test(points): cover trend endpoint

fix: 修复贴吧表情显示问题

.husky/pre-commit

@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 npx lint-staged

CONTRIBUTING.md

@@ -0,0 +1,116 @@
+#### **⚠️注意：仅想修改前端的朋友可不用部署后端服务**
+
+## 如何部署
+
+> Step1 先克隆仓库
+
+```shell
+git clone https://github.com/nagisa77/OpenIsle.git
+cd OpenIsle
+```
+
+> Step2 后端部署
+
+```shell
+cd backend
+```
+
+以IDEA编辑器为例，IDEA打开backend文件夹。
+
+- 设置VM Option，最好运行在其他端口，非8080，这里设置8081
+
+```shell
+-Dserver.port=8081
+```
+
+![CleanShot 2025-08-04 at 11 .35.49.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/4cf210cfc6ea478a80dfc744c85ccdc4.png)
+
+- 设置jdk版本为java 17
+
+![CleanShot 2025-08-04 at 11 .38.03@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/392eeec753ae436ca12a78f750dfea2d.png)
+
+- 本机配置MySQL服务（网上很多教程，忽略）
+- 设置环境变量.env 文件 或.properties 文件（二选一）
+
+1. 环境变量文件生成
+
+```shell
+cp open-isle.env.example open-isle.env
+```
+
+修改环境变量，留下需要的，比如你要开发Google登录业务，就需要谷歌相关的变量，数据库是一定要的
+
+![CleanShot 2025-08-04 at 11 .41.36@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/896c8363b6e64ea19d18c12ec4dae2b4.png)
+
+应用环境文件， 选择刚刚的`open-isle.env`
+
+![CleanShot 2025-08-04 at 11 .44.41.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/f588e37838014a6684c141605639b9fa.png)
+
+2. 直接修改 .properities 文件
+
+位置src/main/application.properties, 数据库需要修改标红处，其他按需修改
+
+![CleanShot 2025-08-04 at 11 .47.11@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/28c3104448a245419e0b06aee861abb4.png)
+
+处理完环境问题直接跑起来就能通了
+
+![CleanShot 2025-08-04 at 11 .49.01@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/2c945eae44b1477db09e80fc96b5e02d.png)
+
+> Step3 前端部署
+
+前端可以依赖本机部署的后端，也可以直接调用线上的后端接口
+
+```shell
+cd ../frontend_nuxt/
+```
+
+copy环境.env文件
+
+```shell
+cp .env.staging.example .env
+```
+
+1. 依赖本机部署的后端：打开本文件夹，修改.env 修改为瞄准本机后端端口
+
+```yaml
+; 本地部署后端
+NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+2. 依赖预发环境后台环境
+
+**(⚠️强烈推荐只部署前端的朋友使用该环境)**
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+4. 依赖线上后台环境
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+```shell
+# 安装依赖
+npm install --verbose
+
+# 运行前端服务
+npm run dev
+```
+
+如此一来，浏览器访问 http://127.0.0.1:3000 即可访问前端页面

README.md

@@ -1,45 +1,18 @@
 <p align="center">
-  <img alt="OpenIsle" src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png" width="200">
-  <br><br>
-  高效的开源社区前后端端平台
-  <br><br>
-  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square"></a>
+  <BaseImage alt="OpenIsle" src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png" width="200">
+  <br>
+  高效的开源社区前后端平台
+  <br><br><br>
+  <BaseImage alt="Image" src="https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/22752cfac5a04a9c90c41995b9f55fed.png" width="1200">
 </p>
 
 ## 💡 简介
 
 OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台，提供用户注册、登录、贴文发布、评论交互等完整功能，可用于项目社区或直接打造自主社区站点。
 
-## 🚧 开发
+## 🚧 开发 & 部署
 
-### 后端
-
-1. 确保安装 JDK 17 及 Maven
-2. 信息配置修改 `src/main/resources/application.properties`，或通过环境变量设置数据库等参数
-3. 执行 `mvn clean package` 生成包，之后使用 `java -jar target/openisle-0.0.1-SNAPSHOT.jar`启动，或在开发时直接使用 `mvn spring-boot:run`
-
-### 前端
-
-1. 进入前端目录
-    ```bash
-    cd frontend_nuxt
-    ```
-2. 安装依赖
-    ```bash
-    npm install
-    ```
-3. 启动开发服务
-    ```bash
-    npm run dev
-    ```
-
-    生产版本使用如下命令编译：
-
-    ```bash
-    npm run build
-    ```
-
-    会在 `.output` 目录生成文件，配合线上网站方式部署
+详细见 [Contributing](https://github.com/nagisa77/OpenIsle?tab=contributing-ov-file)
 
 ## ✨ 项目特点
 

backend/open-isle.env.example

@@ -3,6 +3,12 @@ MYSQL_URL=jdbc:mysql://<数据库地址>:<端口>/<数据库名>?useUnicode=yes&
 MYSQL_USER=<数据库用户名>
 MYSQL_PASSWORD=<数据库密码>
 
+# === JWT ===
+JWT_SECRET=<jwt secret>
+JWT_REASON_SECRET=<jwt reason secret>
+JWT_RESET_SECRET=<jwt reset secret>
+JWT_INVITE_SECRET=<jwt invite secret>
+JWT_EXPIRATION=2592000000
 
 # === Resend ===
 RESEND_API_KEY=<你的resend-api-key>
@@ -30,4 +36,4 @@ OPENAI_API_KEY=<你的openai-api-key>
 WEBPUSH_PUBLIC_KEY=<你的webpush-public-key>
 WEBPUSH_PRIVATE_KEY=<你的webpush-private-key>
 
-# LOG_LEVEL=DEBUG
+# LOG_LEVEL=DEBUG

backend/pom.xml

@@ -26,6 +26,10 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-websocket</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
@@ -38,6 +42,16 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.vladsch.flexmark</groupId>
+      <artifactId>flexmark-all</artifactId>
+      <version>0.64.8</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jsoup</groupId>
+      <artifactId>jsoup</artifactId>
+      <version>1.17.2</version>
+    </dependency>
     <dependency>
       <groupId>com.mysql</groupId>
       <artifactId>mysql-connector-j</artifactId>

backend/src/main/java/com/openisle/config/ActivityInitializer.java

@@ -6,6 +6,8 @@ import com.openisle.repository.ActivityRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
 
 @Component
 @RequiredArgsConstructor
@@ -22,5 +24,16 @@ public class ActivityInitializer implements CommandLineRunner {
             a.setContent("为了有利于建站推广以及激励发布内容，我们推出了建站送奶茶的活动，前50名达到level 1的用户，可以联系站长获取奶茶/咖啡一杯");
             activityRepository.save(a);
         }
+
+        if (activityRepository.findByType(ActivityType.INVITE_POINTS) == null) {
+            Activity a = new Activity();
+            a.setTitle("🎁邀请码送积分活动");
+            a.setType(ActivityType.INVITE_POINTS);
+            a.setIcon("https://img.icons8.com/color/96/gift.png");
+            a.setContent("使用邀请码注册或邀请好友即可获得积分奖励，快来参与吧！");
+            a.setStartTime(LocalDateTime.now());
+            a.setEndTime(LocalDate.of(LocalDate.now().getYear(), 10, 1).atStartOfDay());
+            activityRepository.save(a);
+        }
     }
 }

backend/src/main/java/com/openisle/config/ChannelInitializer.java

@@ -0,0 +1,32 @@
+package com.openisle.config;
+
+import com.openisle.model.MessageConversation;
+import com.openisle.repository.MessageConversationRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class ChannelInitializer implements CommandLineRunner {
+    private final MessageConversationRepository conversationRepository;
+
+    @Override
+    public void run(String... args) {
+        if (conversationRepository.countByChannelTrue() == 0) {
+            MessageConversation chat = new MessageConversation();
+            chat.setChannel(true);
+            chat.setName("吹水群");
+            chat.setDescription("吹水聊天");
+            chat.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/32647273e2334d14adfd4a6ce9db0643.jpeg");
+            conversationRepository.save(chat);
+
+            MessageConversation tech = new MessageConversation();
+            tech.setChannel(true);
+            tech.setName("技术讨论群");
+            tech.setDescription("讨论技术相关话题");
+            tech.setAvatar("https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/5edde9a5864e471caa32491dbcdaa8b2.png");
+            conversationRepository.save(tech);
+        }
+    }
+}

backend/src/main/java/com/openisle/config/PointGoodInitializer.java

@@ -0,0 +1,31 @@
+package com.openisle.config;
+
+import com.openisle.model.PointGood;
+import com.openisle.repository.PointGoodRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+/** Initialize default point mall goods. */
+@Component
+@RequiredArgsConstructor
+public class PointGoodInitializer implements CommandLineRunner {
+    private final PointGoodRepository pointGoodRepository;
+
+    @Override
+    public void run(String... args) {
+        if (pointGoodRepository.count() == 0) {
+            PointGood g1 = new PointGood();
+            g1.setName("GPT Plus 1 个月");
+            g1.setCost(20000);
+            g1.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/chatgpt.png");
+            pointGoodRepository.save(g1);
+
+            PointGood g2 = new PointGood();
+            g2.setName("奶茶");
+            g2.setCost(5000);
+            g2.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/coffee.png");
+            pointGoodRepository.save(g2);
+        }
+    }
+}

backend/src/main/java/com/openisle/config/SecurityConfig.java

@@ -99,11 +99,13 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf(csrf -> csrf.disable())
-                .cors(Customizer.withDefaults())         // 让 Spring 自带 CorsFilter 处理预检
-            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .cors(Customizer.withDefaults())
+                .headers(h -> h.frameOptions(f -> f.sameOrigin()))
+                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler))
             .authorizeHttpRequests(auth -> auth
                     .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                    .requestMatchers("/api/ws/**", "/api/sockjs/**").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
@@ -119,6 +121,10 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/sitemap.xml").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/channels").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/rss").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/point-goods").permitAll()
+                    .requestMatchers(HttpMethod.POST, "/api/point-goods").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
@@ -151,7 +157,9 @@ public class SecurityConfig {
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
                          uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
-                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals"));
+                                uri.startsWith("/api/point-goods") || uri.startsWith("/api/channels") ||
+                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals") ||
+                         uri.startsWith("/api/rss"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);
@@ -167,7 +175,8 @@ public class SecurityConfig {
                         response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
                         return;
                     }
-                } else if (!uri.startsWith("/api/auth") && !publicGet) {
+                } else if (!uri.startsWith("/api/auth") && !publicGet
+                        && !uri.startsWith("/api/ws") && !uri.startsWith("/api/sockjs")) {
                     response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                     response.setContentType("application/json");
                     response.getWriter().write("{\"error\": \"Missing token\"}");

backend/src/main/java/com/openisle/config/WebSocketConfig.java

@@ -0,0 +1,110 @@
+package com.openisle.config;
+
+import com.openisle.service.JwtService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.config.ChannelRegistration;
+import org.springframework.messaging.simp.config.MessageBrokerRegistry;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.messaging.support.MessageHeaderAccessor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
+import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
+
+@Configuration
+@EnableWebSocketMessageBroker
+@RequiredArgsConstructor
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
+    
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+    @Value("${app.website-url}")
+    private String websiteUrl;
+
+    @Override
+    public void configureMessageBroker(MessageBrokerRegistry config) {
+        // Enable a simple memory-based message broker to carry the messages back to the client on destinations prefixed with "/topic" and "/queue"
+        config.enableSimpleBroker("/topic", "/queue");
+        // Set user destination prefix for personal messages
+        config.setUserDestinationPrefix("/user");
+        // Designates the "/app" prefix for messages that are bound for @MessageMapping-annotated methods.
+        config.setApplicationDestinationPrefixes("/app");
+    }
+
+    @Override
+    public void registerStompEndpoints(StompEndpointRegistry registry) {
+        // 1) 原生 WebSocket（不带 SockJS）
+        registry.addEndpoint("/api/ws")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                );
+
+        // 2) SockJS 回退：单独路径
+        registry.addEndpoint("/api/sockjs")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                )
+                .withSockJS()
+                .setWebSocketEnabled(true)
+                .setSessionCookieNeeded(false);
+    }
+
+
+
+    @Override
+    public void configureClientInboundChannel(ChannelRegistration registration) {
+        registration.interceptors(new ChannelInterceptor() {
+            @Override
+            public Message<?> preSend(Message<?> message, MessageChannel channel) {
+                StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+                
+                if (StompCommand.CONNECT.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket CONNECT command received");
+                    String authHeader = accessor.getFirstNativeHeader("Authorization");
+                    System.out.println("Authorization header: " + (authHeader != null ? "present" : "missing"));
+                    
+                    if (authHeader != null && authHeader.startsWith("Bearer ")) {
+                        String token = authHeader.substring(7);
+                        try {
+                            String username = jwtService.validateAndGetSubject(token);
+                            System.out.println("JWT validated for user: " + username);
+                            var userDetails = userDetailsService.loadUserByUsername(username);
+                            Authentication auth = new UsernamePasswordAuthenticationToken(
+                                userDetails, null, userDetails.getAuthorities());
+                            accessor.setUser(auth);
+                            System.out.println("WebSocket user set: " + username);
+                        } catch (Exception e) {
+                            System.err.println("JWT validation failed: " + e.getMessage());
+                        }
+                    }
+                } else if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket SUBSCRIBE to: " + accessor.getDestination());
+                    System.out.println("WebSocket user during subscribe: " + (accessor.getUser() != null ? accessor.getUser().getName() : "null"));
+                }
+                return message;
+            }
+        });
+    }
+}

backend/src/main/java/com/openisle/controller/AdminPostController.java

@@ -45,4 +45,14 @@ public class AdminPostController {
     public PostSummaryDto unpin(@PathVariable Long id) {
         return postMapper.toSummaryDto(postService.unpinPost(id));
     }
+
+    @PostMapping("/{id}/rss-exclude")
+    public PostSummaryDto excludeFromRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.excludeFromRss(id));
+    }
+
+    @PostMapping("/{id}/rss-include")
+    public PostSummaryDto includeInRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.includeInRss(id));
+    }
 }

backend/src/main/java/com/openisle/controller/AuthController.java

@@ -29,6 +29,7 @@ public class AuthController {
     private final RegisterModeService registerModeService;
     private final NotificationService notificationService;
     private final UserRepository userRepository;
+    private final InviteService inviteService;
 
 
     @Value("${app.captcha.enabled:false}")
@@ -45,6 +46,27 @@ public class AuthController {
         if (captchaEnabled && registerCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
             return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
         }
+        if (req.getInviteToken() != null && !req.getInviteToken().isEmpty()) {
+            InviteService.InviteValidateResult result = inviteService.validate(req.getInviteToken());
+            if (!result.isValidate()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "邀请码使用次数过多"));
+            }
+            try {
+                User user = userService.registerWithInvite(
+                        req.getUsername(), req.getEmail(), req.getPassword());
+                inviteService.consume(req.getInviteToken(), user.getUsername());
+                emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(user.getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
+            } catch (FieldException e) {
+                return ResponseEntity.badRequest().body(Map.of(
+                        "field", e.getField(),
+                        "error", e.getMessage()
+                ));
+            }
+        }
         User user = userService.register(
                 req.getUsername(), req.getEmail(), req.getPassword(), "", registerModeService.getRegisterMode());
         emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
@@ -58,10 +80,26 @@ public class AuthController {
     public ResponseEntity<?> verify(@RequestBody VerifyRequest req) {
         boolean ok = userService.verifyCode(req.getUsername(), req.getCode());
         if (ok) {
-            return ResponseEntity.ok(Map.of(
-                    "message", "Verified",
-                    "token", jwtService.generateReasonToken(req.getUsername())
-            ));
+            Optional<User> userOpt = userService.findByUsername(req.getUsername());
+            if (userOpt.isEmpty()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials"));
+            }
+
+            User user = userOpt.get();
+
+            if (user.isApproved()) {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified and isApproved",
+                        "reason_code", "VERIFIED_AND_APPROVED",
+                        "token", jwtService.generateToken(req.getUsername())
+                ));
+            } else {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified",
+                        "reason_code", "VERIFIED",
+                        "token", jwtService.generateReasonToken(req.getUsername())
+                ));
+            }
         }
         return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
     }
@@ -106,27 +144,43 @@ public class AuthController {
 
     @PostMapping("/google")
     public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
-        Optional<User> user = googleAuthService.authenticate(req.getIdToken(), registerModeService.getRegisterMode());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = googleAuthService.authenticate(
+                req.getIdToken(),
+                registerModeService.getRegisterMode(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid google token",
@@ -165,28 +219,45 @@ public class AuthController {
 
     @PostMapping("/github")
     public ResponseEntity<?> loginWithGithub(@RequestBody GithubLoginRequest req) {
-        Optional<User> user = githubAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = githubAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     // 已填写注册理由
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid github code",
@@ -196,27 +267,44 @@ public class AuthController {
 
     @PostMapping("/discord")
     public ResponseEntity<?> loginWithDiscord(@RequestBody DiscordLoginRequest req) {
-        Optional<User> user = discordAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = discordAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid discord code",
@@ -226,31 +314,45 @@ public class AuthController {
       
     @PostMapping("/twitter")
     public ResponseEntity<?> loginWithTwitter(@RequestBody TwitterLoginRequest req) {
-        Optional<User> user = twitterAuthService.authenticate(
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = twitterAuthService.authenticate(
                 req.getCode(),
                 req.getCodeVerifier(),
                 registerModeService.getRegisterMode(),
-                req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid twitter code",

backend/src/main/java/com/openisle/controller/ChannelController.java

@@ -0,0 +1,42 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.ChannelService;
+import com.openisle.service.MessageService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/channels")
+@RequiredArgsConstructor
+public class ChannelController {
+    private final ChannelService channelService;
+    private final MessageService messageService;
+    private final UserRepository userRepository;
+
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName())
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        return user.getId();
+    }
+
+    @GetMapping
+    public List<ChannelDto> listChannels(Authentication auth) {
+        return channelService.listChannels(getCurrentUserId(auth));
+    }
+
+    @PostMapping("/{channelId}/join")
+    public ChannelDto joinChannel(@PathVariable Long channelId, Authentication auth) {
+        return channelService.joinChannel(channelId, getCurrentUserId(auth));
+    }
+
+    @GetMapping("/unread-count")
+    public long unreadCount(Authentication auth) {
+        return messageService.getUnreadChannelCount(getCurrentUserId(auth));
+    }
+}

backend/src/main/java/com/openisle/controller/CommentController.java

@@ -47,7 +47,7 @@ public class CommentController {
         Comment comment = commentService.addComment(auth.getName(), postId, req.getContent());
         CommentDto dto = commentMapper.toDto(comment);
         dto.setReward(levelService.awardForComment(auth.getName()));
-        dto.setPointReward(pointService.awardForComment(auth.getName(),postId));
+        dto.setPointReward(pointService.awardForComment(auth.getName(), postId, comment.getId()));
         log.debug("createComment succeeded for comment {}", comment.getId());
         return ResponseEntity.ok(dto);
     }

backend/src/main/java/com/openisle/controller/InviteController.java

@@ -0,0 +1,23 @@
+package com.openisle.controller;
+
+import com.openisle.service.InviteService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/invite")
+@RequiredArgsConstructor
+public class InviteController {
+    private final InviteService inviteService;
+
+    @PostMapping("/generate")
+    public Map<String, String> generate(Authentication auth) {
+        String token = inviteService.generate(auth.getName());
+        return Map.of("token", token);
+    }
+}

backend/src/main/java/com/openisle/controller/MessageController.java

@@ -0,0 +1,137 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.CreateConversationRequest;
+import com.openisle.dto.CreateConversationResponse;
+import com.openisle.dto.MessageDto;
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.MessageService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.domain.Sort;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/messages")
+@RequiredArgsConstructor
+public class MessageController {
+
+    private final MessageService messageService;
+    private final UserRepository userRepository;
+
+    // This is a placeholder for getting the current user's ID
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName()).orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        // In a real application, you would get this from the Authentication object
+        return user.getId();
+    }
+
+    @GetMapping("/conversations")
+    public ResponseEntity<List<ConversationDto>> getConversations(Authentication auth) {
+        List<ConversationDto> conversations = messageService.getConversations(getCurrentUserId(auth));
+        return ResponseEntity.ok(conversations);
+    }
+
+    @GetMapping("/conversations/{conversationId}")
+    public ResponseEntity<ConversationDetailDto> getMessages(@PathVariable Long conversationId,
+                                                               @RequestParam(defaultValue = "0") int page,
+                                                               @RequestParam(defaultValue = "20") int size,
+                                                               Authentication auth) {
+        Pageable pageable = PageRequest.of(page, size, Sort.by("createdAt").descending());
+        ConversationDetailDto conversationDetails = messageService.getConversationDetails(conversationId, getCurrentUserId(auth), pageable);
+        return ResponseEntity.ok(conversationDetails);
+    }
+
+    @PostMapping
+    public ResponseEntity<MessageDto> sendMessage(@RequestBody MessageRequest req, Authentication auth) {
+        Message message = messageService.sendMessage(getCurrentUserId(auth), req.getRecipientId(), req.getContent(), req.getReplyToId());
+        return ResponseEntity.ok(messageService.toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/messages")
+    public ResponseEntity<MessageDto> sendMessageToConversation(@PathVariable Long conversationId,
+                                                                @RequestBody ChannelMessageRequest req,
+                                                                Authentication auth) {
+        Message message = messageService.sendMessageToConversation(getCurrentUserId(auth), conversationId, req.getContent(), req.getReplyToId());
+        return ResponseEntity.ok(messageService.toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/read")
+    public ResponseEntity<Void> markAsRead(@PathVariable Long conversationId, Authentication auth) {
+        messageService.markConversationAsRead(conversationId, getCurrentUserId(auth));
+        return ResponseEntity.ok().build();
+    }
+
+    @PostMapping("/conversations")
+    public ResponseEntity<CreateConversationResponse> findOrCreateConversation(@RequestBody CreateConversationRequest req, Authentication auth) {
+        MessageConversation conversation = messageService.findOrCreateConversation(getCurrentUserId(auth), req.getRecipientId());
+        return ResponseEntity.ok(new CreateConversationResponse(conversation.getId()));
+    }
+
+    @GetMapping("/unread-count")
+    public ResponseEntity<Long> getUnreadCount(Authentication auth) {
+        return ResponseEntity.ok(messageService.getUnreadMessageCount(getCurrentUserId(auth)));
+    }
+
+    // A simple request DTO
+    static class MessageRequest {
+        private Long recipientId;
+        private String content;
+        private Long replyToId;
+
+        public Long getRecipientId() {
+            return recipientId;
+        }
+
+        public void setRecipientId(Long recipientId) {
+            this.recipientId = recipientId;
+        }
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+
+        public Long getReplyToId() {
+            return replyToId;
+        }
+
+        public void setReplyToId(Long replyToId) {
+            this.replyToId = replyToId;
+        }
+    }
+
+    static class ChannelMessageRequest {
+        private String content;
+        private Long replyToId;
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+
+        public Long getReplyToId() {
+            return replyToId;
+        }
+
+        public void setReplyToId(Long replyToId) {
+            this.replyToId = replyToId;
+        }
+    }
+}

backend/src/main/java/com/openisle/controller/NotificationController.java

@@ -23,9 +23,19 @@ public class NotificationController {
     private final NotificationMapper notificationMapper;
 
     @GetMapping
-    public List<NotificationDto> list(@RequestParam(value = "read", required = false) Boolean read,
+    public List<NotificationDto> list(@RequestParam(value = "page", defaultValue = "0") int page,
+                                      @RequestParam(value = "size", defaultValue = "30") int size,
                                       Authentication auth) {
-        return notificationService.listNotifications(auth.getName(), read).stream()
+        return notificationService.listNotifications(auth.getName(), null, page, size).stream()
+                .map(notificationMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @GetMapping("/unread")
+    public List<NotificationDto> listUnread(@RequestParam(value = "page", defaultValue = "0") int page,
+                                            @RequestParam(value = "size", defaultValue = "30") int size,
+                                            Authentication auth) {
+        return notificationService.listNotifications(auth.getName(), false, page, size).stream()
                 .map(notificationMapper::toDto)
                 .collect(Collectors.toList());
     }

backend/src/main/java/com/openisle/controller/PointHistoryController.java

@@ -0,0 +1,36 @@
+package com.openisle.controller;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.mapper.PointHistoryMapper;
+import com.openisle.service.PointService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+@RestController
+@RequestMapping("/api/point-histories")
+@RequiredArgsConstructor
+public class PointHistoryController {
+    private final PointService pointService;
+    private final PointHistoryMapper pointHistoryMapper;
+
+    @GetMapping
+    public List<PointHistoryDto> list(Authentication auth) {
+        return pointService.listHistory(auth.getName()).stream()
+                .map(pointHistoryMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @GetMapping("/trend")
+    public List<Map<String, Object>> trend(Authentication auth,
+                                          @RequestParam(value = "days", defaultValue = "30") int days) {
+        return pointService.trend(auth.getName(), days);
+    }
+}

backend/src/main/java/com/openisle/controller/PointMallController.java

@@ -0,0 +1,39 @@
+package com.openisle.controller;
+
+import com.openisle.dto.PointGoodDto;
+import com.openisle.dto.PointRedeemRequest;
+import com.openisle.mapper.PointGoodMapper;
+import com.openisle.model.User;
+import com.openisle.service.PointMallService;
+import com.openisle.service.UserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/** REST controller for point mall. */
+@RestController
+@RequestMapping("/api/point-goods")
+@RequiredArgsConstructor
+public class PointMallController {
+    private final PointMallService pointMallService;
+    private final UserService userService;
+    private final PointGoodMapper pointGoodMapper;
+
+    @GetMapping
+    public List<PointGoodDto> list() {
+        return pointMallService.listGoods().stream()
+                .map(pointGoodMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @PostMapping("/redeem")
+    public Map<String, Integer> redeem(@RequestBody PointRedeemRequest req, Authentication auth) {
+        User user = userService.findByIdentifier(auth.getName()).orElseThrow();
+        int point = pointMallService.redeem(user, req.getGoodId(), req.getContact());
+        return Map.of("point", point);
+    }
+}

backend/src/main/java/com/openisle/controller/PostController.java

@@ -41,11 +41,12 @@ public class PostController {
         Post post = postService.createPost(auth.getName(), req.getCategoryId(),
                 req.getTitle(), req.getContent(), req.getTagIds(),
                 req.getType(), req.getPrizeDescription(), req.getPrizeIcon(),
-                req.getPrizeCount(), req.getStartTime(), req.getEndTime());
+                req.getPrizeCount(), req.getPointCost(),
+                req.getStartTime(), req.getEndTime());
         draftService.deleteDraft(auth.getName());
         PostDetailDto dto = postMapper.toDetailDto(post, auth.getName());
         dto.setReward(levelService.awardForPost(auth.getName()));
-        dto.setPointReward(pointService.awardForPost(auth.getName()));
+        dto.setPointReward(pointService.awardForPost(auth.getName(), post.getId()));
         return ResponseEntity.ok(dto);
     }
 
@@ -62,6 +63,16 @@ public class PostController {
         postService.deletePost(id, auth.getName());
     }
 
+    @PostMapping("/{id}/close")
+    public PostSummaryDto close(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.closePost(id, auth.getName()));
+    }
+
+    @PostMapping("/{id}/reopen")
+    public PostSummaryDto reopen(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.reopenPost(id, auth.getName()));
+    }
+
     @GetMapping("/{id}")
     public ResponseEntity<PostDetailDto> getPost(@PathVariable Long id, Authentication auth) {
         String viewer = auth != null ? auth.getName() : null;
@@ -161,4 +172,27 @@ public class PostController {
         return postService.listPostsByLatestReply(ids, tids, page, pageSize)
                 .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
     }
+
+    @GetMapping("/featured")
+    public List<PostSummaryDto> featuredPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
+                                       @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
+                                       @RequestParam(value = "tagId", required = false) Long tagId,
+                                       @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
+                                       @RequestParam(value = "page", required = false) Integer page,
+                                       @RequestParam(value = "pageSize", required = false) Integer pageSize,
+                                       Authentication auth) {
+        List<Long> ids = categoryIds;
+        if (categoryId != null) {
+            ids = java.util.List.of(categoryId);
+        }
+        List<Long> tids = tagIds;
+        if (tagId != null) {
+            tids = java.util.List.of(tagId);
+        }
+        if (auth != null) {
+            userVisitService.recordVisit(auth.getName());
+        }
+        return postService.listFeaturedPosts(ids, tids, page, pageSize)
+                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
+    }
 }

backend/src/main/java/com/openisle/controller/ReactionController.java

@@ -57,4 +57,17 @@ public class ReactionController {
         pointService.awardForReactionOfComment(auth.getName(), commentId);
         return ResponseEntity.ok(dto);
     }
+
+    @PostMapping("/messages/{messageId}/reactions")
+    public ResponseEntity<ReactionDto> reactToMessage(@PathVariable Long messageId,
+                                                      @RequestBody ReactionRequest req,
+                                                      Authentication auth) {
+        Reaction reaction = reactionService.reactToMessage(auth.getName(), messageId, req.getType());
+        if (reaction == null) {
+            return ResponseEntity.noContent().build();
+        }
+        ReactionDto dto = reactionMapper.toDto(reaction);
+        dto.setReward(levelService.awardForReaction(auth.getName()));
+        return ResponseEntity.ok(dto);
+    }
 }

backend/src/main/java/com/openisle/controller/RssController.java

@@ -0,0 +1,352 @@
+package com.openisle.controller;
+
+import com.openisle.model.Post;
+import com.openisle.model.Comment;
+import com.openisle.model.CommentSort;
+import com.openisle.service.PostService;
+import com.openisle.service.CommentService;
+import lombok.RequiredArgsConstructor;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.jsoup.safety.Safelist;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.vladsch.flexmark.ext.autolink.AutolinkExtension;
+import com.vladsch.flexmark.ext.tables.TablesExtension;
+import com.vladsch.flexmark.ext.gfm.strikethrough.StrikethroughExtension;
+import com.vladsch.flexmark.ext.gfm.tasklist.TaskListExtension;
+import com.vladsch.flexmark.html.HtmlRenderer;
+import com.vladsch.flexmark.parser.Parser;
+import com.vladsch.flexmark.util.data.MutableDataSet;
+
+import java.net.URI;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@RestController
+@RequiredArgsConstructor
+public class RssController {
+    private final PostService postService;
+    private final CommentService commentService;
+
+    @Value("${app.website-url:https://www.open-isle.com}")
+    private String websiteUrl;
+
+    // 兼容 Markdown/HTML 两类图片写法（用于 enclosure）
+    private static final Pattern MD_IMAGE = Pattern.compile("!\\[[^\\]]*\\]\\(([^)]+)\\)");
+    private static final Pattern HTML_IMAGE = Pattern.compile("<BaseImage[^>]+src=[\"']?([^\"'>]+)[\"']?[^>]*>");
+
+    private static final DateTimeFormatter RFC1123 = DateTimeFormatter.RFC_1123_DATE_TIME;
+
+    // flexmark：Markdown -> HTML
+    private static final Parser MD_PARSER;
+    private static final HtmlRenderer MD_RENDERER;
+    static {
+        MutableDataSet opts = new MutableDataSet();
+        opts.set(Parser.EXTENSIONS, Arrays.asList(
+                TablesExtension.create(),
+                AutolinkExtension.create(),
+                StrikethroughExtension.create(),
+                TaskListExtension.create()
+        ));
+        // 允许内联 HTML（下游再做 sanitize）
+        opts.set(Parser.HTML_BLOCK_PARSER, true);
+        MD_PARSER = Parser.builder(opts).build();
+        MD_RENDERER = HtmlRenderer.builder(opts).escapeHtml(false).build();
+    }
+
+    @GetMapping(value = "/api/rss", produces = "application/rss+xml;charset=UTF-8")
+    public String feed() {
+        // 建议 20；你现在是 10，这里保留你的 10
+        List<Post> posts = postService.listLatestRssPosts(10);
+        String base = trimTrailingSlash(websiteUrl);
+
+        StringBuilder sb = new StringBuilder(4096);
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+        sb.append("<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">");
+        sb.append("<channel>");
+        elem(sb, "title", cdata("OpenIsle RSS"));
+        elem(sb, "link", base + "/");
+        elem(sb, "description", cdata("Latest posts"));
+        ZonedDateTime updated = posts.stream()
+                .map(p -> p.getCreatedAt().atZone(ZoneId.systemDefault()))
+                .max(Comparator.naturalOrder())
+                .orElse(ZonedDateTime.now());
+        // channel lastBuildDate（GMT）
+        elem(sb, "lastBuildDate", toRfc1123Gmt(updated));
+
+        for (Post p : posts) {
+            String link = base + "/posts/" + p.getId();
+
+            // 1) Markdown -> HTML
+            String html = renderMarkdown(p.getContent());
+
+            // 2) Sanitize（白名单增强）
+            String safeHtml = sanitizeHtml(html);
+
+            // 3) 绝对化 href/src + 强制 rel/target
+            String absHtml = absolutifyHtml(safeHtml, base);
+
+            // 4) 纯文本摘要（用于 <description>）
+            String plain = textSummary(absHtml, 180);
+
+            // 5) enclosure（首图，已绝对化）
+            String enclosure = firstImage(p.getContent());
+            if (enclosure == null) {
+                // 如果 Markdown 没有图，尝试从渲染后的 HTML 再抓一次
+                enclosure = firstImage(absHtml);
+            }
+            if (enclosure != null) {
+                enclosure = absolutifyUrl(enclosure, base);
+            }
+
+            // 6) 构造优雅的附加区块（原文链接 + 精选评论），编入 <content:encoded>
+            List<Comment> topComments = commentService
+                    .getCommentsForPost(p.getId(), CommentSort.MOST_INTERACTIONS);
+            topComments = topComments.subList(0, Math.min(10, topComments.size()));
+            String footerHtml = buildFooterHtml(base, link, topComments);
+
+            sb.append("<item>");
+            elem(sb, "title", cdata(nullSafe(p.getTitle())));
+            elem(sb, "link", link);
+            sb.append("<guid isPermaLink=\"true\">").append(link).append("</guid>");
+            elem(sb, "pubDate", toRfc1123Gmt(p.getCreatedAt().atZone(ZoneId.systemDefault())));
+            // 摘要
+            elem(sb, "description", cdata(plain));
+            // 全文（HTML）：正文 + 优雅的 Markdown 区块（已转 HTML）
+            sb.append("<content:encoded><![CDATA[")
+                    .append(absHtml)
+                    .append(footerHtml)
+                    .append("]]></content:encoded>");
+            // 首图 enclosure（图片类型）
+            if (enclosure != null) {
+                sb.append("<enclosure url=\"").append(escapeXml(enclosure)).append("\" type=\"")
+                        .append(getMimeType(enclosure)).append("\" />");
+            }
+            sb.append("</item>");
+        }
+
+        sb.append("</channel></rss>");
+        return sb.toString();
+    }
+
+    /* ===================== Markdown → HTML ===================== */
+
+    private static String renderMarkdown(String md) {
+        if (md == null || md.isEmpty()) return "";
+        return MD_RENDERER.render(MD_PARSER.parse(md));
+    }
+
+    /* ===================== Sanitize & 绝对化 ===================== */
+
+    private static String sanitizeHtml(String html) {
+        if (html == null) return "";
+        Safelist wl = Safelist.relaxed()
+                .addTags(
+                        "pre","code","figure","figcaption","picture","source",
+                        "table","thead","tbody","tr","th","td",
+                        "h1","h2","h3","h4","h5","h6",
+                        "hr","blockquote"
+                )
+                .addAttributes("a", "href", "title", "target", "rel")
+                .addAttributes("img", "src", "alt", "title", "width", "height")
+                .addAttributes("source", "srcset", "type", "media")
+                .addAttributes("code", "class")
+                .addAttributes("pre", "class")
+                .addProtocols("a", "href", "http", "https", "mailto")
+                .addProtocols("img", "src", "http", "https", "data")
+                .addProtocols("source", "srcset", "http", "https");
+        // 清除所有 on* 事件、style（避免阅读器环境差异）
+        return Jsoup.clean(html, wl);
+    }
+
+    private static String absolutifyHtml(String html, String baseUrl) {
+        if (html == null || html.isEmpty()) return "";
+        Document doc = Jsoup.parseBodyFragment(html, baseUrl);
+        // a[href]
+        for (Element a : doc.select("a[href]")) {
+            String href = a.attr("href");
+            String abs = absolutifyUrl(href, baseUrl);
+            a.attr("href", abs);
+            // 强制外链安全属性
+            a.attr("rel", "noopener noreferrer nofollow");
+            a.attr("target", "_blank");
+        }
+        // img[src]
+        for (Element img : doc.select("img[src]")) {
+            String src = img.attr("src");
+            String abs = absolutifyUrl(src, baseUrl);
+            img.attr("src", abs);
+        }
+        // source[srcset] （picture/webp）
+        for (Element s : doc.select("source[srcset]")) {
+            String srcset = s.attr("srcset");
+            s.attr("srcset", absolutifySrcset(srcset, baseUrl));
+        }
+        return doc.body().html();
+    }
+
+    private static String absolutifyUrl(String url, String baseUrl) {
+        if (url == null || url.isEmpty()) return url;
+        String u = url.trim();
+        if (u.startsWith("//")) {
+            return "https:" + u;
+        }
+        if (u.startsWith("#")) {
+            // 保留页面内锚点：拼接到首页（也可拼接到当前帖子的 link，但此处无上下文）
+            return baseUrl + "/" + u;
+        }
+        try {
+            URI base = URI.create(ensureTrailingSlash(baseUrl));
+            URI abs = base.resolve(u);
+            return abs.toString();
+        } catch (Exception e) {
+            return url;
+        }
+    }
+
+    private static String absolutifySrcset(String srcset, String baseUrl) {
+        if (srcset == null || srcset.isEmpty()) return srcset;
+        String[] parts = srcset.split(",");
+        List<String> out = new ArrayList<>(parts.length);
+        for (String part : parts) {
+            String p = part.trim();
+            if (p.isEmpty()) continue;
+            String[] seg = p.split("\\s+");
+            String url = seg[0];
+            String size = seg.length > 1 ? seg[1] : "";
+            out.add(absolutifyUrl(url, baseUrl) + (size.isEmpty() ? "" : " " + size));
+        }
+        return String.join(", ", out);
+    }
+
+    /* ===================== 摘要 & enclosure ===================== */
+
+    private static String textSummary(String html, int maxLen) {
+        if (html == null) return "";
+        String text = Jsoup.parse(html).text().replaceAll("\\s+", " ").trim();
+        if (text.length() <= maxLen) return text;
+        return text.substring(0, maxLen) + "…";
+    }
+
+    private String firstImage(String content) {
+        if (content == null) return null;
+        Matcher m = MD_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        m = HTML_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        // 再从纯 HTML 里解析一次（如果传入的是渲染后的）
+        try {
+            Document doc = Jsoup.parse(content);
+            Element img = doc.selectFirst("img[src]");
+            if (img != null) return img.attr("src");
+        } catch (Exception ignored) {}
+        return null;
+    }
+
+    private static String getMimeType(String url) {
+        String lower = url == null ? "" : url.toLowerCase(Locale.ROOT);
+        if (lower.endsWith(".png"))  return "image/png";
+        if (lower.endsWith(".gif"))  return "image/gif";
+        if (lower.endsWith(".webp")) return "image/webp";
+        if (lower.endsWith(".svg"))  return "image/svg+xml";
+        if (lower.endsWith(".avif")) return "image/avif";
+        if (lower.endsWith(".jpg") || lower.endsWith(".jpeg")) return "image/jpeg";
+        // 默认兜底
+        return "image/jpeg";
+    }
+
+    /* ===================== 附加区块（原文链接 + 精选评论） ===================== */
+
+    /**
+     * 将“原文链接 + 精选评论（最多 10 条）”以优雅的 Markdown 形式渲染为 HTML，
+     * 并做 sanitize + 绝对化，然后拼入 content:encoded 尾部。
+     */
+    private static String buildFooterHtml(String baseUrl, String originalLink, List<Comment> topComments) {
+        StringBuilder md = new StringBuilder(256);
+
+        // 分割线
+        md.append("\n\n---\n\n");
+
+        // 原文链接（强调 + 可点击）
+        md.append("**原文链接：** ")
+                .append("[").append(originalLink).append("](").append(originalLink).append(")")
+                .append("\n\n");
+
+        // 精选评论（仅当有评论时展示）
+        if (topComments != null && !topComments.isEmpty()) {
+            md.append("### 精选评论（Top ").append(Math.min(10, topComments.size())).append("）\n\n");
+            for (Comment c : topComments) {
+                String author = usernameOf(c);
+                String content = nullSafe(c.getContent()).replace("\r", "");
+                // 使用引用样式展示，提升可读性
+                md.append("> @").append(author).append(": ").append(content).append("\n\n");
+            }
+        }
+
+        // 渲染为 HTML，并保持和正文一致的处理流程
+        String html = renderMarkdown(md.toString());
+        String safe = sanitizeHtml(html);
+        return absolutifyHtml(safe, baseUrl);
+    }
+
+    private static String usernameOf(Comment c) {
+        if (c == null) return "匿名";
+        try {
+            Object authorObj = c.getAuthor();
+            if (authorObj == null) return "匿名";
+            // 反射避免直接依赖实体字段名变化（也可直接强转到具体类型）
+            String username;
+            try {
+                username = (String) authorObj.getClass().getMethod("getUsername").invoke(authorObj);
+            } catch (Exception e) {
+                username = null;
+            }
+            if (username == null || username.isEmpty()) return "匿名";
+            return username;
+        } catch (Exception ignored) {
+            return "匿名";
+        }
+    }
+
+    /* ===================== 时间/字符串/XML ===================== */
+
+    private static String toRfc1123Gmt(ZonedDateTime zdt) {
+        return zdt.withZoneSameInstant(ZoneId.of("GMT")).format(RFC1123);
+    }
+
+    private static String cdata(String s) {
+        if (s == null) return "<![CDATA[]]>";
+        // 防止出现 "]]>" 终止标记破坏 CDATA
+        return "<![CDATA[" + s.replace("]]>", "]]]]><![CDATA[>") + "]]>";
+    }
+
+    private static void elem(StringBuilder sb, String name, String value) {
+        sb.append('<').append(name).append('>').append(value).append("</").append(name).append('>');
+    }
+
+    private static String escapeXml(String s) {
+        if (s == null) return "";
+        return s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
+                .replace("\"", "&quot;").replace("'", "&apos;");
+    }
+
+    private static String trimTrailingSlash(String s) {
+        if (s == null) return "";
+        return s.endsWith("/") ? s.substring(0, s.length() - 1) : s;
+    }
+
+    private static String ensureTrailingSlash(String s) {
+        if (s == null || s.isEmpty()) return "/";
+        return s.endsWith("/") ? s : s + "/";
+    }
+
+    private static String nullSafe(String s) { return s == null ? "" : s; }
+}

backend/src/main/java/com/openisle/controller/UserController.java

@@ -105,6 +105,17 @@ public class UserController {
                 .collect(java.util.stream.Collectors.toList());
     }
 
+    @GetMapping("/{identifier}/subscribed-posts")
+    public java.util.List<PostMetaDto> subscribedPosts(@PathVariable("identifier") String identifier,
+                                                       @RequestParam(value = "limit", required = false) Integer limit) {
+        int l = limit != null ? limit : defaultPostsLimit;
+        User user = userService.findByIdentifier(identifier).orElseThrow();
+        return subscriptionService.getSubscribedPosts(user.getUsername()).stream()
+                .limit(l)
+                .map(userMapper::toMetaDto)
+                .collect(java.util.stream.Collectors.toList());
+    }
+
     @GetMapping("/{identifier}/replies")
     public java.util.List<CommentInfoDto> userReplies(@PathVariable("identifier") String identifier,
                                                       @RequestParam(value = "limit", required = false) Integer limit) {

backend/src/main/java/com/openisle/dto/ChannelDto.java

@@ -0,0 +1,17 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class ChannelDto {
+    private Long id;
+    private String name;
+    private String description;
+    private String avatar;
+    private MessageDto lastMessage;
+    private long memberCount;
+    private boolean joined;
+    private long unreadCount;
+}

backend/src/main/java/com/openisle/dto/ConversationDetailDto.java

@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import org.springframework.data.domain.Page;
+
+import java.util.List;
+
+@Data
+public class ConversationDetailDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private List<UserSummaryDto> participants;
+    private Page<MessageDto> messages;
+}

backend/src/main/java/com/openisle/dto/ConversationDto.java

@@ -0,0 +1,20 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Getter
+@Setter
+public class ConversationDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private MessageDto lastMessage;
+    private List<UserSummaryDto> participants;
+    private LocalDateTime createdAt;
+    private long unreadCount;
+}

backend/src/main/java/com/openisle/dto/CreateConversationRequest.java

@@ -0,0 +1,8 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class CreateConversationRequest {
+    private Long recipientId;
+}

backend/src/main/java/com/openisle/dto/CreateConversationResponse.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class CreateConversationResponse {
+    private Long conversationId;
+}

backend/src/main/java/com/openisle/dto/DiscordLoginRequest.java

@@ -7,4 +7,5 @@ import lombok.Data;
 public class DiscordLoginRequest {
     private String code;
     private String redirectUri;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/FeaturedMedalDto.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class FeaturedMedalDto extends MedalDto {
+    private long currentFeaturedCount;
+    private long targetFeaturedCount;
+}
+

backend/src/main/java/com/openisle/dto/GithubLoginRequest.java

@@ -7,4 +7,5 @@ import lombok.Data;
 public class GithubLoginRequest {
     private String code;
     private String redirectUri;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/GoogleLoginRequest.java

@@ -6,4 +6,5 @@ import lombok.Data;
 @Data
 public class GoogleLoginRequest {
     private String idToken;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/LotteryDto.java

@@ -10,6 +10,7 @@ public class LotteryDto {
     private String prizeDescription;
     private String prizeIcon;
     private int prizeCount;
+    private int pointCost;
     private LocalDateTime startTime;
     private LocalDateTime endTime;
     private List<AuthorDto> participants;

backend/src/main/java/com/openisle/dto/MessageDto.java

@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Data
+public class MessageDto {
+    private Long id;
+    private String content;
+    private UserSummaryDto sender;
+    private Long conversationId;
+    private LocalDateTime createdAt;
+    private MessageDto replyTo;
+    private List<ReactionDto> reactions;
+}

backend/src/main/java/com/openisle/dto/PointGoodDto.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+/** Point mall good info. */
+@Data
+public class PointGoodDto {
+    private Long id;
+    private String name;
+    private int cost;
+    private String image;
+}

backend/src/main/java/com/openisle/dto/PointHistoryDto.java

@@ -0,0 +1,23 @@
+package com.openisle.dto;
+
+import com.openisle.model.PointHistoryType;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Getter
+@Setter
+public class PointHistoryDto {
+    private Long id;
+    private PointHistoryType type;
+    private int amount;
+    private int balance;
+    private Long postId;
+    private String postTitle;
+    private Long commentId;
+    private String commentContent;
+    private Long fromUserId;
+    private String fromUserName;
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/dto/PointRedeemRequest.java

@@ -0,0 +1,10 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+/** Request to redeem a point mall good. */
+@Data
+public class PointRedeemRequest {
+    private Long goodId;
+    private String contact;
+}

backend/src/main/java/com/openisle/dto/PostRequest.java

@@ -23,6 +23,7 @@ public class PostRequest {
     private String prizeDescription;
     private String prizeIcon;
     private Integer prizeCount;
+    private Integer pointCost;
     private LocalDateTime startTime;
     private LocalDateTime endTime;
 }

backend/src/main/java/com/openisle/dto/PostSummaryDto.java

@@ -31,5 +31,7 @@ public class PostSummaryDto {
     private int pointReward;
     private PostType type;
     private LotteryDto lottery;
+    private boolean rssExcluded;
+    private boolean closed;
 }
 

backend/src/main/java/com/openisle/dto/ReactionDto.java

@@ -4,7 +4,7 @@ import com.openisle.model.ReactionType;
 import lombok.Data;
 
 /**
- * DTO representing a reaction on a post or comment.
+ * DTO representing a reaction on a post, comment or message.
  */
 @Data
 public class ReactionDto {
@@ -13,6 +13,7 @@ public class ReactionDto {
     private String user;
     private Long postId;
     private Long commentId;
+    private Long messageId;
     private int reward;
 }
 

backend/src/main/java/com/openisle/dto/RegisterRequest.java

@@ -9,4 +9,5 @@ public class RegisterRequest {
     private String email;
     private String password;
     private String captcha;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/TwitterLoginRequest.java

@@ -8,4 +8,5 @@ public class TwitterLoginRequest {
     private String code;
     private String redirectUri;
     private String codeVerifier;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/UserSummaryDto.java

@@ -0,0 +1,10 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class UserSummaryDto {
+    private Long id;
+    private String username;
+    private String avatar;
+}

backend/src/main/java/com/openisle/mapper/PointGoodMapper.java

@@ -0,0 +1,18 @@
+package com.openisle.mapper;
+
+import com.openisle.dto.PointGoodDto;
+import com.openisle.model.PointGood;
+import org.springframework.stereotype.Component;
+
+/** Mapper for point mall goods. */
+@Component
+public class PointGoodMapper {
+    public PointGoodDto toDto(PointGood good) {
+        PointGoodDto dto = new PointGoodDto();
+        dto.setId(good.getId());
+        dto.setName(good.getName());
+        dto.setCost(good.getCost());
+        dto.setImage(good.getImage());
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/mapper/PointHistoryMapper.java

@@ -0,0 +1,34 @@
+package com.openisle.mapper;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.model.PointHistory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PointHistoryMapper {
+    public PointHistoryDto toDto(PointHistory history) {
+        PointHistoryDto dto = new PointHistoryDto();
+        dto.setId(history.getId());
+        dto.setType(history.getType());
+        dto.setAmount(history.getAmount());
+        dto.setBalance(history.getBalance());
+        dto.setCreatedAt(history.getCreatedAt());
+        if (history.getPost() != null) {
+            dto.setPostId(history.getPost().getId());
+            dto.setPostTitle(history.getPost().getTitle());
+        }
+        if (history.getComment() != null) {
+            dto.setCommentId(history.getComment().getId());
+            dto.setCommentContent(history.getComment().getContent());
+            if (history.getComment().getPost() != null && dto.getPostId() == null) {
+                dto.setPostId(history.getComment().getPost().getId());
+                dto.setPostTitle(history.getComment().getPost().getTitle());
+            }
+        }
+        if (history.getFromUser() != null) {
+            dto.setFromUserId(history.getFromUser().getId());
+            dto.setFromUserName(history.getFromUser().getUsername());
+        }
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/mapper/PostMapper.java

@@ -63,6 +63,8 @@ public class PostMapper {
         dto.setCommentCount(commentService.countComments(post.getId()));
         dto.setStatus(post.getStatus());
         dto.setPinnedAt(post.getPinnedAt());
+        dto.setRssExcluded(post.getRssExcluded() == null || post.getRssExcluded());
+        dto.setClosed(post.isClosed());
 
         List<ReactionDto> reactions = reactionService.getReactionsForPost(post.getId())
                 .stream()
@@ -84,6 +86,7 @@ public class PostMapper {
             l.setPrizeDescription(lp.getPrizeDescription());
             l.setPrizeIcon(lp.getPrizeIcon());
             l.setPrizeCount(lp.getPrizeCount());
+            l.setPointCost(lp.getPointCost());
             l.setStartTime(lp.getStartTime());
             l.setEndTime(lp.getEndTime());
             l.setParticipants(lp.getParticipants().stream().map(userMapper::toAuthorDto).collect(Collectors.toList()));

backend/src/main/java/com/openisle/mapper/ReactionMapper.java

@@ -19,6 +19,9 @@ public class ReactionMapper {
         if (reaction.getComment() != null) {
             dto.setCommentId(reaction.getComment().getId());
         }
+        if (reaction.getMessage() != null) {
+            dto.setMessageId(reaction.getMessage().getId());
+        }
         dto.setReward(0);
         return dto;
     }

backend/src/main/java/com/openisle/model/ActivityType.java

@@ -3,5 +3,6 @@ package com.openisle.model;
 /** Activity type enumeration. */
 public enum ActivityType {
     NORMAL,
-    MILK_TEA
+    MILK_TEA,
+    INVITE_POINTS
 }

backend/src/main/java/com/openisle/model/InviteToken.java

@@ -0,0 +1,23 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.time.LocalDate;
+
+/**
+ * Invite token entity tracking usage counts.
+ */
+@Data
+@Entity
+public class InviteToken {
+    @Id
+    private String token;
+
+    @ManyToOne
+    private User inviter;
+
+    private LocalDate createdDate;
+
+    private int usageCount;
+}

backend/src/main/java/com/openisle/model/LotteryPost.java

@@ -26,6 +26,9 @@ public class LotteryPost extends Post {
     @Column(nullable = false)
     private int prizeCount;
 
+    @Column(nullable = false)
+    private int pointCost;
+
     @Column
     private LocalDateTime startTime;
 

backend/src/main/java/com/openisle/model/MedalType.java

@@ -3,6 +3,7 @@ package com.openisle.model;
 public enum MedalType {
     COMMENT,
     POST,
+    FEATURED,
     CONTRIBUTOR,
     SEED,
     PIONEER

backend/src/main/java/com/openisle/model/Message.java

@@ -0,0 +1,39 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "messages")
+public class Message {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "sender_id")
+    private User sender;
+
+    @Column(nullable = false, columnDefinition = "TEXT")
+    private String content;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "reply_to_id")
+    private Message replyTo;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/model/MessageConversation.java

@@ -0,0 +1,48 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+import java.util.HashSet;
+import java.util.Set;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_conversations")
+public class MessageConversation {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // Indicates whether this conversation represents a public channel
+    @Column(nullable = false)
+    private boolean channel = false;
+
+    // Channel metadata
+    private String name;
+
+    @Column(columnDefinition = "TEXT")
+    private String description;
+
+    private String avatar;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+
+    @OneToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "last_message_id")
+    private Message lastMessage;
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<MessageParticipant> participants = new HashSet<>();
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<Message> messages = new HashSet<>();
+}

backend/src/main/java/com/openisle/model/MessageParticipant.java

@@ -0,0 +1,30 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_participants")
+public class MessageParticipant {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Column
+    private LocalDateTime lastReadAt;
+}

backend/src/main/java/com/openisle/model/NotificationType.java

@@ -14,6 +14,8 @@ public enum NotificationType {
     POST_REVIEW_REQUEST,
     /** Your post under review was approved or rejected */
     POST_REVIEWED,
+    /** An administrator deleted your post */
+    POST_DELETED,
     /** A subscribed post received a new comment */
     POST_UPDATED,
     /** Someone subscribed to your post */
@@ -32,10 +34,14 @@ public enum NotificationType {
     REGISTER_REQUEST,
     /** A user redeemed an activity reward */
     ACTIVITY_REDEEM,
+    /** A user redeemed a point good */
+    POINT_REDEEM,
     /** You won a lottery post */
     LOTTERY_WIN,
     /** Your lottery post was drawn */
     LOTTERY_DRAW,
+    /** Your post was featured */
+    POST_FEATURED,
     /** You were mentioned in a post or comment */
     MENTION
 }

backend/src/main/java/com/openisle/model/PointGood.java

@@ -0,0 +1,26 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+/** Item available in the point mall. */
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "point_goods")
+public class PointGood {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(nullable = false)
+    private String name;
+
+    @Column(nullable = false)
+    private int cost;
+
+    private String image;
+}

backend/src/main/java/com/openisle/model/PointHistory.java

@@ -0,0 +1,49 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+/** Point change history for a user. */
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "point_histories")
+public class PointHistory {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private PointHistoryType type;
+
+    @Column(nullable = false)
+    private int amount;
+
+    @Column(nullable = false)
+    private int balance;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "post_id")
+    private Post post;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "comment_id")
+    private Comment comment;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "from_user_id")
+    private User fromUser;
+
+    @Column(name = "created_at", nullable = false)
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/model/PointHistoryType.java

@@ -0,0 +1,14 @@
+package com.openisle.model;
+
+public enum PointHistoryType {
+    POST,
+    COMMENT,
+    POST_LIKED,
+    COMMENT_LIKED,
+    INVITE,
+    FEATURE,
+    SYSTEM_ONLINE,
+    REDEEM,
+    LOTTERY_JOIN,
+    LOTTERY_REWARD
+}

backend/src/main/java/com/openisle/model/Post.java

@@ -64,7 +64,12 @@ public class Post {
     @Column(nullable = false)
     private PostType type = PostType.NORMAL;
 
+    @Column(nullable = false)
+    private boolean closed = false;
+
     @Column
     private LocalDateTime pinnedAt;
 
+    @Column(nullable = true)
+    private Boolean rssExcluded = true;
 }

backend/src/main/java/com/openisle/model/Reaction.java

@@ -7,7 +7,7 @@ import lombok.Setter;
 import org.hibernate.annotations.CreationTimestamp;
 
 /**
- * Reaction entity representing a user's reaction to a post or comment.
+ * Reaction entity representing a user's reaction to a post, comment or message.
  */
 @Entity
 @Getter
@@ -16,7 +16,8 @@ import org.hibernate.annotations.CreationTimestamp;
 @Table(name = "reactions",
        uniqueConstraints = {
            @UniqueConstraint(columnNames = {"user_id", "post_id", "type"}),
-           @UniqueConstraint(columnNames = {"user_id", "comment_id", "type"})
+           @UniqueConstraint(columnNames = {"user_id", "comment_id", "type"}),
+           @UniqueConstraint(columnNames = {"user_id", "message_id", "type"})
        })
 public class Reaction {
     @Id
@@ -39,6 +40,10 @@ public class Reaction {
     @JoinColumn(name = "comment_id")
     private Comment comment;
 
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "message_id")
+    private Message message;
+
     @CreationTimestamp
     @Column(nullable = false, updatable = false,
             columnDefinition = "DATETIME(6) DEFAULT CURRENT_TIMESTAMP(6)")

backend/src/main/java/com/openisle/model/ReactionType.java

@@ -6,7 +6,9 @@ package com.openisle.model;
 public enum ReactionType {
     LIKE,
     DISLIKE,
+    SMILE,
     RECOMMEND,
+    CONGRATULATIONS,
     ANGRY,
     FLUSHED,
     STAR_STRUCK,
@@ -26,5 +28,5 @@ public enum ReactionType {
     CHINA,
     USA,
     JAPAN,
-    KOREA
+    KOREA,
 }

backend/src/main/java/com/openisle/repository/InviteTokenRepository.java

@@ -0,0 +1,12 @@
+package com.openisle.repository;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+public interface InviteTokenRepository extends JpaRepository<InviteToken, String> {
+    Optional<InviteToken> findByInviterAndCreatedDate(User inviter, LocalDate createdDate);
+}

backend/src/main/java/com/openisle/repository/MessageConversationRepository.java

@@ -0,0 +1,34 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageConversation;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface MessageConversationRepository extends JpaRepository<MessageConversation, Long> {
+    @Query("SELECT c FROM MessageConversation c " +
+           "WHERE c.channel = false AND size(c.participants) = 2 " +
+           "AND EXISTS (SELECT 1 FROM c.participants p1 WHERE p1.user = :user1) " +
+           "AND EXISTS (SELECT 1 FROM c.participants p2 WHERE p2.user = :user2) " +
+           "ORDER BY c.createdAt DESC")
+    List<MessageConversation> findConversationsByUsers(@Param("user1") User user1, @Param("user2") User user2);
+    
+    @Query("SELECT DISTINCT c FROM MessageConversation c " +
+           "JOIN c.participants p " +
+           "LEFT JOIN FETCH c.lastMessage lm " +
+           "LEFT JOIN FETCH lm.sender " +
+           "LEFT JOIN FETCH c.participants cp " +
+           "LEFT JOIN FETCH cp.user " +
+           "WHERE p.user.id = :userId " +
+           "ORDER BY COALESCE(lm.createdAt, c.createdAt) DESC")
+    List<MessageConversation> findConversationsByUserIdOrderByLastMessageDesc(@Param("userId") Long userId);
+
+    List<MessageConversation> findByChannelTrue();
+
+    long countByChannelTrue();
+}

backend/src/main/java/com/openisle/repository/MessageParticipantRepository.java

@@ -0,0 +1,14 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageParticipant;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+@Repository
+public interface MessageParticipantRepository extends JpaRepository<MessageParticipant, Long> {
+    Optional<MessageParticipant> findByConversationIdAndUserId(Long conversationId, Long userId);
+    List<MessageParticipant> findByUserId(Long userId);
+}

backend/src/main/java/com/openisle/repository/MessageRepository.java

@@ -0,0 +1,21 @@
+package com.openisle.repository;
+
+import com.openisle.model.Message;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface MessageRepository extends JpaRepository<Message, Long> {
+    List<Message> findByConversationIdOrderByCreatedAtAsc(Long conversationId);
+
+    Page<Message> findByConversationId(Long conversationId, Pageable pageable);
+
+    long countByConversationIdAndCreatedAtAfter(Long conversationId, java.time.LocalDateTime createdAt);
+    
+    // 只计算不是指定用户发送的消息（即别人发给当前用户的消息）
+    long countByConversationIdAndCreatedAtAfterAndSenderIdNot(Long conversationId, java.time.LocalDateTime createdAt, Long senderId);
+}

backend/src/main/java/com/openisle/repository/NotificationRepository.java

@@ -6,6 +6,8 @@ import com.openisle.model.Post;
 import com.openisle.model.Comment;
 import com.openisle.model.NotificationType;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
 
 import java.util.List;
 
@@ -13,7 +15,12 @@ import java.util.List;
 public interface NotificationRepository extends JpaRepository<Notification, Long> {
     List<Notification> findByUserOrderByCreatedAtDesc(User user);
     List<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read);
+    Page<Notification> findByUserOrderByCreatedAtDesc(User user, Pageable pageable);
+    Page<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read, Pageable pageable);
+    Page<Notification> findByUserAndTypeNotInOrderByCreatedAtDesc(User user, java.util.Collection<NotificationType> types, Pageable pageable);
+    Page<Notification> findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(User user, boolean read, java.util.Collection<NotificationType> types, Pageable pageable);
     long countByUserAndRead(User user, boolean read);
+    long countByUserAndReadAndTypeNotIn(User user, boolean read, java.util.Collection<NotificationType> types);
     List<Notification> findByPost(Post post);
     List<Notification> findByComment(Comment comment);
 

backend/src/main/java/com/openisle/repository/PointGoodRepository.java

@@ -0,0 +1,8 @@
+package com.openisle.repository;
+
+import com.openisle.model.PointGood;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+/** Repository for point mall goods. */
+public interface PointGoodRepository extends JpaRepository<PointGood, Long> {
+}

backend/src/main/java/com/openisle/repository/PointHistoryRepository.java

@@ -0,0 +1,15 @@
+package com.openisle.repository;
+
+import com.openisle.model.PointHistory;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+public interface PointHistoryRepository extends JpaRepository<PointHistory, Long> {
+    List<PointHistory> findByUserOrderByIdDesc(User user);
+    long countByUser(User user);
+
+    List<PointHistory> findByUserAndCreatedAtAfterOrderByCreatedAtDesc(User user, LocalDateTime createdAt);
+}

backend/src/main/java/com/openisle/repository/PostRepository.java

@@ -97,6 +97,8 @@ public interface PostRepository extends JpaRepository<Post, Long> {
 
     long countDistinctByTags_Id(Long tagId);
 
+    long countByAuthor_IdAndRssExcludedFalse(Long userId);
+
     @Query("SELECT t.id, COUNT(DISTINCT p) FROM Post p JOIN p.tags t WHERE t.id IN :tagIds GROUP BY t.id")
     List<Object[]> countPostsByTagIds(@Param("tagIds") List<Long> tagIds);
 
@@ -106,4 +108,6 @@ public interface PostRepository extends JpaRepository<Post, Long> {
            "WHERE p.createdAt >= :start AND p.createdAt < :end GROUP BY d ORDER BY d")
     java.util.List<Object[]> countDailyRange(@Param("start") LocalDateTime start,
                                              @Param("end") LocalDateTime end);
+
+    List<Post> findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus status, Pageable pageable);
 }

backend/src/main/java/com/openisle/repository/ReactionRepository.java

@@ -1,6 +1,7 @@
 package com.openisle.repository;
 
 import com.openisle.model.Comment;
+import com.openisle.model.Message;
 import com.openisle.model.Post;
 import com.openisle.model.Reaction;
 import com.openisle.model.User;
@@ -15,8 +16,10 @@ import java.util.Optional;
 public interface ReactionRepository extends JpaRepository<Reaction, Long> {
     Optional<Reaction> findByUserAndPostAndType(User user, Post post, com.openisle.model.ReactionType type);
     Optional<Reaction> findByUserAndCommentAndType(User user, Comment comment, com.openisle.model.ReactionType type);
+    Optional<Reaction> findByUserAndMessageAndType(User user, Message message, com.openisle.model.ReactionType type);
     List<Reaction> findByPost(Post post);
     List<Reaction> findByComment(Comment comment);
+    List<Reaction> findByMessage(Message message);
 
     @Query("SELECT r.post.id FROM Reaction r WHERE r.post IS NOT NULL AND r.post.author.username = :username AND r.type = com.openisle.model.ReactionType.LIKE GROUP BY r.post.id ORDER BY COUNT(r.id) DESC")
     List<Long> findTopPostIds(@Param("username") String username, Pageable pageable);

backend/src/main/java/com/openisle/service/AuthResult.java

@@ -0,0 +1,12 @@
+package com.openisle.service;
+
+import com.openisle.model.User;
+import lombok.Value;
+
+/** Result for OAuth authentication indicating whether a new user was created. */
+@Value
+public class AuthResult {
+    User user;
+    boolean newUser;
+}
+

backend/src/main/java/com/openisle/service/ChannelService.java

@@ -0,0 +1,98 @@
+package com.openisle.service;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.UserSummaryDto;
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+public class ChannelService {
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final MessageRepository messageRepository;
+    private final UserRepository userRepository;
+
+    @Transactional(readOnly = true)
+    public List<ChannelDto> listChannels(Long userId) {
+        List<MessageConversation> channels = conversationRepository.findByChannelTrue();
+        return channels.stream().map(c -> toDto(c, userId)).collect(Collectors.toList());
+    }
+
+    @Transactional
+    public ChannelDto joinChannel(Long channelId, Long userId) {
+        MessageConversation channel = conversationRepository.findById(channelId)
+                .orElseThrow(() -> new IllegalArgumentException("Channel not found"));
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        participantRepository.findByConversationIdAndUserId(channelId, userId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(channel);
+                    p.setUser(user);
+                    MessageParticipant saved = participantRepository.save(p);
+                    channel.getParticipants().add(saved);
+                    return saved;
+                });
+        return toDto(channel, userId);
+    }
+
+    private ChannelDto toDto(MessageConversation channel, Long userId) {
+        ChannelDto dto = new ChannelDto();
+        dto.setId(channel.getId());
+        dto.setName(channel.getName());
+        dto.setDescription(channel.getDescription());
+        dto.setAvatar(channel.getAvatar());
+        if (channel.getLastMessage() != null) {
+            dto.setLastMessage(toMessageDto(channel.getLastMessage()));
+        }
+        dto.setMemberCount(channel.getParticipants().size());
+        boolean joined = channel.getParticipants().stream()
+                .anyMatch(p -> p.getUser().getId().equals(userId));
+        dto.setJoined(joined);
+        if (joined) {
+            MessageParticipant participant = channel.getParticipants().stream()
+                    .filter(p -> p.getUser().getId().equals(userId))
+                    .findFirst().orElse(null);
+            LocalDateTime lastRead = participant.getLastReadAt() == null
+                    ? LocalDateTime.of(1970, 1, 1, 0, 0)
+                    : participant.getLastReadAt();
+            long unread = messageRepository
+                    .countByConversationIdAndCreatedAtAfterAndSenderIdNot(channel.getId(), lastRead, userId);
+            dto.setUnreadCount(unread);
+        } else {
+            dto.setUnreadCount(0);
+        }
+        return dto;
+    }
+
+    private MessageDto toMessageDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setConversationId(message.getConversation().getId());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        UserSummaryDto userDto = new UserSummaryDto();
+        userDto.setId(message.getSender().getId());
+        userDto.setUsername(message.getSender().getUsername());
+        userDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(userDto);
+
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/service/CommentService.java

@@ -52,6 +52,9 @@ public class CommentService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Post post = postRepository.findById(postId)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        if (post.isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
         Comment comment = new Comment();
         comment.setAuthor(author);
         comment.setPost(post);
@@ -94,6 +97,9 @@ public class CommentService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Comment parent = commentRepository.findById(parentId)
                 .orElseThrow(() -> new IllegalArgumentException("Comment not found"));
+        if (parent.getPost().isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
         Comment comment = new Comment();
         comment.setAuthor(author);
         comment.setPost(parent.getPost());

backend/src/main/java/com/openisle/service/DiscordAuthService.java

@@ -26,7 +26,7 @@ public class DiscordAuthService {
     @Value("${discord.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
         try {
             String tokenUrl = "https://discord.com/api/oauth2/token";
             HttpHeaders headers = new HttpHeaders();
@@ -67,13 +67,13 @@ public class DiscordAuthService {
             if (email == null) {
                 email = (username != null ? username : id) + "@users.noreply.discord.com";
             }
-            return Optional.of(processUser(email, username, avatar, mode));
+            return Optional.of(processUser(email, username, avatar, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -82,7 +82,7 @@ public class DiscordAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -96,12 +96,12 @@ public class DiscordAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar("https://cdn.discordapp.com/embed/avatars/0.png");
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/GithubAuthService.java

@@ -30,7 +30,7 @@ public class GithubAuthService {
     @Value("${github.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
         try {
             String tokenUrl = "https://github.com/login/oauth/access_token";
             HttpHeaders headers = new HttpHeaders();
@@ -86,13 +86,13 @@ public class GithubAuthService {
             if (email == null) {
                 email = username + "@users.noreply.github.com";
             }
-            return Optional.of(processUser(email, username, avatarUrl, mode));
+            return Optional.of(processUser(email, username, avatarUrl, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -101,7 +101,7 @@ public class GithubAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -115,12 +115,12 @@ public class GithubAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar(avatarGenerator.generate(finalUsername));
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/GoogleAuthService.java

@@ -25,7 +25,7 @@ public class GoogleAuthService {
     @Value("${google.client-id:}")
     private String clientId;
 
-    public Optional<User> authenticate(String idTokenString, com.openisle.model.RegisterMode mode) {
+    public Optional<AuthResult> authenticate(String idTokenString, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
                 .setAudience(Collections.singletonList(clientId))
                 .build();
@@ -38,13 +38,13 @@ public class GoogleAuthService {
             String email = payload.getEmail();
             String name = (String) payload.get("name");
             String picture = (String) payload.get("picture");
-            return Optional.of(processUser(email, name, picture, mode));
+            return Optional.of(processUser(email, name, picture, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -53,8 +53,7 @@ public class GoogleAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-
-            return user;
+            return new AuthResult(user, false);
         }
         User user = new User();
         String baseUsername = email.split("@")[0];
@@ -68,12 +67,12 @@ public class GoogleAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar(avatarGenerator.generate(username));
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/InviteService.java

@@ -0,0 +1,64 @@
+package com.openisle.service;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import com.openisle.repository.InviteTokenRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.Value;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+public class InviteService {
+    private final InviteTokenRepository inviteTokenRepository;
+    private final UserRepository userRepository;
+    private final JwtService jwtService;
+    private final PointService pointService;
+
+    @Value
+    public class InviteValidateResult {
+        InviteToken inviteToken;
+        boolean validate;
+    }
+
+    public String generate(String username) {
+        User inviter = userRepository.findByUsername(username).orElseThrow();
+        LocalDate today = LocalDate.now();
+        Optional<InviteToken> existing = inviteTokenRepository.findByInviterAndCreatedDate(inviter, today);
+        if (existing.isPresent()) {
+            return existing.get().getToken();
+        }
+        String token = jwtService.generateInviteToken(username);
+        InviteToken inviteToken = new InviteToken();
+        inviteToken.setToken(token);
+        inviteToken.setInviter(inviter);
+        inviteToken.setCreatedDate(today);
+        inviteToken.setUsageCount(0);
+        inviteTokenRepository.save(inviteToken);
+        return token;
+    }
+
+    public InviteValidateResult validate(String token) {
+        if (token == null || token.isEmpty()) {
+            return new InviteValidateResult(null, false);
+        }
+        try {
+            jwtService.validateAndGetSubjectForInvite(token);
+        } catch (Exception e) {
+            return new InviteValidateResult(null, false);
+        }
+        InviteToken invite = inviteTokenRepository.findById(token).orElse(null);
+        return new InviteValidateResult(invite, invite != null && invite.getUsageCount() < 3);
+    }
+
+    public void consume(String token, String newUserName) {
+        InviteToken invite = inviteTokenRepository.findById(token).orElseThrow();
+        invite.setUsageCount(invite.getUsageCount() + 1);
+        inviteTokenRepository.save(invite);
+        pointService.awardForInvite(invite.getInviter().getUsername(), newUserName);
+    }
+}

backend/src/main/java/com/openisle/service/JwtService.java

@@ -24,6 +24,9 @@ public class JwtService {
     @Value("${app.jwt.reset-secret}")
     private String resetSecret;
 
+    @Value("${app.jwt.invite-secret}")
+    private String inviteSecret;
+
     @Value("${app.jwt.expiration}")
     private long expiration;
 
@@ -70,6 +73,17 @@ public class JwtService {
                 .compact();
     }
 
+    public String generateInviteToken(String subject) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + expiration);
+        return Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(getSigningKeyForSecret(inviteSecret))
+                .compact();
+    }
+
     public String validateAndGetSubject(String token) {
         Claims claims = Jwts.parserBuilder()
                 .setSigningKey(getSigningKeyForSecret(secret))
@@ -96,4 +110,13 @@ public class JwtService {
                 .getBody();
         return claims.getSubject();
     }
+
+    public String validateAndGetSubjectForInvite(String token) {
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(getSigningKeyForSecret(inviteSecret))
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+        return claims.getSubject();
+    }
 }

backend/src/main/java/com/openisle/service/MedalService.java

@@ -6,6 +6,7 @@ import com.openisle.dto.MedalDto;
 import com.openisle.dto.PostMedalDto;
 import com.openisle.dto.SeedUserMedalDto;
 import com.openisle.dto.PioneerMedalDto;
+import com.openisle.dto.FeaturedMedalDto;
 import com.openisle.model.MedalType;
 import com.openisle.model.User;
 import com.openisle.repository.CommentRepository;
@@ -74,6 +75,23 @@ public class MedalService {
         postMedal.setSelected(selected == MedalType.POST);
         medals.add(postMedal);
 
+        FeaturedMedalDto featuredMedal = new FeaturedMedalDto();
+        featuredMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_rss.png");
+        featuredMedal.setTitle("精选作者");
+        featuredMedal.setDescription("至少有1篇文章被收录为精选");
+        featuredMedal.setType(MedalType.FEATURED);
+        featuredMedal.setTargetFeaturedCount(1);
+        if (user != null) {
+            long count = postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId());
+            featuredMedal.setCurrentFeaturedCount(count);
+            featuredMedal.setCompleted(count >= 1);
+        } else {
+            featuredMedal.setCurrentFeaturedCount(0);
+            featuredMedal.setCompleted(false);
+        }
+        featuredMedal.setSelected(selected == MedalType.FEATURED);
+        medals.add(featuredMedal);
+
         ContributorMedalDto contributorMedal = new ContributorMedalDto();
         contributorMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_coder.png");
         contributorMedal.setTitle("贡献者");
@@ -141,6 +159,8 @@ public class MedalService {
             user.setDisplayMedal(MedalType.COMMENT);
         } else if (postRepository.countByAuthor_Id(user.getId()) >= POST_TARGET) {
             user.setDisplayMedal(MedalType.POST);
+        } else if (postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId()) >= 1) {
+            user.setDisplayMedal(MedalType.FEATURED);
         } else if (contributorService.getContributionLines(user.getUsername()) >= CONTRIBUTION_TARGET) {
             user.setDisplayMedal(MedalType.CONTRIBUTOR);
         } else if (userRepository.countByCreatedAtBefore(user.getCreatedAt()) < PIONEER_LIMIT) {

backend/src/main/java/com/openisle/service/MessageService.java

@@ -0,0 +1,324 @@
+package com.openisle.service;
+
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.model.Reaction;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import com.openisle.repository.ReactionRepository;
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.ReactionDto;
+import com.openisle.dto.UserSummaryDto;
+import com.openisle.mapper.ReactionMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.messaging.simp.SimpMessagingTemplate;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class MessageService {
+
+    private final MessageRepository messageRepository;
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final UserRepository userRepository;
+    private final SimpMessagingTemplate messagingTemplate;
+    private final ReactionRepository reactionRepository;
+    private final ReactionMapper reactionMapper;
+
+    @Transactional
+    public Message sendMessage(Long senderId, Long recipientId, String content, Long replyToId) {
+        log.info("Attempting to send message from user {} to user {}", senderId, recipientId);
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        User recipient = userRepository.findById(recipientId)
+                .orElseThrow(() -> new IllegalArgumentException("Recipient not found"));
+
+        log.info("Finding or creating conversation for users {} and {}", sender.getUsername(), recipient.getUsername());
+        MessageConversation conversation = findOrCreateConversation(sender, recipient);
+        log.info("Conversation found or created with ID: {}", conversation.getId());
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        if (replyToId != null) {
+            Message replyTo = messageRepository.findById(replyToId)
+                    .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+            message.setReplyTo(replyTo);
+        }
+        message = messageRepository.save(message);
+        log.info("Message saved with ID: {}", message.getId());
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+        log.info("Conversation {} updated with last message ID {}", conversation.getId(), message.getId());
+
+        // Broadcast the new message to subscribed clients
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+        log.info("Message {} broadcasted to destination: {}", message.getId(), conversationDestination);
+
+        // Also notify the recipient on their personal channel to update the conversation list
+        String userDestination = "/topic/user/" + recipient.getId() + "/messages";
+        messagingTemplate.convertAndSend(userDestination, messageDto);
+        log.info("Message {} notification sent to destination: {}", message.getId(), userDestination);
+
+        // Notify recipient of new unread count
+        long unreadCount = getUnreadMessageCount(recipientId);
+        log.info("Calculating unread count for user {}: {}", recipientId, unreadCount);
+        
+        // Send using username instead of user ID for WebSocket routing
+        String recipientUsername = recipient.getUsername();
+        messagingTemplate.convertAndSendToUser(recipientUsername, "/queue/unread-count", unreadCount);
+        log.info("Sent unread count {} to user {} (username: {}) via WebSocket destination: /user/{}/queue/unread-count",
+                unreadCount, recipientId, recipientUsername, recipientUsername);
+
+        return message;
+    }
+
+    @Transactional
+    public Message sendMessageToConversation(Long senderId, Long conversationId, String content, Long replyToId) {
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        // Join the conversation if not already a participant (useful for channels)
+        participantRepository.findByConversationIdAndUserId(conversationId, senderId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(conversation);
+                    p.setUser(sender);
+                    return participantRepository.save(p);
+                });
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        if (replyToId != null) {
+            Message replyTo = messageRepository.findById(replyToId)
+                    .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+            message.setReplyTo(replyTo);
+        }
+        message = messageRepository.save(message);
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+
+        // Notify all participants except sender for updates
+        for (MessageParticipant participant : conversation.getParticipants()) {
+            if (participant.getUser().getId().equals(senderId)) continue;
+            String userDestination = "/topic/user/" + participant.getUser().getId() + "/messages";
+            messagingTemplate.convertAndSend(userDestination, messageDto);
+
+            long unreadCount = getUnreadMessageCount(participant.getUser().getId());
+            String username = participant.getUser().getUsername();
+            messagingTemplate.convertAndSendToUser(username, "/queue/unread-count", unreadCount);
+
+            long channelUnread = getUnreadChannelCount(participant.getUser().getId());
+            messagingTemplate.convertAndSendToUser(username, "/queue/channel-unread", channelUnread);
+        }
+
+        return message;
+    }
+
+    public MessageDto toDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setConversationId(message.getConversation().getId());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        UserSummaryDto userSummaryDto = new UserSummaryDto();
+        userSummaryDto.setId(message.getSender().getId());
+        userSummaryDto.setUsername(message.getSender().getUsername());
+        userSummaryDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(userSummaryDto);
+
+        if (message.getReplyTo() != null) {
+            Message reply = message.getReplyTo();
+            MessageDto replyDto = new MessageDto();
+            replyDto.setId(reply.getId());
+            replyDto.setContent(reply.getContent());
+            UserSummaryDto replySender = new UserSummaryDto();
+            replySender.setId(reply.getSender().getId());
+            replySender.setUsername(reply.getSender().getUsername());
+            replySender.setAvatar(reply.getSender().getAvatar());
+            replyDto.setSender(replySender);
+            dto.setReplyTo(replyDto);
+        }
+
+        java.util.List<Reaction> reactions = reactionRepository.findByMessage(message);
+        java.util.List<ReactionDto> reactionDtos = reactions.stream()
+                .map(reactionMapper::toDto)
+                .collect(Collectors.toList());
+        dto.setReactions(reactionDtos);
+
+        return dto;
+    }
+
+    public MessageConversation findOrCreateConversation(Long user1Id, Long user2Id) {
+        User user1 = userRepository.findById(user1Id)
+                .orElseThrow(() -> new IllegalArgumentException("User1 not found"));
+        User user2 = userRepository.findById(user2Id)
+                .orElseThrow(() -> new IllegalArgumentException("User2 not found"));
+        return findOrCreateConversation(user1, user2);
+    }
+
+    private MessageConversation findOrCreateConversation(User user1, User user2) {
+        log.info("Searching for existing conversation between {} and {}", user1.getUsername(), user2.getUsername());
+        return conversationRepository.findConversationsByUsers(user1, user2).stream()
+                .findFirst()
+                .orElseGet(() -> {
+                    log.info("No existing conversation found. Creating a new one.");
+                    MessageConversation conversation = new MessageConversation();
+                    conversation = conversationRepository.save(conversation);
+                    log.info("New conversation created with ID: {}", conversation.getId());
+
+                    MessageParticipant participant1 = new MessageParticipant();
+                    participant1.setConversation(conversation);
+                    participant1.setUser(user1);
+                    participantRepository.save(participant1);
+                    log.info("Participant {} added to conversation {}", user1.getUsername(), conversation.getId());
+
+                    MessageParticipant participant2 = new MessageParticipant();
+                    participant2.setConversation(conversation);
+                    participant2.setUser(user2);
+                    participantRepository.save(participant2);
+                    log.info("Participant {} added to conversation {}", user2.getUsername(), conversation.getId());
+
+                    return conversation;
+                });
+    }
+
+    @Transactional(readOnly = true)
+    public List<ConversationDto> getConversations(Long userId) {
+        List<MessageConversation> conversations = conversationRepository.findConversationsByUserIdOrderByLastMessageDesc(userId);
+        return conversations.stream()
+                .filter(c -> !c.isChannel())
+                .map(c -> toDto(c, userId))
+                .collect(Collectors.toList());
+    }
+
+    private ConversationDto toDto(MessageConversation conversation, Long userId) {
+        ConversationDto dto = new ConversationDto();
+        dto.setId(conversation.getId());
+        dto.setChannel(conversation.isChannel());
+        dto.setName(conversation.getName());
+        dto.setAvatar(conversation.getAvatar());
+        dto.setCreatedAt(conversation.getCreatedAt());
+        if (conversation.getLastMessage() != null) {
+            dto.setLastMessage(toDto(conversation.getLastMessage()));
+        }
+        dto.setParticipants(conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList()));
+
+        MessageParticipant self = conversation.getParticipants().stream()
+                .filter(p -> p.getUser().getId().equals(userId))
+                .findFirst()
+                .orElseThrow(() -> new IllegalStateException("Participant not found in conversation"));
+
+        LocalDateTime lastRead = self.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : self.getLastReadAt();
+        // 只计算别人发送给当前用户的未读消息
+        long unreadCount = messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(conversation.getId(), lastRead, userId);
+        dto.setUnreadCount(unreadCount);
+
+        return dto;
+    }
+
+    @Transactional
+    public ConversationDetailDto getConversationDetails(Long conversationId, Long userId, Pageable pageable) {
+        markConversationAsRead(conversationId, userId);
+
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        Page<Message> messagesPage = messageRepository.findByConversationId(conversationId, pageable);
+        Page<MessageDto> messageDtoPage = messagesPage.map(this::toDto);
+
+        List<UserSummaryDto> participants = conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList());
+
+        ConversationDetailDto detailDto = new ConversationDetailDto();
+        detailDto.setId(conversation.getId());
+        detailDto.setName(conversation.getName());
+        detailDto.setChannel(conversation.isChannel());
+        detailDto.setAvatar(conversation.getAvatar());
+        detailDto.setParticipants(participants);
+        detailDto.setMessages(messageDtoPage);
+
+        return detailDto;
+    }
+
+    @Transactional
+    public void markConversationAsRead(Long conversationId, Long userId) {
+        MessageParticipant participant = participantRepository.findByConversationIdAndUserId(conversationId, userId)
+                .orElseThrow(() -> new IllegalArgumentException("Participant not found"));
+        participant.setLastReadAt(LocalDateTime.now());
+        participantRepository.save(participant);
+    }
+
+    @Transactional(readOnly = true)
+    public long getUnreadMessageCount(Long userId) {
+        List<MessageParticipant> participations = participantRepository.findByUserId(userId);
+        long totalUnreadCount = 0;
+        for (MessageParticipant p : participations) {
+            if (p.getConversation().isChannel()) continue;
+            LocalDateTime lastRead = p.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : p.getLastReadAt();
+            // 只计算别人发送给当前用户的未读消息
+            totalUnreadCount += messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(p.getConversation().getId(), lastRead, userId);
+        }
+        return totalUnreadCount;
+    }
+
+    @Transactional(readOnly = true)
+    public long getUnreadChannelCount(Long userId) {
+        List<MessageParticipant> participations = participantRepository.findByUserId(userId);
+        long unreadChannelCount = 0;
+        for (MessageParticipant p : participations) {
+            if (!p.getConversation().isChannel()) continue;
+            LocalDateTime lastRead = p.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : p.getLastReadAt();
+            long unread = messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(p.getConversation().getId(), lastRead, userId);
+            if (unread > 0) {
+                unreadChannelCount++;
+            }
+        }
+        return unreadChannelCount;
+    }
+}

backend/src/main/java/com/openisle/service/NotificationService.java

@@ -23,7 +23,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.concurrent.Executor;
-import java.util.stream.Collectors;
 
 /** Service for creating and retrieving notifications. */
 @Service
@@ -141,6 +140,19 @@ public class NotificationService {
         }
     }
 
+    /**
+     * Create notifications for all admins when a user redeems a point good.
+     * Old redeem notifications from the same user are removed first.
+     */
+    @org.springframework.transaction.annotation.Transactional
+    public void createPointRedeemNotifications(User user, String content) {
+//        notificationRepository.deleteByTypeAndFromUser(NotificationType.POINT_REDEEM, user);
+        for (User admin : userRepository.findByRole(Role.ADMIN)) {
+            createNotification(admin, NotificationType.POINT_REDEEM, null, null,
+                    null, user, null, content);
+        }
+    }
+
     public List<NotificationPreferenceDto> listPreferences(String username) {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
@@ -167,17 +179,26 @@ public class NotificationService {
         userRepository.save(user);
     }
 
-    public List<Notification> listNotifications(String username, Boolean read) {
+    public List<Notification> listNotifications(String username, Boolean read, int page, int size) {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        List<Notification> list;
+        org.springframework.data.domain.Pageable pageable = org.springframework.data.domain.PageRequest.of(page, size);
+        org.springframework.data.domain.Page<Notification> result;
         if (read == null) {
-            list = notificationRepository.findByUserOrderByCreatedAtDesc(user);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserOrderByCreatedAtDesc(user, pageable);
+            } else {
+                result = notificationRepository.findByUserAndTypeNotInOrderByCreatedAtDesc(user, disabled, pageable);
+            }
         } else {
-            list = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read, pageable);
+            } else {
+                result = notificationRepository.findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(user, read, disabled, pageable);
+            }
         }
-        return list.stream().filter(n -> !disabled.contains(n.getType())).collect(Collectors.toList());
+        return result.getContent();
     }
 
     public void markRead(String username, List<Long> ids) {
@@ -196,8 +217,10 @@ public class NotificationService {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        return notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, false).stream()
-                .filter(n -> !disabled.contains(n.getType())).count();
+        if (disabled.isEmpty()) {
+            return notificationRepository.countByUserAndRead(user, false);
+        }
+        return notificationRepository.countByUserAndReadAndTypeNotIn(user, false, disabled);
     }
 
     public void notifyMentions(String content, User fromUser, Post post, Comment comment) {

backend/src/main/java/com/openisle/service/PointMallService.java

@@ -0,0 +1,48 @@
+package com.openisle.service;
+
+import com.openisle.exception.FieldException;
+import com.openisle.exception.NotFoundException;
+import com.openisle.model.PointGood;
+import com.openisle.model.PointHistory;
+import com.openisle.model.PointHistoryType;
+import com.openisle.model.User;
+import com.openisle.repository.PointGoodRepository;
+import com.openisle.repository.PointHistoryRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/** Service for point mall operations. */
+@Service
+@RequiredArgsConstructor
+public class PointMallService {
+    private final PointGoodRepository pointGoodRepository;
+    private final UserRepository userRepository;
+    private final NotificationService notificationService;
+    private final PointHistoryRepository pointHistoryRepository;
+
+    public List<PointGood> listGoods() {
+        return pointGoodRepository.findAll();
+    }
+
+    public int redeem(User user, Long goodId, String contact) {
+        PointGood good = pointGoodRepository.findById(goodId)
+                .orElseThrow(() -> new NotFoundException("Good not found"));
+        if (user.getPoint() < good.getCost()) {
+            throw new FieldException("point", "Insufficient points");
+        }
+        user.setPoint(user.getPoint() - good.getCost());
+        userRepository.save(user);
+        notificationService.createPointRedeemNotifications(user, good.getName() + ": " + contact);
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(PointHistoryType.REDEEM);
+        history.setAmount(-good.getCost());
+        history.setBalance(user.getPoint());
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
+        return user.getPoint();
+    }
+}

backend/src/main/java/com/openisle/service/PointService.java

@@ -1,12 +1,16 @@
 package com.openisle.service;
 
-import com.openisle.model.PointLog;
-import com.openisle.model.User;
+import com.openisle.model.*;
 import com.openisle.repository.*;
+import com.openisle.exception.FieldException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
 import java.time.LocalDate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
 
 @Service
 @RequiredArgsConstructor
@@ -16,14 +20,39 @@ public class PointService {
     private final PointLogRepository pointLogRepository;
     private final PostRepository postRepository;
     private final CommentRepository commentRepository;
+    private final PointHistoryRepository pointHistoryRepository;
 
-    public int awardForPost(String userName) {
+    public int awardForPost(String userName, Long postId) {
         User user = userRepository.findByUsername(userName).orElseThrow();
         PointLog log = getTodayLog(user);
         if (log.getPostCount() > 1) return 0;
         log.setPostCount(log.getPostCount() + 1);
         pointLogRepository.save(log);
-        return addPoint(user, 30);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 30, PointHistoryType.POST, post, null, null);
+    }
+
+    public int awardForInvite(String userName, String inviteeName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        User invitee = userRepository.findByUsername(inviteeName).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.INVITE, null, null, invitee);
+    }
+
+    public int awardForFeatured(String userName, Long postId) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.FEATURE, post, null, null);
+    }
+
+    public void processLotteryJoin(User participant, LotteryPost post) {
+        int cost = post.getPointCost();
+        if (cost > 0) {
+            if (participant.getPoint() < cost) {
+                throw new FieldException("point", "积分不足");
+            }
+            addPoint(participant, -cost, PointHistoryType.LOTTERY_JOIN, post, null, post.getAuthor());
+            addPoint(post.getAuthor(), cost, PointHistoryType.LOTTERY_REWARD, post, null, participant);
+        }
     }
 
     private PointLog getTodayLog(User user) {
@@ -40,20 +69,41 @@ public class PointService {
                 });
     }
 
-    private int addPoint(User user, int amount) {
+    private int addPoint(User user, int amount, PointHistoryType type,
+                         Post post, Comment comment, User fromUser) {
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
         user.setPoint(user.getPoint() + amount);
         userRepository.save(user);
+        recordHistory(user, type, amount, post, comment, fromUser);
         return amount;
     }
 
+    private void recordHistory(User user, PointHistoryType type, int amount,
+                               Post post, Comment comment, User fromUser) {
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(type);
+        history.setAmount(amount);
+        history.setBalance(user.getPoint());
+        history.setPost(post);
+        history.setComment(comment);
+        history.setFromUser(fromUser);
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
+    }
+
     // 同时为评论者和发帖人增加积分，返回值为评论者增加的积分数
     // 注意需要考虑发帖和回复是同一人的场景
-    public int awardForComment(String commenterName, Long postId) {
+    public int awardForComment(String commenterName, Long postId, Long commentId) {
         // 标记评论者是否已达到积分奖励上限
         boolean isTheRewardCapped = false;
 
         // 根据帖子id找到发帖人
-        User poster = postRepository.findById(postId).orElseThrow().getAuthor();
+        Post post = postRepository.findById(postId).orElseThrow();
+        User poster = post.getAuthor();
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
 
         // 获取评论者的加分日志
         User commenter = userRepository.findByUsername(commenterName).orElseThrow();
@@ -69,15 +119,15 @@ public class PointService {
             } else {
                 log.setCommentCount(log.getCommentCount() + 1);
                 pointLogRepository.save(log);
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
             }
         } else {
-            addPoint(poster, 10);
+            addPoint(poster, 10, PointHistoryType.COMMENT, post, comment, commenter);
             // 如果发帖人与评论者不是同一个，则根据是否达到积分上限来判断评论者加分情况
             if (isTheRewardCapped) {
                 return 0;
             } else {
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
             }
         }
     }
@@ -96,7 +146,8 @@ public class PointService {
         }
 
         // 如果不是同一个，则为发帖人加分
-        return addPoint(poster, 10);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(poster, 10, PointHistoryType.POST_LIKED, post, null, reactioner);
     }
 
     // 考虑点赞者和评论者是同一个的情况
@@ -113,7 +164,38 @@ public class PointService {
         }
 
         // 如果不是同一个，则为发帖人加分
-        return addPoint(commenter, 10);
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
+        Post post = comment.getPost();
+        return addPoint(commenter, 10, PointHistoryType.COMMENT_LIKED, post, comment, reactioner);
+    }
+
+    public java.util.List<PointHistory> listHistory(String userName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
+        return pointHistoryRepository.findByUserOrderByIdDesc(user);
+    }
+
+    public List<Map<String, Object>> trend(String userName, int days) {
+        if (days < 1) days = 1;
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        LocalDate end = LocalDate.now();
+        LocalDate start = end.minusDays(days - 1L);
+        var histories = pointHistoryRepository.findByUserAndCreatedAtAfterOrderByCreatedAtDesc(
+                user, start.atStartOfDay());
+        int idx = 0;
+        int balance = user.getPoint();
+        List<Map<String, Object>> result = new ArrayList<>();
+        for (LocalDate day = end; !day.isBefore(start); day = day.minusDays(1)) {
+            result.add(Map.of("date", day.toString(), "value", balance));
+            while (idx < histories.size() && histories.get(idx).getCreatedAt().toLocalDate().isEqual(day)) {
+                balance -= histories.get(idx).getAmount();
+                idx++;
+            }
+        }
+        Collections.reverse(result);
+        return result;
     }
 
 }

backend/src/main/java/com/openisle/service/PostService.java

@@ -67,6 +67,7 @@ public class PostService {
     private final TaskScheduler taskScheduler;
     private final EmailSender emailSender;
     private final ApplicationContext applicationContext;
+    private final PointService pointService;
     private final ConcurrentMap<Long, ScheduledFuture<?>> scheduledFinalizations = new ConcurrentHashMap<>();
     @Value("${app.website-url:https://www.open-isle.com}")
     private String websiteUrl;
@@ -89,6 +90,7 @@ public class PostService {
                        TaskScheduler taskScheduler,
                        EmailSender emailSender,
                        ApplicationContext applicationContext,
+                       PointService pointService,
                        @Value("${app.post.publish-mode:DIRECT}") PublishMode publishMode) {
         this.postRepository = postRepository;
         this.userRepository = userRepository;
@@ -107,6 +109,7 @@ public class PostService {
         this.taskScheduler = taskScheduler;
         this.emailSender = emailSender;
         this.applicationContext = applicationContext;
+        this.pointService = pointService;
         this.publishMode = publishMode;
     }
 
@@ -132,6 +135,26 @@ public class PostService {
         this.publishMode = publishMode;
     }
 
+    public List<Post> listLatestRssPosts(int limit) {
+        Pageable pageable = PageRequest.of(0, limit, Sort.by(Sort.Direction.DESC, "createdAt"));
+        return postRepository.findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus.PUBLISHED, pageable);
+    }
+
+    public Post excludeFromRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(true);
+        return postRepository.save(post);
+    }
+
+    public Post includeInRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(false);
+        post = postRepository.save(post);
+        notificationService.createNotification(post.getAuthor(), NotificationType.POST_FEATURED, post, null, null, null, null, null);
+        pointService.awardForFeatured(post.getAuthor().getUsername(), post.getId());
+        return post;
+    }
+
     public Post createPost(String username,
                            Long categoryId,
                            String title,
@@ -141,6 +164,7 @@ public class PostService {
                            String prizeDescription,
                            String prizeIcon,
                            Integer prizeCount,
+                           Integer pointCost,
                            LocalDateTime startTime,
                            LocalDateTime endTime) {
         long recent = postRepository.countByAuthorAfter(username,
@@ -165,10 +189,14 @@ public class PostService {
         PostType actualType = type != null ? type : PostType.NORMAL;
         Post post;
         if (actualType == PostType.LOTTERY) {
+            if (pointCost != null && (pointCost < 0 || pointCost > 100)) {
+                throw new IllegalArgumentException("pointCost must be between 0 and 100");
+            }
             LotteryPost lp = new LotteryPost();
             lp.setPrizeDescription(prizeDescription);
             lp.setPrizeIcon(prizeIcon);
             lp.setPrizeCount(prizeCount != null ? prizeCount : 0);
+            lp.setPointCost(pointCost != null ? pointCost : 0);
             lp.setStartTime(startTime);
             lp.setEndTime(endTime);
             post = lp;
@@ -227,8 +255,10 @@ public class PostService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
-        post.getParticipants().add(user);
-        lotteryPostRepository.save(post);
+        if (post.getParticipants().add(user)) {
+            pointService.processLotteryJoin(user, post);
+            lotteryPostRepository.save(post);
+        }
     }
 
     @Transactional
@@ -441,6 +471,34 @@ public class PostService {
         return paginate(sortByPinnedAndCreated(posts), page, pageSize);
     }
 
+    public List<Post> listFeaturedPosts(List<Long> categoryIds,
+                                        List<Long> tagIds,
+                                        Integer page,
+                                        Integer pageSize) {
+        List<Post> posts;
+        boolean hasCategories = categoryIds != null && !categoryIds.isEmpty();
+        boolean hasTags = tagIds != null && !tagIds.isEmpty();
+
+        if (hasCategories && hasTags) {
+            posts = listPostsByCategoriesAndTags(categoryIds, tagIds, null, null);
+        } else if (hasCategories) {
+            posts = listPostsByCategories(categoryIds, null, null);
+        } else if (hasTags) {
+            posts = listPostsByTags(tagIds, null, null);
+        } else {
+            posts = listPosts();
+        }
+
+        // 仅保留 getRssExcluded 为 0 且不为空
+        // 若字段类型是 Boolean（包装类型），0 等价于 false：
+        posts = posts.stream()
+                .filter(p -> p.getRssExcluded() != null && !p.getRssExcluded())
+                .toList();
+
+        return paginate(sortByPinnedAndCreated(posts), page, pageSize);
+    }
+
+
     public List<Post> listPendingPosts() {
         return postRepository.findByStatus(PostStatus.PENDING);
     }
@@ -495,6 +553,30 @@ public class PostService {
         return postRepository.save(post);
     }
 
+    public Post closePost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(true);
+        return postRepository.save(post);
+    }
+
+    public Post reopenPost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(false);
+        return postRepository.save(post);
+    }
+
     @org.springframework.transaction.annotation.Transactional
     public Post updatePost(Long id,
                            String username,
@@ -538,7 +620,9 @@ public class PostService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
-        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+        User author = post.getAuthor();
+        boolean adminDeleting = !user.getId().equals(author.getId()) && user.getRole() == Role.ADMIN;
+        if (!user.getId().equals(author.getId()) && user.getRole() != Role.ADMIN) {
             throw new IllegalArgumentException("Unauthorized");
         }
         for (Comment c : commentRepository.findByPostAndParentIsNullOrderByCreatedAtAsc(post)) {
@@ -555,7 +639,12 @@ public class PostService {
                 future.cancel(false);
             }
         }
+        String title = post.getTitle();
         postRepository.delete(post);
+        if (adminDeleting) {
+            notificationService.createNotification(author, NotificationType.POST_DELETED,
+                    null, null, null, user, null, title);
+        }
     }
 
     public java.util.List<Post> getPostsByIds(java.util.List<Long> ids) {

backend/src/main/java/com/openisle/service/ReactionService.java

@@ -6,10 +6,12 @@ import com.openisle.model.Reaction;
 import com.openisle.model.ReactionType;
 import com.openisle.model.User;
 import com.openisle.model.NotificationType;
+import com.openisle.model.Message;
 import com.openisle.repository.CommentRepository;
 import com.openisle.repository.PostRepository;
 import com.openisle.repository.ReactionRepository;
 import com.openisle.repository.UserRepository;
+import com.openisle.repository.MessageRepository;
 import com.openisle.service.NotificationService;
 import com.openisle.service.EmailSender;
 import lombok.RequiredArgsConstructor;
@@ -24,6 +26,7 @@ public class ReactionService {
     private final UserRepository userRepository;
     private final PostRepository postRepository;
     private final CommentRepository commentRepository;
+    private final MessageRepository messageRepository;
     private final NotificationService notificationService;
     private final EmailSender emailSender;
 
@@ -77,6 +80,26 @@ public class ReactionService {
         return reaction;
     }
 
+    @Transactional
+    public Reaction reactToMessage(String username, Long messageId, ReactionType type) {
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        Message message = messageRepository.findById(messageId)
+                .orElseThrow(() -> new IllegalArgumentException("Message not found"));
+        java.util.Optional<Reaction> existing =
+                reactionRepository.findByUserAndMessageAndType(user, message, type);
+        if (existing.isPresent()) {
+            reactionRepository.delete(existing.get());
+            return null;
+        }
+        Reaction reaction = new Reaction();
+        reaction.setUser(user);
+        reaction.setMessage(message);
+        reaction.setType(type);
+        reaction = reactionRepository.save(reaction);
+        return reaction;
+    }
+
     public java.util.List<Reaction> getReactionsForPost(Long postId) {
         Post post = postRepository.findById(postId)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));

backend/src/main/java/com/openisle/service/SubscriptionService.java

@@ -107,6 +107,11 @@ public class SubscriptionService {
         return commentSubRepo.findByComment(c).stream().map(CommentSubscription::getUser).toList();
     }
 
+    public List<Post> getSubscribedPosts(String username) {
+        User user = userRepo.findByUsername(username).orElseThrow();
+        return postSubRepo.findByUser(user).stream().map(PostSubscription::getPost).toList();
+    }
+
 
     public long countSubscribers(String username) {
         User user = userRepo.findByUsername(username).orElseThrow();

backend/src/main/java/com/openisle/service/TwitterAuthService.java

@@ -33,11 +33,12 @@ public class TwitterAuthService {
     @Value("${twitter.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(
+    public Optional<AuthResult> authenticate(
             String code,
             String codeVerifier,
             RegisterMode mode,
-            String redirectUri) {
+            String redirectUri,
+            boolean viaInvite) {
 
         logger.debug("Starting authentication with code {} and verifier {}", code, codeVerifier);
 
@@ -106,10 +107,10 @@ public class TwitterAuthService {
         // Twitter v2 默认拿不到 email；如果你申请到 email.scope，可改用 /2/users/:id?user.fields=email
         String email = username + "@twitter.com";
         logger.debug("Processing user {} with email {}", username, email);
-        return Optional.of(processUser(email, username, avatar, mode));
+        return Optional.of(processUser(email, username, avatar, mode, viaInvite));
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -119,7 +120,7 @@ public class TwitterAuthService {
                 userRepository.save(user);
             }
             logger.debug("Existing user {} authenticated", user.getUsername());
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -133,13 +134,13 @@ public class TwitterAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar("https://twitter.com/" + finalUsername + "/profile_image");
         }
         logger.debug("Creating new user {}", finalUsername);
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/UserService.java

@@ -74,6 +74,13 @@ public class UserService {
         return userRepository.save(user);
     }
 
+    public User registerWithInvite(String username, String email, String password) {
+        User user = register(username, email, password, "", com.openisle.model.RegisterMode.DIRECT);
+        user.setVerified(true);
+        user.setVerificationCode(genCode());
+        return userRepository.save(user);
+    }
+
     private String genCode() {
         return String.format("%06d", new Random().nextInt(1000000));
     }

backend/src/main/resources/application.properties

@@ -10,6 +10,7 @@ spring.jpa.hibernate.ddl-auto=update
 app.jwt.secret=${JWT_SECRET:jwt_sec}
 app.jwt.reason-secret=${JWT_REASON_SECRET:jwt_reason_sec}
 app.jwt.reset-secret=${JWT_RESET_SECRET:jwt_reset_sec}
+app.jwt.invite-secret=${JWT_INVITE_SECRET:jwt_invite_sec}
 # 30 days
 app.jwt.expiration=${JWT_EXPIRATION:2592000000}
 # Password strength: LOW, MEDIUM or HIGH

backend/src/main/resources/db/migration/V2__add_rss_excluded_to_posts.sql

@@ -0,0 +1 @@
+ALTER TABLE posts ADD COLUMN rss_excluded BOOLEAN NOT NULL DEFAULT 0;

backend/src/main/resources/db/migration/V3__add_point_cost_to_lottery_posts.sql

@@ -0,0 +1 @@
+ALTER TABLE lottery_posts ADD COLUMN point_cost INT NOT NULL DEFAULT 0;

backend/src/test/java/com/openisle/controller/NotificationControllerTest.java

@@ -45,7 +45,7 @@ class NotificationControllerTest {
         p.setId(2L);
         n.setPost(p);
         n.setCreatedAt(LocalDateTime.now());
-        when(notificationService.listNotifications("alice", null))
+        when(notificationService.listNotifications("alice", null, 0, 30))
                 .thenReturn(List.of(n));
 
         NotificationDto dto = new NotificationDto();
@@ -62,6 +62,24 @@ class NotificationControllerTest {
                 .andExpect(jsonPath("$[0].post.id").value(2));
     }
 
+    @Test
+    void listUnreadNotifications() throws Exception {
+        Notification n = new Notification();
+        n.setId(5L);
+        n.setType(NotificationType.POST_VIEWED);
+        when(notificationService.listNotifications("alice", false, 0, 30))
+                .thenReturn(List.of(n));
+
+        NotificationDto dto = new NotificationDto();
+        dto.setId(5L);
+        when(notificationMapper.toDto(n)).thenReturn(dto);
+
+        mockMvc.perform(get("/api/notifications/unread")
+                        .principal(new UsernamePasswordAuthenticationToken("alice","p")))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].id").value(5));
+    }
+
     @Test
     void markReadEndpoint() throws Exception {
         mockMvc.perform(post("/api/notifications/read")

backend/src/test/java/com/openisle/controller/PointHistoryControllerTest.java

@@ -0,0 +1,65 @@
+package com.openisle.controller;
+
+import com.openisle.config.CustomAccessDeniedHandler;
+import com.openisle.config.SecurityConfig;
+import com.openisle.service.PointService;
+import com.openisle.mapper.PointHistoryMapper;
+import com.openisle.service.JwtService;
+import com.openisle.repository.UserRepository;
+import com.openisle.model.User;
+import com.openisle.model.Role;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.test.web.servlet.MockMvc;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@WebMvcTest(PointHistoryController.class)
+@AutoConfigureMockMvc
+@Import({SecurityConfig.class, CustomAccessDeniedHandler.class})
+class PointHistoryControllerTest {
+    @Autowired
+    private MockMvc mockMvc;
+
+    @MockBean
+    private JwtService jwtService;
+    @MockBean
+    private UserRepository userRepository;
+    @MockBean
+    private PointService pointService;
+    @MockBean
+    private PointHistoryMapper pointHistoryMapper;
+
+    @Test
+    void trendReturnsSeries() throws Exception {
+        Mockito.when(jwtService.validateAndGetSubject("token")).thenReturn("user");
+        User user = new User();
+        user.setUsername("user");
+        user.setPassword("p");
+        user.setEmail("u@example.com");
+        user.setRole(Role.USER);
+        Mockito.when(userRepository.findByUsername("user")).thenReturn(Optional.of(user));
+        List<Map<String, Object>> data = List.of(
+                Map.of("date", java.time.LocalDate.now().minusDays(1).toString(), "value", 100),
+                Map.of("date", java.time.LocalDate.now().toString(), "value", 110)
+        );
+        Mockito.when(pointService.trend(Mockito.eq("user"), Mockito.anyInt())).thenReturn(data);
+
+        mockMvc.perform(get("/api/point-histories/trend").param("days", "2")
+                        .header("Authorization", "Bearer token"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].value").value(100))
+                .andExpect(jsonPath("$[1].value").value(110));
+    }
+}

backend/src/test/java/com/openisle/controller/PostControllerTest.java

@@ -76,7 +76,7 @@ class PostControllerTest {
         post.setTags(Set.of(tag));
 
         when(postService.createPost(eq("alice"), eq(1L), eq("t"), eq("c"), eq(List.of(1L)),
-                isNull(), isNull(), isNull(), isNull(), isNull(), isNull())).thenReturn(post);
+                isNull(), isNull(), isNull(), isNull(), isNull(), isNull(), isNull())).thenReturn(post);
         when(postService.viewPost(eq(1L), any())).thenReturn(post);
         when(commentService.getCommentsForPost(eq(1L), any())).thenReturn(List.of());
         when(commentService.getParticipants(anyLong(), anyInt())).thenReturn(List.of());
@@ -187,7 +187,7 @@ class PostControllerTest {
                 .andExpect(status().isBadRequest());
 
         verify(postService, never()).createPost(any(), any(), any(), any(), any(),
-                any(), any(), any(), any(), any(), any());
+                any(), any(), any(), any(), any(), any(), any());
     }
 
     @Test

backend/src/test/java/com/openisle/controller/ReactionControllerTest.java

@@ -5,6 +5,7 @@ import com.openisle.model.Post;
 import com.openisle.model.Reaction;
 import com.openisle.model.ReactionType;
 import com.openisle.model.User;
+import com.openisle.model.Message;
 import com.openisle.service.ReactionService;
 import com.openisle.service.LevelService;
 import com.openisle.mapper.ReactionMapper;
@@ -78,6 +79,27 @@ class ReactionControllerTest {
                 .andExpect(jsonPath("$.commentId").value(2));
     }
 
+    @Test
+    void reactToMessage() throws Exception {
+        User user = new User();
+        user.setUsername("u3");
+        Message message = new Message();
+        message.setId(3L);
+        Reaction reaction = new Reaction();
+        reaction.setId(3L);
+        reaction.setUser(user);
+        reaction.setMessage(message);
+        reaction.setType(ReactionType.LIKE);
+        Mockito.when(reactionService.reactToMessage(eq("u3"), eq(3L), eq(ReactionType.LIKE))).thenReturn(reaction);
+
+        mockMvc.perform(post("/api/messages/3/reactions")
+                        .contentType("application/json")
+                        .content("{\"type\":\"LIKE\"}")
+                        .principal(new UsernamePasswordAuthenticationToken("u3", "p")))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$.messageId").value(3));
+    }
+
     @Test
     void listReactionTypes() throws Exception {
         mockMvc.perform(get("/api/reaction-types"))

backend/src/test/java/com/openisle/controller/UserControllerTest.java

@@ -136,6 +136,30 @@ class UserControllerTest {
                 .andExpect(jsonPath("$[0].title").value("hello"));
     }
 
+    @Test
+    void listSubscribedPosts() throws Exception {
+        User user = new User();
+        user.setUsername("bob");
+        com.openisle.model.Category cat = new com.openisle.model.Category();
+        cat.setName("tech");
+        com.openisle.model.Post post = new com.openisle.model.Post();
+        post.setId(6L);
+        post.setTitle("fav");
+        post.setCreatedAt(java.time.LocalDateTime.now());
+        post.setCategory(cat);
+        post.setAuthor(user);
+        Mockito.when(userService.findByIdentifier("bob")).thenReturn(Optional.of(user));
+        Mockito.when(subscriptionService.getSubscribedPosts("bob")).thenReturn(java.util.List.of(post));
+        PostMetaDto meta = new PostMetaDto();
+        meta.setId(6L);
+        meta.setTitle("fav");
+        Mockito.when(userMapper.toMetaDto(post)).thenReturn(meta);
+
+        mockMvc.perform(get("/api/users/bob/subscribed-posts"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].title").value("fav"));
+    }
+
     @Test
     void listUserReplies() throws Exception {
         User user = new User();

backend/src/test/java/com/openisle/service/MedalServiceTest.java

@@ -27,7 +27,7 @@ class MedalServiceTest {
 
         List<MedalDto> medals = service.getMedals(null);
         medals.forEach(m -> assertFalse(m.isCompleted()));
-        assertEquals(5, medals.size());
+        assertEquals(6, medals.size());
     }
 
     @Test

backend/src/test/java/com/openisle/service/NotificationServiceTest.java

@@ -11,6 +11,9 @@ import org.mockito.Mockito;
 
 import java.util.List;
 import java.util.Optional;
+import java.util.HashSet;
+import org.springframework.data.domain.PageImpl;
+import org.springframework.data.domain.Pageable;
 
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.Mockito.*;
@@ -62,15 +65,17 @@ class NotificationServiceTest {
         User user = new User();
         user.setId(2L);
         user.setUsername("bob");
+        user.setDisabledNotificationTypes(new HashSet<>());
         when(uRepo.findByUsername("bob")).thenReturn(Optional.of(user));
 
         Notification n = new Notification();
-        when(nRepo.findByUserOrderByCreatedAtDesc(user)).thenReturn(List.of(n));
+        when(nRepo.findByUserOrderByCreatedAtDesc(eq(user), any(Pageable.class)))
+                .thenReturn(new PageImpl<>(List.of(n)));
 
-        List<Notification> list = service.listNotifications("bob", null);
+        List<Notification> list = service.listNotifications("bob", null, 0, 10);
 
         assertEquals(1, list.size());
-        verify(nRepo).findByUserOrderByCreatedAtDesc(user);
+        verify(nRepo).findByUserOrderByCreatedAtDesc(eq(user), any(Pageable.class));
     }
 
     @Test
@@ -87,6 +92,7 @@ class NotificationServiceTest {
         User user = new User();
         user.setId(3L);
         user.setUsername("carl");
+        user.setDisabledNotificationTypes(new HashSet<>());
         when(uRepo.findByUsername("carl")).thenReturn(Optional.of(user));
         when(nRepo.countByUserAndRead(user, false)).thenReturn(5L);
 
@@ -96,6 +102,56 @@ class NotificationServiceTest {
         verify(nRepo).countByUserAndRead(user, false);
     }
 
+    @Test
+    void listNotificationsFiltersDisabledTypes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User user = new User();
+        user.setId(4L);
+        user.setUsername("dana");
+        when(uRepo.findByUsername("dana")).thenReturn(Optional.of(user));
+
+        Notification n = new Notification();
+        when(nRepo.findByUserAndTypeNotInOrderByCreatedAtDesc(eq(user), eq(user.getDisabledNotificationTypes()), any(Pageable.class)))
+                .thenReturn(new PageImpl<>(List.of(n)));
+
+        List<Notification> list = service.listNotifications("dana", null, 0, 10);
+
+        assertEquals(1, list.size());
+        verify(nRepo).findByUserAndTypeNotInOrderByCreatedAtDesc(eq(user), eq(user.getDisabledNotificationTypes()), any(Pageable.class));
+    }
+
+    @Test
+    void countUnreadFiltersDisabledTypes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User user = new User();
+        user.setId(5L);
+        user.setUsername("erin");
+        when(uRepo.findByUsername("erin")).thenReturn(Optional.of(user));
+        when(nRepo.countByUserAndReadAndTypeNotIn(eq(user), eq(false), eq(user.getDisabledNotificationTypes())))
+                .thenReturn(2L);
+
+        long count = service.countUnread("erin");
+
+        assertEquals(2L, count);
+        verify(nRepo).countByUserAndReadAndTypeNotIn(eq(user), eq(false), eq(user.getDisabledNotificationTypes()));
+    }
+
     @Test
     void createRegisterRequestNotificationsDeletesOldOnes() {
         NotificationRepository nRepo = mock(NotificationRepository.class);
@@ -144,6 +200,30 @@ class NotificationServiceTest {
         verify(nRepo).save(any(Notification.class));
     }
 
+    @Test
+    void createPointRedeemNotificationsDeletesOldOnes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User admin = new User();
+        admin.setId(10L);
+        User user = new User();
+        user.setId(20L);
+
+        when(uRepo.findByRole(Role.ADMIN)).thenReturn(List.of(admin));
+
+        service.createPointRedeemNotifications(user, "contact");
+
+        verify(nRepo).deleteByTypeAndFromUser(NotificationType.POINT_REDEEM, user);
+        verify(nRepo).save(any(Notification.class));
+    }
+
     @Test
     void createNotificationSendsEmailForCommentReply() {
         NotificationRepository nRepo = mock(NotificationRepository.class);

backend/src/test/java/com/openisle/service/PostServiceTest.java

@@ -34,11 +34,12 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         Post post = new Post();
@@ -61,6 +62,59 @@ class PostServiceTest {
         verify(postRepo).delete(post);
     }
 
+    @Test
+    void deletePostByAdminNotifiesAuthor() {
+        PostRepository postRepo = mock(PostRepository.class);
+        UserRepository userRepo = mock(UserRepository.class);
+        CategoryRepository catRepo = mock(CategoryRepository.class);
+        TagRepository tagRepo = mock(TagRepository.class);
+        LotteryPostRepository lotteryRepo = mock(LotteryPostRepository.class);
+        NotificationService notifService = mock(NotificationService.class);
+        SubscriptionService subService = mock(SubscriptionService.class);
+        CommentService commentService = mock(CommentService.class);
+        CommentRepository commentRepo = mock(CommentRepository.class);
+        ReactionRepository reactionRepo = mock(ReactionRepository.class);
+        PostSubscriptionRepository subRepo = mock(PostSubscriptionRepository.class);
+        NotificationRepository notificationRepo = mock(NotificationRepository.class);
+        PostReadService postReadService = mock(PostReadService.class);
+        ImageUploader imageUploader = mock(ImageUploader.class);
+        TaskScheduler taskScheduler = mock(TaskScheduler.class);
+        EmailSender emailSender = mock(EmailSender.class);
+        ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
+
+        PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
+                notifService, subService, commentService, commentRepo,
+                reactionRepo, subRepo, notificationRepo, postReadService,
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
+        when(context.getBean(PostService.class)).thenReturn(service);
+
+        Post post = new Post();
+        post.setId(1L);
+        post.setTitle("T");
+        post.setContent("");
+        User author = new User();
+        author.setId(2L);
+        author.setRole(Role.USER);
+        post.setAuthor(author);
+
+        User admin = new User();
+        admin.setId(1L);
+        admin.setRole(Role.ADMIN);
+
+        when(postRepo.findById(1L)).thenReturn(Optional.of(post));
+        when(userRepo.findByUsername("admin")).thenReturn(Optional.of(admin));
+        when(commentRepo.findByPostAndParentIsNullOrderByCreatedAtAsc(post)).thenReturn(List.of());
+        when(reactionRepo.findByPost(post)).thenReturn(List.of());
+        when(subRepo.findByPost(post)).thenReturn(List.of());
+        when(notificationRepo.findByPost(post)).thenReturn(List.of());
+
+        service.deletePost(1L, "admin");
+
+        verify(notifService).createNotification(eq(author), eq(NotificationType.POST_DELETED), isNull(),
+                isNull(), isNull(), eq(admin), isNull(), eq("T"));
+    }
+
     @Test
     void createPostRespectsRateLimit() {
         PostRepository postRepo = mock(PostRepository.class);
@@ -80,18 +134,19 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         when(postRepo.countByAuthorAfter(eq("alice"), any())).thenReturn(1L);
 
         assertThrows(RateLimitException.class,
                 () -> service.createPost("alice", 1L, "t", "c", List.of(1L),
-                        null, null, null, null, null, null));
+                        null, null, null, null, null, null, null));
     }
 
     @Test
@@ -113,11 +168,12 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         User author = new User();

backend/src/test/java/com/openisle/service/ReactionServiceTest.java

@@ -15,9 +15,10 @@ class ReactionServiceTest {
         UserRepository userRepo = mock(UserRepository.class);
         PostRepository postRepo = mock(PostRepository.class);
         CommentRepository commentRepo = mock(CommentRepository.class);
+        MessageRepository messageRepo = mock(MessageRepository.class);
         NotificationService notif = mock(NotificationService.class);
         EmailSender email = mock(EmailSender.class);
-        ReactionService service = new ReactionService(reactionRepo, userRepo, postRepo, commentRepo, notif, email);
+        ReactionService service = new ReactionService(reactionRepo, userRepo, postRepo, commentRepo, messageRepo, notif, email);
         org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
 
         User user = new User();