api-server

Author	SHA1	Message	Date
WangDL	ad6112f4ab	fix: use wangdl.pem for 4-core SSH All checks were successful Deploy API Server / build-and-deploy (push) Successful in 38s Details	2026-05-22 13:31:45 +08:00
WangDL	f30a446bd5	feat: server metrics API — local os + remote SSH All checks were successful Deploy API Server / build-and-deploy (push) Successful in 38s Details	2026-05-22 13:30:44 +08:00
WangDL	c31725433d	feat: runs + SSE streaming proxy from Hermes /v1/runs All checks were successful Deploy API Server / build-and-deploy (push) Successful in 39s Details	2026-05-22 11:29:22 +08:00
WangDL	aa0575b71b	fix: normalize IP by stripping ::ffff: prefix All checks were successful Deploy API Server / build-and-deploy (push) Successful in 36s Details	2026-05-22 11:23:06 +08:00
WangDL	f2d3f3f13f	feat: add AdminMessage persistence + conversation title auto-set + messages API Some checks failed Deploy API Server / build-and-deploy (push) Failing after 21s Details	2026-05-22 11:03:24 +08:00
WangDL	73e52d2201	fix: add validation decorators to conversation DTO All checks were successful Deploy API Server / build-and-deploy (push) Successful in 38s Details	2026-05-22 10:49:27 +08:00
WangDL	f20bdc0d7a	feat: add conversation management — sessionId + X-Hermes-Session-Id + CRUD All checks were successful Deploy API Server / build-and-deploy (push) Successful in 37s Details	2026-05-22 10:43:18 +08:00
WangDL	3b42a8618a	refactor: remove hardcoded system prompt — let Hermes handle natively All checks were successful Deploy API Server / build-and-deploy (push) Successful in 40s Details	2026-05-22 10:28:41 +08:00
WangDL	c2e8f92abe	refactor: remove DeepSeek fallback — Hermes only; fail fast on error All checks were successful Deploy API Server / build-and-deploy (push) Successful in 39s Details	2026-05-22 10:10:11 +08:00
WangDL	34774e5325	fix: type cast messages for DeepSeekProvider compatibility All checks were successful Deploy API Server / build-and-deploy (push) Successful in 12s Details	2026-05-22 00:28:12 +08:00
WangDL	a550ce2e67	feat: route admin chat through Hermes Agent API (DeepSeek fallback) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 11s Details	2026-05-22 00:20:34 +08:00
WangDL	2b0bc92ebb	feat: add hermes dashboard config endpoint to admin-ai-chat All checks were successful Deploy API Server / build-and-deploy (push) Successful in 12s Details	2026-05-22 00:02:14 +08:00
WangDL	f2d1c16299	fix: correct AdminRole import path in admin-ai-chat controller All checks were successful Deploy API Server / build-and-deploy (push) Successful in 9s Details	2026-05-21 23:58:56 +08:00
WangDL	017d78a8d6	fix: add admin-ai-chat module + fix AdminUsersModule PasswordService dependency All checks were successful Deploy API Server / build-and-deploy (push) Successful in 11s Details	2026-05-21 23:57:59 +08:00
WangDL	b8a1fb0921	feat: add admin backend modules — dashboard, audit-log, admin-users All checks were successful Deploy API Server / build-and-deploy (push) Successful in 10s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 17:22:48 +08:00
WangDL	5a7c21dd60	feat: implement complete admin authentication system All checks were successful Deploy API Server / build-and-deploy (push) Successful in 9s Details - Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy - Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT) - Add AdminAuthService: login/lockout/refresh/logout with audit logging - Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me} - Add AdminAuthGuard: validates type=admin, user status, session, lockout - Add AdminRolesGuard + @AdminRoles() decorator for RBAC - Add AdminAuditService for audit log persistence - Add AdminLoginRateLimit (10 req/15min per IP) - Add prisma/seed.ts for SUPER_ADMIN initialization via env vars - Update JwtAuthGuard to skip /admin-api/* and /internal/* paths - Update main.ts to exclude admin-api/internal from global 'api' prefix - Update jwt.config.ts with admin JWT secrets and expiry config Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 15:05:31 +08:00
WangDL	7e1f5c0e9b	fix: 内部 RAG API 标记 @Public 绕过 JWT 认证 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 56s Details	2026-05-19 22:39:05 +08:00
WangDL	a0fafd0452	fix: TypeScript null check for RAG internal controller All checks were successful Deploy API Server / build-and-deploy (push) Successful in 55s Details	2026-05-19 22:36:18 +08:00
WangDL	fbdae9078f	feat: Python RAG Worker + NestJS 内部 API（文档解析/切片/embedding/Qdrant/候选生成） Some checks failed Deploy API Server / build-and-deploy (push) Failing after 22s Details	2026-05-19 22:35:12 +08:00
WangDL	c149b96b04	fix: 完善 DocumentImport 仓库，支持新字段 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 55s Details	2026-05-19 22:21:47 +08:00
WangDL	9c161db26b	feat: KnowledgeSource 和 ImportCandidate 模块 Some checks failed Deploy API Server / build-and-deploy (push) Failing after 22s Details	2026-05-19 22:20:29 +08:00
WangDL	82fcaa1f2f	fix: replace RateLimitService with global RateLimitGuard All checks were successful Deploy API Server / build-and-deploy (push) Successful in 59s Details RateLimitService could not be injected into feature modules due to NestJS DI module isolation. Replaced with a global Guard that uses @RateLimit() decorator metadata to apply per-endpoint limits. - RateLimitGuard: checks Redis counters, throws 429 on exceed - Decorators: LoginRateLimit, FeedbackRateLimit, AiAnalysisRateLimit, FileUploadRateLimit - Applied to: auth (login), feedback, ai-analysis, files endpoints Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 10:23:19 +08:00
WangDL	b1a6160d29	feat: implement P1 async — AI analysis + document import via BullMQ workers All checks were successful Deploy API Server / build-and-deploy (push) Successful in 59s Details B12: AI analysis now async — POST /ai-analysis queues job, returns immediately. Worker supports both active-recall and feynman-evaluation types. B13: DocumentImportWorker fully implemented — all processing moved from service to worker. Service only queues and returns. B14: NotificationWorker already complete (no changes needed). B15: All 3 workers now fully functional. New endpoint: GET /ai-analysis/jobs/:id for job status polling. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 10:17:06 +08:00
WangDL	597c7b2310	feat: implement P1 AI workflows (B7-B10) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 59s Details B7 Feynman evaluation: POST /ai-analysis/feynman B8 Knowledge import: replaces DocumentImport setTimeout mock with AI B9 Review card generation: POST /reviews/generate-cards B10 Learning trend analysis: GET /activity/trend 4 workflows, 4 prompts, 4 schemas, all registered in AiModule. AiAnalysisRepository made generic to handle varied result shapes. DocumentImportService now calls KnowledgeImportWorkflow + saves to DB. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 10:07:57 +08:00
WangDL	3137d58a5d	fix: 移除 FilesService 中的 RateLimitService 注入 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 56s Details RateLimitService 未在 @Global Module 中，feature module 无法注入。限流后续通过 Guard/Interceptor 统一处理。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 22:52:27 +08:00
WangDL	ca90d34b22	fix: 将 RateLimitService 注入从 StorageService 移到 FilesService Some checks failed Deploy API Server / build-and-deploy (push) Failing after 56s Details StorageService 在 @Global StorageModule 中，无法注入 AppModule 的 RateLimitService。将限流调用上移到 FilesService.requestUploadUrl 中。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 22:50:31 +08:00
WangDL	6d7cbffc3b	feat: COS 对象存储接入 — CosStorageProvider + FilesModule Some checks failed Deploy API Server / build-and-deploy (push) Failing after 3m0s Details - 安装 cos-nodejs-sdk-v5，封装 CosStorageProvider（upload/download/delete/healthCheck） - 重写 StorageService，新增 createUploadUrl/verifyUpload/getDownloadUrl/deleteObject - 创建 FilesModule：POST /files/upload-url, POST /files/complete, GET /files/:id, DELETE /files/:id - UploadedFile 新增 objectKey/bucket 字段 - 对象键格式 {userId}/{YYYYMM}/{sanitizedName}.{ext} - 接入文件类型校验（ALLOWED_FILE_TYPES）+ 上传限流（10次/小时/用户） - 配置文件 cos.longde.cloud → zhixi-1259685406 / ap-guangzhou Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 22:30:14 +08:00
WangDL	08f31dd5b6	feat: P0 后端补全 — BullMQ Workers 注册 + 用户 Profile API + 角色权限 - AppModule 注册 3 个 BullMQ Workers (AiAnalysis/DocumentImport/Notification) - Users 模块新增 GET/PATCH /users/me/profile 端点: - GET 读取 UserProfile (learningIdentity, learningDirection, bio, currentGoal) - PATCH upsert UserProfile - GET /users/me 返回 profile + preferences (include join) - 新增 RolesGuard + @Roles() 装饰器 (UserRole enum) - QueueModule/QueueService 改进 - 各模块 controller/repository/service 完善 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 19:08:07 +08:00
WangDL	007b56dad5	feat: AI三层架构 + 全局JwtAuthGuard + 12个Repository迁Prisma All checks were successful Deploy API Server / build-and-deploy (push) Successful in 1m0s Details - AI: 新三层架构 Provider→Gateway→Workflow（15文件，DeepSeek+MiniMax） - Auth: 全局JwtAuthGuard + @Public()装饰器白名单路由 - DB: 12个Repository从Map/Array迁到Prisma - Schema: 新增AiUsageLog、WaitlistEntry模型 - API: /api-docs-json加Basic Auth保护 - 清理: 删除infrastructure/ai、docs/旧文档 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 00:39:46 +08:00
WangDL	fa69749884	refactor(auth): restructure auth system, align with iOS login flow spec - Split AuthService into AppleAuthService, TokenService, AuthService - Add dev-login endpoint (dev-only, disabled in production) - AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce - Login/refresh responses now include user object - logout: single-token revoke + JwtAuthGuard protection - users.repository: switch from in-memory Map to Prisma persistence - JWT payload includes role, guards attach full user info to request - Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET) - Replace jwks-rsa+jsonwebtoken with jose library - Prisma User model: add role field - Independent DTO files with @Transform for empty string safety - Add 5 iOS login flow documentation files	2026-05-13 17:31:50 +08:00
WangDL	77c62599b1	feat: Apple 登录真实验签 - jwks-rsa + jsonwebtoken 验签 Apple identityToken All checks were successful Deploy API Server / build-and-deploy (push) Successful in 2m13s Details	2026-05-13 15:35:41 +08:00
WangDL	be29a11a54	fix: mock 模式检查同时看 NODE_ENV 和 AI_PROVIDER Some checks failed Deploy API Server / build-and-deploy (push) Failing after 10m5s Details	2026-05-09 19:49:50 +08:00
WangDL	ef7c1f1bc9	feat: 安全基线 + 4个安全漏洞修复 - JWT AuthGuard/OptionalAuthGuard, StrictValidationPipe, 全局异常过滤器, Redis限流429, Apple登录mock模式, BigInt精度修复, SECURITY.md	2026-05-09 18:57:33 +08:00
WangDL	35de65e99b	feat: 重构 api-server 为模块化单体架构，接入 MySQL + Redis - 按 BACKEND-PLAN.md 将项目重构为 4 层架构: config/ -> common/ -> infrastructure/ -> modules/ - 15 个业务模块，遵循 Controller → Service → Repository 分层 - infrastructure: PrismaService / RedisService / QueueService / AiService / StorageService - common: guards / interceptors / filters / pipes / decorators / dto / types / utils - Prisma schema 含 27 张表，MySQL 8.0 服务器 db push 成功 - Redis 7 接入: 限流/任务状态/分布式锁/队列预留 - ai-analysis 模块: 每日 50 次限流 + 重复提交锁 + 异步任务状态追踪 - document-import 模块: 异步导入流程 + 进度追踪 - notifications 模块: BullMQ notification 队列预留 - /health 端点实时返回 database + redis 连接状态 - Swagger 注册 15 个 tag，67 个路由全部映射	2026-05-09 18:25:04 +08:00

34 Commits