8 Commits

Author	SHA1	Message	Date
soroush.asadi	6661f53734	fix(scan): Fix-mode scanner + dialog suppression + cancel/timer + importer revive ... - scan.jsx: app.beginSuppressDialogs() + clean quit (no AE hang on font/footage dialogs); FIX-mode branch parses frl_c(x)t/m(y) layer names → scenes by c(x); flexible/mockup keep comp-based walk; FR_SCAN_MODE selects. - render-svc: scan job carries project mode; cancel endpoint + node watchdog that kills AE on cancel; parseObjectURL handles minio:// (bucket in host); scan with no template fails cleanly; status guards so late results can't un-cancel. - content importer: revive soft-deleted scenes instead of duplicate-inserting (fixes scenes_project_id_key unique violation); orphan diff ignores deleted. - admin: scan dialog gets project-type picker + elapsed timer + Cancel button. - node-agent: AE-2026 wiring (host port 5010, host-reachable presign endpoint), FR_SCAN_MODE plumbing. docs/aep-template-convention.md: per-type naming + bundles. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 19:06:08 +03:30
soroush.asadi	1f52f53cf7	feat(render+identity): daily render-limit — consume on submit, refund on admin-stop ... Business rule: each user has a daily render limit. Admin-stop refunds the used charge (not the user's fault); a user's own cancel does not. - identity: ConsumeRenderChargeAsync / RefundRenderChargeAsync on DailyRemainRenderCount with lazy daily reset (mig 24: daily_renders_reset_at). Convention: max=0 ⇒ UNLIMITED, so existing 0/0 users keep rendering until an admin sets a real limit. - identity InternalController (service-token): POST /v1/internal/render-charge/{consume,refund} - render-svc: identityclient + on Create consume (block 429 when limit reached, fail-open on identity outage); on admin Stop refund the job owner; user /cancel unchanged - compose: IDENTITY_URL for render-svc, ServiceToken for identity-svc Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-03 02:18:00 +03:30
soroush.asadi	163f0c9ec3	feat(admin): media library + upload component (replace URL fields) ... - /admin/files Media Library: drag-drop multi-upload, thumbnails, copy-URL, delete - FileUploadField replaces raw URL inputs; new "image" field type in AdminResource; wired into category image - upload proxy /api/admin/files/upload: browser → Next → presigned PUT (server-side, reaches minio:9000) → confirm → returns public URL - user-uploads bucket is public-read; public base via NEXT_PUBLIC_MINIO_URL Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 14:55:52 +03:30
soroush.asadi	3fc7bf2b97	feat: AI SEO generator, full admin panel, i18n sweep, new logo + auth/RTL fixes ... AI SEO content generator - content-svc: per-tenant OpenAI config (ai_settings) + /v1/ai endpoints (settings GET/PUT, seo-post) with SEO-expert prompt → structured article - admin UI to configure token/base-url/model and generate + save as blog - configurable base URL for restricted networks Full data-driven admin panel - generic /api/admin/resource proxy + reusable AdminResource component - categories/tags/fonts/blogs (CRUD), users (list + ban), plans/slides - AI content section; nav + i18n i18n localization sweep - localized 116 user-facing + studio/editor components to next-intl (fa+en) under the auto.* namespace; merge tooling in scripts/merge-i18n.js Branding + assets - Monoline F logo (LogoMark + favicon) - offline SVG placeholder generator (/api/placeholder), dropped picsum.photos Fixes - JWT issuer mismatch on content/studio (flatrender → flatrender-identity) - missing role claim → [Authorize(Roles="Admin")] now works (RBAC) - Secure cookies broke HTTP sessions → gated behind AUTH_COOKIE_SECURE - Radix RTL via DirectionProvider (right-aligned menus in fa) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 09:35:14 +03:30
soroush.asadi	bcc69f0a2e	feat: complete node-agent pipeline, TLS proxy, billing cancel, password reset ... Node-agent — full render pipeline (items 1-3): - render-svc: ClaimedJob now includes aep_download_url (presigned MinIO GET, 2h TTL, path=templates/{original_project_id}/template.aep) - render-svc: POST /v1/internal/render/jobs/:id/output-upload-url allocates Export row + returns presigned MinIO PUT URL + export_id - render-svc: db.CreateExportForJob() inserts export row with 30-day retention - render-svc: InternalHandler now owns minio client (templatesBucket + exportsBucket) MINIO_TEMPLATES_BUCKET env var (default flatrender-templates) - node-agent: runner/download.go — DownloadFile() + UploadFile() (stdlib only) - node-agent: client.GetOutputUploadURL() + ClaimedJob.AEPDownloadURL field - node-agent: runJob() full flow: download AEP → render → get upload URL → PUT output to MinIO → Complete(export_id) All steps are non-fatal with fallback (AEP miss → mock, upload fail → no export) TLS reverse proxy (item 15): - Caddyfile: three virtual hosts (DOMAIN, API_DOMAIN, STORAGE_DOMAIN) auto-TLS via Let's Encrypt; security headers; 512MB upload limit on API - docker-compose.v2.yml: caddy:2-alpine service, ports 80/443/443udp, caddy_data + caddy_config volumes; env vars DOMAIN/API_DOMAIN/STORAGE_DOMAIN/ACME_EMAIL - .env.v2.example: new Caddy + MINIO_TEMPLATES_BUCKET entries Billing portal (item 5): - Identity: POST /v1/users/me/plan/cancel — sets cancelled_at, auto_renew=false (access continues to expiry); 404 when no active plan - POST /api/billing/cancel — frontend proxy, validates auth - GET /api/billing/portal — redirects to /dashboard/settings?tab=billing - SettingsBilling: "Cancel plan" button with confirm dialog + optimistic UI, "Change plan" button; becomes "use client" component Password reset UI (item 7): - POST /api/auth/password-reset — proxies /v1/auth/password/reset/request (always 200, anti-enumeration) - POST /api/auth/password-reset-confirm — proxies /v1/auth/password/reset/confirm - AuthPageContent: "Forgot password?" link on sign-in tab opens 2-step reset flow (email → OTP+new-password) without leaving the auth page Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 16:41:13 +03:30
soroush.asadi	541e935418	chore: remove dead Supabase/Stripe env vars from docker-compose and env example ... Frontend build args and runtime env no longer need NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET — all replaced by V2 gateway. .env.v2.example updated to reflect the current V2-only config. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 09:15:02 +03:30
soroush.asadi	8b86f17645	fix: make plans list public, fix frontend healthcheck IPv6 ... PlansController had a class-level [Authorize] that gated the public plans list, contradicting the gateway's optionalAuth on /plans. Mark List/GetById [AllowAnonymous] and resolve tenant optionally so anonymous callers receive global plans (purchase/current-plan stay authenticated). Frontend container stayed "unhealthy" because busybox wget resolves localhost to IPv6 [::1] while the Next.js standalone server binds IPv4 only. Use 127.0.0.1 in the healthcheck. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-30 00:24:53 +03:30
soroush.asadi	90ac0b81d1	feat: V2 microservices stack — backend services, gateway, JWT auth ... Add full V2 architecture: identity, content, studio (.NET 10) and file, render, notification, gateway (Go) services with vendored deps, plus DB migrations, event/API contracts, and an init-db script. Wire the Next.js frontend to the gateway: server-side JWT auth routes (login/register/refresh/logout/me), gateway fetch helper, and session/ cookie/jwt helpers under src/lib. Containerize the stack via docker-compose.v2.yml and per-service Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via next/font/local to avoid Google Fonts (geo-blocked). Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-29 23:29:31 +03:30