mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-22 22:06:42 +02:00
ee5bb2871c
Macht aus den Pseudonymen echte Charaktere ohne Klarnamen-Zwang.
Pixel-Identicon-Avatar (3.C.2):
- generateAvatarSvg(displayHash) — pure-function, deterministisch.
5×5 left-mirrored Identicon mit HSL-Foreground/Background aus dem
Hash. Inline-SVG, kein Storage, kein img-load-Flicker.
- <EulenAvatar> Component im Package, in ItemCard neben dem Pseudonym.
Klarname-Toggle (3.C.1):
- auth.users + community_show_real_name boolean (default off, opt-in).
- PATCH /api/v1/me/profile akzeptiert communityShowRealName.
- mana-analytics LEFT JOINs auth.users → bei opt-in liefert auth-
required /public + /me/reacted Endpoints zusätzlich realName.
- Anonymous /api/v1/public/feedback/* zeigt realName NIE — auch nicht
wenn opted-in. Public-Mirror bleibt für SEO + Privacy safe.
- Migration 008_community_identity.sql lokal + prod eingespielt.
Karma-System (3.C.3):
- auth.users + community_karma int. toggleReaction increment/decrement
am Author-User (Self-Reactions zählen nicht — kein Self-Farming).
- KARMA_THRESHOLDS + tierFromKarma() im Package: Bronze (0-9) /
Silver (10-49) / Gold (50-199) / Platin (200+).
- ItemCard zeigt Tier-Dot neben dem Pseudonym, Title-Tooltip mit
Karma-Zahl. Floor-clamped at 0.
Eulen-Profil (3.C.4):
- GET /api/v1/public/feedback/eule/{hash} — alle public-Posts dieser
Eule + aggregiertes Karma. SHA256-Format-Validation.
- /community/eule/[hash] Public-SSR-Route mit Avatar-Hero, Tier-Badge,
Karma-Counter, Post-Liste. Author-Klick im ItemCard navigiert hin.
- publicFeedbackService.getEulenProfile() im Package.
PublicFeedbackItem erweitert um displayHash (public Pseudonym-ID,
SHA256 ist one-way → safe to expose) + karma + optional realName.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
53 lines
1.7 KiB
TypeScript
53 lines
1.7 KiB
TypeScript
/**
|
|
* Public, anonymous feedback routes — mounted under /api/v1/public/feedback.
|
|
*
|
|
* Distinct from /api/v1/feedback/* because the jwtAuth middleware is
|
|
* scoped to that prefix only — anything under /api/v1/public/* skips
|
|
* auth entirely. Output is fully redacted (display_name only, no
|
|
* userId / displayHash / deviceInfo); reaction state is not enriched
|
|
* because there is no caller identity.
|
|
*/
|
|
|
|
import { Hono } from 'hono';
|
|
import type { FeedbackService } from '../services/feedback';
|
|
|
|
export function createPublicFeedbackRoutes(feedbackService: FeedbackService) {
|
|
const r = new Hono();
|
|
|
|
r.get('/feed', async (c) => {
|
|
const appId = c.req.query('appId') || undefined;
|
|
const moduleContext = c.req.query('moduleContext') || undefined;
|
|
const category = c.req.query('category') || undefined;
|
|
const status = c.req.query('status') || undefined;
|
|
const limit = Math.min(parseInt(c.req.query('limit') || '50', 10), 200);
|
|
const offset = parseInt(c.req.query('offset') || '0', 10);
|
|
|
|
const items = await feedbackService.getPublicFeed({
|
|
appId,
|
|
moduleContext,
|
|
category,
|
|
status,
|
|
limit,
|
|
offset,
|
|
});
|
|
return c.json({ items });
|
|
});
|
|
|
|
r.get('/eule/:hash', async (c) => {
|
|
const hash = c.req.param('hash');
|
|
// Display-hashes are 64-char hex (SHA256) — bail early on garbage.
|
|
if (!/^[0-9a-f]{32,64}$/i.test(hash)) {
|
|
return c.json({ error: 'invalid display_hash' }, 400);
|
|
}
|
|
return c.json(await feedbackService.getEulenProfile(hash));
|
|
});
|
|
|
|
r.get('/:id', async (c) => {
|
|
const item = await feedbackService.getPublicItem(c.req.param('id'));
|
|
if (!item) return c.json({ error: 'Not found' }, 404);
|
|
const replies = await feedbackService.getReplies(item.id);
|
|
return c.json({ item, replies });
|
|
});
|
|
|
|
return r;
|
|
}
|