9 Commits

Author	SHA1	Message	Date
soroush.asadi	24aa4c51a4	fix(identity): plan-statistics LINQ translation (aggregate in memory) ... EF Core can't translate a conditional Count(predicate) inside a grouped Select; fetch flat rows then group/aggregate in memory. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 23:04:53 +03:30
soroush.asadi	151970accd	feat(admin): plan statistics + node restart/close-ae actions ... Final legacy-admin items: - identity GET /v1/admin/plan-statistics (active/total users + revenue per plan from user_plans); surfaced as a breakdown table in /admin/stats - NodesTable: wire Restart + Close-AE actions (backend already supported them) via new proxy routes; was only drain/release before Full DivineGateWeb legacy-admin parity achieved. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 23:02:03 +03:30
soroush.asadi	3091911260	feat(admin): affiliate/personal discounts, user-videos, internal routes, authz ... Closes the remaining legacy-admin gaps: - Users «مدیریت» modal: create personal discount or affiliate code (owner_user_id + owner_profit_percentage on existing /v1/discounts), and view the user's saved projects ("videos") via new admin GET /v1/saved-projects/by-user/{id} (studio) - Internal routes admin (/admin/routes): CRUD on content.internal_routes (RoutesController + CmsService + gateway /v1/routes/*) - Security: lock identity UsersController Search + Ban to [Authorize(Roles="Admin")] Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 22:42:01 +03:30
soroush.asadi	3acd366fda	feat(admin): music library admin + fix CRM analytics UTC ... - /admin/music: list / upload / delete studio audio tracks (content-svc GET/POST/DELETE /v1/music) — fills the legacy music-library gap - fix: CRM analytics coerced query-bound dates to UTC (Npgsql timestamptz rejects Kind=Unspecified) — endpoint was returning 400 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 22:17:14 +03:30
soroush.asadi	62a5121ffe	feat(identity+admin): CRM analytics + customer notes + user power-actions ... Modeled on the legacy DivineGateWeb admin (CRM + Security/* actions): - identity-svc AdminService + AdminController (admin-gated): - GET /v1/admin/crm/analytics — signups/buyers/conversion/revenue + daily series (from identity.users + identity.payments) - GET/PUT /v1/users/{id}/crm — tags / note / pipeline status (user_crm table, mig 20) - power-actions: POST /v1/users/{id}/{balance,password,charge,moderator,grant-plan} - admin UI: /admin/crm dashboard (funnel cards + daily signup/revenue bars); per-user "مدیریت" modal in Users (balance, render charge, plan days, password, moderator, CRM notes) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 18:59:07 +03:30
soroush.asadi	3fc7bf2b97	feat: AI SEO generator, full admin panel, i18n sweep, new logo + auth/RTL fixes ... AI SEO content generator - content-svc: per-tenant OpenAI config (ai_settings) + /v1/ai endpoints (settings GET/PUT, seo-post) with SEO-expert prompt → structured article - admin UI to configure token/base-url/model and generate + save as blog - configurable base URL for restricted networks Full data-driven admin panel - generic /api/admin/resource proxy + reusable AdminResource component - categories/tags/fonts/blogs (CRUD), users (list + ban), plans/slides - AI content section; nav + i18n i18n localization sweep - localized 116 user-facing + studio/editor components to next-intl (fa+en) under the auto.* namespace; merge tooling in scripts/merge-i18n.js Branding + assets - Monoline F logo (LogoMark + favicon) - offline SVG placeholder generator (/api/placeholder), dropped picsum.photos Fixes - JWT issuer mismatch on content/studio (flatrender → flatrender-identity) - missing role claim → [Authorize(Roles="Admin")] now works (RBAC) - Secure cookies broke HTTP sessions → gated behind AUTH_COOKIE_SECURE - Radix RTL via DirectionProvider (right-aligned menus in fa) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 09:35:14 +03:30
soroush.asadi	bcc69f0a2e	feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset ... Node-agent — full render pipeline (items 1-3): - render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET, 2h TTL, path=templates/{original_project_id}/template.aep) - render-svc: POST /v1/internal/render/jobs/:id/output-upload-url allocates Export row + returns presigned MinIO PUT URL + export_id - render-svc: db.CreateExportForJob() inserts export row with 30-day retention - render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket) MINIO_TEMPLATES_BUCKET env var (default flatrender-templates) - node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only) - node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field - node-agent: runJob() full flow: download AEP → render → get upload URL → PUT output to MinIO → Complete(export_id) All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export) TLS reverse proxy (item 15): - Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN) auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API - docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp, caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL - .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries Billing portal (item 5): - Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false (access continues to expiry); 404 when no active plan - POST /api/billing/cancel — frontend proxy, validates auth - GET /api/billing/portal — redirects to /dashboard/settings?tab=billing - SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI, "Change plan" button; becomes "use client" component Password reset UI (item 7): - POST /api/auth/password-reset — proxies /v1/auth/password/reset/request (always 200, anti-enumeration) - POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm - AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow (email → OTP+new-password) without leaving the auth page Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 16:41:13 +03:30
soroush.asadi	8b86f17645	fix: make plans list public, fix frontend healthcheck IPv6 ... PlansController had a class-level [Authorize] that gated the public plans list, contradicting the gateway's optionalAuth on /plans. Mark List/GetById [AllowAnonymous] and resolve tenant optionally so anonymous callers receive global plans (purchase/current-plan stay authenticated). Frontend container stayed "unhealthy" because busybox wget resolves localhost to IPv6 [::1] while the Next.js standalone server binds IPv4 only. Use 127.0.0.1 in the healthcheck. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-30 00:24:53 +03:30
soroush.asadi	90ac0b81d1	feat: V2 microservices stack — backend services, gateway, JWT auth ... Add full V2 architecture: identity, content, studio (.NET 10) and file, render, notification, gateway (Go) services with vendored deps, plus DB migrations, event/API contracts, and an init-db script. Wire the Next.js frontend to the gateway: server-side JWT auth routes (login/register/refresh/logout/me), gateway fetch helper, and session/ cookie/jwt helpers under src/lib. Containerize the stack via docker-compose.v2.yml and per-service Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via next/font/local to avoid Google Fonts (geo-blocked). Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-29 23:29:31 +03:30