refactor poll and lottery forms, add poll notifications

fix: checked修改为false
fix: 投票模块采用clientOnly
2026-02-06 23:21:16 +08:00 · 2025-08-31 01:49:37 +08:00 · 2025-08-31 01:21:52 +08:00 · 2025-08-31 01:19:48 +08:00 · 2025-08-31 01:05:00 +08:00 · 2025-08-31 00:14:38 +08:00
184 changed files with 12566 additions and 2613 deletions
--- a/.github/ISSUE_TEMPLATE/新功能建议.md
+++ b/.github/ISSUE_TEMPLATE/新功能建议.md
@@ -0,0 +1,20 @@
+---
+name: 新功能建议
+about: 请为该项目提出一个想法
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**你的功能请求是否与某个问题相关？请描述。**
+请清晰、简洁地说明问题。例如：“我经常因为……而感到困扰。”
+
+**你期望的解决方案**
+请清晰、简洁地描述你希望发生的事情/功能如何工作。
+
+**你考虑过的替代方案**
+请清晰、简洁地说明你已考虑过的其他解决方案或功能。
+
+**其他上下文**
+在此添加与功能请求相关的其他信息或截图。
--- a/.github/ISSUE_TEMPLATE/错误-bug报告.md
+++ b/.github/ISSUE_TEMPLATE/错误-bug报告.md
@@ -0,0 +1,41 @@
+---
+name: 错误/Bug报告
+about: 创建报告以帮助我们改进
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**描述 Bug**
+对该 Bug 进行清晰简明的描述。
+
+**复现步骤**
+复现该问题的步骤：
+
+1. 进入 '...'
+2. 点击 '...'
+3. 下拉到 '...'
+4. 看到错误
+
+**预期行为**
+清晰简明地描述你期望发生的情况。
+
+**截图**
+如果适用，请添加截图以帮助解释问题。
+
+**桌面端（请完成以下信息）：**
+
+* 操作系统：\[例如 iOS]
+* 浏览器：\[例如 Chrome、Safari]
+* 版本：\[例如 22]
+
+**移动端（请完成以下信息）：**
+
+* 设备：\[例如 iPhone6]
+* 操作系统：\[例如 iOS8.1]
+* 浏览器：\[例如 系统自带浏览器、Safari]
+* 版本：\[例如 22]
+
+**附加上下文**
+在此添加与问题相关的其他上下文信息。
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 npx lint-staged
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,32 @@
+# OpenIsle Code of Conduct
+
+Like the technical community as a whole, the OpenIsle team and community is made up of a mixture of professionals and volunteers from all over the world, working on every aspect of the mission - including mentorship, teaching, and connecting people.
+
+Diversity is one of our huge strengths, but it can also lead to communication issues and unhappiness. To that end, we have a few ground rules that we ask people to adhere to. This code applies equally to founders, mentors and those seeking help and guidance.
+
+This isn’t an exhaustive list of things that you can’t do. Rather, take it in the spirit in which it’s intended - a guide to make it easier to enrich all of us and the technical communities in which we participate.
+
+This code of conduct applies to all spaces managed by the OpenIsle project or . This includes IRC, the mailing lists, the issue tracker, DSF events, and any other forums created by the project team which the community uses for communication. In addition, violations of this code outside these spaces may affect a person's ability to participate within them.
+
+If you believe someone is violating the code of conduct, we ask that you report it by emailing [](mailto:). For more details please see our 
+
+- **Be friendly and patient.**
+- **Be welcoming.** We strive to be a community that welcomes and supports people of all backgrounds and identities. This includes, but is not limited to members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion, and mental and physical ability.
+- **Be considerate.** Your work will be used by other people, and you in turn will depend on the work of others. Any decision you take will affect users and colleagues, and you should take those consequences into account when making decisions. Remember that we're a world-wide community, so you might not be communicating in someone else's primary language.
+- **Be respectful.** Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one. Members of the OpenIsle community should be respectful when dealing with other members as well as with people outside the OpenIsle community.
+- **Be careful in the words that you choose.** We are a community of professionals, and we conduct ourselves professionally. Be kind to others. Do not insult or put down other participants. Harassment and other exclusionary behavior aren't acceptable. This includes, but is not limited to: 
+ - Violent threats or language directed against another person.
+ - Discriminatory jokes and language.
+ - Posting sexually explicit or violent material.
+ - Posting (or threatening to post) other people's personally identifying information ("doxing").
+ - Personal insults, especially those using racist or sexist terms.
+ - Unwelcome sexual attention.
+ - Advocating for, or encouraging, any of the above behavior.
+ - Repeated harassment of others. In general, if someone asks you to stop, then stop.
+- **When we disagree, try to understand why.** Disagreements, both social and technical, happen all the time and OpenIsle is no exception. It is important that we resolve disagreements and differing views constructively. Remember that we’re different. The strength of OpenIsle comes from its varied community, people from a wide range of backgrounds. Different people have different perspectives on issues. Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it is human to err and blaming each other doesn’t get us anywhere. Instead, focus on helping to resolve issues and learning from mistakes.
+
+Original text courtesy of the [Speak Up! project](http://web.archive.org/web/20141109123859/http://speakup.io/coc.html).
+
+## Questions?
+
+If you have questions, please see . If that doesn't answer your questions, feel free to [contact us](mailto:).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,118 @@
+#### **⚠️注意：仅想修改前端的朋友可不用部署后端服务**
+
+## 如何部署
+
+> Step1 先克隆仓库
+
+```shell
+git clone https://github.com/nagisa77/OpenIsle.git
+cd OpenIsle
+```
+
+> Step2 后端部署
+
+```shell
+cd backend
+```
+
+以IDEA编辑器为例，IDEA打开backend文件夹。
+
+- 设置VM Option，最好运行在其他端口，非8080，这里设置8081
+
+```shell
+-Dserver.port=8081
+```
+
+![CleanShot 2025-08-04 at 11 .35.49.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/4cf210cfc6ea478a80dfc744c85ccdc4.png)
+
+- 设置jdk版本为java 17
+
+![CleanShot 2025-08-04 at 11 .38.03@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/392eeec753ae436ca12a78f750dfea2d.png)
+
+- 本机配置MySQL服务（网上很多教程，忽略）
+- 设置环境变量.env 文件 或.properties 文件（二选一）
+
+1. 环境变量文件生成
+
+```shell
+cp open-isle.env.example open-isle.env
+```
+
+修改环境变量，留下需要的，比如你要开发Google登录业务，就需要谷歌相关的变量，数据库是一定要的
+
+![CleanShot 2025-08-04 at 11 .41.36@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/896c8363b6e64ea19d18c12ec4dae2b4.png)
+
+应用环境文件， 选择刚刚的`open-isle.env`
+
+![CleanShot 2025-08-04 at 11 .44.41.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/f588e37838014a6684c141605639b9fa.png)
+
+2. 直接修改 .properities 文件
+
+位置src/main/application.properties, 数据库需要修改标红处，其他按需修改
+
+![CleanShot 2025-08-04 at 11 .47.11@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/28c3104448a245419e0b06aee861abb4.png)
+
+处理完环境问题直接跑起来就能通了
+
+![CleanShot 2025-08-04 at 11 .49.01@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/2c945eae44b1477db09e80fc96b5e02d.png)
+
+> Step3 前端部署
+
+**⚠️ 环境要求：Node.js 版本最低 20.0.0（因为 Nuxt 框架要求）**
+
+前端可以依赖本机部署的后端，也可以直接调用线上的后端接口
+
+```shell
+cd ../frontend_nuxt/
+```
+
+copy环境.env文件
+
+```shell
+cp .env.staging.example .env
+```
+
+1. 依赖本机部署的后端：打开本文件夹，修改.env 修改为瞄准本机后端端口
+
+```yaml
+; 本地部署后端
+NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+2. 依赖预发环境后台环境
+
+**(⚠️强烈推荐只部署前端的朋友使用该环境)**
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+4. 依赖线上后台环境
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+```shell
+# 安装依赖
+npm install --verbose
+
+# 运行前端服务
+npm run dev
+```
+
+如此一来，浏览器访问 http://127.0.0.1:3000 即可访问前端页面
--- a/21
+++ b/21
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Tim
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -1,45 +1,18 @@
 <p align="center">
  <img alt="OpenIsle" src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png" width="200">
-  <br><br>
-  高效的开源社区前后端端平台
-  <br><br>
-  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square"></a>
+  <br>
+  高效的开源社区前后端平台
+  <br><br><br>
+  <img alt="Image" src="https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/22752cfac5a04a9c90c41995b9f55fed.png" width="1200">
 </p>

 ## 💡 简介

 OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台，提供用户注册、登录、贴文发布、评论交互等完整功能，可用于项目社区或直接打造自主社区站点。

-## 🚧 开发
+## 🚧 开发 & 部署

-### 后端
-
-1. 确保安装 JDK 17 及 Maven
-2. 信息配置修改 `src/main/resources/application.properties`，或通过环境变量设置数据库等参数
-3. 执行 `mvn clean package` 生成包，之后使用 `java -jar target/openisle-0.0.1-SNAPSHOT.jar`启动，或在开发时直接使用 `mvn spring-boot:run`
-
-### 前端
-
-1. 进入前端目录
-    ```bash
-    cd frontend_nuxt
-    ```
-2. 安装依赖
-    ```bash
-    npm install
-    ```
-3. 启动开发服务
-    ```bash
-    npm run dev
-    ```
-
-    生产版本使用如下命令编译：
-
-    ```bash
-    npm run build
-    ```
-
-    会在 `.output` 目录生成文件，配合线上网站方式部署
+详细见 [Contributing](https://github.com/nagisa77/OpenIsle?tab=contributing-ov-file)

 ## ✨ 项目特点

--- a/backend/open-isle.env.example
+++ b/backend/open-isle.env.example
@@ -3,6 +3,12 @@ MYSQL_URL=jdbc:mysql://<数据库地址>:<端口>/<数据库名>?useUnicode=yes&
 MYSQL_USER=<数据库用户名>
 MYSQL_PASSWORD=<数据库密码>

+# === JWT ===
+JWT_SECRET=<jwt secret>
+JWT_REASON_SECRET=<jwt reason secret>
+JWT_RESET_SECRET=<jwt reset secret>
+JWT_INVITE_SECRET=<jwt invite secret>
+JWT_EXPIRATION=2592000000

 # === Resend ===
 RESEND_API_KEY=<你的resend-api-key>
@@ -30,4 +36,4 @@ OPENAI_API_KEY=<你的openai-api-key>
 WEBPUSH_PUBLIC_KEY=<你的webpush-public-key>
 WEBPUSH_PRIVATE_KEY=<你的webpush-private-key>

-# LOG_LEVEL=DEBUG
+# LOG_LEVEL=DEBUG
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -26,6 +26,10 @@
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-websocket</artifactId>
+    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
@@ -38,6 +42,16 @@
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
+    <dependency>
+      <groupId>com.vladsch.flexmark</groupId>
+      <artifactId>flexmark-all</artifactId>
+      <version>0.64.8</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jsoup</groupId>
+      <artifactId>jsoup</artifactId>
+      <version>1.17.2</version>
+    </dependency>
    <dependency>
      <groupId>com.mysql</groupId>
      <artifactId>mysql-connector-j</artifactId>
--- a/backend/src/main/java/com/openisle/config/ActivityInitializer.java
+++ b/backend/src/main/java/com/openisle/config/ActivityInitializer.java
@@ -6,6 +6,8 @@ import com.openisle.repository.ActivityRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
+import java.time.LocalDate;
+import java.time.LocalDateTime;

@Component
@RequiredArgsConstructor
@@ -22,5 +24,16 @@ public class ActivityInitializer implements CommandLineRunner {
            a.setContent("为了有利于建站推广以及激励发布内容，我们推出了建站送奶茶的活动，前50名达到level 1的用户，可以联系站长获取奶茶/咖啡一杯");
            activityRepository.save(a);
        }
+
+        if (activityRepository.findByType(ActivityType.INVITE_POINTS) == null) {
+            Activity a = new Activity();
+            a.setTitle("🎁邀请码送积分活动");
+            a.setType(ActivityType.INVITE_POINTS);
+            a.setIcon("https://img.icons8.com/color/96/gift.png");
+            a.setContent("使用邀请码注册或邀请好友即可获得积分奖励，快来参与吧！");
+            a.setStartTime(LocalDateTime.now());
+            a.setEndTime(LocalDate.of(LocalDate.now().getYear(), 10, 1).atStartOfDay());
+            activityRepository.save(a);
+        }
    }
 }
--- a/backend/src/main/java/com/openisle/config/ChannelInitializer.java
+++ b/backend/src/main/java/com/openisle/config/ChannelInitializer.java
@@ -0,0 +1,32 @@
+package com.openisle.config;
+
+import com.openisle.model.MessageConversation;
+import com.openisle.repository.MessageConversationRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class ChannelInitializer implements CommandLineRunner {
+    private final MessageConversationRepository conversationRepository;
+
+    @Override
+    public void run(String... args) {
+        if (conversationRepository.countByChannelTrue() == 0) {
+            MessageConversation chat = new MessageConversation();
+            chat.setChannel(true);
+            chat.setName("吹水群");
+            chat.setDescription("吹水聊天");
+            chat.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/32647273e2334d14adfd4a6ce9db0643.jpeg");
+            conversationRepository.save(chat);
+
+            MessageConversation tech = new MessageConversation();
+            tech.setChannel(true);
+            tech.setName("技术讨论群");
+            tech.setDescription("讨论技术相关话题");
+            tech.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/5edde9a5864e471caa32491dbcdaa8b2.png");
+            conversationRepository.save(tech);
+        }
+    }
+}
--- a/backend/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/backend/src/main/java/com/openisle/config/SecurityConfig.java
@@ -99,11 +99,13 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
-                .cors(Customizer.withDefaults())         // 让 Spring 自带 CorsFilter 处理预检
-            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .cors(Customizer.withDefaults())
+                .headers(h -> h.frameOptions(f -> f.sameOrigin()))
+                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler))
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                    .requestMatchers("/api/ws/**", "/api/sockjs/**").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
@@ -119,6 +121,8 @@ public class SecurityConfig {
                    .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/sitemap.xml").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/channels").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/rss").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/point-goods").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/point-goods").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
@@ -153,8 +157,9 @@ public class SecurityConfig {
                        uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                         uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
-                                uri.startsWith("/api/point-goods") ||
-                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals"));
+                                uri.startsWith("/api/point-goods") || uri.startsWith("/api/channels") ||
+                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals") ||
+                         uri.startsWith("/api/rss"));

                if (authHeader != null && authHeader.startsWith("Bearer ")) {
                    String token = authHeader.substring(7);
@@ -170,7 +175,8 @@ public class SecurityConfig {
                        response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
                        return;
                    }
-                } else if (!uri.startsWith("/api/auth") && !publicGet) {
+                } else if (!uri.startsWith("/api/auth") && !publicGet
+                        && !uri.startsWith("/api/ws") && !uri.startsWith("/api/sockjs")) {
                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                    response.setContentType("application/json");
                    response.getWriter().write("{\"error\": \"Missing token\"}");
--- a/backend/src/main/java/com/openisle/config/WebSocketConfig.java
+++ b/backend/src/main/java/com/openisle/config/WebSocketConfig.java
@@ -0,0 +1,110 @@
+package com.openisle.config;
+
+import com.openisle.service.JwtService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.config.ChannelRegistration;
+import org.springframework.messaging.simp.config.MessageBrokerRegistry;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.messaging.support.MessageHeaderAccessor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
+import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
+
+@Configuration
+@EnableWebSocketMessageBroker
+@RequiredArgsConstructor
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
+    
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+    @Value("${app.website-url}")
+    private String websiteUrl;
+
+    @Override
+    public void configureMessageBroker(MessageBrokerRegistry config) {
+        // Enable a simple memory-based message broker to carry the messages back to the client on destinations prefixed with "/topic" and "/queue"
+        config.enableSimpleBroker("/topic", "/queue");
+        // Set user destination prefix for personal messages
+        config.setUserDestinationPrefix("/user");
+        // Designates the "/app" prefix for messages that are bound for @MessageMapping-annotated methods.
+        config.setApplicationDestinationPrefixes("/app");
+    }
+
+    @Override
+    public void registerStompEndpoints(StompEndpointRegistry registry) {
+        // 1) 原生 WebSocket（不带 SockJS）
+        registry.addEndpoint("/api/ws")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                );
+
+        // 2) SockJS 回退：单独路径
+        registry.addEndpoint("/api/sockjs")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                )
+                .withSockJS()
+                .setWebSocketEnabled(true)
+                .setSessionCookieNeeded(false);
+    }
+
+
+
+    @Override
+    public void configureClientInboundChannel(ChannelRegistration registration) {
+        registration.interceptors(new ChannelInterceptor() {
+            @Override
+            public Message<?> preSend(Message<?> message, MessageChannel channel) {
+                StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+                
+                if (StompCommand.CONNECT.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket CONNECT command received");
+                    String authHeader = accessor.getFirstNativeHeader("Authorization");
+                    System.out.println("Authorization header: " + (authHeader != null ? "present" : "missing"));
+                    
+                    if (authHeader != null && authHeader.startsWith("Bearer ")) {
+                        String token = authHeader.substring(7);
+                        try {
+                            String username = jwtService.validateAndGetSubject(token);
+                            System.out.println("JWT validated for user: " + username);
+                            var userDetails = userDetailsService.loadUserByUsername(username);
+                            Authentication auth = new UsernamePasswordAuthenticationToken(
+                                userDetails, null, userDetails.getAuthorities());
+                            accessor.setUser(auth);
+                            System.out.println("WebSocket user set: " + username);
+                        } catch (Exception e) {
+                            System.err.println("JWT validation failed: " + e.getMessage());
+                        }
+                    }
+                } else if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket SUBSCRIBE to: " + accessor.getDestination());
+                    System.out.println("WebSocket user during subscribe: " + (accessor.getUser() != null ? accessor.getUser().getName() : "null"));
+                }
+                return message;
+            }
+        });
+    }
+}
--- a/backend/src/main/java/com/openisle/controller/AdminPostController.java
+++ b/backend/src/main/java/com/openisle/controller/AdminPostController.java
@@ -45,4 +45,14 @@ public class AdminPostController {
    public PostSummaryDto unpin(@PathVariable Long id) {
        return postMapper.toSummaryDto(postService.unpinPost(id));
    }
+
+    @PostMapping("/{id}/rss-exclude")
+    public PostSummaryDto excludeFromRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.excludeFromRss(id));
+    }
+
+    @PostMapping("/{id}/rss-include")
+    public PostSummaryDto includeInRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.includeInRss(id));
+    }
 }
--- a/backend/src/main/java/com/openisle/controller/AuthController.java
+++ b/backend/src/main/java/com/openisle/controller/AuthController.java
@@ -29,6 +29,7 @@ public class AuthController {
    private final RegisterModeService registerModeService;
    private final NotificationService notificationService;
    private final UserRepository userRepository;
+    private final InviteService inviteService;


    @Value("${app.captcha.enabled:false}")
@@ -45,6 +46,27 @@ public class AuthController {
        if (captchaEnabled && registerCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
            return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
        }
+        if (req.getInviteToken() != null && !req.getInviteToken().isEmpty()) {
+            InviteService.InviteValidateResult result = inviteService.validate(req.getInviteToken());
+            if (!result.isValidate()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "邀请码使用次数过多"));
+            }
+            try {
+                User user = userService.registerWithInvite(
+                        req.getUsername(), req.getEmail(), req.getPassword());
+                inviteService.consume(req.getInviteToken(), user.getUsername());
+                emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(user.getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
+            } catch (FieldException e) {
+                return ResponseEntity.badRequest().body(Map.of(
+                        "field", e.getField(),
+                        "error", e.getMessage()
+                ));
+            }
+        }
        User user = userService.register(
                req.getUsername(), req.getEmail(), req.getPassword(), "", registerModeService.getRegisterMode());
        emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
@@ -58,10 +80,26 @@ public class AuthController {
    public ResponseEntity<?> verify(@RequestBody VerifyRequest req) {
        boolean ok = userService.verifyCode(req.getUsername(), req.getCode());
        if (ok) {
-            return ResponseEntity.ok(Map.of(
-                    "message", "Verified",
-                    "token", jwtService.generateReasonToken(req.getUsername())
-            ));
+            Optional<User> userOpt = userService.findByUsername(req.getUsername());
+            if (userOpt.isEmpty()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials"));
+            }
+
+            User user = userOpt.get();
+
+            if (user.isApproved()) {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified and isApproved",
+                        "reason_code", "VERIFIED_AND_APPROVED",
+                        "token", jwtService.generateToken(req.getUsername())
+                ));
+            } else {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified",
+                        "reason_code", "VERIFIED",
+                        "token", jwtService.generateReasonToken(req.getUsername())
+                ));
+            }
        }
        return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
    }
@@ -106,27 +144,43 @@ public class AuthController {

    @PostMapping("/google")
    public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
-        Optional<User> user = googleAuthService.authenticate(req.getIdToken(), registerModeService.getRegisterMode());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = googleAuthService.authenticate(
+                req.getIdToken(),
+                registerModeService.getRegisterMode(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
            }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }

-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid google token",
@@ -165,28 +219,45 @@ public class AuthController {

    @PostMapping("/github")
    public ResponseEntity<?> loginWithGithub(@RequestBody GithubLoginRequest req) {
-        Optional<User> user = githubAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = githubAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
            }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    // 已填写注册理由
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }

-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid github code",
@@ -196,27 +267,44 @@ public class AuthController {

    @PostMapping("/discord")
    public ResponseEntity<?> loginWithDiscord(@RequestBody DiscordLoginRequest req) {
-        Optional<User> user = discordAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = discordAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
            }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }

-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid discord code",
@@ -226,31 +314,45 @@ public class AuthController {
      
    @PostMapping("/twitter")
    public ResponseEntity<?> loginWithTwitter(@RequestBody TwitterLoginRequest req) {
-        Optional<User> user = twitterAuthService.authenticate(
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = twitterAuthService.authenticate(
                req.getCode(),
                req.getCodeVerifier(),
                registerModeService.getRegisterMode(),
-                req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
            }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                    return ResponseEntity.badRequest().body(Map.of(
                            "error", "Account awaiting approval",
                            "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                    ));
                }
                return ResponseEntity.badRequest().body(Map.of(
                        "error", "Account awaiting approval",
                        "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                ));
            }

-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
        }
        return ResponseEntity.badRequest().body(Map.of(
                "error", "Invalid twitter code",
--- a/backend/src/main/java/com/openisle/controller/ChannelController.java
+++ b/backend/src/main/java/com/openisle/controller/ChannelController.java
@@ -0,0 +1,42 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.ChannelService;
+import com.openisle.service.MessageService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/channels")
+@RequiredArgsConstructor
+public class ChannelController {
+    private final ChannelService channelService;
+    private final MessageService messageService;
+    private final UserRepository userRepository;
+
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName())
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        return user.getId();
+    }
+
+    @GetMapping
+    public List<ChannelDto> listChannels(Authentication auth) {
+        return channelService.listChannels(getCurrentUserId(auth));
+    }
+
+    @PostMapping("/{channelId}/join")
+    public ChannelDto joinChannel(@PathVariable Long channelId, Authentication auth) {
+        return channelService.joinChannel(channelId, getCurrentUserId(auth));
+    }
+
+    @GetMapping("/unread-count")
+    public long unreadCount(Authentication auth) {
+        return messageService.getUnreadChannelCount(getCurrentUserId(auth));
+    }
+}
--- a/backend/src/main/java/com/openisle/controller/CommentController.java
+++ b/backend/src/main/java/com/openisle/controller/CommentController.java
@@ -47,7 +47,7 @@ public class CommentController {
        Comment comment = commentService.addComment(auth.getName(), postId, req.getContent());
        CommentDto dto = commentMapper.toDto(comment);
        dto.setReward(levelService.awardForComment(auth.getName()));
-        dto.setPointReward(pointService.awardForComment(auth.getName(),postId));
+        dto.setPointReward(pointService.awardForComment(auth.getName(), postId, comment.getId()));
        log.debug("createComment succeeded for comment {}", comment.getId());
        return ResponseEntity.ok(dto);
    }
--- a/backend/src/main/java/com/openisle/controller/InviteController.java
+++ b/backend/src/main/java/com/openisle/controller/InviteController.java
@@ -0,0 +1,23 @@
+package com.openisle.controller;
+
+import com.openisle.service.InviteService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/invite")
+@RequiredArgsConstructor
+public class InviteController {
+    private final InviteService inviteService;
+
+    @PostMapping("/generate")
+    public Map<String, String> generate(Authentication auth) {
+        String token = inviteService.generate(auth.getName());
+        return Map.of("token", token);
+    }
+}
--- a/backend/src/main/java/com/openisle/controller/MessageController.java
+++ b/backend/src/main/java/com/openisle/controller/MessageController.java
@@ -0,0 +1,137 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.CreateConversationRequest;
+import com.openisle.dto.CreateConversationResponse;
+import com.openisle.dto.MessageDto;
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.MessageService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.domain.Sort;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/messages")
+@RequiredArgsConstructor
+public class MessageController {
+
+    private final MessageService messageService;
+    private final UserRepository userRepository;
+
+    // This is a placeholder for getting the current user's ID
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName()).orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        // In a real application, you would get this from the Authentication object
+        return user.getId();
+    }
+
+    @GetMapping("/conversations")
+    public ResponseEntity<List<ConversationDto>> getConversations(Authentication auth) {
+        List<ConversationDto> conversations = messageService.getConversations(getCurrentUserId(auth));
+        return ResponseEntity.ok(conversations);
+    }
+
+    @GetMapping("/conversations/{conversationId}")
+    public ResponseEntity<ConversationDetailDto> getMessages(@PathVariable Long conversationId,
+                                                               @RequestParam(defaultValue = "0") int page,
+                                                               @RequestParam(defaultValue = "20") int size,
+                                                               Authentication auth) {
+        Pageable pageable = PageRequest.of(page, size, Sort.by("createdAt").descending());
+        ConversationDetailDto conversationDetails = messageService.getConversationDetails(conversationId, getCurrentUserId(auth), pageable);
+        return ResponseEntity.ok(conversationDetails);
+    }
+
+    @PostMapping
+    public ResponseEntity<MessageDto> sendMessage(@RequestBody MessageRequest req, Authentication auth) {
+        Message message = messageService.sendMessage(getCurrentUserId(auth), req.getRecipientId(), req.getContent(), req.getReplyToId());
+        return ResponseEntity.ok(messageService.toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/messages")
+    public ResponseEntity<MessageDto> sendMessageToConversation(@PathVariable Long conversationId,
+                                                                @RequestBody ChannelMessageRequest req,
+                                                                Authentication auth) {
+        Message message = messageService.sendMessageToConversation(getCurrentUserId(auth), conversationId, req.getContent(), req.getReplyToId());
+        return ResponseEntity.ok(messageService.toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/read")
+    public ResponseEntity<Void> markAsRead(@PathVariable Long conversationId, Authentication auth) {
+        messageService.markConversationAsRead(conversationId, getCurrentUserId(auth));
+        return ResponseEntity.ok().build();
+    }
+
+    @PostMapping("/conversations")
+    public ResponseEntity<CreateConversationResponse> findOrCreateConversation(@RequestBody CreateConversationRequest req, Authentication auth) {
+        MessageConversation conversation = messageService.findOrCreateConversation(getCurrentUserId(auth), req.getRecipientId());
+        return ResponseEntity.ok(new CreateConversationResponse(conversation.getId()));
+    }
+
+    @GetMapping("/unread-count")
+    public ResponseEntity<Long> getUnreadCount(Authentication auth) {
+        return ResponseEntity.ok(messageService.getUnreadMessageCount(getCurrentUserId(auth)));
+    }
+
+    // A simple request DTO
+    static class MessageRequest {
+        private Long recipientId;
+        private String content;
+        private Long replyToId;
+
+        public Long getRecipientId() {
+            return recipientId;
+        }
+
+        public void setRecipientId(Long recipientId) {
+            this.recipientId = recipientId;
+        }
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+
+        public Long getReplyToId() {
+            return replyToId;
+        }
+
+        public void setReplyToId(Long replyToId) {
+            this.replyToId = replyToId;
+        }
+    }
+
+    static class ChannelMessageRequest {
+        private String content;
+        private Long replyToId;
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+
+        public Long getReplyToId() {
+            return replyToId;
+        }
+
+        public void setReplyToId(Long replyToId) {
+            this.replyToId = replyToId;
+        }
+    }
+}
--- a/backend/src/main/java/com/openisle/controller/NotificationController.java
+++ b/backend/src/main/java/com/openisle/controller/NotificationController.java
@@ -23,9 +23,19 @@ public class NotificationController {
    private final NotificationMapper notificationMapper;

    @GetMapping
-    public List<NotificationDto> list(@RequestParam(value = "read", required = false) Boolean read,
+    public List<NotificationDto> list(@RequestParam(value = "page", defaultValue = "0") int page,
+                                      @RequestParam(value = "size", defaultValue = "30") int size,
                                      Authentication auth) {
-        return notificationService.listNotifications(auth.getName(), read).stream()
+        return notificationService.listNotifications(auth.getName(), null, page, size).stream()
+                .map(notificationMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @GetMapping("/unread")
+    public List<NotificationDto> listUnread(@RequestParam(value = "page", defaultValue = "0") int page,
+                                            @RequestParam(value = "size", defaultValue = "30") int size,
+                                            Authentication auth) {
+        return notificationService.listNotifications(auth.getName(), false, page, size).stream()
                .map(notificationMapper::toDto)
                .collect(Collectors.toList());
    }
--- a/backend/src/main/java/com/openisle/controller/PointHistoryController.java
+++ b/backend/src/main/java/com/openisle/controller/PointHistoryController.java
@@ -0,0 +1,36 @@
+package com.openisle.controller;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.mapper.PointHistoryMapper;
+import com.openisle.service.PointService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+@RestController
+@RequestMapping("/api/point-histories")
+@RequiredArgsConstructor
+public class PointHistoryController {
+    private final PointService pointService;
+    private final PointHistoryMapper pointHistoryMapper;
+
+    @GetMapping
+    public List<PointHistoryDto> list(Authentication auth) {
+        return pointService.listHistory(auth.getName()).stream()
+                .map(pointHistoryMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @GetMapping("/trend")
+    public List<Map<String, Object>> trend(Authentication auth,
+                                          @RequestParam(value = "days", defaultValue = "30") int days) {
+        return pointService.trend(auth.getName(), days);
+    }
+}
--- a/backend/src/main/java/com/openisle/controller/PostController.java
+++ b/backend/src/main/java/com/openisle/controller/PostController.java
@@ -3,6 +3,7 @@ package com.openisle.controller;
 import com.openisle.dto.PostDetailDto;
 import com.openisle.dto.PostRequest;
 import com.openisle.dto.PostSummaryDto;
+import com.openisle.dto.PollDto;
 import com.openisle.mapper.PostMapper;
 import com.openisle.model.Post;
 import com.openisle.service.*;
@@ -41,11 +42,13 @@ public class PostController {
        Post post = postService.createPost(auth.getName(), req.getCategoryId(),
                req.getTitle(), req.getContent(), req.getTagIds(),
                req.getType(), req.getPrizeDescription(), req.getPrizeIcon(),
-                req.getPrizeCount(), req.getStartTime(), req.getEndTime());
+                req.getPrizeCount(), req.getPointCost(),
+                req.getStartTime(), req.getEndTime(),
+                req.getOptions());
        draftService.deleteDraft(auth.getName());
        PostDetailDto dto = postMapper.toDetailDto(post, auth.getName());
        dto.setReward(levelService.awardForPost(auth.getName()));
-        dto.setPointReward(pointService.awardForPost(auth.getName()));
+        dto.setPointReward(pointService.awardForPost(auth.getName(), post.getId()));
        return ResponseEntity.ok(dto);
    }

@@ -62,6 +65,16 @@ public class PostController {
        postService.deletePost(id, auth.getName());
    }

+    @PostMapping("/{id}/close")
+    public PostSummaryDto close(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.closePost(id, auth.getName()));
+    }
+
+    @PostMapping("/{id}/reopen")
+    public PostSummaryDto reopen(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.reopenPost(id, auth.getName()));
+    }
+
    @GetMapping("/{id}")
    public ResponseEntity<PostDetailDto> getPost(@PathVariable Long id, Authentication auth) {
        String viewer = auth != null ? auth.getName() : null;
@@ -75,6 +88,17 @@ public class PostController {
        return ResponseEntity.ok().build();
    }

+    @GetMapping("/{id}/poll/progress")
+    public ResponseEntity<PollDto> pollProgress(@PathVariable Long id) {
+        return ResponseEntity.ok(postMapper.toSummaryDto(postService.getPoll(id)).getPoll());
+    }
+
+    @PostMapping("/{id}/poll/vote")
+    public ResponseEntity<Void> vote(@PathVariable Long id, @RequestParam("option") int option, Authentication auth) {
+        postService.votePoll(id, auth.getName(), option);
+        return ResponseEntity.ok().build();
+    }
+
    @GetMapping
    public List<PostSummaryDto> listPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
                                   @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
@@ -161,4 +185,27 @@ public class PostController {
        return postService.listPostsByLatestReply(ids, tids, page, pageSize)
                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
    }
+
+    @GetMapping("/featured")
+    public List<PostSummaryDto> featuredPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
+                                       @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
+                                       @RequestParam(value = "tagId", required = false) Long tagId,
+                                       @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
+                                       @RequestParam(value = "page", required = false) Integer page,
+                                       @RequestParam(value = "pageSize", required = false) Integer pageSize,
+                                       Authentication auth) {
+        List<Long> ids = categoryIds;
+        if (categoryId != null) {
+            ids = java.util.List.of(categoryId);
+        }
+        List<Long> tids = tagIds;
+        if (tagId != null) {
+            tids = java.util.List.of(tagId);
+        }
+        if (auth != null) {
+            userVisitService.recordVisit(auth.getName());
+        }
+        return postService.listFeaturedPosts(ids, tids, page, pageSize)
+                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
+    }
 }
--- a/backend/src/main/java/com/openisle/controller/ReactionController.java
+++ b/backend/src/main/java/com/openisle/controller/ReactionController.java
@@ -36,6 +36,7 @@ public class ReactionController {
                                                   Authentication auth) {
        Reaction reaction = reactionService.reactToPost(auth.getName(), postId, req.getType());
        if (reaction == null) {
+            pointService.deductForReactionOfPost(auth.getName(), postId);
            return ResponseEntity.noContent().build();
        }
        ReactionDto dto = reactionMapper.toDto(reaction);
@@ -50,6 +51,7 @@ public class ReactionController {
                                                      Authentication auth) {
        Reaction reaction = reactionService.reactToComment(auth.getName(), commentId, req.getType());
        if (reaction == null) {
+            pointService.deductForReactionOfComment(auth.getName(), commentId);
            return ResponseEntity.noContent().build();
        }
        ReactionDto dto = reactionMapper.toDto(reaction);
@@ -57,4 +59,17 @@ public class ReactionController {
        pointService.awardForReactionOfComment(auth.getName(), commentId);
        return ResponseEntity.ok(dto);
    }
+
+    @PostMapping("/messages/{messageId}/reactions")
+    public ResponseEntity<ReactionDto> reactToMessage(@PathVariable Long messageId,
+                                                      @RequestBody ReactionRequest req,
+                                                      Authentication auth) {
+        Reaction reaction = reactionService.reactToMessage(auth.getName(), messageId, req.getType());
+        if (reaction == null) {
+            return ResponseEntity.noContent().build();
+        }
+        ReactionDto dto = reactionMapper.toDto(reaction);
+        dto.setReward(levelService.awardForReaction(auth.getName()));
+        return ResponseEntity.ok(dto);
+    }
 }
--- a/backend/src/main/java/com/openisle/controller/RssController.java
+++ b/backend/src/main/java/com/openisle/controller/RssController.java
@@ -0,0 +1,352 @@
+package com.openisle.controller;
+
+import com.openisle.model.Post;
+import com.openisle.model.Comment;
+import com.openisle.model.CommentSort;
+import com.openisle.service.PostService;
+import com.openisle.service.CommentService;
+import lombok.RequiredArgsConstructor;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.jsoup.safety.Safelist;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.vladsch.flexmark.ext.autolink.AutolinkExtension;
+import com.vladsch.flexmark.ext.tables.TablesExtension;
+import com.vladsch.flexmark.ext.gfm.strikethrough.StrikethroughExtension;
+import com.vladsch.flexmark.ext.gfm.tasklist.TaskListExtension;
+import com.vladsch.flexmark.html.HtmlRenderer;
+import com.vladsch.flexmark.parser.Parser;
+import com.vladsch.flexmark.util.data.MutableDataSet;
+
+import java.net.URI;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@RestController
+@RequiredArgsConstructor
+public class RssController {
+    private final PostService postService;
+    private final CommentService commentService;
+
+    @Value("${app.website-url:https://www.open-isle.com}")
+    private String websiteUrl;
+
+    // 兼容 Markdown/HTML 两类图片写法（用于 enclosure）
+    private static final Pattern MD_IMAGE = Pattern.compile("!\\[[^\\]]*\\]\\(([^)]+)\\)");
+    private static final Pattern HTML_IMAGE = Pattern.compile("<BaseImage[^>]+src=[\"']?([^\"'>]+)[\"']?[^>]*>");
+
+    private static final DateTimeFormatter RFC1123 = DateTimeFormatter.RFC_1123_DATE_TIME;
+
+    // flexmark：Markdown -> HTML
+    private static final Parser MD_PARSER;
+    private static final HtmlRenderer MD_RENDERER;
+    static {
+        MutableDataSet opts = new MutableDataSet();
+        opts.set(Parser.EXTENSIONS, Arrays.asList(
+                TablesExtension.create(),
+                AutolinkExtension.create(),
+                StrikethroughExtension.create(),
+                TaskListExtension.create()
+        ));
+        // 允许内联 HTML（下游再做 sanitize）
+        opts.set(Parser.HTML_BLOCK_PARSER, true);
+        MD_PARSER = Parser.builder(opts).build();
+        MD_RENDERER = HtmlRenderer.builder(opts).escapeHtml(false).build();
+    }
+
+    @GetMapping(value = "/api/rss", produces = "application/rss+xml;charset=UTF-8")
+    public String feed() {
+        // 建议 20；你现在是 10，这里保留你的 10
+        List<Post> posts = postService.listLatestRssPosts(10);
+        String base = trimTrailingSlash(websiteUrl);
+
+        StringBuilder sb = new StringBuilder(4096);
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+        sb.append("<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">");
+        sb.append("<channel>");
+        elem(sb, "title", cdata("OpenIsle RSS"));
+        elem(sb, "link", base + "/");
+        elem(sb, "description", cdata("Latest posts"));
+        ZonedDateTime updated = posts.stream()
+                .map(p -> p.getCreatedAt().atZone(ZoneId.systemDefault()))
+                .max(Comparator.naturalOrder())
+                .orElse(ZonedDateTime.now());
+        // channel lastBuildDate（GMT）
+        elem(sb, "lastBuildDate", toRfc1123Gmt(updated));
+
+        for (Post p : posts) {
+            String link = base + "/posts/" + p.getId();
+
+            // 1) Markdown -> HTML
+            String html = renderMarkdown(p.getContent());
+
+            // 2) Sanitize（白名单增强）
+            String safeHtml = sanitizeHtml(html);
+
+            // 3) 绝对化 href/src + 强制 rel/target
+            String absHtml = absolutifyHtml(safeHtml, base);
+
+            // 4) 纯文本摘要（用于 <description>）
+            String plain = textSummary(absHtml, 180);
+
+            // 5) enclosure（首图，已绝对化）
+            String enclosure = firstImage(p.getContent());
+            if (enclosure == null) {
+                // 如果 Markdown 没有图，尝试从渲染后的 HTML 再抓一次
+                enclosure = firstImage(absHtml);
+            }
+            if (enclosure != null) {
+                enclosure = absolutifyUrl(enclosure, base);
+            }
+
+            // 6) 构造优雅的附加区块（原文链接 + 精选评论），编入 <content:encoded>
+            List<Comment> topComments = commentService
+                    .getCommentsForPost(p.getId(), CommentSort.MOST_INTERACTIONS);
+            topComments = topComments.subList(0, Math.min(10, topComments.size()));
+            String footerHtml = buildFooterHtml(base, link, topComments);
+
+            sb.append("<item>");
+            elem(sb, "title", cdata(nullSafe(p.getTitle())));
+            elem(sb, "link", link);
+            sb.append("<guid isPermaLink=\"true\">").append(link).append("</guid>");
+            elem(sb, "pubDate", toRfc1123Gmt(p.getCreatedAt().atZone(ZoneId.systemDefault())));
+            // 摘要
+            elem(sb, "description", cdata(plain));
+            // 全文（HTML）：正文 + 优雅的 Markdown 区块（已转 HTML）
+            sb.append("<content:encoded><![CDATA[")
+                    .append(absHtml)
+                    .append(footerHtml)
+                    .append("]]></content:encoded>");
+            // 首图 enclosure（图片类型）
+            if (enclosure != null) {
+                sb.append("<enclosure url=\"").append(escapeXml(enclosure)).append("\" type=\"")
+                        .append(getMimeType(enclosure)).append("\" />");
+            }
+            sb.append("</item>");
+        }
+
+        sb.append("</channel></rss>");
+        return sb.toString();
+    }
+
+    /* ===================== Markdown → HTML ===================== */
+
+    private static String renderMarkdown(String md) {
+        if (md == null || md.isEmpty()) return "";
+        return MD_RENDERER.render(MD_PARSER.parse(md));
+    }
+
+    /* ===================== Sanitize & 绝对化 ===================== */
+
+    private static String sanitizeHtml(String html) {
+        if (html == null) return "";
+        Safelist wl = Safelist.relaxed()
+                .addTags(
+                        "pre","code","figure","figcaption","picture","source",
+                        "table","thead","tbody","tr","th","td",
+                        "h1","h2","h3","h4","h5","h6",
+                        "hr","blockquote"
+                )
+                .addAttributes("a", "href", "title", "target", "rel")
+                .addAttributes("img", "src", "alt", "title", "width", "height")
+                .addAttributes("source", "srcset", "type", "media")
+                .addAttributes("code", "class")
+                .addAttributes("pre", "class")
+                .addProtocols("a", "href", "http", "https", "mailto")
+                .addProtocols("img", "src", "http", "https", "data")
+                .addProtocols("source", "srcset", "http", "https");
+        // 清除所有 on* 事件、style（避免阅读器环境差异）
+        return Jsoup.clean(html, wl);
+    }
+
+    private static String absolutifyHtml(String html, String baseUrl) {
+        if (html == null || html.isEmpty()) return "";
+        Document doc = Jsoup.parseBodyFragment(html, baseUrl);
+        // a[href]
+        for (Element a : doc.select("a[href]")) {
+            String href = a.attr("href");
+            String abs = absolutifyUrl(href, baseUrl);
+            a.attr("href", abs);
+            // 强制外链安全属性
+            a.attr("rel", "noopener noreferrer nofollow");
+            a.attr("target", "_blank");
+        }
+        // img[src]
+        for (Element img : doc.select("img[src]")) {
+            String src = img.attr("src");
+            String abs = absolutifyUrl(src, baseUrl);
+            img.attr("src", abs);
+        }
+        // source[srcset] （picture/webp）
+        for (Element s : doc.select("source[srcset]")) {
+            String srcset = s.attr("srcset");
+            s.attr("srcset", absolutifySrcset(srcset, baseUrl));
+        }
+        return doc.body().html();
+    }
+
+    private static String absolutifyUrl(String url, String baseUrl) {
+        if (url == null || url.isEmpty()) return url;
+        String u = url.trim();
+        if (u.startsWith("//")) {
+            return "https:" + u;
+        }
+        if (u.startsWith("#")) {
+            // 保留页面内锚点：拼接到首页（也可拼接到当前帖子的 link，但此处无上下文）
+            return baseUrl + "/" + u;
+        }
+        try {
+            URI base = URI.create(ensureTrailingSlash(baseUrl));
+            URI abs = base.resolve(u);
+            return abs.toString();
+        } catch (Exception e) {
+            return url;
+        }
+    }
+
+    private static String absolutifySrcset(String srcset, String baseUrl) {
+        if (srcset == null || srcset.isEmpty()) return srcset;
+        String[] parts = srcset.split(",");
+        List<String> out = new ArrayList<>(parts.length);
+        for (String part : parts) {
+            String p = part.trim();
+            if (p.isEmpty()) continue;
+            String[] seg = p.split("\\s+");
+            String url = seg[0];
+            String size = seg.length > 1 ? seg[1] : "";
+            out.add(absolutifyUrl(url, baseUrl) + (size.isEmpty() ? "" : " " + size));
+        }
+        return String.join(", ", out);
+    }
+
+    /* ===================== 摘要 & enclosure ===================== */
+
+    private static String textSummary(String html, int maxLen) {
+        if (html == null) return "";
+        String text = Jsoup.parse(html).text().replaceAll("\\s+", " ").trim();
+        if (text.length() <= maxLen) return text;
+        return text.substring(0, maxLen) + "…";
+    }
+
+    private String firstImage(String content) {
+        if (content == null) return null;
+        Matcher m = MD_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        m = HTML_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        // 再从纯 HTML 里解析一次（如果传入的是渲染后的）
+        try {
+            Document doc = Jsoup.parse(content);
+            Element img = doc.selectFirst("img[src]");
+            if (img != null) return img.attr("src");
+        } catch (Exception ignored) {}
+        return null;
+    }
+
+    private static String getMimeType(String url) {
+        String lower = url == null ? "" : url.toLowerCase(Locale.ROOT);
+        if (lower.endsWith(".png"))  return "image/png";
+        if (lower.endsWith(".gif"))  return "image/gif";
+        if (lower.endsWith(".webp")) return "image/webp";
+        if (lower.endsWith(".svg"))  return "image/svg+xml";
+        if (lower.endsWith(".avif")) return "image/avif";
+        if (lower.endsWith(".jpg") || lower.endsWith(".jpeg")) return "image/jpeg";
+        // 默认兜底
+        return "image/jpeg";
+    }
+
+    /* ===================== 附加区块（原文链接 + 精选评论） ===================== */
+
+    /**
+     * 将“原文链接 + 精选评论（最多 10 条）”以优雅的 Markdown 形式渲染为 HTML，
+     * 并做 sanitize + 绝对化，然后拼入 content:encoded 尾部。
+     */
+    private static String buildFooterHtml(String baseUrl, String originalLink, List<Comment> topComments) {
+        StringBuilder md = new StringBuilder(256);
+
+        // 分割线
+        md.append("\n\n---\n\n");
+
+        // 原文链接（强调 + 可点击）
+        md.append("**原文链接：** ")
+                .append("[").append(originalLink).append("](").append(originalLink).append(")")
+                .append("\n\n");
+
+        // 精选评论（仅当有评论时展示）
+        if (topComments != null && !topComments.isEmpty()) {
+            md.append("### 精选评论（Top ").append(Math.min(10, topComments.size())).append("）\n\n");
+            for (Comment c : topComments) {
+                String author = usernameOf(c);
+                String content = nullSafe(c.getContent()).replace("\r", "");
+                // 使用引用样式展示，提升可读性
+                md.append("> @").append(author).append(": ").append(content).append("\n\n");
+            }
+        }
+
+        // 渲染为 HTML，并保持和正文一致的处理流程
+        String html = renderMarkdown(md.toString());
+        String safe = sanitizeHtml(html);
+        return absolutifyHtml(safe, baseUrl);
+    }
+
+    private static String usernameOf(Comment c) {
+        if (c == null) return "匿名";
+        try {
+            Object authorObj = c.getAuthor();
+            if (authorObj == null) return "匿名";
+            // 反射避免直接依赖实体字段名变化（也可直接强转到具体类型）
+            String username;
+            try {
+                username = (String) authorObj.getClass().getMethod("getUsername").invoke(authorObj);
+            } catch (Exception e) {
+                username = null;
+            }
+            if (username == null || username.isEmpty()) return "匿名";
+            return username;
+        } catch (Exception ignored) {
+            return "匿名";
+        }
+    }
+
+    /* ===================== 时间/字符串/XML ===================== */
+
+    private static String toRfc1123Gmt(ZonedDateTime zdt) {
+        return zdt.withZoneSameInstant(ZoneId.of("GMT")).format(RFC1123);
+    }
+
+    private static String cdata(String s) {
+        if (s == null) return "<![CDATA[]]>";
+        // 防止出现 "]]>" 终止标记破坏 CDATA
+        return "<![CDATA[" + s.replace("]]>", "]]]]><![CDATA[>") + "]]>";
+    }
+
+    private static void elem(StringBuilder sb, String name, String value) {
+        sb.append('<').append(name).append('>').append(value).append("</").append(name).append('>');
+    }
+
+    private static String escapeXml(String s) {
+        if (s == null) return "";
+        return s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
+                .replace("\"", "&quot;").replace("'", "&apos;");
+    }
+
+    private static String trimTrailingSlash(String s) {
+        if (s == null) return "";
+        return s.endsWith("/") ? s.substring(0, s.length() - 1) : s;
+    }
+
+    private static String ensureTrailingSlash(String s) {
+        if (s == null || s.isEmpty()) return "/";
+        return s.endsWith("/") ? s : s + "/";
+    }
+
+    private static String nullSafe(String s) { return s == null ? "" : s; }
+}
--- a/backend/src/main/java/com/openisle/controller/UserController.java
+++ b/backend/src/main/java/com/openisle/controller/UserController.java
@@ -105,6 +105,17 @@ public class UserController {
                .collect(java.util.stream.Collectors.toList());
    }

+    @GetMapping("/{identifier}/subscribed-posts")
+    public java.util.List<PostMetaDto> subscribedPosts(@PathVariable("identifier") String identifier,
+                                                       @RequestParam(value = "limit", required = false) Integer limit) {
+        int l = limit != null ? limit : defaultPostsLimit;
+        User user = userService.findByIdentifier(identifier).orElseThrow();
+        return subscriptionService.getSubscribedPosts(user.getUsername()).stream()
+                .limit(l)
+                .map(userMapper::toMetaDto)
+                .collect(java.util.stream.Collectors.toList());
+    }
+
    @GetMapping("/{identifier}/replies")
    public java.util.List<CommentInfoDto> userReplies(@PathVariable("identifier") String identifier,
                                                      @RequestParam(value = "limit", required = false) Integer limit) {
--- a/backend/src/main/java/com/openisle/dto/ChannelDto.java
+++ b/backend/src/main/java/com/openisle/dto/ChannelDto.java
@@ -0,0 +1,17 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class ChannelDto {
+    private Long id;
+    private String name;
+    private String description;
+    private String avatar;
+    private MessageDto lastMessage;
+    private long memberCount;
+    private boolean joined;
+    private long unreadCount;
+}
--- a/backend/src/main/java/com/openisle/dto/ConversationDetailDto.java
+++ b/backend/src/main/java/com/openisle/dto/ConversationDetailDto.java
@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import org.springframework.data.domain.Page;
+
+import java.util.List;
+
+@Data
+public class ConversationDetailDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private List<UserSummaryDto> participants;
+    private Page<MessageDto> messages;
+}
--- a/backend/src/main/java/com/openisle/dto/ConversationDto.java
+++ b/backend/src/main/java/com/openisle/dto/ConversationDto.java
@@ -0,0 +1,20 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Getter
+@Setter
+public class ConversationDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private MessageDto lastMessage;
+    private List<UserSummaryDto> participants;
+    private LocalDateTime createdAt;
+    private long unreadCount;
+}
--- a/backend/src/main/java/com/openisle/dto/CreateConversationRequest.java
+++ b/backend/src/main/java/com/openisle/dto/CreateConversationRequest.java
@@ -0,0 +1,8 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class CreateConversationRequest {
+    private Long recipientId;
+}
--- a/backend/src/main/java/com/openisle/dto/CreateConversationResponse.java
+++ b/backend/src/main/java/com/openisle/dto/CreateConversationResponse.java
@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class CreateConversationResponse {
+    private Long conversationId;
+}
--- a/backend/src/main/java/com/openisle/dto/DiscordLoginRequest.java
+++ b/backend/src/main/java/com/openisle/dto/DiscordLoginRequest.java
@@ -7,4 +7,5 @@ import lombok.Data;
 public class DiscordLoginRequest {
    private String code;
    private String redirectUri;
+    private String inviteToken;
 }
--- a/backend/src/main/java/com/openisle/dto/FeaturedMedalDto.java
+++ b/backend/src/main/java/com/openisle/dto/FeaturedMedalDto.java
@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class FeaturedMedalDto extends MedalDto {
+    private long currentFeaturedCount;
+    private long targetFeaturedCount;
+}
+
--- a/backend/src/main/java/com/openisle/dto/GithubLoginRequest.java
+++ b/backend/src/main/java/com/openisle/dto/GithubLoginRequest.java
@@ -7,4 +7,5 @@ import lombok.Data;
 public class GithubLoginRequest {
    private String code;
    private String redirectUri;
+    private String inviteToken;
 }
--- a/backend/src/main/java/com/openisle/dto/GoogleLoginRequest.java
+++ b/backend/src/main/java/com/openisle/dto/GoogleLoginRequest.java
@@ -6,4 +6,5 @@ import lombok.Data;
@Data
 public class GoogleLoginRequest {
    private String idToken;
+    private String inviteToken;
 }
--- a/backend/src/main/java/com/openisle/dto/LotteryDto.java
+++ b/backend/src/main/java/com/openisle/dto/LotteryDto.java
@@ -10,6 +10,7 @@ public class LotteryDto {
    private String prizeDescription;
    private String prizeIcon;
    private int prizeCount;
+    private int pointCost;
    private LocalDateTime startTime;
    private LocalDateTime endTime;
    private List<AuthorDto> participants;
--- a/backend/src/main/java/com/openisle/dto/MessageDto.java
+++ b/backend/src/main/java/com/openisle/dto/MessageDto.java
@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Data
+public class MessageDto {
+    private Long id;
+    private String content;
+    private UserSummaryDto sender;
+    private Long conversationId;
+    private LocalDateTime createdAt;
+    private MessageDto replyTo;
+    private List<ReactionDto> reactions;
+}
--- a/backend/src/main/java/com/openisle/dto/PointHistoryDto.java
+++ b/backend/src/main/java/com/openisle/dto/PointHistoryDto.java
@@ -0,0 +1,23 @@
+package com.openisle.dto;
+
+import com.openisle.model.PointHistoryType;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Getter
+@Setter
+public class PointHistoryDto {
+    private Long id;
+    private PointHistoryType type;
+    private int amount;
+    private int balance;
+    private Long postId;
+    private String postTitle;
+    private Long commentId;
+    private String commentContent;
+    private Long fromUserId;
+    private String fromUserName;
+    private LocalDateTime createdAt;
+}
--- a/backend/src/main/java/com/openisle/dto/PollDto.java
+++ b/backend/src/main/java/com/openisle/dto/PollDto.java
@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Data
+public class PollDto {
+    private List<String> options;
+    private Map<Integer, Integer> votes;
+    private LocalDateTime endTime;
+    private List<AuthorDto> participants;
+    private Map<Integer, List<AuthorDto>> optionParticipants;
+}
--- a/backend/src/main/java/com/openisle/dto/PostRequest.java
+++ b/backend/src/main/java/com/openisle/dto/PostRequest.java
@@ -23,7 +23,10 @@ public class PostRequest {
    private String prizeDescription;
    private String prizeIcon;
    private Integer prizeCount;
+    private Integer pointCost;
    private LocalDateTime startTime;
    private LocalDateTime endTime;
+    // fields for poll posts
+    private List<String> options;
 }

--- a/backend/src/main/java/com/openisle/dto/PostSummaryDto.java
+++ b/backend/src/main/java/com/openisle/dto/PostSummaryDto.java
@@ -31,5 +31,8 @@ public class PostSummaryDto {
    private int pointReward;
    private PostType type;
    private LotteryDto lottery;
+    private PollDto poll;
+    private boolean rssExcluded;
+    private boolean closed;
 }

--- a/backend/src/main/java/com/openisle/dto/ReactionDto.java
+++ b/backend/src/main/java/com/openisle/dto/ReactionDto.java
@@ -4,7 +4,7 @@ import com.openisle.model.ReactionType;
 import lombok.Data;

 /**
- * DTO representing a reaction on a post or comment.
+ * DTO representing a reaction on a post, comment or message.
 */
@Data
 public class ReactionDto {
@@ -13,6 +13,7 @@ public class ReactionDto {
    private String user;
    private Long postId;
    private Long commentId;
+    private Long messageId;
    private int reward;
 }

--- a/backend/src/main/java/com/openisle/dto/RegisterRequest.java
+++ b/backend/src/main/java/com/openisle/dto/RegisterRequest.java
@@ -9,4 +9,5 @@ public class RegisterRequest {
    private String email;
    private String password;
    private String captcha;
+    private String inviteToken;
 }
--- a/backend/src/main/java/com/openisle/dto/TwitterLoginRequest.java
+++ b/backend/src/main/java/com/openisle/dto/TwitterLoginRequest.java
@@ -8,4 +8,5 @@ public class TwitterLoginRequest {
    private String code;
    private String redirectUri;
    private String codeVerifier;
+    private String inviteToken;
 }
--- a/backend/src/main/java/com/openisle/dto/UserSummaryDto.java
+++ b/backend/src/main/java/com/openisle/dto/UserSummaryDto.java
@@ -0,0 +1,10 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class UserSummaryDto {
+    private Long id;
+    private String username;
+    private String avatar;
+}
--- a/backend/src/main/java/com/openisle/mapper/PointHistoryMapper.java
+++ b/backend/src/main/java/com/openisle/mapper/PointHistoryMapper.java
@@ -0,0 +1,34 @@
+package com.openisle.mapper;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.model.PointHistory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PointHistoryMapper {
+    public PointHistoryDto toDto(PointHistory history) {
+        PointHistoryDto dto = new PointHistoryDto();
+        dto.setId(history.getId());
+        dto.setType(history.getType());
+        dto.setAmount(history.getAmount());
+        dto.setBalance(history.getBalance());
+        dto.setCreatedAt(history.getCreatedAt());
+        if (history.getPost() != null) {
+            dto.setPostId(history.getPost().getId());
+            dto.setPostTitle(history.getPost().getTitle());
+        }
+        if (history.getComment() != null) {
+            dto.setCommentId(history.getComment().getId());
+            dto.setCommentContent(history.getComment().getContent());
+            if (history.getComment().getPost() != null && dto.getPostId() == null) {
+                dto.setPostId(history.getComment().getPost().getId());
+                dto.setPostTitle(history.getComment().getPost().getTitle());
+            }
+        }
+        if (history.getFromUser() != null) {
+            dto.setFromUserId(history.getFromUser().getId());
+            dto.setFromUserName(history.getFromUser().getUsername());
+        }
+        return dto;
+    }
+}
--- a/backend/src/main/java/com/openisle/mapper/PostMapper.java
+++ b/backend/src/main/java/com/openisle/mapper/PostMapper.java
@@ -5,18 +5,24 @@ import com.openisle.dto.PostDetailDto;
 import com.openisle.dto.PostSummaryDto;
 import com.openisle.dto.ReactionDto;
 import com.openisle.dto.LotteryDto;
+import com.openisle.dto.PollDto;
+import com.openisle.dto.AuthorDto;
 import com.openisle.model.CommentSort;
 import com.openisle.model.Post;
 import com.openisle.model.LotteryPost;
+import com.openisle.model.PollPost;
 import com.openisle.model.User;
+import com.openisle.model.PollVote;
 import com.openisle.service.CommentService;
 import com.openisle.service.ReactionService;
 import com.openisle.service.SubscriptionService;
+import com.openisle.repository.PollVoteRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;

 import java.time.LocalDateTime;
 import java.util.List;
+import java.util.Map;
 import java.util.stream.Collectors;

 /** Mapper responsible for converting posts into DTOs. */
@@ -32,6 +38,7 @@ public class PostMapper {
    private final UserMapper userMapper;
    private final TagMapper tagMapper;
    private final CategoryMapper categoryMapper;
+    private final PollVoteRepository pollVoteRepository;

    public PostSummaryDto toSummaryDto(Post post) {
        PostSummaryDto dto = new PostSummaryDto();
@@ -63,6 +70,8 @@ public class PostMapper {
        dto.setCommentCount(commentService.countComments(post.getId()));
        dto.setStatus(post.getStatus());
        dto.setPinnedAt(post.getPinnedAt());
+        dto.setRssExcluded(post.getRssExcluded() == null || post.getRssExcluded());
+        dto.setClosed(post.isClosed());

        List<ReactionDto> reactions = reactionService.getReactionsForPost(post.getId())
                .stream()
@@ -84,11 +93,25 @@ public class PostMapper {
            l.setPrizeDescription(lp.getPrizeDescription());
            l.setPrizeIcon(lp.getPrizeIcon());
            l.setPrizeCount(lp.getPrizeCount());
+            l.setPointCost(lp.getPointCost());
            l.setStartTime(lp.getStartTime());
            l.setEndTime(lp.getEndTime());
            l.setParticipants(lp.getParticipants().stream().map(userMapper::toAuthorDto).collect(Collectors.toList()));
            l.setWinners(lp.getWinners().stream().map(userMapper::toAuthorDto).collect(Collectors.toList()));
            dto.setLottery(l);
        }
+
+        if (post instanceof PollPost pp) {
+            PollDto p = new PollDto();
+            p.setOptions(pp.getOptions());
+            p.setVotes(pp.getVotes());
+            p.setEndTime(pp.getEndTime());
+            p.setParticipants(pp.getParticipants().stream().map(userMapper::toAuthorDto).collect(Collectors.toList()));
+            Map<Integer, List<AuthorDto>> optionParticipants = pollVoteRepository.findByPostId(pp.getId()).stream()
+                    .collect(Collectors.groupingBy(PollVote::getOptionIndex,
+                            Collectors.mapping(v -> userMapper.toAuthorDto(v.getUser()), Collectors.toList())));
+            p.setOptionParticipants(optionParticipants);
+            dto.setPoll(p);
+        }
    }
 }
--- a/backend/src/main/java/com/openisle/mapper/ReactionMapper.java
+++ b/backend/src/main/java/com/openisle/mapper/ReactionMapper.java
@@ -19,6 +19,9 @@ public class ReactionMapper {
        if (reaction.getComment() != null) {
            dto.setCommentId(reaction.getComment().getId());
        }
+        if (reaction.getMessage() != null) {
+            dto.setMessageId(reaction.getMessage().getId());
+        }
        dto.setReward(0);
        return dto;
    }
--- a/backend/src/main/java/com/openisle/model/ActivityType.java
+++ b/backend/src/main/java/com/openisle/model/ActivityType.java
@@ -3,5 +3,6 @@ package com.openisle.model;
 /** Activity type enumeration. */
 public enum ActivityType {
    NORMAL,
-    MILK_TEA
+    MILK_TEA,
+    INVITE_POINTS
 }
--- a/backend/src/main/java/com/openisle/model/Draft.java
+++ b/backend/src/main/java/com/openisle/model/Draft.java
@@ -22,7 +22,7 @@ public class Draft {

    private String title;

-    @Column(columnDefinition = "TEXT")
+    @Column(columnDefinition = "LONGTEXT")
    private String content;

    @ManyToOne(fetch = FetchType.LAZY, optional = false)
--- a/backend/src/main/java/com/openisle/model/InviteToken.java
+++ b/backend/src/main/java/com/openisle/model/InviteToken.java
@@ -0,0 +1,23 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.time.LocalDate;
+
+/**
+ * Invite token entity tracking usage counts.
+ */
+@Data
+@Entity
+public class InviteToken {
+    @Id
+    private String token;
+
+    @ManyToOne
+    private User inviter;
+
+    private LocalDate createdDate;
+
+    private int usageCount;
+}
--- a/backend/src/main/java/com/openisle/model/LotteryPost.java
+++ b/backend/src/main/java/com/openisle/model/LotteryPost.java
@@ -26,6 +26,9 @@ public class LotteryPost extends Post {
    @Column(nullable = false)
    private int prizeCount;

+    @Column(nullable = false)
+    private int pointCost;
+
    @Column
    private LocalDateTime startTime;

--- a/backend/src/main/java/com/openisle/model/MedalType.java
+++ b/backend/src/main/java/com/openisle/model/MedalType.java
@@ -3,6 +3,7 @@ package com.openisle.model;
 public enum MedalType {
    COMMENT,
    POST,
+    FEATURED,
    CONTRIBUTOR,
    SEED,
    PIONEER
--- a/backend/src/main/java/com/openisle/model/Message.java
+++ b/backend/src/main/java/com/openisle/model/Message.java
@@ -0,0 +1,39 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "messages")
+public class Message {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "sender_id")
+    private User sender;
+
+    @Column(nullable = false, columnDefinition = "TEXT")
+    private String content;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "reply_to_id")
+    private Message replyTo;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+}
--- a/backend/src/main/java/com/openisle/model/MessageConversation.java
+++ b/backend/src/main/java/com/openisle/model/MessageConversation.java
@@ -0,0 +1,48 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+import java.util.HashSet;
+import java.util.Set;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_conversations")
+public class MessageConversation {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // Indicates whether this conversation represents a public channel
+    @Column(nullable = false)
+    private boolean channel = false;
+
+    // Channel metadata
+    private String name;
+
+    @Column(columnDefinition = "TEXT")
+    private String description;
+
+    private String avatar;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+
+    @OneToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "last_message_id")
+    private Message lastMessage;
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<MessageParticipant> participants = new HashSet<>();
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<Message> messages = new HashSet<>();
+}
--- a/backend/src/main/java/com/openisle/model/MessageParticipant.java
+++ b/backend/src/main/java/com/openisle/model/MessageParticipant.java
@@ -0,0 +1,30 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_participants")
+public class MessageParticipant {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Column
+    private LocalDateTime lastReadAt;
+}
--- a/backend/src/main/java/com/openisle/model/NotificationType.java
+++ b/backend/src/main/java/com/openisle/model/NotificationType.java
@@ -14,6 +14,8 @@ public enum NotificationType {
    POST_REVIEW_REQUEST,
    /** Your post under review was approved or rejected */
    POST_REVIEWED,
+    /** An administrator deleted your post */
+    POST_DELETED,
    /** A subscribed post received a new comment */
    POST_UPDATED,
    /** Someone subscribed to your post */
@@ -38,6 +40,14 @@ public enum NotificationType {
    LOTTERY_WIN,
    /** Your lottery post was drawn */
    LOTTERY_DRAW,
+    /** Someone participated in your poll */
+    POLL_VOTE,
+    /** Your poll post has concluded */
+    POLL_RESULT_OWNER,
+    /** A poll you participated in has concluded */
+    POLL_RESULT_PARTICIPANT,
+    /** Your post was featured */
+    POST_FEATURED,
    /** You were mentioned in a post or comment */
    MENTION
 }
--- a/backend/src/main/java/com/openisle/model/PointHistory.java
+++ b/backend/src/main/java/com/openisle/model/PointHistory.java
@@ -0,0 +1,49 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+/** Point change history for a user. */
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "point_histories")
+public class PointHistory {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private PointHistoryType type;
+
+    @Column(nullable = false)
+    private int amount;
+
+    @Column(nullable = false)
+    private int balance;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "post_id")
+    private Post post;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "comment_id")
+    private Comment comment;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "from_user_id")
+    private User fromUser;
+
+    @Column(name = "created_at", nullable = false)
+    private LocalDateTime createdAt;
+}
--- a/backend/src/main/java/com/openisle/model/PointHistoryType.java
+++ b/backend/src/main/java/com/openisle/model/PointHistoryType.java
@@ -0,0 +1,16 @@
+package com.openisle.model;
+
+public enum PointHistoryType {
+    POST,
+    COMMENT,
+    POST_LIKED,
+    COMMENT_LIKED,
+    POST_LIKE_CANCELLED,
+    COMMENT_LIKE_CANCELLED,
+    INVITE,
+    FEATURE,
+    SYSTEM_ONLINE,
+    REDEEM,
+    LOTTERY_JOIN,
+    LOTTERY_REWARD
+}
--- a/backend/src/main/java/com/openisle/model/PollPost.java
+++ b/backend/src/main/java/com/openisle/model/PollPost.java
@@ -0,0 +1,40 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+import java.util.*;
+
+@Entity
+@Table(name = "poll_posts")
+@Getter
+@Setter
+@NoArgsConstructor
+@PrimaryKeyJoinColumn(name = "post_id")
+public class PollPost extends Post {
+    @ElementCollection
+    @CollectionTable(name = "poll_post_options", joinColumns = @JoinColumn(name = "post_id"))
+    @Column(name = "option_text")
+    private List<String> options = new ArrayList<>();
+
+    @ElementCollection
+    @CollectionTable(name = "poll_post_votes", joinColumns = @JoinColumn(name = "post_id"))
+    @MapKeyColumn(name = "option_index")
+    @Column(name = "vote_count")
+    private Map<Integer, Integer> votes = new HashMap<>();
+
+    @ManyToMany
+    @JoinTable(name = "poll_participants",
+            joinColumns = @JoinColumn(name = "post_id"),
+            inverseJoinColumns = @JoinColumn(name = "user_id"))
+    private Set<User> participants = new HashSet<>();
+
+    @Column
+    private LocalDateTime endTime;
+
+    @Column
+    private boolean resultAnnounced = false;
+}
--- a/backend/src/main/java/com/openisle/model/PollVote.java
+++ b/backend/src/main/java/com/openisle/model/PollVote.java
@@ -0,0 +1,28 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Entity
+@Table(name = "poll_votes", uniqueConstraints = @UniqueConstraint(columnNames = {"post_id", "user_id"}))
+@Getter
+@Setter
+@NoArgsConstructor
+public class PollVote {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "post_id")
+    private PollPost post;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Column(name = "option_index", nullable = false)
+    private int optionIndex;
+}
--- a/backend/src/main/java/com/openisle/model/Post.java
+++ b/backend/src/main/java/com/openisle/model/Post.java
@@ -31,7 +31,7 @@ public class Post {
    @Column(nullable = false)
    private String title;

-    @Column(nullable = false, columnDefinition = "TEXT")
+    @Column(nullable = false, columnDefinition = "LONGTEXT")
    private String content;

    @CreationTimestamp
@@ -64,7 +64,12 @@ public class Post {
    @Column(nullable = false)
    private PostType type = PostType.NORMAL;

+    @Column(nullable = false)
+    private boolean closed = false;
+
    @Column
    private LocalDateTime pinnedAt;

+    @Column(nullable = true)
+    private Boolean rssExcluded = true;
 }
--- a/backend/src/main/java/com/openisle/model/PostType.java
+++ b/backend/src/main/java/com/openisle/model/PostType.java
@@ -2,5 +2,6 @@ package com.openisle.model;

 public enum PostType {
    NORMAL,
-    LOTTERY
+    LOTTERY,
+    POLL
 }
--- a/backend/src/main/java/com/openisle/model/Reaction.java
+++ b/backend/src/main/java/com/openisle/model/Reaction.java
@@ -7,7 +7,7 @@ import lombok.Setter;
 import org.hibernate.annotations.CreationTimestamp;

 /**
- * Reaction entity representing a user's reaction to a post or comment.
+ * Reaction entity representing a user's reaction to a post, comment or message.
 */
@Entity
@Getter
@@ -16,7 +16,8 @@ import org.hibernate.annotations.CreationTimestamp;
@Table(name = "reactions",
       uniqueConstraints = {
           @UniqueConstraint(columnNames = {"user_id", "post_id", "type"}),
-           @UniqueConstraint(columnNames = {"user_id", "comment_id", "type"})
+           @UniqueConstraint(columnNames = {"user_id", "comment_id", "type"}),
+           @UniqueConstraint(columnNames = {"user_id", "message_id", "type"})
       })
 public class Reaction {
    @Id
@@ -39,6 +40,10 @@ public class Reaction {
    @JoinColumn(name = "comment_id")
    private Comment comment;

+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "message_id")
+    private Message message;
+
    @CreationTimestamp
    @Column(nullable = false, updatable = false,
            columnDefinition = "DATETIME(6) DEFAULT CURRENT_TIMESTAMP(6)")
--- a/backend/src/main/java/com/openisle/model/ReactionType.java
+++ b/backend/src/main/java/com/openisle/model/ReactionType.java
@@ -6,7 +6,9 @@ package com.openisle.model;
 public enum ReactionType {
    LIKE,
    DISLIKE,
+    SMILE,
    RECOMMEND,
+    CONGRATULATIONS,
    ANGRY,
    FLUSHED,
    STAR_STRUCK,
@@ -26,5 +28,5 @@ public enum ReactionType {
    CHINA,
    USA,
    JAPAN,
-    KOREA
+    KOREA,
 }
--- a/backend/src/main/java/com/openisle/repository/InviteTokenRepository.java
+++ b/backend/src/main/java/com/openisle/repository/InviteTokenRepository.java
@@ -0,0 +1,12 @@
+package com.openisle.repository;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+public interface InviteTokenRepository extends JpaRepository<InviteToken, String> {
+    Optional<InviteToken> findByInviterAndCreatedDate(User inviter, LocalDate createdDate);
+}
--- a/backend/src/main/java/com/openisle/repository/MessageConversationRepository.java
+++ b/backend/src/main/java/com/openisle/repository/MessageConversationRepository.java
@@ -0,0 +1,34 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageConversation;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface MessageConversationRepository extends JpaRepository<MessageConversation, Long> {
+    @Query("SELECT c FROM MessageConversation c " +
+           "WHERE c.channel = false AND size(c.participants) = 2 " +
+           "AND EXISTS (SELECT 1 FROM c.participants p1 WHERE p1.user = :user1) " +
+           "AND EXISTS (SELECT 1 FROM c.participants p2 WHERE p2.user = :user2) " +
+           "ORDER BY c.createdAt DESC")
+    List<MessageConversation> findConversationsByUsers(@Param("user1") User user1, @Param("user2") User user2);
+    
+    @Query("SELECT DISTINCT c FROM MessageConversation c " +
+           "JOIN c.participants p " +
+           "LEFT JOIN FETCH c.lastMessage lm " +
+           "LEFT JOIN FETCH lm.sender " +
+           "LEFT JOIN FETCH c.participants cp " +
+           "LEFT JOIN FETCH cp.user " +
+           "WHERE p.user.id = :userId " +
+           "ORDER BY COALESCE(lm.createdAt, c.createdAt) DESC")
+    List<MessageConversation> findConversationsByUserIdOrderByLastMessageDesc(@Param("userId") Long userId);
+
+    List<MessageConversation> findByChannelTrue();
+
+    long countByChannelTrue();
+}
--- a/backend/src/main/java/com/openisle/repository/MessageParticipantRepository.java
+++ b/backend/src/main/java/com/openisle/repository/MessageParticipantRepository.java
@@ -0,0 +1,14 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageParticipant;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+@Repository
+public interface MessageParticipantRepository extends JpaRepository<MessageParticipant, Long> {
+    Optional<MessageParticipant> findByConversationIdAndUserId(Long conversationId, Long userId);
+    List<MessageParticipant> findByUserId(Long userId);
+}
--- a/backend/src/main/java/com/openisle/repository/MessageRepository.java
+++ b/backend/src/main/java/com/openisle/repository/MessageRepository.java
@@ -0,0 +1,21 @@
+package com.openisle.repository;
+
+import com.openisle.model.Message;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface MessageRepository extends JpaRepository<Message, Long> {
+    List<Message> findByConversationIdOrderByCreatedAtAsc(Long conversationId);
+
+    Page<Message> findByConversationId(Long conversationId, Pageable pageable);
+
+    long countByConversationIdAndCreatedAtAfter(Long conversationId, java.time.LocalDateTime createdAt);
+    
+    // 只计算不是指定用户发送的消息（即别人发给当前用户的消息）
+    long countByConversationIdAndCreatedAtAfterAndSenderIdNot(Long conversationId, java.time.LocalDateTime createdAt, Long senderId);
+}
--- a/backend/src/main/java/com/openisle/repository/NotificationRepository.java
+++ b/backend/src/main/java/com/openisle/repository/NotificationRepository.java
@@ -5,7 +5,10 @@ import com.openisle.model.User;
 import com.openisle.model.Post;
 import com.openisle.model.Comment;
 import com.openisle.model.NotificationType;
+import com.openisle.model.ReactionType;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;

 import java.util.List;

@@ -13,7 +16,12 @@ import java.util.List;
 public interface NotificationRepository extends JpaRepository<Notification, Long> {
    List<Notification> findByUserOrderByCreatedAtDesc(User user);
    List<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read);
+    Page<Notification> findByUserOrderByCreatedAtDesc(User user, Pageable pageable);
+    Page<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read, Pageable pageable);
+    Page<Notification> findByUserAndTypeNotInOrderByCreatedAtDesc(User user, java.util.Collection<NotificationType> types, Pageable pageable);
+    Page<Notification> findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(User user, boolean read, java.util.Collection<NotificationType> types, Pageable pageable);
    long countByUserAndRead(User user, boolean read);
+    long countByUserAndReadAndTypeNotIn(User user, boolean read, java.util.Collection<NotificationType> types);
    List<Notification> findByPost(Post post);
    List<Notification> findByComment(Comment comment);

@@ -22,4 +30,8 @@ public interface NotificationRepository extends JpaRepository<Notification, Long
    List<Notification> findByTypeAndFromUser(NotificationType type, User fromUser);

    void deleteByTypeAndFromUserAndPost(NotificationType type, User fromUser, Post post);
+
+    void deleteByTypeAndFromUserAndPostAndReactionType(NotificationType type, User fromUser, Post post, ReactionType reactionType);
+
+    void deleteByTypeAndFromUserAndCommentAndReactionType(NotificationType type, User fromUser, Comment comment, ReactionType reactionType);
 }
--- a/backend/src/main/java/com/openisle/repository/PointHistoryRepository.java
+++ b/backend/src/main/java/com/openisle/repository/PointHistoryRepository.java
@@ -0,0 +1,15 @@
+package com.openisle.repository;
+
+import com.openisle.model.PointHistory;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+public interface PointHistoryRepository extends JpaRepository<PointHistory, Long> {
+    List<PointHistory> findByUserOrderByIdDesc(User user);
+    long countByUser(User user);
+
+    List<PointHistory> findByUserAndCreatedAtAfterOrderByCreatedAtDesc(User user, LocalDateTime createdAt);
+}
--- a/backend/src/main/java/com/openisle/repository/PollPostRepository.java
+++ b/backend/src/main/java/com/openisle/repository/PollPostRepository.java
@@ -0,0 +1,13 @@
+package com.openisle.repository;
+
+import com.openisle.model.PollPost;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+public interface PollPostRepository extends JpaRepository<PollPost, Long> {
+    List<PollPost> findByEndTimeAfterAndResultAnnouncedFalse(LocalDateTime now);
+
+    List<PollPost> findByEndTimeBeforeAndResultAnnouncedFalse(LocalDateTime now);
+}
--- a/backend/src/main/java/com/openisle/repository/PollVoteRepository.java
+++ b/backend/src/main/java/com/openisle/repository/PollVoteRepository.java
@@ -0,0 +1,10 @@
+package com.openisle.repository;
+
+import com.openisle.model.PollVote;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
+
+public interface PollVoteRepository extends JpaRepository<PollVote, Long> {
+    List<PollVote> findByPostId(Long postId);
+}
--- a/backend/src/main/java/com/openisle/repository/PostRepository.java
+++ b/backend/src/main/java/com/openisle/repository/PostRepository.java
@@ -97,6 +97,8 @@ public interface PostRepository extends JpaRepository<Post, Long> {

    long countDistinctByTags_Id(Long tagId);

+    long countByAuthor_IdAndRssExcludedFalse(Long userId);
+
    @Query("SELECT t.id, COUNT(DISTINCT p) FROM Post p JOIN p.tags t WHERE t.id IN :tagIds GROUP BY t.id")
    List<Object[]> countPostsByTagIds(@Param("tagIds") List<Long> tagIds);

@@ -106,4 +108,6 @@ public interface PostRepository extends JpaRepository<Post, Long> {
           "WHERE p.createdAt >= :start AND p.createdAt < :end GROUP BY d ORDER BY d")
    java.util.List<Object[]> countDailyRange(@Param("start") LocalDateTime start,
                                             @Param("end") LocalDateTime end);
+
+    List<Post> findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus status, Pageable pageable);
 }
--- a/backend/src/main/java/com/openisle/repository/ReactionRepository.java
+++ b/backend/src/main/java/com/openisle/repository/ReactionRepository.java
@@ -1,6 +1,7 @@
 package com.openisle.repository;

 import com.openisle.model.Comment;
+import com.openisle.model.Message;
 import com.openisle.model.Post;
 import com.openisle.model.Reaction;
 import com.openisle.model.User;
@@ -15,8 +16,10 @@ import java.util.Optional;
 public interface ReactionRepository extends JpaRepository<Reaction, Long> {
    Optional<Reaction> findByUserAndPostAndType(User user, Post post, com.openisle.model.ReactionType type);
    Optional<Reaction> findByUserAndCommentAndType(User user, Comment comment, com.openisle.model.ReactionType type);
+    Optional<Reaction> findByUserAndMessageAndType(User user, Message message, com.openisle.model.ReactionType type);
    List<Reaction> findByPost(Post post);
    List<Reaction> findByComment(Comment comment);
+    List<Reaction> findByMessage(Message message);

    @Query("SELECT r.post.id FROM Reaction r WHERE r.post IS NOT NULL AND r.post.author.username = :username AND r.type = com.openisle.model.ReactionType.LIKE GROUP BY r.post.id ORDER BY COUNT(r.id) DESC")
    List<Long> findTopPostIds(@Param("username") String username, Pageable pageable);
--- a/backend/src/main/java/com/openisle/service/AuthResult.java
+++ b/backend/src/main/java/com/openisle/service/AuthResult.java
@@ -0,0 +1,12 @@
+package com.openisle.service;
+
+import com.openisle.model.User;
+import lombok.Value;
+
+/** Result for OAuth authentication indicating whether a new user was created. */
+@Value
+public class AuthResult {
+    User user;
+    boolean newUser;
+}
+
--- a/backend/src/main/java/com/openisle/service/ChannelService.java
+++ b/backend/src/main/java/com/openisle/service/ChannelService.java
@@ -0,0 +1,98 @@
+package com.openisle.service;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.UserSummaryDto;
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+public class ChannelService {
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final MessageRepository messageRepository;
+    private final UserRepository userRepository;
+
+    @Transactional(readOnly = true)
+    public List<ChannelDto> listChannels(Long userId) {
+        List<MessageConversation> channels = conversationRepository.findByChannelTrue();
+        return channels.stream().map(c -> toDto(c, userId)).collect(Collectors.toList());
+    }
+
+    @Transactional
+    public ChannelDto joinChannel(Long channelId, Long userId) {
+        MessageConversation channel = conversationRepository.findById(channelId)
+                .orElseThrow(() -> new IllegalArgumentException("Channel not found"));
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        participantRepository.findByConversationIdAndUserId(channelId, userId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(channel);
+                    p.setUser(user);
+                    MessageParticipant saved = participantRepository.save(p);
+                    channel.getParticipants().add(saved);
+                    return saved;
+                });
+        return toDto(channel, userId);
+    }
+
+    private ChannelDto toDto(MessageConversation channel, Long userId) {
+        ChannelDto dto = new ChannelDto();
+        dto.setId(channel.getId());
+        dto.setName(channel.getName());
+        dto.setDescription(channel.getDescription());
+        dto.setAvatar(channel.getAvatar());
+        if (channel.getLastMessage() != null) {
+            dto.setLastMessage(toMessageDto(channel.getLastMessage()));
+        }
+        dto.setMemberCount(channel.getParticipants().size());
+        boolean joined = channel.getParticipants().stream()
+                .anyMatch(p -> p.getUser().getId().equals(userId));
+        dto.setJoined(joined);
+        if (joined) {
+            MessageParticipant participant = channel.getParticipants().stream()
+                    .filter(p -> p.getUser().getId().equals(userId))
+                    .findFirst().orElse(null);
+            LocalDateTime lastRead = participant.getLastReadAt() == null
+                    ? LocalDateTime.of(1970, 1, 1, 0, 0)
+                    : participant.getLastReadAt();
+            long unread = messageRepository
+                    .countByConversationIdAndCreatedAtAfterAndSenderIdNot(channel.getId(), lastRead, userId);
+            dto.setUnreadCount(unread);
+        } else {
+            dto.setUnreadCount(0);
+        }
+        return dto;
+    }
+
+    private MessageDto toMessageDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setConversationId(message.getConversation().getId());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        UserSummaryDto userDto = new UserSummaryDto();
+        userDto.setId(message.getSender().getId());
+        userDto.setUsername(message.getSender().getUsername());
+        userDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(userDto);
+
+        return dto;
+    }
+}
--- a/backend/src/main/java/com/openisle/service/CommentService.java
+++ b/backend/src/main/java/com/openisle/service/CommentService.java
@@ -52,6 +52,9 @@ public class CommentService {
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
        Post post = postRepository.findById(postId)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        if (post.isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
        Comment comment = new Comment();
        comment.setAuthor(author);
        comment.setPost(post);
@@ -94,6 +97,9 @@ public class CommentService {
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
        Comment parent = commentRepository.findById(parentId)
                .orElseThrow(() -> new IllegalArgumentException("Comment not found"));
+        if (parent.getPost().isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
        Comment comment = new Comment();
        comment.setAuthor(author);
        comment.setPost(parent.getPost());
--- a/backend/src/main/java/com/openisle/service/DiscordAuthService.java
+++ b/backend/src/main/java/com/openisle/service/DiscordAuthService.java
@@ -26,7 +26,7 @@ public class DiscordAuthService {
    @Value("${discord.client-secret:}")
    private String clientSecret;

-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
        try {
            String tokenUrl = "https://discord.com/api/oauth2/token";
            HttpHeaders headers = new HttpHeaders();
@@ -67,13 +67,13 @@ public class DiscordAuthService {
            if (email == null) {
                email = (username != null ? username : id) + "@users.noreply.discord.com";
            }
-            return Optional.of(processUser(email, username, avatar, mode));
+            return Optional.of(processUser(email, username, avatar, mode, viaInvite));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
        Optional<User> existing = userRepository.findByEmail(email);
        if (existing.isPresent()) {
            User user = existing.get();
@@ -82,7 +82,7 @@ public class DiscordAuthService {
                user.setVerificationCode(null);
                userRepository.save(user);
            }
-            return user;
+            return new AuthResult(user, false);
        }
        String baseUsername = username != null ? username : email.split("@")[0];
        String finalUsername = baseUsername;
@@ -96,12 +96,12 @@ public class DiscordAuthService {
        user.setPassword("");
        user.setRole(Role.USER);
        user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
        if (avatar != null) {
            user.setAvatar(avatar);
        } else {
            user.setAvatar("https://cdn.discordapp.com/embed/avatars/0.png");
        }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
    }
 }
--- a/backend/src/main/java/com/openisle/service/GithubAuthService.java
+++ b/backend/src/main/java/com/openisle/service/GithubAuthService.java
@@ -30,7 +30,7 @@ public class GithubAuthService {
    @Value("${github.client-secret:}")
    private String clientSecret;

-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
        try {
            String tokenUrl = "https://github.com/login/oauth/access_token";
            HttpHeaders headers = new HttpHeaders();
@@ -86,13 +86,13 @@ public class GithubAuthService {
            if (email == null) {
                email = username + "@users.noreply.github.com";
            }
-            return Optional.of(processUser(email, username, avatarUrl, mode));
+            return Optional.of(processUser(email, username, avatarUrl, mode, viaInvite));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
        Optional<User> existing = userRepository.findByEmail(email);
        if (existing.isPresent()) {
            User user = existing.get();
@@ -101,7 +101,7 @@ public class GithubAuthService {
                user.setVerificationCode(null);
                userRepository.save(user);
            }
-            return user;
+            return new AuthResult(user, false);
        }
        String baseUsername = username != null ? username : email.split("@")[0];
        String finalUsername = baseUsername;
@@ -115,12 +115,12 @@ public class GithubAuthService {
        user.setPassword("");
        user.setRole(Role.USER);
        user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
        if (avatar != null) {
            user.setAvatar(avatar);
        } else {
            user.setAvatar(avatarGenerator.generate(finalUsername));
        }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
    }
 }
--- a/backend/src/main/java/com/openisle/service/GoogleAuthService.java
+++ b/backend/src/main/java/com/openisle/service/GoogleAuthService.java
@@ -25,7 +25,7 @@ public class GoogleAuthService {
    @Value("${google.client-id:}")
    private String clientId;

-    public Optional<User> authenticate(String idTokenString, com.openisle.model.RegisterMode mode) {
+    public Optional<AuthResult> authenticate(String idTokenString, com.openisle.model.RegisterMode mode, boolean viaInvite) {
        GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
                .setAudience(Collections.singletonList(clientId))
                .build();
@@ -38,13 +38,13 @@ public class GoogleAuthService {
            String email = payload.getEmail();
            String name = (String) payload.get("name");
            String picture = (String) payload.get("picture");
-            return Optional.of(processUser(email, name, picture, mode));
+            return Optional.of(processUser(email, name, picture, mode, viaInvite));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

-    private User processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
        Optional<User> existing = userRepository.findByEmail(email);
        if (existing.isPresent()) {
            User user = existing.get();
@@ -53,8 +53,7 @@ public class GoogleAuthService {
                user.setVerificationCode(null);
                userRepository.save(user);
            }
-
-            return user;
+            return new AuthResult(user, false);
        }
        User user = new User();
        String baseUsername = email.split("@")[0];
@@ -68,12 +67,12 @@ public class GoogleAuthService {
        user.setPassword("");
        user.setRole(Role.USER);
        user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
        if (avatar != null) {
            user.setAvatar(avatar);
        } else {
            user.setAvatar(avatarGenerator.generate(username));
        }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
    }
 }
--- a/backend/src/main/java/com/openisle/service/InviteService.java
+++ b/backend/src/main/java/com/openisle/service/InviteService.java
@@ -0,0 +1,64 @@
+package com.openisle.service;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import com.openisle.repository.InviteTokenRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.Value;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+public class InviteService {
+    private final InviteTokenRepository inviteTokenRepository;
+    private final UserRepository userRepository;
+    private final JwtService jwtService;
+    private final PointService pointService;
+
+    @Value
+    public class InviteValidateResult {
+        InviteToken inviteToken;
+        boolean validate;
+    }
+
+    public String generate(String username) {
+        User inviter = userRepository.findByUsername(username).orElseThrow();
+        LocalDate today = LocalDate.now();
+        Optional<InviteToken> existing = inviteTokenRepository.findByInviterAndCreatedDate(inviter, today);
+        if (existing.isPresent()) {
+            return existing.get().getToken();
+        }
+        String token = jwtService.generateInviteToken(username);
+        InviteToken inviteToken = new InviteToken();
+        inviteToken.setToken(token);
+        inviteToken.setInviter(inviter);
+        inviteToken.setCreatedDate(today);
+        inviteToken.setUsageCount(0);
+        inviteTokenRepository.save(inviteToken);
+        return token;
+    }
+
+    public InviteValidateResult validate(String token) {
+        if (token == null || token.isEmpty()) {
+            return new InviteValidateResult(null, false);
+        }
+        try {
+            jwtService.validateAndGetSubjectForInvite(token);
+        } catch (Exception e) {
+            return new InviteValidateResult(null, false);
+        }
+        InviteToken invite = inviteTokenRepository.findById(token).orElse(null);
+        return new InviteValidateResult(invite, invite != null && invite.getUsageCount() < 3);
+    }
+
+    public void consume(String token, String newUserName) {
+        InviteToken invite = inviteTokenRepository.findById(token).orElseThrow();
+        invite.setUsageCount(invite.getUsageCount() + 1);
+        inviteTokenRepository.save(invite);
+        pointService.awardForInvite(invite.getInviter().getUsername(), newUserName);
+    }
+}
--- a/backend/src/main/java/com/openisle/service/JwtService.java
+++ b/backend/src/main/java/com/openisle/service/JwtService.java
@@ -24,6 +24,9 @@ public class JwtService {
    @Value("${app.jwt.reset-secret}")
    private String resetSecret;

+    @Value("${app.jwt.invite-secret}")
+    private String inviteSecret;
+
    @Value("${app.jwt.expiration}")
    private long expiration;

@@ -70,6 +73,17 @@ public class JwtService {
                .compact();
    }

+    public String generateInviteToken(String subject) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + expiration);
+        return Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(getSigningKeyForSecret(inviteSecret))
+                .compact();
+    }
+
    public String validateAndGetSubject(String token) {
        Claims claims = Jwts.parserBuilder()
                .setSigningKey(getSigningKeyForSecret(secret))
@@ -96,4 +110,13 @@ public class JwtService {
                .getBody();
        return claims.getSubject();
    }
+
+    public String validateAndGetSubjectForInvite(String token) {
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(getSigningKeyForSecret(inviteSecret))
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+        return claims.getSubject();
+    }
 }
--- a/backend/src/main/java/com/openisle/service/MedalService.java
+++ b/backend/src/main/java/com/openisle/service/MedalService.java
@@ -6,6 +6,7 @@ import com.openisle.dto.MedalDto;
 import com.openisle.dto.PostMedalDto;
 import com.openisle.dto.SeedUserMedalDto;
 import com.openisle.dto.PioneerMedalDto;
+import com.openisle.dto.FeaturedMedalDto;
 import com.openisle.model.MedalType;
 import com.openisle.model.User;
 import com.openisle.repository.CommentRepository;
@@ -74,6 +75,23 @@ public class MedalService {
        postMedal.setSelected(selected == MedalType.POST);
        medals.add(postMedal);

+        FeaturedMedalDto featuredMedal = new FeaturedMedalDto();
+        featuredMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_rss.png");
+        featuredMedal.setTitle("精选作者");
+        featuredMedal.setDescription("至少有1篇文章被收录为精选");
+        featuredMedal.setType(MedalType.FEATURED);
+        featuredMedal.setTargetFeaturedCount(1);
+        if (user != null) {
+            long count = postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId());
+            featuredMedal.setCurrentFeaturedCount(count);
+            featuredMedal.setCompleted(count >= 1);
+        } else {
+            featuredMedal.setCurrentFeaturedCount(0);
+            featuredMedal.setCompleted(false);
+        }
+        featuredMedal.setSelected(selected == MedalType.FEATURED);
+        medals.add(featuredMedal);
+
        ContributorMedalDto contributorMedal = new ContributorMedalDto();
        contributorMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_coder.png");
        contributorMedal.setTitle("贡献者");
@@ -141,6 +159,8 @@ public class MedalService {
            user.setDisplayMedal(MedalType.COMMENT);
        } else if (postRepository.countByAuthor_Id(user.getId()) >= POST_TARGET) {
            user.setDisplayMedal(MedalType.POST);
+        } else if (postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId()) >= 1) {
+            user.setDisplayMedal(MedalType.FEATURED);
        } else if (contributorService.getContributionLines(user.getUsername()) >= CONTRIBUTION_TARGET) {
            user.setDisplayMedal(MedalType.CONTRIBUTOR);
        } else if (userRepository.countByCreatedAtBefore(user.getCreatedAt()) < PIONEER_LIMIT) {
--- a/backend/src/main/java/com/openisle/service/MessageService.java
+++ b/backend/src/main/java/com/openisle/service/MessageService.java
@@ -0,0 +1,324 @@
+package com.openisle.service;
+
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.model.Reaction;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import com.openisle.repository.ReactionRepository;
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.ReactionDto;
+import com.openisle.dto.UserSummaryDto;
+import com.openisle.mapper.ReactionMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.messaging.simp.SimpMessagingTemplate;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class MessageService {
+
+    private final MessageRepository messageRepository;
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final UserRepository userRepository;
+    private final SimpMessagingTemplate messagingTemplate;
+    private final ReactionRepository reactionRepository;
+    private final ReactionMapper reactionMapper;
+
+    @Transactional
+    public Message sendMessage(Long senderId, Long recipientId, String content, Long replyToId) {
+        log.info("Attempting to send message from user {} to user {}", senderId, recipientId);
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        User recipient = userRepository.findById(recipientId)
+                .orElseThrow(() -> new IllegalArgumentException("Recipient not found"));
+
+        log.info("Finding or creating conversation for users {} and {}", sender.getUsername(), recipient.getUsername());
+        MessageConversation conversation = findOrCreateConversation(sender, recipient);
+        log.info("Conversation found or created with ID: {}", conversation.getId());
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        if (replyToId != null) {
+            Message replyTo = messageRepository.findById(replyToId)
+                    .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+            message.setReplyTo(replyTo);
+        }
+        message = messageRepository.save(message);
+        log.info("Message saved with ID: {}", message.getId());
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+        log.info("Conversation {} updated with last message ID {}", conversation.getId(), message.getId());
+
+        // Broadcast the new message to subscribed clients
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+        log.info("Message {} broadcasted to destination: {}", message.getId(), conversationDestination);
+
+        // Also notify the recipient on their personal channel to update the conversation list
+        String userDestination = "/topic/user/" + recipient.getId() + "/messages";
+        messagingTemplate.convertAndSend(userDestination, messageDto);
+        log.info("Message {} notification sent to destination: {}", message.getId(), userDestination);
+
+        // Notify recipient of new unread count
+        long unreadCount = getUnreadMessageCount(recipientId);
+        log.info("Calculating unread count for user {}: {}", recipientId, unreadCount);
+        
+        // Send using username instead of user ID for WebSocket routing
+        String recipientUsername = recipient.getUsername();
+        messagingTemplate.convertAndSendToUser(recipientUsername, "/queue/unread-count", unreadCount);
+        log.info("Sent unread count {} to user {} (username: {}) via WebSocket destination: /user/{}/queue/unread-count",
+                unreadCount, recipientId, recipientUsername, recipientUsername);
+
+        return message;
+    }
+
+    @Transactional
+    public Message sendMessageToConversation(Long senderId, Long conversationId, String content, Long replyToId) {
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        // Join the conversation if not already a participant (useful for channels)
+        participantRepository.findByConversationIdAndUserId(conversationId, senderId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(conversation);
+                    p.setUser(sender);
+                    return participantRepository.save(p);
+                });
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        if (replyToId != null) {
+            Message replyTo = messageRepository.findById(replyToId)
+                    .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+            message.setReplyTo(replyTo);
+        }
+        message = messageRepository.save(message);
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+
+        // Notify all participants except sender for updates
+        for (MessageParticipant participant : conversation.getParticipants()) {
+            if (participant.getUser().getId().equals(senderId)) continue;
+            String userDestination = "/topic/user/" + participant.getUser().getId() + "/messages";
+            messagingTemplate.convertAndSend(userDestination, messageDto);
+
+            long unreadCount = getUnreadMessageCount(participant.getUser().getId());
+            String username = participant.getUser().getUsername();
+            messagingTemplate.convertAndSendToUser(username, "/queue/unread-count", unreadCount);
+
+            long channelUnread = getUnreadChannelCount(participant.getUser().getId());
+            messagingTemplate.convertAndSendToUser(username, "/queue/channel-unread", channelUnread);
+        }
+
+        return message;
+    }
+
+    public MessageDto toDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setConversationId(message.getConversation().getId());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        UserSummaryDto userSummaryDto = new UserSummaryDto();
+        userSummaryDto.setId(message.getSender().getId());
+        userSummaryDto.setUsername(message.getSender().getUsername());
+        userSummaryDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(userSummaryDto);
+
+        if (message.getReplyTo() != null) {
+            Message reply = message.getReplyTo();
+            MessageDto replyDto = new MessageDto();
+            replyDto.setId(reply.getId());
+            replyDto.setContent(reply.getContent());
+            UserSummaryDto replySender = new UserSummaryDto();
+            replySender.setId(reply.getSender().getId());
+            replySender.setUsername(reply.getSender().getUsername());
+            replySender.setAvatar(reply.getSender().getAvatar());
+            replyDto.setSender(replySender);
+            dto.setReplyTo(replyDto);
+        }
+
+        java.util.List<Reaction> reactions = reactionRepository.findByMessage(message);
+        java.util.List<ReactionDto> reactionDtos = reactions.stream()
+                .map(reactionMapper::toDto)
+                .collect(Collectors.toList());
+        dto.setReactions(reactionDtos);
+
+        return dto;
+    }
+
+    public MessageConversation findOrCreateConversation(Long user1Id, Long user2Id) {
+        User user1 = userRepository.findById(user1Id)
+                .orElseThrow(() -> new IllegalArgumentException("User1 not found"));
+        User user2 = userRepository.findById(user2Id)
+                .orElseThrow(() -> new IllegalArgumentException("User2 not found"));
+        return findOrCreateConversation(user1, user2);
+    }
+
+    private MessageConversation findOrCreateConversation(User user1, User user2) {
+        log.info("Searching for existing conversation between {} and {}", user1.getUsername(), user2.getUsername());
+        return conversationRepository.findConversationsByUsers(user1, user2).stream()
+                .findFirst()
+                .orElseGet(() -> {
+                    log.info("No existing conversation found. Creating a new one.");
+                    MessageConversation conversation = new MessageConversation();
+                    conversation = conversationRepository.save(conversation);
+                    log.info("New conversation created with ID: {}", conversation.getId());
+
+                    MessageParticipant participant1 = new MessageParticipant();
+                    participant1.setConversation(conversation);
+                    participant1.setUser(user1);
+                    participantRepository.save(participant1);
+                    log.info("Participant {} added to conversation {}", user1.getUsername(), conversation.getId());
+
+                    MessageParticipant participant2 = new MessageParticipant();
+                    participant2.setConversation(conversation);
+                    participant2.setUser(user2);
+                    participantRepository.save(participant2);
+                    log.info("Participant {} added to conversation {}", user2.getUsername(), conversation.getId());
+
+                    return conversation;
+                });
+    }
+
+    @Transactional(readOnly = true)
+    public List<ConversationDto> getConversations(Long userId) {
+        List<MessageConversation> conversations = conversationRepository.findConversationsByUserIdOrderByLastMessageDesc(userId);
+        return conversations.stream()
+                .filter(c -> !c.isChannel())
+                .map(c -> toDto(c, userId))
+                .collect(Collectors.toList());
+    }
+
+    private ConversationDto toDto(MessageConversation conversation, Long userId) {
+        ConversationDto dto = new ConversationDto();
+        dto.setId(conversation.getId());
+        dto.setChannel(conversation.isChannel());
+        dto.setName(conversation.getName());
+        dto.setAvatar(conversation.getAvatar());
+        dto.setCreatedAt(conversation.getCreatedAt());
+        if (conversation.getLastMessage() != null) {
+            dto.setLastMessage(toDto(conversation.getLastMessage()));
+        }
+        dto.setParticipants(conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList()));
+
+        MessageParticipant self = conversation.getParticipants().stream()
+                .filter(p -> p.getUser().getId().equals(userId))
+                .findFirst()
+                .orElseThrow(() -> new IllegalStateException("Participant not found in conversation"));
+
+        LocalDateTime lastRead = self.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : self.getLastReadAt();
+        // 只计算别人发送给当前用户的未读消息
+        long unreadCount = messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(conversation.getId(), lastRead, userId);
+        dto.setUnreadCount(unreadCount);
+
+        return dto;
+    }
+
+    @Transactional
+    public ConversationDetailDto getConversationDetails(Long conversationId, Long userId, Pageable pageable) {
+        markConversationAsRead(conversationId, userId);
+
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        Page<Message> messagesPage = messageRepository.findByConversationId(conversationId, pageable);
+        Page<MessageDto> messageDtoPage = messagesPage.map(this::toDto);
+
+        List<UserSummaryDto> participants = conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList());
+
+        ConversationDetailDto detailDto = new ConversationDetailDto();
+        detailDto.setId(conversation.getId());
+        detailDto.setName(conversation.getName());
+        detailDto.setChannel(conversation.isChannel());
+        detailDto.setAvatar(conversation.getAvatar());
+        detailDto.setParticipants(participants);
+        detailDto.setMessages(messageDtoPage);
+
+        return detailDto;
+    }
+
+    @Transactional
+    public void markConversationAsRead(Long conversationId, Long userId) {
+        MessageParticipant participant = participantRepository.findByConversationIdAndUserId(conversationId, userId)
+                .orElseThrow(() -> new IllegalArgumentException("Participant not found"));
+        participant.setLastReadAt(LocalDateTime.now());
+        participantRepository.save(participant);
+    }
+
+    @Transactional(readOnly = true)
+    public long getUnreadMessageCount(Long userId) {
+        List<MessageParticipant> participations = participantRepository.findByUserId(userId);
+        long totalUnreadCount = 0;
+        for (MessageParticipant p : participations) {
+            if (p.getConversation().isChannel()) continue;
+            LocalDateTime lastRead = p.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : p.getLastReadAt();
+            // 只计算别人发送给当前用户的未读消息
+            totalUnreadCount += messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(p.getConversation().getId(), lastRead, userId);
+        }
+        return totalUnreadCount;
+    }
+
+    @Transactional(readOnly = true)
+    public long getUnreadChannelCount(Long userId) {
+        List<MessageParticipant> participations = participantRepository.findByUserId(userId);
+        long unreadChannelCount = 0;
+        for (MessageParticipant p : participations) {
+            if (!p.getConversation().isChannel()) continue;
+            LocalDateTime lastRead = p.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : p.getLastReadAt();
+            long unread = messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(p.getConversation().getId(), lastRead, userId);
+            if (unread > 0) {
+                unreadChannelCount++;
+            }
+        }
+        return unreadChannelCount;
+    }
+}
--- a/backend/src/main/java/com/openisle/service/NotificationService.java
+++ b/backend/src/main/java/com/openisle/service/NotificationService.java
@@ -23,7 +23,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.concurrent.Executor;
-import java.util.stream.Collectors;

 /** Service for creating and retrieving notifications. */
@Service
@@ -115,6 +114,14 @@ public class NotificationService {
        return n;
    }

+    public void deleteReactionNotification(User fromUser, Post post, Comment comment, ReactionType reactionType) {
+        if (post != null) {
+            notificationRepository.deleteByTypeAndFromUserAndPostAndReactionType(NotificationType.REACTION, fromUser, post, reactionType);
+        } else if (comment != null) {
+            notificationRepository.deleteByTypeAndFromUserAndCommentAndReactionType(NotificationType.REACTION, fromUser, comment, reactionType);
+        }
+    }
+
    /**
     * Create notifications for all admins when a user submits a register request.
     * Old register request notifications from the same applicant are removed first.
@@ -180,17 +187,26 @@ public class NotificationService {
        userRepository.save(user);
    }

-    public List<Notification> listNotifications(String username, Boolean read) {
+    public List<Notification> listNotifications(String username, Boolean read, int page, int size) {
        User user = userRepository.findByUsername(username)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
        Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        List<Notification> list;
+        org.springframework.data.domain.Pageable pageable = org.springframework.data.domain.PageRequest.of(page, size);
+        org.springframework.data.domain.Page<Notification> result;
        if (read == null) {
-            list = notificationRepository.findByUserOrderByCreatedAtDesc(user);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserOrderByCreatedAtDesc(user, pageable);
+            } else {
+                result = notificationRepository.findByUserAndTypeNotInOrderByCreatedAtDesc(user, disabled, pageable);
+            }
        } else {
-            list = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read, pageable);
+            } else {
+                result = notificationRepository.findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(user, read, disabled, pageable);
+            }
        }
-        return list.stream().filter(n -> !disabled.contains(n.getType())).collect(Collectors.toList());
+        return result.getContent();
    }

    public void markRead(String username, List<Long> ids) {
@@ -209,8 +225,10 @@ public class NotificationService {
        User user = userRepository.findByUsername(username)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
        Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        return notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, false).stream()
-                .filter(n -> !disabled.contains(n.getType())).count();
+        if (disabled.isEmpty()) {
+            return notificationRepository.countByUserAndRead(user, false);
+        }
+        return notificationRepository.countByUserAndReadAndTypeNotIn(user, false, disabled);
    }

    public void notifyMentions(String content, User fromUser, Post post, Comment comment) {
--- a/backend/src/main/java/com/openisle/service/PointMallService.java
+++ b/backend/src/main/java/com/openisle/service/PointMallService.java
@@ -3,8 +3,11 @@ package com.openisle.service;
 import com.openisle.exception.FieldException;
 import com.openisle.exception.NotFoundException;
 import com.openisle.model.PointGood;
+import com.openisle.model.PointHistory;
+import com.openisle.model.PointHistoryType;
 import com.openisle.model.User;
 import com.openisle.repository.PointGoodRepository;
+import com.openisle.repository.PointHistoryRepository;
 import com.openisle.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
@@ -18,6 +21,7 @@ public class PointMallService {
    private final PointGoodRepository pointGoodRepository;
    private final UserRepository userRepository;
    private final NotificationService notificationService;
+    private final PointHistoryRepository pointHistoryRepository;

    public List<PointGood> listGoods() {
        return pointGoodRepository.findAll();
@@ -32,6 +36,13 @@ public class PointMallService {
        user.setPoint(user.getPoint() - good.getCost());
        userRepository.save(user);
        notificationService.createPointRedeemNotifications(user, good.getName() + ": " + contact);
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(PointHistoryType.REDEEM);
+        history.setAmount(-good.getCost());
+        history.setBalance(user.getPoint());
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
        return user.getPoint();
    }
 }
--- a/backend/src/main/java/com/openisle/service/PointService.java
+++ b/backend/src/main/java/com/openisle/service/PointService.java
@@ -1,12 +1,16 @@
 package com.openisle.service;

-import com.openisle.model.PointLog;
-import com.openisle.model.User;
+import com.openisle.model.*;
 import com.openisle.repository.*;
+import com.openisle.exception.FieldException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;

 import java.time.LocalDate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;

@Service
@RequiredArgsConstructor
@@ -16,14 +20,39 @@ public class PointService {
    private final PointLogRepository pointLogRepository;
    private final PostRepository postRepository;
    private final CommentRepository commentRepository;
+    private final PointHistoryRepository pointHistoryRepository;

-    public int awardForPost(String userName) {
+    public int awardForPost(String userName, Long postId) {
        User user = userRepository.findByUsername(userName).orElseThrow();
        PointLog log = getTodayLog(user);
        if (log.getPostCount() > 1) return 0;
        log.setPostCount(log.getPostCount() + 1);
        pointLogRepository.save(log);
-        return addPoint(user, 30);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 30, PointHistoryType.POST, post, null, null);
+    }
+
+    public int awardForInvite(String userName, String inviteeName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        User invitee = userRepository.findByUsername(inviteeName).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.INVITE, null, null, invitee);
+    }
+
+    public int awardForFeatured(String userName, Long postId) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.FEATURE, post, null, null);
+    }
+
+    public void processLotteryJoin(User participant, LotteryPost post) {
+        int cost = post.getPointCost();
+        if (cost > 0) {
+            if (participant.getPoint() < cost) {
+                throw new FieldException("point", "积分不足");
+            }
+            addPoint(participant, -cost, PointHistoryType.LOTTERY_JOIN, post, null, post.getAuthor());
+            addPoint(post.getAuthor(), cost, PointHistoryType.LOTTERY_REWARD, post, null, participant);
+        }
    }

    private PointLog getTodayLog(User user) {
@@ -40,20 +69,41 @@ public class PointService {
                });
    }

-    private int addPoint(User user, int amount) {
+    private int addPoint(User user, int amount, PointHistoryType type,
+                         Post post, Comment comment, User fromUser) {
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
        user.setPoint(user.getPoint() + amount);
        userRepository.save(user);
+        recordHistory(user, type, amount, post, comment, fromUser);
        return amount;
    }

+    private void recordHistory(User user, PointHistoryType type, int amount,
+                               Post post, Comment comment, User fromUser) {
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(type);
+        history.setAmount(amount);
+        history.setBalance(user.getPoint());
+        history.setPost(post);
+        history.setComment(comment);
+        history.setFromUser(fromUser);
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
+    }
+
    // 同时为评论者和发帖人增加积分，返回值为评论者增加的积分数
    // 注意需要考虑发帖和回复是同一人的场景
-    public int awardForComment(String commenterName, Long postId) {
+    public int awardForComment(String commenterName, Long postId, Long commentId) {
        // 标记评论者是否已达到积分奖励上限
        boolean isTheRewardCapped = false;

        // 根据帖子id找到发帖人
-        User poster = postRepository.findById(postId).orElseThrow().getAuthor();
+        Post post = postRepository.findById(postId).orElseThrow();
+        User poster = post.getAuthor();
+        Comment comment = commentRepository.findById(commentId).orElseThrow();

        // 获取评论者的加分日志
        User commenter = userRepository.findByUsername(commenterName).orElseThrow();
@@ -69,15 +119,15 @@ public class PointService {
            } else {
                log.setCommentCount(log.getCommentCount() + 1);
                pointLogRepository.save(log);
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
            }
        } else {
-            addPoint(poster, 10);
+            addPoint(poster, 10, PointHistoryType.COMMENT, post, comment, commenter);
            // 如果发帖人与评论者不是同一个，则根据是否达到积分上限来判断评论者加分情况
            if (isTheRewardCapped) {
                return 0;
            } else {
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
            }
        }
    }
@@ -96,7 +146,18 @@ public class PointService {
        }

        // 如果不是同一个，则为发帖人加分
-        return addPoint(poster, 10);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(poster, 10, PointHistoryType.POST_LIKED, post, null, reactioner);
+    }
+
+    public int deductForReactionOfPost(String reactionerName, Long postId) {
+        User poster = postRepository.findById(postId).orElseThrow().getAuthor();
+        User reactioner = userRepository.findByUsername(reactionerName).orElseThrow();
+        if (poster.getId().equals(reactioner.getId())) {
+            return 0;
+        }
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(poster, -10, PointHistoryType.POST_LIKE_CANCELLED, post, null, reactioner);
    }

    // 考虑点赞者和评论者是同一个的情况
@@ -113,7 +174,49 @@ public class PointService {
        }

        // 如果不是同一个，则为发帖人加分
-        return addPoint(commenter, 10);
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
+        Post post = comment.getPost();
+        return addPoint(commenter, 10, PointHistoryType.COMMENT_LIKED, post, comment, reactioner);
+    }
+
+    public int deductForReactionOfComment(String reactionerName, Long commentId) {
+        User commenter = commentRepository.findById(commentId).orElseThrow().getAuthor();
+        User reactioner = userRepository.findByUsername(reactionerName).orElseThrow();
+        if (commenter.getId().equals(reactioner.getId())) {
+            return 0;
+        }
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
+        Post post = comment.getPost();
+        return addPoint(commenter, -10, PointHistoryType.COMMENT_LIKE_CANCELLED, post, comment, reactioner);
+    }
+
+    public java.util.List<PointHistory> listHistory(String userName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
+        return pointHistoryRepository.findByUserOrderByIdDesc(user);
+    }
+
+    public List<Map<String, Object>> trend(String userName, int days) {
+        if (days < 1) days = 1;
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        LocalDate end = LocalDate.now();
+        LocalDate start = end.minusDays(days - 1L);
+        var histories = pointHistoryRepository.findByUserAndCreatedAtAfterOrderByCreatedAtDesc(
+                user, start.atStartOfDay());
+        int idx = 0;
+        int balance = user.getPoint();
+        List<Map<String, Object>> result = new ArrayList<>();
+        for (LocalDate day = end; !day.isBefore(start); day = day.minusDays(1)) {
+            result.add(Map.of("date", day.toString(), "value", balance));
+            while (idx < histories.size() && histories.get(idx).getCreatedAt().toLocalDate().isEqual(day)) {
+                balance -= histories.get(idx).getAmount();
+                idx++;
+            }
+        }
+        Collections.reverse(result);
+        return result;
    }

 }
--- a/backend/src/main/java/com/openisle/service/PostService.java
+++ b/backend/src/main/java/com/openisle/service/PostService.java
@@ -9,8 +9,11 @@ import com.openisle.model.Category;
 import com.openisle.model.Comment;
 import com.openisle.model.NotificationType;
 import com.openisle.model.LotteryPost;
+import com.openisle.model.PollPost;
+import com.openisle.model.PollVote;
 import com.openisle.repository.PostRepository;
 import com.openisle.repository.LotteryPostRepository;
+import com.openisle.repository.PollPostRepository;
 import com.openisle.repository.UserRepository;
 import com.openisle.repository.CategoryRepository;
 import com.openisle.repository.TagRepository;
@@ -20,6 +23,7 @@ import com.openisle.repository.CommentRepository;
 import com.openisle.repository.ReactionRepository;
 import com.openisle.repository.PostSubscriptionRepository;
 import com.openisle.repository.NotificationRepository;
+import com.openisle.repository.PollVoteRepository;
 import com.openisle.model.Role;
 import com.openisle.exception.RateLimitException;
 import lombok.extern.slf4j.Slf4j;
@@ -54,6 +58,8 @@ public class PostService {
    private final CategoryRepository categoryRepository;
    private final TagRepository tagRepository;
    private final LotteryPostRepository lotteryPostRepository;
+    private final PollPostRepository pollPostRepository;
+    private final PollVoteRepository pollVoteRepository;
    private PublishMode publishMode;
    private final NotificationService notificationService;
    private final SubscriptionService subscriptionService;
@@ -67,6 +73,7 @@ public class PostService {
    private final TaskScheduler taskScheduler;
    private final EmailSender emailSender;
    private final ApplicationContext applicationContext;
+    private final PointService pointService;
    private final ConcurrentMap<Long, ScheduledFuture<?>> scheduledFinalizations = new ConcurrentHashMap<>();
    @Value("${app.website-url:https://www.open-isle.com}")
    private String websiteUrl;
@@ -77,6 +84,8 @@ public class PostService {
                       CategoryRepository categoryRepository,
                       TagRepository tagRepository,
                       LotteryPostRepository lotteryPostRepository,
+                       PollPostRepository pollPostRepository,
+                       PollVoteRepository pollVoteRepository,
                       NotificationService notificationService,
                       SubscriptionService subscriptionService,
                       CommentService commentService,
@@ -89,12 +98,15 @@ public class PostService {
                       TaskScheduler taskScheduler,
                       EmailSender emailSender,
                       ApplicationContext applicationContext,
+                       PointService pointService,
                       @Value("${app.post.publish-mode:DIRECT}") PublishMode publishMode) {
        this.postRepository = postRepository;
        this.userRepository = userRepository;
        this.categoryRepository = categoryRepository;
        this.tagRepository = tagRepository;
        this.lotteryPostRepository = lotteryPostRepository;
+        this.pollPostRepository = pollPostRepository;
+        this.pollVoteRepository = pollVoteRepository;
        this.notificationService = notificationService;
        this.subscriptionService = subscriptionService;
        this.commentService = commentService;
@@ -107,6 +119,7 @@ public class PostService {
        this.taskScheduler = taskScheduler;
        this.emailSender = emailSender;
        this.applicationContext = applicationContext;
+        this.pointService = pointService;
        this.publishMode = publishMode;
    }

@@ -122,6 +135,15 @@ public class PostService {
        for (LotteryPost lp : lotteryPostRepository.findByEndTimeBeforeAndWinnersIsEmpty(now)) {
            applicationContext.getBean(PostService.class).finalizeLottery(lp.getId());
        }
+        for (PollPost pp : pollPostRepository.findByEndTimeAfterAndResultAnnouncedFalse(now)) {
+            ScheduledFuture<?> future = taskScheduler.schedule(
+                    () -> applicationContext.getBean(PostService.class).finalizePoll(pp.getId()),
+                    java.util.Date.from(pp.getEndTime().atZone(ZoneId.systemDefault()).toInstant()));
+            scheduledFinalizations.put(pp.getId(), future);
+        }
+        for (PollPost pp : pollPostRepository.findByEndTimeBeforeAndResultAnnouncedFalse(now)) {
+            applicationContext.getBean(PostService.class).finalizePoll(pp.getId());
+        }
    }

    public PublishMode getPublishMode() {
@@ -132,6 +154,26 @@ public class PostService {
        this.publishMode = publishMode;
    }

+    public List<Post> listLatestRssPosts(int limit) {
+        Pageable pageable = PageRequest.of(0, limit, Sort.by(Sort.Direction.DESC, "createdAt"));
+        return postRepository.findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus.PUBLISHED, pageable);
+    }
+
+    public Post excludeFromRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(true);
+        return postRepository.save(post);
+    }
+
+    public Post includeInRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(false);
+        post = postRepository.save(post);
+        notificationService.createNotification(post.getAuthor(), NotificationType.POST_FEATURED, post, null, null, null, null, null);
+        pointService.awardForFeatured(post.getAuthor().getUsername(), post.getId());
+        return post;
+    }
+
    public Post createPost(String username,
                           Long categoryId,
                           String title,
@@ -141,8 +183,10 @@ public class PostService {
                           String prizeDescription,
                           String prizeIcon,
                           Integer prizeCount,
+                           Integer pointCost,
                           LocalDateTime startTime,
-                           LocalDateTime endTime) {
+                           LocalDateTime endTime,
+                           java.util.List<String> options) {
        long recent = postRepository.countByAuthorAfter(username,
                java.time.LocalDateTime.now().minusMinutes(5));
        if (recent >= 1) {
@@ -165,13 +209,25 @@ public class PostService {
        PostType actualType = type != null ? type : PostType.NORMAL;
        Post post;
        if (actualType == PostType.LOTTERY) {
+            if (pointCost != null && (pointCost < 0 || pointCost > 100)) {
+                throw new IllegalArgumentException("pointCost must be between 0 and 100");
+            }
            LotteryPost lp = new LotteryPost();
            lp.setPrizeDescription(prizeDescription);
            lp.setPrizeIcon(prizeIcon);
            lp.setPrizeCount(prizeCount != null ? prizeCount : 0);
+            lp.setPointCost(pointCost != null ? pointCost : 0);
            lp.setStartTime(startTime);
            lp.setEndTime(endTime);
            post = lp;
+        } else if (actualType == PostType.POLL) {
+            if (options == null || options.size() < 2) {
+                throw new IllegalArgumentException("At least two options required");
+            }
+            PollPost pp = new PollPost();
+            pp.setOptions(options);
+            pp.setEndTime(endTime);
+            post = pp;
        } else {
            post = new Post();
        }
@@ -184,6 +240,8 @@ public class PostService {
        post.setStatus(publishMode == PublishMode.REVIEW ? PostStatus.PENDING : PostStatus.PUBLISHED);
        if (post instanceof LotteryPost) {
            post = lotteryPostRepository.save((LotteryPost) post);
+        } else if (post instanceof PollPost) {
+            post = pollPostRepository.save((PollPost) post);
        } else {
            post = postRepository.save(post);
        }
@@ -218,6 +276,11 @@ public class PostService {
                    () -> applicationContext.getBean(PostService.class).finalizeLottery(lp.getId()),
                    java.util.Date.from(lp.getEndTime().atZone(ZoneId.systemDefault()).toInstant()));
            scheduledFinalizations.put(lp.getId(), future);
+        } else if (post instanceof PollPost pp && pp.getEndTime() != null) {
+            ScheduledFuture<?> future = taskScheduler.schedule(
+                    () -> applicationContext.getBean(PostService.class).finalizePoll(pp.getId()),
+                    java.util.Date.from(pp.getEndTime().atZone(ZoneId.systemDefault()).toInstant()));
+            scheduledFinalizations.put(pp.getId(), future);
        }
        return post;
    }
@@ -227,8 +290,62 @@ public class PostService {
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
        User user = userRepository.findByUsername(username)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (post.getParticipants().add(user)) {
+            pointService.processLotteryJoin(user, post);
+            lotteryPostRepository.save(post);
+        }
+    }
+
+    public PollPost getPoll(Long postId) {
+        return pollPostRepository.findById(postId)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+    }
+
+    @Transactional
+    public PollPost votePoll(Long postId, String username, int optionIndex) {
+        PollPost post = pollPostRepository.findById(postId)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        if (post.getEndTime() != null && post.getEndTime().isBefore(LocalDateTime.now())) {
+            throw new IllegalStateException("Poll has ended");
+        }
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (post.getParticipants().contains(user)) {
+            throw new IllegalArgumentException("User already voted");
+        }
+        if (optionIndex < 0 || optionIndex >= post.getOptions().size()) {
+            throw new IllegalArgumentException("Invalid option");
+        }
        post.getParticipants().add(user);
-        lotteryPostRepository.save(post);
+        post.getVotes().merge(optionIndex, 1, Integer::sum);
+        PollVote vote = new PollVote();
+        vote.setPost(post);
+        vote.setUser(user);
+        vote.setOptionIndex(optionIndex);
+        pollVoteRepository.save(vote);
+        PollPost saved = pollPostRepository.save(post);
+        if (post.getAuthor() != null && !post.getAuthor().getId().equals(user.getId())) {
+            notificationService.createNotification(post.getAuthor(), NotificationType.POLL_VOTE, post, null, null, user, null, null);
+        }
+        return saved;
+    }
+
+    @Transactional
+    public void finalizePoll(Long postId) {
+        scheduledFinalizations.remove(postId);
+        pollPostRepository.findById(postId).ifPresent(pp -> {
+            if (pp.isResultAnnounced()) {
+                return;
+            }
+            pp.setResultAnnounced(true);
+            pollPostRepository.save(pp);
+            if (pp.getAuthor() != null) {
+                notificationService.createNotification(pp.getAuthor(), NotificationType.POLL_RESULT_OWNER, pp, null, null, null, null, null);
+            }
+            for (User participant : pp.getParticipants()) {
+                notificationService.createNotification(participant, NotificationType.POLL_RESULT_PARTICIPANT, pp, null, null, null, null, null);
+            }
+        });
    }

    @Transactional
@@ -441,6 +558,34 @@ public class PostService {
        return paginate(sortByPinnedAndCreated(posts), page, pageSize);
    }

+    public List<Post> listFeaturedPosts(List<Long> categoryIds,
+                                        List<Long> tagIds,
+                                        Integer page,
+                                        Integer pageSize) {
+        List<Post> posts;
+        boolean hasCategories = categoryIds != null && !categoryIds.isEmpty();
+        boolean hasTags = tagIds != null && !tagIds.isEmpty();
+
+        if (hasCategories && hasTags) {
+            posts = listPostsByCategoriesAndTags(categoryIds, tagIds, null, null);
+        } else if (hasCategories) {
+            posts = listPostsByCategories(categoryIds, null, null);
+        } else if (hasTags) {
+            posts = listPostsByTags(tagIds, null, null);
+        } else {
+            posts = listPosts();
+        }
+
+        // 仅保留 getRssExcluded 为 0 且不为空
+        // 若字段类型是 Boolean（包装类型），0 等价于 false：
+        posts = posts.stream()
+                .filter(p -> p.getRssExcluded() != null && !p.getRssExcluded())
+                .toList();
+
+        return paginate(sortByPinnedAndCreated(posts), page, pageSize);
+    }
+
+
    public List<Post> listPendingPosts() {
        return postRepository.findByStatus(PostStatus.PENDING);
    }
@@ -495,6 +640,30 @@ public class PostService {
        return postRepository.save(post);
    }

+    public Post closePost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(true);
+        return postRepository.save(post);
+    }
+
+    public Post reopenPost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(false);
+        return postRepository.save(post);
+    }
+
    @org.springframework.transaction.annotation.Transactional
    public Post updatePost(Long id,
                           String username,
@@ -538,7 +707,9 @@ public class PostService {
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
        User user = userRepository.findByUsername(username)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
-        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+        User author = post.getAuthor();
+        boolean adminDeleting = !user.getId().equals(author.getId()) && user.getRole() == Role.ADMIN;
+        if (!user.getId().equals(author.getId()) && user.getRole() != Role.ADMIN) {
            throw new IllegalArgumentException("Unauthorized");
        }
        for (Comment c : commentRepository.findByPostAndParentIsNullOrderByCreatedAtAsc(post)) {
@@ -555,7 +726,12 @@ public class PostService {
                future.cancel(false);
            }
        }
+        String title = post.getTitle();
        postRepository.delete(post);
+        if (adminDeleting) {
+            notificationService.createNotification(author, NotificationType.POST_DELETED,
+                    null, null, null, user, null, title);
+        }
    }

    public java.util.List<Post> getPostsByIds(java.util.List<Long> ids) {
--- a/backend/src/main/java/com/openisle/service/ReactionService.java
+++ b/backend/src/main/java/com/openisle/service/ReactionService.java
@@ -6,10 +6,12 @@ import com.openisle.model.Reaction;
 import com.openisle.model.ReactionType;
 import com.openisle.model.User;
 import com.openisle.model.NotificationType;
+import com.openisle.model.Message;
 import com.openisle.repository.CommentRepository;
 import com.openisle.repository.PostRepository;
 import com.openisle.repository.ReactionRepository;
 import com.openisle.repository.UserRepository;
+import com.openisle.repository.MessageRepository;
 import com.openisle.service.NotificationService;
 import com.openisle.service.EmailSender;
 import lombok.RequiredArgsConstructor;
@@ -24,6 +26,7 @@ public class ReactionService {
    private final UserRepository userRepository;
    private final PostRepository postRepository;
    private final CommentRepository commentRepository;
+    private final MessageRepository messageRepository;
    private final NotificationService notificationService;
    private final EmailSender emailSender;

@@ -39,6 +42,7 @@ public class ReactionService {
        java.util.Optional<Reaction> existing =
                reactionRepository.findByUserAndPostAndType(user, post, type);
        if (existing.isPresent()) {
+            notificationService.deleteReactionNotification(user, post, null, type);
            reactionRepository.delete(existing.get());
            return null;
        }
@@ -62,6 +66,7 @@ public class ReactionService {
        java.util.Optional<Reaction> existing =
                reactionRepository.findByUserAndCommentAndType(user, comment, type);
        if (existing.isPresent()) {
+            notificationService.deleteReactionNotification(user, null, comment, type);
            reactionRepository.delete(existing.get());
            return null;
        }
@@ -77,6 +82,26 @@ public class ReactionService {
        return reaction;
    }

+    @Transactional
+    public Reaction reactToMessage(String username, Long messageId, ReactionType type) {
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        Message message = messageRepository.findById(messageId)
+                .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+        java.util.Optional<Reaction> existing =
+                reactionRepository.findByUserAndMessageAndType(user, message, type);
+        if (existing.isPresent()) {
+            reactionRepository.delete(existing.get());
+            return null;
+        }
+        Reaction reaction = new Reaction();
+        reaction.setUser(user);
+        reaction.setMessage(message);
+        reaction.setType(type);
+        reaction = reactionRepository.save(reaction);
+        return reaction;
+    }
+
    public java.util.List<Reaction> getReactionsForPost(Long postId) {
        Post post = postRepository.findById(postId)
                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
--- a/backend/src/main/java/com/openisle/service/SubscriptionService.java
+++ b/backend/src/main/java/com/openisle/service/SubscriptionService.java
@@ -107,6 +107,11 @@ public class SubscriptionService {
        return commentSubRepo.findByComment(c).stream().map(CommentSubscription::getUser).toList();
    }

+    public List<Post> getSubscribedPosts(String username) {
+        User user = userRepo.findByUsername(username).orElseThrow();
+        return postSubRepo.findByUser(user).stream().map(PostSubscription::getPost).toList();
+    }
+

    public long countSubscribers(String username) {
        User user = userRepo.findByUsername(username).orElseThrow();
--- a/backend/src/main/java/com/openisle/service/TwitterAuthService.java
+++ b/backend/src/main/java/com/openisle/service/TwitterAuthService.java
@@ -33,11 +33,12 @@ public class TwitterAuthService {
    @Value("${twitter.client-secret:}")
    private String clientSecret;

-    public Optional<User> authenticate(
+    public Optional<AuthResult> authenticate(
            String code,
            String codeVerifier,
            RegisterMode mode,
-            String redirectUri) {
+            String redirectUri,
+            boolean viaInvite) {

        logger.debug("Starting authentication with code {} and verifier {}", code, codeVerifier);

@@ -106,10 +107,10 @@ public class TwitterAuthService {
        // Twitter v2 默认拿不到 email；如果你申请到 email.scope，可改用 /2/users/:id?user.fields=email
        String email = username + "@twitter.com";
        logger.debug("Processing user {} with email {}", username, email);
-        return Optional.of(processUser(email, username, avatar, mode));
+        return Optional.of(processUser(email, username, avatar, mode, viaInvite));
    }

-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
        Optional<User> existing = userRepository.findByEmail(email);
        if (existing.isPresent()) {
            User user = existing.get();
@@ -119,7 +120,7 @@ public class TwitterAuthService {
                userRepository.save(user);
            }
            logger.debug("Existing user {} authenticated", user.getUsername());
-            return user;
+            return new AuthResult(user, false);
        }
        String baseUsername = username != null ? username : email.split("@")[0];
        String finalUsername = baseUsername;
@@ -133,13 +134,13 @@ public class TwitterAuthService {
        user.setPassword("");
        user.setRole(Role.USER);
        user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
        if (avatar != null) {
            user.setAvatar(avatar);
        } else {
            user.setAvatar("https://twitter.com/" + finalUsername + "/profile_image");
        }
        logger.debug("Creating new user {}", finalUsername);
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
    }
 }
--- a/backend/src/main/java/com/openisle/service/UserService.java
+++ b/backend/src/main/java/com/openisle/service/UserService.java
@@ -74,6 +74,13 @@ public class UserService {
        return userRepository.save(user);
    }

+    public User registerWithInvite(String username, String email, String password) {
+        User user = register(username, email, password, "", com.openisle.model.RegisterMode.DIRECT);
+        user.setVerified(true);
+        user.setVerificationCode(genCode());
+        return userRepository.save(user);
+    }
+
    private String genCode() {
        return String.format("%06d", new Random().nextInt(1000000));
    }
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -10,6 +10,7 @@ spring.jpa.hibernate.ddl-auto=update
 app.jwt.secret=${JWT_SECRET:jwt_sec}
 app.jwt.reason-secret=${JWT_REASON_SECRET:jwt_reason_sec}
 app.jwt.reset-secret=${JWT_RESET_SECRET:jwt_reset_sec}
+app.jwt.invite-secret=${JWT_INVITE_SECRET:jwt_invite_sec}
 # 30 days
 app.jwt.expiration=${JWT_EXPIRATION:2592000000}
 # Password strength: LOW, MEDIUM or HIGH
--- a/backend/src/main/resources/db/migration/V2__add_rss_excluded_to_posts.sql
+++ b/backend/src/main/resources/db/migration/V2__add_rss_excluded_to_posts.sql
@@ -0,0 +1 @@
+ALTER TABLE posts ADD COLUMN rss_excluded BOOLEAN NOT NULL DEFAULT 0;
--- a/backend/src/main/resources/db/migration/V3__add_point_cost_to_lottery_posts.sql
+++ b/backend/src/main/resources/db/migration/V3__add_point_cost_to_lottery_posts.sql
@@ -0,0 +1 @@
+ALTER TABLE lottery_posts ADD COLUMN point_cost INT NOT NULL DEFAULT 0;
--- a/backend/src/test/java/com/openisle/controller/NotificationControllerTest.java
+++ b/backend/src/test/java/com/openisle/controller/NotificationControllerTest.java
@@ -45,7 +45,7 @@ class NotificationControllerTest {
        p.setId(2L);
        n.setPost(p);
        n.setCreatedAt(LocalDateTime.now());
-        when(notificationService.listNotifications("alice", null))
+        when(notificationService.listNotifications("alice", null, 0, 30))
                .thenReturn(List.of(n));

        NotificationDto dto = new NotificationDto();
@@ -62,6 +62,24 @@ class NotificationControllerTest {
                .andExpect(jsonPath("$[0].post.id").value(2));
    }

+    @Test
+    void listUnreadNotifications() throws Exception {
+        Notification n = new Notification();
+        n.setId(5L);
+        n.setType(NotificationType.POST_VIEWED);
+        when(notificationService.listNotifications("alice", false, 0, 30))
+                .thenReturn(List.of(n));
+
+        NotificationDto dto = new NotificationDto();
+        dto.setId(5L);
+        when(notificationMapper.toDto(n)).thenReturn(dto);
+
+        mockMvc.perform(get("/api/notifications/unread")
+                        .principal(new UsernamePasswordAuthenticationToken("alice","p")))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].id").value(5));
+    }
+
    @Test
    void markReadEndpoint() throws Exception {
        mockMvc.perform(post("/api/notifications/read")
--- a/backend/src/test/java/com/openisle/controller/PointHistoryControllerTest.java
+++ b/backend/src/test/java/com/openisle/controller/PointHistoryControllerTest.java
@@ -0,0 +1,65 @@
+package com.openisle.controller;
+
+import com.openisle.config.CustomAccessDeniedHandler;
+import com.openisle.config.SecurityConfig;
+import com.openisle.service.PointService;
+import com.openisle.mapper.PointHistoryMapper;
+import com.openisle.service.JwtService;
+import com.openisle.repository.UserRepository;
+import com.openisle.model.User;
+import com.openisle.model.Role;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.test.web.servlet.MockMvc;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@WebMvcTest(PointHistoryController.class)
+@AutoConfigureMockMvc
+@Import({SecurityConfig.class, CustomAccessDeniedHandler.class})
+class PointHistoryControllerTest {
+    @Autowired
+    private MockMvc mockMvc;
+
+    @MockBean
+    private JwtService jwtService;
+    @MockBean
+    private UserRepository userRepository;
+    @MockBean
+    private PointService pointService;
+    @MockBean
+    private PointHistoryMapper pointHistoryMapper;
+
+    @Test
+    void trendReturnsSeries() throws Exception {
+        Mockito.when(jwtService.validateAndGetSubject("token")).thenReturn("user");
+        User user = new User();
+        user.setUsername("user");
+        user.setPassword("p");
+        user.setEmail("u@example.com");
+        user.setRole(Role.USER);
+        Mockito.when(userRepository.findByUsername("user")).thenReturn(Optional.of(user));
+        List<Map<String, Object>> data = List.of(
+                Map.of("date", java.time.LocalDate.now().minusDays(1).toString(), "value", 100),
+                Map.of("date", java.time.LocalDate.now().toString(), "value", 110)
+        );
+        Mockito.when(pointService.trend(Mockito.eq("user"), Mockito.anyInt())).thenReturn(data);
+
+        mockMvc.perform(get("/api/point-histories/trend").param("days", "2")
+                        .header("Authorization", "Bearer token"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].value").value(100))
+                .andExpect(jsonPath("$[1].value").value(110));
+    }
+}
--- a/backend/src/test/java/com/openisle/controller/PostControllerTest.java
+++ b/backend/src/test/java/com/openisle/controller/PostControllerTest.java
@@ -76,7 +76,7 @@ class PostControllerTest {
        post.setTags(Set.of(tag));

        when(postService.createPost(eq("alice"), eq(1L), eq("t"), eq("c"), eq(List.of(1L)),
-                isNull(), isNull(), isNull(), isNull(), isNull(), isNull())).thenReturn(post);
+                isNull(), isNull(), isNull(), isNull(), isNull(), isNull(), isNull(), isNull())).thenReturn(post);
        when(postService.viewPost(eq(1L), any())).thenReturn(post);
        when(commentService.getCommentsForPost(eq(1L), any())).thenReturn(List.of());
        when(commentService.getParticipants(anyLong(), anyInt())).thenReturn(List.of());
@@ -187,7 +187,7 @@ class PostControllerTest {
                .andExpect(status().isBadRequest());

        verify(postService, never()).createPost(any(), any(), any(), any(), any(),
-                any(), any(), any(), any(), any(), any());
+                any(), any(), any(), any(), any(), any(), any(), any());
    }

    @Test
--- a/backend/src/test/java/com/openisle/controller/ReactionControllerTest.java
+++ b/backend/src/test/java/com/openisle/controller/ReactionControllerTest.java
@@ -5,6 +5,7 @@ import com.openisle.model.Post;
 import com.openisle.model.Reaction;
 import com.openisle.model.ReactionType;
 import com.openisle.model.User;
+import com.openisle.model.Message;
 import com.openisle.service.ReactionService;
 import com.openisle.service.LevelService;
 import com.openisle.mapper.ReactionMapper;
@@ -78,6 +79,27 @@ class ReactionControllerTest {
                .andExpect(jsonPath("$.commentId").value(2));
    }

+    @Test
+    void reactToMessage() throws Exception {
+        User user = new User();
+        user.setUsername("u3");
+        Message message = new Message();
+        message.setId(3L);
+        Reaction reaction = new Reaction();
+        reaction.setId(3L);
+        reaction.setUser(user);
+        reaction.setMessage(message);
+        reaction.setType(ReactionType.LIKE);
+        Mockito.when(reactionService.reactToMessage(eq("u3"), eq(3L), eq(ReactionType.LIKE))).thenReturn(reaction);
+
+        mockMvc.perform(post("/api/messages/3/reactions")
+                        .contentType("application/json")
+                        .content("{\"type\":\"LIKE\"}")
+                        .principal(new UsernamePasswordAuthenticationToken("u3", "p")))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$.messageId").value(3));
+    }
+
    @Test
    void listReactionTypes() throws Exception {
        mockMvc.perform(get("/api/reaction-types"))
--- a/backend/src/test/java/com/openisle/controller/UserControllerTest.java
+++ b/backend/src/test/java/com/openisle/controller/UserControllerTest.java
@@ -136,6 +136,30 @@ class UserControllerTest {
                .andExpect(jsonPath("$[0].title").value("hello"));
    }

+    @Test
+    void listSubscribedPosts() throws Exception {
+        User user = new User();
+        user.setUsername("bob");
+        com.openisle.model.Category cat = new com.openisle.model.Category();
+        cat.setName("tech");
+        com.openisle.model.Post post = new com.openisle.model.Post();
+        post.setId(6L);
+        post.setTitle("fav");
+        post.setCreatedAt(java.time.LocalDateTime.now());
+        post.setCategory(cat);
+        post.setAuthor(user);
+        Mockito.when(userService.findByIdentifier("bob")).thenReturn(Optional.of(user));
+        Mockito.when(subscriptionService.getSubscribedPosts("bob")).thenReturn(java.util.List.of(post));
+        PostMetaDto meta = new PostMetaDto();
+        meta.setId(6L);
+        meta.setTitle("fav");
+        Mockito.when(userMapper.toMetaDto(post)).thenReturn(meta);
+
+        mockMvc.perform(get("/api/users/bob/subscribed-posts"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].title").value("fav"));
+    }
+
    @Test
    void listUserReplies() throws Exception {
        User user = new User();
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`ALTER TABLE posts ADD COLUMN rss_excluded BOOLEAN NOT NULL DEFAULT 0;`
				`@@ -0,0 +1 @@`
				`ALTER TABLE lottery_posts ADD COLUMN point_cost INT NOT NULL DEFAULT 0;`