fix: 允许窗口收起

fix: 新增交互
Merge pull request #722 from nagisa77/codex/add-floating-window-support-for-message-box-a7msu4
2026-06-17 11:14:23 +00:00 · 2025-08-25 20:35:33 +08:00 · 2025-08-25 19:25:06 +08:00 · 2025-08-25 17:20:30 +08:00 · 2025-08-25 17:20:23 +08:00 · 2025-08-25 17:18:34 +08:00
464 changed files with 37129 additions and 21811 deletions
@@ -0,0 +1,23 @@
 name: Staging CI & CD
 on:
  push:
    branches: [main]
  workflow_dispatch:
 jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    environment: Deploy
    steps:
      - uses: actions/checkout@v4
      - name: Deploy to Server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.SSH_HOST }}
          username: root
          key: ${{ secrets.SSH_KEY }}
          script: bash /opt/openisle/deploy-staging.sh
@@ -1,9 +1,9 @@
 name: CI & CD
 on:
  push:
    branches: [main]
  workflow_dispatch:
  schedule:
    - cron: "0 19 * * *"   # 每天 UTC 19:00，相当于北京时间凌晨3点
 jobs:
  build-and-deploy:
@@ -11,29 +11,12 @@ jobs:
    environment: Deploy
    steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
    # - uses: actions/setup-java@v4
    #   with:
    #     java-version: '17'
    #     distribution: 'temurin'
    # - run: mvn -B clean package -DskipTests
    # - uses: actions/setup-node@v4
    #   with:
    #     node-version: '20'
    # - run: |
    #     cd open-isle-cli
    #     npm ci
    #     npm run build
    - name: Deploy to Server
      uses: appleboy/ssh-action@v1.0.3
      with:
        host:   ${{ secrets.SSH_HOST }}
        username: root
        key:     ${{ secrets.SSH_KEY }}
        script:  bash /opt/openisle/deploy.sh
      - name: Deploy to Server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.SSH_HOST }}
          username: root
          key: ${{ secrets.SSH_KEY }}
          script: bash /opt/openisle/deploy.sh
@@ -2,4 +2,6 @@
 target
 openisle.iml
 node_modules
-dist
+dist
 open-isle.env
 logs
@@ -0,0 +1 @@
 npx lint-staged
@@ -0,0 +1,116 @@
 #### **⚠️注意：仅想修改前端的朋友可不用部署后端服务**
 ## 如何部署
 > Step1 先克隆仓库
 ```shell
 git clone https://github.com/nagisa77/OpenIsle.git
 cd OpenIsle
 ```
 > Step2 后端部署
 ```shell
 cd backend
 ```
 以IDEA编辑器为例，IDEA打开backend文件夹。
 - 设置VM Option，最好运行在其他端口，非8080，这里设置8081
 ```shell
 -Dserver.port=8081
 ```
 ![CleanShot 2025-08-04 at 11 .35.49.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/4cf210cfc6ea478a80dfc744c85ccdc4.png)
 - 设置jdk版本为java 17
 ![CleanShot 2025-08-04 at 11 .38.03@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/392eeec753ae436ca12a78f750dfea2d.png)
 - 本机配置MySQL服务（网上很多教程，忽略）
 - 设置环境变量.env 文件 或.properties 文件（二选一）
 1. 环境变量文件生成
 ```shell
 cp open-isle.env.example open-isle.env
 ```
 修改环境变量，留下需要的，比如你要开发Google登录业务，就需要谷歌相关的变量，数据库是一定要的
 ![CleanShot 2025-08-04 at 11 .41.36@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/896c8363b6e64ea19d18c12ec4dae2b4.png)
 应用环境文件， 选择刚刚的`open-isle.env`
 ![CleanShot 2025-08-04 at 11 .44.41.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/f588e37838014a6684c141605639b9fa.png)
 2. 直接修改 .properities 文件
 位置src/main/application.properties, 数据库需要修改标红处，其他按需修改
 ![CleanShot 2025-08-04 at 11 .47.11@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/28c3104448a245419e0b06aee861abb4.png)
 处理完环境问题直接跑起来就能通了
 ![CleanShot 2025-08-04 at 11 .49.01@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/2c945eae44b1477db09e80fc96b5e02d.png)
 > Step3 前端部署
 前端可以依赖本机部署的后端，也可以直接调用线上的后端接口
 ```shell
 cd ../frontend_nuxt/
 ```
 copy环境.env文件
 ```shell
 cp .env.staging.example .env
 ```
 1. 依赖本机部署的后端：打开本文件夹，修改.env 修改为瞄准本机后端端口
 ```yaml
 ; 本地部署后端
 NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
 ; 预发环境后端
 ; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
 ; 生产环境后端
 ; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
 ```
 2. 依赖预发环境后台环境
 **(⚠️强烈推荐只部署前端的朋友使用该环境)**
 ```yaml
 ; 本地部署后端
 ; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
 ; 预发环境后端
 NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
 ; 生产环境后端
 ; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
 ```
 4. 依赖线上后台环境
 ```yaml
 ; 本地部署后端
 ; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
 ; 预发环境后端
 ; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
 ; 生产环境后端
 NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
 ```
 ```shell
 # 安装依赖
 npm install --verbose
 # 运行前端服务
 npm run dev
 ```
 如此一来，浏览器访问 http://127.0.0.1:3000 即可访问前端页面
@@ -1,28 +1,21 @@
 <p align="center">
  <img alt="OpenIsle" src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png" width="200">
-  <br><br>
+  <br>
-  高效的开源社区前后端端平台
+  高效的开源社区前后端平台
-  <br><br>
+  <br><br><br>
-  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square"></a>
+  <img alt="Image" src="https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/22752cfac5a04a9c90c41995b9f55fed.png" width="1200">
 </p>
 ## 💡 简介
 OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台，提供用户注册、登录、贴文发布、评论交互等完整功能，可用于项目社区或直接打造自主社区站点。
-## 🚀 部署
+## 🚧 开发 & 部署
-### 后端
+详细见 [Contributing](https://github.com/nagisa77/OpenIsle?tab=contributing-ov-file)
 1. 确保安装 JDK 17 及 Maven
 2. 信息配置修改 `src/main/resources/application.properties`，或通过环境变量设置数据库等参数
 3. 执行 `mvn clean package` 生成包，之后使用 `java -jar target/openisle-0.0.1-SNAPSHOT.jar`启动，或在开发时直接使用 `mvn spring-boot:run`
 ### 前端
 1. `cd open-isle-cli`
 2. 执行 `npm install`
 3. `npm run serve`可在本地启动开发服务，产品环境使用 `npm run build`生成 `dist/` 文件，配合线上网站方式部署
 ## ✨ 项目特点
 - JWT 认证以及 Google、GitHub、Discord、Twitter 等多种 OAuth 登录
 - 支持分类、标签的贴文管理以及草稿保存功能
 - 嵌套评论、指定贴文或评论的点赞/抖弹系统
@@ -31,14 +24,18 @@ OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台
 - 集成 OpenAI 提供的 Markdown 格式化功能
 - 通过环境变量可调整密码强度、登录方式、保护码等多种配置
 - 支持图片上传，默认使用腾讯云 COS 扩展
 - 默认头像使用 DiceBear Avatars，可通过 `AVATAR_STYLE` 和 `AVATAR_SIZE` 环境变量自定义主题和大小
 - 浏览器推送通知，离开网站也能及时收到提醒
 ## 🌟 项目优势
 - 全面开源，便于二次开发和自定义扩展
 - Spring Boot + Vue 3 成熟技术栈，学习起点低，社区资源丰富
 - 支持多种登录方式和角色权限，容易展展到不同场景
 - 模块化设计，代码结构清晰，维护成本低
 - REST API 可接入任意前端框架，兼容多端平台
 - 配置简单，通过环境变量快速调整和部署
 - 如需推送通知，请设置 `WEBPUSH_PUBLIC_KEY` 和 `WEBPUSH_PRIVATE_KEY` 环境变量
 ## 🏘️ 社区
@@ -49,6 +46,7 @@ OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台
 本项目以 MIT License 发布，欢迎自由使用与修改。
 ## 🙏 鼓赞
 - [Spring Boot](https://spring.io/projects/spring-boot)
 - [JJWT](https://github.com/jwtk/jjwt)
 - [Lombok](https://github.com/projectlombok/lombok)
@@ -0,0 +1,39 @@
 # === Database ===
 MYSQL_URL=jdbc:mysql://<数据库地址>:<端口>/<数据库名>?useUnicode=yes&characterEncoding=UTF-8&useInformationSchema=true&useSSL=false&serverTimezone=UTC
 MYSQL_USER=<数据库用户名>
 MYSQL_PASSWORD=<数据库密码>
 # === JWT ===
 JWT_SECRET=<jwt secret>
 JWT_REASON_SECRET=<jwt reason secret>
 JWT_RESET_SECRET=<jwt reset secret>
 JWT_INVITE_SECRET=<jwt invite secret>
 JWT_EXPIRATION=2592000000
 # === Resend ===
 RESEND_API_KEY=<你的resend-api-key>
 # === COS ===
 # COS_BASE_URL=https://<你的cos>.cos.ap-guangzhou.myqcloud.com
 COS_BASE_URL=https://<你的cos>.cos.accelerate.myqcloud.com
 COS_SECRET_ID=<你的cos-secret-id>
 COS_SECRET_KEY=<你的cos-secret-key>
 COS_BUCKET_NAME=<你的cos-bucket-name>
 # === OAuth ===
 GOOGLE_CLIENT_ID=<你的google-client-id>
 GITHUB_CLIENT_ID=<你的github-client-id>
 GITHUB_CLIENT_SECRET=<你的github-client-secret>
 TWITTER_CLIENT_ID=<你的twitter-client-id>
 TWITTER_CLIENT_SECRET=<你的-twitter-client-secret>
 DISCORD_CLIENT_ID=<你的discord-client-id>
 DISCORD_CLIENT_SECRET=<你的discord-client-secret>
 # === OPENAI ===
 OPENAI_API_KEY=<你的openai-api-key>
 # === Webpush ===
 WEBPUSH_PUBLIC_KEY=<你的webpush-public-key>
 WEBPUSH_PRIVATE_KEY=<你的webpush-private-key>
 # LOG_LEVEL=DEBUG
@@ -26,6 +26,10 @@
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-websocket</artifactId>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
@@ -38,6 +42,16 @@
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
      <groupId>com.vladsch.flexmark</groupId>
      <artifactId>flexmark-all</artifactId>
      <version>0.64.8</version>
    </dependency>
    <dependency>
      <groupId>org.jsoup</groupId>
      <artifactId>jsoup</artifactId>
      <version>1.17.2</version>
    </dependency>
    <dependency>
      <groupId>com.mysql</groupId>
      <artifactId>mysql-connector-j</artifactId>
@@ -90,6 +104,16 @@
      <artifactId>spring-boot-starter-test</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>nl.martijndwars</groupId>
      <artifactId>web-push</artifactId>
      <version>5.1.1</version>
    </dependency>
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
      <version>1.70</version>
    </dependency>
  </dependencies>
  <build>
@@ -2,8 +2,10 @@ package com.openisle;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
@SpringBootApplication
@EnableScheduling
 public class OpenIsleApplication {
    public static void main(String[] args) {
        SpringApplication.run(OpenIsleApplication.class, args);
@@ -0,0 +1,39 @@
 package com.openisle.config;
 import com.openisle.model.Activity;
 import com.openisle.model.ActivityType;
 import com.openisle.repository.ActivityRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
@Component
@RequiredArgsConstructor
 public class ActivityInitializer implements CommandLineRunner {
    private final ActivityRepository activityRepository;
    @Override
    public void run(String... args) {
        if (activityRepository.findByType(ActivityType.MILK_TEA) == null) {
            Activity a = new Activity();
            a.setTitle("🎡建站送奶茶活动");
            a.setType(ActivityType.MILK_TEA);
            a.setIcon("https://icons.veryicon.com/png/o/food--drinks/delicious-food-1/coffee-36.png");
            a.setContent("为了有利于建站推广以及激励发布内容，我们推出了建站送奶茶的活动，前50名达到level 1的用户，可以联系站长获取奶茶/咖啡一杯");
            activityRepository.save(a);
        }
        if (activityRepository.findByType(ActivityType.INVITE_POINTS) == null) {
            Activity a = new Activity();
            a.setTitle("🎁邀请码送积分活动");
            a.setType(ActivityType.INVITE_POINTS);
            a.setIcon("https://img.icons8.com/color/96/gift.png");
            a.setContent("使用邀请码注册或邀请好友即可获得积分奖励，快来参与吧！");
            a.setStartTime(LocalDateTime.now());
            a.setEndTime(LocalDate.of(LocalDate.now().getYear(), 10, 1).atStartOfDay());
            activityRepository.save(a);
        }
    }
 }
@@ -0,0 +1,23 @@
 package com.openisle.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 import java.util.concurrent.Executor;
@Configuration
@EnableAsync
 public class AsyncConfig {
    @Bean(name = "notificationExecutor")
    public Executor notificationExecutor() {
        ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
        executor.setCorePoolSize(2);
        executor.setMaxPoolSize(10);
        executor.setQueueCapacity(100);
        executor.setThreadNamePrefix("notification-");
        executor.initialize();
        return executor;
    }
 }
@@ -0,0 +1,32 @@
 package com.openisle.config;
 import com.openisle.model.MessageConversation;
 import com.openisle.repository.MessageConversationRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
@Component
@RequiredArgsConstructor
 public class ChannelInitializer implements CommandLineRunner {
    private final MessageConversationRepository conversationRepository;
    @Override
    public void run(String... args) {
        if (conversationRepository.countByChannelTrue() == 0) {
            MessageConversation chat = new MessageConversation();
            chat.setChannel(true);
            chat.setName("吹水群");
            chat.setDescription("吹水聊天");
            chat.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/32647273e2334d14adfd4a6ce9db0643.jpeg");
            conversationRepository.save(chat);
            MessageConversation tech = new MessageConversation();
            tech.setChannel(true);
            tech.setName("技术讨论群");
            tech.setDescription("讨论技术相关话题");
            tech.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/5edde9a5864e471caa32491dbcdaa8b2.png");
            conversationRepository.save(tech);
        }
    }
 }
@@ -0,0 +1,31 @@
 package com.openisle.config;
 import com.openisle.model.PointGood;
 import com.openisle.repository.PointGoodRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
 /** Initialize default point mall goods. */
@Component
@RequiredArgsConstructor
 public class PointGoodInitializer implements CommandLineRunner {
    private final PointGoodRepository pointGoodRepository;
    @Override
    public void run(String... args) {
        if (pointGoodRepository.count() == 0) {
            PointGood g1 = new PointGood();
            g1.setName("GPT Plus 1 个月");
            g1.setCost(20000);
            g1.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/chatgpt.png");
            pointGoodRepository.save(g1);
            PointGood g2 = new PointGood();
            g2.setName("奶茶");
            g2.setCost(5000);
            g2.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/coffee.png");
            pointGoodRepository.save(g2);
        }
    }
 }
@@ -0,0 +1,20 @@
 package com.openisle.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.scheduling.TaskScheduler;
@Configuration
@EnableScheduling
 public class SchedulerConfig {
    @Bean
    public TaskScheduler taskScheduler() {
        ThreadPoolTaskScheduler scheduler = new ThreadPoolTaskScheduler();
        scheduler.setPoolSize(2);
        scheduler.setThreadNamePrefix("lottery-");
        scheduler.initialize();
        return scheduler;
    }
 }
@@ -74,11 +74,17 @@ public class SecurityConfig {
        CorsConfiguration cfg = new CorsConfiguration();
        cfg.setAllowedOrigins(List.of(
                "http://127.0.0.1:8080",
                "http://127.0.0.1:3000",
                "http://127.0.0.1:3001",
                "http://127.0.0.1",
                "http://localhost:8080",
                "http://localhost:3000",
                "http://localhost:3001",
                "http://localhost",
-                "http://30.211.97.254:8080",
+                "http://30.211.97.238:3000",
-                "http://30.211.97.254",
+                "http://30.211.97.238",
                "http://192.168.7.98",
                "http://192.168.7.98:3000",
                websiteUrl,
                websiteUrl.replace("://www.", "://")
        ));
@@ -93,11 +99,13 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
-                .cors(Customizer.withDefaults())         // 让 Spring 自带 CorsFilter 处理预检
+                .cors(Customizer.withDefaults())
-            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .headers(h -> h.frameOptions(f -> f.sameOrigin()))
                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler))
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                    .requestMatchers("/api/ws/**", "/api/sockjs/**").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
@@ -108,11 +116,20 @@ public class SecurityConfig {
                    .requestMatchers(HttpMethod.POST,"/api/auth/reason").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/search/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/users/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/medals/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/push/public-key").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/sitemap.xml").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/channels").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/rss").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/point-goods").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/point-goods").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                    .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                    .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
                    .requestMatchers(HttpMethod.DELETE, "/api/tags/**").hasAuthority("ADMIN")
                    .requestMatchers(HttpMethod.GET, "/api/stats/**").hasAuthority("ADMIN")
                    .requestMatchers("/api/admin/**").hasAuthority("ADMIN")
                    .anyRequest().authenticated()
            )
@@ -137,8 +154,12 @@ public class SecurityConfig {
                boolean publicGet = "GET".equalsIgnoreCase(request.getMethod()) &&
                        (uri.startsWith("/api/posts") || uri.startsWith("/api/comments") ||
                         uri.startsWith("/api/categories") || uri.startsWith("/api/tags") ||
-                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
+                        uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
-                         uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config"));
+                         uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
                                uri.startsWith("/api/point-goods") || uri.startsWith("/api/channels") ||
                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals") ||
                         uri.startsWith("/api/rss"));
                if (authHeader != null && authHeader.startsWith("Bearer ")) {
                    String token = authHeader.substring(7);
@@ -154,7 +175,8 @@ public class SecurityConfig {
                        response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
                        return;
                    }
-                } else if (!uri.startsWith("/api/auth") && !publicGet) {
+                } else if (!uri.startsWith("/api/auth") && !publicGet
                        && !uri.startsWith("/api/ws") && !uri.startsWith("/api/sockjs")) {
                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                    response.setContentType("application/json");
                    response.getWriter().write("{\"error\": \"Missing token\"}");
@@ -0,0 +1,110 @@
 package com.openisle.config;
 import com.openisle.service.JwtService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.config.ChannelRegistration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.messaging.simp.stomp.StompCommand;
 import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
 import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.messaging.support.MessageHeaderAccessor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
@Configuration
@EnableWebSocketMessageBroker
@RequiredArgsConstructor
 public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
    private final JwtService jwtService;
    private final UserDetailsService userDetailsService;
    @Value("${app.website-url}")
    private String websiteUrl;
    @Override
    public void configureMessageBroker(MessageBrokerRegistry config) {
        // Enable a simple memory-based message broker to carry the messages back to the client on destinations prefixed with "/topic" and "/queue"
        config.enableSimpleBroker("/topic", "/queue");
        // Set user destination prefix for personal messages
        config.setUserDestinationPrefix("/user");
        // Designates the "/app" prefix for messages that are bound for @MessageMapping-annotated methods.
        config.setApplicationDestinationPrefixes("/app");
    }
    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        // 1) 原生 WebSocket（不带 SockJS）
        registry.addEndpoint("/api/ws")
                .setAllowedOriginPatterns(
                        "https://staging.open-isle.com",
                        "https://www.staging.open-isle.com",
                        websiteUrl,
                        websiteUrl.replace("://www.", "://"),
                        "http://localhost:*",
                        "http://127.0.0.1:*",
                        "http://192.168.7.98:*",
                        "http://30.211.97.238:*"
                );
        // 2) SockJS 回退：单独路径
        registry.addEndpoint("/api/sockjs")
                .setAllowedOriginPatterns(
                        "https://staging.open-isle.com",
                        "https://www.staging.open-isle.com",
                        websiteUrl,
                        websiteUrl.replace("://www.", "://"),
                        "http://localhost:*",
                        "http://127.0.0.1:*",
                        "http://192.168.7.98:*",
                        "http://30.211.97.238:*"
                )
                .withSockJS()
                .setWebSocketEnabled(true)
                .setSessionCookieNeeded(false);
    }
    @Override
    public void configureClientInboundChannel(ChannelRegistration registration) {
        registration.interceptors(new ChannelInterceptor() {
            @Override
            public Message<?> preSend(Message<?> message, MessageChannel channel) {
                StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
                if (StompCommand.CONNECT.equals(accessor.getCommand())) {
                    System.out.println("WebSocket CONNECT command received");
                    String authHeader = accessor.getFirstNativeHeader("Authorization");
                    System.out.println("Authorization header: " + (authHeader != null ? "present" : "missing"));
                    if (authHeader != null && authHeader.startsWith("Bearer ")) {
                        String token = authHeader.substring(7);
                        try {
                            String username = jwtService.validateAndGetSubject(token);
                            System.out.println("JWT validated for user: " + username);
                            var userDetails = userDetailsService.loadUserByUsername(username);
                            Authentication auth = new UsernamePasswordAuthenticationToken(
                                userDetails, null, userDetails.getAuthorities());
                            accessor.setUser(auth);
                            System.out.println("WebSocket user set: " + username);
                        } catch (Exception e) {
                            System.err.println("JWT validation failed: " + e.getMessage());
                        }
                    }
                } else if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())) {
                    System.out.println("WebSocket SUBSCRIBE to: " + accessor.getDestination());
                    System.out.println("WebSocket user during subscribe: " + (accessor.getUser() != null ? accessor.getUser().getName() : "null"));
                }
                return message;
            }
        });
    }
 }
@@ -0,0 +1,57 @@
 package com.openisle.controller;
 import com.openisle.dto.ActivityDto;
 import com.openisle.dto.MilkTeaInfoDto;
 import com.openisle.dto.MilkTeaRedeemRequest;
 import com.openisle.mapper.ActivityMapper;
 import com.openisle.model.Activity;
 import com.openisle.model.ActivityType;
 import com.openisle.model.User;
 import com.openisle.service.ActivityService;
 import com.openisle.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
@RestController
@RequestMapping("/api/activities")
@RequiredArgsConstructor
 public class ActivityController {
    private final ActivityService activityService;
    private final UserService userService;
    private final ActivityMapper activityMapper;
    @GetMapping
    public List<ActivityDto> list() {
        return activityService.list().stream()
                .map(activityMapper::toDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/milk-tea")
    public MilkTeaInfoDto milkTea() {
        Activity a = activityService.getByType(ActivityType.MILK_TEA);
        long count = activityService.countParticipants(a);
        if (!a.isEnded() && count >= 50) {
            activityService.end(a);
        }
        MilkTeaInfoDto info = new MilkTeaInfoDto();
        info.setRedeemCount(count);
        info.setEnded(a.isEnded());
        return info;
    }
    @PostMapping("/milk-tea/redeem")
    public java.util.Map<String, String> redeemMilkTea(@RequestBody MilkTeaRedeemRequest req, Authentication auth) {
        User user = userService.findByIdentifier(auth.getName()).orElseThrow();
        Activity a = activityService.getByType(ActivityType.MILK_TEA);
        boolean first = activityService.redeem(a, user, req.getContact());
        if (first) {
            return java.util.Map.of("message", "redeemed");
        }
        return java.util.Map.of("message", "updated");
    }
 }
@@ -0,0 +1,29 @@
 package com.openisle.controller;
 import com.openisle.dto.CommentDto;
 import com.openisle.mapper.CommentMapper;
 import com.openisle.service.CommentService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 /**
 * Endpoints for administrators to manage comments.
 */
@RestController
@RequestMapping("/api/admin/comments")
@RequiredArgsConstructor
 public class AdminCommentController {
    private final CommentService commentService;
    private final CommentMapper commentMapper;
    @PostMapping("/{id}/pin")
    public CommentDto pin(@PathVariable Long id, Authentication auth) {
        return commentMapper.toDto(commentService.pinComment(auth.getName(), id));
    }
    @PostMapping("/{id}/unpin")
    public CommentDto unpin(@PathVariable Long id, Authentication auth) {
        return commentMapper.toDto(commentService.unpinComment(auth.getName(), id));
    }
 }
@@ -1,13 +1,10 @@
 package com.openisle.controller;
-import com.openisle.model.PasswordStrength;
+import com.openisle.dto.ConfigDto;
-import com.openisle.model.PublishMode;
+import com.openisle.service.AiUsageService;
 import com.openisle.service.PasswordValidator;
 import com.openisle.service.PostService;
 import com.openisle.service.AiUsageService;
 import com.openisle.service.RegisterModeService;
 import com.openisle.model.RegisterMode;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
@@ -47,11 +44,4 @@ public class AdminConfigController {
        return getConfig();
    }
    @Data
    public static class ConfigDto {
        private PublishMode publishMode;
        private PasswordStrength passwordStrength;
        private Integer aiFormatLimit;
        private RegisterMode registerMode;
    }
 }
@@ -0,0 +1,58 @@
 package com.openisle.controller;
 import com.openisle.dto.PostSummaryDto;
 import com.openisle.mapper.PostMapper;
 import com.openisle.service.PostService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
 /**
 * Endpoints for administrators to manage posts.
 */
@RestController
@RequestMapping("/api/admin/posts")
@RequiredArgsConstructor
 public class AdminPostController {
    private final PostService postService;
    private final PostMapper postMapper;
    @GetMapping("/pending")
    public List<PostSummaryDto> pendingPosts() {
        return postService.listPendingPosts().stream()
                .map(postMapper::toSummaryDto)
                .collect(Collectors.toList());
    }
    @PostMapping("/{id}/approve")
    public PostSummaryDto approve(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.approvePost(id));
    }
    @PostMapping("/{id}/reject")
    public PostSummaryDto reject(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.rejectPost(id));
    }
    @PostMapping("/{id}/pin")
    public PostSummaryDto pin(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.pinPost(id));
    }
    @PostMapping("/{id}/unpin")
    public PostSummaryDto unpin(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.unpinPost(id));
    }
    @PostMapping("/{id}/rss-exclude")
    public PostSummaryDto excludeFromRss(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.excludeFromRss(id));
    }
    @PostMapping("/{id}/rss-include")
    public PostSummaryDto includeInRss(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.includeInRss(id));
    }
 }
@@ -1,9 +1,10 @@
 package com.openisle.controller;
 import com.openisle.dto.TagDto;
 import com.openisle.mapper.TagMapper;
 import com.openisle.model.Tag;
 import com.openisle.service.TagService;
 import com.openisle.service.PostService;
-import lombok.Data;
+import com.openisle.service.TagService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
@@ -16,11 +17,12 @@ import java.util.stream.Collectors;
 public class AdminTagController {
    private final TagService tagService;
    private final PostService postService;
    private final TagMapper tagMapper;
    @GetMapping("/pending")
    public List<TagDto> pendingTags() {
        return tagService.listPendingTags().stream()
-                .map(t -> toDto(t, postService.countPostsByTag(t.getId())))
+                .map(t -> tagMapper.toDto(t, postService.countPostsByTag(t.getId())))
                .collect(Collectors.toList());
    }
@@ -28,27 +30,6 @@ public class AdminTagController {
    public TagDto approve(@PathVariable Long id) {
        Tag tag = tagService.approveTag(id);
        long count = postService.countPostsByTag(tag.getId());
-        return toDto(tag, count);
+        return tagMapper.toDto(tag, count);
    }
    private TagDto toDto(Tag tag, long count) {
        TagDto dto = new TagDto();
        dto.setId(tag.getId());
        dto.setName(tag.getName());
        dto.setDescription(tag.getDescription());
        dto.setIcon(tag.getIcon());
        dto.setSmallIcon(tag.getSmallIcon());
        dto.setCount(count);
        return dto;
    }
    @Data
    private static class TagDto {
        private Long id;
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
        private Long count;
    }
 }
@@ -1,7 +1,10 @@
 package com.openisle.controller;
 import com.openisle.model.Notification;
 import com.openisle.model.NotificationType;
 import com.openisle.model.User;
 import com.openisle.service.EmailSender;
 import com.openisle.repository.NotificationRepository;
 import com.openisle.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
@@ -13,6 +16,7 @@ import org.springframework.web.bind.annotation.*;
@RequiredArgsConstructor
 public class AdminUserController {
    private final UserRepository userRepository;
    private final NotificationRepository notificationRepository;
    private final EmailSender emailSender;
    @Value("${app.website-url}")
    private String websiteUrl;
@@ -22,8 +26,9 @@ public class AdminUserController {
        User user = userRepository.findById(id).orElseThrow();
        user.setApproved(true);
        userRepository.save(user);
-        emailSender.sendEmail(user.getEmail(), "Registration Approved",
+        markRegisterRequestNotificationsRead(user);
-                "Your account has been approved. Visit: " + websiteUrl);
+        emailSender.sendEmail(user.getEmail(), "您的注册已审核通过",
                "🎉您的注册已经审核通过, 点击以访问网站: " + websiteUrl);
        return ResponseEntity.ok().build();
    }
@@ -32,8 +37,18 @@ public class AdminUserController {
        User user = userRepository.findById(id).orElseThrow();
        user.setApproved(false);
        userRepository.save(user);
-        emailSender.sendEmail(user.getEmail(), "Registration Rejected",
+        markRegisterRequestNotificationsRead(user);
-                "Your account request was rejected. Visit: " + websiteUrl);
+        emailSender.sendEmail(user.getEmail(), "您的注册已被管理员拒绝",
                "您的注册被管理员拒绝, 点击链接可以重新填写理由申请: " + websiteUrl);
        return ResponseEntity.ok().build();
    }
    private void markRegisterRequestNotificationsRead(User applicant) {
        java.util.List<Notification> notifs =
                notificationRepository.findByTypeAndFromUser(NotificationType.REGISTER_REQUEST, applicant);
        for (Notification n : notifs) {
            n.setRead(true);
        }
        notificationRepository.saveAll(notifs);
    }
 }
@@ -1,24 +1,16 @@
 package com.openisle.controller;
-import com.openisle.model.User;
+import com.openisle.dto.*;
-import com.openisle.service.EmailSender;
+import com.openisle.exception.FieldException;
 import com.openisle.service.JwtService;
 import com.openisle.service.UserService;
 import com.openisle.service.CaptchaService;
 import com.openisle.service.GoogleAuthService;
 import com.openisle.service.GithubAuthService;
 import com.openisle.service.DiscordAuthService;
 import com.openisle.service.TwitterAuthService;
 import com.openisle.service.RegisterModeService;
 import com.openisle.service.NotificationService;
 import com.openisle.model.RegisterMode;
 import com.openisle.model.User;
 import com.openisle.repository.UserRepository;
-import lombok.Data;
+import com.openisle.service.*;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import java.util.Map;
 import java.util.Optional;
@@ -37,6 +29,8 @@ public class AuthController {
    private final RegisterModeService registerModeService;
    private final NotificationService notificationService;
    private final UserRepository userRepository;
    private final InviteService inviteService;
    @Value("${app.captcha.enabled:false}")
    private boolean captchaEnabled;
@@ -52,9 +46,30 @@ public class AuthController {
        if (captchaEnabled && registerCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
        }
        if (req.getInviteToken() != null && !req.getInviteToken().isEmpty()) {
            InviteService.InviteValidateResult result = inviteService.validate(req.getInviteToken());
            if (!result.isValidate()) {
                return ResponseEntity.badRequest().body(Map.of("error", "邀请码使用次数过多"));
            }
            try {
                User user = userService.registerWithInvite(
                        req.getUsername(), req.getEmail(), req.getPassword());
                inviteService.consume(req.getInviteToken(), user.getUsername());
                emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
                return ResponseEntity.ok(Map.of(
                        "token", jwtService.generateToken(user.getUsername()),
                        "reason_code", "INVITE_APPROVED"
                ));
            } catch (FieldException e) {
                return ResponseEntity.badRequest().body(Map.of(
                        "field", e.getField(),
                        "error", e.getMessage()
                ));
            }
        }
        User user = userService.register(
                req.getUsername(), req.getEmail(), req.getPassword(), "", registerModeService.getRegisterMode());
-        emailService.sendEmail(user.getEmail(), "Verification Code", "Your verification code is " + user.getVerificationCode());
+        emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
        if (!user.isApproved()) {
            notificationService.createRegisterRequestNotifications(user, user.getRegisterReason());
        }
@@ -65,10 +80,26 @@ public class AuthController {
    public ResponseEntity<?> verify(@RequestBody VerifyRequest req) {
        boolean ok = userService.verifyCode(req.getUsername(), req.getCode());
        if (ok) {
-            return ResponseEntity.ok(Map.of(
+            Optional<User> userOpt = userService.findByUsername(req.getUsername());
-                    "message", "Verified",
+            if (userOpt.isEmpty()) {
-                    "token", jwtService.generateReasonToken(req.getUsername())
+                return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials"));
-            ));
+            }
            User user = userOpt.get();
            if (user.isApproved()) {
                return ResponseEntity.ok(Map.of(
                        "message", "Verified and isApproved",
                        "reason_code", "VERIFIED_AND_APPROVED",
                        "token", jwtService.generateToken(req.getUsername())
                ));
            } else {
                return ResponseEntity.ok(Map.of(
                        "message", "Verified",
                        "reason_code", "VERIFIED",
                        "token", jwtService.generateReasonToken(req.getUsername())
                ));
            }
        }
        return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
    }
@@ -90,7 +121,7 @@ public class AuthController {
        User user = userOpt.get();
        if (!user.isVerified()) {
            user = userService.register(user.getUsername(), user.getEmail(), user.getPassword(), user.getRegisterReason(), registerModeService.getRegisterMode());
-            emailService.sendEmail(user.getEmail(), "Verification Code", "Your verification code is " + user.getVerificationCode());
+            emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
            return ResponseEntity.badRequest().body(Map.of(
                    "error", "User not verified",
                    "reason_code", "NOT_VERIFIED",
@@ -113,27 +144,43 @@ public class AuthController {
    @PostMapping("/google")
    public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
-        Optional<User> user = googleAuthService.authenticate(req.getIdToken(), registerModeService.getRegisterMode());
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
-        if (user.isPresent()) {
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+        if (viaInvite && !inviteValidateResult.isValidate()) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
        }
        Optional<AuthResult> resultOpt = googleAuthService.authenticate(
                req.getIdToken(),
                registerModeService.getRegisterMode(),
                viaInvite);
        if (resultOpt.isPresent()) {
            AuthResult result = resultOpt.get();
            if (viaInvite && result.isNewUser()) {
                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
                return ResponseEntity.ok(Map.of(
                        "token", jwtService.generateToken(result.getUser().getUsername()),
                        "reason_code", "INVITE_APPROVED"
                ));
            }
-            if (!user.get().isApproved()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
            }
            if (!result.getUser().isApproved()) {
                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid google token",
@@ -153,8 +200,8 @@ public class AuthController {
            ));
        }
-        if (req.reason == null || req.reason.length() <= 20) {
+        if (req.getReason() == null || req.getReason().trim().length() <= 20) {
-            return ResponseEntity.badRequest().body(Map.of(
+             return ResponseEntity.badRequest().body(Map.of(
                    "error", "Reason's length must longer than 20",
                    "reason_code", "INVALID_CREDENTIALS"
            ));
@@ -172,28 +219,45 @@ public class AuthController {
    @PostMapping("/github")
    public ResponseEntity<?> loginWithGithub(@RequestBody GithubLoginRequest req) {
-        Optional<User> user = githubAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
-        if (user.isPresent()) {
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+        if (viaInvite && !inviteValidateResult.isValidate()) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
        }
        Optional<AuthResult> resultOpt = githubAuthService.authenticate(
                req.getCode(),
                registerModeService.getRegisterMode(),
                req.getRedirectUri(),
                viaInvite);
        if (resultOpt.isPresent()) {
            AuthResult result = resultOpt.get();
            if (viaInvite && result.isNewUser()) {
                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
                return ResponseEntity.ok(Map.of(
                        "token", jwtService.generateToken(result.getUser().getUsername()),
                        "reason_code", "INVITE_APPROVED"
                ));
            }
-            if (!user.get().isApproved()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
            }
            if (!result.getUser().isApproved()) {
                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    // 已填写注册理由
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid github code",
@@ -203,27 +267,44 @@ public class AuthController {
    @PostMapping("/discord")
    public ResponseEntity<?> loginWithDiscord(@RequestBody DiscordLoginRequest req) {
-        Optional<User> user = discordAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
-        if (user.isPresent()) {
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+        if (viaInvite && !inviteValidateResult.isValidate()) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
        }
        Optional<AuthResult> resultOpt = discordAuthService.authenticate(
                req.getCode(),
                registerModeService.getRegisterMode(),
                req.getRedirectUri(),
                viaInvite);
        if (resultOpt.isPresent()) {
            AuthResult result = resultOpt.get();
            if (viaInvite && result.isNewUser()) {
                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
                return ResponseEntity.ok(Map.of(
                        "token", jwtService.generateToken(result.getUser().getUsername()),
                        "reason_code", "INVITE_APPROVED"
                ));
            }
-            if (!user.get().isApproved()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
            }
            if (!result.getUser().isApproved()) {
                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid discord code",
@@ -233,31 +314,45 @@ public class AuthController {
    @PostMapping("/twitter")
    public ResponseEntity<?> loginWithTwitter(@RequestBody TwitterLoginRequest req) {
-        Optional<User> user = twitterAuthService.authenticate(
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
        if (viaInvite && !inviteValidateResult.isValidate()) {
            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
        }
        Optional<AuthResult> resultOpt = twitterAuthService.authenticate(
                req.getCode(),
                req.getCodeVerifier(),
                registerModeService.getRegisterMode(),
-                req.getRedirectUri());
+                req.getRedirectUri(),
-        if (user.isPresent()) {
+                viaInvite);
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+        if (resultOpt.isPresent()) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            AuthResult result = resultOpt.get();
            if (viaInvite && result.isNewUser()) {
                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
                return ResponseEntity.ok(Map.of(
                        "token", jwtService.generateToken(result.getUser().getUsername()),
                        "reason_code", "INVITE_APPROVED"
                ));
            }
-            if (!user.get().isApproved()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
            }
            if (!result.getUser().isApproved()) {
                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid twitter code",
@@ -270,54 +365,40 @@ public class AuthController {
        return ResponseEntity.ok(Map.of("valid", true));
    }
-    @Data
+    @PostMapping("/forgot/send")
-    private static class RegisterRequest {
+    public ResponseEntity<?> sendReset(@RequestBody ForgotPasswordRequest req) {
-        private String username;
+        Optional<User> userOpt = userService.findByEmail(req.getEmail());
-        private String email;
+        if (userOpt.isEmpty()) {
-        private String password;
+            return ResponseEntity.badRequest().body(Map.of("error", "User not found"));
-        private String captcha;
+        }
        String code = userService.generatePasswordResetCode(req.getEmail());
        emailService.sendEmail(req.getEmail(), "请填写验证码以重置密码", "您的验证码是" + code);
        return ResponseEntity.ok(Map.of("message", "Verification code sent"));
    }
-    @Data
+    @PostMapping("/forgot/verify")
-    private static class LoginRequest {
+    public ResponseEntity<?> verifyReset(@RequestBody VerifyForgotRequest req) {
-        private String username;
+        boolean ok = userService.verifyPasswordResetCode(req.getEmail(), req.getCode());
-        private String password;
+        if (ok) {
-        private String captcha;
+            String username = userService.findByEmail(req.getEmail()).get().getUsername();
            return ResponseEntity.ok(Map.of("token", jwtService.generateResetToken(username)));
        }
        return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
    }
-    @Data
+    @PostMapping("/forgot/reset")
-    private static class GoogleLoginRequest {
+    public ResponseEntity<?> resetPassword(@RequestBody ResetPasswordRequest req) {
-        private String idToken;
+        String username = jwtService.validateAndGetSubjectForReset(req.getToken());
        try {
            userService.updatePassword(username, req.getPassword());
            return ResponseEntity.ok(Map.of("message", "Password updated"));
        } catch (FieldException e) {
            return ResponseEntity.badRequest().body(Map.of(
                    "field", e.getField(),
                    "error", e.getMessage()
            ));
        }
    }
-    @Data
+    // DTO classes moved to com.openisle.dto package
    private static class GithubLoginRequest {
        private String code;
        private String redirectUri;
    }
    @Data
    private static class DiscordLoginRequest {
        private String code;
        private String redirectUri;
    }
    @Data
    private static class TwitterLoginRequest {
        private String code;
        private String redirectUri;
        private String codeVerifier;
    }
    @Data
    private static class VerifyRequest {
        private String username;
        private String code;
    }
    @Data
    private static class MakeReasonRequest {
        private String token;
        private String reason;
    }
 }
@@ -1,13 +1,18 @@
 package com.openisle.controller;
 import com.openisle.dto.CategoryDto;
 import com.openisle.dto.CategoryRequest;
 import com.openisle.dto.PostSummaryDto;
 import com.openisle.mapper.CategoryMapper;
 import com.openisle.mapper.PostMapper;
 import com.openisle.model.Category;
 import com.openisle.service.CategoryService;
 import com.openisle.service.PostService;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@RestController
@@ -16,19 +21,21 @@ import java.util.stream.Collectors;
 public class CategoryController {
    private final CategoryService categoryService;
    private final PostService postService;
    private final PostMapper postMapper;
    private final CategoryMapper categoryMapper;
    @PostMapping
    public CategoryDto create(@RequestBody CategoryRequest req) {
        Category c = categoryService.createCategory(req.getName(), req.getDescription(), req.getIcon(), req.getSmallIcon());
        long count = postService.countPostsByCategory(c.getId());
-        return toDto(c, count);
+        return categoryMapper.toDto(c, count);
    }
    @PutMapping("/{id}")
    public CategoryDto update(@PathVariable Long id, @RequestBody CategoryRequest req) {
        Category c = categoryService.updateCategory(id, req.getName(), req.getDescription(), req.getIcon(), req.getSmallIcon());
        long count = postService.countPostsByCategory(c.getId());
-        return toDto(c, count);
+        return categoryMapper.toDto(c, count);
    }
    @DeleteMapping("/{id}")
@@ -38,8 +45,11 @@ public class CategoryController {
    @GetMapping
    public List<CategoryDto> list() {
-        return categoryService.listCategories().stream()
+        List<Category> all = categoryService.listCategories();
-                .map(c -> toDto(c, postService.countPostsByCategory(c.getId())))
+        List<Long> ids = all.stream().map(Category::getId).toList();
        Map<Long, Long> postsCntByCategoryIds = postService.countPostsByCategoryIds(ids);
        return all.stream()
                .map(c -> categoryMapper.toDto(c, postsCntByCategoryIds.getOrDefault(c.getId(), 0L)))
                .sorted((a, b) -> Long.compare(b.getCount(), a.getCount()))
                .collect(Collectors.toList());
    }
@@ -48,7 +58,7 @@ public class CategoryController {
    public CategoryDto get(@PathVariable Long id) {
        Category c = categoryService.getCategory(id);
        long count = postService.countPostsByCategory(c.getId());
-        return toDto(c, count);
+        return categoryMapper.toDto(c, count);
    }
    @GetMapping("/{id}/posts")
@@ -57,47 +67,7 @@ public class CategoryController {
                                                    @RequestParam(value = "pageSize", required = false) Integer pageSize) {
        return postService.listPostsByCategories(java.util.List.of(id), page, pageSize)
                .stream()
-                .map(p -> {
+                .map(postMapper::toSummaryDto)
                    PostSummaryDto dto = new PostSummaryDto();
                    dto.setId(p.getId());
                    dto.setTitle(p.getTitle());
                    return dto;
                })
                .collect(Collectors.toList());
    }
    private CategoryDto toDto(Category c, long count) {
        CategoryDto dto = new CategoryDto();
        dto.setId(c.getId());
        dto.setName(c.getName());
        dto.setIcon(c.getIcon());
        dto.setSmallIcon(c.getSmallIcon());
        dto.setDescription(c.getDescription());
        dto.setCount(count);
        return dto;
    }
    @Data
    private static class CategoryRequest {
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
    }
    @Data
    private static class CategoryDto {
        private Long id;
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
        private Long count;
    }
    @Data
    private static class PostSummaryDto {
        private Long id;
        private String title;
    }
 }
@@ -0,0 +1,42 @@
 package com.openisle.controller;
 import com.openisle.dto.ChannelDto;
 import com.openisle.model.User;
 import com.openisle.repository.UserRepository;
 import com.openisle.service.ChannelService;
 import com.openisle.service.MessageService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@RestController
@RequestMapping("/api/channels")
@RequiredArgsConstructor
 public class ChannelController {
    private final ChannelService channelService;
    private final MessageService messageService;
    private final UserRepository userRepository;
    private Long getCurrentUserId(Authentication auth) {
        User user = userRepository.findByUsername(auth.getName())
                .orElseThrow(() -> new IllegalArgumentException("User not found"));
        return user.getId();
    }
    @GetMapping
    public List<ChannelDto> listChannels(Authentication auth) {
        return channelService.listChannels(getCurrentUserId(auth));
    }
    @PostMapping("/{channelId}/join")
    public ChannelDto joinChannel(@PathVariable Long channelId, Authentication auth) {
        return channelService.joinChannel(channelId, getCurrentUserId(auth));
    }
    @GetMapping("/unread-count")
    public long unreadCount(Authentication auth) {
        return messageService.getUnreadChannelCount(getCurrentUserId(auth));
    }
 }
@@ -0,0 +1,100 @@
 package com.openisle.controller;
 import com.openisle.model.Comment;
 import com.openisle.dto.CommentDto;
 import com.openisle.dto.CommentRequest;
 import com.openisle.mapper.CommentMapper;
 import com.openisle.service.CaptchaService;
 import com.openisle.service.CommentService;
 import com.openisle.service.LevelService;
 import com.openisle.service.PointService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
@RestController
@RequestMapping("/api")
@RequiredArgsConstructor
@Slf4j
 public class CommentController {
    private final CommentService commentService;
    private final LevelService levelService;
    private final CaptchaService captchaService;
    private final CommentMapper commentMapper;
    private final PointService pointService;
    @Value("${app.captcha.enabled:false}")
    private boolean captchaEnabled;
    @Value("${app.captcha.comment-enabled:false}")
    private boolean commentCaptchaEnabled;
    @PostMapping("/posts/{postId}/comments")
    public ResponseEntity<CommentDto> createComment(@PathVariable Long postId,
                                                    @RequestBody CommentRequest req,
                                                    Authentication auth) {
        log.debug("createComment called by user {} for post {}", auth.getName(), postId);
        if (captchaEnabled && commentCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            log.debug("Captcha verification failed for user {} on post {}", auth.getName(), postId);
            return ResponseEntity.badRequest().build();
        }
        Comment comment = commentService.addComment(auth.getName(), postId, req.getContent());
        CommentDto dto = commentMapper.toDto(comment);
        dto.setReward(levelService.awardForComment(auth.getName()));
        dto.setPointReward(pointService.awardForComment(auth.getName(), postId, comment.getId()));
        log.debug("createComment succeeded for comment {}", comment.getId());
        return ResponseEntity.ok(dto);
    }
    @PostMapping("/comments/{commentId}/replies")
    public ResponseEntity<CommentDto> replyComment(@PathVariable Long commentId,
                                                   @RequestBody CommentRequest req,
                                                   Authentication auth) {
        log.debug("replyComment called by user {} for comment {}", auth.getName(), commentId);
        if (captchaEnabled && commentCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            log.debug("Captcha verification failed for user {} on comment {}", auth.getName(), commentId);
            return ResponseEntity.badRequest().build();
        }
        Comment comment = commentService.addReply(auth.getName(), commentId, req.getContent());
        CommentDto dto = commentMapper.toDto(comment);
        dto.setReward(levelService.awardForComment(auth.getName()));
        log.debug("replyComment succeeded for comment {}", comment.getId());
        return ResponseEntity.ok(dto);
    }
    @GetMapping("/posts/{postId}/comments")
    public List<CommentDto> listComments(@PathVariable Long postId,
                                         @RequestParam(value = "sort", required = false, defaultValue = "OLDEST") com.openisle.model.CommentSort sort) {
        log.debug("listComments called for post {} with sort {}", postId, sort);
        List<CommentDto> list = commentService.getCommentsForPost(postId, sort).stream()
                .map(commentMapper::toDtoWithReplies)
                .collect(Collectors.toList());
        log.debug("listComments returning {} comments", list.size());
        return list;
    }
    @DeleteMapping("/comments/{id}")
    public void deleteComment(@PathVariable Long id, Authentication auth) {
        log.debug("deleteComment called by user {} for comment {}", auth.getName(), id);
        commentService.deleteComment(auth.getName(), id);
        log.debug("deleteComment completed for comment {}", id);
    }
    @PostMapping("/comments/{id}/pin")
    public CommentDto pinComment(@PathVariable Long id, Authentication auth) {
        log.debug("pinComment called by user {} for comment {}", auth.getName(), id);
        return commentMapper.toDto(commentService.pinComment(auth.getName(), id));
    }
    @PostMapping("/comments/{id}/unpin")
    public CommentDto unpinComment(@PathVariable Long id, Authentication auth) {
        log.debug("unpinComment called by user {} for comment {}", auth.getName(), id);
        return commentMapper.toDto(commentService.unpinComment(auth.getName(), id));
    }
 }
@@ -1,9 +1,8 @@
 package com.openisle.controller;
-import lombok.Data;
+import com.openisle.dto.SiteConfigDto;
 import org.springframework.beans.factory.annotation.Value;
 import com.openisle.service.RegisterModeService;
-import com.openisle.model.RegisterMode;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -34,8 +33,8 @@ public class ConfigController {
    private final RegisterModeService registerModeService;
    @GetMapping("/config")
-    public ConfigResponse getConfig() {
+    public SiteConfigDto getConfig() {
-        ConfigResponse resp = new ConfigResponse();
+        SiteConfigDto resp = new SiteConfigDto();
        resp.setCaptchaEnabled(captchaEnabled);
        resp.setRegisterCaptchaEnabled(registerCaptchaEnabled);
        resp.setLoginCaptchaEnabled(loginCaptchaEnabled);
@@ -45,15 +44,4 @@ public class ConfigController {
        resp.setRegisterMode(registerModeService.getRegisterMode());
        return resp;
    }
    @Data
    private static class ConfigResponse {
        private boolean captchaEnabled;
        private boolean registerCaptchaEnabled;
        private boolean loginCaptchaEnabled;
        private boolean postCaptchaEnabled;
        private boolean commentCaptchaEnabled;
        private int aiFormatLimit;
        private RegisterMode registerMode;
    }
 }
@@ -1,32 +1,32 @@
 package com.openisle.controller;
 import com.openisle.dto.DraftDto;
 import com.openisle.dto.DraftRequest;
 import com.openisle.mapper.DraftMapper;
 import com.openisle.model.Draft;
 import com.openisle.service.DraftService;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
@RestController
@RequestMapping("/api/drafts")
@RequiredArgsConstructor
 public class DraftController {
    private final DraftService draftService;
    private final DraftMapper draftMapper;
    @PostMapping
    public ResponseEntity<DraftDto> saveDraft(@RequestBody DraftRequest req, Authentication auth) {
        Draft draft = draftService.saveDraft(auth.getName(), req.getCategoryId(), req.getTitle(), req.getContent(), req.getTagIds());
-        return ResponseEntity.ok(toDto(draft));
+        return ResponseEntity.ok(draftMapper.toDto(draft));
    }
    @GetMapping("/me")
    public ResponseEntity<DraftDto> getMyDraft(Authentication auth) {
        return draftService.getDraft(auth.getName())
-                .map(d -> ResponseEntity.ok(toDto(d)))
+                .map(d -> ResponseEntity.ok(draftMapper.toDto(d)))
                .orElseGet(() -> ResponseEntity.noContent().build());
    }
@@ -35,33 +35,4 @@ public class DraftController {
        draftService.deleteDraft(auth.getName());
        return ResponseEntity.ok().build();
    }
    private DraftDto toDto(Draft draft) {
        DraftDto dto = new DraftDto();
        dto.setId(draft.getId());
        dto.setTitle(draft.getTitle());
        dto.setContent(draft.getContent());
        if (draft.getCategory() != null) {
            dto.setCategoryId(draft.getCategory().getId());
        }
        dto.setTagIds(draft.getTags().stream().map(com.openisle.model.Tag::getId).collect(Collectors.toList()));
        return dto;
    }
    @Data
    private static class DraftRequest {
        private String title;
        private String content;
        private Long categoryId;
        private List<Long> tagIds;
    }
    @Data
    private static class DraftDto {
        private Long id;
        private String title;
        private String content;
        private Long categoryId;
        private List<Long> tagIds;
    }
 }
@@ -5,6 +5,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import com.openisle.exception.FieldException;
 import com.openisle.exception.NotFoundException;
 import com.openisle.exception.RateLimitException;
 import java.util.Map;
@@ -22,9 +23,18 @@ public class GlobalExceptionHandler {
        return ResponseEntity.status(404).body(Map.of("error", ex.getMessage()));
    }
    @ExceptionHandler(RateLimitException.class)
    public ResponseEntity<?> handleRateLimitException(RateLimitException ex) {
        return ResponseEntity.status(429).body(Map.of("error", ex.getMessage()));
    }
    @ExceptionHandler(Exception.class)
    public ResponseEntity<?> handleException(Exception ex) {
-        return ResponseEntity.badRequest().body(Map.of("error", ex.getMessage()));
+        String message = ex.getMessage();
        if (message == null) {
            message = ex.getClass().getSimpleName();
        }
        return ResponseEntity.badRequest().body(Map.of("error", message));
    }
 }
@@ -0,0 +1,23 @@
 package com.openisle.controller;
 import com.openisle.service.InviteService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.Map;
@RestController
@RequestMapping("/api/invite")
@RequiredArgsConstructor
 public class InviteController {
    private final InviteService inviteService;
    @PostMapping("/generate")
    public Map<String, String> generate(Authentication auth) {
        String token = inviteService.generate(auth.getName());
        return Map.of("token", token);
    }
 }
@@ -0,0 +1,33 @@
 package com.openisle.controller;
 import com.openisle.dto.MedalDto;
 import com.openisle.dto.MedalSelectRequest;
 import com.openisle.service.MedalService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@RestController
@RequestMapping("/api/medals")
@RequiredArgsConstructor
 public class MedalController {
    private final MedalService medalService;
    @GetMapping
    public List<MedalDto> getMedals(@RequestParam(value = "userId", required = false) Long userId) {
        return medalService.getMedals(userId);
    }
    @PostMapping("/select")
    public ResponseEntity<Void> selectMedal(@RequestBody MedalSelectRequest req, Authentication auth) {
        try {
            medalService.selectMedal(auth.getName(), req.getType());
            return ResponseEntity.ok().build();
        } catch (IllegalArgumentException e) {
            return ResponseEntity.badRequest().build();
        }
    }
 }
@@ -0,0 +1,137 @@
 package com.openisle.controller;
 import com.openisle.dto.ConversationDetailDto;
 import com.openisle.dto.ConversationDto;
 import com.openisle.dto.CreateConversationRequest;
 import com.openisle.dto.CreateConversationResponse;
 import com.openisle.dto.MessageDto;
 import com.openisle.model.Message;
 import com.openisle.model.MessageConversation;
 import com.openisle.model.User;
 import com.openisle.repository.UserRepository;
 import com.openisle.service.MessageService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.Sort;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@RestController
@RequestMapping("/api/messages")
@RequiredArgsConstructor
 public class MessageController {
    private final MessageService messageService;
    private final UserRepository userRepository;
    // This is a placeholder for getting the current user's ID
    private Long getCurrentUserId(Authentication auth) {
        User user = userRepository.findByUsername(auth.getName()).orElseThrow(() -> new IllegalArgumentException("Sender not found"));
        // In a real application, you would get this from the Authentication object
        return user.getId();
    }
    @GetMapping("/conversations")
    public ResponseEntity<List<ConversationDto>> getConversations(Authentication auth) {
        List<ConversationDto> conversations = messageService.getConversations(getCurrentUserId(auth));
        return ResponseEntity.ok(conversations);
    }
    @GetMapping("/conversations/{conversationId}")
    public ResponseEntity<ConversationDetailDto> getMessages(@PathVariable Long conversationId,
                                                               @RequestParam(defaultValue = "0") int page,
                                                               @RequestParam(defaultValue = "20") int size,
                                                               Authentication auth) {
        Pageable pageable = PageRequest.of(page, size, Sort.by("createdAt").descending());
        ConversationDetailDto conversationDetails = messageService.getConversationDetails(conversationId, getCurrentUserId(auth), pageable);
        return ResponseEntity.ok(conversationDetails);
    }
    @PostMapping
    public ResponseEntity<MessageDto> sendMessage(@RequestBody MessageRequest req, Authentication auth) {
        Message message = messageService.sendMessage(getCurrentUserId(auth), req.getRecipientId(), req.getContent(), req.getReplyToId());
        return ResponseEntity.ok(messageService.toDto(message));
    }
    @PostMapping("/conversations/{conversationId}/messages")
    public ResponseEntity<MessageDto> sendMessageToConversation(@PathVariable Long conversationId,
                                                                @RequestBody ChannelMessageRequest req,
                                                                Authentication auth) {
        Message message = messageService.sendMessageToConversation(getCurrentUserId(auth), conversationId, req.getContent(), req.getReplyToId());
        return ResponseEntity.ok(messageService.toDto(message));
    }
    @PostMapping("/conversations/{conversationId}/read")
    public ResponseEntity<Void> markAsRead(@PathVariable Long conversationId, Authentication auth) {
        messageService.markConversationAsRead(conversationId, getCurrentUserId(auth));
        return ResponseEntity.ok().build();
    }
    @PostMapping("/conversations")
    public ResponseEntity<CreateConversationResponse> findOrCreateConversation(@RequestBody CreateConversationRequest req, Authentication auth) {
        MessageConversation conversation = messageService.findOrCreateConversation(getCurrentUserId(auth), req.getRecipientId());
        return ResponseEntity.ok(new CreateConversationResponse(conversation.getId()));
    }
    @GetMapping("/unread-count")
    public ResponseEntity<Long> getUnreadCount(Authentication auth) {
        return ResponseEntity.ok(messageService.getUnreadMessageCount(getCurrentUserId(auth)));
    }
    // A simple request DTO
    static class MessageRequest {
        private Long recipientId;
        private String content;
        private Long replyToId;
        public Long getRecipientId() {
            return recipientId;
        }
        public void setRecipientId(Long recipientId) {
            this.recipientId = recipientId;
        }
        public String getContent() {
            return content;
        }
        public void setContent(String content) {
            this.content = content;
        }
        public Long getReplyToId() {
            return replyToId;
        }
        public void setReplyToId(Long replyToId) {
            this.replyToId = replyToId;
        }
    }
    static class ChannelMessageRequest {
        private String content;
        private Long replyToId;
        public String getContent() {
            return content;
        }
        public void setContent(String content) {
            this.content = content;
        }
        public Long getReplyToId() {
            return replyToId;
        }
        public void setReplyToId(Long replyToId) {
            this.replyToId = replyToId;
        }
    }
 }
@@ -0,0 +1,65 @@
 package com.openisle.controller;
 import com.openisle.dto.NotificationDto;
 import com.openisle.dto.NotificationMarkReadRequest;
 import com.openisle.dto.NotificationUnreadCountDto;
 import com.openisle.dto.NotificationPreferenceDto;
 import com.openisle.dto.NotificationPreferenceUpdateRequest;
 import com.openisle.mapper.NotificationMapper;
 import com.openisle.service.NotificationService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
 /** Endpoints for user notifications. */
@RestController
@RequestMapping("/api/notifications")
@RequiredArgsConstructor
 public class NotificationController {
    private final NotificationService notificationService;
    private final NotificationMapper notificationMapper;
    @GetMapping
    public List<NotificationDto> list(@RequestParam(value = "page", defaultValue = "0") int page,
                                      @RequestParam(value = "size", defaultValue = "30") int size,
                                      Authentication auth) {
        return notificationService.listNotifications(auth.getName(), null, page, size).stream()
                .map(notificationMapper::toDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/unread")
    public List<NotificationDto> listUnread(@RequestParam(value = "page", defaultValue = "0") int page,
                                            @RequestParam(value = "size", defaultValue = "30") int size,
                                            Authentication auth) {
        return notificationService.listNotifications(auth.getName(), false, page, size).stream()
                .map(notificationMapper::toDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/unread-count")
    public NotificationUnreadCountDto unreadCount(Authentication auth) {
        long count = notificationService.countUnread(auth.getName());
        NotificationUnreadCountDto uc = new NotificationUnreadCountDto();
        uc.setCount(count);
        return uc;
    }
    @PostMapping("/read")
    public void markRead(@RequestBody NotificationMarkReadRequest req, Authentication auth) {
        notificationService.markRead(auth.getName(), req.getIds());
    }
    @GetMapping("/prefs")
    public List<NotificationPreferenceDto> prefs(Authentication auth) {
        return notificationService.listPreferences(auth.getName());
    }
    @PostMapping("/prefs")
    public void updatePref(@RequestBody NotificationPreferenceUpdateRequest req, Authentication auth) {
        notificationService.updatePreference(auth.getName(), req.getType(), req.isEnabled());
    }
 }
@@ -0,0 +1,28 @@
 package com.openisle.controller;
 import com.openisle.dto.PointHistoryDto;
 import com.openisle.mapper.PointHistoryMapper;
 import com.openisle.service.PointService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.List;
 import java.util.stream.Collectors;
@RestController
@RequestMapping("/api/point-histories")
@RequiredArgsConstructor
 public class PointHistoryController {
    private final PointService pointService;
    private final PointHistoryMapper pointHistoryMapper;
    @GetMapping
    public List<PointHistoryDto> list(Authentication auth) {
        return pointService.listHistory(auth.getName()).stream()
                .map(pointHistoryMapper::toDto)
                .collect(Collectors.toList());
    }
 }
@@ -0,0 +1,39 @@
 package com.openisle.controller;
 import com.openisle.dto.PointGoodDto;
 import com.openisle.dto.PointRedeemRequest;
 import com.openisle.mapper.PointGoodMapper;
 import com.openisle.model.User;
 import com.openisle.service.PointMallService;
 import com.openisle.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 /** REST controller for point mall. */
@RestController
@RequestMapping("/api/point-goods")
@RequiredArgsConstructor
 public class PointMallController {
    private final PointMallService pointMallService;
    private final UserService userService;
    private final PointGoodMapper pointGoodMapper;
    @GetMapping
    public List<PointGoodDto> list() {
        return pointMallService.listGoods().stream()
                .map(pointGoodMapper::toDto)
                .collect(Collectors.toList());
    }
    @PostMapping("/redeem")
    public Map<String, Integer> redeem(@RequestBody PointRedeemRequest req, Authentication auth) {
        User user = userService.findByIdentifier(auth.getName()).orElseThrow();
        int point = pointMallService.redeem(user, req.getGoodId(), req.getContact());
        return Map.of("point", point);
    }
 }
@@ -0,0 +1,197 @@
 package com.openisle.controller;
 import com.openisle.dto.PostDetailDto;
 import com.openisle.dto.PostRequest;
 import com.openisle.dto.PostSummaryDto;
 import com.openisle.mapper.PostMapper;
 import com.openisle.model.Post;
 import com.openisle.service.*;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.stream.Collectors;
@RestController
@RequestMapping("/api/posts")
@RequiredArgsConstructor
 public class PostController {
    private final PostService postService;
    private final LevelService levelService;
    private final CaptchaService captchaService;
    private final DraftService draftService;
    private final UserVisitService userVisitService;
    private final PostMapper postMapper;
    private final PointService pointService;
    @Value("${app.captcha.enabled:false}")
    private boolean captchaEnabled;
    @Value("${app.captcha.post-enabled:false}")
    private boolean postCaptchaEnabled;
    @PostMapping
    public ResponseEntity<PostDetailDto> createPost(@RequestBody PostRequest req, Authentication auth) {
        if (captchaEnabled && postCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            return ResponseEntity.badRequest().build();
        }
        Post post = postService.createPost(auth.getName(), req.getCategoryId(),
                req.getTitle(), req.getContent(), req.getTagIds(),
                req.getType(), req.getPrizeDescription(), req.getPrizeIcon(),
                req.getPrizeCount(), req.getStartTime(), req.getEndTime());
        draftService.deleteDraft(auth.getName());
        PostDetailDto dto = postMapper.toDetailDto(post, auth.getName());
        dto.setReward(levelService.awardForPost(auth.getName()));
        dto.setPointReward(pointService.awardForPost(auth.getName(), post.getId()));
        return ResponseEntity.ok(dto);
    }
    @PutMapping("/{id}")
    public ResponseEntity<PostDetailDto> updatePost(@PathVariable Long id, @RequestBody PostRequest req,
                                              Authentication auth) {
        Post post = postService.updatePost(id, auth.getName(), req.getCategoryId(),
                req.getTitle(), req.getContent(), req.getTagIds());
        return ResponseEntity.ok(postMapper.toDetailDto(post, auth.getName()));
    }
    @DeleteMapping("/{id}")
    public void deletePost(@PathVariable Long id, Authentication auth) {
        postService.deletePost(id, auth.getName());
    }
    @PostMapping("/{id}/close")
    public PostSummaryDto close(@PathVariable Long id, Authentication auth) {
        return postMapper.toSummaryDto(postService.closePost(id, auth.getName()));
    }
    @PostMapping("/{id}/reopen")
    public PostSummaryDto reopen(@PathVariable Long id, Authentication auth) {
        return postMapper.toSummaryDto(postService.reopenPost(id, auth.getName()));
    }
    @GetMapping("/{id}")
    public ResponseEntity<PostDetailDto> getPost(@PathVariable Long id, Authentication auth) {
        String viewer = auth != null ? auth.getName() : null;
        Post post = postService.viewPost(id, viewer);
        return ResponseEntity.ok(postMapper.toDetailDto(post, viewer));
    }
    @PostMapping("/{id}/lottery/join")
    public ResponseEntity<Void> joinLottery(@PathVariable Long id, Authentication auth) {
        postService.joinLottery(id, auth.getName());
        return ResponseEntity.ok().build();
    }
    @GetMapping
    public List<PostSummaryDto> listPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
                                   @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
                                   @RequestParam(value = "tagId", required = false) Long tagId,
                                   @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
                                   @RequestParam(value = "page", required = false) Integer page,
                                   @RequestParam(value = "pageSize", required = false) Integer pageSize,
                                   Authentication auth) {
        List<Long> ids = categoryIds;
        if (categoryId != null) {
            ids = java.util.List.of(categoryId);
        }
        List<Long> tids = tagIds;
        if (tagId != null) {
            tids = java.util.List.of(tagId);
        }
        if (auth != null) {
            userVisitService.recordVisit(auth.getName());
        }
        boolean hasCategories = ids != null && !ids.isEmpty();
        boolean hasTags = tids != null && !tids.isEmpty();
        if (hasCategories && hasTags) {
            return postService.listPostsByCategoriesAndTags(ids, tids, page, pageSize)
                    .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
        }
        if (hasTags) {
            return postService.listPostsByTags(tids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
        }
        return postService.listPostsByCategories(ids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
    }
    @GetMapping("/ranking")
    public List<PostSummaryDto> rankingPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
                                      @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
                                      @RequestParam(value = "tagId", required = false) Long tagId,
                                      @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
                                      @RequestParam(value = "page", required = false) Integer page,
                                      @RequestParam(value = "pageSize", required = false) Integer pageSize,
                                      Authentication auth) {
        List<Long> ids = categoryIds;
        if (categoryId != null) {
            ids = java.util.List.of(categoryId);
        }
        List<Long> tids = tagIds;
        if (tagId != null) {
            tids = java.util.List.of(tagId);
        }
        if (auth != null) {
            userVisitService.recordVisit(auth.getName());
        }
        return postService.listPostsByViews(ids, tids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
    }
    @GetMapping("/latest-reply")
    public List<PostSummaryDto> latestReplyPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
                                          @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
                                          @RequestParam(value = "tagId", required = false) Long tagId,
                                          @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
                                          @RequestParam(value = "page", required = false) Integer page,
                                          @RequestParam(value = "pageSize", required = false) Integer pageSize,
                                          Authentication auth) {
        List<Long> ids = categoryIds;
        if (categoryId != null) {
            ids = java.util.List.of(categoryId);
        }
        List<Long> tids = tagIds;
        if (tagId != null) {
            tids = java.util.List.of(tagId);
        }
        if (auth != null) {
            userVisitService.recordVisit(auth.getName());
        }
        return postService.listPostsByLatestReply(ids, tids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
    }
    @GetMapping("/featured")
    public List<PostSummaryDto> featuredPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
                                       @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
                                       @RequestParam(value = "tagId", required = false) Long tagId,
                                       @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
                                       @RequestParam(value = "page", required = false) Integer page,
                                       @RequestParam(value = "pageSize", required = false) Integer pageSize,
                                       Authentication auth) {
        List<Long> ids = categoryIds;
        if (categoryId != null) {
            ids = java.util.List.of(categoryId);
        }
        List<Long> tids = tagIds;
        if (tagId != null) {
            tids = java.util.List.of(tagId);
        }
        if (auth != null) {
            userVisitService.recordVisit(auth.getName());
        }
        return postService.listFeaturedPosts(ids, tids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
    }
 }
@@ -0,0 +1,30 @@
 package com.openisle.controller;
 import com.openisle.dto.PushPublicKeyDto;
 import com.openisle.dto.PushSubscriptionRequest;
 import com.openisle.service.PushSubscriptionService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/api/push")
@RequiredArgsConstructor
 public class PushSubscriptionController {
    private final PushSubscriptionService pushSubscriptionService;
    @Value("${app.webpush.public-key}")
    private String publicKey;
    @GetMapping("/public-key")
    public PushPublicKeyDto getPublicKey() {
        PushPublicKeyDto r = new PushPublicKeyDto();
        r.setKey(publicKey);
        return r;
    }
    @PostMapping("/subscribe")
    public void subscribe(@RequestBody PushSubscriptionRequest req, Authentication auth) {
        pushSubscriptionService.saveSubscription(auth.getName(), req.getEndpoint(), req.getP256dh(), req.getAuth());
    }
 }
@@ -0,0 +1,73 @@
 package com.openisle.controller;
 import com.openisle.dto.ReactionDto;
 import com.openisle.dto.ReactionRequest;
 import com.openisle.mapper.ReactionMapper;
 import com.openisle.model.Reaction;
 import com.openisle.model.ReactionType;
 import com.openisle.service.LevelService;
 import com.openisle.service.PointService;
 import com.openisle.service.ReactionService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/api")
@RequiredArgsConstructor
 public class ReactionController {
    private final ReactionService reactionService;
    private final LevelService levelService;
    private final ReactionMapper reactionMapper;
    private final PointService pointService;
    /**
     * Get all available reaction types.
     */
    @GetMapping("/reaction-types")
    public ReactionType[] listReactionTypes() {
        return ReactionType.values();
    }
    @PostMapping("/posts/{postId}/reactions")
    public ResponseEntity<ReactionDto> reactToPost(@PathVariable Long postId,
                                                   @RequestBody ReactionRequest req,
                                                   Authentication auth) {
        Reaction reaction = reactionService.reactToPost(auth.getName(), postId, req.getType());
        if (reaction == null) {
            return ResponseEntity.noContent().build();
        }
        ReactionDto dto = reactionMapper.toDto(reaction);
        dto.setReward(levelService.awardForReaction(auth.getName()));
        pointService.awardForReactionOfPost(auth.getName(), postId);
        return ResponseEntity.ok(dto);
    }
    @PostMapping("/comments/{commentId}/reactions")
    public ResponseEntity<ReactionDto> reactToComment(@PathVariable Long commentId,
                                                      @RequestBody ReactionRequest req,
                                                      Authentication auth) {
        Reaction reaction = reactionService.reactToComment(auth.getName(), commentId, req.getType());
        if (reaction == null) {
            return ResponseEntity.noContent().build();
        }
        ReactionDto dto = reactionMapper.toDto(reaction);
        dto.setReward(levelService.awardForReaction(auth.getName()));
        pointService.awardForReactionOfComment(auth.getName(), commentId);
        return ResponseEntity.ok(dto);
    }
    @PostMapping("/messages/{messageId}/reactions")
    public ResponseEntity<ReactionDto> reactToMessage(@PathVariable Long messageId,
                                                      @RequestBody ReactionRequest req,
                                                      Authentication auth) {
        Reaction reaction = reactionService.reactToMessage(auth.getName(), messageId, req.getType());
        if (reaction == null) {
            return ResponseEntity.noContent().build();
        }
        ReactionDto dto = reactionMapper.toDto(reaction);
        dto.setReward(levelService.awardForReaction(auth.getName()));
        return ResponseEntity.ok(dto);
    }
 }
@@ -0,0 +1,352 @@
 package com.openisle.controller;
 import com.openisle.model.Post;
 import com.openisle.model.Comment;
 import com.openisle.model.CommentSort;
 import com.openisle.service.PostService;
 import com.openisle.service.CommentService;
 import lombok.RequiredArgsConstructor;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
 import org.jsoup.nodes.Element;
 import org.jsoup.safety.Safelist;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.vladsch.flexmark.ext.autolink.AutolinkExtension;
 import com.vladsch.flexmark.ext.tables.TablesExtension;
 import com.vladsch.flexmark.ext.gfm.strikethrough.StrikethroughExtension;
 import com.vladsch.flexmark.ext.gfm.tasklist.TaskListExtension;
 import com.vladsch.flexmark.html.HtmlRenderer;
 import com.vladsch.flexmark.parser.Parser;
 import com.vladsch.flexmark.util.data.MutableDataSet;
 import java.net.URI;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@RestController
@RequiredArgsConstructor
 public class RssController {
    private final PostService postService;
    private final CommentService commentService;
    @Value("${app.website-url:https://www.open-isle.com}")
    private String websiteUrl;
    // 兼容 Markdown/HTML 两类图片写法（用于 enclosure）
    private static final Pattern MD_IMAGE = Pattern.compile("!\\[[^\\]]*\\]\\(([^)]+)\\)");
    private static final Pattern HTML_IMAGE = Pattern.compile("<img[^>]+src=[\"']?([^\"'>]+)[\"']?[^>]*>");
    private static final DateTimeFormatter RFC1123 = DateTimeFormatter.RFC_1123_DATE_TIME;
    // flexmark：Markdown -> HTML
    private static final Parser MD_PARSER;
    private static final HtmlRenderer MD_RENDERER;
    static {
        MutableDataSet opts = new MutableDataSet();
        opts.set(Parser.EXTENSIONS, Arrays.asList(
                TablesExtension.create(),
                AutolinkExtension.create(),
                StrikethroughExtension.create(),
                TaskListExtension.create()
        ));
        // 允许内联 HTML（下游再做 sanitize）
        opts.set(Parser.HTML_BLOCK_PARSER, true);
        MD_PARSER = Parser.builder(opts).build();
        MD_RENDERER = HtmlRenderer.builder(opts).escapeHtml(false).build();
    }
    @GetMapping(value = "/api/rss", produces = "application/rss+xml;charset=UTF-8")
    public String feed() {
        // 建议 20；你现在是 10，这里保留你的 10
        List<Post> posts = postService.listLatestRssPosts(10);
        String base = trimTrailingSlash(websiteUrl);
        StringBuilder sb = new StringBuilder(4096);
        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
        sb.append("<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">");
        sb.append("<channel>");
        elem(sb, "title", cdata("OpenIsle RSS"));
        elem(sb, "link", base + "/");
        elem(sb, "description", cdata("Latest posts"));
        ZonedDateTime updated = posts.stream()
                .map(p -> p.getCreatedAt().atZone(ZoneId.systemDefault()))
                .max(Comparator.naturalOrder())
                .orElse(ZonedDateTime.now());
        // channel lastBuildDate（GMT）
        elem(sb, "lastBuildDate", toRfc1123Gmt(updated));
        for (Post p : posts) {
            String link = base + "/posts/" + p.getId();
            // 1) Markdown -> HTML
            String html = renderMarkdown(p.getContent());
            // 2) Sanitize（白名单增强）
            String safeHtml = sanitizeHtml(html);
            // 3) 绝对化 href/src + 强制 rel/target
            String absHtml = absolutifyHtml(safeHtml, base);
            // 4) 纯文本摘要（用于 <description>）
            String plain = textSummary(absHtml, 180);
            // 5) enclosure（首图，已绝对化）
            String enclosure = firstImage(p.getContent());
            if (enclosure == null) {
                // 如果 Markdown 没有图，尝试从渲染后的 HTML 再抓一次
                enclosure = firstImage(absHtml);
            }
            if (enclosure != null) {
                enclosure = absolutifyUrl(enclosure, base);
            }
            // 6) 构造优雅的附加区块（原文链接 + 精选评论），编入 <content:encoded>
            List<Comment> topComments = commentService
                    .getCommentsForPost(p.getId(), CommentSort.MOST_INTERACTIONS);
            topComments = topComments.subList(0, Math.min(10, topComments.size()));
            String footerHtml = buildFooterHtml(base, link, topComments);
            sb.append("<item>");
            elem(sb, "title", cdata(nullSafe(p.getTitle())));
            elem(sb, "link", link);
            sb.append("<guid isPermaLink=\"true\">").append(link).append("</guid>");
            elem(sb, "pubDate", toRfc1123Gmt(p.getCreatedAt().atZone(ZoneId.systemDefault())));
            // 摘要
            elem(sb, "description", cdata(plain));
            // 全文（HTML）：正文 + 优雅的 Markdown 区块（已转 HTML）
            sb.append("<content:encoded><![CDATA[")
                    .append(absHtml)
                    .append(footerHtml)
                    .append("]]></content:encoded>");
            // 首图 enclosure（图片类型）
            if (enclosure != null) {
                sb.append("<enclosure url=\"").append(escapeXml(enclosure)).append("\" type=\"")
                        .append(getMimeType(enclosure)).append("\" />");
            }
            sb.append("</item>");
        }
        sb.append("</channel></rss>");
        return sb.toString();
    }
    /* ===================== Markdown → HTML ===================== */
    private static String renderMarkdown(String md) {
        if (md == null || md.isEmpty()) return "";
        return MD_RENDERER.render(MD_PARSER.parse(md));
    }
    /* ===================== Sanitize & 绝对化 ===================== */
    private static String sanitizeHtml(String html) {
        if (html == null) return "";
        Safelist wl = Safelist.relaxed()
                .addTags(
                        "pre","code","figure","figcaption","picture","source",
                        "table","thead","tbody","tr","th","td",
                        "h1","h2","h3","h4","h5","h6",
                        "hr","blockquote"
                )
                .addAttributes("a", "href", "title", "target", "rel")
                .addAttributes("img", "src", "alt", "title", "width", "height")
                .addAttributes("source", "srcset", "type", "media")
                .addAttributes("code", "class")
                .addAttributes("pre", "class")
                .addProtocols("a", "href", "http", "https", "mailto")
                .addProtocols("img", "src", "http", "https", "data")
                .addProtocols("source", "srcset", "http", "https");
        // 清除所有 on* 事件、style（避免阅读器环境差异）
        return Jsoup.clean(html, wl);
    }
    private static String absolutifyHtml(String html, String baseUrl) {
        if (html == null || html.isEmpty()) return "";
        Document doc = Jsoup.parseBodyFragment(html, baseUrl);
        // a[href]
        for (Element a : doc.select("a[href]")) {
            String href = a.attr("href");
            String abs = absolutifyUrl(href, baseUrl);
            a.attr("href", abs);
            // 强制外链安全属性
            a.attr("rel", "noopener noreferrer nofollow");
            a.attr("target", "_blank");
        }
        // img[src]
        for (Element img : doc.select("img[src]")) {
            String src = img.attr("src");
            String abs = absolutifyUrl(src, baseUrl);
            img.attr("src", abs);
        }
        // source[srcset] （picture/webp）
        for (Element s : doc.select("source[srcset]")) {
            String srcset = s.attr("srcset");
            s.attr("srcset", absolutifySrcset(srcset, baseUrl));
        }
        return doc.body().html();
    }
    private static String absolutifyUrl(String url, String baseUrl) {
        if (url == null || url.isEmpty()) return url;
        String u = url.trim();
        if (u.startsWith("//")) {
            return "https:" + u;
        }
        if (u.startsWith("#")) {
            // 保留页面内锚点：拼接到首页（也可拼接到当前帖子的 link，但此处无上下文）
            return baseUrl + "/" + u;
        }
        try {
            URI base = URI.create(ensureTrailingSlash(baseUrl));
            URI abs = base.resolve(u);
            return abs.toString();
        } catch (Exception e) {
            return url;
        }
    }
    private static String absolutifySrcset(String srcset, String baseUrl) {
        if (srcset == null || srcset.isEmpty()) return srcset;
        String[] parts = srcset.split(",");
        List<String> out = new ArrayList<>(parts.length);
        for (String part : parts) {
            String p = part.trim();
            if (p.isEmpty()) continue;
            String[] seg = p.split("\\s+");
            String url = seg[0];
            String size = seg.length > 1 ? seg[1] : "";
            out.add(absolutifyUrl(url, baseUrl) + (size.isEmpty() ? "" : " " + size));
        }
        return String.join(", ", out);
    }
    /* ===================== 摘要 & enclosure ===================== */
    private static String textSummary(String html, int maxLen) {
        if (html == null) return "";
        String text = Jsoup.parse(html).text().replaceAll("\\s+", " ").trim();
        if (text.length() <= maxLen) return text;
        return text.substring(0, maxLen) + "…";
    }
    private String firstImage(String content) {
        if (content == null) return null;
        Matcher m = MD_IMAGE.matcher(content);
        if (m.find()) return m.group(1);
        m = HTML_IMAGE.matcher(content);
        if (m.find()) return m.group(1);
        // 再从纯 HTML 里解析一次（如果传入的是渲染后的）
        try {
            Document doc = Jsoup.parse(content);
            Element img = doc.selectFirst("img[src]");
            if (img != null) return img.attr("src");
        } catch (Exception ignored) {}
        return null;
    }
    private static String getMimeType(String url) {
        String lower = url == null ? "" : url.toLowerCase(Locale.ROOT);
        if (lower.endsWith(".png"))  return "image/png";
        if (lower.endsWith(".gif"))  return "image/gif";
        if (lower.endsWith(".webp")) return "image/webp";
        if (lower.endsWith(".svg"))  return "image/svg+xml";
        if (lower.endsWith(".avif")) return "image/avif";
        if (lower.endsWith(".jpg") || lower.endsWith(".jpeg")) return "image/jpeg";
        // 默认兜底
        return "image/jpeg";
    }
    /* ===================== 附加区块（原文链接 + 精选评论） ===================== */
    /**
     * 将“原文链接 + 精选评论（最多 10 条）”以优雅的 Markdown 形式渲染为 HTML，
     * 并做 sanitize + 绝对化，然后拼入 content:encoded 尾部。
     */
    private static String buildFooterHtml(String baseUrl, String originalLink, List<Comment> topComments) {
        StringBuilder md = new StringBuilder(256);
        // 分割线
        md.append("\n\n---\n\n");
        // 原文链接（强调 + 可点击）
        md.append("**原文链接：** ")
                .append("[").append(originalLink).append("](").append(originalLink).append(")")
                .append("\n\n");
        // 精选评论（仅当有评论时展示）
        if (topComments != null && !topComments.isEmpty()) {
            md.append("### 精选评论（Top ").append(Math.min(10, topComments.size())).append("）\n\n");
            for (Comment c : topComments) {
                String author = usernameOf(c);
                String content = nullSafe(c.getContent()).replace("\r", "");
                // 使用引用样式展示，提升可读性
                md.append("> @").append(author).append(": ").append(content).append("\n\n");
            }
        }
        // 渲染为 HTML，并保持和正文一致的处理流程
        String html = renderMarkdown(md.toString());
        String safe = sanitizeHtml(html);
        return absolutifyHtml(safe, baseUrl);
    }
    private static String usernameOf(Comment c) {
        if (c == null) return "匿名";
        try {
            Object authorObj = c.getAuthor();
            if (authorObj == null) return "匿名";
            // 反射避免直接依赖实体字段名变化（也可直接强转到具体类型）
            String username;
            try {
                username = (String) authorObj.getClass().getMethod("getUsername").invoke(authorObj);
            } catch (Exception e) {
                username = null;
            }
            if (username == null || username.isEmpty()) return "匿名";
            return username;
        } catch (Exception ignored) {
            return "匿名";
        }
    }
    /* ===================== 时间/字符串/XML ===================== */
    private static String toRfc1123Gmt(ZonedDateTime zdt) {
        return zdt.withZoneSameInstant(ZoneId.of("GMT")).format(RFC1123);
    }
    private static String cdata(String s) {
        if (s == null) return "<![CDATA[]]>";
        // 防止出现 "]]>" 终止标记破坏 CDATA
        return "<![CDATA[" + s.replace("]]>", "]]]]><![CDATA[>") + "]]>";
    }
    private static void elem(StringBuilder sb, String name, String value) {
        sb.append('<').append(name).append('>').append(value).append("</").append(name).append('>');
    }
    private static String escapeXml(String s) {
        if (s == null) return "";
        return s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
                .replace("\"", "&quot;").replace("'", "&apos;");
    }
    private static String trimTrailingSlash(String s) {
        if (s == null) return "";
        return s.endsWith("/") ? s.substring(0, s.length() - 1) : s;
    }
    private static String ensureTrailingSlash(String s) {
        if (s == null || s.isEmpty()) return "/";
        return s.endsWith("/") ? s : s + "/";
    }
    private static String nullSafe(String s) { return s == null ? "" : s; }
 }
@@ -1,10 +1,11 @@
 package com.openisle.controller;
-import com.openisle.model.Post;
+import com.openisle.dto.PostSummaryDto;
-import com.openisle.model.Comment;
+import com.openisle.dto.SearchResultDto;
-import com.openisle.model.User;
+import com.openisle.dto.UserDto;
 import com.openisle.mapper.PostMapper;
 import com.openisle.mapper.UserMapper;
 import com.openisle.service.SearchService;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -19,32 +20,34 @@ import java.util.stream.Collectors;
@RequiredArgsConstructor
 public class SearchController {
    private final SearchService searchService;
    private final UserMapper userMapper;
    private final PostMapper postMapper;
    @GetMapping("/users")
    public List<UserDto> searchUsers(@RequestParam String keyword) {
        return searchService.searchUsers(keyword).stream()
-                .map(this::toUserDto)
+                .map(userMapper::toDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/posts")
-    public List<PostDto> searchPosts(@RequestParam String keyword) {
+    public List<PostSummaryDto> searchPosts(@RequestParam String keyword) {
        return searchService.searchPosts(keyword).stream()
-                .map(this::toPostDto)
+                .map(postMapper::toSummaryDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/posts/content")
-    public List<PostDto> searchPostsByContent(@RequestParam String keyword) {
+    public List<PostSummaryDto> searchPostsByContent(@RequestParam String keyword) {
        return searchService.searchPostsByContent(keyword).stream()
-                .map(this::toPostDto)
+                .map(postMapper::toSummaryDto)
                .collect(Collectors.toList());
    }
    @GetMapping("/posts/title")
-    public List<PostDto> searchPostsByTitle(@RequestParam String keyword) {
+    public List<PostSummaryDto> searchPostsByTitle(@RequestParam String keyword) {
        return searchService.searchPostsByTitle(keyword).stream()
-                .map(this::toPostDto)
+                .map(postMapper::toSummaryDto)
                .collect(Collectors.toList());
    }
@@ -63,40 +66,4 @@ public class SearchController {
                })
                .collect(Collectors.toList());
    }
    private UserDto toUserDto(User user) {
        UserDto dto = new UserDto();
        dto.setId(user.getId());
        dto.setUsername(user.getUsername());
        return dto;
    }
    private PostDto toPostDto(Post post) {
        PostDto dto = new PostDto();
        dto.setId(post.getId());
        dto.setTitle(post.getTitle());
        return dto;
    }
    @Data
    private static class UserDto {
        private Long id;
        private String username;
    }
    @Data
    private static class PostDto {
        private Long id;
        private String title;
    }
    @Data
    private static class SearchResultDto {
        private String type;
        private Long id;
        private String text;
        private String subText;
        private String extra;
        private Long postId;
    }
 }
@@ -0,0 +1,69 @@
 package com.openisle.controller;
 import com.openisle.model.Post;
 import com.openisle.model.PostStatus;
 import com.openisle.repository.PostRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.List;
 /**
 * Controller for dynamic sitemap generation.
 */
@RestController
@RequiredArgsConstructor
@RequestMapping("/api")
 public class SitemapController {
    private final PostRepository postRepository;
    @Value("${app.website-url}")
    private String websiteUrl;
    @GetMapping(value = "/sitemap.xml", produces = MediaType.APPLICATION_XML_VALUE)
    public ResponseEntity<String> sitemap() {
        List<Post> posts = postRepository.findByStatus(PostStatus.PUBLISHED);
        StringBuilder body = new StringBuilder();
        body.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
        body.append("<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n");
        List<String> staticRoutes = List.of(
                "/",
                "/about",
                "/activities",
                "/login",
                "/signup"
        );
        for (String path : staticRoutes) {
            body.append("  <url><loc>")
                .append(websiteUrl)
                .append(path)
                .append("</loc></url>\n");
        }
        for (Post p : posts) {
            body.append("  <url>\n")
                .append("    <loc>")
                .append(websiteUrl)
                .append("/posts/")
                .append(p.getId())
                .append("</loc>\n")
                .append("    <lastmod>")
                .append(p.getCreatedAt().toLocalDate())
                .append("</lastmod>\n")
                .append("  </url>\n");
        }
        body.append("</urlset>");
        return ResponseEntity.ok()
                .contentType(MediaType.APPLICATION_XML)
                .body(body.toString());
    }
 }
@@ -0,0 +1,85 @@
 package com.openisle.controller;
 import com.openisle.service.UserVisitService;
 import com.openisle.service.StatService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import java.time.LocalDate;
 import java.util.List;
 import java.util.Map;
@RestController
@RequestMapping("/api/stats")
@RequiredArgsConstructor
 public class StatController {
    private final UserVisitService userVisitService;
    private final StatService statService;
    @GetMapping("/dau")
    public Map<String, Long> dau(@RequestParam(value = "date", required = false)
                                 @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate date) {
        long count = userVisitService.countDau(date);
        return Map.of("dau", count);
    }
    @GetMapping("/dau-range")
    public List<Map<String, Object>> dauRange(@RequestParam(value = "days", defaultValue = "30") int days) {
        if (days < 1) days = 1;
        LocalDate end = LocalDate.now();
        LocalDate start = end.minusDays(days - 1L);
        var data = userVisitService.countDauRange(start, end);
        return data.entrySet().stream()
                .map(e -> Map.<String,Object>of(
                        "date",  e.getKey().toString(),
                        "value", e.getValue()
                ))
                .toList();
    }
    @GetMapping("/new-users-range")
    public List<Map<String, Object>> newUsersRange(@RequestParam(value = "days", defaultValue = "30") int days) {
        if (days < 1) days = 1;
        LocalDate end = LocalDate.now();
        LocalDate start = end.minusDays(days - 1L);
        var data = statService.countNewUsersRange(start, end);
        return data.entrySet().stream()
                .map(e -> Map.<String,Object>of(
                        "date", e.getKey().toString(),
                        "value", e.getValue()
                ))
                .toList();
    }
    @GetMapping("/posts-range")
    public List<Map<String, Object>> postsRange(@RequestParam(value = "days", defaultValue = "30") int days) {
        if (days < 1) days = 1;
        LocalDate end = LocalDate.now();
        LocalDate start = end.minusDays(days - 1L);
        var data = statService.countPostsRange(start, end);
        return data.entrySet().stream()
                .map(e -> Map.<String,Object>of(
                        "date", e.getKey().toString(),
                        "value", e.getValue()
                ))
                .toList();
    }
    @GetMapping("/comments-range")
    public List<Map<String, Object>> commentsRange(@RequestParam(value = "days", defaultValue = "30") int days) {
        if (days < 1) days = 1;
        LocalDate end = LocalDate.now();
        LocalDate start = end.minusDays(days - 1L);
        var data = statService.countCommentsRange(start, end);
        return data.entrySet().stream()
                .map(e -> Map.<String,Object>of(
                        "date", e.getKey().toString(),
                        "value", e.getValue()
                ))
                .toList();
    }
 }
@@ -1,16 +1,21 @@
 package com.openisle.controller;
-import com.openisle.model.Tag;
+import com.openisle.dto.PostSummaryDto;
-import com.openisle.service.TagService;
+import com.openisle.dto.TagDto;
-import com.openisle.service.PostService;
+import com.openisle.dto.TagRequest;
-import com.openisle.repository.UserRepository;
+import com.openisle.mapper.PostMapper;
 import com.openisle.mapper.TagMapper;
 import com.openisle.model.PublishMode;
 import com.openisle.model.Role;
-import lombok.Data;
+import com.openisle.model.Tag;
 import com.openisle.repository.UserRepository;
 import com.openisle.service.PostService;
 import com.openisle.service.TagService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@RestController
@@ -20,6 +25,8 @@ public class TagController {
    private final TagService tagService;
    private final PostService postService;
    private final UserRepository userRepository;
    private final PostMapper postMapper;
    private final TagMapper tagMapper;
    @PostMapping
    public TagDto create(@RequestBody TagRequest req, org.springframework.security.core.Authentication auth) {
@@ -38,14 +45,14 @@ public class TagController {
                approved,
                auth != null ? auth.getName() : null);
        long count = postService.countPostsByTag(tag.getId());
-        return toDto(tag, count);
+        return tagMapper.toDto(tag, count);
    }
    @PutMapping("/{id}")
    public TagDto update(@PathVariable Long id, @RequestBody TagRequest req) {
        Tag tag = tagService.updateTag(id, req.getName(), req.getDescription(), req.getIcon(), req.getSmallIcon());
        long count = postService.countPostsByTag(tag.getId());
-        return toDto(tag, count);
+        return tagMapper.toDto(tag, count);
    }
    @DeleteMapping("/{id}")
@@ -56,8 +63,11 @@ public class TagController {
    @GetMapping
    public List<TagDto> list(@RequestParam(value = "keyword", required = false) String keyword,
                             @RequestParam(value = "limit", required = false) Integer limit) {
-        List<TagDto> dtos = tagService.searchTags(keyword).stream()
+        List<Tag> tags = tagService.searchTags(keyword);
-                .map(t -> toDto(t, postService.countPostsByTag(t.getId())))
+        List<Long> tagIds = tags.stream().map(Tag::getId).toList();
        Map<Long, Long> postCntByTagIds = postService.countPostsByTagIds(tagIds);
        List<TagDto> dtos = tags.stream()
                .map(t -> tagMapper.toDto(t, postCntByTagIds.getOrDefault(t.getId(), 0L)))
                .sorted((a, b) -> Long.compare(b.getCount(), a.getCount()))
                .collect(Collectors.toList());
        if (limit != null && limit > 0 && dtos.size() > limit) {
@@ -70,7 +80,7 @@ public class TagController {
    public TagDto get(@PathVariable Long id) {
        Tag tag = tagService.getTag(id);
        long count = postService.countPostsByTag(tag.getId());
-        return toDto(tag, count);
+        return tagMapper.toDto(tag, count);
    }
    @GetMapping("/{id}/posts")
@@ -79,47 +89,7 @@ public class TagController {
                                               @RequestParam(value = "pageSize", required = false) Integer pageSize) {
        return postService.listPostsByTags(java.util.List.of(id), page, pageSize)
                .stream()
-                .map(p -> {
+                .map(postMapper::toSummaryDto)
                    PostSummaryDto dto = new PostSummaryDto();
                    dto.setId(p.getId());
                    dto.setTitle(p.getTitle());
                    return dto;
                })
                .collect(Collectors.toList());
    }
    private TagDto toDto(Tag tag, long count) {
        TagDto dto = new TagDto();
        dto.setId(tag.getId());
        dto.setName(tag.getName());
        dto.setIcon(tag.getIcon());
        dto.setSmallIcon(tag.getSmallIcon());
        dto.setDescription(tag.getDescription());
        dto.setCount(count);
        return dto;
    }
    @Data
    private static class TagRequest {
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
    }
    @Data
    private static class TagDto {
        private Long id;
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
        private Long count;
    }
    @Data
    private static class PostSummaryDto {
        private Long id;
        private String title;
    }
 }
@@ -74,4 +74,9 @@ public class UploadController {
            return ResponseEntity.internalServerError().body(Map.of("code", 3, "msg", "Upload failed"));
        }
    }
    @GetMapping("/presign")
    public java.util.Map<String, String> presign(@RequestParam("filename") String filename) {
        return imageUploader.presignUpload(filename);
    }
 }
@@ -1,11 +1,13 @@
 package com.openisle.controller;
 import com.openisle.dto.*;
 import com.openisle.exception.NotFoundException;
 import com.openisle.mapper.TagMapper;
 import com.openisle.mapper.UserMapper;
 import com.openisle.model.User;
 import com.openisle.service.*;
 import org.springframework.beans.factory.annotation.Value;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
@@ -25,8 +27,10 @@ public class UserController {
    private final ReactionService reactionService;
    private final TagService tagService;
    private final SubscriptionService subscriptionService;
-    private final PostReadService postReadService;
+    private final LevelService levelService;
-    private final UserVisitService userVisitService;
+    private final JwtService jwtService;
    private final UserMapper userMapper;
    private final TagMapper tagMapper;
    @Value("${app.upload.check-type:true}")
    private boolean checkImageType;
@@ -43,13 +47,10 @@ public class UserController {
    @Value("${app.user.tags-limit:50}")
    private int defaultTagsLimit;
    @Value("${app.snippet-length:50}")
    private int snippetLength;
    @GetMapping("/me")
    public ResponseEntity<UserDto> me(Authentication auth) {
        User user = userService.findByUsername(auth.getName()).orElseThrow();
-        return ResponseEntity.ok(toDto(user, auth));
+        return ResponseEntity.ok(userMapper.toDto(user, auth));
    }
    @PostMapping("/me/avatar")
@@ -72,17 +73,26 @@ public class UserController {
    }
    @PutMapping("/me")
-    public ResponseEntity<UserDto> updateProfile(@RequestBody UpdateProfileDto dto,
+    public ResponseEntity<?> updateProfile(@RequestBody UpdateProfileDto dto,
-                                                 Authentication auth) {
+                                           Authentication auth) {
        User user = userService.updateProfile(auth.getName(), dto.getUsername(), dto.getIntroduction());
-        return ResponseEntity.ok(toDto(user, auth));
+        return ResponseEntity.ok(Map.of(
                "token", jwtService.generateToken(user.getUsername()),
                "user", userMapper.toDto(user, auth)
        ));
    }
    @PostMapping("/me/signin")
    public Map<String, Integer> signIn(Authentication auth) {
        int reward = levelService.awardForSignin(auth.getName());
        return Map.of("reward", reward);
    }
    @GetMapping("/{identifier}")
    public ResponseEntity<UserDto> getUser(@PathVariable("identifier") String identifier,
                                           Authentication auth) {
        User user = userService.findByIdentifier(identifier).orElseThrow(() -> new NotFoundException("User not found"));
-        return ResponseEntity.ok(toDto(user, auth));
+        return ResponseEntity.ok(userMapper.toDto(user, auth));
    }
    @GetMapping("/{identifier}/posts")
@@ -91,7 +101,7 @@ public class UserController {
        int l = limit != null ? limit : defaultPostsLimit;
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return postService.getRecentPostsByUser(user.getUsername(), l).stream()
-                .map(this::toMetaDto)
+                .map(userMapper::toMetaDto)
                .collect(java.util.stream.Collectors.toList());
    }
@@ -101,7 +111,7 @@ public class UserController {
        int l = limit != null ? limit : defaultRepliesLimit;
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return commentService.getRecentCommentsByUser(user.getUsername(), l).stream()
-                .map(this::toCommentInfoDto)
+                .map(userMapper::toCommentInfoDto)
                .collect(java.util.stream.Collectors.toList());
    }
@@ -112,7 +122,7 @@ public class UserController {
        User user = userService.findByIdentifier(identifier).orElseThrow();
        java.util.List<Long> ids = reactionService.topPostIds(user.getUsername(), l);
        return postService.getPostsByIds(ids).stream()
-                .map(this::toMetaDto)
+                .map(userMapper::toMetaDto)
                .collect(java.util.stream.Collectors.toList());
    }
@@ -123,49 +133,29 @@ public class UserController {
        User user = userService.findByIdentifier(identifier).orElseThrow();
        java.util.List<Long> ids = reactionService.topCommentIds(user.getUsername(), l);
        return commentService.getCommentsByIds(ids).stream()
-                .map(this::toCommentInfoDto)
+                .map(userMapper::toCommentInfoDto)
                .collect(java.util.stream.Collectors.toList());
    }
    @GetMapping("/{identifier}/hot-tags")
-    public java.util.List<TagInfoDto> hotTags(@PathVariable("identifier") String identifier,
+    public java.util.List<TagDto> hotTags(@PathVariable("identifier") String identifier,
-                                              @RequestParam(value = "limit", required = false) Integer limit) {
+                                          @RequestParam(value = "limit", required = false) Integer limit) {
        int l = limit != null ? limit : 10;
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return tagService.getTagsByUser(user.getUsername()).stream()
-                .map(t -> {
+                .map(t -> tagMapper.toDto(t, postService.countPostsByTag(t.getId())))
                    TagInfoDto dto = new TagInfoDto();
                    dto.setId(t.getId());
                    dto.setName(t.getName());
                    dto.setDescription(t.getDescription());
                    dto.setIcon(t.getIcon());
                    dto.setSmallIcon(t.getSmallIcon());
                    dto.setCreatedAt(t.getCreatedAt());
                    dto.setCount(postService.countPostsByTag(t.getId()));
                    return dto;
                })
                .sorted((a, b) -> Long.compare(b.getCount(), a.getCount()))
                .limit(l)
                .collect(java.util.stream.Collectors.toList());
    }
    @GetMapping("/{identifier}/tags")
-    public java.util.List<TagInfoDto> userTags(@PathVariable("identifier") String identifier,
+    public java.util.List<TagDto> userTags(@PathVariable("identifier") String identifier,
-                                               @RequestParam(value = "limit", required = false) Integer limit) {
+                                           @RequestParam(value = "limit", required = false) Integer limit) {
        int l = limit != null ? limit : defaultTagsLimit;
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return tagService.getRecentTagsByUser(user.getUsername(), l).stream()
-                .map(t -> {
+                .map(t -> tagMapper.toDto(t, postService.countPostsByTag(t.getId())))
                    TagInfoDto dto = new TagInfoDto();
                    dto.setId(t.getId());
                    dto.setName(t.getName());
                    dto.setDescription(t.getDescription());
                    dto.setIcon(t.getIcon());
                    dto.setSmallIcon(t.getSmallIcon());
                    dto.setCreatedAt(t.getCreatedAt());
                    dto.setCount(postService.countPostsByTag(t.getId()));
                    return dto;
                })
                .collect(java.util.stream.Collectors.toList());
    }
@@ -173,7 +163,7 @@ public class UserController {
    public java.util.List<UserDto> following(@PathVariable("identifier") String identifier) {
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return subscriptionService.getSubscribedUsers(user.getUsername()).stream()
-                .map(this::toDto)
+                .map(userMapper::toDto)
                .collect(java.util.stream.Collectors.toList());
    }
@@ -181,7 +171,14 @@ public class UserController {
    public java.util.List<UserDto> followers(@PathVariable("identifier") String identifier) {
        User user = userService.findByIdentifier(identifier).orElseThrow();
        return subscriptionService.getSubscribers(user.getUsername()).stream()
-                .map(this::toDto)
+                .map(userMapper::toDto)
                .collect(java.util.stream.Collectors.toList());
    }
    @GetMapping("/admins")
    public java.util.List<UserDto> admins() {
        return userService.getAdmins().stream()
                .map(userMapper::toDto)
                .collect(java.util.stream.Collectors.toList());
    }
@@ -194,149 +191,15 @@ public class UserController {
        int pLimit = postsLimit != null ? postsLimit : defaultPostsLimit;
        int rLimit = repliesLimit != null ? repliesLimit : defaultRepliesLimit;
        java.util.List<PostMetaDto> posts = postService.getRecentPostsByUser(user.getUsername(), pLimit).stream()
-                .map(this::toMetaDto)
+                .map(userMapper::toMetaDto)
                .collect(java.util.stream.Collectors.toList());
        java.util.List<CommentInfoDto> replies = commentService.getRecentCommentsByUser(user.getUsername(), rLimit).stream()
-                .map(this::toCommentInfoDto)
+                .map(userMapper::toCommentInfoDto)
                .collect(java.util.stream.Collectors.toList());
        UserAggregateDto dto = new UserAggregateDto();
-        dto.setUser(toDto(user, auth));
+        dto.setUser(userMapper.toDto(user, auth));
        dto.setPosts(posts);
        dto.setReplies(replies);
        return ResponseEntity.ok(dto);
    }
    private UserDto toDto(User user, Authentication viewer) {
        UserDto dto = new UserDto();
        dto.setId(user.getId());
        dto.setUsername(user.getUsername());
        dto.setEmail(user.getEmail());
        dto.setAvatar(user.getAvatar());
        dto.setRole(user.getRole().name());
        dto.setIntroduction(user.getIntroduction());
        dto.setFollowers(subscriptionService.countSubscribers(user.getUsername()));
        dto.setFollowing(subscriptionService.countSubscribed(user.getUsername()));
        dto.setCreatedAt(user.getCreatedAt());
        dto.setLastPostTime(postService.getLastPostTime(user.getUsername()));
        dto.setTotalViews(postService.getTotalViews(user.getUsername()));
        dto.setVisitedDays(userVisitService.countVisits(user.getUsername()));
        dto.setReadPosts(postReadService.countReads(user.getUsername()));
        dto.setLikesSent(reactionService.countLikesSent(user.getUsername()));
        dto.setLikesReceived(reactionService.countLikesReceived(user.getUsername()));
        if (viewer != null) {
            dto.setSubscribed(subscriptionService.isSubscribed(viewer.getName(), user.getUsername()));
        } else {
            dto.setSubscribed(false);
        }
        return dto;
    }
    private UserDto toDto(User user) {
        return toDto(user, null);
    }
    private PostMetaDto toMetaDto(com.openisle.model.Post post) {
        PostMetaDto dto = new PostMetaDto();
        dto.setId(post.getId());
        dto.setTitle(post.getTitle());
        String content = post.getContent();
        if (content == null) {
            content = "";
        }
        if (snippetLength >= 0) {
            dto.setSnippet(content.length() > snippetLength ? content.substring(0, snippetLength) : content);
        } else {
            dto.setSnippet(content);
        }
        dto.setCreatedAt(post.getCreatedAt());
        dto.setCategory(post.getCategory().getName());
        dto.setViews(post.getViews());
        return dto;
    }
    private CommentInfoDto toCommentInfoDto(com.openisle.model.Comment comment) {
        CommentInfoDto dto = new CommentInfoDto();
        dto.setId(comment.getId());
        dto.setContent(comment.getContent());
        dto.setCreatedAt(comment.getCreatedAt());
        dto.setPost(toMetaDto(comment.getPost()));
        if (comment.getParent() != null) {
            ParentCommentDto pc = new ParentCommentDto();
            pc.setId(comment.getParent().getId());
            pc.setAuthor(comment.getParent().getAuthor().getUsername());
            pc.setContent(comment.getParent().getContent());
            dto.setParentComment(pc);
        }
        return dto;
    }
    @Data
    private static class UserDto {
        private Long id;
        private String username;
        private String email;
        private String avatar;
        private String role;
        private String introduction;
        private long followers;
        private long following;
        private java.time.LocalDateTime createdAt;
        private java.time.LocalDateTime lastPostTime;
        private long totalViews;
        private long visitedDays;
        private long readPosts;
        private long likesSent;
        private long likesReceived;
        private boolean subscribed;
    }
    @Data
    private static class PostMetaDto {
        private Long id;
        private String title;
        private String snippet;
        private java.time.LocalDateTime createdAt;
        private String category;
        private long views;
    }
    @Data
    private static class CommentInfoDto {
        private Long id;
        private String content;
        private java.time.LocalDateTime createdAt;
        private PostMetaDto post;
        private ParentCommentDto parentComment;
    }
    @Data
    private static class TagInfoDto {
        private Long id;
        private String name;
        private String description;
        private String icon;
        private String smallIcon;
        private java.time.LocalDateTime createdAt;
        private Long count;
    }
    @Data
    private static class ParentCommentDto {
        private Long id;
        private String author;
        private String content;
    }
    @Data
    private static class UpdateProfileDto {
        private String username;
        private String introduction;
    }
    @Data
    private static class UserAggregateDto {
        private UserDto user;
        private java.util.List<PostMetaDto> posts;
        private java.util.List<CommentInfoDto> replies;
    }
 }
@@ -0,0 +1,21 @@
 package com.openisle.dto;
 import com.openisle.model.ActivityType;
 import lombok.Data;
 import java.time.LocalDateTime;
 /**
 * DTO representing an activity without participant details.
 */
@Data
 public class ActivityDto {
    private Long id;
    private String title;
    private String icon;
    private String content;
    private LocalDateTime startTime;
    private LocalDateTime endTime;
    private ActivityType type;
    private boolean ended;
 }
@@ -0,0 +1,16 @@
 package com.openisle.dto;
 import lombok.Data;
 import com.openisle.model.MedalType;
 /**
 * DTO representing a post or comment author.
 */
@Data
 public class AuthorDto {
    private Long id;
    private String username;
    private String avatar;
    private MedalType displayMedal;
 }
@@ -0,0 +1,17 @@
 package com.openisle.dto;
 import lombok.Data;
 /**
 * DTO representing a post category.
 */
@Data
 public class CategoryDto {
    private Long id;
    private String name;
    private String description;
    private String icon;
    private String smallIcon;
    private Long count;
 }
@@ -0,0 +1,12 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request body for creating or updating a category. */
@Data
 public class CategoryRequest {
    private String name;
    private String description;
    private String icon;
    private String smallIcon;
 }
@@ -0,0 +1,17 @@
 package com.openisle.dto;
 import lombok.Getter;
 import lombok.Setter;
@Getter
@Setter
 public class ChannelDto {
    private Long id;
    private String name;
    private String description;
    private String avatar;
    private MessageDto lastMessage;
    private long memberCount;
    private boolean joined;
    private long unreadCount;
 }
@@ -0,0 +1,23 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.List;
 /**
 * DTO representing a comment and its nested replies.
 */
@Data
 public class CommentDto {
    private Long id;
    private String content;
    private LocalDateTime createdAt;
    private LocalDateTime pinnedAt;
    private AuthorDto author;
    private List<CommentDto> replies;
    private List<ReactionDto> reactions;
    private int reward;
    private int pointReward;
 }
@@ -0,0 +1,15 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 /** DTO for comment information in user profiles. */
@Data
 public class CommentInfoDto {
    private Long id;
    private String content;
    private LocalDateTime createdAt;
    private PostMetaDto post;
    private ParentCommentDto parentComment;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper = true)
 public class CommentMedalDto extends MedalDto {
    private long currentCommentCount;
    private long targetCommentCount;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request body for creating or replying to a comment. */
@Data
 public class CommentRequest {
    private String content;
    private String captcha;
 }
@@ -0,0 +1,15 @@
 package com.openisle.dto;
 import com.openisle.model.PasswordStrength;
 import com.openisle.model.PublishMode;
 import com.openisle.model.RegisterMode;
 import lombok.Data;
 /** DTO for site configuration. */
@Data
 public class ConfigDto {
    private PublishMode publishMode;
    private PasswordStrength passwordStrength;
    private Integer aiFormatLimit;
    private RegisterMode registerMode;
 }
@@ -0,0 +1,12 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper = true)
 public class ContributorMedalDto extends MedalDto {
    private long currentContributionLines;
    private long targetContributionLines;
 }
@@ -0,0 +1,16 @@
 package com.openisle.dto;
 import lombok.Data;
 import org.springframework.data.domain.Page;
 import java.util.List;
@Data
 public class ConversationDetailDto {
    private Long id;
    private String name;
    private boolean channel;
    private String avatar;
    private List<UserSummaryDto> participants;
    private Page<MessageDto> messages;
 }
@@ -0,0 +1,20 @@
 package com.openisle.dto;
 import lombok.Getter;
 import lombok.Setter;
 import java.time.LocalDateTime;
 import java.util.List;
@Getter
@Setter
 public class ConversationDto {
    private Long id;
    private String name;
    private boolean channel;
    private String avatar;
    private MessageDto lastMessage;
    private List<UserSummaryDto> participants;
    private LocalDateTime createdAt;
    private long unreadCount;
 }
@@ -0,0 +1,8 @@
 package com.openisle.dto;
 import lombok.Data;
@Data
 public class CreateConversationRequest {
    private Long recipientId;
 }
@@ -0,0 +1,12 @@
 package com.openisle.dto;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@Data
@AllArgsConstructor
@NoArgsConstructor
 public class CreateConversationResponse {
    private Long conversationId;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request for Discord OAuth login. */
@Data
 public class DiscordLoginRequest {
    private String code;
    private String redirectUri;
    private String inviteToken;
 }
@@ -0,0 +1,15 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.util.List;
 /** DTO representing a saved draft. */
@Data
 public class DraftDto {
    private Long id;
    private String title;
    private String content;
    private Long categoryId;
    private List<Long> tagIds;
 }
@@ -0,0 +1,14 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.util.List;
 /** Request body for saving a draft. */
@Data
 public class DraftRequest {
    private String title;
    private String content;
    private Long categoryId;
    private List<Long> tagIds;
 }
@@ -0,0 +1,12 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper = true)
 public class FeaturedMedalDto extends MedalDto {
    private long currentFeaturedCount;
    private long targetFeaturedCount;
 }
@@ -0,0 +1,9 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to trigger a forgot password email. */
@Data
 public class ForgotPasswordRequest {
    private String email;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request for GitHub OAuth login. */
@Data
 public class GithubLoginRequest {
    private String code;
    private String redirectUri;
    private String inviteToken;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request for Google OAuth login. */
@Data
 public class GoogleLoginRequest {
    private String idToken;
    private String inviteToken;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to login. */
@Data
 public class LoginRequest {
    private String username;
    private String password;
    private String captcha;
 }
@@ -0,0 +1,17 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.List;
 /** Metadata for lottery posts. */
@Data
 public class LotteryDto {
    private String prizeDescription;
    private String prizeIcon;
    private int prizeCount;
    private LocalDateTime startTime;
    private LocalDateTime endTime;
    private List<AuthorDto> participants;
    private List<AuthorDto> winners;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to submit a reason (e.g., for moderation). */
@Data
 public class MakeReasonRequest {
    private String token;
    private String reason;
 }
@@ -0,0 +1,14 @@
 package com.openisle.dto;
 import com.openisle.model.MedalType;
 import lombok.Data;
@Data
 public class MedalDto {
    private String icon;
    private String title;
    private String description;
    private MedalType type;
    private boolean completed;
    private boolean selected;
 }
@@ -0,0 +1,9 @@
 package com.openisle.dto;
 import com.openisle.model.MedalType;
 import lombok.Data;
@Data
 public class MedalSelectRequest {
    private MedalType type;
 }
@@ -0,0 +1,16 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.List;
@Data
 public class MessageDto {
    private Long id;
    private String content;
    private UserSummaryDto sender;
    private Long conversationId;
    private LocalDateTime createdAt;
    private MessageDto replyTo;
    private List<ReactionDto> reactions;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Info about the milk tea activity. */
@Data
 public class MilkTeaInfoDto {
    private long redeemCount;
    private boolean ended;
 }
@@ -0,0 +1,9 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to redeem the milk tea activity. */
@Data
 public class MilkTeaRedeemRequest {
    private String contact;
 }
@@ -0,0 +1,23 @@
 package com.openisle.dto;
 import com.openisle.model.NotificationType;
 import com.openisle.model.ReactionType;
 import lombok.Data;
 import java.time.LocalDateTime;
 /** DTO representing a user notification. */
@Data
 public class NotificationDto {
    private Long id;
    private NotificationType type;
    private PostSummaryDto post;
    private CommentDto comment;
    private CommentDto parentComment;
    private AuthorDto fromUser;
    private ReactionType reactionType;
    private String content;
    private Boolean approved;
    private boolean read;
    private LocalDateTime createdAt;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.util.List;
 /** Request to mark notifications as read. */
@Data
 public class NotificationMarkReadRequest {
    private List<Long> ids;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import com.openisle.model.NotificationType;
 import lombok.Data;
 /** User notification preference DTO. */
@Data
 public class NotificationPreferenceDto {
    private NotificationType type;
    private boolean enabled;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import com.openisle.model.NotificationType;
 import lombok.Data;
 /** Request to update a single notification preference. */
@Data
 public class NotificationPreferenceUpdateRequest {
    private NotificationType type;
    private boolean enabled;
 }
@@ -0,0 +1,9 @@
 package com.openisle.dto;
 import lombok.Data;
 /** DTO representing unread notification count. */
@Data
 public class NotificationUnreadCountDto {
    private long count;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 /** DTO representing a parent comment. */
@Data
 public class ParentCommentDto {
    private Long id;
    private String author;
    private String content;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper = true)
 public class PioneerMedalDto extends MedalDto {
    private long rank;
 }
@@ -0,0 +1,12 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Point mall good info. */
@Data
 public class PointGoodDto {
    private Long id;
    private String name;
    private int cost;
    private String image;
 }
@@ -0,0 +1,23 @@
 package com.openisle.dto;
 import com.openisle.model.PointHistoryType;
 import lombok.Getter;
 import lombok.Setter;
 import java.time.LocalDateTime;
@Getter
@Setter
 public class PointHistoryDto {
    private Long id;
    private PointHistoryType type;
    private int amount;
    private int balance;
    private Long postId;
    private String postTitle;
    private Long commentId;
    private String commentContent;
    private Long fromUserId;
    private String fromUserName;
    private LocalDateTime createdAt;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to redeem a point mall good. */
@Data
 public class PointRedeemRequest {
    private Long goodId;
    private String contact;
 }
@@ -0,0 +1,16 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import java.util.List;
 /**
 * Detailed DTO for a post, including comments.
 */
@Data
@EqualsAndHashCode(callSuper = true)
 public class PostDetailDto extends PostSummaryDto {
    private List<CommentDto> comments;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper = true)
 public class PostMedalDto extends MedalDto {
    private long currentPostCount;
    private long targetPostCount;
 }
@@ -0,0 +1,16 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 /** Lightweight post metadata used in user profile lists. */
@Data
 public class PostMetaDto {
    private Long id;
    private String title;
    private String snippet;
    private LocalDateTime createdAt;
    private String category;
    private long views;
 }
@@ -0,0 +1,29 @@
 package com.openisle.dto;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.List;
 import com.openisle.model.PostType;
 /**
 * Request body for creating or updating a post.
 */
@Data
 public class PostRequest {
    private Long categoryId;
    private String title;
    private String content;
    private List<Long> tagIds;
    private String captcha;
    // optional for lottery posts
    private PostType type;
    private String prizeDescription;
    private String prizeIcon;
    private Integer prizeCount;
    private LocalDateTime startTime;
    private LocalDateTime endTime;
 }
@@ -0,0 +1,37 @@
 package com.openisle.dto;
 import com.openisle.model.PostStatus;
 import com.openisle.model.PostType;
 import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.List;
 /**
 * Lightweight DTO for listing posts without comments.
 */
@Data
 public class PostSummaryDto {
    private Long id;
    private String title;
    private String content;
    private LocalDateTime createdAt;
    private AuthorDto author;
    private CategoryDto category;
    private List<TagDto> tags;
    private long views;
    private long commentCount;
    private PostStatus status;
    private LocalDateTime pinnedAt;
    private LocalDateTime lastReplyAt;
    private List<ReactionDto> reactions;
    private List<AuthorDto> participants;
    private boolean subscribed;
    private int reward;
    private int pointReward;
    private PostType type;
    private LotteryDto lottery;
    private boolean rssExcluded;
    private boolean closed;
 }
@@ -0,0 +1,9 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Public key response for web push. */
@Data
 public class PushPublicKeyDto {
    private String key;
 }
@@ -0,0 +1,11 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request body for saving a push subscription. */
@Data
 public class PushSubscriptionRequest {
    private String endpoint;
    private String p256dh;
    private String auth;
 }
@@ -0,0 +1,19 @@
 package com.openisle.dto;
 import com.openisle.model.ReactionType;
 import lombok.Data;
 /**
 * DTO representing a reaction on a post, comment or message.
 */
@Data
 public class ReactionDto {
    private Long id;
    private ReactionType type;
    private String user;
    private Long postId;
    private Long commentId;
    private Long messageId;
    private int reward;
 }
@@ -0,0 +1,10 @@
 package com.openisle.dto;
 import com.openisle.model.ReactionType;
 import lombok.Data;
 /** Request for reacting to a post or comment. */
@Data
 public class ReactionRequest {
    private ReactionType type;
 }
@@ -0,0 +1,13 @@
 package com.openisle.dto;
 import lombok.Data;
 /** Request to register a new user. */
@Data
 public class RegisterRequest {
    private String username;
    private String email;
    private String password;
    private String captcha;
    private String inviteToken;
 }
--- a/Show More
+++ b/Show More