14 Commits

Author	SHA1	Message	Date
soroush.asadi	2c961b123b	feat(content+admin): content ranking + statistics dashboard ... - content-svc: template list gains popularity/rating sort modes (use_count_desc, popular, rating_desc); new PATCH /v1/templates/{id}/sort to set manual sort weight (feature/pin) without a full edit - admin /admin/ranking: templates ordered by popularity with views/uses/rating and inline manual-sort editor - admin /admin/stats: overview dashboard (users, revenue, paying customers, conversion, templates/categories/campaigns/blogs counts) aggregated from existing identity + content endpoints - nav: Dashboard + Ranking links Completes the epic: SMS/Email/Templates → Marketing → CRM → Ranking + Stats. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 22:11:18 +03:30
soroush.asadi	62a5121ffe	feat(identity+admin): CRM analytics + customer notes + user power-actions ... Modeled on the legacy DivineGateWeb admin (CRM + Security/* actions): - identity-svc AdminService + AdminController (admin-gated): - GET /v1/admin/crm/analytics — signups/buyers/conversion/revenue + daily series (from identity.users + identity.payments) - GET/PUT /v1/users/{id}/crm — tags / note / pipeline status (user_crm table, mig 20) - power-actions: POST /v1/users/{id}/{balance,password,charge,moderator,grant-plan} - admin UI: /admin/crm dashboard (funnel cards + daily signup/revenue bars); per-user "مدیریت" modal in Users (balance, render charge, plan days, password, moderator, CRM notes) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 18:59:07 +03:30
soroush.asadi	6dbb14d146	feat(notifications+admin): marketing campaigns ... - campaigns table (migration 19) + CRUD + send endpoint in notification-svc - audience resolution reads cross-schema from identity.users (all / verified / with_plan); send dispatches via the SMS or Email channel and logs deliveries - endpoints: GET/POST /v1/campaigns, POST /v1/campaigns/:id/send, DELETE - gateway route /v1/campaigns/* → notification - /admin/marketing: create campaign (channel, audience, template/subject/body), list with status + sent counts, send, delete Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 18:17:19 +03:30
soroush.asadi	507ac7e6a4	feat(notifications+admin): SMS (Kavenegar) + Email (SMTP) channels & templates ... Backend (notification-svc): - channel_config table (per-tenant Kavenegar + SMTP settings) + migration 18 - sender pkg: Kavenegar SMS client + SMTP mailer (STARTTLS / implicit TLS), stdlib only - endpoints: GET/PUT /v1/channels[/:channel], POST /v1/sms/send, POST /v1/email/send (template + {{var}} rendering); deliveries logged - seeded 3 Persian email templates: welcome / account_verification / promotion - gateway routes /v1/{channels,sms,email}/* → notification Admin UI: - /admin/messaging: SMS + Email provider config cards, test-send, email template editor - nav link + fa/en labels Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 17:32:54 +03:30
soroush.asadi	e7cdf35b65	feat(content): scenes + shared-colors + colour-presets endpoints ... Completes the content backend for the studio building blocks (all project-scoped): - GET /v1/scenes?project_id= + POST/PUT/DELETE (scene metadata CRUD) - GET /v1/shared-colors?project_id= + POST/PUT/DELETE - GET /v1/color-presets?project_id= + POST/PUT/DELETE (palette + items) SceneColorService + DTOs; reads open, writes [Authorize(Roles=Admin)]. Gateway routes /v1/{scenes,shared-colors,color-presets}/* → content. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 15:35:32 +03:30
soroush.asadi	cf5dd4f195	feat(admin): category SEO fields, Templates admin, safe project PATCH ... - categories/tags admin forms: add meta title/description/keywords, bot-follow, sort, is_active (backend already supported these) - new Templates admin (/admin/templates): container CRUD with description, keywords, publishing, premium, primary mode, category/tag assignment, plus editable per-variant aspect & resolution - content-svc: PATCH /v1/projects/{id} partial update so aspect/resolution edits never wipe render/colour data (SharedColorsSvg, RenderAepComp, Folder) - admin resource proxy: add PATCH passthrough Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 14:26:44 +03:30
soroush.asadi	cd95ca2c6f	fix(gateway/services): admin node/render pages 500 — redirect loop + is_admin claim ... - gateway proxy: trim trailing slash before forwarding upstream. gin's RedirectTrailingSlash adds /nodes → /nodes/ while render-svc redirects /nodes/ → /nodes, forming an infinite redirect loop (admin pages 500'd) - accept is_admin as bool OR string "true" in render/file/notification/gateway auth middleware (identity emits it as a string) — admin endpoints were 403'ing Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 11:26:44 +03:30
soroush.asadi	3fc7bf2b97	feat: AI SEO generator, full admin panel, i18n sweep, new logo + auth/RTL fixes ... AI SEO content generator - content-svc: per-tenant OpenAI config (ai_settings) + /v1/ai endpoints (settings GET/PUT, seo-post) with SEO-expert prompt → structured article - admin UI to configure token/base-url/model and generate + save as blog - configurable base URL for restricted networks Full data-driven admin panel - generic /api/admin/resource proxy + reusable AdminResource component - categories/tags/fonts/blogs (CRUD), users (list + ban), plans/slides - AI content section; nav + i18n i18n localization sweep - localized 116 user-facing + studio/editor components to next-intl (fa+en) under the auto.* namespace; merge tooling in scripts/merge-i18n.js Branding + assets - Monoline F logo (LogoMark + favicon) - offline SVG placeholder generator (/api/placeholder), dropped picsum.photos Fixes - JWT issuer mismatch on content/studio (flatrender → flatrender-identity) - missing role claim → [Authorize(Roles="Admin")] now works (RBAC) - Secure cookies broke HTTP sessions → gated behind AUTH_COOKIE_SECURE - Radix RTL via DirectionProvider (right-aligned menus in fa) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 09:35:14 +03:30
soroush.asadi	bcc69f0a2e	feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset ... Node-agent — full render pipeline (items 1-3): - render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET, 2h TTL, path=templates/{original_project_id}/template.aep) - render-svc: POST /v1/internal/render/jobs/:id/output-upload-url allocates Export row + returns presigned MinIO PUT URL + export_id - render-svc: db.CreateExportForJob() inserts export row with 30-day retention - render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket) MINIO_TEMPLATES_BUCKET env var (default flatrender-templates) - node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only) - node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field - node-agent: runJob() full flow: download AEP → render → get upload URL → PUT output to MinIO → Complete(export_id) All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export) TLS reverse proxy (item 15): - Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN) auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API - docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp, caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL - .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries Billing portal (item 5): - Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false (access continues to expiry); 404 when no active plan - POST /api/billing/cancel — frontend proxy, validates auth - GET /api/billing/portal — redirects to /dashboard/settings?tab=billing - SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI, "Change plan" button; becomes "use client" component Password reset UI (item 7): - POST /api/auth/password-reset — proxies /v1/auth/password/reset/request (always 200, anti-enumeration) - POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm - AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow (email → OTP+new-password) without leaving the auth page Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 16:41:13 +03:30
soroush.asadi	d7743a6fbe	feat: live render preview — node agent pushes PNG frames, frontend displays them in real time ... render-svc: - db.UpdateJobPreview(): writes base64 PNG to render_jobs.image_preview_b64 (only on active jobs; Done/Failed/Cancelled rows ignored) - POST /v1/internal/render/jobs/:job_id/preview — node agent endpoint - Route registered under /v1/internal (nodeAuth) node-agent: - runner.PreviewFn callback type alongside ProgressFn - runner.preview.go: GeneratePreviewB64(percent, quality, resolution) — pure stdlib (image/png + encoding/base64), no external deps — 320×180 dark frame with animated progress bar + colored indicator dots - mock render: pushes a preview frame at every step (5→95%) - real AE render: pushes a preview frame every 30s - client.UpdatePreview(): POST /v1/internal/render/jobs/:job_id/preview - main.go: onPreview callback wires client.UpdatePreview() into runner.Run() frontend: - render-jobs.ts: RenderJobRow.preview_b64 field; read from progress endpoint - status/route.ts: previewB64 included in JSON response - RenderModal: aspect-ratio preview pane during polling — shows spinner until first frame arrives, then live-updates with each poll (every 3s); step label overlaid as badge bottom-right Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 09:42:03 +03:30
soroush.asadi	ee421ccc68	feat(render-svc+node-agent): add job-claim endpoint and build node-agent skeleton ... render-svc: - db: ClaimJob() — atomic SELECT FOR UPDATE SKIP LOCKED; transitions job to Preparing, marks node Busy in a single transaction - models: ClaimJobRequest + ClaimedJob types - handlers/internal: POST /v1/internal/render/jobs/claim — 200 with job or 204 when queue empty - main: register the claim route under /v1/internal (nodeAuth) services/node-agent/ (new Go module github.com/flatrender/node-agent): - internal/config: env-var based config (NODE_ID required, sensible defaults) - internal/client: typed orchestrator HTTP client (Online, Heartbeat, ClaimJob, Complete, Fail, ReportCrash) — X-Node-Signature auth - internal/runner: AE render via aerender.exe or mock (for dev without AE) - cmd/agent/main: register online → heartbeat loop (5s) + poll loop (3s) → claim job → run render → report complete/fail; health endpoint on :7777 - Dockerfile: cross-compiles to Windows amd64 static binary Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 09:28:31 +03:30
soroush.asadi	7f03ad1d03	chore: add demo content seed for V2 content service ... Idempotent SQL seed (deterministic UUIDs, ON CONFLICT DO NOTHING) that inserts 4 categories and 8 published template containers linked to them, so the public site shows real data through the gateway /v1/* routes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-30 05:22:47 +03:30
soroush.asadi	8b86f17645	fix: make plans list public, fix frontend healthcheck IPv6 ... PlansController had a class-level [Authorize] that gated the public plans list, contradicting the gateway's optionalAuth on /plans. Mark List/GetById [AllowAnonymous] and resolve tenant optionally so anonymous callers receive global plans (purchase/current-plan stay authenticated). Frontend container stayed "unhealthy" because busybox wget resolves localhost to IPv6 [::1] while the Next.js standalone server binds IPv4 only. Use 127.0.0.1 in the healthcheck. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-30 00:24:53 +03:30
soroush.asadi	90ac0b81d1	feat: V2 microservices stack — backend services, gateway, JWT auth ... Add full V2 architecture: identity, content, studio (.NET 10) and file, render, notification, gateway (Go) services with vendored deps, plus DB migrations, event/API contracts, and an init-db script. Wire the Next.js frontend to the gateway: server-side JWT auth routes (login/register/refresh/logout/me), gateway fetch helper, and session/ cookie/jwt helpers under src/lib. Containerize the stack via docker-compose.v2.yml and per-service Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via next/font/local to avoid Google Fonts (geo-blocked). Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-29 23:29:31 +03:30