feat(feedback): in-app user feedback with admin review and account roles
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
User-facing Feedback screen (Settings -> Info, registered accounts only): a message (<=1024 runes) plus one optional attachment, an anti-spam gate (one unreviewed message at a time), and the operator's inline reply with a Settings/Info badge. Server-rendered admin console section (/_gm/feedback): unread/read/archived queue with per-user search, detail with read/reply/ archive/delete/delete-all, safe attachment serving (nosniff, images inline via <img>, others download-only). Introduces account_roles, the first per-account role table; feedback_banned blocks only feedback submission, granted/revoked from /users and the delete-with-block action. - migration 00004_feedback (feedback_messages + account_roles) + jetgen - backend internal/feedback (store+service), internal/account/roles.go - wire: FlatBuffers feedback.submit/get/unread; gateway guest gate (Op.NonGuest, is_guest via session resolve) -> guest_forbidden before any backend call - reply push reuses NotificationEvent with a new admin_reply sub-kind - UI: /feedback route + screen, attachment picker, badge, channel detection, i18n - tests: feedback unit (Go+UI), gateway guest-gate, inttest lifecycle, e2e - docs: PLAN stage 19, ARCHITECTURE s15, FUNCTIONAL(+ru), TESTING, READMEs
This commit is contained in:
@@ -0,0 +1,29 @@
|
||||
// Feedback client-side limits and the attachment pre-upload gate. The gate is by
|
||||
// file extension only (the UI does not list the allowed types and never uploads a
|
||||
// rejected file); the server re-checks the same limits as the trust boundary.
|
||||
|
||||
/** MAX_BODY caps the feedback message length, in characters (matches the backend). */
|
||||
export const MAX_BODY = 1024;
|
||||
|
||||
/** MAX_ATTACHMENT_BYTES caps a single attachment's size (matches the backend). */
|
||||
export const MAX_ATTACHMENT_BYTES = 1_000_000;
|
||||
|
||||
// Allowed attachment extensions, mirrored from the backend allow-list.
|
||||
const ALLOWED_EXT = new Set([
|
||||
'png', 'jpg', 'jpeg', 'webp', 'gif', // images
|
||||
'pdf', 'txt', 'log', 'doc', 'docx', 'rtf', 'zip', 'gz', '7z',
|
||||
]);
|
||||
|
||||
/**
|
||||
* attachmentError validates a picked file by name and size, returning 'type' for a
|
||||
* disallowed (or missing) extension, 'size' for a too-large file, or '' when it is
|
||||
* acceptable. The caller shows a single generic "cannot attach" message regardless
|
||||
* of which non-empty reason it is, so the allowed types are never revealed.
|
||||
*/
|
||||
export function attachmentError(name: string, size: number): '' | 'type' | 'size' {
|
||||
const dot = name.lastIndexOf('.');
|
||||
const ext = dot >= 0 ? name.slice(dot + 1).toLowerCase() : '';
|
||||
if (!ext || !ALLOWED_EXT.has(ext)) return 'type';
|
||||
if (size > MAX_ATTACHMENT_BYTES) return 'size';
|
||||
return '';
|
||||
}
|
||||
Reference in New Issue
Block a user