RateLimitService could not be injected into feature modules due to
NestJS DI module isolation. Replaced with a global Guard that uses
@RateLimit() decorator metadata to apply per-endpoint limits.
- RateLimitGuard: checks Redis counters, throws 429 on exceed
- Decorators: LoginRateLimit, FeedbackRateLimit, AiAnalysisRateLimit,
FileUploadRateLimit
- Applied to: auth (login), feedback, ai-analysis, files endpoints
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
B12: AI analysis now async — POST /ai-analysis queues job, returns immediately.
Worker supports both active-recall and feynman-evaluation types.
B13: DocumentImportWorker fully implemented — all processing moved from
service to worker. Service only queues and returns.
B14: NotificationWorker already complete (no changes needed).
B15: All 3 workers now fully functional.
New endpoint: GET /ai-analysis/jobs/:id for job status polling.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
B7 Feynman evaluation: POST /ai-analysis/feynman
B8 Knowledge import: replaces DocumentImport setTimeout mock with AI
B9 Review card generation: POST /reviews/generate-cards
B10 Learning trend analysis: GET /activity/trend
4 workflows, 4 prompts, 4 schemas, all registered in AiModule.
AiAnalysisRepository made generic to handle varied result shapes.
DocumentImportService now calls KnowledgeImportWorkflow + saves to DB.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ioredis with lazyConnect: true requires explicit .connect() — without it
the client never connects and isHealthy() always returns false.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Split AuthService into AppleAuthService, TokenService, AuthService
- Add dev-login endpoint (dev-only, disabled in production)
- AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce
- Login/refresh responses now include user object
- logout: single-token revoke + JwtAuthGuard protection
- users.repository: switch from in-memory Map to Prisma persistence
- JWT payload includes role, guards attach full user info to request
- Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET)
- Replace jwks-rsa+jsonwebtoken with jose library
- Prisma User model: add role field
- Independent DTO files with @Transform for empty string safety
- Add 5 iOS login flow documentation files
