db/schema/auth.ts; this file declares just
+ * the columns mana-analytics actually reads.
+ */
+
+import { pgSchema, text, boolean, integer } from 'drizzle-orm/pg-core';
+
+const authSchema = pgSchema('auth');
+
+export const authUsers = authSchema.table('users', {
+	id: text('id').primaryKey(),
+	name: text('name').notNull(),
+	communityShowRealName: boolean('community_show_real_name').default(false).notNull(),
+	communityKarma: integer('community_karma').default(0).notNull(),
+});
--- a/services/mana-analytics/src/routes/feedback.ts
+++ b/services/mana-analytics/src/routes/feedback.ts
@ -44,6 +44,7 @@ export function createFeedbackRoutes(feedbackService: FeedbackService) {
 			status,
 			limit,
 			offset,
+			includeRealName: true,
 		});

 		const enriched = await Promise.all(
@ -87,7 +88,7 @@ export function createFeedbackRoutes(feedbackService: FeedbackService) {
 	});

 	r.get('/:id/replies', async (c) => {
-		return c.json(await feedbackService.getReplies(c.req.param('id')));
+		return c.json(await feedbackService.getReplies(c.req.param('id'), { includeRealName: true }));
 	});

 	// ── Reactions ─────────────────────────────────────────────────────
--- a/services/mana-analytics/src/routes/public.ts
+++ b/services/mana-analytics/src/routes/public.ts
@ -33,6 +33,15 @@ export function createPublicFeedbackRoutes(feedbackService: FeedbackService) {
 		return c.json({ items });
 	});

+	r.get('/eule/:hash', async (c) => {
+		const hash = c.req.param('hash');
+		// Display-hashes are 64-char hex (SHA256) — bail early on garbage.
+		if (!/^[0-9a-f]{32,64}$/i.test(hash)) {
+			return c.json({ error: 'invalid display_hash' }, 400);
+		}
+		return c.json(await feedbackService.getEulenProfile(hash));
+	});
+
 	r.get('/:id', async (c) => {
 		const item = await feedbackService.getPublicItem(c.req.param('id'));
 		if (!item) return c.json({ error: 'Not found' }, 404);
--- a/services/mana-analytics/src/services/feedback.ts
+++ b/services/mana-analytics/src/services/feedback.ts
@ -19,6 +19,7 @@ import {
 	feedbackGrantLog,
 	feedbackNotifications,
 } from '../db/schema/feedback';
+import { authUsers } from '../db/schema/auth-users';
 import type { Database } from '../db/connection';
 import { NotFoundError, BadRequestError } from '../lib/errors';
 import { createDisplayHash, generateDisplayName } from '../lib/pseudonym';
@ -65,14 +66,32 @@ export type PublicFeedbackItem = {
 	status: string;
 	moduleContext: string | null;
 	parentId: string | null;
+	/** Public Pseudonym ID — SHA256 of userId+secret, one-way and
+	 *  safe to expose. Used for avatar generation and Eulen-Profil-URLs. */
+	displayHash: string;
 	displayName: string;
 	reactions: Record<string, number>;
 	score: number;
 	adminResponse: string | null;
 	createdAt: Date;
 	updatedAt: Date;
+	/** Author's community karma (public, drives tier-badge). */
+	karma: number;
+	/** Real name, only present when:
+	 *  - the post-author opted in via communityShowRealName=true, AND
+	 *  - the response is going to an authenticated caller (the
+	 *    anonymous /public endpoint always strips this).
+	 */
+	realName?: string;
 };

+type FeedbackRow = typeof userFeedback.$inferSelect;
+type AuthUserRow = {
+	name: string;
+	communityShowRealName: boolean;
+	communityKarma: number;
+} | null;
+
 export class FeedbackService {
 	constructor(
 		private db: Database,
@ -213,9 +232,18 @@ export class FeedbackService {
 			status?: string;
 			limit?: number;
 			offset?: number;
+			includeRealName?: boolean;
 		} = {}
 	): Promise<PublicFeedbackItem[]> {
-		const { appId, moduleContext, category, status, limit = 50, offset = 0 } = opts;
+		const {
+			appId,
+			moduleContext,
+			category,
+			status,
+			limit = 50,
+			offset = 0,
+			includeRealName = false,
+		} = opts;

 		const conditions = [eq(userFeedback.isPublic, true), isNull(userFeedback.parentId)];
 		if (appId) conditions.push(eq(userFeedback.appId, appId));
@ -224,34 +252,84 @@ export class FeedbackService {
 		if (status) conditions.push(eq(userFeedback.status, status as any));

 		const rows = await this.db
-			.select()
+			.select({ feedback: userFeedback, author: this.authorSelection() })
 			.from(userFeedback)
+			.leftJoin(authUsers, eq(authUsers.id, userFeedback.userId))
 			.where(and(...conditions))
 			.orderBy(desc(userFeedback.score), desc(userFeedback.createdAt))
 			.limit(limit)
 			.offset(offset);

-		return rows.map(redact);
+		return rows.map((r) => redact(r.feedback, r.author, { includeRealName }));
 	}

 	/** Replies for a single parent item (1-level threading). */
-	async getReplies(parentId: string): Promise<PublicFeedbackItem[]> {
+	async getReplies(
+		parentId: string,
+		opts: { includeRealName?: boolean } = {}
+	): Promise<PublicFeedbackItem[]> {
 		const rows = await this.db
-			.select()
+			.select({ feedback: userFeedback, author: this.authorSelection() })
 			.from(userFeedback)
+			.leftJoin(authUsers, eq(authUsers.id, userFeedback.userId))
 			.where(and(eq(userFeedback.parentId, parentId), eq(userFeedback.isPublic, true)))
 			.orderBy(userFeedback.createdAt);
-		return rows.map(redact);
+		return rows.map((r) =>
+			redact(r.feedback, r.author, { includeRealName: opts.includeRealName ?? false })
+		);
+	}
+
+	/**
+	 * Public Eulen-Profil — alle public-Posts unter dem display_hash plus
+	 * aggregierte Karma vom Author. Liefert auch ein leeres Array (kein
+	 * Throw), wenn der Hash nirgends auftaucht; das macht das Frontend
+	 * easier (keine 404-Race auf dynamic IDs).
+	 */
+	async getEulenProfile(displayHash: string): Promise<{
+		displayHash: string;
+		displayName: string | null;
+		karma: number;
+		items: PublicFeedbackItem[];
+	}> {
+		const rows = await this.db
+			.select({ feedback: userFeedback, author: this.authorSelection() })
+			.from(userFeedback)
+			.leftJoin(authUsers, eq(authUsers.id, userFeedback.userId))
+			.where(and(eq(userFeedback.displayHash, displayHash), eq(userFeedback.isPublic, true)))
+			.orderBy(desc(userFeedback.createdAt))
+			.limit(200);
+
+		const items = rows.map((r) => redact(r.feedback, r.author, { includeRealName: false }));
+		const displayName = items[0]?.displayName ?? null;
+		const karma = rows[0]?.author?.communityKarma ?? 0;
+
+		return { displayHash, displayName, karma, items };
 	}

 	/** Single public item by id. Returns null if not found / not public. */
-	async getPublicItem(id: string): Promise<PublicFeedbackItem | null> {
+	async getPublicItem(
+		id: string,
+		opts: { includeRealName?: boolean } = {}
+	): Promise<PublicFeedbackItem | null> {
 		const [row] = await this.db
-			.select()
+			.select({ feedback: userFeedback, author: this.authorSelection() })
 			.from(userFeedback)
+			.leftJoin(authUsers, eq(authUsers.id, userFeedback.userId))
 			.where(and(eq(userFeedback.id, id), eq(userFeedback.isPublic, true)))
 			.limit(1);
-		return row ? redact(row) : null;
+		return row
+			? redact(row.feedback, row.author, { includeRealName: opts.includeRealName ?? false })
+			: null;
+	}
+
+	/** Selection helper — picks the auth-user columns we need. Drizzle
+	 *  treats the missing-author case (deleted user, FK orphan) as null. */
+	private authorSelection() {
+		return {
+			name: authUsers.name,
+			communityShowRealName: authUsers.communityShowRealName,
+			communityKarma: authUsers.communityKarma,
+		};
 	}

 	// ── Authenticated reads ───────────────────────────────────────────
@ -273,9 +351,10 @@ export class FeedbackService {
 	 */
 	async getMyReactedItems(userId: string, limit = 100): Promise<PublicFeedbackItem[]> {
 		const rows = await this.db
-			.selectDistinct({ feedback: userFeedback })
+			.selectDistinct({ feedback: userFeedback, author: this.authorSelection() })
 			.from(feedbackReactions)
 			.innerJoin(userFeedback, eq(feedbackReactions.feedbackId, userFeedback.id))
+			.leftJoin(authUsers, eq(authUsers.id, userFeedback.userId))
 			.where(
 				and(
 					eq(feedbackReactions.userId, userId),
@ -286,7 +365,7 @@ export class FeedbackService {
 			.orderBy(desc(userFeedback.updatedAt))
 			.limit(limit);

-		return rows.map((r) => redact(r.feedback));
+		return rows.map((r) => redact(r.feedback, r.author, { includeRealName: true }));
 	}

 	/** Map of emoji → boolean for the requesting user on a feedback item. */
@ -315,14 +394,20 @@ export class FeedbackService {
 			throw new BadRequestError(`Unsupported emoji: ${emoji}`);
 		}

-		// Ensure target item exists.
+		// Ensure target item exists + grab the author for karma tracking.
 		const [item] = await this.db
-			.select({ id: userFeedback.id })
+			.select({ id: userFeedback.id, authorId: userFeedback.userId })
 			.from(userFeedback)
 			.where(eq(userFeedback.id, feedbackId))
 			.limit(1);
 		if (!item) throw new NotFoundError('Feedback not found');

+		// Karma is per-react (not per-author-per-user). Self-reactions
+		// don't count — that would be self-promotion. Founder users also
+		// don't farm karma off each other since they tend to react on
+		// their own things; the author check below handles both cases.
+		const counts = item.authorId !== userId;
+
 		// Try to insert (react). If conflicting → user already reacted, so unreact.
 		const inserted = await this.db
 			.insert(feedbackReactions)
@ -347,6 +432,21 @@ export class FeedbackService {
 			userHasReacted = true;
 		}

+		// Author karma: +1 on react, -1 on unreact (per emoji-toggle).
+		// Skipped when the reactor is the author themselves so people
+		// can't farm karma off their own posts. Floor-clamped at 0 so
+		// edge-cases (e.g. author deletes the row externally) don't go
+		// negative.
+		if (counts && item.authorId) {
+			const delta = userHasReacted ? 1 : -1;
+			await this.db
+				.update(authUsers)
+				.set({
+					communityKarma: sql`GREATEST(${authUsers.communityKarma} + ${delta}, 0)`,
+				})
+				.where(eq(authUsers.id, item.authorId));
+		}
+
 		// Recompute aggregated reactions + score for this item.
 		const aggregated = await this.recomputeReactions(feedbackId);
 		return { ...aggregated, userHasReacted };
@ -643,8 +743,13 @@ export class FeedbackService {
 }

 /** Strips userId / displayHash / deviceInfo from a row. */
-function redact(row: typeof userFeedback.$inferSelect): PublicFeedbackItem {
-	return {
+function redact(
+	row: FeedbackRow,
+	author: AuthUserRow = null,
+	options: { includeRealName?: boolean } = {}
+): PublicFeedbackItem {
+	const includeReal = options.includeRealName ?? false;
+	const item: PublicFeedbackItem = {
 		id: row.id,
 		appId: row.appId,
 		title: row.title,
@ -653,13 +758,21 @@ function redact(row: typeof userFeedback.$inferSelect): PublicFeedbackItem {
 		status: row.status,
 		moduleContext: row.moduleContext,
 		parentId: row.parentId,
+		// displayHash is the public Pseudonym-ID. One-way (SHA256 of
+		// userId+secret), safe to expose; userId itself never leaves.
+		displayHash: row.displayHash ?? '',
 		displayName: row.displayName ?? 'Anonym',
 		reactions: (row.reactions as Record<string, number>) ?? {},
 		score: row.score,
 		adminResponse: row.adminResponse,
 		createdAt: row.createdAt,
 		updatedAt: row.updatedAt,
+		karma: author?.communityKarma ?? 0,
 	};
+	if (includeReal && author?.communityShowRealName && author.name) {
+		item.realName = author.name;
+	}
+	return item;
 }

 export { ALLOWED_EMOJIS, REACTION_WEIGHTS };
--- a/services/mana-auth/sql/008_community_identity.sql
+++ b/services/mana-auth/sql/008_community_identity.sql
@ -0,0 +1,20 @@
+-- 008_community_identity.sql
+--
+-- Phase 3.C von docs/plans/feedback-rewards-and-identity.md.
+--
+-- Community-Hub Opt-Ins für jeden User:
+--  - community_show_real_name: legt offen, ob der echte name neben
+--    der eulen-pseudonym im community-feed angezeigt wird (default off).
+--  - community_karma: counter — eine pro Reaction die jemand auf einen
+--    eigenen Post macht. Treibt die Bronze/Silver/Gold/Platin-Tier-Badge.
+--
+-- Apply manually:
+--   psql "$DATABASE_URL" -f services/mana-auth/sql/008_community_identity.sql
+
+BEGIN;
+
+ALTER TABLE auth.users
+	ADD COLUMN IF NOT EXISTS community_show_real_name boolean NOT NULL DEFAULT false,
+	ADD COLUMN IF NOT EXISTS community_karma integer NOT NULL DEFAULT 0;
+
+COMMIT;
--- a/services/mana-auth/src/db/schema/auth.ts
+++ b/services/mana-auth/src/db/schema/auth.ts
@ -53,6 +53,14 @@ export const users = authSchema.table('users', {
 	// → Look → Templates). The flow is skippable, but even a skip sets
 	// this timestamp so we don't re-prompt. See docs/plans/onboarding-flow.md.
 	onboardingCompletedAt: timestamp('onboarding_completed_at', { withTimezone: true }),
+	// Community-Hub identity opt-ins (Phase 3.C of feedback-rewards-and-identity).
+	// Off by default — users stay anonymous as their tier-pseudonym ("Wachsame
+	// Eule #4528"). Opt-in shows the real `name` next to the pseudonym in the
+	// auth-required community feed only; the public-mirror NEVER exposes it.
+	communityShowRealName: boolean('community_show_real_name').default(false).notNull(),
+	// Karma += 1 per reaction received from another user, decremented on unreact.
+	// Drives the public Bronze/Silver/Gold/Platinum-Eulen tier badge.
+	communityKarma: integer('community_karma').default(0).notNull(),
 });

 // Sessions table (Better Auth schema)
--- a/services/mana-auth/src/routes/me.ts
+++ b/services/mana-auth/src/routes/me.ts
@ -72,9 +72,15 @@ export function createMeRoutes(userDataService: UserDataService, db: Database) {
 				const body = (await c.req.json().catch(() => ({}))) as {
 					name?: unknown;
 					image?: unknown;
+					communityShowRealName?: unknown;
 				};

-				const patch: { name?: string; image?: string; updatedAt: Date } = {
+				const patch: {
+					name?: string;
+					image?: string;
+					communityShowRealName?: boolean;
+					updatedAt: Date;
+				} = {
 					updatedAt: new Date(),
 				};
 				if (typeof body.name === 'string') {
@ -87,8 +93,11 @@ export function createMeRoutes(userDataService: UserDataService, db: Database) {
 				if (typeof body.image === 'string') {
 					patch.image = body.image;
 				}
+				if (typeof body.communityShowRealName === 'boolean') {
+					patch.communityShowRealName = body.communityShowRealName;
+				}

-				if (!('name' in patch) && !('image' in patch)) {
+				if (!('name' in patch) && !('image' in patch) && !('communityShowRealName' in patch)) {
 					return c.json({ error: 'no fields to update' }, 400);
 				}

@ -96,10 +105,19 @@ export function createMeRoutes(userDataService: UserDataService, db: Database) {
 					.update(users)
 					.set(patch)
 					.where(eq(users.id, user.userId))
-					.returning({ id: users.id, name: users.name, image: users.image });
+					.returning({
+						id: users.id,
+						name: users.name,
+						image: users.image,
+						communityShowRealName: users.communityShowRealName,
+					});

 				if (!updated) return c.json({ error: 'User not found' }, 404);
-				return c.json({ name: updated.name, image: updated.image });
+				return c.json({
+					name: updated.name,
+					image: updated.image,
+					communityShowRealName: updated.communityShowRealName,
+				});
 			})
 	);
 }