The CI server can't reach dl-cdn.alpinelinux.org (TLS error) — only the Nexus
mirror is reachable, and it proxies Docker images, not apk packages.
- frontend: drop `apk add libc6-compat` (vestigial Next.js-template line; the
deps stage only runs `npm ci` and the build/runtime stages never had it).
- 5 Go services (file/gateway/notification/payment/render): replace
`apk add ca-certificates tzdata` with copying ca-certificates.crt from the
golang builder stage + embedding tzdata via `go build -tags timetzdata`.
No more apk -> no dependency on the Alpine CDN.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
mirror.soroushasadi.com serves only cached images (node:20 resolved, golang:1.25
was 'not found' — too new to be cached, upstream can't back-fill). Point the Go
services' golang:1.25-alpine base at mirror.kargadan.ir per infra owner; alpine/
busybox/node/postgres/minio stay on soroushasadi (cached). GOPROXY already kargadan.
Docker Hub blocks Iran (403) on the BUILD base images too (golang/alpine/busybox/
node) once they fall out of cache. Prefix every Docker Hub FROM/COPY --from with
mirror.soroushasadi.com/ (MCR dotnet images are reachable, left as-is). Go builders
also set GOPROXY=mirror.kargadan.ir/repository/go-group/ + GOSUMDB=off so any module/
toolchain fetch avoids the geo-blocked proxy.golang.org.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per-scene preview thumbnails for templates. Admin clicks "ساخت پیشنمایش
صحنهها" → one single-frame AE render per scene → content.scenes.snapshot_url
→ shown as a thumbnail in the admin scene list (and available to the studio).
- migration 30_render_snapshot_jobs.sql: render.snapshot_jobs (queued|running|
done|error, per scene, image_url).
- render-svc: db/snapshotjobs.go (EnqueueSceneSnapshots, List, Claim, SetResult
-> writes content.scenes.snapshot_url cross-schema, SetError); handlers/
snapshotjobs.go (admin POST/GET /v1/scene-snapshots/:project_id + node-facing
internal claim/result/fail); main.go routes; gateway route.
- devworker: RunSnapshots — fulfils snapshot jobs with a generated placeholder
PNG (data: URL, scene-key-tinted) so the flow is verifiable without an AE node.
Gated by RENDER_DEV_SNAPSHOTS (default off; never hijacks real render jobs).
- admin UI: ProjectScenes "generate snapshots" button (enqueue + poll + reload)
and a thumbnail (snapshot_url || image) per scene row.
Verified e2e via the dev mock: enqueue -> jobs run -> content.scenes.snapshot_url
populated -> scenes API returns it -> admin renders the thumbnail.
Remaining (C2): node-agent real-AE runner — claim snapshot, aerender -s0 -e0 ->
ffmpeg still -> upload to a PERMANENT URL (mirror file-svc, not the time-limited
export presign) -> post result. Needs a live AE node to build + verify.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Epic A — admins author premade example videos per template; users pick one
on the template detail page to start a pre-filled project.
Backend (content-svc):
- PresetStory DTOs + PresetStoryService (admin CRUD + public published-only
filter via role check + soft-delete) + PresetStoriesController (/v1/preset-stories)
- DI registration; gateway route /v1/preset-stories (optionalAuth, public read)
Frontend:
- ProjectPresetStories admin authoring UI (name/description/demo upload/published/
sort + scene picker with order+duration + advanced scenes_spa); «ویدیوهای نمونه»
button + modal in ProjectsAdmin
- TemplateDetailExamples renders real published stories (image/video preview,
hover → "use this example" → creates a pre-bound project), falls back to
placeholders when none; selected aspect's variant id keys the fetch
- public /api/preset-stories route; preset_story_id plumbed through
createProjectFromTemplate + projects POST route; usePreset i18n (fa+en)
Verified: full CRUD via gateway (public hides unpublished); creating a project
with presetStoryId persists selected_preset_story_id on the saved project.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Scene content elements (the editable Text/Media/Color/… inputs inside a scene)
had no CRUD — only AEP-import created them, so admins couldn't define or edit
them. Added full management:
content-svc:
- SceneElementsController: GET/POST/PUT/DELETE /v1/scene-elements?scene_id=
- SceneColorService: Get/Create/Update/DeleteContentElementAsync
- ContentElementResponse + SaveContentElementRequest (key, title, type,
default_value, hint, position, text-box/font/media flags)
gateway: route /v1/scene-elements/*path → content
frontend: SceneColorEditor scenes tab → per-scene "ورودیها" expander with full
add/edit/delete of inputs (15 element types: Text/Media/Color/Number/…)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The admin render queue called the user-scoped /v1/renders (so it only showed the
admin's own jobs) and parsed items/total instead of data/meta (→ always empty).
- render-svc: GET /v1/admin-renders (admin) → ListAllJobs across users, optional
?status= filter; gateway-wired
- admin renders page now fetches /v1/admin-renders and reads data/meta correctly
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- render-svc: admin-scoped store (ListAllExports / GetExportByIDAny /
SoftDeleteExportAny) + GET/DELETE/download-url under /v1/admin-exports
(admin-gated; separate prefix so it routes to render, not identity's /admin)
- gateway: /v1/admin-exports/* → render
- admin /admin/exports: paginated table of every rendered export with thumbnail,
type/quality, size, duration, dimensions, produce + expiry dates; download
(presigned URL) and delete
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Push a font once → every node installs it → admin sees per-node status.
- render-svc: font_requests + node_fonts tables (mig 25); admin GET/POST/DELETE
/v1/node-fonts (with per-node status matrix); internal (HMAC) GET pending +
POST status for node-agents
- node-agent: fontSyncLoop polls pending fonts every 60s, downloads, installs
(Windows Fonts dir + registry / macOS / linux fc-cache), reports Installed/Failed
- gateway: /v1/node-fonts/* → render
- admin /admin/node-fonts: upload a .ttf/.otf → install on all nodes; per-node
Installed/Pending/Failed badges + counts + delete
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Closes the remaining legacy-admin gaps:
- Users «مدیریت» modal: create personal discount or affiliate code (owner_user_id +
owner_profit_percentage on existing /v1/discounts), and view the user's saved
projects ("videos") via new admin GET /v1/saved-projects/by-user/{id} (studio)
- Internal routes admin (/admin/routes): CRUD on content.internal_routes
(RoutesController + CmsService + gateway /v1/routes/*)
- Security: lock identity UsersController Search + Ban to [Authorize(Roles="Admin")]
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Completes the content backend for the studio building blocks (all project-scoped):
- GET /v1/scenes?project_id= + POST/PUT/DELETE (scene metadata CRUD)
- GET /v1/shared-colors?project_id= + POST/PUT/DELETE
- GET /v1/color-presets?project_id= + POST/PUT/DELETE (palette + items)
SceneColorService + DTOs; reads open, writes [Authorize(Roles=Admin)].
Gateway routes /v1/{scenes,shared-colors,color-presets}/* → content.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- gateway proxy: trim trailing slash before forwarding upstream. gin's
RedirectTrailingSlash adds /nodes → /nodes/ while render-svc redirects
/nodes/ → /nodes, forming an infinite redirect loop (admin pages 500'd)
- accept is_admin as bool OR string "true" in render/file/notification/gateway
auth middleware (identity emits it as a string) — admin endpoints were 403'ing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.
Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.
Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).
Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
soroush.asadi