The nested positional record ChargeReq(Guid UserId) failed System.Text.Json
binding under the snake_case policy (400). Use a plain class with a settable
property. Verified: consume decrements + blocks at 0, refund restores, bad
service token → 401.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Business rule: each user has a daily render limit. Admin-stop refunds the used
charge (not the user's fault); a user's own cancel does not.
- identity: ConsumeRenderChargeAsync / RefundRenderChargeAsync on DailyRemainRenderCount
with lazy daily reset (mig 24: daily_renders_reset_at). Convention: max=0 ⇒ UNLIMITED,
so existing 0/0 users keep rendering until an admin sets a real limit.
- identity InternalController (service-token): POST /v1/internal/render-charge/{consume,refund}
- render-svc: identityclient + on Create consume (block 429 when limit reached, fail-open
on identity outage); on admin Stop refund the job owner; user /cancel unchanged
- compose: IDENTITY_URL for render-svc, ServiceToken for identity-svc
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
EF Core can't translate a conditional Count(predicate) inside a grouped Select;
fetch flat rows then group/aggregate in memory.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Final legacy-admin items:
- identity GET /v1/admin/plan-statistics (active/total users + revenue per plan
from user_plans); surfaced as a breakdown table in /admin/stats
- NodesTable: wire Restart + Close-AE actions (backend already supported them) via
new proxy routes; was only drain/release before
Full DivineGateWeb legacy-admin parity achieved.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Closes the remaining legacy-admin gaps:
- Users «مدیریت» modal: create personal discount or affiliate code (owner_user_id +
owner_profit_percentage on existing /v1/discounts), and view the user's saved
projects ("videos") via new admin GET /v1/saved-projects/by-user/{id} (studio)
- Internal routes admin (/admin/routes): CRUD on content.internal_routes
(RoutesController + CmsService + gateway /v1/routes/*)
- Security: lock identity UsersController Search + Ban to [Authorize(Roles="Admin")]
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- /admin/music: list / upload / delete studio audio tracks (content-svc
GET/POST/DELETE /v1/music) — fills the legacy music-library gap
- fix: CRM analytics coerced query-bound dates to UTC (Npgsql timestamptz
rejects Kind=Unspecified) — endpoint was returning 400
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
PlansController had a class-level [Authorize] that gated the public
plans list, contradicting the gateway's optionalAuth on /plans. Mark
List/GetById [AllowAnonymous] and resolve tenant optionally so
anonymous callers receive global plans (purchase/current-plan stay
authenticated).
Frontend container stayed "unhealthy" because busybox wget resolves
localhost to IPv6 [::1] while the Next.js standalone server binds
IPv4 only. Use 127.0.0.1 in the healthcheck.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.
Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.
Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).
Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
soroush.asadi